A McAfee security product that will use biometric technology to authenticate users will be available for download by the end of the year, said Kirk Skaugen, senior vice president and general manager of the PC Client Group at Intel, last week.
“Your biometrics basically eliminate the need for you to enter passwords for Windows log in and eventually all your websites ever again,” Skaugen said.
Further product details were not immediately available. But one of the major inconveniences in using PCs and tablets is remembering passwords, which biometrics can tame.
An average user has about 18 passwords and biometric authentication will make PCs easier to use, Skaugen said.
Biometric authentication isn’t new. It’s being used in Apple Pay, where fingerprint authentication helps authorize credit card payments through the iPhone or iPad. Intel has been working on multiple forms of biometric authentication through fingerprint, gesture, face and voice recognition.
McAfee is owned by Intel, and the chip maker is building smartphone, tablet and PC technology that takes advantage of the security software. Intel has also worked on biometric technology for wearable devices like SMS Audio’s BioSport In-Ear Headphones, which can measure a person’s heart rate.
Intel also wants to make PCs and tablets easier to use through wireless charging, display, docking and data transfers. Such capabilities would eliminate the need to carry power brick and cables for displays and data transfers. Such capabilities will start appearing in laptops next year with sixth-generation Core chips code-named Skylake, which will be released in the second half.
Software Defined Storage (SDS) is the latest buzzphrase in the sector, and in recognition of this Linux distributor SUSE has announced a pre-release programmer for SUSE Storage.
SUSE Storage is the open-source vendor’s first entry into the SDS market, and the firm describes it as “a self-healing, self-managing, distributed, software-based storage solution”.
The INQUIRER caught up with Gerald Pfeifer, senior director of product management and operations at SUSE, who said that it could quickly become the the firm’s number two in its product line.
“If we play this right, it can become the second biggest product line after our server product line. That’s the ambition, now we need to play that out. It fits nicely with our whole portfolio,” he said.
SDS works by automating control of storage systems using intelligent automated algorithms to create the maximum efficiency with the smallest amount of space.
The result is a reliable storage array that doesn’t involve manually cleaning up and optimising. SUSE storage is fully open source, as it’s based on the Firefly version of Ceph, already in use in many Red Hat Enterprise Linux systems.
“Storage is something we’ve been doing for many years as part of the operating system,” continued Pfeifer.
“The first time we talked about [SDS] was about four years ago at which point the technology was not mature enough, but now we can see that there really is going to be a big disruption in the storage market.”
Pfeifer bases this prediction on conversations with customers who, he says, have been asking for software defined arrays since the early days of the cloud, in some cases before the concept was properly cemented.
“We’ve had customers that have said: ‘I want to buy this. If you make it, I will buy it.’ Customers asking you to release a product is a luxury position and not one I’ve been in too often!”
A Gartner study shows that open source storage is likely to have a 20 percent market share by 2018, and with SUSE rivals such as Red Hat already launching their own products, the time is right for SUSE to join the fray.
The pre-release program launches next week, but there are a limited number of spaces available for anyone interested in a part of it. SUSE Storage will be given a full release during Q1 2015.
This announcement comes just weeks after SUSE released Linux Enterprise 12, its latest iteration of Linux for deploying and managing high availability enterprise class IT services in data centre and cloud environments.
An advanced malicious software application has been discovered that since 2008 was used to spy on private companies, governments, research institutes and individuals in 10 countries, anti virus software maker Symantec Corp said in a report on Sunday.
The Mountain View, California-based maker of Norton anti virus products said its research showed that a “nation state” was likely the developer of the malware called Regin, or Backdoor. Regin, but Symantec did not identify any countries or victims.
Symantec said Regin’s design “makes it highly suited for persistent, long-term surveillance operations against targets,” and was withdrawn in 2011 but resurfaced from 2013 onward.
The malware uses several “stealth” features “and even when its presence is detected, it is very difficult to ascertain what it is doing,” according to Symantec. It said “many components of Regin remain undiscovered and additional functionality and versions may exist.”
