Hackers Going After Traffic Signs

After hackers played several high-profile pranks with traffic signs, including warning San Francisco drivers of a Godzilla attack, the U.S. government advised operators of electronic highway signs to take “defensive measures” to better secure their property.

Last month, signs on San Francisco’s Van Ness Ave were photographed flashing “Godzilla Attack! Turn Back” and highway signs across North Carolina were tampered with last week to read “Hack by Sun Hacker.”

The Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team, or ICS-CERT, this week advised cities, highway operators and other customers of digital-sign maker Daktronics Inc to take “defensive measures” to minimize the possibility of similar attacks.

It said that information had been posted on the Internet advising hackers how to access those systems using default passwords coded into the company’s software. “ICS-CERT recommends entities review sign messaging, update access credentials and harden communication paths to the signs,” the agency said in an alert posted on Thursday.

Jody Huntimer, a representative for Daktronics, declined to say if the recent attacks involved the bug reported by ICS-CERT.

“We are working with the ICS-CERT team to clarify the current alert and will release a statement once we have assessed the situation and developed customer recommendations,” Huntimer said via email.

Krebs on Security, a widely read security blog, posted a confidential report from the Center for Internet Strategy, or CIS, which was sent to state security officials. It warned that the pranks created a public safety risk because drivers often slow or stop to view the signs and take pictures.

CIS also predicated that amateur hackers might attempt to hack into other systems in the coming weeks following the May 27 release of “Watch Dogs,” a video game from Ubisoft focused on hacking critical infrastructure.

Source

Blackberry Goes Infotainment

Blackberry’s QNX Software Systems has announced a partnership that will allow its infotainment system to be placed in car’s digital instrument clusters.

The technology will allow drivers to see their music lists and album art, turn-by-turn navigation directions and local news in between instruments such as the speedometer and tachometer.

BlackBerry announced its collaboration with Rightware, a maker of automotiveuser interface design tools, at the Telematics Detroit show here. The collaboration combines the QNX Neutrino operating system and the Rightware Kanzi user interface.

QNX demonstrated the instrument cluster in a Mercedes-Benz concept car. The system also uses MirrorLink, an industry standard for the integration ofsmartphones into infotainment systems. The system is able to mirror Android-based smartphones to both the infotainment center on the console and the instrument cluster display.

With the MirrorLink connection, the instrument cluster can display realtime information, such as local speed limits, turn-by-turn directions, traffic reports and incoming phone calls. Because the cluster is fully digital, it can dynamically change views, highlighting the most important information and using advanced visualizations to help the driver process information more quickly.

“QNX Software Systems and Rightware have already worked together on successful production programs, including the exciting new Audi virtual cockpit,” said Peter McCarthy, director of global alliances for QNX.

With the Kanzi software, developers can create UIs with photorealistic, real-time 2D and 3D graphics. The QNX OS enables the Kanzi UI to access vehicle data and services, including navigation, multimedia, speed, RPM, and car diagnostics. It essentially provides an abstraction layer based on QNX’s persistent publish/subscribe (PPS) technology.

Source

Cheaper Windows Phones Forthcoming

Lower priced smartphones running Microsoft’s Windows Phone operating system are on the way, according to Microsoft.

Speaking at the Computex trade show in Taipei, Microsoft’s Nick Parker, who handles the company’s partnerships with device makers, said the new handsets could be out by the end of the year.

Compared to current models, which are in the “fours, fives and sixes,” he said referring to prices between $400 and $699, the new phones would have price points in the “ones, twos and threes.”

Asked to clarify if he was referring to end-market prices without carrier subsidies, Parker said he was.

He didn’t identify the manufacturers that would be bringing the phones to market, but there’s a good chance they are among nine companies Microsoft signed up to its Windows Phone development program earlier this year.

In addition to existing partners Nokia, Samsung, HTC and Huawei, Microsoft added Foxconn, Gionee, Lava (Xolo), Lenovo, LG, Longcheer, JSR, Karbonn and ZTE.

Some of the new partners have significant market share in developing countries where phones generally have lower prices than in developed markets.

Microsoft launched the latest version of its Windows Phone operating system, Windows Phone 8, in late 2012 to critical praise. The operating system was slow to catch on with consumers though, perhaps due to the absence of several popular apps on the platform, but has been slowly increasing its market share.

