Does The Cloud Need To Standardize?

Frank Baitman, the CIO of the U.S. Department of Health and Human Services (HHS), was at the Amazon Web Services conference  praising the company’s services. Baitman’s lecture was on the verge of becoming a long infomercial, when he stepped back and changed direction.

Baitman has reason to speak well of Amazon. As the big government system integrators slept, Amazon rushed in with its cloud model and began selling its services to federal agencies. HHS and Amazon worked together in a real sense.

The agency helped Amazon get an all-important security certification best known by its acronym, FedRAMP, while Amazon moved its health data to the cloud. It was the first large cloud vendor to get this security certification.

“[Amazon] gives us the scalability that we need for health data,” said Baitman.

But then he said that while it would “make things simpler and nicer” to work with Amazon, since they did the groundwork to get Amazon federal authorizations, “we also believe that there are different reasons to go with different vendors.”

Baitman said that HHS will be working with other vendors as it has with Amazon.

“We recognize different solutions are needed for different problems,” said Baitman. “Ultimately we would love to have a competitive environment that brings best value to the taxpayer and keeps vendors innovating.”

To accomplish this, HHS plans to implement a cloud broker model, an intermediary process that can help government entities identify the best cloud approach for a particular workload. That means being able to compare different price points, terms of service and service-level agreements.

To make comparisons possible, Baitman said the vendors will have to “standardize in those areas that we evaluate cloud on.”

The Amazon conference had about 2,500 registered to attend, and judging from the size of the crowd it certainly appeared to have that many at the Washington Convention Center. It was a leap in attendance. In 2012, attendance at Amazon’s government conference was about 900; in 2011, 300 attended; and in 2010, just 50, Teresa Carlson, vice president of worldwide public sector at Amazon, said in an interview.

Source

Are More Firms Moving To Tegra 4?

A curious rumor is coming out of Taiwan this morning. Nvidia is reportedly seeing more Tegra 4 orders, boosted by the Xiaomi Mi3 smartphone, Surface RT 2 and new tablets from Asus, Toshiba and HP. The source is Digitimes, or its moles in the “upstream supply chain” to be specific. Specific is not the word usually associated with such sources and we have no specific numbers to report.

However, while Nvidia is seeing a bit more interest for Tegra 4 it simply has no high-volume design wins and shipments will remain low until it is eventually phased out in favour of the Tegra 5. We wrote about Nvidia’s Tegra 4 volume woes last month, here.

The Tegra 4 still has just a handful of design wins and the fact that most of them are high-end tablets is not encouraging at all. Not much has changed since our previous report, although Nvidia did manage to land a single smartphone design win, albeit not a major one.

We still believe Tegra 4 shipments will be modest at best and new Android tablet design wins will not help much. Neither will the Shield and Tegra Note tablets.

Source

Cyber Attacks Increasing In Middle East

Syria’s civil war and political strife in Egypt have given birth to new battlegrounds on the Web and driven a surge in cyber attacks in the Middle East, according to a leading Internet security company.

More than half of incidents in the Gulf this year were so-called “hacktivist” attacks – which account for only a quarter of cybercrime globally – as politically motivated programmers sabotaged opposing groups or institutions, executives from Intel Corp’s software security division McAfee said on Tuesday.

“It’s mostly bringing down websites and defacing them with political messages – there has been a huge increase in cyber attacks in the Middle East,” Christiaan Beek, McAfee director for incident response forensics in Europe, Middle East and Africa (EMEA), told Reuters.

He attributed the attacks to the conflict in Syria, political turmoil in Egypt and the activities of hacking collective Anonymous.

“It’s difficult for people to protest in the street in the Middle East and so defacing websites and denial of service (DOS) attacks are a way to protest instead,” said Beek.

DOS attacks flood an organization’s website causing it to crash, but usually do little lasting damage.

The Syrian Electronic Army (SEA), a hacking group loyal to the government of President Bashar al-Assad, defaced an Internet recruiting site for the U.S. Marine Corps on Monday and recently targeted the New York Times website and Twitter, as well other websites within the Middle East.

Beek described SEA as similar to Anonymous.

“There’s a group leading operations, with a support group of other people that can help,” said Beek.

