U.S. And Britain Ramping Up Cyber Defense

The U.S. and Britain are increasing their collaboration to thwart digital threats. They are planning to launch more attacks against each other to test their defenses and scare away possible enemies.

The U.S. and the U.K. have been working together to prevent cyber attacks for some time, but are going to increase the collaboration. They will combine their expertise to set up “cyber cells” on both sides of the Atlantic to increase sharing information about threats and to work out how to best protect themselves and create a system that lets hostile states and organization know they shouldn’t attack, said U.K. prime minister David Cameron in an interview published by the BBC.

Cyber attacks “are one of the biggest modern threats that we face,” according to Cameron who is visiting Washington for talks with U.S. president Barack Obama. One of the topics high on the agenda is digital security.

The countries will increase the “war games” launched at each other to test defenses. “It is happening already but it needs to be stepped up,” Cameron said, adding that British intelligence service GCHQ and the U.S. equivalent NSA have know-how that should be shared more.

“It is not just about protecting companies, it is also about protecting people’s data, about protecting people’s finances. These attacks can have real consequences to people’s prosperity,” he said.

However, in order to protect companies and citizens better, increased snooping powers to track terrorists on social networks are necessary, said Cameron. He is planning to discuss this issue with Obama and U.S. companies including Google and Facebook.

The increased cooperation between the countries comes in the wake of the Sony hack and the apparent hacking of the U.S. Central Command’s Twitter account by ISIS (Islamic State of Iraq and Syria), which posted tweets threatening families of U.S. soldiers and claiming to have hacked into military PCs.

Source

Ericsson Goes After Xiaomi

Ericsson has thrown a spanner into Chinese firm Xiaomi’s expansion plans, and has reportedly stopped it from selling handsets in India.

According to reports, this is already happening. We have asked Ericsson to confirm its role and what it wants to say about it. It told us that the reports are true and that it is ready to defend itself.

“It is unfair for Xiaomi to benefit from our substantial R&D investment without paying a reasonable licensee fee for our technology. After more than 3 years of attempts to engage in a licensing conversation in good faith for products compliant with the GSM, EDGE, and UMTS/WCDMA standards, Xiaomi continues to refuse to respond in any way regarding a fair license to Ericsson’s intellectual property on fair, reasonable and non-discriminatory (FRAND) terms,” it said in a statement.

“Ericsson, as a last resort, had to take legal action. To continue investing in research and enabling the development of new ideas, new standards and new platforms to the industry, we must obtain a fair return on our R&D investments. We look forward to working with Xiaomi to reach a mutually fair and reasonable conclusion, just as we do with all of our licensees.”

Xiaomi has responded to Bloomberg but it declined to say too much until it has access too all of the information.

“Our legal team is currently evaluating the situation based on the information we have,” said the spokesperson. “India is a very important market for Xiaomi and we will respond promptly as needed and in full compliance with India laws.”

The banning on the sale of devices was approved by a court in Delhi India, according to reports, and is based on an Ericsson claim on eight patents that it owns.

Xiaomi has bold plans for its own future and sees itself competing against rivals like Samsung and Apple. It has given itself between five and 10 years to do this, and will presumably want to include the Indian market in those plans.

Source

Yet Another Retailer System Hacked

Women’s clothing retailer Bebe Stores has become the latest in a growing list of national retailers to be hit by an attack on its credit card payment system.

The company said Friday that the cardholder name, account number, expiration date, and verification code could have been stolen by hackers who apparently had access to the company’s payment processing system between Nov. 8 and 26.

The incident came to light in late November when Bebe said it noticed suspicious activity on computers that operate the payment processing system. Stores affected were the roughly 200 it operates in the U.S., Puerto Rico and the U.S. Virgin Islands.

“If you used a payment card at a U.S., Puerto Rico or U.S. Virgin Islands store during this time frame, you should review your account statements for any unauthorized activity,” it said in a message to customers.

The last couple of years have been bad ones for the safety of credit card data at major U.S. retailers. Millions of credit and debit card numbers have been compromised in breaches at retailers, including Target, Home Depot, PF Chang’s restaurants, Super Valu grocery stores, Neiman Marcus, UPS Store and others.

