OpenSSL Gets Updated

OPENSSL, the web security layer at the center of the Heartbleed vulnerability, has been issued with a further nine critical patches.

While none are as serious as Heartbleed, patching is recommended for all users according to an advisory released today. The vulnerabilities stem from various security research teams around the web including Google, Logmein and Codenomicom, based on their reports during June and July of this year.

Among the more interesting fixes involves a flaw in the ClientHello message process. If a ClientHello message is badly fragmented, it is vulnerable to a man-in-the-middle attack which could be used to force the server to downgrade itself to the TLS 1.0 protocol, a fifteen year old and therefore pre-Heartbleed patch variant.

Other reports include memory leaks caused by denial of service attacks (DoS) and conversely, crashes caused by an attempt to free up the same portions of memory twice.

OpenSSL now has two full time coders as a result of investment by a consortium of Internet industry companies to form the Core Infrastructure Initiative, a not-for-profit group administered by the Linux Foundation. The Initiative was set up in the wake of Heartbleed, as the industry vowed to ensure such a large hole would never be left unplugged again.

While OpenSSL is used by a large number of encrypted sites, there are a number of forks of the project including LibreSSL and the recently launched Google BoringSSL.

Google recently announced that it would be lowering the page rankings of unencrypted pages in its search results as an added security measure.

Source

FCC Mandates Text-To-911

The U.S. Federal Communications Commission voted last week to require U.S. mobile carriers and many text-messaging apps to support functionality that allows texting emergency dispatch centers, even after questions about whether the centers will be ready by the deadline.

The commission’s vote requires U.S. mobile carriers and some texting apps to put emergency text-to-911 functionality in place by the end of the year.

Even though the nation’s four largest mobile carriers have all added text-to-911 functionality this year, less than 2 percent of the nation’s 6,800 emergency dispatch centers are ready to receive texts, said Commissioner Ajit Pai. The commission’s action will give smartphone users the impression they can send text to emergency responders, when many will not be able to, he said.

The FCC’s action “encourages the public to dive into text-to-911 functionality, when in reality, there’s hardly any water in the pool,” Pai said. “The order is sure to result in massive consumer confusion, and therefore will endanger, rather than advance, public safety.”

FCC Chairman Tom Wheeler applauded the largest mobile carriers — Verizon Wireless, AT&T, Sprint and T-Mobile USA — for adding text-to-911 functionality. The agency needs to push other carriers and emergency dispatch centers, called public-safety answering points or PSAPs, to do the same, he added.

“A lot of time of has passed since [the four largest] carriers stepped up and did something voluntarily, and the other carriers serving the consumers of America did not,” he said. “If you don’t step up to your responsibility, we will.”

Smartphone users should still call 911 if possible, but text-to-911 services need to be more widely available, Wheeler said.

The adoption of text-to-911 will let smartphone users contact police and other emergency responders when it’s not safe to talk on the phone, Wheeler said. It will also aid people with hearing or speech disabilities, he noted.

“Texting is now as important a function on a mobile device as talking,” Wheeler said. “Some of those text messages are cries for help.”

Source

HP Increases SlateBook Pricing

Hewlett-Packard’s SlateBook 14 laptop with Google’s Android OS has started shipping on schedule, but it’s priced at $429, which is $30 more than the company had said it would cost.

The laptop, which has a 14-inch screen and Android 4.3, was announced in June. At the time, HP said it would be priced at $399.

It is available on HP’s website.

The SlateBook 14 was introduced after customers told HP they wanted laptops with Android. The laptop has an interface similar to that on Android tablets and can adjust mobile apps to run on the larger touchscreen. Users will also be able to sync laptop data with mobile devices and vice versa.

The laptop is also for those who rely on the Web for most of their computing, much like Chromebooks. It has a few advantages over Chromebooks, with support for key Android apps such as Skype. Android also boasts better wireless printing support than Chromebooks.

The laptop weighs 1.68 kilograms and offers nine hours of battery life, according to specifications on HP’s website.

