Is Windows ‘Threshold’ Enroute?

Microsoft will unveil a preview of “Threshold,” the current code name for Windows 8′s successor, as soon as next month, according to an online report on Monday.

ZDNet’s Mary Jo Foley, citing unnamed sources, said that Microsoft will deliver a “technical preview” of Threshold late in September or early in October. Previously, Foley had reported that Microsoft would offer a preview of some kind this fall.

Threshold may be officially named “Windows 9″ by Microsoft — the company has said nothing about either the code name or labeled the next iteration of its desktop and tablet OS — although there are arguments for dumping a numerical title because of the possible association with Windows 8, which has widely been pegged as a failure.

“Technical Preview” is a moniker that Microsoft has used in the past for its Office suite. For both Office 2013 and Office 2010, Microsoft used the term to describe an invitation-only sneak peek. Both application suites were later released as public betas prior to their official launch.

Windows, however, has used a different nomenclature. For 2012′s Windows 8, Microsoft called the early looks ”Developer Preview,””Consumer Preview” and “Release Preview,” all open to everyone. The first was analogous to an alpha, the second to a beta, and the third to a done-but-not-approved release candidate.

Windows 7, however, had used the more traditional “Beta” to describe the first public preview in early 2009. The previous fall, when Microsoft unveiled Windows 7, the firm had seeded an invite-only “pre-alpha” version, also dubbed a Developer Preview, of the OS to programmers and some influential bloggers.

Within hours, the Windows 7 Developer Preview leaked to file-sharing websites. Microsoft may have changed its practices for Windows 8, letting anyone download the first preview, because of the inevitably of leaks.

In an update to her blog of earlier today, Foley added that the “Technical Preview” nameplate notwithstanding, Microsoft would allow anyone to download Threshold/Windows 9 when it becomes available in the next few weeks.

If Microsoft does ship a preview soon and sets its sights on a second-quarter 2015 final release, it will have significantly accelerated the tempo from past practice. With Windows 7 and Windows 8, Microsoft offered its first previews 12 and 13 months, respectively, and the public beta 8 or 9 months, before launching the operating system.

Eight or nine months from September would be May or June 2015; that, however, assumes that the Technical Preview is of beta quality. The name itself hints at something less.

Microsoft appears eager to put Windows 8 behind it. It has stopped beating the drum about the OS and recently announced that it would not issue any additional major updates. Instead, the firm said last week, it will include improvements or new features in small packets using the same Windows Update mechanism that regularly serves security patches.

Source

Apple Changes Policy In China

Apple Inc has started the processing of keeping the personal data of some Chinese users on servers in mainland China, marking the first time the tech giant is storing user data on Chinese soil.

The storage of user data in China represents a departure from the policies of some technology companies, notably Google Inc, which has long refused to build data centers in China due to censorship and privacy concerns.

Apple said the move was part of an effort to improve the speed and reliability of its iCloud service, which lets users store pictures, e-mail and other data. Positioning data centers as close to customers as possible means faster service.

The data will be kept on servers provided by China Telecom Corp Ltd, the country’s third-largest wireless carrier, Apple said in a statement.

“Apple takes user security and privacy very seriously,” it said. “We have added China Telecom to our list of data center providers to increase bandwidth and improve performance for our customers in mainland china. All data stored with our providers is encrypted. China Telecom does not have access to the content.”

A source with knowledge of the situation said the encryption keys for Apple’s data on China Telecom servers would be stored offshore and not made available to China Telecom.

Apple has said it has devised encryption systems for services such as iMessage that even Apple itself cannot unlock. But some experts expressed scepticism that Apple would be able to withhold user data in the event of a government request.

“If they’re making out that the data is protected and secure that’s a little disingenuous because if they want to operate a business here, that’d have to comply with demands from the authorities,” said Jeremy Goldkorn, director of Danwei.com, a research firm focused on Chinese media, internet and consumers.

“On the other hand if they don’t store Chinese user data on a Chinese server they’re basically risking a crackdown from the authorities.”

Goldkorn added that data stored in the United States is subject to similar U.S. regulations where the government can use court orders to demand private data.

A spokesman for China Telecom declined to comment.

Source

OpenSSL Gets Updated

OPENSSL, the web security layer at the center of the Heartbleed vulnerability, has been issued with a further nine critical patches.

While none are as serious as Heartbleed, patching is recommended for all users according to an advisory released today. The vulnerabilities stem from various security research teams around the web including Google, Logmein and Codenomicom, based on their reports during June and July of this year.

Among the more interesting fixes involves a flaw in the ClientHello message process. If a ClientHello message is badly fragmented, it is vulnerable to a man-in-the-middle attack which could be used to force the server to downgrade itself to the TLS 1.0 protocol, a fifteen year old and therefore pre-Heartbleed patch variant.

Other reports include memory leaks caused by denial of service attacks (DoS) and conversely, crashes caused by an attempt to free up the same portions of memory twice.

