The Anthem data breach may have exposed 78.8 million records, according to deeper analysis provided in an estimate by the health insurance company, but Anthem is still investigating exactly how many records hackers captured from a database.
Hackers accessed a database at Anthem that contained customer and employee records with names, birth dates, Social Security numbers, addresses, phone numbers, email addresses and member IDs, the health insurance company said on Feb. 4. Some records included employment information and income levels, but no financial information was compromised, it said.
It marked one of the largest data breaches to affect the health care industry, adding to a string of recent attacks that have shaken large companies, including retailers Home Depot, Target and Michaels.
Anthem, formerly known as Wellpoint, runs health-care plans under the Blue Cross Blue Shield, Empire Blue Cross, Amerigroup, Caremore, Unicare, Healthlink, DeCare, HealthKeepers and Golden West brands.
Between 60 million and 70 million of the 78.8 million records belong to current or former Anthem members, the company said in a statement.
The remainder — between 8.8 million and 18.8 million — belong to non-Anthem members who used their insurance in a state where Anthem has operated over the last decade.
Anthem is still trying to identify those people who may have been affected. Part of the problem is that Anthem has found 14 million incomplete records that can’t be linked to a product or line of business. Those records lack data fields that could be used to identify members, though they probably are not active Anthem members.
No information has been formally released on who may have compromised the database. Security firm CrowdStrike, which is not involved in the investigation, said the attackers used infrastructure linked to a suspected China-based state-sponsored group known as Deep Panda.
It would appear that the world is rushing to Nvidia to buy its latest GPU at the expense of AMD.
According to the data, NVIDIA and AMD each took dramatic swings from Q4 of 2013 to Q4 of 2014 with Nvidia increasing its market share over AMD by 20 per cent and AMD’s market share has dropped from 35 per cent at the end of 2013 to just 24 per cent at the end of 2014.
Meanwhile, Nvidia has gonr from 64.9 per cent at the end of 2013 to 76 per cent at the end of 2014.
The report JPR’s AIB Report looks at computer add-in graphics boards, which carry discrete graphics for desktop PCs, workstations, servers, and other devices such as scientific instruments.
In all cases, AIBs represent the higher end of the graphics industry using discrete chips and private high-speed memory, as compared to the integrated GPUs in CPUs that share slower system memory.
On a year-to-year basis, total AIB shipments during the quarter fell by 17.52 per cent , which is more than desktop PCs, which fell by 0.72 percent .
However, in spite of the overall decline, somewhat due to tablets and embedded graphics, the PC gaming momentum continues to build and is the bright spot in the AIB market.
The overall PC desktop market increased quarter-to-quarter including double-attach-the adding of a second (or third) AIB to a system with integrated processor graphics-and to a lesser extent, dual AIBs in performance desktop machines using either AMD’s Crossfire or Nvidia’s SLI technology.
The attach rate of AIBs to desktop PCs declined from a high of 63 per cent in Q1 2008 to 36 per cent this quarter.
So in other words It is also clear that the Radeon R9 285 release didn’t have the impact AMD had hoped and NVIDIA’s Maxwell GPUs, the GeForce GTX 750 Ti, GTX 970 and GTX 980 have impacted the market even more than expected.
This is ironic because the GTX 970 has been getting a lot of negative press with the memory issue and AMD makes some good gear, has better pricing and a team of PR and marketing folks that are talented and aggressive.
Lenovo and adware maker Superfish were subjected to more legal action as two new lawsuits were filed in California federal courts taking the firms to task for putting consumers at risk of hacker spying and information theft.
The two complaints — the second and third since the China-based computer OEM (original equipment manufacturer) admitted it had pre-loaded adware on its consumer PCs in the second half of 2014 — named both Lenovo and Superfish, and each lawsuit requested class-action status so that others could join the case.
Last week’s first lawsuit covered much of the same ground as the two lodged Monday.
