Eight months after admitting a major data breach, ride service Uber is focusing its legal efforts on obtaining more information about an internet address that it has persuaded a court could lead to identifying the hacker. That address, two sources familiar with the matter say, can be traced to the chief of technology at its main U.S. rival, Lyft.
In February, Uber revealed that as many as 50,000 of its drivers’ names and license numbers had been improperly downloaded, and the company filed a lawsuit in San Francisco federal court in an attempt to unmask the perpetrator.
Uber’s court papers claim that an unidentified person using a Comcast IP address had access to a security key used in the breach. The two sources said the address was assigned to Lyft’s technology chief, Chris Lambert.
The court papers draw no direct connection between the Comcast IP address and the hacker. In fact, the IP address was not the one from which the data breach was launched.
However, U.S. Magistrate Judge Laurel Beeler ruled that the information sought by Uber in a subpoena of Comcast records was “reasonably likely” to help reveal the “bad actor” responsible for the hack.
On Monday, Lyft spokesman Brandon McCormick said the company had investigated the matter “long ago” and concluded “there is no evidence that any Lyft employee, including Chris, downloaded the Uber driver information or database, or had anything to do with Uber’s May 2014 data breach.”
McCormick declined to comment on whether the Comcast IP address belongs to Lambert. He also declined to describe the scope of Lyft’s internal investigation or say who directed it.
Lambert declined to comment in person or over email.
Smartphone owners running Google’s Android operating system in more than 20 countries have been infected with a particularly aggressive malware program that bombards devices with unwanted advertisements.
Researchers from FireEye found that the malicious component, nicknamed Kemoge, has been seeded inside what appear to be legitimate apps offered on third-party application stores.
“This is another malicious adware family, possibly written by Chinese developers or controlled by Chinese hackers, spreading on a global scale that represents a significant threat,” wrote Yulong Zhang, a staff research scientist with FireEye.
Whomever created Kemoge repackaged legitimate apps with the malware and then promoted them on websites and through in-app ads to persuade people to download them.
Zhang listed a dozed affected apps: Sex Cademy, Assistive Touch, Calculator, Kiss Browser, Smart Touch, Shareit, Privacy Lock, Easy Locker, 2048kg, Talking Tom 3, WiFi Enhancer and Light Browser.
Third-party apps stores are considered risky places to download Android apps, as hackers frequently upload malicious apps to them. Google performs a security check on apps in its Play store, although harmful ones occasionally sneak in.
Kemoge not only displays unwanted ads, but it’s also loaded with eight root exploits that target a wide range of Android devices, Zhang wrote. A successful attack using those exploits means an attacker would have complete control over the device.
Kemoge will collect a device’s IMEI (International Mobile Station Equipment Identity) and IMSI (International Mobile Subscriber Identity) numbers, information on storage and apps, and send the information to a remote server.
That command-and-control server was still running, Zhang wrote. An analysis of traffic exchanged between an infected device and the server showed Kemoge also tries to uninstall antivirus apps.
FireEye came across an app called Shareit in Google’s Play store that was signed by the same digital certificate as the malicious one found on the third-party source.
The Google Play version of ShareIt did not have the eight root exploits or contact the command-and-control server, but it did have some of the same Kemoge code libraries. It now appears to be gone from Google Play.
Samsung is not doing that well in smartphones. To be fair, no one is, but Samsung has the ability to become something much more interesting – it could replace AMD as Intel’s rival.
Actually AMD is pretty cheap right now and if it was not for the pesky arrangement that prevents AMD’s buyer getting its x86 technology then it would have been snapped up a while ago. But with, or without AMD, Samsung could still make a good fist of chipmaking if it put its mind to it. At the moment its chipmaking efforts are one of the better things on its balance sheet.
Its high-margin semiconductor business is more than making up for the shortfall in smartphones. Selling chips to rivals would be more lucrative if they were not spinning their own mobile business. The products it have are worth $11.7 billion this year, more than half the company’s total.
Growing demand for chips and thin-film displays is probably the main reason that Samsung now expects operating profit to have reached $6.3 billion. After applying Samsung’s 16 percent corporate tax rate, its chip division is likely to bring in net income of slightly less than $10 billion.