Almost half of all infections occurred at addresses of Internet service providers, the report said. It said the targets were customers of the companies rather than the companies themselves. About 28 percent of targets were in telecoms while other victims were in the energy, airline, hospitality and research sectors, Symantec said.
Symantec described the malware as having five stages, each “hidden and encrypted, with the exception of the first stage.” It said “each individual stage provides little information on the complete package. Only by acquiring all five stages is it possible to analyze and understand the threat.”
Regin also uses what is called a modular approach that allows it to load custom features tailored to targets, the same method applied in other malware, such as Flamer and Weevil (The Mask), the anti virus company said. Some of its features were also similar to Duqu malware, uncovered in September 2011 and related to a computer worm called Stuxnet, discovered the previous year.
Symantec said Russia and Saudi Arabia accounted for about half of the confirmed infections of the Regin malware and the other countries were Mexico, Ireland, India, Iran,Afghanistan, Belgium, Austria and Pakistan.
One of the better-known sites, Insecam, appeared to have gone offline after the warnings, but at least one site that publishes similar content was still available.
The websites show footage from security cameras used by businesses and in people’s homes, including CCTV networks that secure buildings and even cameras built into baby monitors.
Last week the U.K.’s data protection watchdog warned of a website based in Russia that accesses thousands of webcams using their default logins and passwords, which it said can be easily found online.
The U.S. Federal Trade Commission also weighed in, warning users to ensure video feeds are encrypted and that wireless routers are protected by passwords.
“Once you’ve bought your IP camera, check its security settings and keep its software up-to-date,” wrote Nicole Vincent Fleming, a consumer education specialist with the FTC in a blog post.
Security experts have long warned that not changing the default credentials on such devices can allow them to be accessed by hackers.
The domain name Insecam.cc was registered through GoDaddy earlier this month, though whoever registered it chose to keep their registration details private in the “whois” domain directory.
The U.K. information commissioner has reportedly urged the Russian authorities to take down the site.
The end-to-end encryption comes thanks to a collaboration between WhatsApp and Open Whisper Systems, an open-source development company focused on secure communications.
Facebook-owned WhatsApp has more than 600 million users who log in monthly, making Open Whisper’s encryption deployment the largest ever in the area of end-to-end encrypted communication, Open Whisper said.
The encryption is on by default. It’s only available for Android right now, though the companies are working to roll out support for other platforms.
End-to-end encryption has gained attention following the disclosures about government surveillance last year by former NSA contractor Edward Snowden. Meanwhile, the flood of cyber attacks targeting retailers and Internet companies alike have highlighted the need for better data security.
Edward Snowden himself has called end-to-end encryption the best possible form of encryption, because it keeps people’s data encrypted even while it’s on company servers. The data, in theory, can only be decrypted on people’s personal devices. That means outside groups must target individuals’ machines if they want to access the data.
Some other mainstream services like Google have released products to facilitate end-to-end encryption. And along with Apple, Google’s also working to make encryption the default on smartphones.
But end-to-end encryption still is primarily offered by lesser known companies that don’t rely on people’s data for advertising.
WhatsApp’s end-to-end encryption uses Whisper’s TextSecure protocol, which encrypts text messages over the air and on people’s phones.
WhatsApp declined to comment further on the encryption deployment.
“We felt we could leverage analytics to build an experience that understands your priorities,” said Jeff Schick, general manager of IBM social solutions, of the app that launched as a private beta on Tuesday. “We had the opportunity to reduce clutter and create priority, and to help people be more efficient in how they master their inbox.”
The company plans to offer Verse in the first quarter of 2015 as a hosted service though the IBM Cloud Marketplace. IBM will also issue apps for both iOS and Android that can access all the same features as the desktop browser version.
“They are addressing known problems, inbox clutter, prioritization and the ability to access different modes of communication, from an integrated user experience,” Rob Koplowitz, research analyst at Forrester who covers collaboration software, wrote in an e-mail.
IBM first announced the new e-mail software in January, under the working name of Mail Next.
