Oracle issued a comprehensive list of its software that may or may not be impacted by the OpenSSL (secure sockets layer) vulnerability known as Heartbleed, while warning that no fixes are yet available for some likely affected products.
The list includes well over 100 products that appear to be in the clear, either because they never used the version of OpenSSL reported to be vulnerable to Heartbleed, or because they don’t use OpenSSL at all.
However, Oracle is still investigating whether another roughly 20 products, including MySQL Connector/C++, Oracle SOA Suite and Nimbula Director, are vulnerable.
Oracle determined that seven products are vulnerable and is offering fixes. These include Communications Operation Monitor, MySQL Enterprise Monitor, MySQL Enterprise Server 5.6, Oracle Communications Session Monitor, Oracle Linux 6, Oracle Mobile Security Suite and some Solaris 11.2 implementations.
Another 14 products are likely to be vulnerable, but Oracle doesn’t have fixes for them yet, according to the post. These include BlueKai, Java ME and MySQL Workbench.
Users of Oracle’s growing family of cloud services may also be able to breath easy. “It appears that both externally and internally (private) accessible applications hosted in Oracle Cloud Data Centers are currently not at risk from this vulnerability,” although Oracle continues to investigate, according to the post.
Heartbleed, which was revealed by researchers last week, can allow attackers who exploit it to steal information on systems thought to be protected by OpenSSL encryption. A fix for the vulnerable version of OpenSSL has been released and vendors and IT organizations are scrambling to patch their products and systems.
Observers consider Heartbleed one of the most serious Internet security vulnerabilities in recent times.
Meanwhile, this week Oracle also shipped 104 patches as part of its regular quarterly release.
The patch batch includes security fixes for Oracle database 11g and 12c, Fusion Middleware 11g and 12c, Fusion Applications, WebLogic Server and dozens of other products. Some 37 patches target Java SE alone.
A detailed rundown of the vulnerabilities’ relative severity has been posted to an official Oracle blog.
Lavaboom, based in Germany and founded by Felix MA1/4ller-Irion, is named after Lavabit, the now defunct encrypted email provider believed to have been used by former NSA contractor Edward Snowden. Lavabit decided to shut down its operations in August in response to a U.S. government request for its SSL private key that would have allowed the government to decrypt all user emails.
Lavaboom designed its system for end-to-end encryption, meaning that only users will be in possession of the secret keys needed to decrypt the messages they receive from others. The service will only act as a carrier for already encrypted emails.
The goal of this implementation is to protect against upstream interception of email traffic as it travels over the Internet and to prevent Lavaboom to produce plain text emails or encryption keys if the government requests them. While this would protect against some passive data collection efforts by intelligence agencies like the NSA, it probably won’t protect against other attack techniques and exploits that such agencies have at their disposal to obtain data from computers and browsers after it was decrypted.
Security researchers have yet to weigh in on the strength of Lavaboom’s implementation. The service said on its website that it considers making parts of the code open source and that it has a small budget for security audits if any researchers are interested.
Those interested in trying out the service can request to be included in its beta testing period, scheduled to start in about two weeks.
Free Lavaboom accounts will come with 250MB of storage space and will use two-way authentication based on the public-private keypair and a password. A premium subscription will cost a!8 (around US$11) per month and will provide users with 1GB of storage space and a three-factor authentication option.
“I think you’ll see wide-area, high-bandwidth [smart]watches this year at some point,” said Glenn Lurie, president of emerging devices at AT&T, in an interview.
The company has a group working in Austin, Texas, on thousands of wearable-device prototypes, and is also looking at certifying third-party devices for use on its network, Lurie said.
“A majority of stuff you’re going to see today that’s truly wearable is going to be in a watch form factor to start,” Lurie said. If smartwatch use takes off — “and we believe it can,” Lurie said — then those devices could become hubs for wearable computing.
Right now smartwatches lack LTE capabilities, so they are largely reliant on smartphones for apps and notifications. With a mobile broadband connection, a smartwatch becomes an “independent device,” Lurie said.
