One of the better-known sites, Insecam, appeared to have gone offline after the warnings, but at least one site that publishes similar content was still available.
The websites show footage from security cameras used by businesses and in people’s homes, including CCTV networks that secure buildings and even cameras built into baby monitors.
Last week the U.K.’s data protection watchdog warned of a website based in Russia that accesses thousands of webcams using their default logins and passwords, which it said can be easily found online.
The U.S. Federal Trade Commission also weighed in, warning users to ensure video feeds are encrypted and that wireless routers are protected by passwords.
“Once you’ve bought your IP camera, check its security settings and keep its software up-to-date,” wrote Nicole Vincent Fleming, a consumer education specialist with the FTC in a blog post.
Security experts have long warned that not changing the default credentials on such devices can allow them to be accessed by hackers.
The domain name Insecam.cc was registered through GoDaddy earlier this month, though whoever registered it chose to keep their registration details private in the “whois” domain directory.
The U.K. information commissioner has reportedly urged the Russian authorities to take down the site.
The end-to-end encryption comes thanks to a collaboration between WhatsApp and Open Whisper Systems, an open-source development company focused on secure communications.
Facebook-owned WhatsApp has more than 600 million users who log in monthly, making Open Whisper’s encryption deployment the largest ever in the area of end-to-end encrypted communication, Open Whisper said.
The encryption is on by default. It’s only available for Android right now, though the companies are working to roll out support for other platforms.
End-to-end encryption has gained attention following the disclosures about government surveillance last year by former NSA contractor Edward Snowden. Meanwhile, the flood of cyber attacks targeting retailers and Internet companies alike have highlighted the need for better data security.
Edward Snowden himself has called end-to-end encryption the best possible form of encryption, because it keeps people’s data encrypted even while it’s on company servers. The data, in theory, can only be decrypted on people’s personal devices. That means outside groups must target individuals’ machines if they want to access the data.
Some other mainstream services like Google have released products to facilitate end-to-end encryption. And along with Apple, Google’s also working to make encryption the default on smartphones.
But end-to-end encryption still is primarily offered by lesser known companies that don’t rely on people’s data for advertising.
WhatsApp’s end-to-end encryption uses Whisper’s TextSecure protocol, which encrypts text messages over the air and on people’s phones.
WhatsApp declined to comment further on the encryption deployment.
“We felt we could leverage analytics to build an experience that understands your priorities,” said Jeff Schick, general manager of IBM social solutions, of the app that launched as a private beta on Tuesday. “We had the opportunity to reduce clutter and create priority, and to help people be more efficient in how they master their inbox.”
The company plans to offer Verse in the first quarter of 2015 as a hosted service though the IBM Cloud Marketplace. IBM will also issue apps for both iOS and Android that can access all the same features as the desktop browser version.
“They are addressing known problems, inbox clutter, prioritization and the ability to access different modes of communication, from an integrated user experience,” Rob Koplowitz, research analyst at Forrester who covers collaboration software, wrote in an e-mail.
IBM first announced the new e-mail software in January, under the working name of Mail Next.
Like IBM’s Notes e-mail client, Verse relies on the IBM Domino e-mail server. Unlike Notes, which was built on a client-server architecture, Verse is entirely Web-based. Going forward, IBM will encourage customers to use Verse as an enterprise email client, except for those organizations that have built their own applications on Notes’ Eclipse-based development platform, Schick said.
The company did not reveal pricing of Verse, other than state it will offer a no-cost “freemium” version that would be available for individual users. A version of the software that can be run on-premise will be released later in 2015.
The service, dubbed Snapcash, allows Snapchat users to link their debit cards to their account and quickly send money to a contact by starting a chat on a smartphone, typing in a dollar sign and an amount and hitting a green button, Snapchat explained in a post on its official blog.
The move marks the latest sign of expansion plans for Los Angeles-based Snapchat, which lets users exchange photos that automatically disappear after a few seconds. The company has been valued at $10 billion in its most recent fundraising effort, according to media reports, and is considered a growing threat to Web companies including Facebook Inc and Twitter Inc.
“We set out to make payments faster and more fun, but we also know that security is essential when you’re dealing with money,” Snapchat said in the post.
