Subscribe to:

Subscribe to :: ::

Alibaba Adds Second Data Center in Silicon Valley

October 13, 2015 by mphillips  
Filed under Around The Net

Continuing the expansion of its AliCloud cloud computing business, Alibaba Group is adding a second data center in Silicon Valley.

The Chinese company said the data center will span over 10 cloud services including Elastic Compute Service, offering scalable computing services, an Analytic Database Service that provides real-time, high-concurrency online analytical processing, and a Cloud Monitor System using an open platform for the real-time monitoring of sites and servers.

Alibaba did not respond to a request for more information on the new data center.

The company said earlier this year that it was investing US$1 billion in its cloud computing business.  It launched its first data center in Silicon Valley in March, confirming its ambitions to enter the U.S. market.

The new data center is designed to accommodate the cloud and big data requirements of customers in the U.S. West Coast for the next three to five years, the company said. Alibaba has been targeting Chinese enterprises in the U.S, but it eventually wants to also attract U.S. firms there.

The launch of a data center in Silicon Valley enables Internet companies in China to expand their businesses in North America, Simon Hu, president of Alibaba cloud computing, said in May. Beyond that, the strategy would be predicated on consumer demand, the executive said ahead of the launch of the second data center in California.

Although smaller than some of its peers like Amazon Web Services, the company is rated by analysts as the largest cloud services provider in China,  and has the opportunity to expand its business in Asia and other markets as some of its Chinese customers expand their operations outside China.



Are Some Cisco VPN Devices Facing A Security Risk?

October 13, 2015 by Michael  
Filed under Computing

A problem with Cisco VPN systems could be exposing enterprise passwords to the sort of people who use them for bad things.

Yesterday we had Cisco warning about someone else’s problem, but today we have a company called Volexity volleying a shot in Cisco’s direction. Volexity said that it has found two exploitable vulnerabilities that can be used to drain details from databases. It reckons that this represents an upscaling in attacks, their means and their methods.

The problems exist in the web-based Cisco Clientless SSL VPN (Web VPN) that connects users to Cisco Adaptive Security Appliance devices. A screenshot shows this as a typical log-in box that asks for a username and password.

“The method is novel and surprisingly obvious at the same time. Attackers have been able to successfully implant JavaScript code on the log-in pages that enables them to surreptitiously steal employee credentials as they log-in to access internal corporate resources,” warned the firm in a blog post.

“As the industry is learning, firewalls, network devices and anything else an attacker might be able to gain access to should be scrutinised just as much as any workstation or server in an organisation.

“Having your own devices turned against you can make for a bad week. This represents yet another way attackers are taking credential theft and network persistence to the next level.”

We have asked Cisco to comment on the Volexity report, and are waiting for a response. Volexity has plenty to say, and explained that even two-factor authentication would have quailed in the face of the threat because of its positioning on the network.

The vulnerability has been present for at least a year, according to the study, and has been addressed by Cisco in the past. However, hackers moved fast and got a foot in the door.

“While Cisco provided updated software to address the vulnerability, attackers were already off to the races. Vulnerable organisations that were slow to update may have received an unwelcome addition to the source of their logon.html file,” added Volexity.

“Victim organisations effectively had their Cisco Web VPN devices turned into credential collectors for the attackers. This particular round of attacks appears to have compromised several organisations around the globe.”

This is the second time in a month that Cisco has had the insecurity finger pointed at its hardware. In September Mandiant warned about Synful Knock. Then Cisco released prophylactic tools, and thanked the messenger.



Adidas To Offer Sneaker Customization Via 3D Printer

October 12, 2015 by mphillips  
Filed under Around The Net

Adidas announced a new performance running shoe line named Futurecraft 3D, which will give consumers the option of a custom-formed and 3D-printed midsole.

The midsole can be tailored to the shape and the cushioning needs of an individual’s foot.

Linked with existing data sourcing and foot-scan technologies, it opens unique opportunities for immediate in-store fittings, Adidas said in a statement.

