Computer Emergency Response Team (US-CERT) has warned that industrial control systems (ICS) in the US have been compromised by the BlackEnergy malware for at least two years.
The BlackEnergy family of malware is believed to be the same used in the cyber attack against Georgia in 2008.
It uses a malicious decoy document to hide its activities, making it easier for the hackers to mount follow-up attacks.
US-CERT said the malware campaign is sophisticated and “ongoing”, and attackers taking advantage of it have compromised unnamed ICS operators, planting it on internet-facing human machine interfaces (HMI) including those from GE Cimplicity, Advantech/Broadwin WebAccess, and Siemens WinCC.
It is currently unknown whether other vendors’ products have also been targeted, according to US-CERT.
“At this time, Industrial Control Systems-CERT has not identified any attempts to damage, modify or otherwise disrupt the victim systems’ control processes,” said the team in an alert.
“ICS-CERT has not been able to verify if the intruders expanded access beyond the compromised HMI into the remainder of the underlying control system.
“However, typical malware deployments have included modules that search out any network-connected file shares and removable media for additional lateral movement within the affected environment.”
US-CERT describes the malware as “highly modular”, and said that not all functionality is deployed to all victims.
An analysis run by the team identified the probable initial infection vector for systems running GE’s Cimplicity HMI with a direct connection to the internet.
“Analysis of victim system artefacts has determined that the actors have been exploiting a vulnerability (CVE-2014-0751) in GE’s Cimplicity HMI product since at least January 2012,” the alert read.
On Monday, US-CERT also warned of attacks spreading the Dyre banking malware, which steals victims’ credentials.
The department said that, since mid-October, a phishing campaign had targeted “a wide variety of recipients”, but elements, such as the exploits, email themes, and claimed senders of the campaign, “vary from target to target”.
“A system infected with Dyre banking malware will attempt to harvest credentials for online services, including banking services,” the alert warned.
Amazon is persisting in buying content to round out its service, with designs to take on Netflix Inc and other online digital media services. But that increasing spending has helped keep the company in the red, inviting criticism from investors.
Audible, the audiobooks service it bought in 2008 for $300 million, is picking up the 10-person company for an undisclosed sum. Audible founder and Chief Executive Donald Katz said in a statement on Monday the company had been attracted by Rooftop’s content as well as its pool of comic talent.
Rooftop records comedians at clubs across the country and licenses the digital rights to thousands of hours of comedy, which is broadcast either live or later on demand. The company’s media partners include Apple Inc and Yahoo, and it also works with streaming services such as Sirius XM, Spotify and Pandora.
Its content now becomes part of Audible, itself a fast-growing seller of online audiobooks, and vastly increases Rooftop’s audience, said Rooftop Chief Executive Officer Will Rogers.
Amazon is expected to continue acquiring digital content at a rapid clip. In past years, it began investing heavily to branch out from its online retail roots, delving into Hollywood-style content production as well as developing a line of tablets, smartphones and set-top boxes to accelerate the sale of digital content.
For the three months ending Sept. 30, Microsoft recorded $908 million in revenue for the Surface tablet line, an increase of 127% over the same quarter in 2013. The nearly one billion in revenue was a one-quarter record for the Surface, and beat the combined revenue of the previous two quarters.
Using information in Microsoft’s filing with the U.S. Securities and Exchange Commission (SEC), as well as data from earlier quarters, Computerworld calculated the quarter’s cost of that revenue at $786 million, leaving a gross margin of $122 million. Cost of revenue is the cost to make and sell a product, but excludes expenses such as advertising and R&D.
Microsoft said that the Surface line posted a positive gross margin — implying that outside estimates of prior losses were correct — but did not disclose a dollar figure.
According to Computerworld‘s estimate, the margin was small, about 13.4%. That’s more than the average for a Windows personal computer, but less than half or a third of the margins on tablets like Apple’s iPad.
It was even smaller by the figuring of Jan Dawson, principal analyst at Jackdaw Research, who has also used Microsoft’s SEC filings to estimate the Surface’s cost of revenue. He pegged the September quarter’s cost of revenue at $825 million, the gross margin at $83 million, and the margin rate at just 9.1%.