The company said that debit card information will be stored by Square and that Square will process the payments, transferring money between bank accounts. Snapchat said that Snapcash is available in the United States for users aged 18 and above.
Encryption should be a matter of priority and used by default. That’s the message from the Internet Architecture Board (IAB), the worldwide body in charge of the internet’s technology infrastructure.
The IAB warned in a statement that “the capabilities and activities of attackers are greater and more pervasive than previously known”.
It goes on to say: “The IAB urges protocol designers to design for confidential operation by default. We strongly encourage developers to include encryption in their implementations, and to make them encrypted by default.
“We similarly encourage network and service operators to deploy encryption where it is not yet deployed, and we urge firewall policy administrators to permit encrypted traffic.”
The purpose, the IAB claims, is to instill public trust in the internet after the myriad high-profile cases in which computer traffic has been intercepted, ranging from bank details to email addresses and all points in between.
The news will be unwelcome to the security services, which have repeatedly objected to initiatives such as the default encryption in iOS8 and Android L, claiming that it is in the interest of the population to retain the right to intercept data for the prevention of terrorism.
However, leaked information, mostly from files appropriated by rogue NSA contractor Edward Snowden, suggests that the right of information interception is abused by security services including the UK’s GCHQ.
These allegations include the collection of irrelevant data, the investigation of cold cases not in the public interest, and the passing of pictures of nude ladies to colleagues.
The world’s No.1 Internet social network with 1.35 billion monthly users has been quietly testing a version of its website aimed at workplace collaboration. The service, dubbed Facebook at Work, allows users to exchange messages and share documents using Facebook’s scrolling news feed and other familiar features from the consumer version of Facebook.
The professional version of Facebook, which could compete with services such as LinkedIn Corp, as well as Salesforce.com Inc and Microsoft Corp, would allow users to maintain special profiles that are distinct from their existing Facebook profiles, the person said. Work activities would not be shared on a user’s personal profile, and the baby photos, videos and general banter popular in the consumer version of Facebook would not encroach into the professional version.
A Facebook team in London is leading the effort and a small number of companies are currently running a pilot version of the service, the person said.
It is still unclear how Facebook plans to make money from the professional service. Facebook is not currently charging a subscription fee for the version being tested, according to a report in the Financial Times, which first reported news of the service. Facebook currently generates the bulk of its revenue from ads that appear on its existing service.
Soon to be released bracelets with technology from Intel Corp and design cues from fashion brand Opening Ceremony will connect the wearer with Facebook, Google and Yelp via an AT&Tdata plan,no smartphone necessary.
Called My Intelligent Communication Accessory, or MICA, the snakeskin bracelets are aimed at fashion-conscious women and are an attempt by the two companies to stand out in a growing field of often-clunky smartwatches and fitness brands that have yet to catch on widely with consumers.
“We really approached this first and foremost about why would a woman want to wear this everyday, and how can it be incorporated into her wardrobe,” Humberto Leon, creative director at Opening Ceremony, said in a phone interview last week.
As well as lapis stones, obsidian and an 18k gold coating, the devices include a sapphire curved screen on the inside of the wrist that displays text messages, calendar items and events from Google and Facebook, and recommendations of nearby restaurants and stores from Yelp.
After Intel was late to smartphones and tablets in recent years, Chief Executive Brian Krzanich has been determined to make sure the top chipmaker is at the forefront of future trends in mobile computing.
Krzanich gave the green light for the chipmaker to develop the bracelet with Opening Ceremony after his wife wore a prototype for several days and liked it, he recently said.
Incoming alerts discreetly vibrate the bracelet instead of making a noise. Its $495 price tag includes a two-year data plan with AT&T, which means it does not rely on a smartphone for connectivity, as do most smartwatches, the companies said in a press release.
As well as working with Opening Ceremony, Intel in March bought fitness bracelet maker Basis Science and it has teamed up with watch retailer Fossil Group to develop other wearable computing devices.
The social network has launched Privacy Basics, a page set up to offer users advice and how-to tips to make sure they have the level of privacy they want for their Facebook profiles.
Facebook also is giving users an early look at changes the company plans on making to its terms of service, data policy and cookies policy. Users have a week to make comments or suggestions about what’s coming.
