The U.S. National Security Agency will no longer have access to the bulk telephone records data it has collected at the end of November, the Office of the Director of National Intelligence announced .
Congress voted in June to rein in the NSA’s mass collection of U.S. phone metadata, which includes information such as the timing and location of calls. The Foreign Intelligence Surveillance Court, also known as the FISA court, then gave the NSA 180 days to wind down the program.
The Director of National Intelligence had been evaluating whether the NSA should maintain access to the historical data it collected after that 180 days is up. It’s now determined that access to that data will cease on Nov. 29.
After that date, the NSA must receive approval from the FISA court to request the data from phone companies on a case-by-case basis.
NSA personnel will have continued access to the historical data for an additional three months, “solely for data integrity purposes” to verify records produced under that new, case-by-case system.
The NSA will also need to preserve the metadata until civil lawsuits over the program have been resolved, or until “the relevant courts relieve NSA of such obligations,” the Office of the Director of National Intelligence said Monday.
The metadata “will not be used for any other purpose,” and will be destroyed when the litigation is over, the office said.
Internet.org turns one year old this week, and Facebook says it’s ready to scale the project to reach more people.
The company is making it easier for more mobile operators to join the project by launching an online portal where they’ll find technical tools and best practices to help them get started.
So far, Facebook has been working with about a dozen operators in 17 countries to provide an app that gives people free access to a set of basic Internet services.
According to Facebook, people who use the app quickly become paying subscribers — something that will no doubt appeal to the mobile operators it’s trying to partner with.
“Internet.org brings new users onto mobile networks on average over 50 percent faster after launching free basic services, and more than half of the people who come online through Internet.org are paying for data and accessing the Internet within the first 30 days,” Facebook said.
The Internet.org mobile app is perhaps the most tangible element in Facebook’s efforts to expand Internet access — and its own services — to more people throughout the world. It’s also using satellites, drones and lasers that can beam Internet signals through space to bring people online.
While the number of people with Internet access continues to grow, 4.2 billion of the world’s roughly 7.4 billion people will still be offline by the end of the year, according to data from the International Telecommunication Union.
The Internet.org app typically includes a stripped-down version of Facebook and access to other free services like weather reports, health information and services for finding jobs.
CEO Mark Zuckerberg has said Facebook could become the Internet on-ramp for the world.
Researchers from the University of Salerno and the Sapienza University of Rome in Italy have used three different techniques to obfuscate exploits like the ones usually used in drive-by download attacks.
Functionality provided by HTML5 can be efficient for malware obfuscation, the Italians have proved.
Modern security software can detect a big chunk of threats, but if they use some HTML5 features to hide the exploits served in drive-by download attacks, they could evade static and dynamic detection systems.
Experts say some of these APIs can be used to deliver and assemble the exploit in the web browser without being detected.
One method dubbed “delegated preparation” involves delegating the preparation of the malware to system APIs.
Another called “distributed preparation,” shares the code over concurrent and independent processes running within the browser.
A third involves triggering the code preparation based on the user’s actions on the malicious webpage or website.
VirusTotal detection rates for these sorts of obscured attacks remains low.
The paper published by researchers, with the catchy title of “Using HTML5 to Prevent Detection of Drive-by-Download Web Malware,” contains recommendations about some of the steps that can be taken to counter these obfuscation techniques.
The technology involves smartphones broadcasting data over a short-range radio channel to nearby cars, so the cars can determine if a collision is likely. Unlike today’s radar-based systems, this has the ability to warn around blind corners and can alert both the driver and pedestrian.
It’s being developed by engineers at Honda and was demonstrated last week at the company’s new research and development center in Mountain View, Calif., the heart of Silicon Valley.
In the demonstration that took place in a parking lot, a car was slowly cruising a row looking for a space. Ahead, and unseen to the driver, a pedestrian was walking between a car and SUV while listening to music, and was about to step into the path of the oncoming vehicle.