OpenSSL now has two full time coders as a result of investment by a consortium of Internet industry companies to form the Core Infrastructure Initiative, a not-for-profit group administered by the Linux Foundation. The Initiative was set up in the wake of Heartbleed, as the industry vowed to ensure such a large hole would never be left unplugged again.

While OpenSSL is used by a large number of encrypted sites, there are a number of forks of the project including LibreSSL and the recently launched Google BoringSSL.

Google recently announced that it would be lowering the page rankings of unencrypted pages in its search results as an added security measure.

Source

FCC Mandates Text-To-911

The U.S. Federal Communications Commission voted last week to require U.S. mobile carriers and many text-messaging apps to support functionality that allows texting emergency dispatch centers, even after questions about whether the centers will be ready by the deadline.

The commission’s vote requires U.S. mobile carriers and some texting apps to put emergency text-to-911 functionality in place by the end of the year.

Even though the nation’s four largest mobile carriers have all added text-to-911 functionality this year, less than 2 percent of the nation’s 6,800 emergency dispatch centers are ready to receive texts, said Commissioner Ajit Pai. The commission’s action will give smartphone users the impression they can send text to emergency responders, when many will not be able to, he said.

The FCC’s action “encourages the public to dive into text-to-911 functionality, when in reality, there’s hardly any water in the pool,” Pai said. “The order is sure to result in massive consumer confusion, and therefore will endanger, rather than advance, public safety.”

FCC Chairman Tom Wheeler applauded the largest mobile carriers — Verizon Wireless, AT&T, Sprint and T-Mobile USA — for adding text-to-911 functionality. The agency needs to push other carriers and emergency dispatch centers, called public-safety answering points or PSAPs, to do the same, he added.

“A lot of time of has passed since [the four largest] carriers stepped up and did something voluntarily, and the other carriers serving the consumers of America did not,” he said. “If you don’t step up to your responsibility, we will.”

Smartphone users should still call 911 if possible, but text-to-911 services need to be more widely available, Wheeler said.

The adoption of text-to-911 will let smartphone users contact police and other emergency responders when it’s not safe to talk on the phone, Wheeler said. It will also aid people with hearing or speech disabilities, he noted.

“Texting is now as important a function on a mobile device as talking,” Wheeler said. “Some of those text messages are cries for help.”

Source

OpenSuse Goes Rolling

OpenSuse, the free Linux distribution forked from Suse Linux Professional and the basis for Suse Linux Enterprise, is switching to a rolling release model.

The development change will see daily builds released to keep the distribution at the cutting edge of development.

Announced by the Opensuse Project on Wednesday, the rolling release model for the development version of Opensuse, which is called Factory, will shorten the stabilisation process for releases and eliminate the need for pre-release or “milestone” builds, the project said.

Opensuse board chairman Richard Brown said that the project team was hopeful that the move would lead to more users of the software and more contributors to the code, which would have a knock-on effect on quality.

“With a daily fresh Factory distribution making it easier for those who want to preview and test, we hope to see more users and contributors, leading to faster fixes and even higher quality. Factory is critical as it provides the base technology for Opensuse and Suse Linux Enterprise, which is used by tens of thousands of organisations around the world,” he said.

The new development model balances responsibility among packagers, testers and end users while putting more emphasis on automated quality assurance. As a result, Opensuse Factory is no longer just the development branch of Opensuse but becomes a reliable, always-ready working distribution, according to the project.

The move also means that Opensuse is following a similar development model to Fedora, the cutting-edge Linux distribution sponsored by Red Hat that Red Hat Enterprise Linux (RHEL) is based upon.

More information on Opensuse Factory can be found on the project’s online portal. However, at the time of writing this was still showing a notice warning that the Factory repository is not guaranteed to be fully stable, and advising users to download the current release build.

An Opensuse spokesperson told stated that this is because the Factory build is primarily for developers and those keen to see the latest developments, and is not recommended for production environments.

Source

Apple-IBM Alliance Downplayed

IBM Corp’s recent move to team up with Apple Inc to sell iPhones and iPads loaded with corporate applications has excited investors in both companies, but two rivals say they are unfazed for now.

Top executives at Dell and BlackBerry Ltd scoffed at the threat posed by the alliance, arguing the tie-up is unlikely to derail the efforts of their own companies to re-invent themselves.

“I do not think that we take the Apple-IBM tie-up terribly seriously. I think it just made a good press release,” John Swainson, who heads Dell’s global software business, said in an interview with Reuters in Toronto last week.

PC maker Dell and smartphone maker BlackBerry are in the midst of reshaping their companies around software and services, as the needs of their big corporate clients morph.

Swainson, who spent over two decades in senior roles at IBM, said, “I have some trouble understanding how IBM reps are going to really help Apple very much in terms of introducing devices into their accounts. I mean candidly, they weren’t very good at doing it when it was IBM-logoed products, so I do not get how introducing Apple-logoed stuff is going to be much better.”