“Over the past year, we’ve introduced new features and controls to help you get more out of Facebook, and listened to people who have asked us to better explain how we get and use information,” wrote Erin Egan, Facebook’s chief privacy officer. “Protecting people’s information and providing meaningful privacy controls are at the core of everything we do, and we believe today’s announcement is an important step.”
Facebook has had its share of privacy controversies. It has repeatedly been criticized for its privacy policies and even for the difficulty in using privacy controls.
“This may showcase that Facebook is finally beginning to understand perceptions are important,” said Rob Enderle, an analyst with the Enderle Group. “This really isn’t a change in policy but a change in how they communicate what they are doing. This kind of thing can improve trust and, if they keep it up, it should improve customer retention and satisfaction.”
Facebook, he added, may be losing some of the “arrogance” it had previously shown users.
Zeus Kerravala, an analyst with ZK Research, said Facebook’s move could encourage a lot of users to increase the privacy around their posts and photos.
The new Privacy Basics page offers interactive guides to what Facebook says are the most commonly asked questions about how users can control their information.
Researchers at the University of Utah have developed self-healing software that detects, expunges and protects against malware in virtual machines.
Called Advanced Adaptive Applications (A3), the software suite was created in collaboration with US defence contractor Raytheon BBN over a period of four years.
It was funded by DARPA through its Clean-Slate Design of Resilient, Adaptive, Secure Hosts programme, and was completed in September, Science Daily reported on Thursday.
A3 features “stackable debuggers”, a number of debugging applications that cooperate to monitor virtual machines for indications of unusual behaviour.
Instead of checking computer object code against a catalogue of known viruses and other malware, the A3 software suite can detect the operation of malicious code heuristically, based on the types of function it attempts.
Once the A3 software detects malicious code, it can apparently suspend the offending process or thread – stopping it in its tracks – repair the damage and remove it from the virtual machine environment, and learn to recognise that piece of malware to prevent it entering the system again.
The self-healing software was developed for military applications to support cyber security for mission-critical systems, but it could also be useful in commercial web hosting and cloud computing operations.
If malware gets into such systems, A3 software could detect and repair the attack within minutes.
The university and Raytheon demonstrated the A3 software suite to DARPA in September by testing it against the notorious Shellshock exploit known as the Bash Bug.
A3 detected and repaired the Shellshock attack on a web server within four minutes. The project team also tested A3 successfully on another six examples of malware.
Eric Eide, the research associate professor of computer science who led the A3 project team along with computer science associate professor John Regehr, said: “It’s pretty cool when you can pick the Bug of the Week and it works.”
The A3 self-healing software suite is open source, so it’s free for anyone to use, and the university researchers would like to extend its applicability to cloud computing environments and, perhaps eventually, end-user computing.
Professor Eide said: “A3 technologies could find their way into consumer products someday, which would help consumer devices protect themselves against fast-spreading malware or internal corruption of software components. But we haven’t tried those experiments yet.”
Emergency responders will be able to better locate callers who dial 911 on their cellphones from indoors as the U.S. wireless industry improves caller-location for the majority of such calls in the next few years.
Historically, satellite and other technologies have helped emergency responders find people who called from outdoors, while landlines commonly automatically provided dispatchers with an address. Cellphone calls from indoors, however, have been tougher to locate because walls weaken signals.
Verizon Communications Inc, AT&T Inc, Sprint Corp and T-Mobile US have reached a deal with public-safety groups to get specific location data to 911 dispatchers for 40 percent of wireless 911 calls within two years and 80 percent within six years.
The wireless association CTIA announced the agreement with the Association of Public-Safety Communications Officials and the National Emergency Number Association on Friday.
The deal marks a milestone in the long-running effort to help first-responders get to emergencies quickly as people increasingly rely on cellphones for 911 calls and to improve their ability to locate emergencies in places such as schools, shopping malls and hotels.
The Federal Communications Commission has long required data from wireless 911 calls to include location information based on outdoor technologies. But technology has been insufficient to direct responders to specific floors, rooms or particular areas of a building.
The FCC earlier this year challenged the wireless industry to help responders locate emergencies indoors, within 50 meters horizontally and 3 meters vertically, estimating it could save more than 10,000 lives every year.
