The approach, which they call Quantum-Secure Authentication (QSA), centers on single particles of light, or photons, and their ability to encode data so that attackers cannot determine what the information is. It exploits a property of photons that allows them to effectively be in multiple places at once, a phenomenon described in quantum physics.
Researchers in the Netherlands are applying quantum physics in an attempt to create fraud-proof credit cards and ID cards.
“Quantum-physical principles forbid an attacker to fully characterize the incident light pulse,” the researchers wrote in an article in the journal Optica. “Therefore, he cannot emulate the key by digitally constructing the expected optical response, even if all information about the key is publicly known.”
The researchers at the University of Twente and Eindhoven University of Technology coated a credit card with a thin layer of white paint containing millions of nanoparticles. When light hits the nanoparticles, it bounces around until it escapes, creating a unique pattern that depends on the precise position of the particles in the paint. The card is “enrolled” in the system by recording the way that it reflects light.
To authenticate the card, a bank machine showers the paint with a pulse of light that is unique to each transaction. When the correct tell-tale pattern of light emerges as an “answer” to the bank’s “question,” the card can be authenticated.
While an attacker could measure the entire incoming light pattern and then use a projector to return the correct answer, the ability of photons to be in multiple places at once allows the bank to create the complex light question with only a small number of photons, or even just one. Due to the characteristics of quantum physics, an attempt to observe the question and answer process between a reader and the card would destroy the information in the transmission, making it more secure.
“Even if somebody has the full information of how the card is built, technology does not allow him to build a copy,” lead author Pepijn Pinkse of the University of Twente said via email. “The nanoparticles are too small and there are too many of them which need to be positioned with too high accuracy.”
The approach could be used in everything from authenticating passports to opening electronic locks on car doors or accessing secure areas such as government buildings.
Dell has merged its SonicPoints with Dell SonicWALL next-generation firewalls to create what it claims are secure wireless networks. According to the company, the Dell SonicWALL firewalls automatically detects and provision SonicPoints, while it pushes appropriate security updates as well as policies to ensure enterprise-class security.
Of course, it also claims to simplify management, deliver a lower TCO and protect you from badgers at the same time. But it is a pretty interesting product. The SonicPoint AC Series of wireless access points would be able to support the high-performance IEEE 802.11ac wireless standard in order to offer close to three times that of the last wireless standard (802.11n).
SonicPoints will offer deep packet inspection security from Dell SonicWALL next-generation firewalls. This opens the door for small- and mid-sized organizations to leverage enterprise-class wireless performance and security, all the while simplifying wireless network setup and management.
With enterprise-level performance, WiFi-ready devices are able to hook up from greater distances, while making use of bandwidth-intensive mobile apps, including video and voice, working in higher-density environments with virtually no signal degradation.
It’s already been widely reported that Microsoft is working on game-streaming technology, long enough that the company has apparently started over at least once. According to a new ZDNet report, Microsoft halted work on one such project called “Rio,” and has since begun building a new streaming service code-named “Arcadia.”
ZDNet’s Mary Jo Foley cites sources within Microsoft with the news that Arcadia is being worked on by a new team in the company’s Operating Systems Group. A job listing for the team says it will be working “to bring premium and unique experiences to Microsoft’s core platforms.”
Arcadia is said to run on Microsoft’s Azure cloud technology, and will let users stream apps as well as games. While there was talk of having Arcadia stream Android apps and games to Windows devices, Foley reported that particular feature has been tabled for the moment.
Stanford University researchers have developed a multi-layered “high-rise” chip that could significantly outperform traditional computer chips, taking on the hefty workloads that will be needed for the Internet of Things and big data.
Utilizing nanotechnology, the new chips are built with layers of processing on top of layers of memory, greatly cutting down on the time and energy typically needed to move information from memory to processing and back.
Max Shulaker, a researcher on the project and a Ph.D candidate in Stanford’s Department of Electrical Engineering, said they have built a four-layer chip but he could easily see them building a 100-layer chip if that was needed.
