Sign up for our Technology Newsletter 
PayPal Extend Bug Bounty
PayPal is expanding its bug bounty program to individuals aged 14 and older, a move intended to reward younger researchers who are technically ineligible to hold full-fledged PayPal accounts.
PayPal’s program, which is a year old this month, only applied to those 18 years and older. Under the old rule, participants in the program were required to hold valid accounts, which excluded minors, said Gus Anagnos, PayPal’s director of information security.
In May, 17-year-old Robert Kugler, a student in Germany, said he’d been denied a reward for finding a vulnerability. PayPal said the bug had already been found by two other researchers, which would have made Kugler ineligible for bounty.
In an apparent miscommunication, Kugler said he was initially told he was too young rather than the bug had already been discovered. Nonetheless, PayPal said it would look to bring younger people into its program, which pays upwards of $10,000 for remote code execution bugs on its websites.
Those who are under 18 years old can receive a bug bounty payment through a PayPal student account, an arrangement where a minor can receive payments via their parent’s account, Anagnos said.
Anagnos said other terms and conditions have been modified to make its program more transparent, such as clarifying which PayPal subsidiaries and partner sites qualify for the program.
PayPal pays much less for vulnerabilities on partner websites, which have a URL form of “www.paypal-__.com.” A remote execution bug found on that kind of site garners only $1,500 rather than up to $10,000 on the company’s main sites.
Like other bug bounty programs run by companies such as Microsoft and Google, PayPal will publicly recognize researchers on its website with a “Wall of Fame” for the top 10 researchers in a quarter. Another “honorable mention” page lists anyone who submitted a valid bug for the quarter.
Eusebiu Blindu, a testing consultant from Romania, was one of the researchers listed on the Wall of Fame for the first quarter of this year.
“I think Paypal is the best bug bounty program, and I am glad I participated in it from the first days of its launching,” he wrote on his blog.
The DoD May Share Airwaves
August 6, 2013 by admin
Filed under Around The Net
Comments Off on The DoD May Share Airwaves
The U.S. Defense Department is proposing to share some of its radio airwaves with private industry, a nod to growing pressure from the wireless industry and the Obama administration that federal agencies ease their control of valuable spectrum.
In a letter released by the Federal Communications Commission on Tuesday, the Department of Defense offers to share the airwaves it now dominates in the slice of frequencies from 1755 megahertz (MHz) to 1780 MHz with spectrum-hungry wireless and Internet companies.
The military would rearrange its systems within that slice of spectrum as well as the 2025-2110 MHz band and compress programs into the 1780-1850 MHz band that it would retain.
The Defense Department uses the airwaves for programs such as pilot training and drone systems and has faced criticism from some in the industry and in Congress for resisting efforts to open those airwaves for commercial use to satisfy growing demands posed by data-hungry gadgets and services.
The Pentagon had pointed to its own need for airwaves as its use of drones and other reliance on wireless technology grows. It also had estimated the process of moving its programs to new frequencies would cost more than $12 billion.
Under the new plan, the Defense Department drops the cost estimate to $3.5 billion by compromising on sharing slices of airwaves without completely clearing any of the spectrum bands.
In the letter, originally sent on July 17 to the National Telecommunications and Information Administration, which oversees federal airwaves, DOD Chief Information Officer Teresa Takai called the proposal “a workable balance to provide access to the 1755-1780 MHz band most desired by the commercial wireless industry while ensuring no loss of critical DoD capabilities.”
The NTIA, in its own letter to the FCC, said it had not had enough time to review the proposal and could not yet endorse it.
The FCC, with NTIA’s help, is preparing for several auctions of airwaves to take place in coming years, including one that would sell off chunks of federally controlled spectrum. They will be the first reshuffling of airwave ownership since 2008.
Congress has required the FCC to auction off the 2155-2180 MHz band by February 2015 and the industry has sought to pair up that slice of spectrum with the valuable 1755-1780 MHz band, arguing it would collect more money. Lawmakers in the House of Representatives have introduced a bill to ensure such pairing.
