Adobe Eases Privacy Concerns

Tests on the latest version of Adobe System’s e-reader software reveals the company is now collecting less data following a privacy-related row last month, according to the Electronic Frontier Foundation.

Digital Editions version 4.0.1 appears to only collect data on e-books that have DRM (Digital Rights Management), wrote Cooper Quintin, a staff technologist with the EFF. DRM places restrictions on how content can be used with the intent of thwarting piracy.

Adobe was criticized in early October after it was discovered Digital Editions collected metadata about e-books on a device, even if the e-books did not have DRM. Those logs were also sent to Adobe in plain text.

Since that data was not encrypted, critics including the EFF contended it posed major privacy risks for users. For example, plain text content could be intercepted by an interloper from a user who is on the same public Wi-Fi network.

Adobe said on Oct. 23 it fixed the issues in 4.0.1, saying it would not collect data on e-books without DRM and encrypt data that is transmitted back to the company.

Quintin wrote the EFF’s latest test showed the “only time we saw data going back to an Adobe server was when an e-book with DRM was opened for the first time. This data is most likely being sent back for DRM verification purposes, and it is being sent over HTTPS.”

If an e-book has DRM, Adobe may record how long a person reads it or the percentage of the content that is read, which is used for “metered” pricing models.

Other technical metrics are also collected, such as the IP address of the device downloading a book, a unique ID assigned to the specific applications being used at the time and a unique ID for the device, according to Adobe.

Source

Amazon Tops Apple

A mere five months after Apple snatched J.D. Power’s tablet satisfaction award away from Samsung, it has lost it to up-and-coming Amazon.

Apple’s iPad finished in second place in the latest satisfaction survey conducted by J.D. Power and Associates, with a score of 824 out of a possible 1,000. For the first time, Amazon took first place, scoring 827.

Samsung came in at 821 for third, while Asus and Acer filled out the first five, but those stragglers’ scores were under the category average.

J.D. Power’s satisfaction score included five separate measurements for performance, ease of operation, features, styling and design, and cost, with each accounting for different percentages of the final number. Performance, for example, counted as 28% of the total; cost for 11%.

Apple received high scores in performance and styling and design, while Amazon performed best in ease of operation and cost, said Kirk Parsons, senior director of telecommunications services at J.D. Power.

“Within the tablet segment, there’s a balance of cost and value, and for this period, Amazon was at the equilibrium,” said Parsons. “For the money, [Amazon tablets] do what buyers need them to do. And the Mayday feature really helped them in ease of operation.”

Mayday is a feature on Amazon’s higher-end tablets that lets customers video chat with support representatives using the device.

Parsons called out Amazon’s Fire HDX, which launched in October 2013 in a 7-in. size and a month later in an 8.9-in. format, for driving the brand’s scores. Amazon now sells the 7-in. Fire HDX for $179; the 8.9-in. model starts at $379. “The new Fire HDX did really, really well” in the survey, Parsons noted.

J.D. Power polled nearly 2,700 U.S. tablet owners who had had their current devices for less than a year. The survey period ran from March to August.

The last time J.D. Power published tablet customer satisfaction scores, Amazon placed fourth. Its jump to first was a small surprise, said Parsons. “I figured [Amazon’s] scores would improve, but I didn’t think they’d take the top spot,” he admitted.

Price is increasingly important to satisfaction, said Parson, as costs fall and capabilities climb across the board, making it more difficult for premium-priced tablets like Apple’s iPad, to retain their polled positions. On average, tablet customers now spend $345 on their tablets, $48 less than in April 2013, a decline of 12%.

Source

Will The Drupal Flaw Be Catastrophic?

The Drupal web content management system has been exposed as having backdoor access that could deliver your site to hackers.

The problem is not particularly new. Drupal warned about it earlier this month, but it still needs tackling as millions of websites may be at risk.

Drupal said that sites running version 7 really ought to have upgraded to 7.32 by now, because not doing so leaves them as open as a torn tea bag.

