Is Blackberry Going Android?

BlackBerry Ltd , which has been tight-lipped about its plans to make a mainstream Android smartphone, fueled more speculation about its plans this week when it scooped up two Android-related domain names.

Several blog posts in the last two days have noted that the Canadian handset maker bought the domain names “AndroidSecured.com” and “AndroidSecured.net” this week. That spurred more chatter that it intends to build a device powered by Google Inc’s  Android platform, which powers the vast majority of smartphones sold across the globe.

The purchase of the domain names is particularly interesting since BlackBerry Chief Executive John Chen has declined to confirm a June Reuters report that said the company was planning an Android phone.

Speculation that BlackBerry will embrace Android was also spurred this week by a Digitimes report that said the company plans to roll out several models of Android-based phones.

In the past three weeks, however, Chen has said at least twice that he would only build an Android phone if he can “secure Android”.

BlackBerry downplayed the significance of its domain name purchases in an email on Friday, saying: “BlackBerry frequently registers domain names to support the breadth of our cross-platform portfolio. Android is an important part of our cross-platform enterprise software strategy.”

Indeed, one of the domains, “AndroidSecured.com”, currently redirects users to a BlackBerry enterprise-focused site.

But that has not stopped a barrage of chatter on tech blogs about the purchases being part of BlackBerry’s plan to build its own secure Android, going beyond supporting existing Android phones on its BES12 device-management system. BES12 allows corporate and government clients to secure Android-, iOS-, Windows- and BlackBerry-powered devices on their networks.

Under the leadership of Chen, the Waterloo, Ontario-based company has been pivoting toward software and device management as its recent devices, powered by its BlackBerry 10 software, have failed to win mass appeal. Analysts and tech gurus believe a move to Android could give BlackBerry’s device arm a new lease on life.

Source

Is Mastercard Going With Selfies?

Mastercard has announced plans to roll out a verification technology that requires a selfie to process payments. The industry’s latest move in the shameless act of narcissism is a biometric face scanning technology that will let customers replace their PINs with their face, according to MasterCard chief product security officer, Ajay Bhalla. Bhalla told CNN Money that the multinational financial services corporation has teamed up with all the major phone manufacturers to deliver the technology. “The new generation, which is into selfies, I think they’ll find it cool. They’ll embrace it. This [app] seamlessly integrates biometrics into the overall payment experience,” he said. “You can choose to use your fingerprint or your face. You tap it, the transaction is OK’ed and you’re done.” The selfie payment feature will roll out on a trial basis first in the US, with a full scale deployment to follow at an unspecified date. The system requires users to blink when prompted once they have held their device at eye-level for the checkout process to complete. This ensures that potential cyber crooks cannot use a still image of the user to hack into their personal account. MasterCard announced last month that all retail outlets across Europe will accept contactless payments by 2020, paving the way for wider adoption of mobile payment solutions. Mike Cowan, head of emerging payments products at MasterCard, revealed at the company’s Future of Payments event in London that Europeans will soon be able to tap to pay anywhere. “From the beginning of 2016 any new payment terminal that gets deployed must accept contactless, and every single terminal must accept it by 2020,” he said. This means that new point of sale terminals must adhere to the new standard on deployment from 1 January 2016, while existing terminals that don’t yet support contactless payments must be replaced by 1 January 2020 at the latest. Source

Cisco Warns Of Bug In Virtual App

Cisco has warned of a default Secure Shell vulnerability in three of its virtual applications.

The flaw could allow attackers to decrypt traffic exchanged in the services, and has been detailed in a Cisco security advisory.

It affects Cisco’s Web Security Virtual Appliance (SMAv), Email Security Virtual Appliance and Security Management Virtual Appliance, which are already commercially available.

Cisco said that it “is not aware of any public announcements or malicious use of the vulnerabilities”, but warned that attackers who got hold of the private keys could decrypt communications with a man-in-the-middle attack.

The default private encryption keys were preinstalled on all three of the products, a move which is considered bad security practice.

