Credit and debit card information belonging to customers made purchases at 51 UPS Store Inc. locations in 24 states this year may have been illegally accessed as the result of an intrusion into the company’s networks.
In a statement on Wednesday, UPS said it was recently notified by law enforcement officials about a “broad-based malware intrusion” of its systems.
A subsequent investigation by an IT security firm showed that attackers had installed previously unknown malware on systems in more than four-dozen stores to gain access to cardholder data. The affected stores represent about 1% of the 4,470 UPS Store locations around the country.
The intrusion may have exposed data on transactions conducted at the stores between Jan. 20 and Aug. 11, 2014. “For most locations, the period of exposure to this malware began after March 26, 2014,” UPS said in a statement.
In addition to payment card information, the hackers also appear to have gained access to customer names, as well as postal and email addresses.
Each of the affected locations is individually owned and runs private networks that are not connected to other stores, UPS added. The company provided alist of affected locations.
The breach is the third significant one to be disclosed in the past week. Last Thursday, grocery store chain Supervalu announced it had suffered a malicious intrusion that exposed account data belonging to customers who had shopped at about 180 of the company’s stores in about a dozen states. The breach also affected customers from several other major grocery store chains for which Supervalu provides IT services.
SanDisk has updated its consumer solid-state disk (SSD) drive aimed at laptop upgraders.
Sandisk claims that the Ultra II SSD improves PC performance by up to 28 times and adds 15 percent to battery life. The drive also has an improved SSD Dashboard that offers firmware upgrades, security and cloning facilities in one user interface.
“We live in an era where we expect to have information at our fingertips anytime, anywhere, with technology that keeps us connected to both our personal and work lives on devices that won’t fail,” said Sandisk VP of retail product marketing Dinesh Bahal.
“The new Sandisk Ultra II SSD, together with the improved SSD Dashboard, provides consumers with an easy, affordable way to ensure that their PC can keep pace with their increasingly connected, information-driven lifestyle.”
The Sandisk Ultra II comes in capacities from 120GB up to 960GB with prices ranging from €75 to €409. UK prices are yet to be announced.
Under the hood is an X3 NAND flash array with Sandisk’s nCache 2.0 technology, which uses two tiers of caching. As with most SSDs, the drive is shock resistant. Read speed is 550MBs with write speed of 500MBs delivered in a 2.5″ drive with a 6Gbps SATA3 interface.
Although the drive is guaranteed for three years, its Mean Time Between Failure rating (MTBF) is 1.75 million hours, suggesting that for everyday use it will work a great deal longer.
The Sandisk Ultra II sits alongside the recently released Extreme Pro, a gaming SSD with similar specifications but a slightly faster write speed.
Sandisk has been aggressively expanding its range of solid-state products during 2014 with the first 4TB SSD drive, the Optimus Max premiering in April and the X300s for enterprise laptops in May.
Snapchat Inc, creator of a mobile app that allows users to send messages that disappear within seconds, may be looking to expand its service to videos, news articles and advertisements, the Wall Street Journal is reporting.
The California-based company is currently in talks with advertisers and media companies about a service called Snapchat Discovery, the Journal reported, citing sources.
Snapchat Discovery, rumored to debut in November, will show content and ads to Snapchat users, the Journal quoted the sources as saying.
At least a dozen media companies have shown interest in providing content for Snapchat Discovery, the Journal said.
Snapchat Discovery will allow users to read publications and watch video clips by holding down a finger on the screen, as they do with photos and other messages on the app, the report said.
Snapchat, popular among teenage users, was not immediately available for comment outside regular business hours.
The vulnerability means that on the surface, it looks like the popups and advertisements are coming from the websites users are visiting, when they are actually coming from the fake Evernote web extension.
Researchers at the company discovered the vulnerability in a “multi-plug .PUP” file, which installs the fake Evernote browser extension.
A PUP file is one that has the .pup file extension and is most commonly associated with the Puppy Linux operating system. PUP files run when an installer program is opened on the user’s computer and they are similar to the installer.exe files that are used with Windows applications.
“A quick look shows the PUP is digitally signed by ‘Open Source Developer, Sergei Ivanovich Drozdov’, although the certificate has since been revoked by the Issuer. This serves as another reminder that you can’t always trust a program just because it’s digitally signed,” said Malwarebytes malware intelligence analyst Joshua Cannell.
“Clicking ‘Visit website’ directs the user to the Chrome webstore page for the actual Evernote Web extension,” Cannell added. “Chrome believes the real extension is installed, as verified by the Launch App button. When clicking this button with the fake extension installed, nothing happens, whereas normally the user is met with an Evernote login screen.”