Initially the alert was about the threat, but the firm has updated its earlier advice and is now warning of in-the-wild attacks.

That earlier advice was about a problem in a database API. “A vulnerability in this API allows an attacker to send specially crafted requests resulting in arbitrary SQL execution,” warned Drupal in a security alert.

“Depending on the content of the requests this can lead to privilege escalation, arbitrary PHP execution, or other attacks. This vulnerability can be exploited by anonymous users.”

More recent information from the firm points users toward the released upgrade, and informs them that attacks started not long after the initial announcement.

“You should proceed under the assumption that every Drupal 7 website was compromised unless updated or patched before Oct 15th, 11pm UTC, that is seven hours after the announcement,” it said, adding that, even when updated, sites will have some cleaning up to do.

“If you have not updated or applied this patch, do so immediately, then continue reading this announcement; updating to version 7.32 or applying the patch fixes the vulnerability but does not fix an already compromised website,” it explains.

“If you find that your site is already patched but you didn’t do it, that can be a symptom that the site was compromised – some attacks have applied the patch as a way to guarantee they are the only attacker in control of the site.”

Gavin Millard, EMEA technical director at Tenable Network Security, advised people to follow Drupal’s advice.

“The so-called ‘Drupageddon’ vulnerability could have easily led to exploitation of any systems running the vulnerable code. With such an easy to exploit flaw, the chance of exfiltration of data or further exploitation are high,” he said.

“For those who have good security controls, reviewing of logs and traffic directed at the sites following the vulnerability being announced and the patch applied is common sense and highly advisable, with appropriate action taken if indicators of compromise are found.

“For those who don’t have such a good level of security or visibility into the logs, the advice from the Drupal team should be heeded. If you don’t know if you were exploited you should assume that you have been.”

Source

IBM And Tencent Team Up

Tencent Holdings Ltd announced that it would be teaming up with International Business Machines Corp (IBM) on a new cloud software business for corporate customers, a marked departure for one of the dominant forces in China’s consumer Internet industry.

Best known for its popular WeChat messaging app and its online games rather than business software, Tencent said its cloud unit would now target small and medium enterprises in the healthcare and “smart city” industries.

Many technology firms are jockeying for a slice of China’s enterprise software market, which promises to grow sharply in coming years as businesses modernize their IT operations and move data onto the cloud.

Tencent’s alliance with IBM, which has deep experience providing computing and consulting services to corporate clients, provides the Shenzhen company a competitive answer to its Chinese rival Alibaba Group Holding Ltd’s nascent cloud efforts.

An e-commerce giant, Alibaba has been slowly building its cloud unit, which recorded just $38 million in revenue in the three months ended June 30.

Tencent said it would tap IBM for its “industry expertise and enterprise reach” but did not disclose financial terms of the deal.

For IBM, the Tencent deal is just the latest in a recent spate of new software partnerships in China, where its hardware sales have been sliding.

IBM announced a deal earlier this year to install its cutting-edge DB2 database software on Chinese rival Inspur International Ltd’s machines. Big Blue also agreed to license its database and big data technology to Chinese software vendor Yonyou Software Co Ltd.

Source

MDM Coming To Office 365

Microsoft will rollout mobile device management (MDM) capabilities to Office 365 in 2015, making it easier for firms to manage corporate data across a range of mobile devices, including those running iOS and Android as well as Windows.

Microsoft unveiled the updates coming to its Office 365 cloud-delivered productivity suite in 2015 at its TechEd Europe conference.

These will enable customers to apply security policies against devices that connect to Office 365 to ensure that email and documents can be accessed only by approved devices, plus the ability to remotely wipe Office 365 data if necessary.

Julia White, Microsoft general manager for Office 365, said that the updates will enable customers to offer “conditional access” to Office documents and email, such as ensuring that any device used by employees has not been jailbroken or rooted, which could potentially pose a security risk.

Administrators will be able to set policies directly from the Office 365 administration portal, and enforce the use of a Pin to secure access to the device. Any wipe of Office 365 content will not affect the user’s personal data, White added.

