Did Sears Suffer A Data Breach?

Sears Holdings Corp acknowledged it has launched an investigation to determine whether it was the victim of a security breach, following Target Corp’s revelation at the end of last year that it had suffered an unprecedented cyber attack.

“There have been rumors and reports throughout the retail industry of security incidents at various retailers and we are actively reviewing our systems to determine if we have been a victim of a breach,” Sears spokesman Howard Riefs said in a statement on Friday.

“We have found no information based on our review of our systems to date indicating a breach,” he added.

He did not say when the operator of Sears department stores and Kmart discount stores had begun the investigation or provide other information about the probe.

Sears Holdings Corp operates nearly 2,500 retail stores in the United States and Canada.

Bloomberg News reported on Friday that the U.S. Secret Service was investigating a possible secret breach at Sears, citing a person familiar with the investigation. The report did not identify that source by name.

The Bloomberg report said that its source did not disclose details about the scope or timing of the suspected breach.

A spokesman for the U.S. Secret Service declined comment when Reuters asked if the agency was investigating a possible breach at Sears.

The Secret Service is leading the U.S. government’s investigation into last year’s attack on Target, which the company has said led to the theft of some 40 million payment card numbers as well as another 70 million pieces of personal data.

Source

Marvell’s Future Brightens

Marvell reported a more-than-expected 112 percent rise in profit, helped by strong demand from storage and networking companies, and said it expected its mobile business to pick up in the current quarter.

Marvell forecast first-quarter revenue between $870 and $910 million, which is above what the cocaine nose jobs of Wall Street predicted. Chief Executive Sehat Sutardja said that in his company’s first quarter, he was expecting some revenue and unit growth for our 4G LTE mobile platform from multiple customers. Marvell said results were not so hot in the mobile business in the fourth quarter as some customers delayed product launches.

The company, which also makes communications and processor products used in mobile phones, said net income doubled to $106.6 million, or 21 cents per share, in the quarter ended February 1 from $50.2 million, or 9 cents per share, a year earlier.
Revenue rose to $931.7 million, beating analysts’ estimate of $901.1 million.

Marvell’s biggest customer is Western Digital which reported better-than-expected quarterly results in January, citing strength in its gaming and notebook business.

Source

Intel Outs New Xeon Chipset

Intel has released details about its new Xeon E7 v2 chipset. The Xeon processor E7 8800/4800/2800 v2 product family is designed to support up to 32-socket servers with configurations of up to 15 processing cores and up to 1.5 terabytes of memory per socket.

The chip is designed for the big data end of the Internet of Things movement, which the processor maker projected will grow to consist of at least 30 billion devices by 2020. Beyond two times better performance power, Intel is promising a few other upgrades with the next generation of this data-focused chipset, including triple the memory capacity, four times the I/O bandwidth and the potential to reduce total cost of ownership by up to 80 percent.

The 15-core variants with the largest thermal envelope (155W) run at 2.8GHz with 37.5MB of cache and 8 GT/s QuickPath connectivity. The lowest-power models in the list have 105W TDPs and run at 2.3GHz with 24MB of cache and 7.2 GT/s of QuickPath bandwidth. There was also talk of 40W, 1.4GHz models at ISSCC but they have not been announced yet.

Intel has signed on nearly two dozen hardware partners to support the platform, including Asus, Cisco, Dell, EMC, and Lenovo. On the software end, Microsoft, SAP, Teradata, Splunk, and Pivotal also already support the new Xeon family. IBM and Oracle are among the few that support Xeon E7 v2 on both sides of the spectrum.

Source

SEC Plans Cybersecurity Meeting

The Securities and Exchange Commission said that its making plans to conduct a roundtable next month to discuss cybersecurity, after massive retailer breaches refocused the attention of the business community and policymakers on the area.

The SEC said that it would hold the event on March 26 to talk about the challenges cyber threats pose for market participants and public companies.