McAfee opened a centre in Dubai on Monday to deal with the rising threat of Internet sabotage in the region, the most serious of which are attacks to extract proprietary information from companies or governments or those that cause lasting damage to critical infrastructure.

Cyber attacks are mostly focused on Saudi Arabia, the world’s largest oil exporter, Qatar, the top liquefied natural gas supplier, and Dubai, which is the region’s financial, commercial and aviation hub, said Gert-Jan Schenk, McAfee president for EMEA.

“It’s where the wealth and critical infrastructure is concentrated,” he said.

The “Shamoon” virus last year targeted Saudi Aramco, the world’s largest oil company, damaging about 30,000 computers in what may have been the most destructive attack against the private sector.

“Ten years ago, it was all about trying to infect as many people as possible,” added Schenk. “Today we see more and more attacks being focused on very small groups of people. Sometimes malware is developed for a specific department in a specific company.”

Source

U.S. Cloud Vendors Hurt By NSA

Edward Snowden’s public unveiling of the National Security Agency’s Prism surveillance program could cause U.S. providers of cloud-based services to lose 10% to 20% of the foreign market — a slice of business valued at up to $35 billion.

A new report from the Information Technology & Innovation Foundation (ITIF) concludes that European cloud computing companies, in particular, might successfully exploit users’ fears about the secret data collection program to challenge U.S. leadership in the hosted services business.

Daniel Castro, author of the report, acknowledges that the conclusions are based, so far, on thin data, but nonetheless argues that the risks to U.S. cloud vendors are real.

Indeed, a month prior, the Cloud Security Alliance reported that in a survey of 207 officials of non-U.S. companies, 10% of the respondents said that they had canceled contracts with U.S. service providers after Snowden’s leak of NSA Prism documents earlier this year.

“If U.S. companies lose market share in the short term, it will have long-term implications on their competitive advantage in this new industry,” said Castro in the ITIF report. “Rival countries have noted this opportunity and will try to exploit it.”

To counter such efforts, the U.S. must challenge overstated claims about the program by foreign companies and governments, said Jason Weinstein, a partner in the Washington office of law firm Steptoe & Johnson and a former federal prosecutor and deputy assistant attorney general specializing in computer crime.

“There are a lot of reasons to be concerned about just how significant those consequences will be,” Weinstein said. “The effort by European governments and European cloud providers to cloud the truth about data protection in the U.S. was going on well before anyone knew who Edward Snowden was. It just picked up new momentum once the Prism disclosures came out.”

Weinstein contends that European countries have fewer data protection rules than the U.S.

For example, he said that in the U.K. and France, a wiretap to get content can be issued by a government official without court authority, but that can’t happen in the U.S.

“U.S. providers have done nothing other than comply with their legal obligations,” he said. But because of Snowden’s leaks, “they are facing potentially significant economic consequences.”

Gartner analyst Ed Anderson said his firm has yet to see any revenue impact on cloud providers since the Prism disclosures, but added, “I don’t think Prism does U.S. providers any favors, that’s for sure.”

Nonetheless, Anderson added, “I think the reality is [the controversy] is likely to die down over time, and we expect adoption to probably continue on the path that it has been on.”

One reason why U.S. providers may not suffer is because “the alternatives aren’t great if you are a European company looking for a cloud service,” he said.

Source

Hackers Dupe Apple

Apple’s security was once again made a laughing stock as a team of researchers demonstrated how it is possible to sneak apps past Apple’s test regime. A group of researchers presenting at Usenix were able to spreading malicious chunks of code through an apparently-innocuous app for activation later.

According to their paper the Georgia Tech team wanted to create code that could be rearranged after it had passed AppStore’s tests. The code would look innocuous running in the test environment, be approved and signed, and would later be turned into a malicious app.

They created an app that operated as a Georgia Tech “news” feed but had malicious code was distributed throughout the app as “code gadgets” that were idle until the app received the instruction to rearrange them. After the app passes the App Review and lands on the end user device, the attacker can remotely exploit the planted vulnerabilities and assemble the malicious logic at runtime by chaining the code gadgets together.

The instructions for reassembly of the app arrive through a phone-home after the app is installed.