“That’s a gross margin … which is not earth-shattering and in fact about half the gross margin of the phone business at Microsoft. But it’s progress,” Dawson wrote on his blog, where he published his analysis of Surface’s financial performance.
Since its October 2012 introduction, Surface has been a money pit for Microsoft, in the hole to the tune of $1.73 billion through its first seven quarters. With the September quarter in the black, those overall losses have been reduced to about $1.6 billion.
Over the last four quarters, Surface also remained in the red, with losses of $325 million on revenue of $2.7 billion. Put another way, for each dollar Microsoft earned on Surface sales, it lost about 12 cents.
The company that owns Chili’s Grill & Bar also said it will complete a tablet ordering system rollout next month at its U.S. restaurants. Applebee’s announced last December that it would deliver tablets to 1,800 restaurants this year.
The pace of self-ordering system deployments appears to be gaining speed. But there’s a political element to this and it’s best to address it quickly.
The move toward more automation comes at the same time pressure to raise minimum wages is growing. A Wall Street Journal editorial this week, “Minimum Wage Backfire,” said that while it may be true for McDonald’s to say that its tech plans will improve customer experience, the move is also “a convenient way…to justify a reduction in the chain’s global workforce.”
The Journal faulted those who believe that raising fast food wages will boost stagnant incomes. “The result of their agitation will be more jobs for machines and fewer for the least skilled workers,” it wrote.
The elimination of jobs because of automation will happen anyway. Gartner says software and robots will replace one third of all workers by 2025, and that includes many high-skilled jobs, too.
Automation is hardly new to retail. Banks rely on ATMs, and grocery stores, including Walmart, have deployed self-service checkouts. But McDonald’s hasn’t changed its basic system of taking orders since its founding in the 1950s, said Darren Tristano, executive vice president of Technomic, a research group focused on the restaurant industry.
The move to kiosk and mobile ordering, said Tristano, is happening because it will improve order accuracy, speed up service and has the potential of reducing labor cost, which can account for about 30% of costs. But automated self-service is a convenience that’s now expected, particularly among younger customers, he said.
“It’s keeping up with the times, and the (McDonald’s) franchises are going to clamor for it,” said Tristano, who said any labor savings is actually at the bottom of the list of reasons restaurants are putting in these self-service systems.
Market research firm Gartner surveyed 4,300 U.S. consumers in June who work at large companies (with more than 1,000 employees) and found 40% used personally owned smartphones, tablets, laptops or desktops as a primary or supplemental business device.
That 40% might not be unusual, but more surprisingly, Gartner found that 45% of workers not required to use a personal device for work were doing so without their employer’s knowledge.
“Almost half [are using their device] without their employer’s awareness,” said Gartner analyst Amanda Sabia in an interview.
“Are those without employer’s awareness violating a rule? That would depend on the employer,” Sabia added. “The point is that some CIOs are underestimating [the number of] employees using their devices and should be prepared for this.”
The Gartner survey found the most popular personally owned device used for work was a desktop computer, at 42%, closely followed by a smartphone, at 40%, a laptop, at 36%, and a tablet, at 26%.
“The lines between work and play are becoming more and more blurred as employees choose to use their own device for work purposes whether sanctioned by an employer or not,” Sabia said. “Devices once bought for personal use are increasingly used for work.”
The Korean chip maker said the 20nm production process had been expanded from its PC and mobile memory markets to the enterprise server market with these fresh components, which it began producing earlier this month.
The new 32GB module offers a data transfer rate per pin of up to 2,400Mbps, equating to a 29 percent performance increase when compared with a DDR3 1866 server module, Samsung claimed. The firm is also planning on increasing the speed of the DDR4 modules further to 3,200Mbps.
Using the new 8Gbit DDR4 components, Samsung is initially delivering 32GB registered Dimms, but said the chips will allow production of future server modules with a capacity of up to 128GB by applying 3D through-silicon via technology to manufacture the chips.
“Our new 20nm 8Gbit DDR4 Dram more than meets the high performance, high density and energy efficiency needs that are driving the proliferation of next-generation enterprise servers,” said Samsung’s VP of memory marketing, Jeeho Baek.
As well as increased performance, the new DDR4 chips are touted as offering improved error correction features for greater memory reliability in enterprise servers.