“Successfully exploiting this vulnerability on Cisco SMAv allows an attacker to decrypt communication toward SMAv, impersonate SMAv, and send altered data to a configured content appliance,” the advisory said.

“An attacker can exploit this vulnerability on a communication link toward any content security appliance that was ever managed by any SMAv.”

Cisco has released a patch which deletes the preinstalled SSH keys and explains how customers can correct the problem.

The Cisco-sa-20150625-ironport SSH Keys Vulnerability Fix comes as part of several product upgrades, and must be manually installed from a command line interface.

Cisco’s advisory said that the patch is not required for physical hardware appliances, or for virtual appliance downloads or upgrades after 25 June.

Cisco revealed details of a new point of sale attack earlier this year that could part firms from money and customers from personal data.

The threat, called PoSeidon by the Cisco team, came at a time when eyes were on security breaches at firms like Target.

Cisco said in a blog post that PoSeidon is a threat that has the ability to breach machines and scrape them for credit card information.

Source

RedHat Goes PaaS With Linux

Red Hat has announced the release of OpenShift Enterprise (OSE) 3, a new version of its Platform-as-a-Service offering.

Based on Red Hat Enterprise Linux (RHEL)7, Openshift is built on Docker Linux containers with Kubernetes orchestration using technology developed in collaboration with Google.

The news comes in a busy week for Red Hat, which has also announced a new productivity tie-up with Samsung and taken a leading role in the formation of a new alliance known as the Open Container Project to standardise containers.

Users will have access to a wide range of apps via the Red Hat Container Certification Programme. Middleware solutions including Red Hat JBoss Enterprise, Web Server (Tomcat) and JBoss A-MQ messaging are also included.

Included are a number of tools to help developers create and collaborate, with web, command line, and integrated development environment interfaces. Options include direct code-push from GIT and source to image building. There is also flexibility for deployment, rollback and integration.

In addition, a preview of Openshift Dedicated has been released. The public cloud service based on OpenShift 3 will succeed Openshift Online, which already hosts 2.5 million applications online, allowing businesses to quickly build, launch and deploy bespoke apps.

Ashesh Badani, vice president and general manager, OpenShift, Red Hat, said, “This release of OpenShift Enterprise 3 employs open source containers and orchestration practices to change the developer experience and move the platform in the direction of what customers are asking for – a flexible platform for a microservices architecture.

“Our continued upstream work in the Docker and Kubernetes communities enable us to deliver the most updated technology platform for developers and operators, enabling them to remain competitive through quicker innovation.”

To assist users, Red Hat is offering a range of enterprise administrator courses to teach users how to deploy, configure and manage the system, which can result in a Red Hat Certificate of Expertise in Platform as a Service – a worthy certificate for any office wall.

OpenShift 3 is available now with bespoke pricing models based of socket and core pairings.

Source

Is Oracle Sliding?

Oracle said weak sales of its traditional database software licenses were made worse by a strong US dollar lowered the value of foreign revenue.

Shares of Oracle, often seen as a barometer for the technology sector, fell 6 percent to $42.15 in extended trading after the company’s earnings report on Wednesday.

Shares of Microsoft and Salesforce.com, two of Oracle’s closest rivals, were close to unchanged.

Daniel Ives, an analyst at FBR Capital Markets said that this announcement speaks to the headwinds Oracle is seeing in the field as their legacy database business is seeing slowing growth.

It also shows that while Cloud business has seen pockets of strength it is not doing as well as many thought,

Oracle, like other established tech companies, is looking to move its business to the cloud-computing model, essentially providing services remotely via data centres rather than selling installed software.

The 38-year-old company has had some success with the cloud model, but is not moving fast enough to make up for declines in its traditional software sales.

Oracle, along with German rival SAP has been losing market share in customer relationship management software in recent years to Salesforce.com, which only offers cloud-based services.

Because of lower software sales and the strong dollar, Oracle’s net income fell to $2.76 billion, or 62 cents per share, in the fourth quarter ended May 31, from $3.65 billion, or 80 cents per share, a year earlier.

