Verizon Wants Dish’s Spectrum

Verizon Communications Inc unit Verizon Wireless is in hot pursuit of satellite-TV operator Dish Network Corp’s spectrum to improve wireless internet speeds, the New York Post reported, citing sources familiar with the matter.

The two companies have held informal, early talks about the spectrum, the report said.

In May, Verizon Communications Chief Executive Lowell McAdam shot down rumors that the company was in potential merger talks with Dish.

Federal Communications Commission Chairman Tom Wheeler has proposed restrictions on how much the biggest wireless carriers can bid for in a major auction of TV spectrum scheduled for mid-2015.

A possible merger between Sprint Corp and T-Mobile US Inc could prompt U.S. regulators to rewrite rules they are now considering for the auction.

Source

Microsoft’s Killswitch Incoming

Responding to mounting  pressure, Google and Microsoft will follow Apple in adding an anti-theft “kill switch” to their smartphone operating systems.

The commitment comes at a time when new data shows a dramatic drop in theft of Apple iPhones and iPads after the September 2013 introduction of iOS 7, which included a kill-switch function that allows stolen devices to be remotely locked and deleted so they become useless.

In New York, iPhone theft was down 19 percent in the first five months of this year, which is almost double the 10 percent drop in overall robberies seen in the city. Over the same period, thefts of Samsung devices — which did not include a kill switch until one was introduced on Verizon-only models in April — rose by over 40 percent.

In San Francisco, robberies of iPhones were 38 percent lower in the six months after the iOS 7 introduction versus the six months before, while in London thefts over the same period were down by 24 percent. In both cities, robberies of Samsung devices increased.

“These statistics validate what we always knew to be true, that a technological solution has the potential to end the victimization of wireless consumers everywhere,” San Francisco District Attorney George Gascon told IDG News Service.

Gascon and New York State Attorney General Eric Schneiderman have been leading a push to get smartphone vendors and telecom carriers to include kill switches in their products as a way to curb phone theft.

The joint work had early success with Apple but other carriers and phone makers dragged their feet. However, resistance to the idea appears to be dropping as several bills that mandate kill switches make their way through state legislatures and the U.S. Congress.

The bills demand a function that would enable a phone owner to remotely delete and disable a phone if stolen. The function could be disabled by consumers before a theft takes place if desired, but crucially new handsets would be supplied with it switched on by default.

Source

Hackers Going After Traffic Signs

After hackers played several high-profile pranks with traffic signs, including warning San Francisco drivers of a Godzilla attack, the U.S. government advised operators of electronic highway signs to take “defensive measures” to better secure their property.

Last month, signs on San Francisco’s Van Ness Ave were photographed flashing “Godzilla Attack! Turn Back” and highway signs across North Carolina were tampered with last week to read “Hack by Sun Hacker.”

The Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team, or ICS-CERT, this week advised cities, highway operators and other customers of digital-sign maker Daktronics Inc to take “defensive measures” to minimize the possibility of similar attacks.

It said that information had been posted on the Internet advising hackers how to access those systems using default passwords coded into the company’s software. “ICS-CERT recommends entities review sign messaging, update access credentials and harden communication paths to the signs,” the agency said in an alert posted on Thursday.

Jody Huntimer, a representative for Daktronics, declined to say if the recent attacks involved the bug reported by ICS-CERT.

“We are working with the ICS-CERT team to clarify the current alert and will release a statement once we have assessed the situation and developed customer recommendations,” Huntimer said via email.

Krebs on Security, a widely read security blog, posted a confidential report from the Center for Internet Strategy, or CIS, which was sent to state security officials. It warned that the pranks created a public safety risk because drivers often slow or stop to view the signs and take pictures.

CIS also predicated that amateur hackers might attempt to hack into other systems in the coming weeks following the May 27 release of “Watch Dogs,” a video game from Ubisoft focused on hacking critical infrastructure.

Source

Is China Hurting U.S. Vendors?

Shipments of servers from Chinese vendors grew at a rapid pace while the top server vendors in the U.S. declined during the first quarter of this year.

Worldwide server shipments were 2.3 million units during the first quarter, growing by just 1.4 percent compared to the same quarter last year, according to Gartner.

Growth was driven by Chinese server vendors Huawei and Inspur Electronics, which were ranked fourth and fifth, respectively, behind the declining Hewlett-Packard, Dell and IBM.

Huawei has been in the top five for server shipments for more than a year, but Inspur Electronics is a new entrant. Inspur builds blade servers, rack servers and supercomputers, and is best known for being involved in the construction of China’s Tianhe-2, which is currently the world’s fastest supercomputer, according to Top500.org.

Chinese servers partly benefitted from the 18 percent shipment growth in the Asia-Pacific region, while shipments in other regions declined, Gartner said in a statement.

Server buying trends have changed in recent years. Companies like Facebook, Google and Amazon, which buy servers by the thousands, are bypassing established server makers and purchasing hardware directly from manufacturers like Quanta and Inventec. That trend in part led to the establishment of the Open Compute Project, a Facebook-led organization that provides server reference designs so companies can design data-center hardware in-house.