“Imagine walking into an Adidas store, running briefly on a treadmill and instantly getting a 3D-printed running shoe – this is the ambition of the Adidas 3D-printed midsole,” the company said.

Adidas said with 3D printing using CAD software, it can create a flexible, fully breathable carbon copy of the a runner’s footprint, matching exact contours and pressure points. The midsole with be printed using a modified thermoplastic polyurethane (TPU).

“It’s brand-new in the marketplace and convinced us with its durable elasticity as well as high tear strength and abrasion resistance,” Adidas’s footwear development manager, Daniel Cocking, wrote in a recently published blog post.

Adidas is partnering with Materialise, a 3D printing service provider that will be creating the midsoles for the sports equipment company.

Cocking did not mention when the company will begin offering the custom-printed  midsole.

Materialise will use a 3D printing process called Laser Sintering, which uses a light beam to melt together powdered material on a print bed layer by layer.

Cocking said since 3D printing is so fast in prototyping stages, within 2 weeks “I had run in the shoe myself.” But there were other hurdles, he added.

“We found that stiffness of the midsole varied significantly as a result of very minor process or design changes,” Cocking stated. “We began a thorough investigation into the process parameters required to achieve the perfect cushioning.”

Adidas involved 15 of its development teams, adding a complex range of test methods and technical support that Cocking said created the world’s first running shoe that is “impossible to create in any other way.”





AT&T Finally Offers Wi-Fi Calling

October 12, 2015 by mphillips  
Filed under Mobile

AT&T has finally rolled out Wi-Fi calling on newer-model iPhones running iOS 9  after winning permission from the Federal Communications Commission.

Wi-Fi Calling helps users get better connections indoors where cellular service can be spotty. Where permitted by a carrier, it can also eliminate international calling costs of up to $1 a minute.

T-Mobile and Sprint already offer Wi-Fi calls on certain devices, and T-Mobile started the practice as early as 2007 without securing the same permission from the FCC that AT&T received.

AT&T said the iPhone 6S, iPhone 6S Plus, iPhone 6 and iPhone 6 Plus will support Wi-Fi Calling if they have iOS 9 installed.

To add Wi-Fi calling to an eligible iPhone, according to Apple’s website, go to Settings> Phone> Wi-Fi Calling. You will then be prompted to answer a few questions.

With AT&T’s announcement, Verizon Wireless is expected to follow suit.

T-Mobile allows customers on certain devices to make Wi-Fi calls “virtually anywhere” there is Wi-Fi access. However, AT&T said its Wi-Fi Calling service will be available only when calling or texting from the U.S., Puerto Rico and the U.S. Virgin Islands.

AT&T didn’t offer an explanation for its restriction to those geographies.

In a blog post AT&T bemoaned that T-Mobile and Sprint were allowed to move ahead so much earlier, without receiving the same permission in the form of a waiver that AT&T sought and received.

“We are left scratching our heads as to why the FCC still seems intent on excusing the behavior of T-Mobile and Sprint who have been offering these services without a waiver for quite some time,” said Jim Cicconi, senior executive vice president of external affairs at AT&T.

The FCC waiver permits AT&T to begin offering Wi-Fi calling without also offering teletypewriter (TTY) communications for the deaf, hard of hearing and speech-impaired.

AT&T wants to set up RTT (Real Time Texting) instead, arguing it works better over the Internet. Once implemented, RTT would be backward compatible with TTY, AT&T said in a blog in July.

Roger Entner, an analyst at Recon Analytics, said AT&T probably sought and received the waiver to avoid an FCC fine for proceeding without permission.

He said Verizon has also proceeded slowly on Wi-Fi calling, hoping also to avoid a fine for the same reason.

“Verizon has not launched Wi-Fi calling but now that AT&T has the waiver, I would expect Verizon to launch shortly,” Entner said. “Sprint and T-Mobile didn’t bother to get a waiver and apparently they are less afraid of the FCC. Historically, they have gotten nicer treatment from the FCC.”





