Apple Changes Policy In China

Apple Inc has started the processing of keeping the personal data of some Chinese users on servers in mainland China, marking the first time the tech giant is storing user data on Chinese soil.

The storage of user data in China represents a departure from the policies of some technology companies, notably Google Inc, which has long refused to build data centers in China due to censorship and privacy concerns.

Apple said the move was part of an effort to improve the speed and reliability of its iCloud service, which lets users store pictures, e-mail and other data. Positioning data centers as close to customers as possible means faster service.

The data will be kept on servers provided by China Telecom Corp Ltd, the country’s third-largest wireless carrier, Apple said in a statement.

“Apple takes user security and privacy very seriously,” it said. “We have added China Telecom to our list of data center providers to increase bandwidth and improve performance for our customers in mainland china. All data stored with our providers is encrypted. China Telecom does not have access to the content.”

A source with knowledge of the situation said the encryption keys for Apple’s data on China Telecom servers would be stored offshore and not made available to China Telecom.

Apple has said it has devised encryption systems for services such as iMessage that even Apple itself cannot unlock. But some experts expressed scepticism that Apple would be able to withhold user data in the event of a government request.

“If they’re making out that the data is protected and secure that’s a little disingenuous because if they want to operate a business here, that’d have to comply with demands from the authorities,” said Jeremy Goldkorn, director of Danwei.com, a research firm focused on Chinese media, internet and consumers.

“On the other hand if they don’t store Chinese user data on a Chinese server they’re basically risking a crackdown from the authorities.”

Goldkorn added that data stored in the United States is subject to similar U.S. regulations where the government can use court orders to demand private data.

A spokesman for China Telecom declined to comment.

Source

The FCC Extends Deadline

U.S. Federal Communications Commission has said it would accept public comments on its proposed new “net neutrality” rules through Sept. 15, giving the American public extra time to voice their opinions and concerns on how they think Internet traffic should be regulated.

The FCC has received more than 1 million comments already on new rules for how Internet services providers should be allowed to manage web traffic on their networks.

The FCC had set a deadline of July 15 for the initial comments and then September 10 for replies to those initial comments. However, the surge in submissions overwhelmed the FCC’s website and the agency had delayed the first deadline by three business days.

“To ensure that members of the public have as much time as was initially anticipated to reply to initial comments in these proceedings, the Bureau today is extending the reply comment deadline by three business days,” the FCC said on Friday, delaying the final deadline for comments to September 15.

Source

Is Epic Turla Exploiting Windows XP?

Kaspersky Lab has discovered an espionage network that successfully attacked government institutions, intelligence agencies and European companies.

The firm has dubbed the spy operation Epic Turla, and said that it is in no doubt about its capabilities.

“Over the last 10 months, Kaspersky Lab researchers have analyzed a massive cyber-espionage operation which we call ‘Epic Turla’,” it said.

“The attackers behind Epic Turla have infected several hundred computers in more than 45 countries, including government institutions, embassies, military, education, research and pharmaceutical companies.”

Kaspersky said that Epic Turla used two zero-day exploits that affected Adobe and Microsoft software, along with some backdoor and social engineering tricks.

In particular, Kaspersky said a vulnerability in Windows XP and Windows 2003 – CVE-2013-5065 – termed a “privilege escalation vulnerability” is being used. “The CVE-2013-5065 exploit allows the backdoor to achieve administrator privileges on the system and run unrestricted. This exploit only works on unpatched Microsoft Windows XP systems.”

The use of this Windows XP flaw underlines the risk that the unsupported Windows XP OS poses. Kaspersky went on to explain that, once inside, attackers install their own rootkits and other malware tools and begin their surveillance.

“Once the attackers obtain the necessary credentials without the victim noticing, they deploy the rootkit and other extreme persistence mechanisms,” it said. “The attacks are still ongoing as of July 2014, actively targeting users in Europe and the Middle East.”

The attacks are just the latest in a long line of incidents that businesses need to be aware of as cyber attacks continue at an alarming rate.

In June the security firm Crowdstrike alerted the industry to Putter Panda, a cute-sounding but nasty piece of malware. That firm pointed an accusatory finger at China and charged it with espionage on the US and Europe.

Crowdstrike CEO George Kurtz said at the time, “China’s decade-long economic espionage campaign is massive and unrelenting. Through widespread espionage campaigns, Chinese threat actors are targeting companies and governments in every part of the globe.” Chinese authorities disputed this.

The report comes in the same week Hold Security reported uncovering a huge trove of 1.2 billion web passwords and login details that have been gathered by Russian cyber criminals.

Source

OpenSSL Gets Updated

OPENSSL, the web security layer at the center of the Heartbleed vulnerability, has been issued with a further nine critical patches.

While none are as serious as Heartbleed, patching is recommended for all users according to an advisory released today. The vulnerabilities stem from various security research teams around the web including Google, Logmein and Codenomicom, based on their reports during June and July of this year.

Among the more interesting fixes involves a flaw in the ClientHello message process. If a ClientHello message is badly fragmented, it is vulnerable to a man-in-the-middle attack which could be used to force the server to downgrade itself to the TLS 1.0 protocol, a fifteen year old and therefore pre-Heartbleed patch variant.

