Microsoft Drops The Surface

Microsoft has dropped the prices on its Surface RT tablets by as much as 30%, with the entry-level 32GB model selling for $349.

The 64GB Surface RT was also discounted by $150, and now sells for $449, or 25% off its former price.

When Microsoft launched the tablet, it sold the 32GB device for $499 and the 64GB configuration for $599.

Microsoft started selling the Surface RT at the lower prices Sunday, as did some of its U.S. retail partners, including Best Buy and Staples. On its website, Staples noted that the discounted prices are valid until July 20, and only while supplies last.

Microsoft’s website, however, listed no caveats, hinting that the lower prices might be permanent or at least will be honored for longer than one week.

The prices are another attempt by Microsoft to clear its existing inventory in preparation for a second-generation line of Windows RT devices. Previously, Microsoft had launched multiple deals to rid itself of the poor-selling tablet, most recently in June when it slashed prices by 60% in a bid to get universities and K-12 schools to buy the device.

Earlier, it kicked off a buy-a-Surface-RT-get-a-free-cover deal that ran until June 30. And at several conferences, including June’s TechEd North America and this month’s Microsoft Partner Conference, the company sold attendees a 64GB Surface RT for $100, 83% off list price.

Today’s sale prices were nearly Microsoft’s cost, which according to estimates of the tablet’s component prices, runs the company at least $284 for the 32GB Surface RT.

Microsoft has not abandoned Windows RT, the pared-down operating system that powers the Surface RT, but virtually every third-party OEM has either pointedly ignored the OS or publicly announced that they would not support it with devices of their own. Instead, the OEMs have flocked to Windows 8 Pro, even though some analysts question the value of touch devices on a platform whose biggest selling point is legacy software that doesn’t support touch.

Microsoft has not revealed sales figures for the Surface line — which also includes the Surface Pro, powered by Windows 8 Pro — but estimates by research firms like IDC have been lackluster.

Source

BlackBerry’s Secure Goes To iOS

BlackBerry continues to expand its support for Android and iOS with Secure Work Space, which separates work and personal apps and data, as the device maker tries to hold on to enterprise users by becoming more platform neutral.

Remaining relevant in a world where more than 9 out of 10 smartphones shipped are based on either Google’s Android or Apple’s iOS isn’t easy for BlackBerry. But the company still has fans in enterprise IT departments and hopes to remain an option for users by continuing to embrace the two dominant platforms. The company can already manage devices based on Android and iOS, and support for BlackBerry Messenger is on the way.

BlackBerry announced Secure Work Space in March and has now made good on a promise to ship it before June 30. The software is an add-on to BlackBerry Enterprise Service (BES) 10, and it adds a managed container to protect corporate data and applications running on Android and iOS devices.

Users get integrated email, calendar and contacts, as well as secure browser access to intranets and document editing capabilities. Data is protected both when stored on the device and when transferred to and from enterprise servers, according to BlackBerry.

“The concept is right and very similar to what AT&T offers with Toggle. Creating two different “personas” on mobile devices is becoming a best practice for enterprises. Buying it from BlackBerry is probably most relevant for enterprises that have a major commitment to BlackBerry 10 and BES 10,” said Leif-Olof Wallin, research vice president at Gartner.

On BlackBerry 10 smartphones, BlackBerry has tightly integrated a personal and a work environment with the Balance feature.

BlackBerry is far from the only vendor that has adopted this concept. One competitor is Good Technology, which on Tuesday announced a whole host of new applications compatible with its Dynamics Security Mobility platform, which includes support for both app wrapping and encrypted app containers. The list of newcomers includes Mobility for SAP and remote access app Splashtop.

But for those interested in Secure Work Space, which is based on software from OpenPeak, the BES 10 server software is free to download. Annual client access licenses for Secure Work Space are $99 per year and device. For enterprises that want to get their feet wet, the platform is also available as a 60-day free trial bundle that includes device management for BlackBerry 10, iOS and Android devices, as well as Secure Work Space licenses for 50 users.

Source

Are CCTV Cameras Hackable?

When the nosy British bought CCTV cameras, worried citizens were told that they could not be hacked.

Now a US security expert says he has identified ways to remotely attack high-end surveillance cameras used by industrial plants, prisons, banks and the military. Craig Heffner, said he discovered the previously unreported bugs in digital video surveillance equipment from firms including Cisco, D-Link and TRENDnet.

