Sign up for our Technology Newsletter 
U.S. Cloud Vendors Hurt By NSA
Edward Snowden’s public unveiling of the National Security Agency’s Prism surveillance program could cause U.S. providers of cloud-based services to lose 10% to 20% of the foreign market — a slice of business valued at up to $35 billion.
A new report from the Information Technology & Innovation Foundation (ITIF) concludes that European cloud computing companies, in particular, might successfully exploit users’ fears about the secret data collection program to challenge U.S. leadership in the hosted services business.
Daniel Castro, author of the report, acknowledges that the conclusions are based, so far, on thin data, but nonetheless argues that the risks to U.S. cloud vendors are real.
Indeed, a month prior, the Cloud Security Alliance reported that in a survey of 207 officials of non-U.S. companies, 10% of the respondents said that they had canceled contracts with U.S. service providers after Snowden’s leak of NSA Prism documents earlier this year.
“If U.S. companies lose market share in the short term, it will have long-term implications on their competitive advantage in this new industry,” said Castro in the ITIF report. “Rival countries have noted this opportunity and will try to exploit it.”
To counter such efforts, the U.S. must challenge overstated claims about the program by foreign companies and governments, said Jason Weinstein, a partner in the Washington office of law firm Steptoe & Johnson and a former federal prosecutor and deputy assistant attorney general specializing in computer crime.
“There are a lot of reasons to be concerned about just how significant those consequences will be,” Weinstein said. “The effort by European governments and European cloud providers to cloud the truth about data protection in the U.S. was going on well before anyone knew who Edward Snowden was. It just picked up new momentum once the Prism disclosures came out.”
Weinstein contends that European countries have fewer data protection rules than the U.S.
For example, he said that in the U.K. and France, a wiretap to get content can be issued by a government official without court authority, but that can’t happen in the U.S.
“U.S. providers have done nothing other than comply with their legal obligations,” he said. But because of Snowden’s leaks, “they are facing potentially significant economic consequences.”
Gartner analyst Ed Anderson said his firm has yet to see any revenue impact on cloud providers since the Prism disclosures, but added, “I don’t think Prism does U.S. providers any favors, that’s for sure.”
Nonetheless, Anderson added, “I think the reality is [the controversy] is likely to die down over time, and we expect adoption to probably continue on the path that it has been on.”
One reason why U.S. providers may not suffer is because “the alternatives aren’t great if you are a European company looking for a cloud service,” he said.
FTC Warns Google And FB
August 30, 2013 by admin
Filed under Around The Net
Comments Off on FTC Warns Google And FB
The Federal Trade Commission (FTC) has promised that her organisation will come down hard on companies that do not meet requirements for handling personal data.
FTC Chairwoman Edith Ramirez gave a keynote speech at the Technology Policy Institute at the Aspen Forum. She said that the FTC has a responsibility to protect consumers and prevent them from falling victim to unfair commercial practices.
“In the FTC’s actions against Google, Facebook, Myspace and others, we alleged that each of these companies deceived consumers by breaching commitments to keep their data confidential. That isn’t okay, and it is the FTC’s responsibility to make sure that companies live up to their commitments,” she said.
“All told, the FTC has brought over 40 data security cases under our unfairness and deception authority, many against very large data companies, including Lexisnexis, Choicepoint and Twitter, for failing to provide reasonable security safeguards.”
Ramirez spoke about the importance of consumer privacy, saying that there is too much “shrouding” of what happens in that area. She said that under her leadership the FTC will not be afraid of suing companies when it sees fit.
“A recurring theme I have emphasized – and one that runs through the agency’s privacy work – is the need to move commercial data practices into the sunlight. For too long, the way personal information is collected and used has been at best an enigma enshrouded in considerable smog. We need to clear the air,” she said.
Ramirez compared the work of the FTC to the work carried out by lifeguards, saying that it too has to be vigilant.
“Lifeguards have to be mindful not just of the people swimming, surfing, and playing in the sand. They also have to be alert to approaching storms, tidal patterns, and shifts in the ocean’s current. With consumer privacy, the FTC is doing just that – we are alert to the risks but confident that those risks can be managed,” she added.
“The FTC recognizes that the effective use of big data has the potential to unleash a new wave of productivity and growth. Like the lifeguard at the beach, though, the FTC will remain vigilant to ensure that while innovation pushes forward, consumer privacy is not engulfed by that wave.”
It’s all just lip service, of course. Companies might be nominally bound by US privacy laws in online commerce, and that might be overseen by the FTC, but the US National Security Agency (NSA) collects all internet traffic anyway, and makes data available to other US government agencies and even some private companies.
Google Snubs Privacy
August 29, 2013 by admin
Filed under Around The Net
Comments Off on Google Snubs Privacy
Search giant Google has told the British government it is immune to prosecution on privacy issues and it can do what it like. The US Company is accused of illegally snooping on its British customers by bypassing privacy settings on Apple devices, such as iPads, to track their browsing history.