Recent breaches at Target Corp and Neiman Marcus have sparked concern from lawmakers and revived a long-running spat among retailers and banks over who should bear the cost of consumer losses and technology investments to improve security.

Last Thursday, trade groups for the two industries announced they are forming a partnership to work through the disputes.

U.S. lawmakers have also considered weighing in on how consumers should be notified of data theft. But progress on legislation is not guaranteed in a busy election year.

The SEC in 2011 drafted informal staff-level guidance for public companies to use when considering whether to disclose cyber attacks and their impact on a company’s financial condition.

SEC Chair Mary Jo White last year told Congress that her agency was reviewing whether a more robust disclosure process is needed. But she told reporters last fall she felt the guidance appeared to be working well and that she didn’t see an immediate need to create a rule that mandates public reporting on cyber attacks.

Source

Ubuntu Cross-Platform Delayed

Ubuntu will not offer cross-platform apps as soon as it had hoped.

Canonical had raised hopes that its plan for Ubuntu to span PCs and mobile devices would be realised with the upcoming Ubuntu 14.04 release, providing a write-once, run-on-many template similar to that planned by Google for its Chrome OS and Android app convergence.

This is already possible on paper and the infrastructure is in place on smartphone and tablet versions of Ubuntu through its new Unity 8 user interface.

However, Canonical has decided to postpone the rollout of Unity 8 for desktop machines, citing security concerns, and it will now not appear along with the Mir display server this coming autumn.

This will apply only to apps in the Ubuntu store, and in the true spirit of open source, anyone choosing to step outside that ecosystem will be able to test the converged Ubuntu before then.

Ubuntu community manager Jono Bacon told Ars Technica, “We don’t plan on shipping apps in the new converged store on the desktop until Unity 8 and Mir lands.

“The reason is that we use app insulation to (a) run apps securely and (b) not require manual reviews (so we can speed up the time to get apps in the store). With our plan to move to Mir, our app insulation doesn’t currently insulate against X apps sniffing events in other X apps. As such, while Ubuntu SDK apps in click packages will run on today’s Unity 7 desktop, we don’t want to make them readily available to users until we ship Mir and have this final security consideration in place.

“Now, if a core-dev or motu wants to manually review an Ubuntu SDK app and ship it in the normal main/universe archives, the security concern is then taken care of with a manual review, but we are not recommending this workflow due to the strain of manual reviews.”

As well as the aforementioned security issues, there are still concerns that cross-platform apps don’t look quite as good on the desktop as native desktop versions and the intervening six months will be used to polish the user experience.

Getting the holistic experience right is essential for Ubuntu in order to attract OEMs to the converged operating system. Attempts to crowdfund its own Ubuntu handset fell short of its ambitious $20m target, despite raising $10.2 million, the single largest crowdfunding total to date.

Source

Did The British Go After Anonymous?

Did a British Spy agency linked to GCHQ attacked hacktivists of the Anonymous and Lulzsec collectives, according to leaked US National Security Agency (NSA) documents?

NBC published documents obtained by NSA whistleblower Edward Snowden showing that the group codenamed the Joint Threat Research Intelligence Group (JTRIG) proactively attempted to shut down and spread misinformation throughout the Anonymous collective.

The leaked document allege that the unit attempted to phish Anonymous members and launched attacks designed to disrupt and infiltrate its networks as part of an operation called Rolling Thunder.

The documents show the spies mounted a sophisticated espionage campaign that enabled intelligence officers to phish a number of Anonymous members to extract key bits of information.

The documents include conversations between intelligence officers and Anonymous members G-Zero, Topiary and pOke in 2011.

One log shows that a GCHQ spy duped the hacker pOke into clicking on a malicious link dressed up to look like a news article about Anonymous. The link used an unspecified method to extract data from the virtual private network (VPN) being used by pOke.

The documents allege pOke was not arrested, but that the information acquired during the phishing attack was used in the arrest of Jake Davis, who was known as Topiary, in July 2011.