To put this figure into perspective Intel expects to earn $10.5 billion in this year. Samsung is also sitting on a $48 billion net cash pile. Samsung could see its handset and consumer electronics business as a sideline and just focus on bumping off Intel.
The two sides of such a war would be fascinating. Intel has its roots in the PC chip market which is still suffering while Samsung is based in the mobile chip market which is growing. Intel has had no luck crossing into the mobile market, but Samsung could start looking at server and PC chips.
AMD is still dying and unable to offer Intel any challenge but there is a large market for those PC users who do not want to buy Intel. What Samsung should have done is use its huge cash pile to buy its way into the PC market. It might have done so with the IBM tech which went to Lenovo. It is still not out of the running on that front. Lenovo might be happy to sell IBM tech to Samsung.
Another scenario is that it might try to buy an x86 licence from Intel. With AMD dying, Intel is sitting on a huge monopoly for PC technology. It is only a matter of time before an anti-trust suit appears. Intel might think it is worthwhile to get a reliable rival to stop those allegations taking place. Samsung would be a dangerous rival, but it would take a while before it got itself established. Intel might do well to consider it. Of course Samsung might buy AMD which could sweeten that deal for Intel.
Samsung could try adapting its mobile chip technology for the PC/server market – it has the money to do it. Then it has a huge job marketing itself as the new Intel.
It might just work.
Dell Inc, the world’s third largest personal computer maker, is holding discussions to acquire data storage company EMC Corp, a person familiar with the matter said, in what could be one of the biggest technology deals ever.
A deal could be an option for EMC, under pressure from activist investor Elliott Management Corp to spin off majority-owned VMware Inc.
The terms being discussed were not known, but if the deal goes through it would top Avago Technologies’ $37 billion offer for Broadcom. EMC has a market value of about $50 billion.
Dell is also in talks with banks to finance an all-cash offer for EMC, the person told Reuters on condition of anonymity as the talks were confidential.
Dell spokesman David Flink and EMC spokesman Dave Farmer declined to comment.
A deal could further strengthen Dell’s presence among corporate clients at a time when founder Michael Dell has been trying to transform the company he founded in 1984 into a complete provider of enterprise computing services such as Hewlett-Packard Co and IBM.
The talks come two years after Michael Dell and private-equity firm Silver Lake took Dell private for $24.9 billion, ending its decades-long run as one of the world’s largest publicly traded PC makers.
In August, Re/code reported that EMC was contemplating a takeover by VMware. The Wall Street Journal reported last year that EMC was exploring options and had held talks with Dell and HP.
The move will allow AOL to target ads at visitors to its sites and others using information from Verizon’s databases as well as its own. According to Verizon’s October 2015 privacy notice, the targeting criteria include visitors address, email address, age range, gender, interests, location, mobile web browsing history and app usage. The company can also track some non-mobile web browsing, to sites carrying AOL ads, it said.
Verizon links all this information together using a patchwork of identifiers, including ad IDs from Apple and Google, browser cookies from AOL, and its own Unique Identifier Header (UIDH) which it adds to mobile data traffic on its network. It’s this last item that ads significantly to AOL’s ad targeting power, as it’s easy to delete or change the other identifiers.
It’s also now possible to opt out of Verizon’s UIDH system too, thanks to reporting by ProPublica, which earlier this year revealed that the company was still using the identifier to track users who had deleted it.
Concern about targeted advertising is rising, with an increasing number of Internet users opting out of advertising altogether through the use of ad-blocking software. Apple recently made it possible to download content blockers for its Safari browser on iOS, prompting a flurry of players to enter the market.
Some see such blockers as a tool to force the online advertising industry to change its ways. One, Eyeo, deliberately lets through certain ads, as long as they are unobtrusive. It introduced has its own iOS content blocker — but also taken steps to win over other developers to its platform by making its process for allowing some ads through the blocker more transparent.
Jim Zemlin, chief executive of the Foundation, said in his opening remarks that this year’s opening day falls on the 24th anniversary of Linux itself and the 30th of the Free Software Foundation, giving credit to delegates for their part in the success of both.
He also noted that research conducted into the value of the Linux codebase has shown that in the past few years the code has been worth over $5bn.
