Brits Investigate Facebook

The British data watchdog is looking into whether Facebook Inc violated data-protection laws when it gave permission to researchers to conduct a psychological experiment on its users.

A Facebook spokesman acknowledged that the experiment on nearly 700,000 unwitting users in 2012 had upset users and said the company would change the way it handled research in future.

The study, to find if Facebook could alter the emotional state of users and prompt them to post either more positive or negative content, has caused a furor on social media, including Facebook itself.

“We’re aware of this issue and will be speaking to Facebook, as well as liaising with the Irish data protection authority, to learn more about the circumstances,” the Information Commissioner’s Office (ICO) spokesman Greg Jones said in an email.

Jones said it was too early to tell exactly what part of the law Facebook may have infringed. The company’s European headquarters is in Ireland.

The Commissioner’s Office monitors how personal data is used and has the power to force organizations to change their policies and can levy fines of up to 500,000 pounds ($839,500).

Facebook said it would work with regulators and was changing the way it handled such cases.

“It’s clear that people were upset by this study and we take responsibility for it,” Facebook spokesman Matt Steinfeld said in an email.

“The study was done with appropriate protections for people’s information and we are happy to answer any questions regulators may have.”

Source

NSA Software Reengineered

Hackers have found a way to reverse engineer the technology of the United States National Security Agency (NSA) spy gadgets.

Thanks to documents leaked by fugitive former NSA contractor and whistleblower Edward Snowden, the group has built a copycat device able to gather private data from computer systems.

The Advanced Network Technology catalogue, leaked by Snowden, is the Argos book of the NSA showing a range of toys available to agents. One such device known has a “retro reflector” had eluded identification, beyond that it acted as a bug, keylogger and screengrabber.

Michael Ossman and his team from Great Scott Gadgets, a Colorado based hacking group, decided that the best defence against such devices was to create their own to understand what makes them tick.

It transpired that the key technology being used is called software defined radio (SDR), an approach that uses software to generate radio transmissions through signal processing, doing away with a lot of hardware circuitry.

“SDR lets you engineer a radio system of any type you like really quickly so you can research wireless security in any radio format,” Ossmann told New Scientist.

The technique can be used for almost any type of radio signal and therefore the devices are capable of tracking anything, from what you’re listening to through a Bluetooth headset to the binary signals of your internet traffic.

The group, which will demonstrate its work at the Defon hacking conference in Las Vegas, runs a website at NSAplayset.org that is a repository for all of the information it gathered.

Source

Will MasterCard Sell Big Data?

MasterCard Inc, the world’s second-largest credit card association, sees business booming from selling data to retailers, banks and governments on spending patterns found in the payments it processes, a top executive told Reuters.

MasterCard, which handles payments for 2 billion cardholders and tens of millions of merchants, uses that information to generate real-time data on consumer trends, available more quickly that regular government statistics.

“It is an incredibly fast growing area for us,” Ann Cairns, who heads MasterCard’s business outside North America, said in an interview, stressing that the company respects cardholder privacy, using anonymous data rather than personal information.

MasterCard does not give figures for its information services products but “other revenues”, which include the sale of data, grew 22 percent in the first quarter of 2014 to $341 million, outpacing the growth of total revenue dominated by payments processing, which rose 14 percent to $2.177 billion.

Cairns said clients for the data include retailers, banks and governments, with MasterCard tailoring it to their needs.

“Retailers are fantastic at using the data they have available about how people shop in their store, how their inventory turns over, but what they don’t know is what happens outside their store,” she said. “The data we’ve got is ubiquitous across the whole market. We can help retailers see what they need to do to capture more sales.”

Cairns, 57, a statistician by training who joined MasterCard in 2011 after helping manage the disposal of Lehman Brothers assets in Europe, revels in the insights real-time card data can provide, such as London’s popularity as the world’s top travel destination and a rise in spending on experiences such as eating out or going on holiday rather than shopping in stores.

MasterCard has recorded a spike in spending in Brazil on groceries and a drop in spending on luxury goods as the price of food has risen ahead of the World Cup, she said, the kind of insight valued by companies such as Nike and Adidas that are hoping to sell $300 soccer boots during the competition.