Windows Phone had a 3 percent share of the smartphone market in the fourth quarter of 2013, up from 2.6 percent in the last three months of 2012, according to IDC. In contrast, Google’s Android dominated the smartphone market at the end of 2013 with a 78.1 percent share. Apple’s iOS was in second place at 17.6 percent.

IDC forecasts Windows Phone will continue to increase its market share to hit 7 percent in 2018.

Source

Is The Internet Secure?

Hacker blogger Quinn Norton is getting a lot of coverage with her blog claiming that the Internet is broken. She argues that every computer and every piece of software we use is vulnerable to hackers because of terrible security flaws. Norton blames these flaws on the fact that developers who face immense pressure to ship software quickly.

Norton says that those bugs may have been there for years unnoticed, leaving systems susceptible to attacks. One of her hacker mates accidentally took control of more than 50,000 computers in four hours after finding a security vulnerability. Another one of her colleagues accidentally shut down a factory for a day after sending a “malformed ping.”

She said that the NSA wasn’t, and isn’t, the great predator of the internet, it’s just the biggest scavenger around. It isn’t doing so well because they are all powerful math wizards of doom. The other problem is software is too complicated and the emphasis placed on security too light.

“The number of people whose job it is to make software secure can practically fit in a large bar, and I’ve watched them drink. It’s not comforting. It isn’t a matter of if you get owned, only a matter of when,” Norton said.

Source

Is A Shield Tablet Forthcoming?

We got some fresh information about Nvidia’s Tegra plans. The company is working on a new tablet based on the Tegra K1 processor. This is nothing new and could be easily predicted, but this time we have confirmation that the project is known as Shield tablet.

Alongside the Tegra K1, or TK1 as Nvidia refers to this chip internally, you can bet that there is 5GHz WiFi support in the latest tablet. Last time we heard talk of a Tegra Note 7 successor we were told that there would be an 8-inch version, but we cannot confirm whether or not the Shield tablet is an 8-incher.

Nvidia Mocha tablet getting Shield branding?

We already wrote about the Mocha 8-inch tablet powered by a 2.1GHz TK1 chip, 2GB of memory, 7.9-inch 2048×1536 resolution screen and 16GB of storage. We can only hope that this will be the specification of Shield tablet. In case you didn’t notice, the 7.9-inch 2048×1536 resolution is what you get from Apple in the iPad mini and it is no coincidence that Nvidia chose this form factor and this resolution. If it works for Apple it should work for Nvidia, too.

Since Nvidia managed to excite quite a few fans with the Shield gaming console, it was just a matter of time before it offered a Shield tablet. We know that Tegra Note 7 was lacking 5GHz WiFi, something that Nvidia requires for Gamestream technology and with the new Shield tablet this problem has been addressed.

A Shield tablet with Gamestream support will give Nvidia what it needs – clear differentiation from hundreds of Android tablets available today. This was not the case with the Tegra Note 7, although it ships with a neat stylus which is not common on affordable Android tablets.

Second screen for gamers

With a Shield tablet Nvidia can target a niche audience that would like the ability to play some PC games via Gamestream on their beloved tablet. People complained about the resolution of the Tegra Note 7 and with the larger version Nvidia will definitely increase the resolution to 1080p or more. However, a 1920×1080 or 2048×1535 tablet won’t cost $199, it will be a bit pricier than the Tegra Note 7. It will be based on a more elaborate SoC, it needs more RAM, more storage and of course a pricier screen.

The LG G Pad 8.3 Google Play Edition tablet is currently selling for $349 which can give you an idea of the price. Nvidia’s 8-inch gaming specced tablet will probably cost between $299 and $349. Apple charges $399 for the iPad Mini with Retina. We can only speculate, but this is just something that makes sense to us considering to approximate BOM and Nvidia’s traditional margin in this space.

We expect to see the new Shield tablet in the next few months, probably around Google I/O if not at Google I/O which takes place in the last week of June.

Source

Can Qualcomm Move Forward?

Qualcomm has posted its smallest quarterly revenue increase since 2010, which saw its share price plummeting five percent in after hours trading.

Qualcomm reported its second quarter earnings on Wednesday for the three months to 30 March, and its revenue rose to $6.37bn during the period, up four percent from a year ago, with net profit up five percent to $1.97bn.