As part of the launch he also made three key announcements. Firstly, a workgroup is being created to standardise the future of the software supply chain. The Openchain workgroup is centred on creating best practices to ease compliance for open source developers and companies.
In doing so it is hoped that cost and duplication of effort can be reduced significantly, and in doing so ease friction points in the supply chain. The workgroup’s founder members include ARM, Cisco, NexB, Qualcomm, SanDisk and Wind River.
By providing a baseline process, which can then be customised according to customer need, Linux developers will have a basis for monitoring and developing compliance programmes.
Existing best practices such as Debian and the Software Package Data Exchange will be used as foundations for the framework.
The second announcement involves an acceleration to the process of real-time Linux development. the Real-Time Linux Collaborative Project will bring together industry leaders and thinkers to advance the type of tech that is crucial for areas such as robotics, telecom, manufacturing, aviation and medical industries.
Two of this morning’s keynotes centred around the ideas of real-time Linux. Sean Gauley, founder of big data analysts Quid, talked about the $300m spent on a new London to New York undersea cable to cut just five milliseconds off data speed, coupled with the seven minutes of downtime the New York Stock Exchange has to suffer while humans crunch the impact of a Treasury announcement.
The Real-Time Linux Collaborative Project brings together organisations as diverse as Google, Texas Instruments, Intel, ARM and Altera.
Thomas Gleixner of the Open Source Automation Development Lab has been made a Linux Foundation fellow in order to lead the process of integrating real-time code into the main Linux kernel, which Zemlin joked would be finished within six months.
In reality this is a long-term goal, albeit a highly achievable one that could revolutionise a number of key industries.
Finally, FOSSology, the open source licence compliance software project and toolkit founded by HP in 2007, is moving home to become part of the Linux Foundation. With it comes FOSSology 3.0, due for release this week.
“As Linux and open source have become the primary building blocks for creating today’s most innovative technologies, projects like FOSSology are more relevant than ever,” said Zemlin.
“FOSSology’s proven track record for improving efficiency in licence compliance is the perfect complement to a suite of open compliance initiatives hosted at the Linux Foundation. This work is among the most important that we all do.”
FOSSology allows companies to run licence and copyright scans in a single click, and generate a Software Package Data Exchange, or readme file.
By moving the project to the Linux Foundation, the toolkit is kept in neutral hands alongside other initiatives such as the Core Infrastructure Initiative, the Open Container Project and Dronecode.
Dronecode’s Loenz Meier spoke alongside Tully Foote of the Open Source Robotics Foundation about their quest to “take back” the term ‘drone’ from its negative military connotations.
The team, whose work in Switzerland dates back to “when they were still called model aircraft”, included information about Mavlink, the self-styled ‘HTML for drones’, and Robot Operating System, a meta operating system for autonomous devices.
The team has been concentrating primarily on using telemetry data to allow drones to navigate around objects, in a similar way to that being achieved by Google’s self-driving cars.
LinuxCon Europe runs until Wednesday, bringing together representatives from back bedroom developers to giant corporations like Facebook, all sharing a common goal to nurture the community which approaches its quarter century primed to take over even more aspects of our everyday lives – quiet, unassuming but always there.
Speakers this year include people from Suse, Red Hat, Google, Raspberry Pi and the godfather of Linux, Linus Torvalds.
The INQUIRER will be talking tomorrow to some top bods from the Linux community. So early to bed for us tonight and absolutely no Guinness.
Industrial devices need flash that can work harder and withstand more extreme temperatures than consumer gear, and they’ll be operating out in the field years after a typical phone or camera card has been replaced. So SanDisk is introducing a line of components built for the Internet of Things.
IoT is expected to put thousands of sensors, meters, robots and machines into the field with growing needs to process and store data.
The SanDisk Industrial line includes cards for the familiar SD, microSD and eMMC (embedded MultiMediaCard) standards, but built to tougher specifications.
For example, the SanDisk Industrial XT SD Cards and XT iNAND embedded flash drives announced Monday are rated to work in temperatures as low as -40 degrees Celsius (-40 Fahrenheit), compared with -25 Celsius for a typical consumer SD card.