While MasterCard expands in “big data”, Cairns sees no slowdown in its traditional business of processing payments, with plenty of potential for growth as 85 percent of consumer transactions are still made by cash or check.

“Moving money and doing it safely and securely is so deeply cared about by so many people around the world that it will be a business that has fantastic value now and for years to come,” said Cairns, who previously worked at Citigroup and ABN Amro.

Source

Blackberry Goes Infotainment

Blackberry’s QNX Software Systems has announced a partnership that will allow its infotainment system to be placed in car’s digital instrument clusters.

The technology will allow drivers to see their music lists and album art, turn-by-turn navigation directions and local news in between instruments such as the speedometer and tachometer.

BlackBerry announced its collaboration with Rightware, a maker of automotiveuser interface design tools, at the Telematics Detroit show here. The collaboration combines the QNX Neutrino operating system and the Rightware Kanzi user interface.

QNX demonstrated the instrument cluster in a Mercedes-Benz concept car. The system also uses MirrorLink, an industry standard for the integration ofsmartphones into infotainment systems. The system is able to mirror Android-based smartphones to both the infotainment center on the console and the instrument cluster display.

With the MirrorLink connection, the instrument cluster can display realtime information, such as local speed limits, turn-by-turn directions, traffic reports and incoming phone calls. Because the cluster is fully digital, it can dynamically change views, highlighting the most important information and using advanced visualizations to help the driver process information more quickly.

“QNX Software Systems and Rightware have already worked together on successful production programs, including the exciting new Audi virtual cockpit,” said Peter McCarthy, director of global alliances for QNX.

With the Kanzi software, developers can create UIs with photorealistic, real-time 2D and 3D graphics. The QNX OS enables the Kanzi UI to access vehicle data and services, including navigation, multimedia, speed, RPM, and car diagnostics. It essentially provides an abstraction layer based on QNX’s persistent publish/subscribe (PPS) technology.

Source

Is Google Diverse?

Google Inc  shared the gender and ethnic makeup of its 50,000-strong workforce on Wednesday, disclosing a significantly below-average proportion of minorities and women employees that it said was “miles from where we want to be.”

Google’s disclosure of its workforce demographics represented a rare move for a U.S. company, even if the figures came as no surprise to those familiar with Silicon Valley, an industry long scrutinized for its lack of diversity. Blacks and Hispanics made up just 2 and 3 percent of overall employees at Google, respectively, while women accounted for 30 percent, the company said in a detailed blogpost.

That compares with the U.S. workforce average of about 47 percent women in 2012, according to the Department of Labor. For blacks and people of Hispanic descent, it was 12 and 16 percent, respectively.

“Put simply, Google is not where we want to be when it comes to diversity, and it’s hard to address these kinds of challenges if you’re not prepared to discuss them openly, and with the facts,” Laszlo Bock, senior vice president of people operations,said in the blog posting.

The employment gaps for women and minorities in the tech sector may stem from education, Bock said. Women earn roughly 18 percent of all computer science degrees in the United States; blacks and Hispanics make up less than 10 percent of U.S. college grads and collect fewer than 5 percent of degrees in computer science majors, respectively, he argued.

But Bock, who added that Google has donated more than $40 million to organizations promoting computer science education among women, said Google recognized the extent of the internal problem and was open to discussion about possible solutions.

Source

Is The Internet Secure?

Hacker blogger Quinn Norton is getting a lot of coverage with her blog claiming that the Internet is broken. She argues that every computer and every piece of software we use is vulnerable to hackers because of terrible security flaws. Norton blames these flaws on the fact that developers who face immense pressure to ship software quickly.

Norton says that those bugs may have been there for years unnoticed, leaving systems susceptible to attacks. One of her hacker mates accidentally took control of more than 50,000 computers in four hours after finding a security vulnerability. Another one of her colleagues accidentally shut down a factory for a day after sending a “malformed ping.”

She said that the NSA wasn’t, and isn’t, the great predator of the internet, it’s just the biggest scavenger around. It isn’t doing so well because they are all powerful math wizards of doom. The other problem is software is too complicated and the emphasis placed on security too light.