David Hunter of North Carolina, the plaintiff in one of the lawsuits, alleged that Lenovo and Superfish violated the U.S. Electronic Communications Privacy Act and other laws, and asked that the court force the firms to surrender any revenue generated by the sale of consumers’ browsing data and monies earned from the advertising produced by the adware.
Hunter said he bought a Lenovo Y50 laptop — one of dozens of models Lenovo said it had pre-installed Superfish on from September through December 2014 — via the OEM’s website in October.
In the second complaint, filed by Sterling International Consulting Group (SICG) of Statesville, NC, Lenovo and Superfish were charged with breaking the U.S. Wiretapping Act, state and federal anti-fraud regulations and other laws.
Of the two new complaints, Hunter’s was the more interesting as it relied not only on press reports about Superfish’s vulnerability and Lenovo’s actions both before and after last week’s explosion of information, but also dug a bit deeper and offered insights into the adware’s operation.
Lenovo today declined to respond to the new lawsuits, with its head of corporate communications, Brion Tingler, saying, “We do not comment on pending legal matters,” in an email.
Superfish also declined comment on the lawsuits’ specifics, like Lenovo citing the pending litigation. But in a statement, company CEO Adi Pinhas said, “Superfish takes these matters seriously and is reviewing the allegations in the complaints.”
Nearly half of all security breaches come from vulnerabilities that are between two and four years old, according to this year’s HP Cyber Risk Report entitled The Past Is Prologue.
The annual report found that the most prevalent problems came as a result of server misconfiguration, and that the primary causes of commonly exploited software vulnerabilities are defects, bugs and logic flaws.
But perhaps most disturbing of all was the news that Internet of Things (IoT) devices and mobile malware have introduced a significant extra security risk.
The entire top 10 vulnerabilities exposed in 2014 came from code written years, and in some cases decades, previously.
The news comes in the same week that HP took a swipe at rival Lenovo for knowingly putting Superfish adware into its machines.
“Many of the biggest security risks are issues we’ve known about for decades, leaving organisations unnecessarily exposed,” said Art Gilliland, senior vice president and general manager for enterprise security products at HP.
“We can’t lose sight of defending against these known vulnerabilities by entrusting security to the next silver bullet technology. Rather, organisations must employ fundamental security tactics to address known vulnerabilities and, in turn, eliminate significant amounts of risk.”
The main recommendations of report are that network administrators should employ a comprehensive and timely patching strategy, perform regular penetration testing and variation of configurations, keep equipment up to date to mitigate risk, share collaboration and threat intelligence, and use complementary protection strategies.
The threat to security from the IoT is already well documented by HP, which released a study last summer revealing that 90 percent of IoT devices take at least one item of personal data and 60 percent are vulnerable to common security breaches.
The ARM mbed IoT Starter Kit — Ethernet Edition will allow users to make cloud-ready Internet of Things products that could receive or transmit data for analysis or alerts. The development kit will come with ARM’s mbed OS and connect into IBM’s BlueMix cloud, which will help in the development of applications and services.
The kit is for those with little to no experience in embedded or Web development. Prototype designs will guide enthusiasts through the process of making a device and connecting to IBM’s BlueMix cloud service.
The starter kit will get data from “the on board sensors into the IBM cloud within minutes of opening the box,” said the product page on ARM’s website.
ARM and IBM hope to cash in on the mass adoption of IOT, which has led to a mesh of interconnected devices used in smart homes, smart city implementations and enterprises. The devices, which could range from weather sensors to health devices, already number 1.2 billion, and could touch 5.4 billion by 2020, according to a recent study by Verizon.
The IOT market is currently fragmented with a wide variety of hardware, operating systems and communication standards in use. Through the developer kit, ARM and IBM want to bring a level of consistency in hardware and software across IOT devices. Beyond making it easier for devices to talk one another, the developer kit could make it easier to push or pull data out of a larger number of cloud services.
ARM didn’t provide details on the pricing or availability of the starter kit. The first devices resulting from the development kit are expected to be released later this year.