Seconds before the pedestrian could emerge and the two come close to collision, an alert sounded in the car: “Distracted pedestrian” and a warning appeared on the car’s LCD screen to brake. The pedestrian too got a similar alert, telling him to watch out. If the driver hadn’t hit the brakes, the car would have automatically come to a halt.
Honda has been working on the technology for three years and the first iteration is expected to be submitted for standardization around the end of this year, said Sue Bai, a principal engineer at Honda R&D, who has been developing it.
he communication takes place over a channel in the 5.9GHz band that is dedicated for intelligent transportation systems. That’s a frequency not used in current smartphones, but close enough that Qualcomm engineers were able to come up with a firmware modification so that it works on an off-the-shelf handset. No custom hardware is required in the phone.
The SE370 monitor will come in 23.6-inch and 27-inch formats and is the industry’s first to have an integrated wireless charging station, the South Korean manufacturer said Monday.
But your phone will have to support the Qi wireless charging standard, which was developed by the Wireless Power Consortium (WPC) and is supported by makers such as Samsung, Sony, LG, HTC and Huawei.
The charging area is on the stand for the monitor, and an LED lights up when it’s in use. The monitor has a 1920 x 1080 resolution and is optimized for video games, with richer black hues when it’s in game mode. The screen will not distort graphics with stutter and lag and has a response time of 4 milliseconds, Samsung said.
Compatible with Mac OS X and Windows 10, the SE370 also has an eye-saver mode that reduces blue light, which is believed to cause eye strain and sleep problems.
Samsung did not provide information about pricing or availability for the SE370 monitor and did not immediately respond to a request for more information.
The company’s Galaxy S6 and GS6 edge flagship smartphones support the Qi and rival Power Matters Alliance (PMA) standards for wireless charging. Earlier this year, Samsung released its own branded charging pad to juice them up.
The latest Qi specification, announced last month, will allow manufacturers to provide much faster wireless power charging options than earlier versions.
The platform has also caught on with makers such as Ikea, which launched a collection of furniture in April with built-in Qi-enabled wireless chargers.
Qi had been competing with PMA and the Alliance for Wireless Power (A4WP). Following a decision earlier this year, however, the two organizations announced their merger in June, with a new name yet to be decided.
IBM has added another stick to its pile, picking up a company called Compose to increase its standing in the cloud database-as-a-service (DBaaS) market.
The firm has come straight out with the news and explained how it expects to benefit.
Compose, it said, offers a bountiful on-demand business and will let IBM roll out DBaaS offerings to a presumably hungry market. IBM has a big focus on the cloud and likes to see action around its Bluemix platform.
IBM said that Compose is a player in the MongoDB, Redis, Elasticsearch and PostgreSQL DBaaS game, and that this honour will extend itself to the new parent and its punters.
“Compose’s breadth of database offerings will expand IBM’s Bluemix platform for the many app developers seeking production-ready databases built on open source,” said Derek Schoettle, general manager of IBM cloud data services.
“Compose furthers IBM’s commitment to ensuring developers have access to the right tools for the job by offering the broadest set of DBaaS and the flexibility of hybrid cloud deployment.”
IBM acquires @composeio as complement to Cloudant CouchDB, cloud data warehouse, dashDB, and more #bluemix services. https://t.co/2j4ASqisGi
— IBM Bluemix™ (@IBMBluemix) July 23, 2015
There is money behind this, and IBM said that the DBaaS market is likely to be worth almost $20bn by 2020 thanks to thousands of companies and their multitudes of demands for easy to grasp databases. This is not the first cloudy move the firm had made.
Compose, naturally, is keen on the arrangement and expects that its union with the veteran firm will increase the scale of its services, and allow customers more freedom to innovate.
“By joining IBM, we will have an opportunity to accelerate the development of our database platform and offer even more services and support to developer teams,” said Kurt Mackey, co-founder and CEO at the firm.
“As developers, we know how hard it can be to manage databases at scale, which is exactly why we built Compose – to take that burden off our customers and allow them to get back to the engineering they love.”
No financial terms were revealed.