These MDM features coming to Office 365 are actually powered by Microsoft’s Intune cloud-based management service and are a subset of Intune’s capabilities, the firm disclosed.

Intune itself is also getting some upgrades that will enable customers to benefit from additional security features if they also subscribe to Intune.

These will include data leak prevention measures that enable policies to be applied against managed applications, preventing users from copying and pasting data from an Office 365 app to another, for example, or copying files from Office 365 to elsewhere on the device.

While these capabilities are built in to Office 365, Microsoft will also enable this to be extended to other applications using Intune app wrapper functionality, White said.

White also confirmed that Microsoft is working on an Android version of the Office for iPad suite of mobile productivity tools that the firm announced for Apple’s tablet platform earlier this year.

Microsoft’s Office announcement comes amid speculation that the firm will release Office for Android next month.

Source

HP’s Helion Goes Commercial

HP has announced general availability of its Helion OpenStack cloud platform and Helion Development Platform based on Cloud Foundry.

The Helion portfolio was announced by HP earlier this year, when the firm disclosed that it was backing the OpenStack project as the foundation piece for its cloud strategy.

At the time, HP issued the HP Helion OpenStack Community edition for pilot deployments, and promised a full commercial release to follow, along with a developer platform based on the Cloud Foundry code.

HP revealed today that the commercial release of HP Helion OpenStack is now available as a fully supported product for customers looking to build their own on-premise infrastructure-as-a-service cloud, along with the HP Helion Development platform-as-a-service designed to run on top of it.

“We’ve now gone GA [general availability] on our first full commercial OpenStack product and actually started shipping it a couple of weeks ago, so we’re now open for business and we already have a number of customers that are using it for proof of concept,” HP’s CloudSystem director for EMEA, Paul Morgan said.

Like other OpenStack vendors, HP is offering more than just the bare OpenStack code. Its distribution is underpinned by a hardened version of HP Linux, and is integrated with other HP infrastructure and management tools, Morgan said.

“We’ve put in a ton of HP value add, so there’s a common look and feel across the different management layers, and we are supporting other elements of our cloud infrastructure software today, things like HP OneView, things like our Cloud Service Automation in CloudSystem,” he added.

The commercial Helion build has also been updated to include Juno, the latest version of the OpenStack framework released last week.

Likewise, the HP Helion Development Platform takes the open source Cloud Foundry platform and integrates it with HP’s OpenStack release to provide an environment for developers to build and deploy cloud-based applications and services.

HP also announced an optimised reference model for building a scalable object storage platform based on its OpenStack release.

HP Helion Content Depot is essentially a blueprint to allow organisations or service providers to put together a highly available, secure storage solution using HP ProLiant servers and HP Networking hardware, with access to storage provided via the standard OpenStack Swift application programming interfaces.

Morgan said that the most interest in this solution is likely to come from service providers looking to offer a cloud-based storage service, although enterprise customers may also deploy it internally.

“It’s completely customisable, so you might start off with half a petabyte, with the need to scale to maybe 2PB per year, and it is a certified and fully tested solution that takes all of the guesswork out of setting up this type of service,” he said.

Content Depot joins the recently announced HP Helion Continuity Services as one of the growing number of solutions that the firm aims to offer around its Helion platform, he explained. These will include point solutions aimed at solving specific customer needs.

The firm also last month started up its HP Helion OpenStack Professional Services division to help customers with consulting and deployment services to implement an OpenStack-based private cloud.

Pricing for HP Helion OpenStack comes in at $1,200 per server with 9×5 support for one year. Pricing for 24×7 support will be $2,200 per server per year.

“We see that is very competitively priced compared with what else is already out there,” Morgan said.

Source

China Using Home Servers Admidst Cyber Concerns

A Chinese firm has developed the country’s first homegrown servers, built entirely out of domestic technologies including a processor from local chip maker Loongson Technology.

China’s Dawning Information Industry, also known as Sugon, has developed a series of four servers using the Loongson 3B processor, the country’s state-run Xinhua News Agency reported Thursday.