Qualcomm Goes LTE For Microsoft

October 12, 2015 by Michael  
Filed under Computing

Qualcomm has continued its friendship with Microsoft by extending its latest LTE-Advanced modem, the X12, to Windows 10 notebooks and tablets.

The chipmaker was the only major chip provider to optimize its architecture for Windows Phone, and Microsoft’s Lumia devices, which run on Snapdragon 808 and 810 chips.

The Windows 10 devices which come to market later this year will have the option to integrate cellular connectivity with the X12, X7 or X5 LTE modems, which support the Microsoft operating system’s native Mobile Broadband Interface Model (MBIM).

Qualcomm said this would give business users, in particular, a similar experience on their large-screened devices as on their smartphones, giving the particular examples of location-based services and security driving LTE usage on PCs and tablets.

Integrated cellular connectivity has not been so important for notebook users, outside of a few scenarios such as WiFi-less trains, most wireless access from notebooks, and even tablets, is over a WLAN.

Qualcomm makes WiFi chips for portable devices but it does not have such a big market share. Working with Microsoft means it could have a higher presence and a far better chance of delivering mass sales. The Surface Pro and its new Surface Book, is getting good reviews and might even be popular.


Apple Removes Data Spying Apps From Store

October 12, 2015 by mphillips  
Filed under Around The Net

Apple has removed several apps from its store that it said could pose a security risk by exposing a person’s Web traffic to untrusted sources.

The company recommended deleting the apps but did not name them, which may make it hard for people to know which apps put their data at risk.

The apps in question installed their own digital certificates on a person’s Apple mobile device. It would enable the apps to terminate an encrypted connection between a device and a service and view the traffic, which is a potential security risk.

Most websites and many apps use SSL/TLS (Secure Socket Layer/Transport Security Layer), a protocol that encrypts data traffic exchanged with a user. SSL/TLS is a cornerstone of Web security, ensuring data traffic that is intercepted is unreadable.

It is possible in some cases to interfere with an encrypted connection. Many enterprises that want to analyze encrypted traffic for security reasons will use SSL proxies to terminate a session at the edge of their network and initiate a new one with their own digital certificate, allowing them to inspect traffic for malicious behavior.

In that scenario, employees would likely be more aware or expect that kind of monitoring. But people downloading something from the App Store probably would have no idea of the access granted to their sensitive data traffic.

Apple checks applications to ensure that malicious ones are not offered in its store. Those checks are in large part the reason why Apple has had fewer problems with malicious mobile applications in its store.

Installing digital certificates isn’t itself a malicious action per se, but Apple may be concerned that users are not fully aware of the consequences of allowing an app to do so.




Uber Cast Suspicion Towards Lyft Over Hacking

October 9, 2015 by mphillips  
Filed under Around The Net

Eight months after admitting a major data breach, ride service Uber is focusing its legal efforts on obtaining more information about an internet address that it has persuaded a court could lead to identifying the hacker. That address, two sources familiar with the matter say, can be traced to the chief of technology at its main U.S. rival, Lyft.

In February, Uber revealed that as many as 50,000 of its drivers’ names and license numbers had been improperly downloaded, and the company filed a lawsuit in San Francisco federal court in an attempt to unmask the perpetrator.

Uber’s court papers claim that an unidentified person using a Comcast IP address had access to a security key used in the breach. The two sources said the address was assigned to Lyft’s technology chief, Chris Lambert.

The court papers draw no direct connection between the Comcast IP address and the hacker. In fact, the IP address was not the one from which the data breach was launched.

However, U.S. Magistrate Judge Laurel Beeler ruled that the information sought by Uber in a subpoena of Comcast records was “reasonably likely” to help reveal the “bad actor” responsible for the hack.

On Monday, Lyft spokesman Brandon McCormick said the company had investigated the matter “long ago” and concluded “there is no evidence that any Lyft employee, including Chris, downloaded the Uber driver information or database, or had anything to do with Uber’s May 2014 data breach.”

McCormick declined to comment on whether the Comcast IP address belongs to Lambert. He also declined to describe the scope of Lyft’s internal investigation or say who directed it.