“We’ve been very, very clear in our opinion that a wearable needs to be a stand-alone device,” Lurie said.
AT&T and Filip Technologies in January released the Filip child tracker wristwatch, which also allows a parent to call a child over AT&T’s network. Filip could be improved, but those are the kind of wearable products that AT&T wants to bring to market.
Wearables for home health care are also candidates for LTE connections, Lurie said, but fitness trackers may be too small for LTE connectivity, at least for now.
Lurie couldn’t say when smartglasses would be certified to work on AT&T’s network. Google last year said adding cellular capabilities to its Glass eyewear wasn’t in the plans because of battery use. But AT&T is willing to experiment with devices to see where LTE would fit.
“It’s one thing if I’m buying it to go out for a job, it’s another thing if I’m going to wear it everyday. Those are the things people are debating right now — how that’s all going to come out,” Lurie said. “There’s technology and there’s innovation happening, and those things will get solved.”
Lurie said battery issues are being resolved, but there are no network capacity issues. Wearable devices don’t use too much bandwidth as they relay short bursts of information, unless someone is, for instance, listening to Pandora radio on a smartwatch, Lurie said.
But AT&T is building out network capacity, adding Wi-Fi networks, and virtualizing networks to accommodate more devices.
“We don’t have network issues, we don’t have any capacity issues,” Lurie said. “The key element to adding these devices is a majority of [them] aren’t high-bandwidth devices.”
AT&T wants to make wearables work with its home offerings like the Digital Life home automation and security system. AT&T is also working with car makers for LTE integration, with wearables interacting with vehicles to open doors and start ignitions.
Its becoming more obvious lately that Intel and Microsoft are no longer joined at the hip. Intel is trying desperately to make a dent in the tablet market, and with Windows struggling on those devices, Android is where it’s at.
Intel hopes to see its processors used in 40 million tablets this year, and 80% to 90% of those will be running Google’s Android OS, CEO Brian Krzanich said on Tuesday.
“Our mix of OSes reflects pretty much what you see in the marketplace,” Krzanich said during Intel’s quarterly earnings call.
Most Intel-powered tablets running Android today use the older Medfield and Clover Trail+ chips. More Android tablets running the latest Atom processor, called Bay Trail, will ship later this quarter.
That’s not to say Intel is abandoning Windows — far from it. It’s just going where the market is today. Krzanich said he expects Windows to “grow and gain traction,” and more Intel-based tablets running both Android and Windows will be shown in June at the massive Computex trade show in Taipei.
The first Android-based Bay Trail tablet, the DreamTab, was announced in January, but it hasn’t shipped yet.
Intel is chasing ARM, the U.K. company whose processor designs are used in most tablets today, including those running both Android and Apple’s iOS.
The 40 million Intel tablets that will ship this year will give the company 15% to 20% of the tablet market, Intel CFO Stacy Smith said on the earnings call.
Intel is providing discounts and development funds to tablet makers to reduce the cost of using its chips. It’s looking for growth with the white-box Chinese tablet makers, which are expected to ship up to 130 million tablets this year.
Intel chips are available in some tablets now priced under $99, but most will be priced between $125 and $250, Krzanich said.
Microsoft hasn’t made much of a dent yet in Google’s and Apple’s share of the market, but IDC estimated last month that Windows would have 10.2% of the tablet market by 2017. Dell, Toshiba, Lenovo and Hewlett-Packard have launched Windows 8 tablets with Bay Trail, and Microsoft’s own Surface Pro 2 uses an Intel Core processor, but the tablets haven’t sold well.
“All spots in the Explorer Program have been claimed for now, but if you missed it this time, don’t worry,” the Google Glass team wrote on its blog on Wednesday.
“We’ll be trying new ways to expand the Explorer program in the future.”
Google did not respond to a request for more information, but an earlier post about the one-day sale spoke of brisk sales of the $1,500 Internet-enabled headset.
“We’ve sold out of Cotton (white), so things are moving really fast,” the team wrote.