“Servers are crucial applications in a country’s politics, economy, and information security. We must fully master all these technologies,” Dawning’s vice president Sha Chaoqun was quoted as saying.

The servers, including their operating systems, have all been developed from Chinese technology. The Loongson 3B processor inside them has eight cores made with a total of 1.1 billion transistors built using a 28-nanometer production process.

The Xinhua report quoted Li Guojie, a top computing researcher in the country, as saying the new servers would ensure that the security around China’s military, financial and energy sectors would no longer be in foreign control.

Dawning was contacted on Friday, but an employee declined to offer more specifics about the servers. “We don’t want to promote this product in the U.S. media,” she said. “It involves propriety intellectual property rights, and Chinese government organizations.”

News of the servers has just been among the ongoing developments in China for the country to build up its own homegrown technology. Work is being done on local mobile operating systems, supercomputing, and in chip making, with much of it government-backed. Earlier this year, China outlined a plan to make the country into a major player in the semiconductor space.

But it also comes at a time when cybersecurity has become a major concern for the Chinese government, following revelations about the U.S. government’s own secret surveillance programs. “Without cybersecurity there is no national security,” declared China’s Xi Jinping in March, as he announced plans to turn the country into an “Internet power.”

Two months later, China threatened to block companiesfrom selling IT products to the country if they failed to pass a new vetting system meant to comb out secret spying programs.

Dawning, which was founded using local government-supported research, is perhaps best known for developing some of China’s supercomputers. But it also sells server products built with Intel chips. In this year’s first quarter, it had an 8.7 percent share of China’s server market, putting it in 7th place, according to research firm IDC.

Source

Is Unity Up to Something Big?

Earlier today Unity Technologies caused quite a stir in the games industry with the announcement that former Electronic Arts chief exec John Riccitiello would be taking over the CEO job for David Helgason. While EA struggled to make shareholders happy, Unity has been seeing tremendous growth, becoming a favorite toolset for large and small publishers and especially indies. In fact, the company serves over 600,000 monthly developers. But what does Unity really have up its sleeve? Is the hiring of a notable leader like Riccitiello a sign that the company is indeed being groomed for a buyout or public offering?

“John Riccitiello’s corporate moves will rightfully inspire speculation about major changes in the companies involved and as Unity is the dominant independent development platform, what happens next could affect most developers and publishers outside of the top ten,” remarked independent analyst Billy Pidgeon. “An acquisition is very possible although Unity CTO Joachim Ante has denied this. Unity needs to be independent and available to all to retain and grow its value, so a sale to a major publisher or developer would sharply decrease the company’s revenue flow. But a buyer outside the industry could allow Unity to remain somewhat independent, although clients might be wary of doing business with Unity’s new owner.”

EEDAR’s Patrick Walker, head of insights and analytics, largely agreed with Pidgeon, commenting, “While the stature of Riccitiello as a hire and his interest in helming the Unity ship suggest that there are big plans in the works for the company, it is unlikely that these plans are focused on the short term, such as preparation for a near-term buyout. A buyout has been rumored for a while, and the Unity executive team, including founder David Helgason and CTO Joachim Ante, has been consistent in their messaging statement focusing on the company mission rather than pursuit of a buyout. More likely, Riccitiello is being brought on board to spur growth for a longer-term play, such as an eventual IPO or larger-scale buyout.”

Regardless of whether a longer-term buyout is in the cards, Riccitiello has the experience to help accelerate Unity’s growth in the next few years, most believe.

“Unity is a well-positioned company with several paths to increase growth. While game publishing is one route to spur growth, there is also an opportunity for the company to leverage the strengths, such as cross-platform flexibility, that have given it such broad penetration in the indie market to increase penetration in other development verticals,” Walker continued. “Riccitiello has an ideal background, having led major companies both inside and outside the games industry and having served on the Unity board for the past year, to drive partnerships that will help grow Unity as a major development platform across the full spectrum of publishers and developers.”