Cannell explained that this is because the extension uses a content script to run in the context of the webpages a user browses.
“The content script is guaranteed to be loaded into every web page using the extension manifest (manifest.json). When visiting webpages, you’ll get a series of annoying advertisements, all leading to potentially more unwanted programs and offers,” he added.
To remove the extension, Chrome users need to visit the extensions tab in the browser and click the picture of a garbage can.
Evernote hit the headlines for its security concerns last year when it emerged that its network had been compromised by hackers.
The online note-taking service issued a password reset for all users after the discovery. It said that it “discovered and blocked” suspicious activity on its network, but claimed that no user data was compromised during the intrusion.
“In our security investigation, we have found no evidence that any of the content you store in Evernote was accessed, changed or lost,” Evernote said.
The National Highway Traffic Safety Administration (NHTSA) is seeking input about a possible federal standard for vehicle-to-vehicle (V2V) technology, which would allow cars to automatically exchange information, such as whether they’re close to each other. The agency will accept comments from the public and industry for 60 days from when the advance notice of proposed rulemaking (ANPRM) is published in the Federal Register.
V2V would let cars do some of the work of driving or even accomplish things humans can’t, such as virtually “seeing” into blind intersections before entering them. It may be one step on the path to self-driving cars.
On Monday, the NHTSA published a research report on V2V and issued an ANPRM in hopes of collecting a lot of feedback before issuing a full NPRM in 2016. In the report, it estimated the safety benefits of just two possible applications of V2V, called Left Turn Assist and Intersection Movement Assist. Together, they could prevent as many as 592,000 crashes and save 1,083 lives per year, the agency said.
Neither system would necessarily take control of a car. Left Turn Assist would warn drivers not to turn left into the path of an oncoming car, and Intersection Movement Assist would warn them not to enter an intersection when there’s a high probability of crashing into other vehicles there. The two technologies could help drivers avoid more than half of those types of crashes, the agency said. Other V2V systems could include blind spot, do not pass, and forward collision warnings, as well as stop light and stop sign warnings.
“V2V technology represents the next great advance in saving lives,” U.S. Transportation Secretary Anthony Foxx said in a press release.
In addition to improving safety, V2V might smooth the flow of traffic and improve cars’ fuel economy, the NHTSA said.
V2V would run over wireless networks using the IEEE 802.11p specification, a variant of the standard used for Wi-Fi, on a band of spectrum between 5.85GHz and 5.925GHz. That’s crucial to making the technology work between vehicles from different manufacturers, NHTSA said. V2V doesn’t identify individual vehicles, nor does it collect or share personal information about drivers, and it would have layers of security and privacy technology to protect users, the agency said.
Sprint Corp unveiled a new pricing plan that gives customers 20 gigabytes of data and up to 10 lines for $100, doubling its data offerings, the latest in a series of cuts and promotions that is re-shaping the wireless industry.
Sprint’s chairman, business tycoon Masayoshi Son, is betting new prices will revive a carrier hampered by an expensive network overhaul and rising competition.
“The message is simple: We are back in the game. We are going to offer most competitive value for American consumers,” Marcelo Claure, Sprint’s newly appointed chief executive told Reuters in an interview.
The company will release new plans for individuals later this week.
The announcement marks the first move for the new CEO, who last week said cutting prices would be his top priority.
The move comes after Verizon slashed prices for its unlimited talk and text plan and T-Mobile expanded its family plan to 6 lines and could signal more price cuts ahead for the industry as a whole.
Sprint is going it alone after scuttling a months-long effort to pursue a merger with No. 4 U.S. cellular provider T-Mobile US Inc.
Last year, an aggressive campaign by T-Mobile to address subscriber frustrations and lower prices sparked a domino effect that caused the U.S. top four carriers to restructure pricing plans and cut rates to lure customers in a nearly saturated market.
But analysts worry the industry’s latest discount spree could increase pressure on already tight margins and rattle dividends.
While top carriers and Verizon have largely been able to mitigate the impact of T-Mobile’s discounts on their subscriber base, they would likely have to respond to price cuts at Sprint with steep discounts of their own to keep subscribers from migrating, analysts said.
“We will see a trickle down in pricing concessions across the industry. This is the start of a price war many anticipated would be coming,” said Angelo Zino, analyst at S&P Capital IQ.
New pricing plans that charge customers separately for the cost of their devices have somewhat offset price cuts this year, Zino said, but if the discounts continue, they could pose a long-term threat to the dividends.