In many cases, the attacks were targeted at payment processing terminals and used sophisticated malware that stole card details as consumers swiped their cards. Many of the thefts were only discovered after the card numbers appeared for sale on Internet hacking forums.

Such was the case with Bebe Stores. First news of the hack came earlier this week through the closely followed Krebs on Security blog.

Source

Will The Drupal Flaw Be Catastrophic?

The Drupal web content management system has been exposed as having backdoor access that could deliver your site to hackers.

The problem is not particularly new. Drupal warned about it earlier this month, but it still needs tackling as millions of websites may be at risk.

Drupal said that sites running version 7 really ought to have upgraded to 7.32 by now, because not doing so leaves them as open as a torn tea bag.

Initially the alert was about the threat, but the firm has updated its earlier advice and is now warning of in-the-wild attacks.

That earlier advice was about a problem in a database API. “A vulnerability in this API allows an attacker to send specially crafted requests resulting in arbitrary SQL execution,” warned Drupal in a security alert.

“Depending on the content of the requests this can lead to privilege escalation, arbitrary PHP execution, or other attacks. This vulnerability can be exploited by anonymous users.”

More recent information from the firm points users toward the released upgrade, and informs them that attacks started not long after the initial announcement.

“You should proceed under the assumption that every Drupal 7 website was compromised unless updated or patched before Oct 15th, 11pm UTC, that is seven hours after the announcement,” it said, adding that, even when updated, sites will have some cleaning up to do.

“If you have not updated or applied this patch, do so immediately, then continue reading this announcement; updating to version 7.32 or applying the patch fixes the vulnerability but does not fix an already compromised website,” it explains.

“If you find that your site is already patched but you didn’t do it, that can be a symptom that the site was compromised – some attacks have applied the patch as a way to guarantee they are the only attacker in control of the site.”

Gavin Millard, EMEA technical director at Tenable Network Security, advised people to follow Drupal’s advice.

“The so-called ‘Drupageddon’ vulnerability could have easily led to exploitation of any systems running the vulnerable code. With such an easy to exploit flaw, the chance of exfiltration of data or further exploitation are high,” he said.

“For those who have good security controls, reviewing of logs and traffic directed at the sites following the vulnerability being announced and the patch applied is common sense and highly advisable, with appropriate action taken if indicators of compromise are found.

“For those who don’t have such a good level of security or visibility into the logs, the advice from the Drupal team should be heeded. If you don’t know if you were exploited you should assume that you have been.”

Source

China Using Home Servers Admidst Cyber Concerns

A Chinese firm has developed the country’s first homegrown servers, built entirely out of domestic technologies including a processor from local chip maker Loongson Technology.

China’s Dawning Information Industry, also known as Sugon, has developed a series of four servers using the Loongson 3B processor, the country’s state-run Xinhua News Agency reported Thursday.

“Servers are crucial applications in a country’s politics, economy, and information security. We must fully master all these technologies,” Dawning’s vice president Sha Chaoqun was quoted as saying.

The servers, including their operating systems, have all been developed from Chinese technology. The Loongson 3B processor inside them has eight cores made with a total of 1.1 billion transistors built using a 28-nanometer production process.

The Xinhua report quoted Li Guojie, a top computing researcher in the country, as saying the new servers would ensure that the security around China’s military, financial and energy sectors would no longer be in foreign control.

Dawning was contacted on Friday, but an employee declined to offer more specifics about the servers. “We don’t want to promote this product in the U.S. media,” she said. “It involves propriety intellectual property rights, and Chinese government organizations.”

News of the servers has just been among the ongoing developments in China for the country to build up its own homegrown technology. Work is being done on local mobile operating systems, supercomputing, and in chip making, with much of it government-backed. Earlier this year, China outlined a plan to make the country into a major player in the semiconductor space.

But it also comes at a time when cybersecurity has become a major concern for the Chinese government, following revelations about the U.S. government’s own secret surveillance programs. “Without cybersecurity there is no national security,” declared China’s Xi Jinping in March, as he announced plans to turn the country into an “Internet power.”

Two months later, China threatened to block companiesfrom selling IT products to the country if they failed to pass a new vetting system meant to comb out secret spying programs.