Revenue fell 5.4 percent to $10.71 billion. Revenue rose 3 percent on a constant currency basis. Analysts had expected revenue of $10.92 billion, on average.

Sales from Oracle’s cloud-computing software and platform service, an area keenly watched by investors, rose 29 percent to $416 million.

Source

Is The Chip Market On The Rebound

Don’t let anyone fool you, the chipmarket is still not doing that well and there are a few problems to be sorted out before real money will be made.

FC Tseng, vice chairman for foundry VIS said that handset makers have too much inventory in their warehouses and the much hyped IoT market boom has not yet arrived.

In fact it is looking like 2015 will not be as good as 2014, which was pretty good at least as far as VIS was concerned.

Semiconductor demand for IoT applications will emerge, but no one has really worked out what the key drivers of IoT market growth will be, Tseng said.

Smartphones, devices such as watches, bracelets and glasses are all being identified as the popular applications when it comes to wearables and the Internet of Things.

VIS forecast that the global 2015 semiconductor market will increase 5 per cent in production value to $358 bn, while the foundry sector will grow by a larger 10 per cent on year to about S$50 bn.

VIS chairman and president Leuh Fang warned that the company has seen a low visibility of customer orders for the third quarter of 2015.

VIS reported record revenues and profits for 2014 and has been spending on capital expenditure like a mad thing in 2015.

Source

Will Blackberry Embrace Android?

BlackBerry Ltd’s move to embrace Android, although geared towards lifting revenue from its software and device management segment, could inadvertently give its device arm a new lease on life.

“From the standpoint of marketing, this is a great way for BlackBerry to get visibility. It really doesn’t hurt them much, and the upside is high,” said Rob Enderle, who runs technology consulting firm Enderle Group.

Enderle and other financial and tech analysts agree that the move by BlackBerry does present its own set of challenges as the company would have to support two platforms and potentially put some resources into marketing an Android device, but with little to lose most agree it comes with little downside.

“If Android has one significant weakness it is security and that’s just the thing that BlackBerry can fix, so it could play out pretty well and I am actually quite surprised that they did not try this sooner,” said Enderle, adding that BlackBerry has to deliver a compelling device in order for the gambit to work.

Reuters reported last week that BlackBerry was considering a move to test run Android on its upcoming slider device, as part of a bid to convince potential corporate and government clients that its device management system, BES12, is truly able of manage and secure not just BlackBerry devices, but also devices powered by Google’s Android, Apple’s iOS and Microsoft’s Windows operating system.

“In order for BES12 to succeed it has to be viewed by all as platform agnostic, and what better way to demonstrate that other than by doing it yourself,” said Ramon Llamas, an analyst with technology research firm IDC.

BlackBerry, which once dominated the smartphone market, has seen its market share drop to under 1 percent, as the iPhone and a slew of Android devices from Samsung have captured market share. John Chen, a turnaround expert brought in to fix its slide, is now pivoting BlackBerry to focus more on its well-regarded software and device management business.

Source

Facebook To Require Stronger Digital Signature

Facebook will require application developers to adopt a more secure type of digital signature for their apps, which is used to verify a program’s legitimacy.

As of Oct. 1, apps will have to use SHA-2 certificate signatures rather than ones signed with SHA-1. Both are cryptographic algorithms that are used to create a hash of a digital certificate that can be mathematically verified.

Apps that use SHA-1 after October won’t work on Facebook anymore, wrote Adam Gross, a production engineer at the company, in a blog post.

“We recommend that developers check their applications, SDKs, or devices that connect to Facebook to ensure they support the SHA-2 standard,” Gross wrote.

SHA-1 has been considered weak for about a decade. Researchers have shown it is possible to create a forged digital certificate that carries the same SHA-1 hash as legitimate one.

The type of attack, called a hash collision, could trick a computer into thinking it is interacting with a legitimate digital certificate when it actually is a spoofed one with the same SHA-1 hash. Using such a certificate could allow an attacker to spy on the connection between a user and an application or website.

Microsoft, Google, Mozilla and other organizations have also moved away from SHA-1 and said they will warn users of websites that are using a connection that should not be trusted.