A group of British people took Google to court but the search engine is trying to get the case thrown out. Its argument is that it is not subject to British privacy law because it is based in California. This is the second time that Google has tried to avoid British law by pretending to operate in another country. It has come under fire for failing to pay tax in the UK
Nick Pickles, director of Big Brother Watch, said: ‘It is deeply worrying for a company with millions of British users to be brazenly saying they do not regard themselves bound by UK law. Solicitor Dan Tench, of law firm Olswang, said this was another instance of Google being here when it suits them and not being here when it doesn’t. Ironically when the US ordered Google to stop what it was doing, it forced the search engine to pay a $22.5million to regulators.
There are some indications that Google may not get its way. In July the Information Commissioner’s Office told Google its privacy rules breached UK law so it will be very hard for it to stand up in court and say it didn’t.
Oracle Issues Massive Security Update
Oracle has issued its critical patch update advisory for July, plugging a total of 89 security holes across its product portfolio.
The fixes focus mainly on remotely exploitable vulnerabilities in four widely used products, with 27 fixes issued for the Oracle Database, Fusion Middleware, the Oracle and Sun Systems Product Suite and the MySQL database.
Out of the 89 security fixes included with this update, the firm said six are for Oracle Database, with one of the vulnerabilities being remotely exploitable without authentication.
Oracle revealed that the highest CVSS Base Score for these database vulnerabilities is 9.0, a score related to vulnerability CVE-2013-3751, which affects the XML Parser on Oracle Database 11.2.0.2 and 11.2.0.3.
A further 21 patched vulnerabilities listed in Oracle’s Critical Patch Update are for Oracle Fusion Middleware; 16 of these vulnerabilities are remotely exploitable without authentication, with the highest CVSS Base Score being 7.5.
As for the Oracle and Sun Systems Products Suite, these products received a total of 16 security fixes, eight of which were also remotely exploitable without authentication, with a maximum CVSS Base Score of 7.8.
“As usual, Oracle recommends that customers apply this Critical Patch Update as soon as possible,” Oracle’s director of Oracle Software Security Assurance Eric Maurice wrote in a blog post.
Craig Young, a security researcher at Tripwire commented on the Oracle patch, saying the “drumbeat of critical patches” is more than alarming because the vulnerabilities are frequently reported by third parties who presumably do not have access to full source code.
“It’s also noteworthy that […] every Oracle CPU release this year has plugged dozens of vulnerabilities,” he added. “By my count, Oracle has already acknowledged and fixed 343 security issues in 2013. In case there was any doubt, this should be a big red flag to end users that Oracle’s security practices are simply not working.”
Oracle Changing Berkeley
Oracle has changed the license of its embedded database library, Berkeley DB. The software is widely used as a key-value store within other applications and historically used an OSI-approved strong copyleft license which was similar to the GPL.
Under that license, distributing software that embedded Berkeley DB involved also providing “information on how to obtain complete source code for the DB software and any accompanying software that uses the DB software.”
Now future versions of Berkeley DB use the GNU Affero General Public License (AGPL). This says “your modified version must prominently offer all users interacting with it remotely through a computer network … an opportunity to receive the Corresponding Source of your version.”
This will cause some problems for Web developers using Berkeley DB for local storage. Compliance has not really been an issue because they never “redistributed” the source of their Web apps.Now they will have to make sure their whole Web app is compliant with the AGPL and make full corresponding source to their Web application available.
They also need to ensure the full app has compatible licensing. Practically that means that the whole source code has to be licensed under the GPLv3 or the AGPL.
Will Oracle Retire MySQL?
The founder of MySQL Michael Widenius “Monty” claims that Oracle is killing off his MySQL database and he is recommending that people move to his new project MariaDB. In an interview with Muktware Widenius said his MariaDB, which is also open source, its on track to replacing MySQL at WikiMedia and other major organizations and companies.
He said MySQL was widely popular long before MySQL was bought by Sun because it was free and had good support. There was a rule that anyone should get MySQL up and running in 15 minutes. Widenius was concerned about MySQL’s sale to Oracle and has been watching as the popularity of MySQL has been declining. He said that Oracle was making a number of mistakes. Firstly new ‘enterprise’ extensions in MySQL were closed source, the bugs database is not public, and the MySQL public repositories are not anymore actively updated.
Widenius said that security problems were not communicated nor addressed quickly and instead of fixing bugs, Oracle is removing features. It is not all bad. Some of the new code is surprisingly good by Oracle, but unfortunately the quality varies and a notable part needs to be rewritten before we can include it in things like MariaDB. Widenius said that it’s impossible for the community to work with the MySQL developers at Oracle as it doesn’t accept patches, does not have a public roadmap and there was no way to discuss with MySQL developers how to implement things or how the current code works.