The new alert pops up in Chrome when a user aims the browser at a suspect site but before the domain is displayed. “The site ahead contains harmful programs,” the warning states.
Google emphasized tricksters that “harm your browsing experience,” and cited those that silently change the home page or drop unwanted ads onto pages in the warning’s text.
The company has long focused on those categories, and for obvious, if unstated, reasons. It would prefer that people — much less, shifty software — not alter the Chrome home page, which features the Google search engine, the Mountain View, Calif. firm’s primary revenue generator. Likewise, the last thing Google wants is to have adware, especially the most irritating, turn off everyone to all online advertising.
The new alert is only the latest in a line of warnings and more draconian moves Google has made since mid-2011, when the browser began blocking malware downloads. Google has gradually enhanced Chrome’s alert feature by expanding the download warnings to detect a wider range of malicious or deceitful programs, and using more assertive language in the alerts.
In January 2014, for example, Chrome 32 added threats that posed as legitimate software and tweaked with the browser’s settings to the unwanted list.
The browser’s malware blocking and suspect site warnings come from Google’s Safe Browsing API (application programming interface) and service; Apple’s Safari and Mozilla’s Firefox also access parts of the API to warn their users of potentially dangerous websites.
Chrome 40, the browser’s current most-polished version, can be downloaded for Windows, OS X and Linux from Google’s website.
ARM has joined forces with IBM to launch its Internet of Things (IoT) mbed Device Platform as a starter kit with cloud support, offering developer tools with cloud-based analytics.
ARM’s mbed tool was announced last year and is primarily an operating system built around open standards to “bring internet protocols, security and standards-based manageability into one integrated tool” and make IoT deployment faster and easier and thus speed up the creation of IoT-powered devices.
ARM has launched the mbed IoT Starter Kit – Ethernet Edition today to coincide with the opening of Embedded World in Nuremberg. Partnering with IBM means that ARM’s mbed tool can channel data from internet-connected devices directly into IBM’s Bluemix cloud platform.
The IoT Starter Kit consists of an ARM mbed-enabled development board from Freescale, powered by an ARM Cortex-M4 based processor, together with a sensor IO application shield.
It also support standards such as Bluetooth Smart, 2G, 3G, LTE and CDMA cellular technologies, Thread, WiFi, and 802.15.4/6LoWPAN along with TLS/DTLS, CoAP, HTTP, MQTT and Lightweight M2M.
The mbed OS also features the mbed Device Server, a licensed software product that provides the server-side technologies to connect and manage devices in a more secure way. It also provides a bridge between the protocols designed for use on IoT devices and the APIs used by web developers.
“The combination of a secure sensor environment by ARM with cloud-based analytics, mobile and application resources from IBM will allow fast prototyping of new smart products and unique value-added services,” explained ARM.
Krisztian Flautner, general manager for IoT business at ARM, said that securely embedding connectivity into devices from the start will allow for cloud-connected products that are far more capable than we see today.
“Smart cities, businesses and homes capable of sharing rich information about their surroundings will be critical in unlocking the potential of IoT,” he said.
“The ARM IoT Starter Kit will accelerate the availability of connected devices by making product and service prototyping faster and easier.”
The first products developed using the kit are expected to enter the market later this year.
Future versions of the kit will run the new ARM mbed OS and use ARM mbed Device Server software to deliver a wider range of efficient security, communication and device management features.
Prototypes have been given to a few early adopters, including the Science and Technology Facilities Council which said that the kit and its connection to the IBM IoT Foundation will help businesses realise the value during the development and production phases of any venture.
The mbed software also comes with its own community, Mbed.org, a focus point for a more than 70,000 developers around the platform.
The website provides a database of hardware development kits, a repository for reusable software components, reference applications, documentation and web-based development tools. It is already up and running, ARM said.
A proposed class-action lawsuit was filed late last week against Lenovo and Superfish, charging both companies with “fraudulent” business practices and of making Lenovo PCs vulnerable to malware and malicious attacks by pre-loading the adware.