The industrial cards can also write more data before they have to be replaced: as much as 128TB, far more than is typical for a consumer-grade part, said Martin Booth, director of SanDisk Industrial and SanDisk Automotive. This kind of endurance is what’s needed in IoT devices like remote video cameras that will capture video around the clock for as long as five years, he said. Otherwise they would have to be replaced more frequently, a costly proposition if the owner needs to send out a truck and a technician.
Another feature, Enhanced Power Immunity, will help prevent data loss in case of power failure. It uses special firmware for recovering data if the power is cut off, something ordinary flash cards may not be able to do if, for example, the user pulls a card out of a PC while it’s still transferring data.
The new parts range in size from 4GB or 8GB up to 64GB and will cost more than comparable consumer-grade products, but less than twice as much, Booth said.
Google, which has now transitioned into holding company Alphabet Inc, is in talks with messaging startup Symphony Communication Services LLC for a round of fundraising, a person familiar with the matter told Reuters.
Symphony’s chat service allows financial firms, corporate customers and individuals to put all of their digital communications on one centralized platform.
The talks are ongoing and no terms are finalized yet, the source added.
The Wall Street Journal, citing people familiar with the matter, reported earlier on Monday that Google invested in a new round of funding for Symphony that values the company at about $650 million.
The service is backed by Goldman Sachs Group Inc and other big Wall Street banks.
Goldman led a group of 14 banks including Bank of America Corp, Citigroup Inc and JPMorgan Chase & Co in making a $66 million investment in Symphony last October, when Symphony was set up. Symphony spokeswoman Samantha Singh declined to comment.
Many on Wall Street think of Symphony as a rival to Bloomberg LP and Thomson Reuters Corp, which provide messaging and information services for bankers, traders and investors.
Those terminals can cost tens of thousands of dollars per year for each customer.
Symphony is available to businesses with more than 50 users for $15 per user per month. Smaller businesses and individuals can use the tool for free.
Big data refers to companies or other institutions using digital information on consumer behavior from a wide variety of sources, such as their own databases, to make market predictions or spot patterns. The global financial services industry is expected to spend billions of dollars in coming years to improve their analysis capabilities.
But civil liberties campaigners have expressed concerns that use of such data could breach personal privacy. They also say it could be misused to discriminate against certain sections of the population in so-called profiling, for example based on age, gender, health or ethnic background.
The three EU financial regulators – the European Banking Authority, European Securities and Markets Authority, and European Insurance and Occupational Pensions Authority – will focus on the “opportunities and challenges” related to the use of big data, they said in a joint statement on Monday.
“The topic aims to analyze the adequacy of sectoral regulatory frameworks and identify any regulatory and/or supervisory measures which may need to be taken,” they added.
They will look into the matter in the coming year, but did give further details about the nature of the work or when they would announce findings.
Banks are hoping to use in-house data in better ways to spot fraudulent activities more easily, look at spending patterns to decide where to locate a new branch or personalize financial products.
Data hacked from Experian is already on sale on the dark web and is available for grabbing by bad actors, phishers, malware writers and ID thieves.
Security firm Trustev is credited with the dark web discovery, although is it very possible that the underworld got to it first. Trustev and the internet are calling the dump a fullz, which means that it contains a lot of personal information.
T-Mobile customers make up a chunk of the potentially affected 15 million victims. The firm’s CEO, John Legere, went ballistic about what happened.
“We have been notified by Experian, a vendor that processes our credit applications, that they have experienced a data breach,” he said in a statement.
“Obviously I am incredibly angry about this data breach and we will institute a thorough review of our relationship with Experian, but right now my top concern and first focus is assisting any and all consumers affected. I take our customer and prospective customer privacy very seriously.”
Experian has also gone public on this with a statement on its website, and has, perhaps ironically, offered to help victims sort their credit lives out.
“Experian North America today announced that one of its business units, notably not its consumer credit bureau, experienced an unauthorised acquisition of information from a server that contained data on behalf of one of its clients, T-Mobile USA,” the statement said.
“The data included some personally identifiable information for approximately 15 million consumers in the US, including those who applied for T-Mobile USA postpaid services or device financing from 1 September 2013 through 16 September 2015, based on Experian’s investigation to date. This incident did not impact Experian’s consumer credit database.”