Like IBM’s Notes e-mail client, Verse relies on the IBM Domino e-mail server. Unlike Notes, which was built on a client-server architecture, Verse is entirely Web-based. Going forward, IBM will encourage customers to use Verse as an enterprise email client, except for those organizations that have built their own applications on Notes’ Eclipse-based development platform, Schick said.
The company did not reveal pricing of Verse, other than state it will offer a no-cost “freemium” version that would be available for individual users. A version of the software that can be run on-premise will be released later in 2015.
The service, dubbed Snapcash, allows Snapchat users to link their debit cards to their account and quickly send money to a contact by starting a chat on a smartphone, typing in a dollar sign and an amount and hitting a green button, Snapchat explained in a post on its official blog.
The move marks the latest sign of expansion plans for Los Angeles-based Snapchat, which lets users exchange photos that automatically disappear after a few seconds. The company has been valued at $10 billion in its most recent fundraising effort, according to media reports, and is considered a growing threat to Web companies including Facebook Inc and Twitter Inc.
“We set out to make payments faster and more fun, but we also know that security is essential when you’re dealing with money,” Snapchat said in the post.
The company said that debit card information will be stored by Square and that Square will process the payments, transferring money between bank accounts. Snapchat said that Snapcash is available in the United States for users aged 18 and above.
Encryption should be a matter of priority and used by default. That’s the message from the Internet Architecture Board (IAB), the worldwide body in charge of the internet’s technology infrastructure.
The IAB warned in a statement that “the capabilities and activities of attackers are greater and more pervasive than previously known”.
It goes on to say: “The IAB urges protocol designers to design for confidential operation by default. We strongly encourage developers to include encryption in their implementations, and to make them encrypted by default.
“We similarly encourage network and service operators to deploy encryption where it is not yet deployed, and we urge firewall policy administrators to permit encrypted traffic.”
The purpose, the IAB claims, is to instill public trust in the internet after the myriad high-profile cases in which computer traffic has been intercepted, ranging from bank details to email addresses and all points in between.
The news will be unwelcome to the security services, which have repeatedly objected to initiatives such as the default encryption in iOS8 and Android L, claiming that it is in the interest of the population to retain the right to intercept data for the prevention of terrorism.
However, leaked information, mostly from files appropriated by rogue NSA contractor Edward Snowden, suggests that the right of information interception is abused by security services including the UK’s GCHQ.
These allegations include the collection of irrelevant data, the investigation of cold cases not in the public interest, and the passing of pictures of nude ladies to colleagues.
The world’s No.1 Internet social network with 1.35 billion monthly users has been quietly testing a version of its website aimed at workplace collaboration. The service, dubbed Facebook at Work, allows users to exchange messages and share documents using Facebook’s scrolling news feed and other familiar features from the consumer version of Facebook.
The professional version of Facebook, which could compete with services such as LinkedIn Corp, as well as Salesforce.com Inc and Microsoft Corp, would allow users to maintain special profiles that are distinct from their existing Facebook profiles, the person said. Work activities would not be shared on a user’s personal profile, and the baby photos, videos and general banter popular in the consumer version of Facebook would not encroach into the professional version.
A Facebook team in London is leading the effort and a small number of companies are currently running a pilot version of the service, the person said.
It is still unclear how Facebook plans to make money from the professional service. Facebook is not currently charging a subscription fee for the version being tested, according to a report in the Financial Times, which first reported news of the service. Facebook currently generates the bulk of its revenue from ads that appear on its existing service.
Soon to be released bracelets with technology from Intel Corp and design cues from fashion brand Opening Ceremony will connect the wearer with Facebook, Google and Yelp via an AT&Tdata plan,no smartphone necessary.
Called My Intelligent Communication Accessory, or MICA, the snakeskin bracelets are aimed at fashion-conscious women and are an attempt by the two companies to stand out in a growing field of often-clunky smartwatches and fitness brands that have yet to catch on widely with consumers.
“We really approached this first and foremost about why would a woman want to wear this everyday, and how can it be incorporated into her wardrobe,” Humberto Leon, creative director at Opening Ceremony, said in a phone interview last week.