The new DDR4 chip and modules use 1.2v, which is currently the lowest possible voltage.
Samsung’s 20nm chips follow Intel’s launch of the Xeon E5-2600 v3 family last month, which were the first server processors from the chipmaker to support the new memory standard.
As detailed in a Google security blog post, a compatible USB Security Key can now be used to log-in to Google accounts with two-step authentication.
The addition of the USB Security Key, Google claims, ensures that the log-in website is an actual Google website and not a fake.
Two-step authentication normally asks the user to enter a secret code sent to their phone in addition to entering their password online.
This process prevents potential attackers using passwords that might have been stolen or guessed in order to impersonate account holders, as presumably they won’t have the user’s phone to enter the code.
The USB Security Key adds another layer of protection to the process. Instead of entering a secret code, the user can simply insert their USB Security Key in their computer and tap when prompted in Google’s Chrome web browser.
Google said: “When you sign into your Google Account using Chrome and Security Key, you can be sure that the cryptographic signature cannot be phished.”
The USB Security Key implements the open Universal 2nd Factor protocol promoted by the FIDO Alliance, which means it can be used by other web browsers in addition to Chrome and other websites in addition to Google’s.
Google has recently enhanced the level of security it provides, and the extension of two-step authentication to include a physical security key is simply another step.
The update, designated as Build 9860, followed the Oct. 1 release of the preview, which Microsoft has offered businesses and technology enthusiasts to give potential customers a look at the work in progress and collect feedback during development.
The Oct. 1 version of Windows 10 was labeled Build 9841.
“Sometimes [updates] will be more frequent and sometimes there will be longer gaps, but they will always be chock full of changes and improvements, as well as some bugs and things that are not quite done,” wrote Gabe Aul, of Microsoft’s Operating Systems Group on a company blog.
Aul said that Build 9860 had been handed to his group only a week ago, and repeated earlier warnings by other Microsoft managers that the preview remains incomplete and unpolished.
Although rapid iterations are nothing new to preview or beta software, Microsoft plans to accelerate the delivery of updates — ones that will include not only security patches and performance fixes, but also new features — once Windows 10 officially ships in mid-2015.
Updates will ship as often as monthly for consumers, while businesses will be able to choose between that and two additional tempos that Gartner has tagged as “near-consumer speed” and “long-term servicing.” The former will roll up the “consumer-speed” updates every four to six months to versions that fast-acting enterprises will test and deploy, while the latter will remain feature- and UI-static for as long as two to three years, receiving only security updates.
Other analysts have contended that Microsoft is pushing frequent updates to Windows 10 Technical Preview as much to test the process — both the back-end Windows Update service and the Windows 10 clients’ ability to absorb the changes and smoothly install the updates — as for the company’s stated reasons of gathering feedback and offering users an early look.
“Changes in Windows Update were put in place to make this possible,” Wes Miller, an analyst with Directions on Microsoft, said in an interview earlier this month. “The biggest question for Microsoft is how the updating process works with the Technical Preview.”
In the preview, customers have an update frequently choice of only “Fast” or “Slow.”
Build 9860 will be delivered automatically to most PCs running Windows 10 within days, but users can manually initiate the process by going to “PC Settings,” choosing “Update and recovery” and then “Preview builds,” and finally clicking the “Check Now” button.
Aul said that the download would weigh in at between 2GB and 2.7GB, and that the reboot, the reconstruction of the OS’s search index, and the syncing of OneDrive would take “longer than normal” and “some time.”
Microsoft will ship a second consumer-oriented preview in early 2015, but it’s virtually certain that the firm will provide more-or-less-monthly updates to the Technical Preview between now and then.
After several years of accelerated growth, the U.S. market is feeling the effects of market saturation and smartphone ownership that’s lasting longer than once expected, Ramon Llamas, an analyst IDC, said in an updated forecast.
IDC’s five-year forecast issued for October significantly undercuts its April forecast, dropping expectations for U.S. smartphone and feature phone shipments by manufacturers to retailers. IDC now expects 1.7 million fewer phones shipped in 2104 than it had expected in April; it predicts 174 million phones will ship this year, with that figure declining gradually to 169 million in 2018.