Plaintiff Jessica Bennett said her laptop was damaged as a result of Superfish, which was called “spyware” in court documents. She also accused Lenovo and Superfish of invading her privacy and making money by studying her Internet browsing habits.
The lawsuit was filed after Lenovo admitted to pre-loading Superfish on some consumer PCs. The laptops affected by Superfish include non-ThinkPad models such as G Series, U Series, Y Series, Z Series, S Series, Flex, Miix, Yoga and E Series.
Lenovo has since issued fixes to remove Superfish applications and certificates from PCs. Microsoft’s Windows Defender and McAfee’s security application also remove Superfish since Friday.
Lenovo earlier admitted it “messed up” by preloading Superfish on computers. The software plugs product recommendations into search results, but can hijack connections and open major security holes, thus leaving computers vulnerable to malicious attacks.
The first complaints of Superfish on Lenovo’s laptops emerged in September last year, but it became a real security issue when a hacker Marc Rogers pointed it out in a blog post.
Bennett, a blogger, purchased a Yoga 2 laptop to conduct business and communicate with clients. She noticed “spam advertisements involving scantily clad women” appearing on her client’s website when writing a blog post for the customer. After seeing pop-ups on other websites, she assumed her computer had spyware or had been hacked, but then scoured the forums to notice similar behavior on other Lenovo laptops. She then rooted out the problem to be Superfish, which could intercept secure communication and leave computers vulnerable.
Superfish also used memory resources and took up Internet bandwidth, according to the court document.
Damages from Lenovo and Superfish are being sought as part of the lawsuit filed in the U.S. District Court for the Southern District of California.
The free app from Google Inc’s online video service will be available for download as of today, February 23rd, and will feature kid-friendly design, with big icons and minimal scrolling, according to details seen by Reuters.
The app, which will be separate from the mainstream YouTube mobile app, will also feature parental controls such as a timer that can be used to limit a child’s screen time.
The Wall Street Journal earlier reported the launch, saying the company is planning to announce the new app today at a children’s entertainment industry conference.
A YouTube spokeswoman confirmed the information.
In December, USA Today reported that Google was planning to roll out child-friendly versions of its most popular products in a bid to be “fun and safe for children.”
Internet companies such as Google and Facebook Inc do not offer their services to children under 13.
The partnership will investigate the suitability of ARM servers and look to improve the overall energy efficiency and performance of computing systems.
Lenovo is taking over from IBM in its relationship with the STFC on research projects since the Chinese company announced a $2.3bn buyout of IBM’s x86 server business last year.
The latest collaboration will see the STFC’s Hartree Centre deploy and test ARM-based server hardware from Lenovo to investigate whether it can meet the challenges faced by data centres after a boom in demand.
The Hartree Centre is a research collaboration between STFC’s Scientific Computing Department and the UK facility dedicated to high-performance computing (HPC).
Joining HP and Dell with their ARM-based system developments, Lenovo said that the project is seen as a long-term investment, and probably won’t lead to commercial ARM-based server offerings.
For this project, the Hartree Centre is researching the challenges of power consumption in computing and the performance effects of scale-out versus scale-up systems given a defined power budget.
Hartree will also develop software intellectual property and define best practice regarding ARM-based server deployments.
“While ARM technology has shown promise, the biggest hurdle to overcome is the build-out of an ecosystem to support a production environment,” Lenovo said.
“Traditional servers have standardised on a common foundation, then you stack on top different kinds of cards that give the server its personality for a certain workload, such as networking cards, security accelerators, field-programmable gate arrays or GPUs,” said Lenovo’s executive director for HPC, Scott Tease.
The problem with this approach is that the cost adds up, as it increases power consumption and often adds latency to applications, according to Lenovo.
“So what we’re trying to do is figure out if there is a better way to go, where we look at more workload-optimised systems where all the functionality is designed into the base of the system,” Tease explained.
As part of this collaboration, Lenovo is developing an ARM-based server prototype as an extension to its popular NextScale dense computing platform.