The “heightened location accuracy,” available to supporting networks and handsets, will find callers through nearby devices connected to Wi-Fi or Bluetooth that will be logged with a specific location in a special emergency-services database.
Over time, the wireless carriers plan to ensure each handset can turn on Bluetooth or Wi-Fi connectivity in emergency-call instances, if it is disabled.
The FCC had proposed the rollout timeframe of two years for 67 percent of cellphone calls and five years for 80 percent, though the companies and public safety groups reached a slightly different consensus.
The action was taken in reference to events dating back to 2007, which saw employees of SAP’s TomorrowNow unit accused of illegally downloading Oracle software.
German company TomorrowNow was bought by SAP as a means to undercut Oracle’s internal tech support rates, with the ambition of getting customers to migrate to SAP solutions, reports Reuters.
In 2006, TomorrowNow started the process of undermining its parent’s position, offering cut-price support to users of the Siebel database and CRM.
Oracle was originally awarded $1.3bn back in 2010, but this was adjusted downwards on multiple appeals.
SAP acknowledged that its employees had been in the wrong, but disputed the damages awarded. SAP offered a $306m payment in 2012, but did so more in hope than expectation given its admissions.
Earlier in the year, a federal judge gave Oracle the option to settle for $356.7m or force a retrial, and the company has now decided on the former with a further $2.5m in interest.
“We are thrilled about this landmark recovery and extremely gratified that our efforts to protect innovation and our shareholders’ interests are duly rewarded,” said Oracle’s general counsel Dorian Daley.
“This sends a strong message to those who would prefer to cheat than compete fairly and legally.”
SAP agreed: “We are also pleased that, overall, the courts hearing this case ultimately accepted SAP’s arguments to limit Oracle’s excessive damages claims and that Oracle has finally chosen to end this matter.”
SAP announced a partnership with IBM last month to bring its HANA service to enterprise cloud users.
Sophos is betting that understaffed IT departments will want to use the cloud to deal with cyber attacks. Kris Hagerman, CEO of the computer security company, said SMBs often have small IT departments and may have no one dedicated to full-time security.
Sophos thinks the answer will be a cloud-based management console to work across its entire security portfolio, Hagerman said. The company’s UTM firewall product handles email security, endpoint and network protection, wireless, web filtering and web server defence.
The company has linked its UTM system to its endpoint protection product so the two can share data, which results in better overall security and easier management, Hagerman said. The system has been given the thumbs up from analyst outfit Gartner which said that its “ease of use consistently rates high. The interface contains general guidance on what each feature does, which is useful for SMB operators, who are not all security experts.”
Hagerman said Sophos’ end user and network businesses—it’s two main lines—are growing twice the rate of the market. There isn’t a magic formula to that growth, he said.
According to Jon Peddie Research (JPR), Nvidia has managed to claw back market share from AMD in the second quarter of 2014. JPR found that AMD’s overall unit shipments decreased 7% sequentially, while Intel and Nvidia gained 11.6% and 12.9% respectively. The ‘attach rate’ is almost flat at 155% (up 2%). A total of 32% of PCs tracked last quarter had discrete graphics, while 68% did not.
The PC market grew 6.9% sequentially, but it was down 2.6% year-on-year. Shipments of desktop graphics cards were up 7.8% from last quarter.
“Q3 2014 saw a flattening in tablet sales from the first decline in sales last quarter. The CAGR for total PC graphics from 2014 to 2017 is up to almost 3%. We expect the total shipments of graphics chips in 2017 to be 510 million units. In 2013, 454 million GPUs were shipped and the forecast for 2014 is 468 million,” JPR said.
Shipments of AMD APUs were up 10.5% over the last quarters, but AMD lost 16% in the notebook market. AMD’s discrete GPU shipments were down 19%, but notebook discrete shipments were up 10%. AMD’s overall graphics shipments were down 7%.
Intel’s desktop GPU shipments were stagnant (down 0.3%), but notebook shipments were up by 18.6%.
Nvidia’s desktop discrete shipments were up 24.3% sequentially, while notebook shipments increased 3.5% for an overall increase of 12.9%.
“Year-to-year this quarter AMD’s overall PC shipments decreased 24%, Intel increased 19%, Nvidia decreased 4%, and the others essentially are too small to measure,” the report found.