“The slowest part of any computer is sending information back and forth from the memory to the processor and back to the memory. That takes a lot of time and lot of energy,” Shulaker told Computerworld. “If you look at where the new exciting apps are, it’s with big data… For these sorts of new applications, we need to find a way to handle this big data.”
The conventional separation of memory and logic is not well-suited for these types of heavy workloads. With traditional chip design, information is passed from the memory to the processor for computing, and then it goes back to the memory to be saved again.
In relative terms, that takes a lot of energy and time – way more than the computation itself.
“People talk about the Internet of Things, where we’re going to have millions and trillions of sensors beaming information all around,” said Shulaker. “You can beam all the data to the cloud to organize all the data there, but that’s a huge data deluge. You need [a chip] that can process on all this data… You want to make sense of this data before you send it off to the cloud.”
The researchers, led by Subhasish Mitra, a Stanford associate professor of electrical engineering and computer science, and H.S. Philip Wong, a professor in Stanford’s school of engineering, used carbon nanotube transistors instead of silicon and replaced typical memory with resistive random-access memory (RRAM) or spin-transfer torque magnetic random-access memory (STT-RAM). Both use less power and are more efficient than traditional memory systems.
Chinese smartphone maker Coolpad has created an extensive “backdoor” into its Android devices that can track users, serve them unwanted advertisements and install unauthorized apps, a U.S. security firm alleged today.
In a research paper released today, Palo Alto Networks detailed its investigation of the backdoor, which it dubbed “CoolReaper.”
“Coolpad has built a backdoor that goes beyond the usual data collection,” said Ryan Olson, director of intelligence at Palo Alto’s Unit 42. “This is way beyond what one malicious insider could have done.”
Coolpad, which sells smartphones under several brand names — including Halo, also called Danzen — is one of China’s largest ODMs (original device manufacturers). According to IDC, it ranked fifth in China in the third quarter, with 8.4% of the market, and has expanded sales outside of the People’s Republic of China (PRC) and Taiwan to Southeast Asia, the U.S. and Western Europe.
Tipped off by a string of complaints from Coolpad smartphone users in China and Taiwan — who griped about seeing advertisements pop up and apps suddenly appear — Palo Alto dug into the ROM updates that Coolpad offered on its support site and found widespread evidence of CoolReaper.
Of the 77 ROMs that Palo Alto examined, 64 contained CoolReaper, including 41 hosted by Coolpad and signed with its own digital certificate.
Other evidence that Coolpad was the creator of the backdoor, said Olson, included the malware’s command-and-control servers — which were registered to domains belonging to the Chinese company and used, in fact, for its public cloud — and an administrative console that other researchers had found last month because of a vulnerability in Coolpad’s backend control system. The console confirmed CoolReaper’s functionality.
British chip designer ARM could cash in on the mobile industry’s rush to transition to 64-bit operating systems and hardware.
Canaccord Genuity analyst Matt Ramsey argues that ARM is still a ‘Buy’ stock, as it’s trading at $43, while his price target is $54 to $56. Ramsay is upbeat for a number of reasons and the 64-bit craze is one o them.
He pointed out that sales of ARMv8 chips are raping up and are no longer limited to Apple. Qualcomm’s upcoming Snapdragon 810 is also based on ARMv8, along with all other upcoming 64-bit SoCs. Ramsey named Qualcomm, MediaTek and Samsung as the three biggest contributors to ARM’s 64-bit business.
In addition to smartphones, ARMv8 designs are finding their way into enterprise networks and servers, creating even more opportunities. This is good news for ARM, as its royalties for processor designs based on the ARMv8 instruction set are significantly higher than for venerable 32-bit parts.
HGST has bought flash memory specialist Skyera after weeks of speculation.
Skyera, a startup offering cloud server arrays at prices comparable to those offered by traditional spindle drives, was already considered ripe for a takeover.
The company will be absorbed into HGST, the parent of which, Western Digital, was an early funder of Skyera along with Dell, Toshiba and Micron, giving it unprecedented access to NAND technology from the inside.