The app will run inside the iOS sandbox, but can successfully perform many malicious tasks, such as stealthily posting tweets, taking photos, stealing device identity information, sending email and SMS, attacking other apps, and even exploiting kernel vulnerabilities.

Source

Will The Tegra Processor Pay Off?

Last year Nvidia’s Tegra gamble seemed to be paying off nicely, but the insanely competitive SoC market moves fast and all it takes for things to go badly wrong is one botched generation. The Tegra 4 was late to the party and Nvidia eventually ended up with a big and relatively powerful chip that nobody wanted.

In its latest earnings call Nvidia made it clear that revenues from Tegra are expected to decline $200 to $300 million this year from about $750 million last year. Even this seems like a relatively optimistic forecast. Tegra 3 ended up in quite a few high-volume products, such as the Nexus 7, HTC One X, LG Optimus X4 and a bunch of other phones and tablets. On paper, Tegra 4 will end up with a similar number of design wins, maybe even more, but nearly all of them are low-volume products.

At the moment there are only a handful of Tegra 4 products out there. These include HP’s Slatebook 10, Toshiba eXcite Pro and eXcite Write tablets and Nvidia’s own Shield console. Nvidia’s 7-inch Tegra Tab is also on the way, along with the Surface RT 2. Some Chinese vendors like ZTE are also expected to roll out a Tegra 4 phone here and there, but the chip won’t end up in any big brand phones.

Nvidia does not release any Tegra unit shipment info, so we can only guess how many Tegra 3 and Tegra 4 chips are out there, but it doesn’t take much to realise Tegra 4 is a flop. Shipments of the original Nexus 7, powered by the Tegra 3, are estimated just north of six million units. Surface RT shipments were abysmal. Earlier this year analysts put the figure at just 900,000 units after a full quarter of sales. Microsoft eventually took a massive write-down on its Surface RT stock. LG and HTC didn’t reveal any shipment figures for the Optimus 4X and HTC One X, either. HTC shipped about 40 million phones last year, while LG managed about 27 million. We can’t even begin to estimate how many of them were flagship products powered by Tegra, but the number was clearly in the millions.

This time around Nvidia can’t count on strong smartphone sales, let alone the Nexus 7 and Surface RT. Even if it scores high-end tablet design wins, the truth is that high-end Android tablets just aren’t selling well. Nvidia needed high-volume design wins and Android tablets just won’t do the trick. Qualcomm is in the new Nexus 7 and the HTC One. Back in May analysts reported that HTC One sales hit the 5 million mark in the first two months of sales, although shipments have slowed down since then. Millions of Snapdragons found a home in the HTC One and millions more will end up in the new Nexus 7.

Nvidia’s talk of a $200 to $300 million hit this year doesn’t exactly paint the full picture. Tegra 3 shipments in the first two quarters of 2013 were modest, but relatively good. However, nothing took its place and the true extent of the Tegra 4 flop will only become visible in the first quarter of 2014 and beyond. The big hope is that the Tegra 4i and Tegra 5 will start to come online by then, so the numbers for the full year won’t be as terrible, but it is abundantly clear that Nvidia cannot afford another Tegra 4.

As for Nvidia’s Tegra Tab and Shield, they might do well. Nvidia knows a thing or two about hardware, but even if they prove successful, they just won’t be enough, at least not in this cycle.

Source

Is nVidia Working On A Tablet?

According to a report over at Tabtech.de that managed to spot an unknown device in the result page of the GFXBench, Nvidia might be gearing up to release a phablet or tablet.

The device is listed as Nvidia Tegra Note Premium and scores just slightly lower than the Nvidia Shield in GFXBench. It feature Tegra 4 clocked at 1.8GHz and has a resolution of 1280×800 which probably points out to a tablet rather than phablet but everything is possible. It was running Android 4.2.2 Jelly Bean when it was tested.

At Computex 2013 back in June, Nvidia showcased a rather unique device that was used to demonstrate pressure-sensitive functions of a stylus and which might be the device that showed up in the GFXBench results. The 1280×800 resolution is not impressive and far off from what the competition currently has to offer, but then again Nvidia might want a cheaper tablet or phablet on the market.

In any case we will surely keep an eye out for Nvidia’s Tegra Note Premium, whatever it turns out to be.