“Total discrete GPU (desktop and notebook) shipments from the last quarter increased 6.6%, and decreased 7.7% from last year. Sales of discrete GPUs fluctuate due to a variety of factors (timing, memory pricing, etc.), new product introductions, and the influence of integrated graphics. Overall, the trend for discrete GPUs has increased with a CAGR from 2014 to 2017 now of 3%.”
At the moment, an estimated 99% of all Intel chips ship with integrated graphics, compared to 66% of AMD non-server processors.
It looks like we might never see 20nm GPUs from either Nvidia or AMD. From what we know, both companies spent a lot of time looking into the new 20nm manufacturing process and they have decided that it is simply not viable for GPUs.
Yields are not where they are supposed to be and from a business perspective it doesn’t make sense to design and produce chips that would end up with very low yields. At this point we do not expect to see any high-end chips in 20nm, as there are obvious manufacturing obstacles and both companies might even skip the 20nm process altogether and move directly to 16nm FinFET.
16nm FinFET GPUs coming in 2016
We expect 16nm FinFET based GPUs sometime 2016 and this manufacturing process will bring some rather innovative products worthy of an upgrade.
One might ask why Apple doesn’t appear to have problems with its 20nm A8 and A8X chips and we might have a partial answer for you. The Apple A8 chip has to stay under 2.5W TDP, the A8X used in the iPad Air 2 A8X has a maximum TDP of 4.5W.
GPUs such as Maxwell- and Hawaii-based parts used in the Geforce GTX 980 and Radeon R9 290X have TDPs in the 150-250W range and the size of the modern GPU is an order of magnitude bigger than the size of an iPhone SoC.
Die size conundrum
The Apple A8 has a die size of 89mm2 and while we can only assume that the more powerful A8X measures over 100 mm2. Nvidia’s 28nm Maxwell GM204 die measures 398 mm2, which is about four and a half times bigger in terms of sheer die size.
To put things in perspective, in a single 20nm 300mm wafer you can place more than 700 A8 dies, while Nvidia can get about 140 Maxwell 204 chips from a 28nm High K 300 mm wafer and in 20nm manufacturing it would be able to get more, as the individual die would be significantly smaller.
However, these 150-250W chips are completely different than low-power SoCs with TDPs of less than 5W. They are worlds apart and one can assume that with the high performance and clock of discrete GPUs, coupled with their sheer size, result in higher leakage and other issues. Making a chip 4.5 times bigger means that there is much more room for potential issues, leakage and yield problems.
Don’t despair, 28nm still has some life in it
Not all is lost. We all saw that Nvidia pulled off a small miracle with the 28nm Maxwell GM204 chip, as this 5.2 billion transistor chip has a TDP of just 165W.
Its predecessor, the Geforce GTX 780 based on the GK110 chip, ended up with a 250W TDP with 7.08 billion transistors and a massive 561mm2 die size. Maxwell is also faster than Kepler, at least in this iteration, yet they are both 28nm products.
We expect that AMD’s upcoming Fiji GPU to be substantially more efficient than the Hawaii XT chip used in last year’s Radeon R9 290X. However, the new part is coming in 2015.
TSMC’s next generation 16nm process has reached an important milestone – 16nm FinFET Plus (16FF+) is now in risk production.
Needless to say, 16FF+ comes a few quarters after the 16nm rollout, expected in Q1 2015. TSMC hopes to start churning out 50,000 16FF wafers in Q2 2015. As for the Plus process, it is still more than a year away in terms of availability and it will be followed by 10nm, which is expected to materialise in late 2016.
TSMC says the improved 16FF+ process can deliver a 40% performance boost compared to its planar 20nm SoC process (20SoC), with a 50% reduction in power consumption.
“Our successful ramp-up in 20SoC has blazed a trail for 16FF and 16FF+, allowing us to rapidly offer a highly competitive technology to achieve maximum value for customers’ products,” said Mark Liu, president and Co-CEO for TSMC.
“We believe this new process can provide our customers the right balance between performance and cost so they can best meet their design requirements and time-to-market goals.”
The first 16FF+ chips are expected to tape out in late 2015 and TSMC expects the volume ramp will start in mid-2015.