Western Digital is clearly pleased with what it has bought its HGST subsidiary for Christmas.
“Western Digital has established a leadership position in the fastest growing areas of the storage industry,” said Steve Milligan, president and CEO of Western Digital.
“The Skyera acquisition supports our strategic growth objectives and plans to deliver long-term value to customers, shareholders and employees.”
The INQUIRER spoke to HGST president Mike Cordano in September, when he warned us that HGST was “no longer your father’s hard drive company”. The combination of the Skyera acquisition and the company’s purchase of the Virident optimisation platform has made it a major force in flash memory at the enterprise level.
HGST is still seeking ways to make the most out of traditional spindle drives, through the use of helium, but is increasingly looking like a company in the midst of a transformation into a flash specialist.
Terms of the deal have not been announced, but it is understood to be an all cash affair with a value reflecting the importance of this transformation.
Cordano also explained that HGST wanted to disrupt the mindset of storage purchasing to look at whole-life costs. With Skyera, which is known for very high density, low-cost systems that reduce total costs, this could certainly help HGST achieve its goal.
Hundreds of thousands of websites running WordPress have been infected by a piece of malware called SoakSoak. Google has flagged more than 11,000 domains hosting a WordPress website as malicious.
Websites running a third-party plug-in called Slider Revolution are being hacked, and malicious code is being installed that will in turn infect those who visit the website. The developers of the plug-in, ThemePunch, have admitted that they knew about the vulnerability in February this year but kept quiet about it.
ThemePunch in developed 29 security fixes from February to September, resisting a public call for action because of a “fear that an instant public announcement would spark a mass exploitation of the issue”.
The company had hoped that most users would install these updates, solving the problem, but it now admits that this was “sadly not the case.”
“We as a team would like to apologize officially to our clients for the problems that arose due to the security exploit in Revolution Slider Plugin versions older than 4.2, ? it says on its website.
Short answer is that you have to upgrade everything that moves on your wordpress site or it will be toast.
BlackBerry Ltd rolled out its much anticipated Classic on Wednesday, a smartphone it hopes will help it win back market share and woo those still using older versions of its physical keyboard devices.
The Canadian mobile technology company said the new device, which bears striking similarities to its once wildly popular Bold and Curve handsets, boasts a larger screen, longer battery life, an expanded app library with access to offerings from Amazon.com Inc’s Android App store, and a browser three times faster than the one on its legacy devices.
“The conversation about BlackBerry has changed in the last year,” Chief Executive John Chen said as he launched the Classic at Manhattan’s upscale Cipriani restaurant. “We are here to stay, there is no question about that. Now we have to engineer our growth.”
He said BlackBerry had listened to its fans and brought back the command bar functionality that helped make its legacy phones easy to navigate.
When the company initially introduced its new BlackBerry 10 operating system and devices early in 2012 it put more emphasis on touchscreens, alienating many fans of its physical keyboard.
Those who moved to the new physical keyboard phones that BlackBerry launched later were unhappy that command keys such as the Menu, Back, Send and End buttons, along with the trackpad had been dropped.
With the Classic and the recent launch of its Passport smartphone, Chen is in some ways taking the company back to its roots, re-emphasizing the physical keyboard, rather than trying to compete directly against the touchscreen handsets of dominant rivals like Samsung Electronics and Apple.
“We expect the Classic to be the most popular BlackBerry enterprise device and the easiest transition for current BB7 (legacy device) users,” said Wells Fargo analyst Maynard Um.
Android apps really take advantage of those permissions they ask for to access users’ personal information: one online store records a phone’s location up to 10 times a minute, French researchers have found. The tools to manage such access are limited, and inadequate given how much information phones can gather.
In a recent study, ten volunteers used Android phones that tracked app behavior using a monitoring app, Mobilitics, developed by the French National Institute for Informatics Research (INRIA) in conjunction with the National Commission on Computing and Liberty (CNIL). Mobilitics recorded every time another app accessed an item of personal data — the phone’s location, an identifier, photos, messages and so on — and whether it was subsequently transmitted to an external server. The log of the apps’ personal information use was stored on the phone and downloaded at the end of the three months for analysis.