Aside from the white version, Glass was being offered in shades marketed as Charcoal, Tangerine, Shale (grey) and Sky (blue). Buyers had the choice of their favorite shade or frame. Google announced the one-day sale available to all U.S. residents over 18 last week, adding it wasn’t ready to bring the gizmo to other countries. Shoppers who missed it have to sign up for updates at the Glass website.
Only a few thousand early adopters and developers had Glass before the one-day sale, which coincided with a major software update for the heads-up display that put video calling on hold.
An official launch of Google Glass may happen later this year.
Reddit, a website with a retro-’90s look and space-alien mascot that tracks everything from online news to celebrity Q&As, is trying to attract even more followers, and advertising, by allowing members of its passionate community to post their own news more quickly and easily.
Reddit, majority owned by Conde Nast parent Advanced Publications, last month unveiled a new feature that lets users of the nine-year-old site post live updates, allowing them to report in real time.
The live updates allow selected users, dubbed “reporters” by Reddit, to instantly stream unlimited posts during the course of an event such as the conflict in the Ukraine, an earthquake in Los Angeles, or a game played in real time, without having to refresh the page.
The capability is still in testing mode. So far only users selected on a case-by-case basis can create a live thread. The feature has attracted attention. For example, live threads linked to “Twitch plays Pokemon,” in which users of the Twitch website played an old Nintendo game, garnered 2 million page views in 30 days.
“Reddit members are doing amazing things with very minimal tools and were hitting some barriers,” said Erik Martin, general manager.
Martin, who said the site is not yet profitable and declined to give specific revenue figures, added: “We want to give people a more powerful way to make updates.”
Reddit’s move toward enabling users to fluidly update is the latest move in a battle between social media sites including Facebook, Twitter and LinkedIn to use news to engage users, and attract more ad dollars.
Before, Reddit users could not update in real time. The new feature is similar to how people instantly send tweets but keeps the updates together through one thread or “subreddit.”
Reddit, which also gets revenue through e-commerce, has ramped up efforts of late to attract more advertisers. Next week, it plans to unveil city and country targeting capabilities that allow advertisers to address users by geographic market.
One recent ad, specific to Reddit, featured the actors Jeff Goldblum and Bill Murray, stars of the movie “The Grand Budapest Hotel,” as individual threads.
Some 62 percent of Reddit users get their news through the platform while about half of all Facebook and Twitter users do the same, according to a recent report on the State of the News Media from the Pew Research Center.
“Reddit is all about the community, that is the value they brought to the site as they created it,” said Kelly McBride, a senior faculty member at the Poynter Institute, who has been following Reddit since it was founded.
“News has always been really important to Reddit,” she said.
Reddit has more than 114 million unique visitors worldwide and has doubled its traffic in 12 months, said Martin. Facebook has more than 1 billion users and Twitter has more than 240 million.
MediaTek has shown off one of its most interesting SoC designs to date at the China Electronic Information Expo. The MT6595 was announced a while ago, but this is apparently the first time MediaTek showcased it in action.
It is a big.LITTLE octa-core with integrated LTE support. It has four Cortex A17 cores backed by four Cortex A7 cores and it can hit 2.2GHz. The GPU of choice is the PowerVR G6200. It supports 2K4K video playback and recording, as well as H.265. It can deal with a 20-megapixel camera, too.
The really interesting bit is the modem. It can handle TD-LTE/FDD-LTE/WCDMA/TD-SCDMA/GSM networks, hence the company claims it is the first octa-core with on board LTE. Qualcomm has already announced an LTE-enabled octa-core, but it won’t be ready anytime soon. The MT6595 will – it is expected to show up in actual devices very soon.
Of course, MediaTek is going after a different market. Qualcomm is building the meanest possible chip with four 64-bit Cortex A57 cores and four A53 cores, while MediaTek is keeping the MT6595 somewhat simpler, with smaller 32-bit cores.
“We know you want features that allow you to move as seamlessly as possible between Office Online and the desktop,” wrote Kaberi Chowdhury, an Office Online technical product manager, in a blog post Monday.
