Sign up for our Technology Newsletter 
OpenSSL Gets Updated
OPENSSL, the web security layer at the center of the Heartbleed vulnerability, has been issued with a further nine critical patches.
While none are as serious as Heartbleed, patching is recommended for all users according to an advisory released today. The vulnerabilities stem from various security research teams around the web including Google, Logmein and Codenomicom, based on their reports during June and July of this year.
Among the more interesting fixes involves a flaw in the ClientHello message process. If a ClientHello message is badly fragmented, it is vulnerable to a man-in-the-middle attack which could be used to force the server to downgrade itself to the TLS 1.0 protocol, a fifteen year old and therefore pre-Heartbleed patch variant.
Other reports include memory leaks caused by denial of service attacks (DoS) and conversely, crashes caused by an attempt to free up the same portions of memory twice.
OpenSSL now has two full time coders as a result of investment by a consortium of Internet industry companies to form the Core Infrastructure Initiative, a not-for-profit group administered by the Linux Foundation. The Initiative was set up in the wake of Heartbleed, as the industry vowed to ensure such a large hole would never be left unplugged again.
While OpenSSL is used by a large number of encrypted sites, there are a number of forks of the project including LibreSSL and the recently launched Google BoringSSL.
Google recently announced that it would be lowering the page rankings of unencrypted pages in its search results as an added security measure.
Judge Rejects Silicon Valley Settlement
August 18, 2014 by admin
Filed under Around The Net
Comments Off on Judge Rejects Silicon Valley Settlement
A California judge has rejected the proposed settlement in a lawsuit over no-hire agreements used by top Silicon Valley tech firms, saying the amount being offered to compensate workers is too low.
The remaining defendants in the case — Apple, Google, Intel and Adobe Systems — had reached a deal with the worker’s lawyers to settle the case for US$324.5 million, but Judge Lucy Koh of the federal district court in San Jose, California, said that amount is too low.
After subtracting the fees for the workers’ lawyers — they’re allowed to keep up to a quarter of the award, or $81 million, as well as other money — each worker would be left with an average of only $3,750.
“The Court finds the total settlement amount falls below the range of reasonableness,” Koh wrote in her order, issued Friday.
She said she was troubled that the workers would get less money than under a previous settlement with companies that settled earlier in the case, even though the case has been progressing in the workers’ favor since then.
Last year, Intuit, Lucasfilm and Pixar settled with the workers before the case came to trial.
All of the companies were accused of striking secret deals to not poach each others’ workers, a violation of the Sherman Antitrust Act that reduced the workers’ potential to earn higher wages.
An expert hired for the case has estimated that the workers’ should receive damages of $3 billion, for wages they could have earned if the no-hire agreements hadn’t been in place.
HTTP2 Procotol Nears Completion
When it comes to amping up traffic over the Internet, sometimes too much of a good thing may not be such a good thing at all.
The Internet Engineering Task Force is putting the final touches on HTTP/2, the second version of the Hypertext Transport Protocol (HTTP). The working group has issued a last call draft, urging interested parties to voice concerns before it becomes a full Internet specification.
Not everyone is completely satisfied with the protocol however.
“There is a lot of good in this proposed standard, but I have some deep reservations about some bad and ugly aspects of the protocol,” wrote Greg Wilkins, lead developer of the open source Jetty server software, noting his concerns in a blog item posted Monday.
Others, however, praise HTTP/2 and say it is long overdue.
“A lot of our users are experimenting with the protocol,” said Owen Garrett, head of products for server software provider NGINX. “The feedback is that generally, they have seen big performance benefits.”
First created by Web originator Tim Berners-Lee and associates, HTTP quite literally powers today’s Web, providing the language for a browser to request a Web page from a server.
Version 2.0 of HTTP, based largely on the SPDY protocol developed by Google, promises to be a better fit for how people use the Web.
“The challenge with HTTP is that it is a fairly simple protocol, and it can be quite laborious to download all the resources required to render a Web page. SPDY addresses this issue,” Garrett said.
While the first generation of Web sites were largely simple and relatively small, static documents, the Web today is used as a platform for delivering applications and bandwidth intensive real-time multimedia content.
HTTP/2 speeds basic HTTP in a number of ways. HTTP/2 allows servers to send all the different elements of a requested Web page at once, eliminating the serial sets of messages that have to be sent back and forth under plain HTTP.
HTTP/2 also allows the server and the browser to compress HTTP, which cuts the amount of data that needs to be communicated between the two.
As a result, HTTP/2 “is really useful for organization with sophisticated Web sites, particularly when its users are distributed globally or using slower networks — mobile users for instance,” Garrett said.
HP Increases SlateBook Pricing
Hewlett-Packard’s SlateBook 14 laptop with Google’s Android OS has started shipping on schedule, but it’s priced at $429, which is $30 more than the company had said it would cost.
The laptop, which has a 14-inch screen and Android 4.3, was announced in June. At the time, HP said it would be priced at $399.
It is available on HP’s website.