They could use it as a pivot point, an initial foothold, to get into the network and start attacking internal systems. Heffner said that it was a significant threat as somebody could potentially access a camera and view it. Or they could also use it as a pivot point, an initial foothold, to get into the network and start attacking internal systems.

He will show how to exploit these bugs at the Black Hat hacking conference, which starts on July 31 in Las Vegas. Heffner said he has discovered hundreds of thousands of surveillance cameras that can be accessed via the public internet.

Source

Office 365 Goes Yammer

Microsoft has taken the first step in its integration roadmap for SharePoint and Yammer, allowing Office 365 customers to swap SharePoint Online’s activity stream with Yammer’s.

This first, modest integration point will let SharePoint Online users click on the Yammer link and launch a separate browser window where they’re asked to sign in.

Later this year, Microsoft will deepen the integration with a single sign-on and the addition of Yammer to the main Office 365 interface, which will begin to merge the two products’ user experience.

Next month, Microsoft will release a Yammer application for SharePoint that will let users embed a Yammer group feed into a SharePoint site. The application will work both with SharePoint Online and with the on-premises version of the server SharePoint 2013.

Also in July, Microsoft will provide instructions for replacing the SharePoint 2013 newsfeed with Yammer’s.

For now, the first integration step in optional, but Microsoft is strongly suggesting that Office 365 customers make the activity stream switch to Yammer.

“Our recommendation is to use Yammer, since it’s our big bet for enterprise social, and we’re committed to making it the underlying social layer for all our products,” wrote Christophe Fiessinger, a Microsoft Office Division product marketing manager, in a blog post.

Customers should also accompany the technical change with an outreach effort to promote the benefits of using the enterprise social networking features of Yammer, according to Fiessinger.

“To drive adoption and really get the value out of Yammer, you need a strategy, advocates, and openness to the way it will transform the way people in your organization work and communicate,” he wrote.

Microsoft bought Yammer for $1.2 billion in mid-2012 in order to boost the development and availability of enterprise social collaboration features in SharePoint and in other Office and Microsoft business software like the Dynamics applications.

Microsoft makes a convincing case for the benefits of integrating Yammer with SharePoint and its other software to provide a common social collaboration layer, but the process is clearly complicated and will take years.

Source

HP Aims To Boot ‘Useless’ Data

Hewlett-Packard wants to help organizations rid themselves of useless data, all the information that is no longer necessary, yet still occupies expensive space on storage servers.

The company’s Autonomy unit has released a new module, called Autonomy Legacy Data Cleanup, that can delete data automatically based on the material’s age and other factors, according to Joe Garber, who is the Autonomy vice president of information governance.

Hewlett-Packard announced the new software, along with a number of other updates and new services, at its HP Discover conference, being held this week in Las Vegas.

For this year’s conference, HP will focus on “products, strategies and solutions that allow our customers to take command of their data that has value, and monetize that information,” said Saar Gillai, HP’s senior vice president and general manager for the converged cloud.

The company is pitching Autonomy Legacy Data Cleanup for eliminating no-longer-relevant data in old SharePoint sites and in e-mail repositories. The software requires the new version of Autonomy’s policy engine, ControlPoint 4.0.

HP Autonomy Legacy Data Cleanup evaluates whether to delete a file based on several factors, Garber said. One factor is the age of the material. If an organization has an information governance policy of only keeping data for seven years, for example, the software will delete any data older than seven years. It will root out and delete duplicate data. Some data is not worth saving, such as system files. Those can be deleted as well. It can also consider how much the data is being accessed by employees: Less consulted data is more suitable for deletion.

Administrators can set other controls as well. If used in conjunction with the indexing and categorization capabilities in Autonomy’s Idol data analysis platform, the new software can eliminate clusters of data on a specific topic. “You apply policies to broad swaths of data based on some conceptual analysis you are able to do on the back end,” Garber said.

Source

McAffee See Sure In Spam

The first three months of 2013 have seen a surge in spam volume, as well as a growing number of samples of the Koobface social networking worm and master boot record (MBR) infecting malware, according to antivirus vendor McAfee.

After remaining relatively stable throughout 2012, spam levels rose during the first quarter of 2013, reaching the highest volume seen in the past two years, McAfee said in a report released Monday.

The amount of spam originating from some countries rose dramatically, McAfee said. Spam from Belarus increased by 540% while spam originating in Kazakhstan grew 150%.