It has a quad-core Tegra 4 processor, 2GB of DRAM and 16GB of storage. Connectivity features include 802.11b/g/n Wi-Fi and Bluetooth 4.0. It also has a webcam, USB 3.0 port and a micro-SD slot for expandable storage.

It could be a strong multimedia laptop with a 1920 x 1080 pixel screen and an integrated graphics processor that can handle 4K video. TVs can be connected to the laptop through an HDMI port.

Source

Chrome Climbs To Second

Google’s Chrome browser in July broke the 20% user share bar for the first time, according to recently published statistics by Web measurement vendor Net Applications.

But because the browser war is a zero-sum game, when Chrome won others had to lose. The biggest loser, as has been the case for the last year: Mozilla’s Firefox, which came dangerously close to another milestone, but on the way down.

Firefox accounted for 15.1% of the desktop and laptop personal computer browsers used in July, a low point not seen by the open-source application since October 2007, a year before Chrome debuted and when Microsoft’s Internet Explorer (IE) was only on version 7.

Chrome had flirted with the 20% mark before. More than two years ago, Chrome’s user share — a Net Applications’ measurement of the unique visitors running each browser — had come close: 19.6%. But Chrome then took a prolonged dip that only began reversing last fall.

Chrome’s July user share of 20.4% put the browser solidly in second place, but still far behind IE in Net Applications’ tallies. IE’s share last month was 58%, down slightly from the month before.

Firefox also lost user share in July, dropping half a percentage point to 15.1%. It was the ninth straight month that the desktop browser lost share. In the past three months alone, Firefox has fallen nearly two points.

The timing of the decline has been terrible, as Mozilla’s current contract with Google ends in November. That deal, which assigned Google’s search engine as the default for most Firefox customers, has generated the bulk of Mozilla’s revenue. In 2012, for example, the last year for which financial data was available, Google paid Mozilla an estimated $272 million, or 88% of all Mozilla income.

Going into this year’s contract renewal talks, Mozilla will be bargaining from a much weaker position, down 34% in total user share since July 2011.

Apple’s Safari remained in a distant fourth place behind Firefox, with a user share of 5.2%, down four-tenths of a percentage point in the last month. Meanwhile, Opera Software’s Opera browser brought up the rear with a small 1% user share.

Source

Can Lenovo Succeed With Tablets?

Lenovo on Friday said it would continue selling sub-10-in. Windows tablets in the U.S., backing away from statements it made the day before, when it said it was pulling the ThinkPad 8 from the North American market and had discontinued offering a model of the Miix 2.

“We will continue to bring new Windows devices to market across different screen sizes, including a new 8-inch tablet and 10-inch tablet coming this holiday,” Lenovo said in a press release published on its website Friday.

“Our model mix changes as per customer demand, and although we are no longer selling ThinkPad 8 in the U.S., and we have sold out of Miix 8-inch, we are not getting out of the small-screen Windows tablet business as was reported by the media (emphasis in original),” the statement continued.

On Thursday, the IDG News Service — like Computerworld, owned and operated by IDG – reported the withdrawal of the ThinkPad 8 and the 8-in. Miix from the U.S. market. The ThinkPad 8 had debuted in January at prices starting at $449, and the similarly-sized Miix had launched in October 2013.

Lenovo told IDG News that it was diverting remaining stocks of the ThinkPad 8 to other countries, including Brazil, China, and Japan, where demand was stronger for smaller Windows 8.1-powered tablets.

The China-based company, which has made impressive gains in the global market — it was the world’s largest personal computer seller during the second quarter, ahead of Hewlett-Packard and Dell, according to IDC — did not say exactly when it would return with an 8-in. device. If it begins selling the unnamed device in October, typical of OEMs that seed the channel then for the holiday sales season, it will have been absent from the market for two or more months.

Source

Dell Goes Bitcoin

Want to purchase a laptop with bitcoins? Dell is now accepting the digital currency as a form of payment.

Consumer and business shoppers can pay for products directly via bitcoins or through Coinbase, a third-party payment processing company, Dell said.

Buyers can pay for products through Bitcoin wallets or by scanning a QR code with a smartphone.