The flaws could potentially be exploited to execute malicious code on computers when users visit compromised websites or open specially crafted documents. They were reported through Hewlett-Packard’s Zero Day Initiative (ZDI) program.
HP’s TippingPoint division, which sells network security products, pays researchers for information on unpatched high-risk vulnerabilities in popular software. The company uses the information to create detection signatures, giving it a competitive advantage, but also reports the flaws to the affected vendors so they can be fixed.
The ZDI team gives vendors 120 days to develop fixes before making limited information about the flaws reported to the public. That deadline was apparently reached for the four Internet Explorer vulnerabilities this week.
The ZDI advisories describe the type, impact and general location of the flaws, but intentionally leave out technical details that could help attackers create exploits for them. In other words, they don’t classify as full disclosure.
Three of the new ZDI advisories don’t have sufficient information for other researchers or hackers to easily rediscover the issues, said Carsten Eiram, the chief research officer at vulnerability intelligence firm Risk Based Security, via email. The fourth one, however, is a bit more detailed, he said.
That advisory, tracked as ZDI-15-359, covers a vulnerability that was used by security researcher Nicolas Joly during the Mobile Pwn2Own hacking contest organized by ZDI in November last year. As part of the contest rules, researchers disclose the vulnerabilities they use with ZDI, which then shares them with the affected vendors.
Microsoft said in an emailed statement that it would take “appropriate steps” to protect its customers, but noted that no attacks had been reported so far.
Database outfit Oracle’s moves to try and copyright APIs appear to be part of an attempt for Oracle to make money on Android.
Oracle has asked a U.S. judge for permission to update its copyright lawsuit against Google to include the Android which it claims contains its Java APIs.
Oracle sued Google five years ago and is seeking roughly $1 billion in copyright claims if it manages to convince a court that its APIs are in Android it could up the damages by several billions.
Oracle wrote in a letter to Judge William Alsup on Wednesday that the record of the first trial does not reflect any of these developments in the market, including Google’s dramatically enhanced market position in search engine advertising and the overall financial results from its continuing and expanded infringement.
Last month, the US Supreme Court upheld an appeals court’s ruling that allows Oracle to seek licensing fees for the use of some of the Java language. Google had said it should use Java APIs without paying a fee.
Microsoft is very close to releasing Advanced Threat Analytics (ATA) the security sure-up that it first announced three months ago.
ATA, or MATA as we called it for our own small amusement, is the result of three months’ real world testing, and the culmination of enough user feedback to inform a final release.
That final release will happen in August, which should give you plenty of time to get your head around it.
Hmmm. Microsoft’s Advanced Threat Analytics seems like a very good idea focused on the enterprise.
— Kevin Jones (@vcsjones) May 4, 2015
Idan Plotnik, who leads the ATA team at Microsoft, explained in an Active Directory Team Blog post that the firm is working towards removing blind spots from security analytics, and that this release should provide a strong and hardy tool for the whacking away of hacking.
“Many security monitoring and management solutions fail to show you the real picture and provide false alarms. We’ve taken a different approach with Microsoft ATA,” he said.
“Our secret sauce is our combination of network Deep Packet Inspection, information about the entities from Active Directory, and analysis of specific events.
“With this unique approach, we give you the ability to detect advanced attacks and stolen credentials, and view all suspicious activities on an easy to consume, simple to explore, social media feed like attack timeline.”
The Microsoft approach is an on-premise device that detects and analyses threats as they happen and on a retrospective basis. Plotnik said that it combines machine learning and knowledge about existing techniques and tactics to proactively protect systems.
“ATA detects many kinds of abnormal user behaviour many of which are strong indicators of attacks. We do this by using behavioural analytics powered by advanced machine learning to uncover questionable activities and abnormal behaviour,” he added.
“This gives the ability for ATA to show you attack indicators like anomalous log-ins, abnormal working hours, password sharing, lateral movement and unknown threats.”
A number of features will be added to the preview release, including performance improvements and the ability to deal with more traffic, before general availability next month.