Wedbush Securities’ Michael Pachter added, “He is certainly capable of leading them, and also well equipped to sell the company. [But] I don’t know the reason for the change.”

Perhaps one major reason for the change is to offload some of the business responsibility from Helgason who may wish to focus more on product development.

“Unity has been growing quickly for several years. The company now has over 300 employees and its technology is being used by hundreds of thousands of developers on practically every platform out there. I suspect that Dave recognized some time ago that the company had to get an experienced business manager at the helm or risk flying off the rails at some point, and that’s exactly what JR is,” observed Lewis Ward, IDC’s gaming research director.

“Some people just aren’t cut out to be CEOs of big businesses – just look at Notch. I suspect that Dave is going to be happier staying focused on the core product strategy and building relationships with studios and indie developers. From JR’s perspective, it’s a great opportunity to ride the beast that has been Unity growth over the past 3+ years. It’s a remarkable story, and I think John is probably going to enjoy the role and stepping back into an important spotlight in the industry.”

Source

Will Google’s Algorithm Stop Piracy?

Nosey Google has updated its search engine algorithms in an attempt to restrict piracy web sites appearing high in its search rankings.

The update will mean piracy sites are less likely to appear when people search for music, films and other copyrighted content.

The decision to roll out the search changes was announced in a refreshed version of a How Google Fights Piracy report, which was originally published in September 2013.

However, this year’s updated report features a couple of developments, including changes to ad formats and an improved DMCA demotion search signal.

The move is likely to be a result of criticism received from the entertainment industry, which has argued that illegal sites should be “demoted” in search results because they enable people to find sites to download media illegally.

The biggest change in the Google search update will be new ad formats in search results on queries related to music and movies that help people find legitimate sources of media.

For example, for the relatively small number of queries for movies that include terms like ‘download’, ‘free’, or ‘watch’, Google has instead begun listing legal services such as Spotify and Netflix in a box at the top of the search results.

“We’re also testing other ways of pointing people to legitimate sources of music and movies, including in the right-hand panel on the results page,” Google added.

“These results show in the US only, but we plan to continue investing in this area and to expand it internationally.”

An improved DMCA demotion signal in Google search is also being rolled out as part of the refresh, which down-ranks sites for which Google has received a large number of valid DMCA notices.

“We’ve now refined the signal in ways we expect to visibly affect the rankings of some of the most notorious sites. This update will roll out globally starting next week,” Google said, adding that it will also be removing more terms from autocomplete, based on DMCA removal notices.

The new measures might be welcomed by the entertainment industry, but are likely to encourage more people to use legal alternatives such as Spotify and Netflix, rather than buying more physical media.

Source

MasterCard Testing New Fingerprint Reader

MasterCard is trying out a contactless payment card with a built-in fingerprint reader that can authorize high-value payments without requiring the user to enter a PIN.

The credit-card company showed a prototype of the card in London on Friday along with Zwipe, the Norwegian company that developed the fingerprint recognition technology.

The contactless payment card has an integrated fingerprint sensor and a secure data store for the cardholder’s biometric data, which is held only on the card and not in an external database, the companies said.

The card also has an EMV chip, used in European payment cards instead of a magnetic stripe to increase payment security, and a MasterCard application to allow contactless payments.

The prototype shown Friday is thicker than regular payment cards to accommodate a battery. Zwipe said it plans to eliminate the battery by harvesting energy from contactless payment terminals and is working on a new model for release in 2015 that will be as thin as standard cards.

Thanks to its fingerprint authentication, the Zwipe card has no limit on contactless payments, said a company spokesman. Other contactless cards can only be used for payments of around €20 or €25, and some must be placed in a reader and a PIN entered once the transaction reaches a certain threshold.

Norwegian bank Sparebanken DIN has already tested the Zwipe card, and plans to offer biometric authentication and contactless communication for all its cards, the bank has said.

MasterCard wants cardholders to be able to identify themselves without having to use passwords or PINs. Biometric authentication can help with that, but achieving simplicity of use in a secure way is a challenge, it said.

Source

« Previous Page — Next Page »