Cutwail, also known as Pushdo, was the most prevalent spam-sending botnet during the first quarter, McAfee said.

The increased Pushdo activity has recently been observed by other security companies as well. Last month, researchers from security firm Damballa found a new variant of the Pushdo malware that’s more resilient to coordinated takedown efforts.

On the malware front, McAfee has also seen a surge in the number of Koobface samples, which reached previously unseen levels during the first quarter of 2013. First discovered in 2008, Koobface is a worm that spreads via social networking sites, especially through Facebook, by hijacking user accounts.

The number of malware samples designed to infect a computer’s master boot record (MBR) also reached a record high during the first three months of 2013, after increasing during the last quarter of 2012 as well, McAfee said.

The MBR is a special section on a hard disk drive that contains information about its partitions and is used during the system startup operation. “Compromising the MBR offers an attacker a wide variety of control, persistence, and deep penetration,” the McAfee researchers said in the report.

The MBR attacks seen during the first quarter involved malware like StealthMBR, also known as Mebroot; Tidserv, also known as Alureon, TDSS and TDL; Cidox and Shamoon, they said.

Source

Twitter’s Authentication Has Vulnerabilities

Twitter’s SMS-based, two-factor authentication feature could be abused to lock users who have not enabled it for their accounts if attackers gain access to their log-in credentials, according to researchers from Finnish antivirus vendor F-Secure.

Twitter introduced two-factor authentication last week as an optional security feature in order to make it harder for attackers to hijack users’ accounts even if they manage to steal their usernames and passwords. If enabled, the feature introduces a second authentication factor in the form of secret codes sent via SMS.

According to Sean Sullivan, a security advisor at F-Secure, attackers could actually abuse this feature in order to prolong their unauthorized access to those accounts that don’t have two-factor authentication enabled. The researcher first described the issue Friday in a blog post.

An attacker who steals someone’s log-in credentials, via phishing or some other method, could associate a prepaid phone number with that person’s account and then turn on two-factor authentication, Sullivan said Monday. If that happens, the real owner won’t be able to recover the account by simply performing a password reset, and will have to contact Twitter support, he said.

This is possible because Twitter doesn’t use any additional method to verify that whoever has access to an account via Twitter’s website is also authorized to enable two-factor authentication.

When the two-factor authentication option called “Account Security” is first enabled on the account settings page, the site asks users if they successfully received a test message sent to their phone. Users can simply click “yes,” even if they didn’t receive the message, Sullivan said.

Instead, Twitter should send a confirmation link to the email address associated with the account for the account owner to click in order to confirm that two-factor authentication should be enabled, Sullivan said.

As it is, the researcher is concerned that this feature could be abused by determined attackers like the Syrian Electronic Army, a hacker group that recently hijacked the Twitter accounts of several news organizations, in order to prolong their unauthorized access to compromised accounts.

Some security researchers already expressed their belief that Twitter’s two-factor authentication feature in its current implementation is impractical for news organizations and companies with geographically dispersed social media teams, where different employees have access to the same Twitter account and cannot share a single phone number for authentication.

Twitter did not immediately respond to a request for comment regarding the issue described by Sullivan.

Source

Is Yahoo Really Back?

Yahoo has once again made the list as one of the world’s 100 most valuable brands.

The Internet company nabbed the 92nd spot in the annual list of global companies from multiple industries including technology, retail and service, released Tuesday by BrandZ, a brand equity database. The ranking gave Yahoo a “brand value” of US$9.83 billion, which is based on the opinions of current and potential users as well as actual financial data.

Apple occupied the number-one position on the list, with a brand value of $185 billion. Google was number two, with a value of roughly $114 billion.

The BrandZ ranking, commissioned by the advertising and marketing services group WPP, incorporates interviews with more than 2 million consumers globally about thousands of brands along with financial performance analysis to compile the list. Yahoo last appeared on the list in 2009 at number 81.

Yahoo’s inclusion on the 2013 list comes as the Internet company works to reinvent itself and win back users. Previously a formidable player in Silicon Valley, the company has struggled in recent years to compete against the likes of Google, Facebook and Twitter.

Improving its product offerings on mobile has been a focus. New mobile apps for email and weather have been unveiled, along with a new version of the main Yahoo app, featuring news summaries generated with technology the company acquired when it bought Summly.

Most notably, Monday the company announced it is acquiring the blogging site Tumblr for $1.1 billion in cash. Big changes to its Flickr photo sharing service were also announced.