As well as lapis stones, obsidian and an 18k gold coating, the devices include a sapphire curved screen on the inside of the wrist that displays text messages, calendar items and events from Google and Facebook, and recommendations of nearby restaurants and stores from Yelp.
After Intel was late to smartphones and tablets in recent years, Chief Executive Brian Krzanich has been determined to make sure the top chipmaker is at the forefront of future trends in mobile computing.
Krzanich gave the green light for the chipmaker to develop the bracelet with Opening Ceremony after his wife wore a prototype for several days and liked it, he recently said.
Incoming alerts discreetly vibrate the bracelet instead of making a noise. Its $495 price tag includes a two-year data plan with AT&T, which means it does not rely on a smartphone for connectivity, as do most smartwatches, the companies said in a press release.
As well as working with Opening Ceremony, Intel in March bought fitness bracelet maker Basis Science and it has teamed up with watch retailer Fossil Group to develop other wearable computing devices.
The social network has launched Privacy Basics, a page set up to offer users advice and how-to tips to make sure they have the level of privacy they want for their Facebook profiles.
Facebook also is giving users an early look at changes the company plans on making to its terms of service, data policy and cookies policy. Users have a week to make comments or suggestions about what’s coming.
“Over the past year, we’ve introduced new features and controls to help you get more out of Facebook, and listened to people who have asked us to better explain how we get and use information,” wrote Erin Egan, Facebook’s chief privacy officer. “Protecting people’s information and providing meaningful privacy controls are at the core of everything we do, and we believe today’s announcement is an important step.”
Facebook has had its share of privacy controversies. It has repeatedly been criticized for its privacy policies and even for the difficulty in using privacy controls.
“This may showcase that Facebook is finally beginning to understand perceptions are important,” said Rob Enderle, an analyst with the Enderle Group. “This really isn’t a change in policy but a change in how they communicate what they are doing. This kind of thing can improve trust and, if they keep it up, it should improve customer retention and satisfaction.”
Facebook, he added, may be losing some of the “arrogance” it had previously shown users.
Zeus Kerravala, an analyst with ZK Research, said Facebook’s move could encourage a lot of users to increase the privacy around their posts and photos.
The new Privacy Basics page offers interactive guides to what Facebook says are the most commonly asked questions about how users can control their information.
Researchers at the University of Utah have developed self-healing software that detects, expunges and protects against malware in virtual machines.
Called Advanced Adaptive Applications (A3), the software suite was created in collaboration with US defence contractor Raytheon BBN over a period of four years.
It was funded by DARPA through its Clean-Slate Design of Resilient, Adaptive, Secure Hosts programme, and was completed in September, Science Daily reported on Thursday.
A3 features “stackable debuggers”, a number of debugging applications that cooperate to monitor virtual machines for indications of unusual behaviour.
Instead of checking computer object code against a catalogue of known viruses and other malware, the A3 software suite can detect the operation of malicious code heuristically, based on the types of function it attempts.
Once the A3 software detects malicious code, it can apparently suspend the offending process or thread – stopping it in its tracks – repair the damage and remove it from the virtual machine environment, and learn to recognise that piece of malware to prevent it entering the system again.
The self-healing software was developed for military applications to support cyber security for mission-critical systems, but it could also be useful in commercial web hosting and cloud computing operations.
If malware gets into such systems, A3 software could detect and repair the attack within minutes.
The university and Raytheon demonstrated the A3 software suite to DARPA in September by testing it against the notorious Shellshock exploit known as the Bash Bug.
A3 detected and repaired the Shellshock attack on a web server within four minutes. The project team also tested A3 successfully on another six examples of malware.
Eric Eide, the research associate professor of computer science who led the A3 project team along with computer science associate professor John Regehr, said: “It’s pretty cool when you can pick the Bug of the Week and it works.”
The A3 self-healing software suite is open source, so it’s free for anyone to use, and the university researchers would like to extend its applicability to cloud computing environments and, perhaps eventually, end-user computing.
Professor Eide said: “A3 technologies could find their way into consumer products someday, which would help consumer devices protect themselves against fast-spreading malware or internal corruption of software components. But we haven’t tried those experiments yet.”