The FCC has been drafting a notice of proposed rulemaking that would seek public comments on how the FCC should auction those federally owned or already cleared airwaves to the wireless companies and an FCC official said the agency’s notice will address the Pentagon’s new proposal.
President Barack Obama last month directed federal agencies to look for ways eventually to give up or share more of their airwaves with the private sector. This followed his June 2010 call to open up 500 MHz of federal spectrum for commercial use.
Collaborating Viruses Showing Up
Two computer viruses are collaborating to defeat clean-up operations. Microsoft researcher Hyun Choi has found that the pair of viruses foil removal by regularly downloading updated versions of their malware partner.
It is the first time that such a defense plan has been noticed before. Choi said that the Vobfus and Beebone viruses, were regularly found together. Vobfus was the first to arrive on a machine, he said, and used different tactics to infect victims. Vobfus could be installed via booby-trapped links on websites, travel via network links to other machines or lurk on USB drives and infect machines they are plugged into.
Once installed, Vobfus downloaded Beebone which enrolled the machine into a botnet. After this the two start to work together to regularly download new versions of each other. If Vobfus was detected and remediated, it could have downloaded an undetected Beebone which can in turn download an undetected variant of Vobfus.
Vobfus become a persistent problem since 2009 when it first appeared.
Yahoo Still Playing Pac-Man
July 16, 2013 by admin
Filed under Around The Net
Comments Off on Yahoo Still Playing Pac-Man
Yahoo announced on Wednesday that it bought Qwiki for an undisclosed sum, as the firm’s spending spree continues.
Qwiki started out as a video focused search engine in 2011, before making its way into the iTunes Store as an app that turns images and videos into digital story boards.
Yahoo announced its acquisition of Qwiki on Wednesday, although it kept quiet about what it plans to do with the company and how much it spent. However, according to Allthingsd, Yahoo spent approximately $50m to further expand its digital offerings.
What’s more, while it’s unclear what Yahoo’s plans are at present, it’s likely that the firm is looking to challenge Vine and Instagram in the social video market.
Yahoo announced the news, naturally, on Tumblr. It said, “We’re excited to announce that Yahoo acquired Qwiki – a company that uses awesome technology to bring together pictures, music and video to capture the art of storytelling.
“We will continue to support the Qwiki app, and the team will join Yahoo in our New York city office to reimagine Yahoo’s storytelling experience. Stay tuned … there’s much more to come!”
Qwiki also had something to say, posting on its website, “Thank you for being a part of our story – one which is far from over. The Qwiki app will live on as a standalone entity inside Yahoo, where we will grow our thriving community and where our team will continue to work to help you share life’s best experiences.
“We are proud of the work we’ve done, and humbled by unwavering support from the NY tech community. New York is such a big part of who we are, and what we will become.”
Yahoo’s buyout of Qwiki is the latest in a series of acquisitions by the firm. Recently the firm announced that it bought Tumblr for a cool $1.1bn, with Yahoo CEO Marissa Mayer promising “not to screw it up”.
Malware Infections On Android Rising
July 8, 2013 by admin
Filed under Around The Net
Comments Off on Malware Infections On Android Rising
An increasing number of Android phones are infected with mobile malware programs that are capable of turning the handsets into spying devices, according to a report from Kindsight Security Labs, a subsidiary of telecommunications equipment vendor Alcatel-Lucent.
The vast majority of mobile devices infected with malware are running the Android operating system and a third of the top 20 malware threats for Android by infection rate fall into the spyware category, Kindsight said in a report released Tuesday that covers the second quarter of 2013.
The Alcatel-Lucent subsidiary sells security appliances to ISPs (Internet service providers) and mobile network operators that can identify known malware threats and infected devices by analyzing the network traffic.
Data collected from its product deployments allows the company to compile statistics about how many devices connected to mobile or broadband networks are infected with malware and determine what are the most commonly detected threats.
The malware infection rate for devices connected to mobile networks is fairly low, averaging at 0.52%, Kindsight said in its report. These infected devices include mobile phones as well as Windows laptops that use a mobile connection through a phone, a 3G USB modem or a mobile hotspot device.
In January the number of infected mobile phones accounted for slightly more than 30% of all infected devices connected to mobile networks, but by June they grew to more than 50%.