Davis’ arrest was taken as a key victory for law enforcement. British citizen Davis was believed to have acted as a spokesman for many Anonymous cells and is credited as having written several of its statements.

A GCHQ spokesman declined The INQUIRER’s request for comment on NBC’s report, but reiterated the agency’s previous insistence that all of its operations are carried out within the letter of the law.

“It is a longstanding policy that we do not comment on intelligence matters. Furthermore, all of GCHQ’s work is carried out in accordance with a strict legal and policy framework,” read the statement.

Experts in the security community have questioned the GCHQ’s argument. Corero Network Security COO Andrew Miller said that the secret unit’s use of blackhat tactics was at the very least morally questionable.

“We have to remember that cyber-spooks within GCHQ are equally if not more skilled than many black hat hackers, and the tools and techniques they are going to use to fight cybercrime are surely going to be similar to that of the bad guys,” he said.

“Legally, we enter a very grey area here, where members of Lulzsec were arrested and incarcerated for carrying out DDoS attacks, but it seems that JTRIG are taking the same approach with impunity.”

The campaign against Anonymous is one of many revelations from the leaked Snowden files.

The files initially were leaked to the press in 2013 and detailed several intelligence operations carried out by the UK GCHQ and US NSA. Documents emerged in January alleging that GCHQ and NSA used mobile apps such as Angry Birds to spy on citizens.

Source

LibreOffice Going After MS Office

Libreoffice 4.2 is out and is a major upgrade release.

The popular alternative to Microsoft Office has been retooled to increase compatibility with that expensive proprietary productivity applications suite, including compatibility with Visio and Publisher files.

In addition to a much improved formula process for its spreadsheet application, Libreoffice 4.2 also includes a new startup screen and improved round trip compatibility for newer formats such as .docx.

Java accessibility features are being phased out in favour of the IBM IAccessibility2 package, which will supercede the Java version in future editions.

iOS users can take advantage of the Impress Remote Control feature that allows users to control presentations from their smartphones. This feature has been available on Android for some time but now Apple fans can use it too.

Libreoffice claims that this is the biggest recoding of its office suite yet and says that it now offers better integration with Windows 7 and Windows 8, with documents grouped on the taskbar and quickview thumbnails.

The news comes after UK cabinet minister Francis Maude recently announced that Parliament will move towards using open source software for its documents, and said that interoperability improvements such as those Libreoffice has introduced will be key to ensuring that all areas of government communicate a lot more effectively than they do right now.

Libreoffice has also made contributing to continued development of the open source office suite even easier with a new code submission and review portal known as Gerrit.

Source

Can Android Fight Cyber Threats With A.I.?

A security firm called Zimperium has launched mobile software that learns from smartphones to fend off malicious cyber attacks.

Claiming to be the first security software to be powered by artificial intelligence (AI), the app is called zIPS, with the “IPS” standing for “intrusion prevention system”. The aim of the AI is to better spot malware before it causes harm or spreads to other devices.

The zIPS software works whether the smartphone is offline or online and can protect against malicious apps, such as those that can self-modify, and network attacks like a “man in the middle” attack where a hacker intercepts data being sent between one user and another.

“With zIPS, corporations will now have the opportunity to use [bring your own device] as an advantage to their security. zIPS is the first security solution that can combat modern cyber-attacks on mobile,” said Zimperium’s founder and CEO Zuk Avraham. “There is already evidence of attacks that are happening to infiltrate organisations, which only zIPS can prevent.”

Prior to working on the Android app, Avraham worked as a security researcher for the Israeli Defense Forces and Samsung electronics before setting up Zimperium in response to what he thinks is a poor selection of good mobile security software.

According to MIT Technology Review, Zimperium said that there have as yet been no programs that can detect, notify and protect against cyber attacks deployed through mobile devices.

The zIPS Android app has arrived in the Google Play store for all Android devices at a time when malware on Android is at an all time high.