Community Health Systems Inc., one of the largest U.S. hospital groups, is reporting that it was the victim of a cyber attack from China, resulting in the theft of Social Security numbers and other personal data belonging to 4.5 million patients.
Security experts said the hacking group, known as “APT 18,” may have links to the Chinese government.
“APT 18″ typically targets companies in the aerospace and defense, construction andengineering, technology, financial services and healthcare industry, said Charles Carmakal, managing director with FireEye Inc’s Mandiant forensics unit, which led the investigation of the attack on Community Health in April and June.
“They have fairly advanced techniques for breaking into organizations as well as maintaining access for fairly long periods of times without getting detected,” he said.
The information stolen from Community Health included patient names, addresses, birth dates, telephone numbers and Social Security numbers of people who were referred or received services from doctors affiliated with the hospital group in the last five years, the company said in a regulatory filing.
The stolen data did not include medical or clinical information, credit card numbers, or any intellectual property such as data on medical device development, said Community Health, which has 206 hospitals in 29 states.
The attack is the largest of its type involving patient information since a U.S. Department of Health and Human Services website started tracking such breaches in 2009. The previous record, an attack on a Montana Department of Public Health server, was disclosed in June and affected about 1 million people.
Chinese hacking groups are known for seeking intellectual property, such as product design, or information that might be of use in business or political negotiations.
Social Security numbers and other personal data are typically stolen by cybercriminals to sell on underground exchanges for use by others in identity theft.
Over the past six months Mandiant has seen a spike in cyber attacks on healthcare providers, although this was the first case it had seen in which a sophisticated Chinese group has stolen personal data, according to Carmakal. Mandiant monitors about 20 hacking groups in China.
Security software expert and on-the-run murder suspect, John McAfee has taken time from his busy schedule to warn the world about the perils of Googling.
McAfee has called upon people to resist Google to protect their privacy saying that the search engine appears to believe that if people have nothing to hide they have nothing to fear.
“If everybody knew everything about everybody else, what would human behaviour become? You need to think this through,” he said.
He said that people could not have intrusions into our lives and still have freedom. McAfee added that Freedom was all he had.
“And it’s all you have, if you think about it.”
We thought about it and came to the conclusion that we have a lot of things which are not defined by the fact that Google can see us. But hey, we don’t have Belize wanting us to help them with their inquiries.
ZDNet’s Mary Jo Foley, citing unnamed sources, said that Microsoft will deliver a “technical preview” of Threshold late in September or early in October. Previously, Foley had reported that Microsoft would offer a preview of some kind this fall.
Threshold may be officially named “Windows 9″ by Microsoft — the company has said nothing about either the code name or labeled the next iteration of its desktop and tablet OS — although there are arguments for dumping a numerical title because of the possible association with Windows 8, which has widely been pegged as a failure.
“Technical Preview” is a moniker that Microsoft has used in the past for its Office suite. For both Office 2013 and Office 2010, Microsoft used the term to describe an invitation-only sneak peek. Both application suites were later released as public betas prior to their official launch.
Windows, however, has used a different nomenclature. For 2012′s Windows 8, Microsoft called the early looks ”Developer Preview,”"Consumer Preview” and “Release Preview,” all open to everyone. The first was analogous to an alpha, the second to a beta, and the third to a done-but-not-approved release candidate.
Windows 7, however, had used the more traditional “Beta” to describe the first public preview in early 2009. The previous fall, when Microsoft unveiled Windows 7, the firm had seeded an invite-only “pre-alpha” version, also dubbed a Developer Preview, of the OS to programmers and some influential bloggers.
Within hours, the Windows 7 Developer Preview leaked to file-sharing websites. Microsoft may have changed its practices for Windows 8, letting anyone download the first preview, because of the inevitably of leaks.
In an update to her blog of earlier today, Foley added that the “Technical Preview” nameplate notwithstanding, Microsoft would allow anyone to download Threshold/Windows 9 when it becomes available in the next few weeks.
If Microsoft does ship a preview soon and sets its sights on a second-quarter 2015 final release, it will have significantly accelerated the tempo from past practice. With Windows 7 and Windows 8, Microsoft offered its first previews 12 and 13 months, respectively, and the public beta 8 or 9 months, before launching the operating system.
Eight or nine months from September would be May or June 2015; that, however, assumes that the Technical Preview is of beta quality. The name itself hints at something less.
Microsoft appears eager to put Windows 8 behind it. It has stopped beating the drum about the OS and recently announced that it would not issue any additional major updates. Instead, the firm said last week, it will include improvements or new features in small packets using the same Windows Update mechanism that regularly serves security patches.