Yahoo’s rebuilding efforts have picked up steam only during the last several months, but the 2013 BrandZ study was completed by March 1.

However, last July’s appointment of Marissa Mayer as CEO likely played a significant role in the company’s inclusion in the ranking, said Altimeter analyst Charlene Li. “Consumer perception has gone up since then,” she said.

“Yahoo’s leadership has a strong sense of what they want to do with the brand,” she added.

Yahoo’s 2012 total revenue was flat at $4.99 billion. However, after subtracting advertising fees and commissions paid to partners, net revenue was up 2 percent year-on-year.

Source

Adobe Reader Security Issue Found

McAfee has discovered a vulnerability in Adobe’s Reader program that allows people to track the usage of a PDF file.

“Recently, we detected some unusual PDF samples,” McAfee’s Haifei Li said in a blog post. “After some investigation, we successfully identified that the samples are exploiting an unpatched security issue in every version of Adobe Reader.”

The affected versions of Adobe Reader also include the latest “sandboxed” Reader XI (11.0.2).

McAfee said that the issue is not a “serious problem” because it doesn’t enable code execution, however it does permit the sender to see when and where a PDF file has been opened.

This vulnerability could only be dangerous if hackers exploited it to collect sensitive information such as IP address, internet service provider (ISP), or even the victim’s computing routine to eventually launch an advanced persistent threat (APT).

McAfee said that it is unsure who is exploiting this issue or why, but have found the PDFs to be delivered by an “email tracking service” provider.

The vulnerability works when a specific PDF JavaScript API is called with the first parameter having a UNC-located resource.

“Adobe Reader will access that UNC resource. However, this action is normally blocked and creates a warning dialog,” Li said. “The danger is that if the second parameter is provided with a special value, it changes the API’s behavior. In this situation, if the UNC resource exists, we see the warning dialog.

“However, if the UNC resource does not exist, the warning dialog will not appear even though the TCP traffic has already gone.”

McAfee said that it has reported the issue to Adobe and is waiting for their confirmation and a future patch. Adobe wasn’t immediately available for comment at the time of writing.

“In addition, our analysis suggests that more information could be collected by calling various PDF Javascript APIs. For example, the document’s location on the system could be obtained by calling the Javascript “this.path” value,” Li added.

Source

Will Zynga Survive?

Nobody expected Zynga’s results for this quarter to be great, so nobody was exactly surprised when the company announced a decline in almost every number that matters. It turned a small profit, but that’s a bright spot in an otherwise deeply unimpressive set of results. The really important figures – the number of people playing and, crucially, the number of people paying – are all down. Zynga’s business may not be hemorrhaging money, but it’s losing audience, and in a business so heavily focused on scale, that’s a really bad thing.

The company likes to present itself as being on the cusp of a turnaround, or perhaps already embarked upon a slow but steady turn. If so, it’s the oddest turnaround imaginable. The firm’s MAUs – Monthly Active Users – dropped from 292 million to 253 million year on year, so nearly 40 million people have simply stopped logging in to a Zynga game even once a month. Worse still, though, is the disproportionate fall in the number of Monthly Unique Payers – those who make at least one transaction during a month-long period. This number fell from 3.5 million to 2.5 million, a precipitous year-on-year drop of almost 30%.

It bears emphasising just how bad that actually is. For a social gaming business, MUPs are the real customers. There is huge value to having a large audience (MAUs), of course, and companies need to be very careful about not trying to force players into becoming paying customers before they’re good and ready – but ultimately, non-paying users are like footfall in a store. They’re not customers, in a strict business sense. Zynga’s not-quite-so-bad loss of 13% of its players (MAUs) is a side-show compared to the fact that it’s lost 30% of its paying customers (MUPs). Imagine, by comparison, a shop loudly announcing that the number of people walking past its window had fallen 13%, distracting from the fact that the number who came in and bought something had fallen 30%.

Of course, the two figures are related, and the disproportionately large drop in MUPs figures into that relationship to some degree. The process of encouraging players of a social game to spend money is focused around a number of principles, but the key temptation lies in buying items or currency that will give you the ability to match or overtake your friends’ progress, or to create a fantastic character, farm, castle or whatever which will “impress” the many friends who are also playing the same game.