Lambert declined to comment in person or over email.



Dell Said To Be Pursuing Purchase Of EMC

October 9, 2015 by mphillips  
Filed under Computing

Dell Inc, the world’s third largest personal computer maker, is holding discussions to acquire data storage company EMC Corp, a person familiar with the matter said, in what could be one of the biggest technology deals ever.

A deal could be an option for EMC, under pressure from activist investor Elliott Management Corp to spin off majority-owned VMware Inc.

The terms being discussed were not known, but if the deal goes through it would top Avago Technologies’ $37 billion offer for Broadcom. EMC has a market value of about $50 billion.

Dell is also in talks with banks to finance an all-cash offer for EMC, the person told Reuters on condition of anonymity as the talks were confidential.

Dell spokesman David Flink and EMC spokesman Dave Farmer declined to comment.

A deal could further strengthen Dell’s presence among corporate clients at a time when founder Michael Dell has been trying to transform the company he founded in 1984 into a complete provider of enterprise computing services such as Hewlett-Packard Co and IBM.

The talks come two years after Michael Dell and private-equity firm Silver Lake took Dell private for $24.9 billion, ending its decades-long run as one of the world’s largest publicly traded PC makers.

In August, Re/code reported that EMC was contemplating a takeover by VMware. The Wall Street Journal reported last year that EMC was exploring options and had held talks with Dell and HP.




Is The Tablet Space Drying Up?

October 9, 2015 by Michael  
Filed under Computing

Demand for Tablets is getting so weak that more chip suppliers plan to phase out their tablet-IC businesses.

The so-called “game-changing technology” when Apple launched it, is turning out to be just another fad – much like the iPod.

Digitimes reports that its deep throats in Taiwan-based IC design houses are giving up on tablets, which have been killed off by large-size smartphones. Tablet demand worldwide will likely decline 10-20 per cent in 2016 which will probably kill the fad off.

Shipments of tablets running Android OS might be less than 160 million units in 2015, and will fall further to 120-130 million in 2016, the sources predicted.

As a result, international vendors have decided to leave the tablet-IC market because of low prices which will yield them low profits. Meanwhile weak demand, price competition among tablet chip providers remains intense.

The only one to see an increase in sales has been MediaTek. Its shipments for tablets continue to grow and it aims to ship 45 million tablet chips in 2015. It is not sure what black magic the outfit is performing to buck the trend.  We hate to say we told you so, but this was inevitable.



Panasonic Announces World’s Most Powerful Solar Panel

October 8, 2015 by mphillips  
Filed under Around The Net

Panasonic’s Eco Solutions division has announced the launch of what it is calling the most powerful photovoltaic panel in the world.

The new prototype solar panel has a solar energy conversion efficiency of 22.5% on a commercial-sized module. The prototype was built using solar cells based on mass-production technology, Panasonic said.

Last year, Panasonic announced it had achieved a photovoltaic cell efficiency rating of 25.6%.

“This new record on module-level efficiency adds to the 25.6% efficiency record achieved last year at cell-level. The new panel efficiency record demonstrates once again Panasonic’s…ongoing commitment to move the needle in advanced solar technology,” Daniel Roca, senior business developer at Panasonic Eco Solutions Europe, said in a statement.

The latest advance, in theory, allows Panasonic to squeak past SolarCity as having the most efficient solar panel in the world. SolarCity announced last week that it had achieved an efficiency rating of 22.04% in panels that it will begin manufacturing this month.

However, Panasonic’s solar panels are based on “thin-layer” solar cells, which are more expensive to produce than the standard solar cells being used by SolarCity.

Panasonic was also unable to give a date for when its panels would be used in commercial solar panels. However, it did say it’s planning for a mid- to late-2016 release time.

The new solar panel test results were confirmed by the Japanese National Institute of Advanced Industrial Science and Technology (AIST), Panasonic said.

The 72-cell, 270-watt prototype solar module incorporates “newly developed enhanced technology” that will eventually be scaled to volume production, Panasonic said.



