Sign up for our Technology Newsletter 
BlackBerry To Patch For Heartbleed
BlackBerry Ltd said it will release security updates for messaging software for Android and iOS devices by Friday to address vulnerabilities in programs related to the “Heartbleed” security threat.
Researchers last week warned they uncovered Heartbleed, a bug that targets the OpenSSL software commonly used to keep data secure, potentially allowing hackers to steal massive troves of information without leaving a trace.
Security experts initially told companies to focus on securing vulnerable websites, but have since warned about threats to technology used in data centers and on mobile devices running Google Inc’s Android software and Apple Inc’s iOS software.
Scott Totzke, BlackBerry senior vice president, told Reuters on Sunday that while the bulk of BlackBerry products do not use the vulnerable software, the company does need to update two widely used products: Secure Work Space corporate email and BBM messaging program for Android and iOS.
He said they are vulnerable to attacks by hackers if they gain access to those apps through either WiFi connections or carrier networks.
Still, he said, “The level of risk here is extremely small,” because BlackBerry’s security technology would make it difficult for a hacker to succeed in gaining data through an attack.
“It’s a very complex attack that has to be timed in a very small window,” he said, adding that it was safe to continue using those apps before an update is issued.
Google spokesman Christopher Katsaros declined comment. Officials with Apple could not be reached.
Security experts say that other mobile apps are also likely vulnerable because they use OpenSSL code.
Michael Shaulov, chief executive of Lacoon Mobile Security, said he suspects that apps that compete with BlackBerry in an area known as mobile device management are also susceptible to attack because they, too, typically use OpenSSL code.
He said mobile app developers have time to figure out which products are vulnerable and fix them.
“It will take the hackers a couple of weeks or even a month to move from ‘proof of concept’ to being able to exploit devices,” said Shaulov.
Technology firms and the U.S. government are taking the threat extremely seriously. Federal officials warned banks and other businesses on Friday to be on alert for hackers seeking to steal data exposed by the Heartbleed bug.
Companies including Cisco Systems Inc, Hewlett-Packard Co, International Business Machines Corp, Intel Corp, Juniper Networks Inc, Oracle Corp Red Hat Inc have warned customers they may be at risk. Some updates are out, while others, like BlackBerry, are rushing to get them ready.
Oracle Updates NoSQL
Oracle has announced the availability of the latest edition of its NoSQL datatabase.
NoSQL is Oracle’s distributed key-value database. Now in it’s third version, the enhancements this time are heavily centred around security and business continuity.
Oracle NoSQL 3.0 features improvements in security with cluster-wide password based user authentication and integration with Oracle Wallet. Session level Secure Socket Layer (SSL) encryption and network port restriction are also included.
For disaster recovery and prevention, there’s automatic fail-over to metro-area secondary data centres, while secondary server zones can be used to offload read-only workloads to take the pressure off primary servers under stress.
For developers, there is added support for tabular data models that Oracle claims will simplify application design and improve integration with SQL based applications, while secondary indexing improves query performance.
“Oracle NoSQL 3.0 helps organisations fill the gap in skills, security and performance by delivering […] enterprise-class NoSQL database that empowers database developers and DBAs to easily, intuitively and securely build and deploy next generation applications,” said Oracle’s EVP of Database Server Technologies, Andrew Mendelsohn.
It’s already been a big week for the SQL community with NoSQL arriving on MariaDB for the first time, courtesy of a tie-up between SkySQL, Google and IBM on Tuesday, while yesterday Fusion-IO announced the use of Non-volatile memory (NVM) compression in MySQL to increase the capacity of SSD storage.
Both the community and enterprise versions of Oracle NoSQL Database 3.0 are available for download now from the Oracle Technology Network.
SkySQL Joins IBM On SQL Merger
SkySQL has announced a line of MariaDB products that combine NoSQL and SQL technology, offering users the ability to handle large unstructured data sets alongside traditional database features to ensure data consistency.
Available immediately, MariaDB Enterprise 2 and MariaDB Enterprise Cluster 2 are based on the code used in the firm’s MariaDB 10 database server, which it also released today.
According to SkySQL, the availability of an enterprise grade SQL database system with NoSQL interoperability will be a game changer for developers building revenue generating applications and database administrators in charge of large, complex environments.
The two new products have been developed with support from other partners in the open source community, including Red Hat, IBM and Google, according to the firm, and are aimed at giving IT managers more options for managing large volumes of data.
In fact, Red Hat will use MariaDB Enterprise 2 as the default database for its enterprise customers, while Google has also moved large parts of its infrastructure to MariaDB, according to Dion Cornett, VP of Global Sales for SkySQL .
Cornett said that customers have been using a wide variety of databases over the past few years in order to meet the diverse requirements of applications.