“The number of people whose job it is to make software secure can practically fit in a large bar, and I’ve watched them drink. It’s not comforting. It isn’t a matter of if you get owned, only a matter of when,” Norton said.

Source

PoS Cyber Attacks Up In 2013

A third of data intrusion investigated by security firm Trustwave last year involved compromises of point-of-sale (POS) systems and over half of all intrusions targeted payment card data.

Even though POS systems remained a significant target for attackers, as suggested by several high-profile data breaches disclosed by large retailers over the past six months, the largest number of data theft incidents last year actually involved e-commerce sites, Trustwave said Wednesday in a report that compiled data from 691 data breach investigations conducted by the company around the world.

E-commerce intrusions accounted for 54 percent of investigated data breaches and POS system intrusions accounted for 33 percent, Trustwave said. A separate report published by Verizon in April also pointed to Web application and PoS attacks as leading causes of security incidents with confirmed data disclosure last year.

According to Trustwave, over half of intrusions targeted payment-card data, with such data being stolen from e-commerce transactions in 36 percent of incidents and from POS transactions in 19 percent of attacks.

In Western Europe in particular, where countries have rolled out EMV — chip-and-PIN payment card transactions — cybercriminals shifted their focus from POS devices to e-commerce platforms, said John Yeo, EMEA Director at Trustwave. “EMV has changed the pattern of compromises when it comes to payment-card-specific data.”

However, a significant increase in the theft of sensitive, non-payment-card data, was also observed last year. This data includes financial credentials, personally identifiable information, merchant ID numbers and internal company communications, and was stolen in 45 percent of incidents, Trustwave said in the report.

Customer records containing personally identifiable information can possibly be used to perpetrate identity fraud and are sought after on the black market, so that’s why there’s been an uptick in attacks focusing on such data, Yeo said.

Only about a third of victim companies were able to self-detect data breaches, Trustwave found. In 58 percent of cases, breaches were identified by regulatory bodies, the credit card companies or merchant banks.

Source

Many Websites Still Exposed

The world’s top 1,000 websites have been updated to protect their servers against the “Heartbleed” vulnerability, but up to 2% of the top million remained unprotected as of last week, according to a California security firm.

On Thursday, Menifee, Calif.-based Sucuri Security scanned the top 1 million websites as ranked by Alexa Internet, a subsidiary of Amazon that collects Web traffic data.

Of the top 1,000 Alexa sites, all were either immune or had been patched with the newest OpenSSL libraries, confirmed Daniel Cid, Sucuri’s chief technology officer, in a Sunday email.

Heartbleed, the nickname for the flaw in OpenSSL, an open-source cryptographic library that enables SSL (Secure Sockets Layer) or TLS (Transport Security Layer) encryption, was discovered independently by Neel Mehta, a Google security engineer, and researchers from security firm Codenomicon earlier this month.

The bug had been introduced in OpenSSL in late 2011.

Because of OpenSSL’s widespread use by websites — many relied on it to encrypt traffic between their servers and customers — and the very stealthy nature of its exploit, security experts worried that cyber criminals either had, or could, capture usernames, passwords,\ and even encryption keys used by site servers.

The OpenSSL project issued a patch for the bug on April 7, setting off a rush to patch the software on servers and in some client operating systems.

The vast majority of vulnerable servers had been patched as of April 17, Sucuri said in a blog postthat day.

While all of the top 1,000 sites ranked by Alexa were immune to the exploit by then, as Sucuri went down the list and scanned smaller sites, it found an increasing number still vulnerable. Of the top 10,000, 0.53% were vulnerable, as were 1.5% of the top 100,000 and 2% of the top 1 million.

Other scans found similar percentages of websites open to attack: On Friday, San Diego-based Websense said about 1.6% of the top 50,000 sites as ranked by Alexa remained vulnerable.

Since it’s conceivable that some sites’ encryption keys have been compromised, security experts urged website owners to obtain new SSL certificates and keys, and advised users to be wary of browsing to sites that had not done so.

Sucuri’s scan did not examine sites to see whether they had been reissued new certificates, but Cid said that another swing through the Web, perhaps this week, would. “I bet the results will be much much worse on that one,” Cid said.

Source

Can Plastic Replace Silicon?