Other reports include memory leaks caused by denial of service attacks (DoS) and conversely, crashes caused by an attempt to free up the same portions of memory twice.

OpenSSL now has two full time coders as a result of investment by a consortium of Internet industry companies to form the Core Infrastructure Initiative, a not-for-profit group administered by the Linux Foundation. The Initiative was set up in the wake of Heartbleed, as the industry vowed to ensure such a large hole would never be left unplugged again.

While OpenSSL is used by a large number of encrypted sites, there are a number of forks of the project including LibreSSL and the recently launched Google BoringSSL.

Google recently announced that it would be lowering the page rankings of unencrypted pages in its search results as an added security measure.

Source

FCC Mandates Text-To-911

The U.S. Federal Communications Commission voted last week to require U.S. mobile carriers and many text-messaging apps to support functionality that allows texting emergency dispatch centers, even after questions about whether the centers will be ready by the deadline.

The commission’s vote requires U.S. mobile carriers and some texting apps to put emergency text-to-911 functionality in place by the end of the year.

Even though the nation’s four largest mobile carriers have all added text-to-911 functionality this year, less than 2 percent of the nation’s 6,800 emergency dispatch centers are ready to receive texts, said Commissioner Ajit Pai. The commission’s action will give smartphone users the impression they can send text to emergency responders, when many will not be able to, he said.

The FCC’s action “encourages the public to dive into text-to-911 functionality, when in reality, there’s hardly any water in the pool,” Pai said. “The order is sure to result in massive consumer confusion, and therefore will endanger, rather than advance, public safety.”

FCC Chairman Tom Wheeler applauded the largest mobile carriers — Verizon Wireless, AT&T, Sprint and T-Mobile USA — for adding text-to-911 functionality. The agency needs to push other carriers and emergency dispatch centers, called public-safety answering points or PSAPs, to do the same, he added.

“A lot of time of has passed since [the four largest] carriers stepped up and did something voluntarily, and the other carriers serving the consumers of America did not,” he said. “If you don’t step up to your responsibility, we will.”

Smartphone users should still call 911 if possible, but text-to-911 services need to be more widely available, Wheeler said.

The adoption of text-to-911 will let smartphone users contact police and other emergency responders when it’s not safe to talk on the phone, Wheeler said. It will also aid people with hearing or speech disabilities, he noted.

“Texting is now as important a function on a mobile device as talking,” Wheeler said. “Some of those text messages are cries for help.”

Source

HTTP2 Procotol Nears Completion

When it comes to amping up traffic over the Internet, sometimes too much of a good thing may not be such a good thing at all.

The Internet Engineering Task Force is putting the final touches on HTTP/2, the second version of the Hypertext Transport Protocol (HTTP). The working group has issued a last call draft, urging interested parties to voice concerns before it becomes a full Internet specification.

Not everyone is completely satisfied with the protocol however.

“There is a lot of good in this proposed standard, but I have some deep reservations about some bad and ugly aspects of the protocol,” wrote Greg Wilkins, lead developer of the open source Jetty server software, noting his concerns in a blog item posted Monday.

Others, however, praise HTTP/2 and say it is long overdue.

“A lot of our users are experimenting with the protocol,” said Owen Garrett, head of products for server software provider NGINX. “The feedback is that generally, they have seen big performance benefits.”

First created by Web originator Tim Berners-Lee and associates, HTTP quite literally powers today’s Web, providing the language for a browser to request a Web page from a server.

Version 2.0 of HTTP, based largely on the SPDY protocol developed by Google, promises to be a better fit for how people use the Web.

“The challenge with HTTP is that it is a fairly simple protocol, and it can be quite laborious to download all the resources required to render a Web page. SPDY addresses this issue,” Garrett said.

While the first generation of Web sites were largely simple and relatively small, static documents, the Web today is used as a platform for delivering applications and bandwidth intensive real-time multimedia content.

HTTP/2 speeds basic HTTP in a number of ways. HTTP/2 allows servers to send all the different elements of a requested Web page at once, eliminating the serial sets of messages that have to be sent back and forth under plain HTTP.

HTTP/2 also allows the server and the browser to compress HTTP, which cuts the amount of data that needs to be communicated between the two.

As a result, HTTP/2 “is really useful for organization with sophisticated Web sites, particularly when its users are distributed globally or using slower networks — mobile users for instance,” Garrett said.

Source

HP Increases SlateBook Pricing

Hewlett-Packard’s SlateBook 14 laptop with Google’s Android OS has started shipping on schedule, but it’s priced at $429, which is $30 more than the company had said it would cost.

The laptop, which has a 14-inch screen and Android 4.3, was announced in June. At the time, HP said it would be priced at $399.

It is available on HP’s website.

The SlateBook 14 was introduced after customers told HP they wanted laptops with Android. The laptop has an interface similar to that on Android tablets and can adjust mobile apps to run on the larger touchscreen. Users will also be able to sync laptop data with mobile devices and vice versa.