“The types of applications have evolved over time, and the challenge we now have today is that people have different IT stack structures, and trying to integrate all that has been very challenging and required lots of custom code to be created. What we’re doing with MariaDB is introduce an array of features to combine the best of both worlds,” he said.
The features are designed to allow developers and database administrators to take many different data structures and integrate them and use them in a cohesive application, in the same way that standard database tools presently allow.
These include the Connect Storage Engine, which enables access to a wide variety of file formats such as XML and CSV files, and the ability to run familiar SQL commands against that data.
A key feature is dynamic columns, which enables MariaDB to “smartly interpret” incoming data and adapt it to the data structure that best fits, according to Cornett.
“At a technical level what you’re actually looking at are files within the cells of information that can vary in size, which is not a capability you’ve traditionally had in databases and that flexibility is a big leap forward,” he said.
The new MariaDB products can also plug into the Apache Cassandra storage engine, which can take a columnar data store and read or write against it like it is a traditional SQL table.
An example of how MariaDB Enterprise 2 might be used is if a service provider has a large-scale video server and wants to combine that with billing information, Cornett said.
“The customer’s video history and what they’re consuming could be very unstructured, but the billing structure will be very fixed, and it has been something of a challenge to bring the two of those together up to this point,” he explained.
Can DirectX-12 Give Mobile A Boot?
Microsoft announced DirectX 12 just a few days ago and for the first time Redmond’s API is relevant beyond the PC space. Some DirectX 12 tech will end up in phones and of course Windows tablets.
Qualcomm likes the idea, along with Nvidia. Qualcomm published an blog post on the potential impact of DirectX 12 on the mobile industry and the takeaway is very positive indeed.
DirectX 12 equals less overhead, more battery life
Qualcomm says it has worked closely with Microsoft to optimise “Windows mobile operating systems” and make the most of Adreno graphics. The chipmaker points out that current Snapdragon chipsets already support DirectX 9.3 and DirectX 11. However, the transition to DirectX 12 will make a huge difference.
“DirectX 12 will turbocharge gaming on Snapdragon enabled devices in many ways. Just a few years ago, our Snapdragon processors featured one CPU core, now most Snapdragon processors offer four. The new libraries and API’s in DirectX 12 make more efficient use of these multiple cores to deliver better performance,” Qualcomm said.
DirectX 12 will also allow the GPU to be used more efficiently, delivering superior performance per watt.
“That means games will look better and deliver longer gameplay longer on a single charge,” Qualcomm’s gaming and graphics director Jim Merrick added.
What about eye candy?
Any improvement in efficiency also tends to have a positive effect on overall quality. Developers can get more out of existing hardware, they will have more resources at their disposal, simple as that.
Qualcomm also points out that DirectX 12 is also the first version to launch on Microsoft’s mobile operating systems at the same time as its desktop and console counterparts.
The company believes this emphasizes the growing shift and consumer demand for mobile gaming. However, it will also make it easier to port desktop and console games to mobile platforms.
Of course, this does not mean that we’ll be able to play Titanfall on a Nokia Lumia, or that similarly demanding titles can be ported. However, it will speed up development and allow developers and publishers to recycle resources used in console and PC games. Since Windows Phone isn’t exactly the biggest mobile platform out there, this might be very helpful and it might attract more developers.
Intel Buys Into Altera
Technology gossip columns are full of news that Intel and Altera have expanded their relationship. Apparently, Altera has been Intel’s shoulder to cry on as the chip giant seeks to move beyond the declining PC market and the breakup of the Wintel alliance. Intel took the break up very hard and there was talk that Alteria might be just a rebound thing.
Last year Intel announced that it would manufacture Altera’s ARM-based quad-core Stratix 10 processors, as part of its efforts to grow its foundry business to make silicon products for third parties. Now the two vendors are expanding the relationship to include multi-die devices integrating Altera’s field-programmable gate arrays (FPGAs) and systems-on-a-chip (SoCs) with a range of other components, from memory to ASICs to processors.
Multi-die devices can drive down production costs and improve performance and energy efficiency of chips for everything from high-performance servers to communications systems. The multi-die devices will take advantage of the Stratix 10 programmable chips that Intel is manufacturing for Altera with its 14-nanometer Tri-Gate process. Intel’s three-dimensional transistor architecture combined with Altera’s FPGA redundancy technology leads to Altera being able to create a highly dense and energy efficient programmable chip die that can offer better integration of components.
At the same time, Intel officials are looking for ways to make more cash from its manufacturing capabilities, including growing its foundry business by making chips for other vendors. CEO Brian Krzanich and other Intel executives have said they will manufacture third-party chips even if they are based on competing infrastructure, which is the case with Altera and its ARM-based chips.
nVidia Goes For Raspberry Pi
nVidia has unveiled what it claims is “the world’s first mobile supercomputer”, a development kit powered by a Tegra K1 chip.