The agency said that it acted quickly to fix the problem once it was discovered, and immediately told the authorities and began an investigation into the hows and the whys.
It is the crown jewels of data that has been lost. Experian fessed to a breach of “names, dates of birth, addresses and Social Security numbers and/or an alternative form of ID like a driver’s licence number, as well as additional information used in T-Mobile’s own credit assessment”.
Experian added that no payment card or banking information was lost to the hackers.
Affected punters are being contacted and will be offered credit services, including two years of credit monitoring (although this may have lost some of its shine), and some identity protection services through its own ProtectMyID service.
Experian recommended that these services are embraced. “Although there is no evidence to-date that the data has been used inappropriately, Experian strongly encourages affected consumers to enroll in the complimentary identity resolution services,” the firm said.
Craig Boundy, CEO of Experian North America, took the opportunity to apologise and remind people that the company takes privacy very seriously.
The company confirmed that it suffered a security breach over a period of several months from late 2013 to early 2014, affecting approximately 4.6 million customers. But in a statement, Scottrade said it had no idea that the breach had occurred until law enforcement officials told them about it.
The FBI notified Scottrade of the breach in August but asked that the company hold off on disclosing the attack until it had wrapped up another part of its investigation. The company was cleared to disclose the breach at the end of last week and began informing customers last Friday.
To its credit, Scottrade said that it believes attackers obtained only clients’ names and street addresses — not the social security numbers, email addresses and other sensitive data stored in the compromised system. According to the company, the attackers didn’t compromise Scottrade’s trading platforms, and clients’ funds were untouched.
People who had a Scottrade account prior to February 2014 may have been affected by the breach. Those people who Scottrade knows were affected will be notified of that by email. The company isn’t suggesting that users change their passwords, since it believes that they remained encrypted during the attack.
As is expected in these sorts of cases, Scottrade is offering affected customers a free year of identity theft protection. It’s not clear how much good that will do, since the data was taken more than a year ago, but offering that sort of service is something consumers expect from a breach response at this point.
Looking forward, the company said that it has secured the intrusion point the attackers used to get into its systems, and conducted an internal investigation with the help of an unnamed computer security firm. The company also said that it has further secured its network.
Beancounters from DRAM Exchange have added up some numbers and divided by their shoe size and worked out that sales of DRAM for notebooks and PCs suffered a downturn in September.
Analyst VP Avril Wu said that notebook shipments in the third quarter didn’t reach expectations, with the Windows 10 free upgrade hitting potential sales of new notebooks.
She added that sales of smartphones and servers were not much chop either and this eroded the margins of DRAM suppliers.
“If the global economy continues to stagnate, the end market will not generate the demand needed to effectively consume the new DRAM chips produced on advanced processes,” she muttered.
After shuffling her Tarot cards and chewing on a laurel leaf she predicted that prices will continue decline in the first half of next year in a way which is even worse than 2015.
Samsung, SK Hynix and Micron rule the DRAM market and they are moving production of the chips to 17 nanometres, meaning higher densities and better power efficiency next year. If the figures are this pants it will make their investment in the technology pretty wasted.
According to U.S. analytics company Net Applications, Windows 10′s user share — a measure of the fraction of unique users who ran the OS when they went online — grew 1.4 percentage points in September to 6.6%.
Microsoft launched Windows 10 on July 29, making September the second full month that the upgrade for Windows 7 or Windows 8.1 devices was available to download and install.
September’s user share increase was substantially smaller than August’s record setting 4.8 percentage points.
Windows 10 accounted for 7.3% of all Windows devices in September, a slightly higher number than its raw user share number because Windows powered “just” 90.5%, not 100%, of all systems tallied by Net Applications. During September, Windows 10′s share of all Windows devices climbed by 1.6 percentage points.
Net Applications’ data represented 110 million Windows 10 PCs, assuming a total of 1.5 billion Windows devices globally, the figure Microsoft typically trumpets.
Microsoft has not publicized a Windows 10 download or installed data point since late August, when it said that 75 million devices worldwide were running the OS.