The SlateBook 14 was introduced after customers told HP they wanted laptops with Android. The laptop has an interface similar to that on Android tablets and can adjust mobile apps to run on the larger touchscreen. Users will also be able to sync laptop data with mobile devices and vice versa.
The laptop is also for those who rely on the Web for most of their computing, much like Chromebooks. It has a few advantages over Chromebooks, with support for key Android apps such as Skype. Android also boasts better wireless printing support than Chromebooks.
The laptop weighs 1.68 kilograms and offers nine hours of battery life, according to specifications on HP’s website.
It has a quad-core Tegra 4 processor, 2GB of DRAM and 16GB of storage. Connectivity features include 802.11b/g/n Wi-Fi and Bluetooth 4.0. It also has a webcam, USB 3.0 port and a micro-SD slot for expandable storage.
It could be a strong multimedia laptop with a 1920 x 1080 pixel screen and an integrated graphics processor that can handle 4K video. TVs can be connected to the laptop through an HDMI port.
Chrome Climbs To Second
Google’s Chrome browser in July broke the 20% user share bar for the first time, according to recently published statistics by Web measurement vendor Net Applications.
But because the browser war is a zero-sum game, when Chrome won others had to lose. The biggest loser, as has been the case for the last year: Mozilla’s Firefox, which came dangerously close to another milestone, but on the way down.
Firefox accounted for 15.1% of the desktop and laptop personal computer browsers used in July, a low point not seen by the open-source application since October 2007, a year before Chrome debuted and when Microsoft’s Internet Explorer (IE) was only on version 7.
Chrome had flirted with the 20% mark before. More than two years ago, Chrome’s user share — a Net Applications’ measurement of the unique visitors running each browser — had come close: 19.6%. But Chrome then took a prolonged dip that only began reversing last fall.
Chrome’s July user share of 20.4% put the browser solidly in second place, but still far behind IE in Net Applications’ tallies. IE’s share last month was 58%, down slightly from the month before.
Firefox also lost user share in July, dropping half a percentage point to 15.1%. It was the ninth straight month that the desktop browser lost share. In the past three months alone, Firefox has fallen nearly two points.
The timing of the decline has been terrible, as Mozilla’s current contract with Google ends in November. That deal, which assigned Google’s search engine as the default for most Firefox customers, has generated the bulk of Mozilla’s revenue. In 2012, for example, the last year for which financial data was available, Google paid Mozilla an estimated $272 million, or 88% of all Mozilla income.
Going into this year’s contract renewal talks, Mozilla will be bargaining from a much weaker position, down 34% in total user share since July 2011.
Apple’s Safari remained in a distant fourth place behind Firefox, with a user share of 5.2%, down four-tenths of a percentage point in the last month. Meanwhile, Opera Software’s Opera browser brought up the rear with a small 1% user share.
Apple-IBM Alliance Downplayed
August 4, 2014 by admin
Filed under Around The Net
Comments Off on Apple-IBM Alliance Downplayed
IBM Corp’s recent move to team up with Apple Inc to sell iPhones and iPads loaded with corporate applications has excited investors in both companies, but two rivals say they are unfazed for now.
Top executives at Dell and BlackBerry Ltd scoffed at the threat posed by the alliance, arguing the tie-up is unlikely to derail the efforts of their own companies to re-invent themselves.
“I do not think that we take the Apple-IBM tie-up terribly seriously. I think it just made a good press release,” John Swainson, who heads Dell’s global software business, said in an interview with Reuters in Toronto last week.
PC maker Dell and smartphone maker BlackBerry are in the midst of reshaping their companies around software and services, as the needs of their big corporate clients morph.
Swainson, who spent over two decades in senior roles at IBM, said, “I have some trouble understanding how IBM reps are going to really help Apple very much in terms of introducing devices into their accounts. I mean candidly, they weren’t very good at doing it when it was IBM-logoed products, so I do not get how introducing Apple-logoed stuff is going to be much better.”
While conceding that Apple products hold more allure, Swainson said they lack the depth of security features that many large business clients like banks covet.
IBM and Apple could not immediately be reached for comment.
BlackBerry Chief Executive John Chen similarly downplayed the threat of the alliance in an interview with the Financial Times, likening the tie-up to when “two elephants start dancing.”
Will Twitter Release Data?
U.S. civil rights leader Rev. Jesse Jackson is urging Twitter to release its employee diversity information, which its Silicon Valley peers such as Google, Yahoo, LinkedIn and Facebook have already done.
The Rainbow Push Coalition, founded by Jackson, has also asked Twitter to signal its commitment to inclusion by hosting a public community forum to address the company’s plan to recruit and retain more African American talent.
The coalition and black empowerment group, ColorOfChange.org, plans to launch a Twitter-based campaign to challenge the company, the coalition said in a statement late last week.
On Friday at the Netroots Nation conference in Detroit, ColorofChange will lead a “Black Twitter” plenary session where activists will push out the petition campaign over Twitter and other social media.
Tech companies have been under pressure to release employee diversity data since Jackson took up the campaign to highlight the underrepresentation of African-Americans in Silicon Valley companies, starting with a delegation to Hewlett-Packard’s annual meeting of shareholders.