The laptop is also for those who rely on the Web for most of their computing, much like Chromebooks. It has a few advantages over Chromebooks, with support for key Android apps such as Skype. Android also boasts better wireless printing support than Chromebooks.

The laptop weighs 1.68 kilograms and offers nine hours of battery life, according to specifications on HP’s website.

It has a quad-core Tegra 4 processor, 2GB of DRAM and 16GB of storage. Connectivity features include 802.11b/g/n Wi-Fi and Bluetooth 4.0. It also has a webcam, USB 3.0 port and a micro-SD slot for expandable storage.

It could be a strong multimedia laptop with a 1920 x 1080 pixel screen and an integrated graphics processor that can handle 4K video. TVs can be connected to the laptop through an HDMI port.

Source

Chrome Climbs To Second

Google’s Chrome browser in July broke the 20% user share bar for the first time, according to recently published statistics by Web measurement vendor Net Applications.

But because the browser war is a zero-sum game, when Chrome won others had to lose. The biggest loser, as has been the case for the last year: Mozilla’s Firefox, which came dangerously close to another milestone, but on the way down.

Firefox accounted for 15.1% of the desktop and laptop personal computer browsers used in July, a low point not seen by the open-source application since October 2007, a year before Chrome debuted and when Microsoft’s Internet Explorer (IE) was only on version 7.

Chrome had flirted with the 20% mark before. More than two years ago, Chrome’s user share — a Net Applications’ measurement of the unique visitors running each browser — had come close: 19.6%. But Chrome then took a prolonged dip that only began reversing last fall.

Chrome’s July user share of 20.4% put the browser solidly in second place, but still far behind IE in Net Applications’ tallies. IE’s share last month was 58%, down slightly from the month before.

Firefox also lost user share in July, dropping half a percentage point to 15.1%. It was the ninth straight month that the desktop browser lost share. In the past three months alone, Firefox has fallen nearly two points.

The timing of the decline has been terrible, as Mozilla’s current contract with Google ends in November. That deal, which assigned Google’s search engine as the default for most Firefox customers, has generated the bulk of Mozilla’s revenue. In 2012, for example, the last year for which financial data was available, Google paid Mozilla an estimated $272 million, or 88% of all Mozilla income.

Going into this year’s contract renewal talks, Mozilla will be bargaining from a much weaker position, down 34% in total user share since July 2011.

Apple’s Safari remained in a distant fourth place behind Firefox, with a user share of 5.2%, down four-tenths of a percentage point in the last month. Meanwhile, Opera Software’s Opera browser brought up the rear with a small 1% user share.

Source

AMD’s Carrizo Goes Mobile Only

AMD’s upcoming Carrizo APU might not make it to the desktop market at all.

According to Italian tech site bitsandchips.it, citing industry sources, AMD plans to limit Carrizo to mobile parts. Furthermore the source claims Carrizo will not support DDR4 memory. We cannot confirm or deny the report at this time.

If the rumours turn out to be true, AMD will not have a new desktop platform next year. Bear in mind that Intel is doing the exact same thing by bringing 14nm silicon to mobile rather than desktop. AMD’s roadmap previously pointed to a desktop Carrizo launch in 2015.

AMD’s FM2+ socket and Kaveri derivatives would have to hold the line until 2016. The same goes for the AM3+ platform, which should also last until 2016.

Not much is known about Carrizo at the moment, hence we are not in a position to say much about the latest rumours. AMD’s first 20nm APU will be Nolan, but Carrizo will be the first 20nm big core. AMD confirmed a number of delays in a roadmap leaked last August.

The company recently confirmed its first 20nm products are coming next year. In all likelihood AMD will be selling 32nm, 28nm and 20nm parts next year.

Source

Apple-IBM Alliance Downplayed

IBM Corp’s recent move to team up with Apple Inc to sell iPhones and iPads loaded with corporate applications has excited investors in both companies, but two rivals say they are unfazed for now.

Top executives at Dell and BlackBerry Ltd scoffed at the threat posed by the alliance, arguing the tie-up is unlikely to derail the efforts of their own companies to re-invent themselves.

“I do not think that we take the Apple-IBM tie-up terribly seriously. I think it just made a good press release,” John Swainson, who heads Dell’s global software business, said in an interview with Reuters in Toronto last week.

PC maker Dell and smartphone maker BlackBerry are in the midst of reshaping their companies around software and services, as the needs of their big corporate clients morph.

Swainson, who spent over two decades in senior roles at IBM, said, “I have some trouble understanding how IBM reps are going to really help Apple very much in terms of introducing devices into their accounts. I mean candidly, they weren’t very good at doing it when it was IBM-logoed products, so I do not get how introducing Apple-logoed stuff is going to be much better.”

While conceding that Apple products hold more allure, Swainson said they lack the depth of security features that many large business clients like banks covet.

IBM and Apple could not immediately be reached for comment.

BlackBerry Chief Executive John Chen similarly downplayed the threat of the alliance in an interview with the Financial Times, likening the tie-up to when “two elephants start dancing.”

Source

« Previous Page — Next Page »