The volunteers were encouraged to use the phones as if they were their own, and together used 121 apps over the period from July to September. A similar study last year used a special iOS app to examine the way iPhone apps access users’ personal data.
Many apps access phones’ identifying characteristics to track their users, the researchers said. One of the few options users have to avoid this tracking is a switch in the “Google Settings” app to reset their phone’s advertising ID. That’s not much help, though, as apps have other ways to identify users. Almost two-thirds of apps studied in the three-month real-world test accessed at least one mobile phone identifier, a quarter of them at least two identifiers, and a sixth three or more. That allows the apps to build up profiles of their users for advertising purposes.
Location was one of the most frequently-accessed items of data. It accounted for 30 percent of all accesses to personal information during the test, and 30 percent of the apps studied accessed it at some point. The Facebook app recorded one volunteer’s location 150,000 times during the three-month period — more than once per minute, on average, while the Google Play Store tracked another user ten times per minute at times. Often, the only use apps make of such information is to serve personalized advertising, as was the case with one game that recorded a user’s location 3,000 times during the study.
Red Hat has announced the availability of Red Hat Enterprise Linux (RHEL) 7.1 Beta with enhancements to improve ease of use, manageability and performance, as well as support for IBM Power8 little endian architecture.
RHEL 7.1 Beta is the next point release following the enterprise Linux vendor’s initial production release of RHEL 7.0 in June.
RHEL 7.1 adds OpenLMI support to streamline system configuration management with thin logical volume manager provisioning, along with kernel and user mode components supporting Ceph block storage devices.
The update also offers support for Microsoft CIFS for mixed vendor data centre environments that need it, providing native access to Microsoft Windows file and print services.
RHEL 7.1 also enhances identity management security with one-time password authentication via LDAP and Kerberos protocols and the FreeOTP standard, and introduces a certificate authority management tool.
In addition, RHEL 7.1 includes Security Content Automation Protocol Security Guides that reduce the complexity of compliance testing and enhance security assurance.
Building on RHEL 7.0 support for Linux containers in physical, virtual and cloud deployments in development, test and production environments, RHEL 7.1 adds access to Docker 1.2 in the RHEL 7 Extras channel.
For users with demanding workload responsiveness requirements, RHEL 7.1 adds real-time dispatching for workloads that require very precise and deterministic processing times. This capability is delivered with Linux kernel enhancements and additional userspace packages that can be added on top of a stock RHEL 7.1 installation.
Finally, RHEL 7.1 includes support for IBM Power8 little endian architecture for customers using the IBM Power8 systems infrastructure.
Running in little endian mode accelerates application portability to the IBM Power8 systems, thus allowing customers using IBM Power8 systems to use the existing ecosystem of Linux applications as developed for the x86 architecture.
Interested users can read the RHEL 7.1 Beta Release Notes, and can download the RHEL 7.1 Beta at Red Hat’s website.
The FCC voted last Thursday to update its rules for the Connect America Fund, the broadband subsidy program funded through fees on telephone service, with a major change being the increase in minimum download speeds from 4Mbps to 10Mbps from fixed broadband providers.
Broadband providers AT&T and Verizon had opposed the speed increase, and one of the FCC’s Republican commissioners questioned whether the new speed requirement could limit deployment.
The new speed requirements could double the cost of deployment to rural areas, but the commission did not also double the time that broadband providers could complete their deployments, Commissioner Ajit Pai said.
Instead of increasing the funding window for deployments from five to 10 years, as dozens of members of Congress had requested, the commission increased funding term to six years in most cases. Adding new speed requirements without allowing much more time for broadband providers to receive funding may discourage broadband providers from participating, Pai said.
“I fear we are going to leave many communities without broadband for the foreseeable future,” Pai said. “Incentivizing wireline broadband providers to deploy service deep into the unserved countryside requires a balance act. Today’s order disrupts that balance.”