The case involves the chairman of the Airport Board in Kenton, Kentucky, which oversees the Cincinnati/Northern Kentucky International Airport. The chairman, James Huff, was on a business trip in Italy with his wife and a colleague when he accidentally pocket-dialed the secretary of the airport’s CEO back in the U.S.
The secretary, Carol Spaw, said “hello” a few times and soon figured out the call wasn’t meant for her. But she overheard Huff and his colleague talking about personnel matters, including the possibility that the airport’s CEO — Spaw’s boss — might be replaced. The inadvertent call continued after Huff got back to his hotel room with his wife.
The call lasted 91 minutes and Spaw stayed on the line the entire time, court records show. Spaw claims that she thought Huff was discussing a plan to illegally discriminate against the CEO, a woman. She says she felt obliged to record the call and report it.
Spaw took handwritten notes for most of the call, but managed to record the last four minutes after a colleague brought her an iPhone. By that time, Huff was back in his hotel room, where he discussed personal matters with his wife Bertha but also shared some details of the personnel discussion from earlier.
Huff and his wife sued Spaw, alleging she had breached their privacy by violating a law often called the Wiretap Act, which prohibits interception of “wire, oral or electronic communications.”
However, the catch is that the law applies only where people can show they had a reasonable expectation of privacy. And that’s not case with pocket-dialed calls, the appeals court ruled, upholding in part a lower court’s decision.
Citing case law, the Sixth Circuit Court of Appeals said people must “exhibit” that they have an expectation of privacy, by taking reasonable steps to ensure their conversation won’t be overheard.
Microsoft has begun to open source some more of its code, this time for the Microsoft Research Software Radio (Sora).
“We believe that a fully open source Sora will better support the research community for more scientific innovation,” said Kun Tan, a senior researcher on the Sora project team.
Sora was created to combat the problem of creating software radio that could keep up with the hardware developments going on around it.
The idea behind it is to run the radio off software on a multi-core PC running a basic operating system. In the example, it uses Windows. But then it would.
A PCIe radio control board is added to the machine with signals processed by the software for transmission and reception, while the RF front-end, with its own memory, interfaces with other devices.
The architecture also supports parallel processing by distributing processing pipelines to multiple cores exclusively for real-time SDR tasks.
Sora has already won a number of awards, and the Sora SDK and API were released in 2011 for academic users. More than 50 institutions now use it for research or courses.
As such, and in line with the groovy open Microsoft ethos, the software has now been completely open sourced, with customizable RF front-ends, customizable RCB with timing control and synchronization, processing accelerators and support for new communication models such as duplex radios.
The Sora source code is now up on GitHub. Use cases already in place include TV whitespace, large scale MIMO and distributed MIMO systems.
Microsoft has made a number of moves towards open sourcing itself over the past year. Most notably, The .NET Framework at the heart of most Windows programs was offered up to the newly created .NET Foundation.
It was announced yesterday that Google is releasing its Kubernetes code to the Linux Foundation to set up a standardized format for containerization.
HP has released a study suggesting that anyone who uses a smartwatch is offering their wrist to vagabonds, criminals and privacy probers.
Blam! HP ain’t messing. “You got a smartwatch?” it says. “Then damn, son, you are in trouble!”*
A report apparently straight outta HP finds that the smartwatch lets us all down by not doing encryption right, not considering privacy and using second rate authentication.
In the current threat market, this would be a pretty much a full house of problems and pretty bad form on the part of providers like Apple.
Security firm Bitdefender has wrapped itself around the study, and describes the threat as “extreme” in its reporting of the HP smartwatch horror story.
The INQUIRER has not been able to find the report, but it has found mention of it. We shall turn to what we can while our inquiries hang in PR purgatory.
ESET has its own report on the study and offers advice on securing wearable technology, including smartwatches, on its website.
The security firm quotes from the report, saying that HP security personnel are fretting about increased adoption and the rising tide of threats.