Dubbed the Jetson TK1, the kit is built for embedded systems to aid the development of computers attempting to simulate human recognition of physical objects, such as robots and self-driving cars.
Speaking at the GPU Technology Conference (GTC) on Tuesday, Nvidia co-founder and CEO Jen Hsun Huang described it as “the world’s tiniest little supercomputer”, noting that it’s capable of running anything the Geforce GTX Titan Z graphics card can run, but at a slower pace.
With a total performance of 326 GFLOPS, the Jetson TK1 should be more powerful than the Raspberry Pi board, which delivers just 24 GFLOPS, but will retail for much more, costing $192 in the US – a number that matches the number of cores in the Tegra K1 processor that Nvidia launched at CES in Las Vegas in January.
Described by the company as a “super chip” that can bridge the gap between mobile computing and supercomputing, the Nvidia Tegra K1, which replaces the Tegra 4, is based on the firm’s Kepler GPU architecture.
The firm boasted at CES that the chip will be capable of bringing next-generation PC gaming to mobile devices, and Nvidia claimed that it will be able to match the PS4 and Xbox One consoles’ graphics performance.
Designed from the ground up for CUDA, which now has more than 100,000 developers, the Jetson TK1 Developer Kit includes the programming tools required by software developers to develop and deploy compute-intensive systems quickly, Nvidia claimed.
“The Jetson TK1 also comes with this new SDK called Vision Works. Stacked onto CUDA, it comes with a whole bunch of primitives whether it’s recognising corners or detecting edges, or it could be classifying objects. Parameters are loaded into this Vision Works primitives system and all of a sudden it recognises objects,” Huang said.
“On top of it, there’s simple pipe lines we’ve created for you in sample code so that it helps you get started on what a structure for motion algorithm, object detection, object tracking algorithms would look like and on top of that you could develop your own application.”
Nvidia also expects the Jetson TK1 to be able to operate in the sub-10 Watt market for applications that previously consumed 100 Watts or more.
Malware Targets Job-seekers
April 10, 2014 by admin
Filed under Around The Net
Comments Off on Malware Targets Job-seekers
A new version of the Gameover computer Trojan is targeting job hunters and recruiters by attempting to steal log-in credentials for Monster.com and CareerBuilder.com accounts.
Gameover is one of several Trojan programs that are based on the infamous Zeus banking malware, whose source code was leaked on the Internet in 2011. Like Zeus, Gameover can steal log-in credentials and other sensitive information by injecting rogue Web forms into legitimate websites when accessed from infected computers.
The ability to inject content into browsing sessions in real time has traditionally been used by computer Trojans to steal online banking credentials and financial information. However, cybercriminals are increasingly using this technique to compromise other types of accounts as well.
For example, in February, researchers from security firm Adallom found a Zeus variant that stole Salesforce.com log-in credentials and scraped business data from the compromised accounts.
The latest development involves a new Gameover variant that contains a configuration file to target Monster.com accounts, one of the largest employment websites in the world, security researchers from antivirus firm F-Secure said.
“A computer infected with Gameover ZeuS will inject a new ‘Sign In’ button [into the Monster.com sign-in page], but the page looks otherwise identical,” they said.
After the victims authenticate through the rogue Web form the malware injects a second page that asks them to select and answer three security questions out of 18. The answers to these questions expose additional personal information and potentially enable attackers to bypass the identity verification process.
Targeting Monster.com is a new development, but the Gameover malware had already been targeting CareerBuilder.com, another large employment website, for some time.
Recruiters with accounts on employment websites should be wary of irregularities on log-in pages, especially if those accounts are tied to bank accounts and spending budgets, the F-Secure researchers said. “It wouldn’t be a bad idea for sites such as Monster to introduce two factor authentication beyond mere security questions.”
The authors of the Gameover Trojan program have been particularly active recently. In early February researchers from security firm Malcovery Security reported that a new variant of Gameover was being distributed as an encrypted .enc file in order to bypass network-level defenses. Later that month researchers from Sophos detected a Gameover variant with a kernel-level rootkit component that protected its files and processes, making it harder to remove.
Unlike most other Zeus spinoffs, Gameover is also using peer-to-peer technology for command-and-control instead of traditional hosted servers, which improves its resilience to takedown efforts by security researchers.
IT Dissatisfaction Growing
Companies want to reduce spending on IT operations and infrastructure and shift resources to revenue-producing areas, according to two new studies. But businesses leaders and IT executives are also registering higher levels of dissatisfaction with IT as more demands are placed on technology.
The reports, by the Hackett Group and McKinsey & Co., both agree that business executives want IT to do more to improve the bottom line while companies spend less on infrastructure in the process.
The bad news for people who work in IT operations is that large businesses expect to cut IT staff positions by about 2% this year, thanks to automation and outsourcing, according the Hackett’s survey of 160 businesses with revenues above $1 billion.