Net Applications’ Windows 10 user share portrait backed up the findings of another analytics developer, Ireland’s StatCounter, which has also portrayed the OS’s growth as slowing after its first month of availability.
By StatCounter’s measurements, Windows 10 gained 5.9 percentage points ofusage share — more of an activity indicator, as it counts web page views by OS — in the first four weeks after its launch. During the most recent four weeks, or from Aug. 31 to Sept. 27, Windows 10 grew by a much smaller 1.4 points.
Net Applications’ numbers also validate the slowdown in a different way. During the final three weeks of August, an average of 1.8 million devices were added to Windows 10′s rolls daily. But in September, the average daily increase dropped to less than half of that, to about 794,000 devices.
Even so, Windows 10 continued to best Windows 7′s performance during a similar stretch. In 2009, the then-new OS had accumulated a 6.2% share of all Windows personal computers through its second full month, or more than a point under Windows 10 at the same post-launch moment.
With about 110 million devices now running Windows 10, Microsoft is at the 7% mark toward reaching its goal of putting the OS on 1.5 billion systems by mid-2018.
Big Blue Researchers have discovered a way to replace silicon semiconductors with carbon nanotube transistors and think that the development will push the industry past Moore’s law limits.
IBM said its researchers successfully shrunk transistor contacts in a way that didn’t limit the power of carbon nanotube devices. The chips could be smaller and faster and significantly surpass what’s possible with today’s silicon semiconductors.
The chips are made from carbon nanotubes consist of single atomic sheets of carbon in rolled-up tubes. This means that high-performance computers may well be capable of analysing big data faster, and battery life and the power of mobile and connected devices will be better. The advance may enable cloud-based data centres to provide more efficient services, IBM claims.
Moore’s law, which has for years governed the ability of the semiconductor industry to double the processing power of chips every 24 months is starting to reach the limits of physics when it comes to doubling the power of silicon chips. This could mean a slowing of significant computing performance boosts unless someone comes up with something fast.
IBM researchers claim to have proved that carbon nanotube transistors can work as switches at widths of 10,000 times thinner than a human hair, and less than half the size of the most advanced silicon technology.
The latest research has overcome “the other major hurdle in incorporating carbon nanotubes into semiconductor devices which could result in smaller chips with greater performance and lower power consumption,” IBM said.
Electrons found in carbon transistors move more efficiently than those that are silicon-based, even as the extremely thin bodies of carbon nanotubes offer more advantages at the atomic scale, IBM says.
The new research is jump-starting the move to a post-silicon future, and paying off on $3 billion in chip research and development investment IBM announced in 2014.
GE, in partnership with The Slate Group’s podcast network Panoply, is running “The Message,” a fictional eight-episode podcast that will follow the decoding of a 70 year-old message from outer space. The cryptologists decoding the message turn to a real ultrasound technology developed by GE to decode the messages.
“It’s science fiction meets real science,” said Andy Goldberg, GE’s global creative director.
The idea for the series stemmed from the company’s historic “GE Theater” television series, which was hosted by Ronald Reagan, then an actor, in the 1950s.
GE is producing its own podcast series, rather than running ads on other podcasts because it specifically does not want the shows to come off as advertising, but rather as a way to raise brand awareness, Goldberg said. The 40-60 minute spots, which begin Oct. 4, will be advertisement-free and will be available for download for free. Goldberg declined to comment on how much GE is spending on the podcasts.
GE is among a number of firms whose interest in podcasts has increased since last year’s airing of “Serial,” the hit podcast chronicling a murder investigation.
“It flipped a switch for us that podcasting was no longer going to be informational pieces but could be entertainment,” Goldberg said.
Podcasts are a small, but growing part of the digital media marketplace. Seventeen percent of teens and adults listen to one podcast per month, up from 15 percent last year, according to Edison Research.
The medium has gotten so much initial interest, that the Interactive Advertising Bureau held its first “podcast upfronts,” for companies to promote their podcasts to advertisers in September.
While GE’s move is novel, it is likely that more advertisers will follow rather than just run ads during podcasts, said eMarketer analyst Paul Verna. It is like the next iteration of “native advertising,” where companies create sponsored content to promote their offerings, he said.