Improvements to Excel Online include the ability to insert new comments, edit and delete existing comments, and properly open and edit spreadsheets that contain Visual Basic for Applications (VBA) code.
Meanwhile, Word Online has a new “pane” where users can see all comments in a document, and reply to them or mark them as completed. It also has a refined lists feature that is better able to recognize whether users are continuing a list or starting one. In addition, footnotes and end notes can now be added more conveniently inline.
PowerPoint Online has a revamped text editor that offers a layout view that more closely resembles the look of finished slides, according to Microsoft. It also has improved performance and video functionality, including the ability to play back embedded YouTube videos.
For users of OneNote Online, Microsoft is now adding the ability to print out the notes they’ve created with the application.
Microsoft is also making Word Online, PowerPoint Online and OneNote Online available via Google’s Chrome Web Store so that Chrome browser users can add them to their Chrome App launcher. Excel Online will be added later.
The improvements in Office Online will be rolled out to users this week, starting Monday.
Office Online, which used to be called Office Web Apps, competes directly against Google Docs and other browser-based office productivity suites. It’s meant to offer users a free, lightweight, Web-based version of these four applications if they don’t have the desktop editions on the device they’re using at that moment.
The revisions more explicitly spell out the manner in which Google software scans users’ emails, both when messages are stored on Google’s servers and when they are in transit, a controversial practice that has been at the heart of litigation.
Last month, a U.S. judge decided not to combine several lawsuits that accused Google of violating the privacy rights of hundreds of millions of email users into a single class action.
Users of Google’s Gmail email service have accused the company of violating federal and state privacy and wiretapping laws by scanning their messages so it could compile secret profiles and target advertising. Google has argued that users implicitly consented to its activity, recognizing it as part of the email delivery process.
Google spokesman Matt Kallman said in a statement that the changes “will give people even greater clarity and are based on feedback we’ve received over the last few months.”
Google’s updated terms of service added a paragraph stating that “our automated systems analyze your content (including emails) to provide you personally relevant product features, such as customized search results, tailored advertising, and spam and malware detection. This analysis occurs as the content is sent, received, and when it is stored.
Mark Karpeles, the founder of Mt. Gox, has refused to come to the United States to answer questions about the Japanese bitcoin exchange’s U.S. bankruptcy case, Mt. Gox lawyers told a federal judge on Monday.
In the court filing, Mt. Gox lawyers cited a subpoena from the U.S. Department of Treasury’s Financial Crimes Enforcement Network, which has closely monitored virtualcurrencies like bitcoin.
“Mr. Karpeles is now in the process of obtaining counsel to represent him with respect to the FinCEN Subpoena. Until such time as counsel is retained and has an opportunity to ‘get up to speed’ and advise Mr. Karpeles, he is not willing to travel to the U.S.”, the filing said.
The subpoena requires Karpeles to appear and provide testimony in Washington, D.C., on Friday.
The court papers also said a Japanese court had been informed of the issue and that a hearing was scheduled on Tuesday in Japan.
Bitcoin is a digital currency that, unlike conventional money, is bought and sold on a peer-to-peer network independent of central control. Its value has soared in the last year, and the total worth of bit coins minted is now about $7 billion.
Mt. Gox, once the world’s biggest bitcoin exchange, filed for bankruptcy protection in Japan last month, saying it may have lost nearly half a billion dollars worth of the virtual coins due to hacking into its computer system.
According to Monday’s court filings, the subpoena did not specify topics for discussion.
In the court filings, Karpelès’ lawyers asked the court to delay the bankruptcy deposition to May 5, 2014 but said that Mt. Gox could not guarantee that Karpeles would attend that either.
Researchers last week warned they uncovered Heartbleed, a bug that targets the OpenSSL software commonly used to keep data secure, potentially allowing hackers to steal massive troves of information without leaving a trace.
Security experts initially told companies to focus on securing vulnerable websites, but have since warned about threats to technology used in data centers and on mobile devices running Google Inc’s Android software and Apple Inc’s iOS software.