Dawning, which was founded using local government-supported research, is perhaps best known for developing some of China’s supercomputers. But it also sells server products built with Intel chips. In this year’s first quarter, it had an 8.7 percent share of China’s server market, putting it in 7th place, according to research firm IDC.

Source

MasterCard Testing New Fingerprint Reader

MasterCard is trying out a contactless payment card with a built-in fingerprint reader that can authorize high-value payments without requiring the user to enter a PIN.

The credit-card company showed a prototype of the card in London on Friday along with Zwipe, the Norwegian company that developed the fingerprint recognition technology.

The contactless payment card has an integrated fingerprint sensor and a secure data store for the cardholder’s biometric data, which is held only on the card and not in an external database, the companies said.

The card also has an EMV chip, used in European payment cards instead of a magnetic stripe to increase payment security, and a MasterCard application to allow contactless payments.

The prototype shown Friday is thicker than regular payment cards to accommodate a battery. Zwipe said it plans to eliminate the battery by harvesting energy from contactless payment terminals and is working on a new model for release in 2015 that will be as thin as standard cards.

Thanks to its fingerprint authentication, the Zwipe card has no limit on contactless payments, said a company spokesman. Other contactless cards can only be used for payments of around €20 or €25, and some must be placed in a reader and a PIN entered once the transaction reaches a certain threshold.

Norwegian bank Sparebanken DIN has already tested the Zwipe card, and plans to offer biometric authentication and contactless communication for all its cards, the bank has said.

MasterCard wants cardholders to be able to identify themselves without having to use passwords or PINs. Biometric authentication can help with that, but achieving simplicity of use in a secure way is a challenge, it said.

Source

Amazon Expands Grocery Service

Amazon.com Inc is add more territory to its online grocery delivery program to Brooklyn’s well-heeled Park Slope neighborhood, giving the No. 1 U.S. online retailer a foothold in one of the wealthiest and densest markets in the United States.

The AmazonFresh program, which offers same-day or next-day delivery on more than 500,000 items including fresh and frozen groceries, will soon expand to other areas in Brooklyn.

The move is part of Amazon’s slow build-out of its “Fresh” program, targeting one of the largest retail sectors yet to be upended by online commerce. Amazon declined to say if it will expand to Manhattan or other parts of the New York metro area.

“Currently, we are offering AmazonFresh in Brooklyn and will continue being thoughtful and methodical in our expansion,” an Amazon spokeswoman said in an e-mail.

Groceries have proven to be one of the toughest sectors for technology companies to manage, and Amazon faces competition from established companies like FreshDirect as well as fast-growing startups like Instacart.

But a successful foray in Park Slope could help Amazon cement customer loyalty and boost sales, especially among wealthy and middle-class families, analysts have said.

The top 10 to 20 percent of wealthiest Americans spend between 3 and 4 times more on food than the average American family, according to Bill Bishop, chief architect at Brick Meets Click, a consulting firm focused on retail technology.

“They are the sweetest of shoppers so anybody who attracts that business is taking the cream of the market,” Bishop said.

Amazon could also use its Fresh program to experiment with its own delivery service, analysts have said.

Source

Twitter To Allow Monet Tweets

One of France’s largest banks is partnering with social network Twitter Inc. to allow its customers to transfer money via tweets.

The move by Groupe BPCE, France’s second largest bank by customers, coincides with Twitter’s own foray into the world of online payments as the social network seeks new sources of revenue beyond advertising.

Twitter is racing other tech giants Apple  and Facebook to get a foothold in new payment services for mobile phones or apps. They are collaborating and, in some cases, competing with banks and credit card issuers that have run the business for decades.

The bank said last month it was prepared to offer simple person-to-person money transfers via Twitter to French consumers, regardless of what bank they use, and without requiring the sender know the recipient’s banking details.

“(S-Money) offers Twitter users in France a new way to send each other money, irrespective of their bank and without having to enter the beneficiary’s bank details, with a simple tweet,” Nicolas Chatillon, chief executive of S-Money,  BPCE’s mobile payments unit, said in the statement.

Payment by tweets will be managed via the bank’s S-Money service, which allows money transfers via text message and relies on the credit-card industry’s data security standards.