But FCC Chairman Tom Wheeler said the agency doesn’t want to pay for “second-class broadband service.” If large broadband providers don’t agree with the terms of the subsidy, the FCC will use an auction to bring service to rural areas, he said.
Intel is planning to update its rather successful NUC (Next Unit of Computing) series and as you can expect, they will come with Broadwell CPUs inside.
Intel isn’t hiding the external design of the new cases and there is a dominant yellow connector at the front of the new NUC, and this one should be providing charging power even when the device is turned off.
The board comes with either M2 storage or single SATA and there will be two different designs one exclusively for M2 drive and the second taller that will be able to take 2.5 inch SSD or HDD as well.
We will probably learn more details at CES 2015 that is about to start in less than three weeks from now, but the Broadwell in this small form factor will get a speed boost and some future prove technologies such as M2 SSD support.
We are running Core i5 4200 powered NUC with Windows 10 and it really works great powered by 240GB Kingston mS200 mSata SSD and Impact SO DIMM memory. These machines takes less than half an hour to assemble and boot into windows, including Windows 10 and make a perfect choice for the lovers of quiet computing.
The new version will obviously run at least slightly faster than the one we are testing and the marketing is excluding about “the one with the yellow USB connector”.
Like other infotainment systems, Sync allows users to make hands-free telephone calls, control music choices and perform other functions with the use of voice commands. Ford’s Sync head unit also upgraded to the latest Texas Instruments OMAP 5 processor.
As with Ford’s announcement about the new Sync rollout,Ford spokesperson Alan Hall declined to say why the automaker chose QNX over Microsoft’s Windows Embedded Automotive OS for its third-generation product.
Negative press and feedback and criticism from Consumer Reports likely spurred Ford rethink its choices, said Gartner analyst Thilo Koslowski.
“Having that automotive expertise and understanding the programs they have in place, how they work from an engineering perspective, the UI and getting applications into the head unit makes QNX very strong,” Koslowski said in an earlier interview with Computerworld.
Ford’s Sync IVI system has never been recommended by Consumer Reports magazine.
By turning to the open-source QNX platform, Ford gets a full community of developers to support and update the software. QNX also supports the ubiquitous HTML5 markup language and other native user interface toolsets.
Before being purchased by Blackberry in 2010, QNX Software Systems was owned by audio and infotainment equipment company Harman International. It’s been used in more than 200 different car models, so it has been well vetted.
Ford’s third generation, QNX-supported Sync uses a more natural language speech-recognition technology from Nuance, according to Hall.
“What we did with the data set was allow it to use a more conversational way that you’d refer to something. So P.F. Chang’s is how you’d refer to the restaurant, but the official name of the restaurant is P.F. Chang’s Chinese Bistro. In the past, you had to know the official name for the system to be able to find it,” Hall said. “That wasn’t very helpful because no one calls it P.F. Chang’s Chinese Bistro.”
“While the Internet of Things (IoT) conjures a vision of ‘anytime, any place’ connectivity for all things, the realization is complex given the need to work across interconnected and heterogeneous systems, and the special considerations needed for security, privacy, and safety,” co-wrote Google chief Internet evangelist Vint Cerf, in a blog post announcing the research program.
The ”Internet of Things” is technical shorthand describing what is expected to be a mass wave of portable devices and sensors that will gather information and send it over the Internet for purposes of analysis and monitoring. Over 50 billion things will be connected to the Internet by 2020, Cisco has estimated.
Google plans to issue two sets of awards, both meant to fuel work to be carried out over a year.
One set of grants will be for larger team projects that Google will pay between $500,000 and $800,000 to see completed. Google expects that the work could be undertaken either by an academician leading a team of researchers or by a graduate student “willing to dedicate a substantial portion of their research time to this expedition,” according to Google’s request for proposals document.
A smaller set of grants, ranging from $50,000 to $150,000, will also be given out. For these grants, Google is looking for “new and unorthodox solutions” in user interface and application development, in privacy and security, and in systems and protocols research, according to the blog post.