However, that was the smallest year over year percentage increase since the June quarter of 2010, when revenue declined by two percent, and was far lower than the quarterly growth rates of over 20 percent that Qualcomm investors have seen previously.

“We delivered another solid quarter, driven by demand for our leading multimode 3G/LTE chipset solutions and record licensing revenues,” said Qualcomm CEO Steve Mollenkopf in the earnings report, not mentioning that earnings reflected a much lower increase than seen in recent quarters.

“Looking forward, we are pleased to be raising our earnings per share guidance for the fiscal year. We continue to see increasing demand for our industry-leading chipsets and strong growth in calendar year 2014 of 3G/4G smartphones around the world.”

Qualcomm also forecast sales of between $6.2bn and $6.8bn for the April to June quarter, with the low end of that estimate representing a decline of one percent from a year ago.

It’s probable that while growing smartphone penetration in emerging markets is helping to keep the firm’s unit sales high, it’s also having an negative effect on Qualcomm’s average selling price (ASP) levels of mobile chipsets and devices.

Following Qualcomm’s earnings report, analysts said that the dip in revenue was attributable to a decline in sales in China as the country’s biggest network, China Mobile, prepares to launch a faster network with 4G, or LTE, technology, and customers are anticipating the launch before buying new smartphones.

Qualcomm now expects to make a profit of between $5 and $5.25 per share, five cents above its earlier projection, the firm said.

Source

Heartbleed Hits Oracle

Oracle issued a comprehensive list of its software that may or may not be impacted by the OpenSSL (secure sockets layer) vulnerability known as Heartbleed, while warning that no fixes are yet available for some likely affected products.

The list includes well over 100 products that appear to be in the clear, either because they never used the version of OpenSSL reported to be vulnerable to Heartbleed, or because they don’t use OpenSSL at all.

However, Oracle is still investigating whether another roughly 20 products, including MySQL Connector/C++, Oracle SOA Suite and Nimbula Director, are vulnerable.

Oracle determined that seven products are vulnerable and is offering fixes. These include Communications Operation Monitor, MySQL Enterprise Monitor, MySQL Enterprise Server 5.6, Oracle Communications Session Monitor, Oracle Linux 6, Oracle Mobile Security Suite and some Solaris 11.2 implementations.

Another 14 products are likely to be vulnerable, but Oracle doesn’t have fixes for them yet, according to the post. These include BlueKai, Java ME and MySQL Workbench.

Users of Oracle’s growing family of cloud services may also be able to breath easy. “It appears that both externally and internally (private) accessible applications hosted in Oracle Cloud Data Centers are currently not at risk from this vulnerability,” although Oracle continues to investigate, according to the post.

Heartbleed, which was revealed by researchers last week, can allow attackers who exploit it to steal information on systems thought to be protected by OpenSSL encryption. A fix for the vulnerable version of OpenSSL has been released and vendors and IT organizations are scrambling to patch their products and systems.

Observers consider Heartbleed one of the most serious Internet security vulnerabilities in recent times.

Meanwhile, this week Oracle also shipped 104 patches as part of its regular quarterly release.

The patch batch includes security fixes for Oracle database 11g and 12c, Fusion Middleware 11g and 12c, Fusion Applications, WebLogic Server and dozens of other products. Some 37 patches target Java SE alone.

A detailed rundown of the vulnerabilities’ relative severity has been posted to an official Oracle blog.

Source

Microsoft Updates Office Online

Microsoft is updating its Web-based Office Online suite, closing the features gap with the main Office 365 and Office 2013 suites installed on users’ devices.

“We know you want features that allow you to move as seamlessly as possible between Office Online and the desktop,” wrote Kaberi Chowdhury, an Office Online technical product manager, in a blog post Monday.

Improvements to Excel Online include the ability to insert new comments, edit and delete existing comments, and properly open and edit spreadsheets that contain Visual Basic for Applications (VBA) code.

Meanwhile, Word Online has a new “pane” where users can see all comments in a document, and reply to them or mark them as completed. It also has a refined lists feature that is better able to recognize whether users are continuing a list or starting one. In addition, footnotes and end notes can now be added more conveniently inline.

PowerPoint Online has a revamped text editor that offers a layout view that more closely resembles the look of finished slides, according to Microsoft. It also has improved performance and video functionality, including the ability to play back embedded YouTube videos.