For that psychology to work, of course, you actually need to have lots of friends playing the game. Most social games, as the name suggests, don’t work terribly well if you don’t have friends active in the game. “Active” is a key aspect here too – if you see that your friends are losing interest, logging in less often or spending less time tending to their farm, castle, town or whatever, then you also tend to lose interest rapidly. Hence, a game that gives the impression of being “in decline” – with players losing interest in some visible manner – will likely experience a precipitous decline in revenue, because even though lots of people are still playing, the sense of decline removes the key psychological drive to spend money on the game. (It doesn’t help, of course, that social game operators have established a pattern of shutting down unsuccessful games rapidly, which creates a feedback loop in which players are unwilling to spend money on a game they think might be in commercial trouble.)

The psychology of what Zynga is experiencing is clear enough, then, but the figures on the bottom line are still pretty dreadful. Whatever the reasons or the mechanism, the company is losing paying customers, and that kind of damage is extremely hard to recover from.

A stark contrast to Zynga’s woes can be found on the other side of the Pacific, where mobile developer GungHo this week topped a $9 billion valuation on the Osaka Stock Exchange, making it into a larger mobile gaming company than even fellow Japanese giants GREE and DeNA. GungHo’s valuation is ridiculous, a bubble that will inevitably pop in relatively short order, but there’s a genuine success driving the excitement – a single game, Puzzle and Dragons, which is the most successful mobile game in Japan (and is launching in other territories as well). Puzzle and Dragons reportedly makes about $2 million a day; it certainly makes enough to justify prime-time adverts in evening slots on Japanese TV.

GungHo is an extreme example of a phenomenon which is completely unavoidable in the social and casual game sphere. Mobile utterly dominates this sphere. Facebook, it turns out, was a flash in the pan in gaming terms. Smartphones, and to some extent tablets (though they’re arguably more “midcore”), are the social gaming platforms of today. Zynga, for all its cash (the company still has plenty of liquid assets), its clout and its former dominance, still hasn’t made a successful transition to being a mobile-first company. Clinging to the wreckage of the Facebook social gaming model which it so successful exploited (in doing so, perhaps hastening the downfall), Zynga is being overtaken time and again by smaller companies who have mobile gaming in their DNA from the outset. With this week’s results came a fresh claim that the company will be focusing more heavily on mobile, but a good, nimble firm would have accomplished that focus shift 12 months ago, at least. Zynga right now feels like it’s plodding along in everyone else’s wake.

The other great white hope for the company, of course, is gambling. It has cautiously launched gambling services – what it calls “real money gaming” – in the UK, and wants to expand into other territories. Plenty of pundits like to tap their noses sagely and suggest that Zynga will become a gambling giant down the line – although in doing so, they’re just following in the well-worn footsteps of a large number of video games industry pundits, executives and even developers who have regarded the gambling industry with something like the avaricious wonder of wannabe prospectors hearing about a new gold rush.

I don’t see any gold rush for Zynga in “real money gaming”. Investors and executives consistently overstate the allure and possibilities of this kind of gaming, because by dint of being investors and executives, they tend to be exactly the sort of person who is very attracted to gambling risks (you wouldn’t have an investment, or a career, anywhere within spitting distance of tech stocks otherwise). Moreover, by moving into the online gambling arena, Zynga is entering a market that’s already incredibly crowded with companies who are deeply, deeply expert in this field – not just in the customer-facing psychology of the casino, but also in the legal and regulatory minefield of operating a gambling enterprise online. Many major markets simply aren’t open to this kind of business; most others require you to jump through all manner of hoops simply in order to set up shop. The notion of Zynga having an open goal in “real money gaming” is born either from complete naivety or utter desperation – it could make money in the gambling business, but it has its work cut out for it.

It’s worth highlighting, all the same, that Zynga did make a small profit this quarter – it may only be one bright spot, but it’s bright all the same. The company’s scale still also arguably works in its favour, allowing it to buy talent and IP that smaller firms could never afford. Yet after several grim quarters, it’s also worth highlighting that talk of a “turnaround” is optimistic at best. Something about Zynga – its culture, its leadership or a combination of both – is blocking this company from moving in the agile, intelligent way a firm in its position desperately needs. Inventing fairy stories about the magical potential of gambling games or constantly reassuring the world that a pivot to mobile is definitely happening any day now won’t cover up the cracks for much longer. If Zynga wants the world to buy the “turnaround” story, it needs to start showing evidence; if not, it needs to start making big changes, starting right at the top.

Source

« Previous Page — Next Page »