Basically Oracle has made the project less open and the beast has tanked, while at the same time more open versions of the code, such as MariaDB are rising in popularity.
Intel Partners With WMware
Intel has teamed up with Microsoft’s rival VMware to deliver a platform for “trusted cloud.”
The technology will mix Intel’s Trusted Execution Technology (TXT) and VMware’s vSphere 5.1, platform for building cloud infrastructures. Intel said its hardware-enhanced security capabilities integrated directly into the processor combined with vSphere 5.1 would provide a hardened and high-integrity platform to run business-critical applications in private and public cloud environments.
Intel thinks that the biggest barrier to cloud adoption is the fact that companies are worried about security. Jason Waxman, general manager of Intel’s Cloud Infrastructure Group, in a statement that Intel TXT provides hardware enforcement to help overcome some of the most challenging aspects of cloud security, including detection and prevention of bios attacks and evolving forms of stealthy malware, such as rootkits.
Dell’s Cloud Plans Falls Behind Schedule
Comments Off on Dell’s Cloud Plans Falls Behind Schedule
Dell announced an aggressive schedule last year to roll out cloud-based application services, but it appears that the schedule was a little too aggressive.
Dell said last August that it planned to launch an online analytics service in the first half of this year for small and midsized businesses, but that service isn’t due now until early next year, a Dell executive said.
“Like a lot of development projects, it can take a bit longer than you think,” Paulette Altmaier, general manager of Dell’s Cloud Business Applications group, said in an interview Thursday.
Dell also said it would launch a platform-as-a-service offering this year based on Microsoft’s Azure platform. On Friday, a Dell spokeswoman said the company no longer has a delivery date for that service.
The delays are a setback for Dell, which is trying to reduce its dependence on PCs and build more profitable businesses in services and software. But a lot of companies are moving slowly to the cloud, so the hold-up isn’t a disaster, said Peter Ffoulkes, an industry analyst with 451 Research Group.
“The move to the cloud is not a fast journey and for most people it is still largely a future. I would not expect a quarter or two to make a big difference in practical terms,” he said.
Dell has also made a string of software acquisitions in the past year that might be causing it to rethink its software-as-a-service strategy. It updated press and analysts on its software plans Thursday.
When it does arrive, the analytics service will offer “cross-app” analytics, meaning customers will be able to import data from one or more applications to a data warehouse that Dell will host for them online, and then perform analysis on that data.
RIM Heads To The Cloud
August 31, 2011 by admin
Filed under Smartphones
Comments Off on RIM Heads To The Cloud
Canada’s Research In Motion (RIM) will take the wraps off of a new cloud-based social music sharing service called BBM Music, as companies begin to bet on entertainment delivered over the Internet that incorporates social networking features.
Research in Motion, the maker of BlackBerry phones, said select music from Universal Music Group, Sony Music Entertainment, Warner Music and EMI would be available for the users.
A closed beta trial of the BBM Music service is starting on today in Canada, the United States and the UK, the company stated.
The music service is expected to be commercially available to customers later this year for a monthly subscription of $4.99 in a number of countries, it said.
Poor Get Online With Cloud Phone
August 10, 2011 by admin
Filed under Smartphones
Comments Off on Poor Get Online With Cloud Phone
Start up firm Movirtu has made plans to help 3 million or more people in poor countries use mobile services by giving them personal phone numbers, not phones.
Working with a U.N.-affiliated initiative called Business Call to Action (BCtA), Movirtu will offer the numbers, which it calls mobile identities, through commercial carriers in developing countries in Africa and South Asia. People in those countries who typically borrow phones from others will be able to log into the carrier’s network and use their own prepaid minutes and bits of data. The service is called Cloud Phone, though it operates within a carrier’s own infrastructure rather than on the Internet as a classic cloud service would.
Having a personal mobile identity can save users money in two ways, according to Ramona Liberoff, executive vice president of marketing, strategy and planning at Movirtu. First, they can use mobile services without buying a phone, which is a luxury even at US$15 or $20 for people making $1 or $2 per day. Second, the cost of prepaid service from a carrier typically is less than what consumers in those countries pay someone to borrow a phone, she said.
Though it’s customary in many of these countries to lend a phone to someone in need, the borrower is also expected to pay the lender for the usage. The average savings from using regular prepaid service instead is estimated at about $60 per year, Liberoff said.
The service will help people to use mobile banking, insurance and farming assistance services as well as make phone calls, Liberoff said.
Some of these services currently can only be delivered to individuals and not to someone sharing a phone. Personal mobile identities could be a boon to NGOs (non-governmental organizations) that want to use mobile technology. “In many cases, there are great NGO programs that can’t reach 80 percent of their base,” because those people don’t have their own phones, Liberoff said.