Similarly, Chinese cloud providers are building mega data centers and buying servers from local vendors instead of going to the big name brands, said Patrick Moorhead, analyst with Moor Insights and Strategy.

The trend of buying locally is partly due to the security tension between the U.S. and China, but servers from Chinese companies are also cheaper, Moorhead said.

The enterprise infrastructure is also being built out in China, resulting in a big demand for servers. There is also a growing demand for servers from little-known vendors based in Asia — also known as “white box” vendors — in other regions, Moorhead said.

Source

Is The Internet Secure?

Hacker blogger Quinn Norton is getting a lot of coverage with her blog claiming that the Internet is broken. She argues that every computer and every piece of software we use is vulnerable to hackers because of terrible security flaws. Norton blames these flaws on the fact that developers who face immense pressure to ship software quickly.

Norton says that those bugs may have been there for years unnoticed, leaving systems susceptible to attacks. One of her hacker mates accidentally took control of more than 50,000 computers in four hours after finding a security vulnerability. Another one of her colleagues accidentally shut down a factory for a day after sending a “malformed ping.”

She said that the NSA wasn’t, and isn’t, the great predator of the internet, it’s just the biggest scavenger around. It isn’t doing so well because they are all powerful math wizards of doom. The other problem is software is too complicated and the emphasis placed on security too light.

“The number of people whose job it is to make software secure can practically fit in a large bar, and I’ve watched them drink. It’s not comforting. It isn’t a matter of if you get owned, only a matter of when,” Norton said.

Source

Cisco To Launch Smart City

Officials from networking giant Cisco Systems and Kansas City, Mo., have signed a letter of intent to build out a new network for smart city services.

Elements of the project call for designing mobile apps for citizen access, digital interactive kiosks, smart street lights and video surveillance in an area called the city’s innovation district.

The project is designed to complement the city’s build out of a two-mile downtown streetcar path, Cisco said in a statement.

Kansas City, Mo. and its neighbor, Kansas City, Kans., are already getting plenty of outside attention from tech giant Google, which picked the area for its first deployment of Google Fiber, an initiative to install fiber optic cable there and in other cities.

Google won’t say how many households are connected to Google Fiber in the area, but it has already installed 6,000 miles of fiber optic cable. Meanwhile, cable provider Time Warner has provisioned 11,000 Wi-Fi hotspots for its Internet customers to use from mobile devices in various Kansas City area locales, including the popular eight-block restaurant and bar district on the edge of downtown called the Power & Light District.

While some citizen groups have been concerned that Google Fiber isn’t reaching enough low-income families in the area with gigabit fiber, there’s a general recognition by city officials that people of all income levels use smartphones and other wireless devices fairly widely. That can only help the Cisco initiative with Kansas City for wireless services.

Kansas City, Mo. Mayor Sly James said the initiative with Cisco promises to connect city services and information with visitors and residents “like never before.”

Third-party app developers will also have an opportunity to build unique and innovative apps for public use.

Cisco will use its Smart+Connected Communities reference architectures to evaluate the initiative and will work with the city and a business consultancy called Think Big Partners to manage a “living lab” incubator for the tech startup community.

Wim Elfrink, Cisco’s executive vice president of industry solutions, credited city leaders with leading the “charge on innovation in the Midwest.”

Source

Is Qualcomm In Trouble?

Qualcomm’s activities in China may lead to regulatory penalties for the chip vendor, this time from the U.S. Securities and Exchange Commission over bribery allegations.

The company is currently facing an anti-monopoly probe from Chinese authorities for allegedly overcharging clients. Qualcomm  has also said that the SEC may also consider penalizing the company, as part of an anti-corruption investigation.

The SEC’s Los Angeles Regional Office has made a preliminary decision to recommend that the SEC take action against Qualcomm for violating anti-bribery controls, the company said in its second quarter report. The accusations involve Qualcomm offering benefits to “individuals associated with Chinese state-owned companies or agencies,” the report added.

Both the SEC and the U.S. Department of Justice have been probing the company over alleged violations of the nation’s Foreign Corrupt Practices Act.

In cooperation with those official investigations, Qualcomm said it’s found instances of preferential hiring, and giving gifts and other benefits to “several individuals” with China’s state-owned companies. The gifts and benefits amounted to less than US$250,000 in value.

If the SEC takes action against Qualcomm, penalties could include giving up profits, facing injunctions, and other monetary penalties, the company said. Earlier this month, Qualcomm filed a submission with the U.S. regulator, countering any claims of wrongdoing.

Qualcomm is facing the investigations at a time when China is increasingly become a bigger part of its business. The nation is the world’s largest smartphone market, and more Chinese device manufacturers are expanding globally.

Last year, however, Chinese regulators began investigating Qualcomm due to complaints from industry groups. The company was allegedly abusing its market position and charging higher fees for its patent licensing business. In November, Chinese authorities conducted two surprise raids of Qualcomm offices in China for documents.