While conceding that Apple products hold more allure, Swainson said they lack the depth of security features that many large business clients like banks covet.

IBM and Apple could not immediately be reached for comment.

BlackBerry Chief Executive John Chen similarly downplayed the threat of the alliance in an interview with the Financial Times, likening the tie-up to when “two elephants start dancing.”

Source

Is China Spying?

Security experts claim that a Chinese manufacturer has been installing malware in its hand-held scanners that steals supply chain data.

TrapX says infected scanners made by an unnamed Chinese manufacturer located in Shandong province have been sold to eight unnamed firms including a large robotics company. The manufacturer denied knowledge that its scanners and website-hosted software were infected.

Sixteen of the 48 scanners deployed at one firm were infected, TrapX found. They all successfully sought out and compromised host names containing the word finance and siphoning off the logistical and financial data. The report Anatomy of the Attack: Zombie Zero said:

“Exfiltration of all financial data and ERP data was achieved, providing the attacker complete situational awareness and visibility into the logistic/shipping company’s worldwide operations,”.

TrapX suspected the attacks dubbed Zombie Zero were backed by the Chinese government and were a bid to gain intelligence on either logistics firms or their customers.

Source

Microsoft Adds Anti-snooping Safeguards

Microsoft has added encryption safeguards to the Outlook.com webmail service and to the OneDrive cloud storage service, in part to better protect these consumer products from government surveillance.

“Our goal is to provide even greater protection for data across all the great Microsoft services you use and depend on every day. This effort also helps us reinforce that governments use appropriate legal processes, not technical brute force, if they want access to that data,” Matt Thomlinson, vice president, Trustworthy Computing Security, at Microsoft wrote in a blog post.

The move follows similar ones from other cloud computing providers. For example, Google announced end-to-end encryption for Gmail in April, including protection for email messages while they travel among Google data centers. It recently announced similar encryption for its Google Drive cloud storage service.

It’s not clear from Microsoft’s announcement whether the encryption protection it announced covers Outlook.com messages and OneDrive files as they travel within Microsoft data centers. It’s also not clear what, if any, encryption OneDrive and Outlook.com have had until now. Microsoft didn’t immediately respond to a request for comment.

Cloud computing providers like Microsoft, Google, Amazon and many others have been rattled by disclosures from former National Security Agency contractor Edward Snowden regarding government snooping into online communications, due to the effect on their consumer and business customers.

As a result, these companies have been busy boosting encryption on their systems, while also lobbying the U.S. government to stop the stealthy and widespread monitoring of Internet services.

Source

Brits Investigate Facebook

The British data watchdog is looking into whether Facebook Inc violated data-protection laws when it gave permission to researchers to conduct a psychological experiment on its users.

A Facebook spokesman acknowledged that the experiment on nearly 700,000 unwitting users in 2012 had upset users and said the company would change the way it handled research in future.

The study, to find if Facebook could alter the emotional state of users and prompt them to post either more positive or negative content, has caused a furor on social media, including Facebook itself.

“We’re aware of this issue and will be speaking to Facebook, as well as liaising with the Irish data protection authority, to learn more about the circumstances,” the Information Commissioner’s Office (ICO) spokesman Greg Jones said in an email.

Jones said it was too early to tell exactly what part of the law Facebook may have infringed. The company’s European headquarters is in Ireland.

The Commissioner’s Office monitors how personal data is used and has the power to force organizations to change their policies and can levy fines of up to 500,000 pounds ($839,500).

Facebook said it would work with regulators and was changing the way it handled such cases.

“It’s clear that people were upset by this study and we take responsibility for it,” Facebook spokesman Matt Steinfeld said in an email.

“The study was done with appropriate protections for people’s information and we are happy to answer any questions regulators may have.”

Source

Salesforce Goes Healthcare

Salesforce Inc, one of the first cloud-computing companies, is turning its focus towards healthcare with new software and services aimed at the largest hospitals.

Salesforce has announced a strategic alliance with Amsterdam-based medical technology company Philips, which it envisions as the first of many partnerships. These companies will announce two new medical applications later in the summer, called Philips eCareCoordinator and Philips eCare Companion.

The software is designed to improve health and cut costs. The apps are intended to be used by physicians to monitor chronically ill patients between doctor visits.

Salesforce said the goal is to make it easier for hospitals to collect and analyze data from medical devices, which patients with chronic conditions often use at home.

“In the United States, care providers are facing increasing demands and decreasing reimbursement,” said Michael Peachey, a senior director of solutions and product marketing at Salesforce.

“We want to improve efficiency for physicians by transmitting patient data in real time.”

Peachey said the Salesforce software meets security and privacy rules under the Health Insurance Portability and Accountability Act, known as HIPAA.

In the short term, Peachey said Salesforce intends to develop additional apps with other partners to help doctors and nurses monitor patients from the comfort of their homes.

“It’s an open platform,” he said.

Source

« Previous Page — Next Page »