The storage of user data in China represents a departure from the policies of some technology companies, notably Google Inc, which has long refused to build data centers in China due to censorship and privacy concerns.
Apple said the move was part of an effort to improve the speed and reliability of its iCloud service, which lets users store pictures, e-mail and other data. Positioning data centers as close to customers as possible means faster service.
The data will be kept on servers provided by China Telecom Corp Ltd, the country’s third-largest wireless carrier, Apple said in a statement.
“Apple takes user security and privacy very seriously,” it said. “We have added China Telecom to our list of data center providers to increase bandwidth and improve performance for our customers in mainland china. All data stored with our providers is encrypted. China Telecom does not have access to the content.”
A source with knowledge of the situation said the encryption keys for Apple’s data on China Telecom servers would be stored offshore and not made available to China Telecom.
Apple has said it has devised encryption systems for services such as iMessage that even Apple itself cannot unlock. But some experts expressed scepticism that Apple would be able to withhold user data in the event of a government request.
“If they’re making out that the data is protected and secure that’s a little disingenuous because if they want to operate a business here, that’d have to comply with demands from the authorities,” said Jeremy Goldkorn, director of Danwei.com, a research firm focused on Chinese media, internet and consumers.
“On the other hand if they don’t store Chinese user data on a Chinese server they’re basically risking a crackdown from the authorities.”
Goldkorn added that data stored in the United States is subject to similar U.S. regulations where the government can use court orders to demand private data.
A spokesman for China Telecom declined to comment.
Chip-equipment maker Applied Materials has surprised most of the cocaine nose jobs of Wall Street with a better-than-expected third-quarter profit. It appears that contract manufacturers are spending more on technology used to make smartphone and memory chips.
The company also forecast current-quarter adjusted profit largely above analysts’ average estimate. Chief Executive Gary Dickerson said that demand for DRAM chips is expected to grow in the current quarter.
Applied Materials, which also provides equipment to make flat panel displays and solar cells, forecast an adjusted profit of 25-29 cents per share for the fourth quarter. Wall Street was expecting a profit of 26 cents per share.
Applied Materials expects revenue growth of about 10 to 17 percent, implying revenue of $2.19 billion to $2.33 billion for the quarter. Analysts on average were expecting $2.28 billion. Applied Materials’ net income rose to $301 millionin the third quarter ended July 27, from $168 milliona year earlier. Revenue rose 14.7 percent to $2.27 billion.
Revenue in the company’s silicon systems business, which brings in about two-thirds of total sales, rose 16 percent to $1.48 billion.
SMS Audio’s BioSport In-Ear Headphones, announced at an event will tell you. The headphones are good for people who work out as well as those who just want to check their heart rate, said Brian Nohe, president of SMS Audio, which was founded by rapper 50 Cent, who is the majority owner.
50 Cent, whose real name is Curtis Jackson, wanted headphones with top-quality audio, fit, form and functionality, Nohe said. The rapper, along with New York Knicks forward Carmelo Anthony, who is the minority owner of SMS, were scheduled to appear at the event.
The headphones have sensors to measure the heart rate of users, drawing power from a smartphone through an audio jack. No batteries are required. SMS Audio is using technology from Intel in the headphones.
“Open the box, plug it into your smartphone device and it works,” Nohe said.
The earphones will ship worldwide in the fourth quarter this year. The price will be announced later.
The headphones will work with RunKeeper, a popular Android and iOS fitness application that assembles and tracks fitness data.
“The general marketplace is ripe for having more products in this area,” Nohe said. “We understood what was happening with wearable technology and what was going on with biometrics.”
The engineering challenge for Intel was how to draw power and transfer data through an audio jack. Intel also had to figure out the frequencies at which to handle data transfers. The goal was to deliver accurate heart-rate readings.
“It’s a seemingly easy thing to explain, but hard to implement,” said Mike Bell, vice president and general manager of the New Devices Group at Intel.
Intel didn’t want to use Bluetooth or other wireless technologies to transfer data, Bell said. Those technologies would require batteries and not fit well within the small size of headphones.
“The best technology is invisible. It’s as much form as it is function,” Bell said. “That’s the road we’re going down.”
Beyond tracking heart rate, headphones could also be enabled to capture more health information, the executives said. Other opportunities are being explored by SMS Audio and Intel.
“You don’t start a strategic alliance and become a one-trick pony,” Nohe said.
The headphone space has gotten attention lately because of Apple’s $3 billion purchase of Beats Audio, founded by Dr. Dre and Jimmy Iovine.
Sprint didn’t deny the report of Marcelo’s comments. A spokesman also confirmed Friday that Sprint is “focusing on providing the best value in the market.”