Last year, Trend Micro warned that Google’s Android mobile operating system is so beset by cyber criminals creating malicious apps that the malware was on track to hit the million mark before the end of 2013.

The firm said that this was attributable to hackers seeking to exploit Android’s growing global user base.

Source

ZTE Attempts To Double Marketshare

China’s ZTE Corp, the world’s seventh-largest smartphone maker, wants to nearly double its U.S. market share in the next three years by increasing spending on marketing.

ZTE, which trails nearby rival Huawei Technologies Co Ltd in selling both smartphones and telecoms equipment, wants more share of the fat profit margins promised by sales of high-end phones in the United States.

But the company needs to first work on its image. Its mainstay telecom equipment business was essentially shut out of the U.S. and other markets after government officials flagged security concerns about Chinese-made equipment.

ZTE targets a U.S. market share of 10 percent by 2017 from 6 percent in 2013, Lv Qianhao, global marketing director of mobile devices, told Reuters at a company event on Thursday.

That would place it a distant third behind Apple Inc with 41 percent and Samsung Electronics Co Ltd with 26 percent, according to September-November data from researcher comScore.

To that end, ZTE will increase its U.S. marketing budget by at least 120 percent this year from last, Lv said without elaborating. Like other Chinese handset makers, ZTE is grappling with low brand awareness in the world’s second-largest smartphone market and perceptions of inferior quality.

Samsung Electronics, which earns around two-thirds of its operating profit from its mobile division, spent $597 million on marketing in the United States in 2012, according to researcher AdAge.

Last year, ZTE signed a deal with the Houston Rockets basketball team and released a Rockets-branded phone.

“We want young U.S. consumers to participate in our marketing activities, so we will have more NBA (National Basketball Association) stores and channels that sell our products,” Lv said.

Globally, ZTE aims to ship around 60 million smartphones this year compared with about 40 million smartphones last year, said Senior Vice President Zhang Renjun.

The company sees much of that growth in developed markets – including Russia and China- which accounted for 68 percent of mobile device revenue last year compared with 35 percent in 2007, said Lv.

ZTE’s mobile device business sells feature phones as well as smartphones. It was the fifth-biggest mobile phone vendor in July-September, according to researcher Gartner, though it fell out of the top five smartphone sellers list in the same period.

ZTE expects to have swung to a profit for last year having booked its first-ever loss as a public company in 2012.

It based its turnaround on cutting costs, signing fewer low-margin contracts, and winning contracts to build fourth generation telecommunication networks.

The company expects global investment in 4G to reach $100 billion this year, Zhang said.

Source

Was Dropbox Really Hacked?

Dropbox suffered a major outage over the weekend.

In one of the more bizarre recent incidents, after the service went down on Friday evening a group of hackers claimed to have infiltrated the service and compromised its servers.

However, on the Dropbox blog, Dropbox VP of engineering Ardita Ardwarl told users that hackers were not to blame.

Ardwari said, “On Friday evening we began a routine server upgrade. Unfortunately, a bug installed this upgrade on several active servers, which brought down the entire service. Your files were always safe, and despite some reports, no hacking or DDOS attack was involved.”

The fault occurred when a bug in an upgrade script caused an operating system upgrade to be triggered on several live machines, rendering them inoperative. Although the fault was rectified in three hours, the knock-on effects led to problems that lasted through the weekend for some users.

Dropbox has assured users that there are no further problems and that all users should now be back online. It said that at no point were files in danger, adding that the affected machines didn’t host any user data. In other words, the “hackers” weren’t hackers at all, but attention seeking trolls.

Dropbox claims to have over 200 million users, many of which it has acquired through strategic partnerships with device manufacturers offering free storage with purchases.

Source

The company is looking forward to an initial public offering (IPO) on the stock market, so the timing of such a major outage could not be worse. Dropbox, which includes Bono and The Edge from U2 amongst its investors, has recently enhanced its business offering to appeal to enterprise clients, and such a loss of uptime could affect its ability to attract customers.

« Previous Page — Next Page »