Given its open and flexible design, NextScale solutions are used in HPC, grid deployments, analytics workloads, and large-scale cloud and virtualisation infrastructures.
The NextScale ARM server will be based on the Cavium ThunderX SoC, which has a full range of capabilities to help minimise cost and power consumption.
The NextScale enclosure is designed to optimise density and performance while fitting in a standard 19in rack, and can hold up to 12 ARM-based servers, delivering 1,152 cores while occupying only 6U of rack space, Lenovo said.
“What you can do with that is connect the nodes together in a mesh topology that allows for node-to-node communication without the need for any switching at the top of the rack,” Tease explained.
Lenovo and the STFC are looking at applications including cloud, search and web serving and caching, plus HPC.
“The reason we selected these is because they all have similar technical requirements, they are all looking for good energy efficiency, and users are looking for the best cost for the level of performance,” Tease said.
Microsoft will double the per-PC price of support for enterprises still holding onto Windows XP systems when the anniversary of the aged OS’s retirement rolls around in April, according to a licensing expert familiar with the situation.
The per-PC price for what Microsoft calls “custom support agreements” (CSAs) will increase to $400, the expert said after requesting anonymity.
CSAs provide critical security updates for an operating system that’s been officially retired, as Windows XP was on April 8, 2014. CSAs are negotiated on a company-by-company basis and also require that an organization has adopted a top-tier support plan, dubbed Premier Support, offered by Microsoft.
The CSA failsafe lets companies pay for security patches beyond the normal support lifespan while they finish their migrations to newer editions of Windows. Most enterprises have shifted — and are continuing to do so — to Windows 7 rather than adopt Windows 8.1.
Last year, just days before Microsoft retired Windows XP, the company slashed the price of CSAs to $200-per-device with a cap of $250,000.
Because a CSA is an annual-only program — and Microsoft limits each organization to just three years of post-retirement support — agreements must be renewed each year. The first renewals come due in less than two months.
Ideally, companies that signed up for a CSA last year will have retired large numbers of Windows XP machines in the interim. If a firm reduced the number of Windows XP PCs by half, it will pay the same as last year if it renews the agreement at the higher per-device price.
It’s difficult to gauge the persistence of Windows XP in commercial settings, but the operating system, which debuted in 2001, continues to appear in analytics firms’ tracking.
According to U.S.-based Net Applications, for example, the global user share of XP stood at 20.7% of all Windows-powered PCs in January, representing more than 300 million machines. Meanwhile, Irish metrics company StatCounter pegged XP’s usage share at 12% for January.
AMD has confirmed that it is releasing new AMD A8-7650K APUs today.
The chips are based on the “Kaveri” design and are designed for overclockers on a budget.
The APU has four “Steamroller” cores (two dual-core modules) operating at 3.30GHz/3.90GHz clock-rate, 4MB L2 cache, AMD Radeon R7 graphics engine with 384 stream processors, a dual-channel DDR3 memory controller, unlocked multiplier and up to 95W thermal design power. The chip will be drop-in compatible with FM2+ mainboards.
AMD will officially start to sell its A8-7650K on the 20 February, 2015. In Japan, where prices are traditionally a bit higher than in the rest of the world, the APU will cost $117.
The new chip is slower than the company’s A8-7700K, which AMD discontinued late last year. That said, it is not completely clear why the company decided to replace an APU with a product with lower performance and did not just drop the price of the A8-7700K.
Later this year AMD plans to release a family of A-series APUs known as “Kaveri Refresh” and “Godovari” which will have higher clock-rates.
The security of the employees of Phantom Dust developer Darkside Game Studios is in doubt, after Microsoft decided to sever all professional ties to the studio.
Phantom Dust is a remake of an Xbox game from 2004, which was designed by Yukio Futatsugi, the creator of Panzer Dragoon. Darkside’s project was unveiled at E3 last year as an exclusive title for the Xbox One, but whatever agreement existed between the studio and Microsoft has been terminated.