BPCE and Twitter declined to provide further details ahead of a news conference in Paris later today to unveil the service.

Last month, Twitter started trials of its own new service, dubbed “Twitter Buy”,  to allow consumers to find and buy products on its social network.

The service embeds a “Twitter Buy” button inside tweets posted by more than two dozen stores, music artists and non-profits. Burberry, Home Depot, and musicians such as Pharrell and Megadeth are among the early vendors.

Twitter’s role to date has been to connect customers rather than processing payments or checking their identities.

Source

Will Facebook Enter The Healthcare Arena?

Facebook Inc already can tell who your friends are and the what types of things grabs your attention. Soon, it could also know the state of your health.

On the heels of fellow Silicon Valley technology companies Apple Inc and Google Inc, Facebook is plotting its first steps into the fertile field of healthcare, said three people familiar with the matter. The people requested anonymity as the plans are still in development.

The company is exploring creating online “support communities” that would connect Facebook users suffering from various ailments. A small team is also considering new “preventative care” applications that would help people improve their lifestyles.

In recent months, the sources said, the social networking giant has been holding meetings with medical industry experts and entrepreneurs, and is setting up a research and development unit to test new health apps. Facebook is still in the idea-gathering stage, the people said.

Healthcare has historically been an area of interest for Facebook, but it has taken a backseat to more pressing products.

Recently, Facebook executives have come to realize that healthcare might work as a tool to increase engagement with the site.

One catalyst: the unexpected success of Facebook’s “organ-donor status initiative,” introduced in 2012. The day that Facebook altered profile pages to allow members to specify their organ donor-status, 13,054 people registered to be organ donors online in the United States, a 21 fold increase over the daily average of 616 registrations, according to a June 2013 study published in the American Journal of Transplantation.

Separately, Facebook product teams noticed that people with chronic ailments such as diabetes would search the social networking site for advice, said one former Facebook insider. In addition, the proliferation of patient networks such as PatientsLikeMe demonstrate that people are increasingly comfortable sharing symptoms and treatment experiences online.

Chief executive Mark Zuckerberg may step up his personal involvement in health. Zuckerberg and his wife Priscilla Chan, a pediatric resident at University of California San Francisco, recently donated $5 million to the Ravenswood Health Center in East Palo Alto.

Any advertising built around the health initiatives would not be as targeted as it could be on television or other media. Pharmaceutical companies, for instance, are prohibited from using Facebook to promote the sale of prescription drugs, in part because of concerns surrounding disclosures.

Source

Sony Launches SDK For SmartEyeglass

Sony has rolled out an SDK (software development kit) for its SmartEyeglass head-mounted display, another step toward challenging Google Glass.

The glasses can connect to Android smartphones via Bluetooth and project green monochrome text or basic graphics across a field within the lenses.

Sony said it will begin sales of the eyewear to developers by March 31, the end of its fiscal year. They will be sold in Japan, the U.S. and some European countries.

The Developer Preview SDK includes an emulator, tutorials, sample code and design guidelines to make the most of the device’s hardware and sensors including an accelerometer, gyroscope and brightness sensor.

The glasses, which weigh 77 grams, are more than 85 percent transparent and include a camera that can shoot 3-megapixel images and VGA video.

Sony has emphasized that the glasses project images to a user’s natural line of sight, which differs from the Google Glass display set in a corner.

“Sony’s competitive edge lies in our achievement of a thin lens with high transparency thanks to our unique holographic light guide plate technology, which enables us to provide a bright field of vision,” a Sony spokeswoman wrote in an email.

“Furthermore, the screen size is large, and images and text are displayed from the front for both eyes (not only one eye) to facilitate easier viewing and prevent eye fatigue.”

The price for the glasses as well as availability of a consumer version are still to be decided, she added.

Bulky prototype versions of the glasses were shown at the IFA and CES electronics shows earlier this year.

Potential applications include displaying cooking instructions for chefs, running time for joggers and messages from friends.

Augmented reality-style functions are also possible, such as displaying information when a user looks at a certain bottle of wine, facial recognition or navigation information in an unfamiliar city.

Source

« Previous Page — Next Page »