One path to improved automation will likely be through adoption of software-defined infrastructures, something Bank of America plans to do.
IT budgets will grow by 1.7% this year as IT pivots, increasingly, from a service-providing operation to a revenue-generating one, the Hackett Group said in its study.
IT managers are being told that “you’ve got to grow the business, not just run the business,” said Mark Peacock, an IT transformation practice leader and principal at Hackett.
McKinsey & Co., in its online survey of more than 800 executives — with 345 having a technology focus — also found that executives want less of their budgets to go to infrastructure so more resources can be shifted to analytics and innovation.
The McKinsey survey found that business executives are less likely to say now that IT performs effectively, compared to their views two years ago.
“The IT executives are even more negative,” wrote McKinsey, with only 13% of them saying their IT organizations “are completely or very effective at introducing new technologies faster or more effectively than competitors.” That percentage was down from 22% in 2012.
The negative results “likely reflect the overall rising expectations for corporate IT,” wrote McKinsey.
When asked how to fix IT shortcomings, respondents cited improved business accountability, more funds for priority projects and a higher the level of IT talent, the report said.
The Hackett Group survey didn’t report on dissatisfaction, but it did find that the top goal for IT organizations this year is “to strengthen partnership and goal alignment between IT and the business.”
Virtru Goes Office 365
April 8, 2014 by admin
Filed under Around The Net
Comments Off on Virtru Goes Office 365
Virtru has added Microsoft’s Office 365 and Outlook Desktop services to its growing list of compatible email platforms available on its encryption product.
The company, headquartered in Washington, D.C. and launched in January, is targeting people using major email providers who want stronger privacy controls for more secure communication.
The service is designed to be easy to use for end users who may not have the technical gumption to set up PGP (Pretty Good Privacy), a standard for signing and encrypting content.
Virtru is compatible with most major webmail providers, including Google’s Gmail, Yahoo’s Mail and Microsoft’s Outlook webmail, which replaced Hotmail.
Emails sent using Virtru through those services would look like gibberish, providing a greater degree of privacy. Law enforcement or other entities would not be able to read the content unless they could obtain the key.
Virtru uses a browser extension to encrypt email on a person’s computer or mobile device. The content is decrypted after recipients receive a key, which is distributed by Virtru’s centralized key management server.
Although Virtru handles key management, the company is working on a product that would allow that task to be managed on-site for users, as some administrators would be uncomfortable with another entity managing their keys.
Virtru has said it put aside funds to contest government orders such as a National Security Letter or law enforcement request that are not based on a standard of probable cause.
AMD, Intel & nVidia Go OpenGL
AMD, Intel and Nvidia teamed up to tout the advantages of the OpenGL multi-platform application programming interface (API) at this year’s Game Developers Conference (GDC).
Sharing a stage at the event in San Francisco, the three major chip designers explained how, with a little tuning, OpenGL can offer developers between seven and 15 times better performance as opposed to the more widely recognised increases of 1.3 times.
AMD manager of software development Graham Sellers, Intel graphics software engineer Tim Foley and Nvidia OpenGL engineer Cass Everitt and senior software engineer John McDonald presented their OpenGL techniques on real-world devices to demonstrate how these techniques are suitable for use across multiple platforms.
During the presentation, Intel’s Foley talked up three techniques that can help OpenGL increase performance and reduce driver overhead: persistent-mapped buffers for faster streaming of dynamic geometry, integrating Multidrawindirect (MDI) for faster submission of many draw calls, and packing 2D textures into arrays, so texture changes no longer break batches.
They also mentioned during their presentation that with proper implementations of these high-level OpenGL techniques, driver overhead could be reduced to almost zero. This is something that Nvidia’s software engineers have already claimed is impossible with Direct3D and only possible with OpenGL (see video below).
Nvidia’s VP of game content and technology, Ashu Rege, blogged his account of the GDC joint session on the Nvidia blog.
“The techniques presented apply to all major vendors and are suitable for use across multiple platforms,” Rege wrote.
“OpenGL can cut through the driver overhead that has been a frustrating reality for game developers since the beginning of the PC game industry. On desktop systems, driver overhead can decrease frame rate. On mobile devices, however, driver overhead is even more insidious, robbing both battery life and frame rate.”
The slides from the talk, entitled Approaching Zero Driver Overhead, are embedded below.
At the Game Developers Conference (GDC), Microsoft also unveiled the latest version of its graphics API, Directx 12, with Direct3D 12 for more efficient gaming.
Showing off the new Directx 12 API during a demo of Xbox One racing game Forza 5 running on a PC with an Nvidia Geforce Titan Black graphics card, Microsoft said Directx 12 gives applications the ability to directly manage resources to perform synchronisation. As a result, developers of advanced applications can control the GPU to develop games that run more efficiently.