Sony Says 2016 Is Make-Or-Break Year For Smartphone Unit

October 8, 2015 by mphillips  
Filed under Mobile

Sony Corp’s chief executive pegged 2016r as a make-or-break year for its struggling smartphones, saying it could consider other options for the unit if it failed to turn profitable.

After years of losses, Chief Executive Kazuo Hirai has engineered a successful restructuring drive at Sony, with recent results showing improvement thanks to cost cuts, an exit from weak businesses such as PCs, as well as strong sales of image sensors and videogames. But its smartphone business has been slow to turn around.

“We will continue with the business as long as we are on track with the scenario of breaking even next year onwards,” Hirai told a group of reporters on Wednesday. “Otherwise, we haven’t eliminated the consideration of alternative options.”

Sony and other Japanese electronics makers have struggled to compete with cheaper Asian rivals as well as the likes of Apple Inc and Samsung Electronics.

Sony phones including its Xperia-branded smartphones held only 17.5 percent of the market in Japan and less than 1 percent in the North America, according to company data last year.

The electronics giant in July lowered its forecast for its mobile communications unit to an operating loss of 60 billion yen in the current fiscal year from an earlier estimate of a 39 billion yen loss.

“I do have a feeling that a turnaround in our electronics business has shown progress. The result of three years of restructuring are starting to show,” he said. “But we still need to carry out restructuring in smartphones.”



Verizon Finds New Use For Its ‘Supercookie’

October 8, 2015 by mphillips  
Filed under Mobile

Verizon’s purchase of AOL means that ads for some U.S. mobile users are about to get a whole lot more targeted.

The company has updated its privacy policy, saying that it now shares unique identifying information about users of its mobile phone network with the AOL Advertising Network, which claims as customers 74 of the top 100 websites tracked by ComScore.

The move will allow AOL to target ads at visitors to its sites and others using information from Verizon’s databases as well as its own. According to Verizon’s October 2015 privacy notice, the targeting criteria include visitors address, email address, age range, gender, interests, location, mobile web browsing history and app usage. The company can also track some non-mobile web browsing, to sites carrying AOL ads, it said.

Verizon links all this information together using a patchwork of identifiers, including ad IDs from Apple and Google, browser cookies from AOL, and its own Unique Identifier Header (UIDH) which it adds to mobile data traffic on its network. It’s this last item that ads significantly to AOL’s ad targeting power, as it’s easy to delete or change the other identifiers.

It’s also now possible to opt out of Verizon’s UIDH system too, thanks to reporting by ProPublica, which earlier this year revealed that the company was still using the identifier to track users who had deleted it.

Concern about targeted advertising is rising, with an increasing number of Internet users opting out of advertising altogether through the use of ad-blocking software. Apple recently made it possible to download content blockers for its Safari browser on iOS, prompting a flurry of players to enter the market.

Some see such blockers as a tool to force the online advertising industry to change its ways. One, Eyeo, deliberately lets through certain ads, as long as they are unobtrusive. It introduced has its own iOS content blocker — but also taken steps to win over other developers to its platform by making its process for allowing some ads through the blocker more transparent.



Google Issues Patch For Latest Stagefright Flaw

October 7, 2015 by mphillips  
Filed under Mobile

Google has released fixes for two new Stagefright-related vulnerabilities, one of which affects Android versions going back to 2008 and puts millions of users at risk.

The flaws were found by security company Zimperium, which also unearthed the original Stagefright flaws in April.

In an advisory Google said it didn’t appear that attackers have started exploiting the vulnerabilities yet.

The latest flaws are only slightly less dangerous than their predecessors, which allowed a device to be compromised merely by sending a specially crafted multimedia message (MMS). An attacker needed only to know the victim’s phone number.

To exploit the latest flaws, dubbed Stagefright 2.0, an attacker would have to convince a user to visit a website and play a piece of audio or video content.

The vulnerabilities relate to problems with how Android processes metadata within that content, Zimperium said in a blog post.