According to the account of Claure’s comments, he told workers, “We’re going to change our plans to make sure every customer in America thinks twice about signing up to a competitor.” The report, which first appeared in LightReading.com, also said that “very disruptive” rate plans are coming this week.
Sprint didn’t dispute Light Reading’s report, but a spokesman said Sprint is not commenting on “any potential pricing plans before they are announced.”
The spokesman, Doug Duvall, said Marcelo held his first all-employee town hall meeting before a standing-room-only crowd. He added: “He shared his passion for his family, work and soccer team and his commitment to leading Sprint. He discussed Sprint’s challenges and pledged to get Sprint ‘back in the game’ by focusing on providing the best value in the market, completing our network build and optimizing Sprint’s cost structure.”
By confirming Sprint wants to offer the “best value in the market,” it’s pretty clear that Sprint, the third-largest U.S. carrier, will soon wage a price war with the T-Mobile, the fourth-largest U.S. carrier that has quickly been gaining on Sprint.
Analysts recently said Sprint’s recent “Framily plan” isn’t competitive in the market, which former CEO Dan Hesse acknowledged in late July before his departure on Monday.
The Sprint Framily plans costs $160 a month for 4GB of data, but comes with overage charges and won’t allow tethering. Meanwhile, T-Mobile has a family plan offered through September that costs $100 a month for four lines and 10GB of data, although each line is limited to 2.5GB.
Hesse had earlier described subscriber plans Sprint was testing that have tiers of data and unlimited data.
According to Light Reading, Claure also told employees that price cuts are needed because Sprint’s network isn’t at the level of performance and reach that it should be. “When you have a great network, you don’t have to compete on price,” he reportedly said. “When your network is behind, unfortunately you have to compete on value and price.”
OCZ is launching a brand-new series of solid state drives today, targeted squarely at budget-conscious, mainstream consumers and significantly drops the cost of SSDs.
The move which is seen as being forced on the company by Intel’s own price cuts mean a change in OCZ’s strategy. Last month Intel announced the specs and pricing of its next-generation X25-M drives. Intel will sell a 80GB drive to sell for $225 and the 160GB drive to sell for $440.
The move meant that OCZ, whose cheapest high performance drives would now be more expensive than Intel’s X25-M. Now OCZ has released the ARC 100 range and OCZ remains to be one of the only manufacturers that reports steady-state performance for client drives. The biggest difference to Vector 150 and Vertex 460 is in the NAND department as the ARC 100 uses Toshiba’s second generation 19nm NAND.
OCZ is rating the ARC 100 at the same 20GB of writes per day for three years as the Vertex 460, although the ARC 100 is slightly slower in performance and drops bundled cloning software and 3.5″ adapter. OCZ said that the smaller cell size of the NAND, meant that OCZ is able to price the ARC 100 more aggressively. At higher capacities, OCZ is able to hit the $0.50/GB mark and the ARC 100 is price competitive.
The ARC 100 also ships without any sort of accessory bundle, to bring costs down.
The company said the new functionality makes using Bing more like “having a conversation.”
It lets you ask questions sequentially that build off each other, so you don’t have to keep repeating the topic you’re asking about.
For instance, if you ask Bing, ”Who wrote Dracula”? “Bram Stoker” pops up at the top of the screen. You can then ask, “Where was he born,” and it gives the answer “Dublin, Ireland.”
Microsoft said it answers the questions by combining “conversational understanding” with its database of knowledge about people, places and things.
It comes as Bing’s largest competitor, Google, is working to make its own search engine better at understanding queries in natural language.
Google also has a conversational search mode that works in a similar way, though currently it only works when doing voice searches in Chrome and in Google’s mobile search app.
Bing’s new feature works well, and you can take the questions far. After asking about Bram Stoker “Where was he born,” you can also ask, “When did he die?” Answer: April 20, 1912. Or, “How did he die?” Syphilis. (But, asking simply “how?” did not work as well.)
In Bing, the feature works on the desktop as well as on mobile devices.
Microsoft has worked to make Bing more useful over the years, partly by integrating a wider range of information from outside sources into results. Data from social sites like Twitter and Facebook plays a part in this, as well as data from services like IMDB and Netflix.
Earlier this year Bing expanded its index of the Web to include more information about professionals like doctors, lawyers and real estate.
With nearly 70 percent market share in the U.S., Google is still by far the dominant player in search, according to comScore. Microsoft’s Bing has just under 20 percent share.
But Bing’s new feature could give it a leg up against Google when it comes to search, at least for now.