The volatile Bitcoin has had its share of controversies and exchange shutdowns as the currency matures. Companies like Overstock.com, Newegg, Expedia and some Amazon storefronts accept Bitcoin as a form of payment. But major retailers like Walmart and eBay have not warmed up to the idea. The value of one bitcoin was around $630 as of Friday, according to multiple cryptocurrency website.

There are some advantages to paying via Bitcoin. The form of currency is accepted around the world, and for Dell, the payment-processing cost is less than with credit cards.

But the form of payment has its quirks.

“Due to the nature of the Bitcoin network, once you initiate a Bitcoin transaction you cannot change or cancel it,” Dell said on a terms and conditions page.

Customers could seek refunds in the case of canceled transactions or product returns.

“For a qualifying return of product paid for in Bitcoin, any refund due will be remitted to the purchaser via check in U.S. Dollars for the full amount of the purchase price paid at the time of the original transaction, less any applicable restocking fees,” Dell said.

Source

Insurers Eyeing Cyber Coverage

Insurers are eagerly monitoring exponential growth in the tiny cyber coverage market but their lack of experience and skills handling hackers and data breaches may keep their ambitions in check.

High profile cases of hackers seizing sensitive customer data from companies, such as U.S. retailer Target Corp or e-commerce company eBay Inc, have executives checking their insurance policies.

Increasingly, corporate risk managers are seeing insurance against cyber crime as necessary budget spending rather than just nice to have.

The insurance broking arm of Marsh & McLennan Companies estimates the U.S cyber insurance market was worth $1 billion last year in gross written premiums and could reach as much as $2 billion this year. The European market is currently a fraction of that, at around $150 million, but is growing by 50 to 100 percent annually, according to Marsh.

Those numbers represent a sliver of the overall insurance market, which is growing at a far more sluggish rate. Premiums are set to grow only 2.8 percent this year in inflation-adjusted terms, according to Munich Re, the world’s biggest reinsurer.

The European cyber coverage market could get a big boost from draft EU data protection rules in the works that would force companies to disclose breaches of customer data to them.

“Companies have become aware that the risk of being hacked is unavoidable,” said Andreas Schlayer, responsible for cyber risk insurance at Munich Re. “People are now more aware that hackers can attack and do great damage to central infrastructure, for example in the energy sector.”

Insurers, which have more experience handling risks like hurricanes and fires, are now rushing to gain expertise in cyber technology.

“It is a difficult risk to price by traditional insurance methods as there currently is not statistically significant actuarial data available,” said Robert Parisi, head of cyber products at insurance brokers Marsh.

Andrew Braunbergon, research director at U.S. cybersecurity advisory company NSS Labs, said that some energy companies have trouble persuading insurers to provide them with cyber coverage as the industry is vulnerable to hacking attacks that could trigger disasters like an explosion in a worst-case scenario.

Pricing on policies for retailers has climbed in the wake of recent high-profile breaches at Target, Neiman Marcus, and other merchants, he added.

Source

Can Intel Go Wireless?

Intel wants to lead the drive into a less wired world by pushing standards, drive down the cost, and make these technologies ubiquitous.

At Computex, Intel demonstrated WiGig wireless docking and simultaneous wireless charging of a laptop, smartphone, headset and tablet with a pad placed under a tabletop. The company said that it would deliver reference designs for systems that use the technology in 2016 as part of a future Core processor family known as Skylake.

WiGig trades range for speed and operates in the 60GHz spectrum, compared with 2.4- and 5.0GHz for WiFi. It can transfer data at speeds of up to 7Gbps, compared to a maximum speed of a little more than 1Gbps for 802.11ac.

WiGig can be used to stream video from a mobile device to a TV or monitor, replacing HDMI and DisplayPort cables, but is being seen as a way of carrying out networking and wireless docking. It means that you can put your laptop on your desk and it automatically connects with your monitor, keyboard and mouse, printer and other peripherals without cables.

Intel plans to make its own WiGig chips. The outfit said it will have silicon for both transmitters and receivers in production by the end of this year, and available in products in the first half of 2015. Intel also wants to push Rezence for wireless charging.