Source

PayPal Extend Bug Bounty

PayPal is expanding its bug bounty program to individuals aged 14 and older, a move intended to reward younger researchers who are technically ineligible to hold full-fledged PayPal accounts.

PayPal’s program, which is a year old this month, only applied to those 18 years and older. Under the old rule, participants in the program were required to hold valid accounts, which excluded minors, said Gus Anagnos, PayPal’s director of information security.

In May, 17-year-old Robert Kugler, a student in Germany, said he’d been denied a reward for finding a vulnerability. PayPal said the bug had already been found by two other researchers, which would have made Kugler ineligible for bounty.

In an apparent miscommunication, Kugler said he was initially told he was too young rather than the bug had already been discovered. Nonetheless, PayPal said it would look to bring younger people into its program, which pays upwards of $10,000 for remote code execution bugs on its websites.

Those who are under 18 years old can receive a bug bounty payment through a PayPal student account, an arrangement where a minor can receive payments via their parent’s account, Anagnos said.

Anagnos said other terms and conditions have been modified to make its program more transparent, such as clarifying which PayPal subsidiaries and partner sites qualify for the program.

PayPal pays much less for vulnerabilities on partner websites, which have a URL form of “www.paypal-__.com.” A remote execution bug found on that kind of site garners only $1,500 rather than up to $10,000 on the company’s main sites.

Like other bug bounty programs run by companies such as Microsoft and Google, PayPal will publicly recognize researchers on its website with a “Wall of Fame” for the top 10 researchers in a quarter. Another “honorable mention” page lists anyone who submitted a valid bug for the quarter.

Eusebiu Blindu, a testing consultant from Romania, was one of the researchers listed on the Wall of Fame for the first quarter of this year.

“I think Paypal is the best bug bounty program, and I am glad I participated in it from the first days of its launching,” he wrote on his blog.

Source

DDoS Attacks Rising

One in five UK businesses experienced a DDoS attack last year according to a new survey.

Analytics firm Neustar said that while the percentage is significantly lower than that experienced by their US equivalents it is still fairly high. More than 22 percent of the 381 organisations participating in the annual trends study reported DDoS attacks, compared to 35 percent experiencing the same in a separate study carried out among US firms in 2012.

Neustar set out to measure revenue ‘risk per hour’ which is a measure of what it might cost a business in a particular sector to experience DdoS downtime. They found that the majority of organisations reckoned this at less than $1,500 per hour.

Most of the rest put it somewhere between $1,500 and $15,000 although one in four financial services firms put the number at $250,000 per hour. This cost included brand damage and unexpected customer service calls.

Source

WiLan Loses In Court

Wi-Lan has suffered defeat in its patents trial against Alcatel Lucent, Ericsson, HTC and Sony, as a Texas court decided that the firms did not infringe its patents.

Wi-Lan filed a lawsuit against Alcatel Lucent, Ericsson, HTC and Sony in 2010 claiming the firms infringed patents that relate to data transmission over wireless networks. However a Texas court ruled that the four firms did not infringe Wi-Lan’s patents and found one patent Wi-Lan asserted against HTC and two it asserted against Alcatel Lucent invalid.

Wi-Lan had asserted that Alcatel Lucent and Ericsson infringed three patents, none of which claims were upheld by the court. The firm also asserted that HTC and Sony infringed another patent, and there the court not only judged against infringement but invalidated the patent.

Alcatel Lucent and HTC both said that Wi-Lan was trying to stretch its patents to cover technology in their devices.

Sally Julien, a spokeswoman for HTC said, “HTC believes that Wi-Lan has exaggerated the scope of its patent in order to extract unwarranted licensing royalties from entities who have been focused on bringing innovation forward in their own products.”

Kurt Steinert, an Alcatel Lucent spokesman said, “We think this validates our belief that Wi-Lan was stretching the boundaries of its patents, and the jury confirmed that belief.”

Wi-Lan has managed to get several companies to license its technology including Dell and Panasonic, and in May it initiated legal proceedings against Blackberry over a patent relating to Long Term Evolution network technology. However in this case the firm did not prevail against two large telecom equipment companies and two big smartphone makers.

Source

« Previous Page — Next Page »