Scott Totzke, BlackBerry senior vice president, told Reuters on Sunday that while the bulk of BlackBerry products do not use the vulnerable software, the company does need to update two widely used products: Secure Work Space corporate email and BBM messaging program for Android and iOS.
He said they are vulnerable to attacks by hackers if they gain access to those apps through either WiFi connections or carrier networks.
Still, he said, “The level of risk here is extremely small,” because BlackBerry’s security technology would make it difficult for a hacker to succeed in gaining data through an attack.
“It’s a very complex attack that has to be timed in a very small window,” he said, adding that it was safe to continue using those apps before an update is issued.
Google spokesman Christopher Katsaros declined comment. Officials with Apple could not be reached.
Security experts say that other mobile apps are also likely vulnerable because they use OpenSSL code.
Michael Shaulov, chief executive of Lacoon Mobile Security, said he suspects that apps that compete with BlackBerry in an area known as mobile device management are also susceptible to attack because they, too, typically use OpenSSL code.
He said mobile app developers have time to figure out which products are vulnerable and fix them.
“It will take the hackers a couple of weeks or even a month to move from ‘proof of concept’ to being able to exploit devices,” said Shaulov.
Technology firms and the U.S. government are taking the threat extremely seriously. Federal officials warned banks and other businesses on Friday to be on alert for hackers seeking to steal data exposed by the Heartbleed bug.
Companies including Cisco Systems Inc, Hewlett-Packard Co, International Business Machines Corp, Intel Corp, Juniper Networks Inc, Oracle Corp Red Hat Inc have warned customers they may be at risk. Some updates are out, while others, like BlackBerry, are rushing to get them ready.
Facebook released its second government requests report covering the second half of 2013, and it expands its scope from the first one in two ways. First, it includes requests to restrict or remove users’ content from the site, whereas the first report was limited to requests for account information. And second, the report now includes data on Instagram, the photo sharing site owned by Facebook.
Facebook is not breaking out the number of Instagram requests; they’re included in the overall tallies. But Instagram’s inclusion speaks to the popularity of the service, which Facebook acquired in 2012 but didn’t include in its government requests report for the first half of 2013.
The report includes data on government requests to receive data about Instagram accounts and to restrict access to its content.
Facebook receives requests to restrict or remove content based on countries’ laws over what can be shared online. When the request is legally sound, Facebook restricts access to content in the specific country whose government objected to it. If Facebook also determines that the flagged content violates its own standards, it removes the content globally. Separately, Facebook also receives requests for account information and data, many of which relate to criminal cases such as robberies or kidnappings.
Facebook does not hand over data every time it receives a government request — sometimes the requests are overly broad or vague, or do not comply with legal standards, the company says.
In the U.S., Facebook received about 12,600 law enforcement requests in the second half of 2013, up from the range of 11,000-12,000 it tallied in its first report. For the second half of 2013, Facebook said it produced data for about 81 percent of the requests.
Regarding U.S. government requests about national security matters, Facebook reported it may have received none or as many as 999, saying it couldn’t be more specific due to U.S. legal restrictions.
Governments in other countries across the world are also interested in Facebook users’ data. India ranked second behind the U.S. with about 3,600 requests targeting more than 4,700 accounts. Facebook produced data for roughly half of those requests.
More than 1,900 requests came from the U.K., while the governments of France, Germany and Italy each served Facebook with more than 1,600 data requests.
Besides Facebook, other companies like Yahoo, Google and Microsoft periodically release their own government request reports, as part of an effort to be more transparent to users. The tallies have taken on increased significance following leaks about U.S. government surveillance made by former contractor Edward Snowden.
The Internet retailer would jump into a crowded market dominated by Apple Inc and Samsung Electronics Co Ltd.
The company has recently been demonstrating versions of the handset to developers in San Francisco and Seattle. It intends to announce the device in June and ship to stores around the end of September, the newspaper cited the unidentified sources as saying.