Emergency responders will be able to better locate callers who dial 911 on their cellphones from indoors as the U.S. wireless industry improves caller-location for the majority of such calls in the next few years.
Historically, satellite and other technologies have helped emergency responders find people who called from outdoors, while landlines commonly automatically provided dispatchers with an address. Cellphone calls from indoors, however, have been tougher to locate because walls weaken signals.
Verizon Communications Inc, AT&T Inc, Sprint Corp and T-Mobile US have reached a deal with public-safety groups to get specific location data to 911 dispatchers for 40 percent of wireless 911 calls within two years and 80 percent within six years.
The wireless association CTIA announced the agreement with the Association of Public-Safety Communications Officials and the National Emergency Number Association on Friday.
The deal marks a milestone in the long-running effort to help first-responders get to emergencies quickly as people increasingly rely on cellphones for 911 calls and to improve their ability to locate emergencies in places such as schools, shopping malls and hotels.
The Federal Communications Commission has long required data from wireless 911 calls to include location information based on outdoor technologies. But technology has been insufficient to direct responders to specific floors, rooms or particular areas of a building.
The FCC earlier this year challenged the wireless industry to help responders locate emergencies indoors, within 50 meters horizontally and 3 meters vertically, estimating it could save more than 10,000 lives every year.
The “heightened location accuracy,” available to supporting networks and handsets, will find callers through nearby devices connected to Wi-Fi or Bluetooth that will be logged with a specific location in a special emergency-services database.
Over time, the wireless carriers plan to ensure each handset can turn on Bluetooth or Wi-Fi connectivity in emergency-call instances, if it is disabled.
The FCC had proposed the rollout timeframe of two years for 67 percent of cellphone calls and five years for 80 percent, though the companies and public safety groups reached a slightly different consensus.
The action was taken in reference to events dating back to 2007, which saw employees of SAP’s TomorrowNow unit accused of illegally downloading Oracle software.
German company TomorrowNow was bought by SAP as a means to undercut Oracle’s internal tech support rates, with the ambition of getting customers to migrate to SAP solutions, reports Reuters.
In 2006, TomorrowNow started the process of undermining its parent’s position, offering cut-price support to users of the Siebel database and CRM.
Oracle was originally awarded $1.3bn back in 2010, but this was adjusted downwards on multiple appeals.
SAP acknowledged that its employees had been in the wrong, but disputed the damages awarded. SAP offered a $306m payment in 2012, but did so more in hope than expectation given its admissions.
Earlier in the year, a federal judge gave Oracle the option to settle for $356.7m or force a retrial, and the company has now decided on the former with a further $2.5m in interest.
“We are thrilled about this landmark recovery and extremely gratified that our efforts to protect innovation and our shareholders’ interests are duly rewarded,” said Oracle’s general counsel Dorian Daley.
“This sends a strong message to those who would prefer to cheat than compete fairly and legally.”
SAP agreed: “We are also pleased that, overall, the courts hearing this case ultimately accepted SAP’s arguments to limit Oracle’s excessive damages claims and that Oracle has finally chosen to end this matter.”
SAP announced a partnership with IBM last month to bring its HANA service to enterprise cloud users.
Sophos is betting that understaffed IT departments will want to use the cloud to deal with cyber attacks. Kris Hagerman, CEO of the computer security company, said SMBs often have small IT departments and may have no one dedicated to full-time security.
Sophos thinks the answer will be a cloud-based management console to work across its entire security portfolio, Hagerman said. The company’s UTM firewall product handles email security, endpoint and network protection, wireless, web filtering and web server defence.
The company has linked its UTM system to its endpoint protection product so the two can share data, which results in better overall security and easier management, Hagerman said. The system has been given the thumbs up from analyst outfit Gartner which said that its “ease of use consistently rates high. The interface contains general guidance on what each feature does, which is useful for SMB operators, who are not all security experts.”
Hagerman said Sophos’ end user and network businesses—it’s two main lines—are growing twice the rate of the market. There isn’t a magic formula to that growth, he said.