Here’s the official line: “Microsoft partnered with Darkside Game Studios in the development of Phantom Dust, but our working relationship has now ended. We have great respect for their studio and their work in the industry.
“While we do not have anything new to share on Phantom Dust at this time, we can confirm that development of the title continues. We look forward to sharing more details on the game as we get closer to release.”
Darkside, which is based in Florida, has contributed to the development of a host of major releases, including a couple of Xbox exclusives: Sunset Overdrive, Gears of War: Judgment, the Borderlands franchise, the Bioshock franchise; it’s a solid track record, albeit entirely composed of contract work, and Phantom Dust was to be its first solo project.
However, the “respect” Microsoft has for that track record is now the subject of suspicion, with several sources from within Darkside claiming that the company has been forced to layoff its entire staff – around 50 people.
“The executives who saw it were impressed and as late as this morning gave our team every indication that the project was on solid ground,” one of the sources said to Kotaku. “Yet we got the phone call today that someone up on high who in all likelihood wasn’t even aware of the game in detail shut it down.”
The notion that the alleged termination of Darkside’s working relationship with Microsoft was sudden is reinforced by the studio’s recruitment page, which advertised six open positions as recently as the start of January. Among the perks listed there, one stands out: “Working with major publishers.”
Microsoft offered no comment on the situation at Darkside, but we are pursuing the studio’s management for clarification.
Intel’s exascale computing efforts have received a boost with the extension of the company’s research collaboration with the Barcelona Supercomputing Center.
Begun in 2011 and now extended to September 2017, the Intel-BSC work is currently looking at scalability issues with parallel applications.
Karl Solchenbach, Intel’s director, Innovation Pathfinding Architecture Group in Europe said it was important to improve scalability of threaded applications on many core nodes through the OmpSs programming model.
The collaboration has developed a methodology to measure these effects separately. “An automatic tool not only provides a detailed analysis of performance inhibitors, but also it allows a projection to a higher number of nodes,” says Solchenbach.
BSC has been making HPC tools and given Intel an instrumentation package (Extrae), a performance data browser (Paraver), and a simulator (Dimemas) to play with.
Charlie Wuischpard, VP & GM High Performance Computing at Intel said that the Barcelona work is pretty big scale for Chipzilla.
“A major part of what we’re proposing going forward is work on many core architecture. Our roadmap is to continue to add more and more cores all the time.”
“Our Knights Landing product that is coming out will have 60 or more cores running at a slightly slower clock speed but give you vastly better performance,” he said.
Today the company is hosting its first-ever mobile developer conference. The daylong event in San Francisco shows the company wants to develop lucrative relationships with developers and put mobile at the center of its turnaround effort.
The event will feature talks by top Yahoo executives, including CEO Marissa Mayer, and deep dives into Yahoo’s technology services for mobile apps. A critical part of those services is Flurry, a mobile analytics and advertising company Yahoo acquired last year. Flurry tracks more than 600,000 apps worldwide, providing information on app performance and users that can aid in ad targeting.
Yahoo needs that data to kickstart its sluggish ad business, especially on mobile devices.
During the show, Yahoo executives will try to sell third-party developers on the value of using Flurry. They will also promote Yahoo Gemini, the company’s platform for mobile advertising, and BrightRoll, a digital video advertising platform the company also acquired last year.
It’s a multi-pronged strategy, and the pieces are still coming together. But by encouraging more outside developers to use Yahoo’s services, Yahoo hopes to gain valuable information about how people use mobile apps.
That information could help Yahoo do its job. “We can help advertisers find the right audience they’re looking for, target the ads they want to target, using strong data from Yahoo, and find users wherever they are, on or off Yahoo,” Mayer said last week during the Goldman Sachs Technology and Internet Conference in San Francisco.
And if Yahoo can freshen its appeal to outside software developers and build new partnerships with them, then all the better.
“Yahoo is working on their own apps, but they will be able to extend their reach and their advertising inventory by getting outside developers into the fold,” said Karsten Weide, an industry analyst at IDC who studies consumer apps and platforms.