Amazon has made great strides into the hardware arena as it seeks to boost sales of digital content and puts its online store in front of more users. Amazon recently launched its $99 Fire TV video-streaming box and its Kindle e-readers and Fire tablets already command respectable U.S. market share after just a few years on the market.
Rumors of an Amazon-designed smartphone have circulated for years, though executives have previously played down ambitions to leap into a heavily competitive and increasingly saturated market.
Apple and Samsung, which once accounted for the lion’s share of the smartphone market, are struggling to maintain margins as new entrants such as Huawei and Lenovo target the lower-income segment.
To stand out from the crowd, Amazon intends to equip its phones with screens that display three-dimensional images without a need for special glasses, the Journal said.
Amazon officials were not immediately available for comment.
An international subsidiary of HP has agreed to plead guilty to violating the U.S. Foreign Corrupt Practices Act and admit to its role in bribing Russian officials to secure a big contract there, the U.S. Department of Justice said.
The U.S. is also entering into “criminal resolutions” with HP subsidiaries in Poland and Mexico, relating to contracts with Poland’s national police agency and Mexico’s state-owned petroleum company, the DOJ said.
The HP entities will pay a total of $77 million in criminal penalties and forfeiture related to those dealings. HP has also reached a deal with the U.S. Securities and Exchange Commission that will cost it a further $31 million.
The subsidiaries created a “slush fund” for bribe payments and set up “an intricate web of shell companies and bank accounts” to launder money, Deputy Assistant Attorney General Bruce Swartz said in a statement.
HP said it had cooperated with the investigations.
“The misconduct described in the settlement was limited to a small number of people who are no longer employed by the company,” John Schultz, HP’s general counsel, said in a statement.
The investigation had been ongoing for some time, and HP said last month it was close to resolving the matter.
The Russian dealings date back to 1999, when the government there announced a project to automate the IT systems at the Office of the Prosecutor General of the Russian Federation — essentially Russia’s equivalent of the DOJ.
The project was worth more than $100 million, and employees at HP Russia structured the deal to include a fund of several million dollars, at least part of which was intended as bribes for Russian officials, the DOJ said.
The DOJ acknowledged HP’s “extensive cooperation,” and HP said it would set up certain compliance and reporting programs.
It’s not the only company to have run into trouble doing business overseas. IBM and Oracle in the past have also reported potential violations of the Foreign Corrupt Practices Act.
The search engine’s funding arm, Google Ventures, invested an undisclosed sum that’s part of a $2 million seed financing package led by Morado Venture Partners, with AME Cloud Ventures and individuals also pitching in.
Established in 2013, California-based Savioke is led by CEO Steve Cousins, who was in charge of the creation of the PR2 robot and the popular Robot Operating System (ROS) while president and CEO of Willow Garage, an influential robotics firm that spun off eight robotics companies.
Savioke did not give details about its plans to develop a service robot, but said the machine would use the open-source ROS and customer trials would begin later this year.
Its website describes its aspiration to bring robotics to “hotels, elder care facilities, hospitals, restaurants…anywhere people sleep or eat.”
“We see tremendous opportunity by delivering a robot for the services industry,” Cousins wrote in an email. “In the coming months, the information and feedback we receive from our trials will help us determine our first point of entry.”
Google did not immediately respond to a request for information about the investment.
With former Android chief Andy Rubin leading its interest in robotics, the search engine has been on a shopping spree for robot companies lately.
It has acquired such firms as Japan-based Schaft, which developed a full-size bipedal humanoid robot that won the prestigious DARPA Robotics Challenge trials in December 2013. The challenge is sponsored by the U.S. military’s Defense Advanced Research Projects Agency, an arm of the Department of Defense.
The jewel in Google’s robot crown, however, is Boston Dynamics, a military contractor known for creating both humanoid machines such as the Terminator-like Atlas, and robots inspired by animals, such as BigDog, a cargo-carrying machine funded by DARPA.
Google CEO Larry Page has speculated that Rubin’s robot project could succeed like Android.