“….Twitter has remained silent, resisting and refusing to publicly disclose its EEO-1 workforce diversity/inclusion data,” according to the joint petition by the coalition and ColorOfChange.org.
The diversity reports are typically filed with the U.S. Equal Employment Opportunity Commission and companies are not required to make the information public.
Twitter has not commented on the matter.
Can Lenovo Succeed With Tablets?
July 31, 2014 by admin
Filed under Consumer Electronics
Comments Off on Can Lenovo Succeed With Tablets?
Lenovo on Friday said it would continue selling sub-10-in. Windows tablets in the U.S., backing away from statements it made the day before, when it said it was pulling the ThinkPad 8 from the North American market and had discontinued offering a model of the Miix 2.
“We will continue to bring new Windows devices to market across different screen sizes, including a new 8-inch tablet and 10-inch tablet coming this holiday,” Lenovo said in a press release published on its website Friday.
“Our model mix changes as per customer demand, and although we are no longer selling ThinkPad 8 in the U.S., and we have sold out of Miix 8-inch, we are not getting out of the small-screen Windows tablet business as was reported by the media (emphasis in original),” the statement continued.
On Thursday, the IDG News Service — like Computerworld, owned and operated by IDG – reported the withdrawal of the ThinkPad 8 and the 8-in. Miix from the U.S. market. The ThinkPad 8 had debuted in January at prices starting at $449, and the similarly-sized Miix had launched in October 2013.
Lenovo told IDG News that it was diverting remaining stocks of the ThinkPad 8 to other countries, including Brazil, China, and Japan, where demand was stronger for smaller Windows 8.1-powered tablets.
The China-based company, which has made impressive gains in the global market — it was the world’s largest personal computer seller during the second quarter, ahead of Hewlett-Packard and Dell, according to IDC — did not say exactly when it would return with an 8-in. device. If it begins selling the unnamed device in October, typical of OEMs that seed the channel then for the holiday sales season, it will have been absent from the market for two or more months.
Can Governments Do More?
The UK Government isn’t doing enough to warn about the risks of cybercrime on a mass level, security firm Kaspersky has claimed.
Speaking at a company roundtable event at the firm’s European hub in London on Thursday, Kaspersky security researcher David Emm said isn’t doing as much as it could be to educate people about cyber security.
“I’d like to see the government doing more to get the message out to mainstream citizens and individuals because that’s the bone in which the industry is growing; the individuals with ideas,” Emm said
“If you look at it, the recent Cyber Street Wise campaign aside, I don’t think the government is doing very much in terms of mainstream messaging and I would certainly like to see it do more.”
Emm used the example of major UK marketing campaigns promoting the dangers of drink driving as an ideal model because they have been drilled into us over the years.
“As parents, we’ve this body of common sense, such as drinks driving, and it’s drip, drip, drip, over the years that has achieved that and I think we need to get to a point where we have some body of online common sense in which business people can draw upon; there’s definitely a role for education.”
Barclay’s bank, which was also present at the roundtable, agreed with Emm.
“The government really needs to recognise this is a serious issue – if you’re bright enough to set up your own business, you’re bright enough to protect yourself,” added the firm’s MD of fraud prevention Alex Grant.
Emm concluded by saying that the government’s Cyber Street Wise campaign that was launched in January was good enough to make people aware of the risks of cybercrime in the metropolitan areas. However, he said he’d like to see the government focus more on regional areas as people in sparsely populated areas weren’t as aware of it.
Kaspersky’s roundtable took place as part of the firm’s launch of a report that found small businesses in the UK are “woefully unprepared” for an IT security breach, despite relying increasingly on mobile devices and storing critical information on computers.
The study found that nearly a third, or 31 percent, of small businesses would not know what to do if they had an IT security breach tomorrow, with four in ten saying that they would struggle to recover all data lost and a quarter admitting they would be unable to recover any.
Google, Dropbox Team Up
Google, Dropbox and a few other high-tech firms have devised a new way to help protect themselves against patent trolls.
Patent trolls, or “non-practicing entities,” are companies that buy up old patents and try to monetize them by accusing others of infringement. They usually request a one-off licensing fee to end a lawsuit, something many companies reluctantly pay because it’s cheaper than defending the claim.
The practice has become a significant problem in the high-tech field, in part because of the complex nature of modern software and hardware.
In an attempt to stop it, six high-tech companies have banded together to launch the License on Transfer Network, or LOT Network.
Members of Lotnet retain full ownership and licensing rights of their patents, but they agree to provide each other with a royalty-free license should any of the patents ever be sold.
That means if Dropbox, for instance, sells a patent on data storage to a third party, Google and the other members will first receive a license to the technology. That should insulate them from any lawsuits brought by the patent’s new owner.
Besides Google and Dropbox, the launch members include SAP, Canon, Asana and Newegg. They hope the agreement will reduce the nuisance of patent trolling.
“The LOT Network is a sort of arms control for the patent world,” said Allen Lo, deputy general counsel for patents at Google, in a statement. “By working together, we can cut down on patent litigation, allowing us to focus instead on building great products.”
The group is offering membership to other technology companies.