The vast majority of infected mobile phones run Android. Those running BlackBerry, iOS and other operating systems represent less than 1% of infected mobile devices, Kindsight said.
When calculated separately, on average more than 1% of Android devices on mobile networks are infected with malware, Kindsight said in its report.
The malware threat most commonly seen on Android devices was an adware Trojan program called Uapush.A that sends SMS messages and steals information, Kindsight said. Uapush.A was responsible for around 53% of the total number of infections detected on Android devices.
Will Arm/Atom CPUs Replace Xeon/Opteron?
Comments Off on Will Arm/Atom CPUs Replace Xeon/Opteron?
Analyst are saying that smartphone chips could one day replace the Xeon and Opteron processors used in most of the world’s top supercomputers. In a paper in a paper titled “Are mobile processors ready for HPC?” researchers at the Barcelona Supercomputing Center wrote that less expensive chips bumping out faster but higher-priced processors in high-performance systems.
In 1993, the list of the world’s fastest supercomputers, known as the Top500, was dominated by systems based on vector processors. They were nudged out by less expensive RISC processors. RISC chips were eventually replaced by cheaper commodity processors like Intel’s Xeon and AMD Opteron and now mobile chips are likely to take over.
The transitions had a common thread, the researchers wrote: Microprocessors killed the vector supercomputers because they were “significantly cheaper and greener,” the report said. At the moment low-power chips based on designs ARM fit the bill, but Intel is likely to catch up so it is not likely to mean the death of x86.
The report compared Samsung’s 1.7GHz dual-core Exynos 5250, Nvidia’s 1.3GHz quad-core Tegra 3 and Intel’s 2.4GHz quad-core Core i7-2760QM – which is a desktop chip, rather than a server chip. The researchers said they found that ARM processors were more power-efficient on single-core performance than the Intel processor, and that ARM chips can scale effectively in HPC environments. On a multi-core basis, the ARM chips were as efficient as Intel x86 chips at the same clock frequency, but Intel was more efficient at the highest performance level, the researchers said.
Court Sides With Aereo
April 10, 2013 by admin
Filed under Consumer Electronics
Comments Off on Court Sides With Aereo
Streaming television service Aereo does not infringe the copyrights of over-the-air TV stations, and a request from several stations to shutter the New York-based service isn’t warranted, an appeals court has ruled.
The U.S. District Court for the Southern District of New York was right to deny a request for a preliminary injunction from Fox, ABC, WNET and other TV stations, the U.S. Court of Appeals for the Second Circuit ruled Monday.
The TV stations had argued Aereo, a service that allows subscribers to record and play over-the-air TV programs on Internet-connected devices, violated their so-called public performance right, their exclusive right in U.S. copyright law to “to perform the copyrighted work publicly.”
But Judge Christopher Droney, writing for the appeals court majority, noted that Aereo makes use of technology already found by courts to be legal. The service combines Aereo-designed mini TV antennas, DVRs, and a Slingbox-like streaming service, he noted.
Aereo users, by making personal copies of TV programs for their own use, were not creating public performances, Droney added.
The TV stations “have not demonstrated that they are likely to prevail on the merits on this claim in their copyright infringement action,” Droney wrote in rejecting the request for an injunction against the service. “Nor have they demonstrated serious questions as to the merits and a balance of hardships that tips decidedly in their favor.”
Aereo praised the decision. The decision “again validates that Aereo’s technology falls squarely within the law, and that’s a great thing for consumers who want more choice and flexibility in how, when and where they can watch television,” Chet Kanojia, Aereo’s CEO and founder, said in a statement.
Lawyers for the TV stations weren’t immediately available for comment.
Digital rights group Public Knowledge cheered the ruling, saying it is a “victory for consumer choice and video innovation.”
LinkedIn DropS BWP API
February 18, 2013 by admin
Filed under Around The Net
Comments Off on LinkedIn DropS BWP API
LinkedIn has shut off its API access to “Bang With Professionals,” a Web service that was intended to facilitate more, say, intimate connections among users of the business-oriented social networking site.
The service was designed to allow LinkedIn users to anonymously search for people in their LinkedIn network who would be interested in meeting up for casual sex.