The Certificate and Browser Forum, which developers best practices for web security, has recommended in its Baseline Requirements that digital certificate issuers stop using SHA-1 as of Jan. 1.

Source

IRS Reducing Size Of Cybersecurity Staff

The Internal Revenue Service, which confirmed rumors of a breach of 100,000 taxpayer accounts, has been consistently reducing the size of its internal cybersecurity staff as it increases its security spending. This may seem paradoxical, but one observer suggested it could signal a shift to outsourcing.

In 2011, the IRS employed 410 people in its cybersecurity organization, but by 2014 the headcount had fallen by 11% to 363 people, according to annual reports about IRS information technology spending by the U.S. Treasury Department Inspector General.

Despite this staff reduction, the IRS has increased spending in its cybersecurity organization. In 2012, the IRS earmarked $129 million for cybersecurity, which rose to $141.5 million last year, an increase of approximately 9.7%.

This increase in spending, coupled with the reduction in headcount, is an indicator of outsourcing, said Alan Paller, director of research at the SANS Institute. Paller sees risks in that strategy.

“Each organization moves at a different pace toward a point at which they have outsourced so much that the insiders do little more than manage contracts, and lose their technical expertise and ability to manage technical contractors effectively,” said Paller.

An IRS spokesman was not able to immediately answer questions about the IRS’s cybersecurity spending.

This breach is drawing congressional scrutiny. On Tuesday, U.S. Senator Orrin Hatch (R-Utah), who heads the Senate Finance Committee, called the breach “unacceptable.”

The IRS’s total IT budget in 2014 was $2.5 billion, an increase from the prior year’s $2.3 billion, with 7,339 employees last year, little change from 7,303 reported in 2013.

The agency’s IT budget has fared better than the agency overall. Congress has been cutting spending at the agency. IRS funding has been reduced by $1.2 billion over the last five years, from $12.1 billion in 2010 to $10.9 billion this year. An IRS official told lawmakers earlier this year that the budget cuts have delayed critical IT investments of more than $200 million, which includes replacing aging IT systems.

Source

USAA Exploring Bitcoins

USAA, a San Antonio, Texas-based financial institution serving current and former members of the military, is researching the underlying technology behind the digital currency bitcoin to help make its operations more efficient, a company executive said.

Alex Marquez, managing director of corporate development at USAA, said in an interview that the company and its banking, insurance, and investment management subsidiaries hoped the “blockchain” technology could help decentralize its operations such as the back office.

He said USAA had a large team researching the potential of the blockchain, an open ledger of a digital currency’s transactions, viewed as bitcoin’s main technological innovation. It lets users make payments anonymously, instantly, and without government regulation.

The blockchain ledger is accessible to all users of bitcoin, a virtual currency created through a computer “mining” process that uses millions of calculations. Bitcoin has no ties to a central bank and is viewed as an alternative to paying for goods and services with credit cards.

“We have serious interest in the blockchain and we think the technology would have an impact on the organization,” said Marquez. “The fact that we have such a large group of people working on this shows how serious we are about the potential of this technology.”

USAA, which provides banking, insurance and other products to 10.7 million current or former members of the military, owns and manages assets of about $213 billion.

Marquez said USAA had no plans to dabble in the bitcoin as a currency. Its foray into the blockchain reflects a trend among banking institutions trying to integrate bitcoin technology into their systems. BNY Mellon and UBS have announced initiatives to explore the blockchain technology.

Most large banks are testing the blockchain internally, said David Johnston, managing director at Dapps Venture Fund in San Antonio, Texas. “All of the banks are going through that process of trying to understand how this technology is going to evolve.”

“I would say that by the end of the year, most will have solidified a blockchain technology strategy, how the bank is going to implement and how it will move the technology forward.”

USAA is still in early stages of its research and has yet to identify how it will implement the technology.

In January this year, USAA invested in Coinbase, the biggest bitcoin company, which runs a host of services, including an exchange and a wallet, which is how bitcoins are stored by users online.

Source

« Previous Page — Next Page »