Google has released an over-the-air update for its Nexus Android devices and had notified its partners of the issues by Sept. 10, the company said.

Zimperium held off releasing proof-of-concept exploit code but will allow some of its partners to see it later this month, it said.

In light of the number of users affected by Stagefright, Google said in August it would begin issuing monthly security patches, mirroring steps taken years ago by companies including Microsoft for desktop software.

Still, fixing software problems on mobile devices is a disjointed affair and users are dependent on device manufacturers and operators for timely patching. After Google’s announcement, major manufacturers including Samsung and LG also committed to monthly patching.



SanDisk Building Industrial Strength Components For IoT

October 7, 2015 by mphillips  
Filed under Consumer Electronics

Consumers use flash memory cards in phones, tablets and cameras almost daily. But put those same cards in security cams, cellular base stations or the electrical grid and you’ll have a problem.

Industrial devices need flash that can work harder and withstand more extreme temperatures than consumer gear, and they’ll be operating out in the field years after a typical phone or camera card has been replaced. So SanDisk is introducing a line of components built for the Internet of Things.

IoT is expected to put thousands of sensors, meters, robots and machines into the field with growing needs to process and store data.

The SanDisk Industrial line includes cards for the familiar SD, microSD and eMMC (embedded MultiMediaCard) standards, but built to tougher specifications.

For example, the SanDisk Industrial XT SD Cards and XT iNAND embedded flash drives announced Monday are rated to work in temperatures as low as -40 degrees Celsius (-40 Fahrenheit), compared with -25 Celsius for a typical consumer SD card.

The industrial cards can also write more data before they have to be replaced: as much as 128TB, far more than is typical for a consumer-grade part, said Martin Booth, director of SanDisk Industrial and SanDisk Automotive. This kind of endurance is what’s needed in IoT devices like remote video cameras that will capture video around the clock for as long as five years, he said. Otherwise they would have to be replaced more frequently, a costly proposition if the owner needs to send out a truck and a technician.

Another feature, Enhanced Power Immunity, will help prevent data loss in case of power failure. It uses special firmware for recovering data if the power is cut off, something ordinary flash cards may not be able to do if, for example, the user pulls a card out of a PC while it’s still transferring data.

The new parts range in size from 4GB or 8GB up to 64GB and will cost more than comparable consumer-grade products, but less than twice as much, Booth said.




Retailers Possibly To File Lawsuit Over Chip Cards

October 6, 2015 by mphillips  
Filed under Around The Net

U.S. retailers are considering filing lawsuits against banks and credit card companies over the slow implementation of chip-based card technology and the possible financial liability merchants began facing that started Oct. 1.

Retailers that did not install newer chip-enabled point of sale terminals in stores, restaurants and hotels as of Oct. 1 have to pay an extra fee to cover counterfeit fraud. Before banks were liable for consumers’ use of magnetic stripe credit and debit cards. The liability shift deadline on Oct. 1 was set by banks four years ago to prompt the use of more secure chip technology to help lower the cost of fraud.

The passing of the deadline didn’t apparently cause any significant problems for store operations, according to comments from five national retail and credit card officials. That’s partly because consumers can still use magnetic stripe cards and might not even possess the newer chip cards.

For merchants, the situation is often more dire. Many retailers — with the notable exceptions of Walmart and some other big chains — have complained of backlogs of six to nine months in getting card companies to certify their new card terminals for use. Without the certification, retailers can’t use their new chip card payment terminals and face extra costs for fraud insurance.

The backlog is unfair to retailers, and is likely to lead to a lawsuit by one or more of the affected merchants, said Mark Horwedel, CEO of Merchant Advisory Group. MAG has 97 members, including some of the nation’s largest retailers, that collectively represent $2.6 trillion in annual sales.

“We’ve been the leading complainer about how the card brands are implementing [chip] cards in the U.S.,” Horwedel said in an interview. Card providers and banks “picked the Oct. 1 date without providing a blueprint to merchants on how to process debit transactions with chip cards.”