Chipzilla has added that it will contribute some of its own IP to expand the standard to support wireless charging of laptops (which requires at least 20 watts) and that Rezence will be part of a Skylake reference design by 2016. This means that the world could be wirelessly networked soon after that.

Source

Is Malware Wreaking Havoc On XP?

One of the top three malware programs affecting businesses in the second quarter is a worm that takes advantage of the large number of companies still using Windows XP, Trend Micro has warned.

The worm, dubbed DOWNAD, also known as Conficker, can infect an entire network via a malicious URL, spam email, or removable drive. Windows XP is particularly susceptible to this threat because it is known to exploit the MS08-067 Server service vulnerability in order to execute arbitrary code.

DOWNAD also has its own domain generation algorithm (DGA) that allows it to create randomly-generated URLs. It then connects to these created URLs to download files to the system. Trend Micro said that around 175 IP addresses are found to be related to the DOWNAD worm and that these IP addresses use various ports and are randomly generated via the DGA capability of DOWNAD.

“During our monitoring of the spam landscape, we observed that in Q2, more than 40 percent of malware related spam mails are delivered by machines infected by DOWNAD worm,” said Trend Micro anti-spam research engineer Maria Manly in a blog post.

“A number of machines are still infected by this threat and leveraged to send the spammed messages to further increase the number of infected systems. And with Microsoft ending the support for Windows XP this year, we can expect that systems with this OS can be infected by threats like DOWNAD.”

The security company warned that spam campaigns delivering FAREIT, MYTOB, and LOVGATE payloads in email attachments are attributed to DOWNAD infected machines. FAREIT is a malware family of information stealers that download variants of the Zeus Trojan, while MYTOB is an old family of worms known for sending a copy of itself in spam attachments.

The other top sources of spam with malware are the CUTWAIL botnet, together with Gameover ZeuS (GoZ). Manly said CUTWAIL was actually previously used to download GoZ malware but now a malware called UPATRE employs GoZ malware or variants of ZBOT which have peer-to-peer functionality.

“In the last few weeks we have reported various spam runs that abused Dropbox links to host malware like UPATRE,” Manly said. “We also spotted a spammed message in the guise of voice mail that contains a Cryptolocker variant. The latest we have seen is a spam campaign with links that leveraged CUBBY, a file storage service, this time carrying a banking malware detected as TSPY_BANKER.WSTA.”

According to Manly, cybercriminals and threat actors are probably abusing file storage platforms to mask their malicious activities and go undetected in the system and network.

“As spam with malware attachment continues to proliferate, so is spam with links carrying malicious files. The continuous abuse of file hosting services to spread malware appears to have become a favoured infection vector of cyber criminals most likely because this makes it more effective given that the URLs are legitimate thereby increasing the chance of bypassing anti-spam filters,” she added.

Source

Salesforce Goes Healthcare

Salesforce Inc, one of the first cloud-computing companies, is turning its focus towards healthcare with new software and services aimed at the largest hospitals.

Salesforce has announced a strategic alliance with Amsterdam-based medical technology company Philips, which it envisions as the first of many partnerships. These companies will announce two new medical applications later in the summer, called Philips eCareCoordinator and Philips eCare Companion.

The software is designed to improve health and cut costs. The apps are intended to be used by physicians to monitor chronically ill patients between doctor visits.

Salesforce said the goal is to make it easier for hospitals to collect and analyze data from medical devices, which patients with chronic conditions often use at home.

“In the United States, care providers are facing increasing demands and decreasing reimbursement,” said Michael Peachey, a senior director of solutions and product marketing at Salesforce.

“We want to improve efficiency for physicians by transmitting patient data in real time.”

Peachey said the Salesforce software meets security and privacy rules under the Health Insurance Portability and Accountability Act, known as HIPAA.

In the short term, Peachey said Salesforce intends to develop additional apps with other partners to help doctors and nurses monitor patients from the comfort of their homes.

“It’s an open platform,” he said.

Source

« Previous Page — Next Page »