“Smartwatches have only started to become a part of our lives, but they deliver a new level of functionality and we will increasingly use them for sensitive tasks,” Jyoti Prakash, country director for India and south Asia at HP Enterprise Security Products, is quoted as saying.
“As this activity accelerates, the watch platform will become vastly more attractive to those who would abuse that access, and it’s critical that we take precautions when transmitting personal sensitive data or bringing smartwatches into the workplace.”
The best practice if a zombie has bitten your arm and infected you with a virus, for example, would be to chop it off. Your arm, that is.
Here, we suggest that perhaps you consider what you share, where you share it and what you share it on as your best response.
Herbalife Ltd has filed a petition requesting information from micro-blogging company Twitter Inc to identify an anonymous user who posted defamatory tweets against the weight-loss and nutritional products maker.
The petition for “discovery before suit” seeks to identify the person against whom a lawsuit can be filed.
Herbalife said it wants Twitter to provide information such as IP addresses and account details of the user who vilified the company and its management as “thieves, pill pushing frauds and bullies”.
“The twitter feed of @AfueraHerbaLIES contains not only defamatory, disparaging, and deceptive posts about Herbalife and its products, but also contains numerous insulting and offensive statements about Herbalife’s management team, its members, and even federal regulators,” the company said in the petition filed on Monday in Illinois.
Herbalife said the user’s tweets, accusing it of selling toxic and unregulated products, prejudice the company in its trade and are materially harmful to its reputation.
The company wants the court to order Twitter to preserve all information relating to the matter and also allow Herbalife to serve discovery upon Twitter, including document production requests.
“This is pretty straightforward. We are not going to sit back and let someone make false and defamatory statements about our company,” said Alan Hoffman, a representative for Herbalife.
The company’s online promotions in advance of the launch featured a mysterious high-end Android device. The marketing scheme paid off, according to Adam Zeng, CEO of ZTE’s mobile devices business, sparking media interest. It even caused some to wonder if the product was Korean-made, since Chinese brands have a low-end image to U.S. consumers, according to Zeng.
ZTE was happy to clear up any preconceived notions. “Chinese brands can also come out with top-tier products,” Zeng maintained.
The Axon is a premium handset that the company claims can rival flagship phones from Apple, Samsung and LG.
It is scheduled to go on sale in the U.S. in early August, and is already available for pre-order, with a no-contract price of $449. That’s about $200 less than an iPhone 6 when bought without carrier subsidies. But consumers are still getting the latest in smartphone technology.
For the Axon, this includes a 2560 by 1440 screen, an eight-core Qualcomm Snapdragon 810 processor, 4GB of RAM, all fitted in a sleek metal case with leather on the back cover.
Zeng noted that it took ZTE 18 months to develop the product. The company wanted to make sure it had everything, such as the ability to shoot 4K video, and a rear-facing camera with dual lenses.
ZTE kept pushing the phone’s launch date back to include more features, Zeng said. It also tapped talent from North America, hiring Seattle-based design firm Teague and former BlackBerry employees to help build the product.
ZTE has been expanding in the U.S., although competition remains stiff. In this year’s first quarter, it was ranked as the U.S.’s sixth largest smartphone vendor, with a 4.5 percent market share, according to research firm IDC. Industry leaders Apple and Samsung, on the other hand, have a combined market share of 62 percent.
Samsung has put 10nm FinFET in its roadmap to stop its customers migrating to TSMC.
There were some rumours that Samsung may alter its schedule in order to prevent clients that might consider switching to 10nm chips from TSMC as that outfit is expected to skip the 14nm process and go straight to 10nm
Kelvin Low from Samsung Foundry confirmed in a video posted on YouTube that Samsung has formally added 10nm FinFET into the process roadmap, for chip designers working in mobile, consumer or networking market segment the new chips will provide significant performance and power consumption improvements.
Samsung LSI division has already shown off its first 10nm wafers which was a symbolic message to major clients that Samsung is more than capable of getting its 10nm production lines up and running without much hassle. Low expected 10nm products to appear at the end of 2016