Can plastic materials morph into computers? A research breakthrough recently published brings such a possibility closer to reality.

Researchers are looking at the possibility of making low-power, flexible and inexpensive computers out of plastic materials. Plastic is not normally a good conductive material. However, researchers said this week that they have solved a problem related to reading data.

The research, which involved converting electricity from magnetic film to optics so data could be read through plastic material, was conducted by researchers at the University of Iowa and New York University. A paper on the research was published in this week’s Nature Communications journal.

More research is needed before plastic computers become practical, acknowledged Michael Flatte, professor of physics and astronomy at the University of Iowa. Problems related to writing and processing data need to be solved before plastic computers can be commercially viable.

Plastic computers, however, could conceivably be used in smartphones, sensors, wearable products, small electronics or solar cells, Flatte said.

The computers would have basic processing, data gathering and transmission capabilities but won’t replace silicon used in the fastest computers today. However, the plastic material could be cheaper to produce as it wouldn’t require silicon fab plants, and possibly could supplement faster silicon components in mobile devices or sensors.

“The initial types of inexpensive computers envisioned are things like RFID, but with much more computing power and information storage, or distributed sensors,” Flatte said. One such implementation might be a large agricultural field with independent temperature sensors made from these devices, distributed at hundreds of places around the field, he said.

The research breakthrough this week is an important step in giving plastic computers the sensor-like ability to store data, locally process the information and report data back to a central computer.

Mobile phones, which demand more computing power than sensors, will require more advances because communication requires microwave emissions usually produced by higher-speed transistors than have been made with plastic.

It’s difficult for plastic to compete in the electronics area because silicon is such an effective technology, Flatte acknowledged. But there are applications where the flexibility of plastic could be advantageous, he said, raising the possibility of plastic computers being information processors in refrigerators or other common home electronics.

“This won’t be faster or smaller, but it will be cheaper and lower power, we hope,” Flatte said.

Source

BlackBerry To Patch For Heartbleed

BlackBerry Ltd said it will release security updates for messaging software for Android and iOS devices by Friday to address vulnerabilities in programs related to the “Heartbleed” security threat.

Researchers last week warned they uncovered Heartbleed, a bug that targets the OpenSSL software commonly used to keep data secure, potentially allowing hackers to steal massive troves of information without leaving a trace.

Security experts initially told companies to focus on securing vulnerable websites, but have since warned about threats to technology used in data centers and on mobile devices running Google Inc’s Android software and Apple Inc’s iOS software.

Scott Totzke, BlackBerry senior vice president, told Reuters on Sunday that while the bulk of BlackBerry products do not use the vulnerable software, the company does need to update two widely used products: Secure Work Space corporate email and BBM messaging program for Android and iOS.

He said they are vulnerable to attacks by hackers if they gain access to those apps through either WiFi connections or carrier networks.

Still, he said, “The level of risk here is extremely small,” because BlackBerry’s security technology would make it difficult for a hacker to succeed in gaining data through an attack.

“It’s a very complex attack that has to be timed in a very small window,” he said, adding that it was safe to continue using those apps before an update is issued.

Google spokesman Christopher Katsaros declined comment. Officials with Apple could not be reached.

Security experts say that other mobile apps are also likely vulnerable because they use OpenSSL code.

Michael Shaulov, chief executive of Lacoon Mobile Security, said he suspects that apps that compete with BlackBerry in an area known as mobile device management are also susceptible to attack because they, too, typically use OpenSSL code.

He said mobile app developers have time to figure out which products are vulnerable and fix them.

“It will take the hackers a couple of weeks or even a month to move from ‘proof of concept’ to being able to exploit devices,” said Shaulov.

Technology firms and the U.S. government are taking the threat extremely seriously. Federal officials warned banks and other businesses on Friday to be on alert for hackers seeking to steal data exposed by the Heartbleed bug.

Companies including Cisco Systems Inc, Hewlett-Packard Co, International Business Machines Corp, Intel Corp, Juniper Networks Inc, Oracle Corp Red Hat Inc have warned customers they may be at risk. Some updates are out, while others, like BlackBerry, are rushing to get them ready.

Source

« Previous Page — Next Page »