For users of OneNote Online, Microsoft is now adding the ability to print out the notes they’ve created with the application.

Microsoft is also making Word Online, PowerPoint Online and OneNote Online available via Google’s Chrome Web Store so that Chrome browser users can add them to their Chrome App launcher. Excel Online will be added later.

The improvements in Office Online will be rolled out to users this week, starting Monday.

Office Online, which used to be called Office Web Apps, competes directly against Google Docs and other browser-based office productivity suites. It’s meant to offer users a free, lightweight, Web-based version of these four applications if they don’t have the desktop editions on the device they’re using at that moment.

Source

BlackBerry To Patch For Heartbleed

BlackBerry Ltd said it will release security updates for messaging software for Android and iOS devices by Friday to address vulnerabilities in programs related to the “Heartbleed” security threat.

Researchers last week warned they uncovered Heartbleed, a bug that targets the OpenSSL software commonly used to keep data secure, potentially allowing hackers to steal massive troves of information without leaving a trace.

Security experts initially told companies to focus on securing vulnerable websites, but have since warned about threats to technology used in data centers and on mobile devices running Google Inc’s Android software and Apple Inc’s iOS software.

Scott Totzke, BlackBerry senior vice president, told Reuters on Sunday that while the bulk of BlackBerry products do not use the vulnerable software, the company does need to update two widely used products: Secure Work Space corporate email and BBM messaging program for Android and iOS.

He said they are vulnerable to attacks by hackers if they gain access to those apps through either WiFi connections or carrier networks.

Still, he said, “The level of risk here is extremely small,” because BlackBerry’s security technology would make it difficult for a hacker to succeed in gaining data through an attack.

“It’s a very complex attack that has to be timed in a very small window,” he said, adding that it was safe to continue using those apps before an update is issued.

Google spokesman Christopher Katsaros declined comment. Officials with Apple could not be reached.

Security experts say that other mobile apps are also likely vulnerable because they use OpenSSL code.

Michael Shaulov, chief executive of Lacoon Mobile Security, said he suspects that apps that compete with BlackBerry in an area known as mobile device management are also susceptible to attack because they, too, typically use OpenSSL code.

He said mobile app developers have time to figure out which products are vulnerable and fix them.

“It will take the hackers a couple of weeks or even a month to move from ‘proof of concept’ to being able to exploit devices,” said Shaulov.

Technology firms and the U.S. government are taking the threat extremely seriously. Federal officials warned banks and other businesses on Friday to be on alert for hackers seeking to steal data exposed by the Heartbleed bug.

Companies including Cisco Systems Inc, Hewlett-Packard Co, International Business Machines Corp, Intel Corp, Juniper Networks Inc, Oracle Corp Red Hat Inc have warned customers they may be at risk. Some updates are out, while others, like BlackBerry, are rushing to get them ready.

Source

Oracle Updates NoSQL

Oracle has announced the availability of the latest edition of its NoSQL datatabase.

NoSQL is Oracle’s distributed key-value database. Now in it’s third version, the enhancements this time are heavily centred around security and business continuity.

Oracle NoSQL 3.0 features improvements in security with cluster-wide password based user authentication and integration with Oracle Wallet. Session level Secure Socket Layer (SSL) encryption and network port restriction are also included.

For disaster recovery and prevention, there’s automatic fail-over to metro-area secondary data centres, while secondary server zones can be used to offload read-only workloads to take the pressure off primary servers under stress.

For developers, there is added support for tabular data models that Oracle claims will simplify application design and improve integration with SQL based applications, while secondary indexing improves query performance.

“Oracle NoSQL 3.0 helps organisations fill the gap in skills, security and performance by delivering […] enterprise-class NoSQL database that empowers database developers and DBAs to easily, intuitively and securely build and deploy next generation applications,” said Oracle’s EVP of Database Server Technologies, Andrew Mendelsohn.

It’s already been a big week for the SQL community with NoSQL arriving on MariaDB for the first time, courtesy of a tie-up between SkySQL, Google and IBM on Tuesday, while yesterday Fusion-IO announced the use of Non-volatile memory (NVM) compression in MySQL to increase the capacity of SSD storage.

Both the community and enterprise versions of Oracle NoSQL Database 3.0 are available for download now from the Oracle Technology Network.

Source

« Previous Page — Next Page »