“We all had a good laugh,” the founders of Bang With Professionals said on last Friday on the website, less than a month after its launch. “We all knew it was a matter of time before our API key was revoked.”
LinkedIn said it shut off API (application programming interface) access for the free site, which was intended to work on all desktops and mobile devices, because it violated the social network’s terms of use in a manner that was “inconsistent with the goals of our developer program.”
Among other things, API access isn’t allowed for any application that contains or displays adult content.
Data about the site’s 6,000 subscribers is safe and all their user IDs have been deleted, the founders said. The only thing that remains now is the site’slanding page.
The origins of Bang With Professionals are not unique in the fast-paced social networking landscape. The site was built “by two guys in three days,” the landing page says. The total launch cost was US$57: $40 for stock images, $12 for the domain name and $5 for an account on the server CloudFlare.
The Twitter handle for the site has since been deactivated, but at press time, the Bang With Professionals blog on Tumblr was still accessible.
Raspberry Pi Gets A Store
Raspberry Pi Foundation has opened a store to enable users to easily download applications that run on the credit-card sized computer.
The Raspberry Pi Foundation said it partnered with Indiecity and Velocix to create a store for applications that run on the Raspberry Pi computer. The Foundation said that the store itself is an application that runs under its Raspbian Linux distribution and at launch has 23 applications available for download.
The Raspberry Pi Store contains games such as Freeciv alongside applications such as Libreoffice and Asterisk. The Raspberry Pi Foundation said its store accepts compiled binaries, Python code, images, audio and video.
The Raspberry Pi Store will allow developers to charge for applications, with the Foundation saying that it hopes to see a mix of hobbyist and commercial software. The Foundation also asked users that download applications to review them in order to improve the results put out by its recommendations system.
While the Raspberry Pi was initially intended to help teach people how to program, the device has gained wider popularity due to the fact that its hardware can run many typical PC desktop applications. The Foundation’s Raspberry Pi Store will make it easier for users to find and install applications on the device, which can only be a good thing for the Raspberry Pi Foundation and Linux adoption.
Do Supercomputers Lead To Downtime?
As supercomputers grow more powerful, they’ll also become more susceptible to failure, thanks to the increased amount of built-in componentry. A few researchers at the recent SC12 conference, held last week in Salt Lake City, offered possible solutions to this growing problem.
Today’s high-performance computing (HPC) systems can have 100,000 nodes or more — with each node built from multiple components of memory, processors, buses and other circuitry. Statistically speaking, all these components will fail at some point, and they halt operations when they do so, said David Fiala, a Ph.D student at the North Carolina State University, during a talk at SC12.
The problem is not a new one, of course. When Lawrence Livermore National Laboratory’s 600-node ASCI (Accelerated Strategic Computing Initiative) White supercomputer went online in 2001, it had a mean time between failures (MTBF) of only five hours, thanks in part to component failures. Later tuning efforts had improved ASCI White’s MTBF to 55 hours, Fiala said.
But as the number of supercomputer nodes grows, so will the problem. “Something has to be done about this. It will get worse as we move to exascale,” Fiala said, referring to how supercomputers of the next decade are expected to have 10 times the computational power that today’s models do.
Today’s techniques for dealing with system failure may not scale very well, Fiala said. He cited checkpointing, in which a running program is temporarily halted and its state is saved to disk. Should the program then crash, the system is able to restart the job from the last checkpoint.
The problem with checkpointing, according to Fiala, is that as the number of nodes grows, the amount of system overhead needed to do checkpointing grows as well — and grows at an exponential rate. On a 100,000-node supercomputer, for example, only about 35 percent of the activity will be involved in conducting work. The rest will be taken up by checkpointing and — should a system fail — recovery operations, Fiala estimated.
Because of all the additional hardware needed for exascale systems, which could be built from a million or more components, system reliability will have to be improved by 100 times in order to keep to the same MTBF that today’s supercomputers enjoy, Fiala said.
Fiala presented technology that he and fellow researchers developed that may help improve reliability. The technology addresses the problem of silent data corruption, when systems make undetected errors writing data to disk.