Chinese regulators could decide to penalize Qualcomm by confiscating financial gains made, and even imposing a fine of 1 to 10 percent on its revenues for the prior year, the company said in its quarterly report.

Source

Lavaboom Offers To Encrypt

A new webmail service named Lavaboom promises to provide easy-to-use email encryption without ever learning its users’ private encryption keys or message contents.

Lavaboom, based in Germany and founded by Felix MA1/4ller-Irion, is named after Lavabit, the now defunct encrypted email provider believed to have been used by former NSA contractor Edward Snowden. Lavabit decided to shut down its operations in August in response to a U.S. government request for its SSL private key that would have allowed the government to decrypt all user emails.

Lavaboom designed its system for end-to-end encryption, meaning that only users will be in possession of the secret keys needed to decrypt the messages they receive from others. The service will only act as a carrier for already encrypted emails.

Lavaboom calls this feature “zero-knowledge privacy” and implemented it in a way that allows emails to be encrypted and decrypted locally using JavaScript code inside users’ browsers instead of its own servers.

The goal of this implementation is to protect against upstream interception of email traffic as it travels over the Internet and to prevent Lavaboom to produce plain text emails or encryption keys if the government requests them. While this would protect against some passive data collection efforts by intelligence agencies like the NSA, it probably won’t protect against other attack techniques and exploits that such agencies have at their disposal to obtain data from computers and browsers after it was decrypted.

Security researchers have yet to weigh in on the strength of Lavaboom’s implementation. The service said on its website that it considers making parts of the code open source and that it has a small budget for security audits if any researchers are interested.

Those interested in trying out the service can request to be included in its beta testing period, scheduled to start in about two weeks.

Free Lavaboom accounts will come with 250MB of storage space and will use two-way authentication based on the public-private keypair and a password. A premium subscription will cost a!8 (around US$11) per month and will provide users with 1GB of storage space and a three-factor authentication option.

Source

Microsoft Issues New Policies

Microsoft Corp, under fire for accessing an employee’s private Hotmail account to prove he was illegally passing computer code to a blogger, has said it will now refer all suspicious activity on its email services to law enforcement.

The decision, announced by head lawyer Brad Smith on Friday, reverses Microsoft’s initial reaction to complaints last week, when it laid out a plan to refer such cases to an unidentified former federal judge, and proceed to open a suspect email account only if that person saw evidence to justify it.

“Effective immediately, if we receive information indicating that someone is using our services to traffic in stolen intellectual or physical property from Microsoft, we will not inspect a customer’s private content ourselves,” said Smith, in a blog post on the software company’s website. “Instead, we will refer the matter to law enforcement if further action is required.”

Microsoft – which has recently cast itself as a defender of customer privacy – was harshly criticized last week by civil liberties groups after court documents made public in the prosecution of Alex Kibkalo in Seattle federal court for leaking trade secrets showed that Microsoft had accessed the defendant’s email account before taking the matter to legal authorities.

The company said last week its actions were within its legal rights under the terms of use of its email services, but has now acknowledged that its actions raised concerns about customer privacy.

The issue is poignant for Microsoft, which routinely criticizes Google Inc for serving up ads based on the content of users’ Gmail correspondence.

It has also been campaigning for more transparency in the legal process through which U.S. intelligence agencies can get access to email accounts following the revelations of former National Security Agency contractor Edward Snowden.

“While our own search was clearly within our legal rights, it seems apparent that we should apply a similar principle and rely on formal legal processes for our own investigations involving people who we suspect are stealing from us,” said Smith in his blog. “Therefore, rather than inspect the private content of customers ourselves in these instances, we should turn to law enforcement and their legal procedures.”

Source

Virtru Goes Office 365

Virtru has added Microsoft’s Office 365 and Outlook Desktop services to its growing list of compatible email platforms available on its encryption product.

The company, headquartered in Washington, D.C. and launched in January, is targeting people using major email providers who want stronger privacy controls for more secure communication.

The service is designed to be easy to use for end users who may not have the technical gumption to set up PGP (Pretty Good Privacy), a standard for signing and encrypting content.

Virtru is compatible with most major webmail providers, including Google’s Gmail, Yahoo’s Mail and Microsoft’s Outlook webmail, which replaced Hotmail.

Emails sent using Virtru through those services would look like gibberish, providing a greater degree of privacy. Law enforcement or other entities would not be able to read the content unless they could obtain the key.

Virtru uses a browser extension to encrypt email on a person’s computer or mobile device. The content is decrypted after recipients receive a key, which is distributed by Virtru’s centralized key management server.

Although Virtru handles key management, the company is working on a product that would allow that task to be managed on-site for users, as some administrators would be uncomfortable with another entity managing their keys.

Virtru has said it put aside funds to contest government orders such as a National Security Letter or law enforcement request that are not based on a standard of probable cause.

Source

« Previous Page — Next Page »