Smartphone shipments alone will grow just slightly through 2018 in the U.S., but about 5% less than earlier expected, rising from 150 million in 2014 to 160.5 million in 2018. Feature phones shipments have dropped off faster than earlier expected.
Llamas said the signs of decline started in late 2011, prompting carriers in the past year to try to get customers to replace phones more often with easy trade-in plans and relaxed contracts.
It’s too soon to say what effect the early trade-in plans will have on the market, Llamas said. The life of an average smartphone still lasts about two years, but that could be changing.
Paying on installment plans “could really change the market,” Llamas said in an interview. “But if people pay off their devices and then realize they don’t have to pay the carrier as much [at the end of the payoff period] and only pay for wireless service, they might just hold onto their phones. I think people will hold onto their phones as long as they can after they are paid off. If this plays out and they hold on and don’t update, we’ll see flattening of sales volumes year after year, or even declines, all in the name of saving money.”
Realizing what’s happening in the U.S. and among other major economies, both Apple and Samsung have concentrated heavily on selling their new smartphones in China and other areas where smartphone sales are still strong.
The company is expected to make more job cuts this month, including from other locations in the U.S., further lowering the ranks of its 33,000-person work force. Since January, the company has cut its ranks by about 5,000, from 38,000.
The latest headquarters cuts were in IT and portfolio management and Sprint’s network, technology and product areas, according to a statement by spokesperson Roni Singleton. Some employees will work their last day on Nov. 7 and others will finish Nov. 14.
“Sprint is focused on competing aggressively in the marketplace,” Singleton said. “We want our customers to pay less for a better value on a new networks. As part of this plan, we have to more closely align our cost structure with that of our competitors.”
CEO Marcelo Claure signaled there would be job cuts in August shortly after taking on his new role. Claure also inaugurated a round of pricing reductions.
Even so, analysts expect the company to lose more subscribers and fall into fourth place among the nation’s top carriers, behind T-Mobile.
An earnings call is expected in late October, although the date hasn’t been scheduled, Singleton said.
Sprint’s more than 5,000 job cuts in 2014 put it behind Cisco, with 6,000 job cuts (8%) announced for the year and Microsoft, with 18,000 job cuts (14%) planned for the year.
Nosey Google has updated its search engine algorithms in an attempt to restrict piracy web sites appearing high in its search rankings.
The update will mean piracy sites are less likely to appear when people search for music, films and other copyrighted content.
The decision to roll out the search changes was announced in a refreshed version of a How Google Fights Piracy report, which was originally published in September 2013.
However, this year’s updated report features a couple of developments, including changes to ad formats and an improved DMCA demotion search signal.
The move is likely to be a result of criticism received from the entertainment industry, which has argued that illegal sites should be “demoted” in search results because they enable people to find sites to download media illegally.
The biggest change in the Google search update will be new ad formats in search results on queries related to music and movies that help people find legitimate sources of media.
For example, for the relatively small number of queries for movies that include terms like ‘download’, ‘free’, or ‘watch’, Google has instead begun listing legal services such as Spotify and Netflix in a box at the top of the search results.
“We’re also testing other ways of pointing people to legitimate sources of music and movies, including in the right-hand panel on the results page,” Google added.
“These results show in the US only, but we plan to continue investing in this area and to expand it internationally.”
An improved DMCA demotion signal in Google search is also being rolled out as part of the refresh, which down-ranks sites for which Google has received a large number of valid DMCA notices.
“We’ve now refined the signal in ways we expect to visibly affect the rankings of some of the most notorious sites. This update will roll out globally starting next week,” Google said, adding that it will also be removing more terms from autocomplete, based on DMCA removal notices.
The new measures might be welcomed by the entertainment industry, but are likely to encourage more people to use legal alternatives such as Spotify and Netflix, rather than buying more physical media.
Google didn’t elaborate on the price increase after announcing the Nexus 6, but several analysts said Google may be intending to push the Nexus as a premium brand that can compete with the iPhone 6 and other high-end phones.
Google originally developed Android to be inclusive and global, and indeed, it is the world’s largest OS by far. The company developed the Nexus line in 2010 to show Android phone manufacturers, and the public, how a pure Android phone could look and feel without the added features and bloatware installed by phone makers.
Meanwhile, the four national carriers are expected to sell the Nexus 6 with a subsidized price of as low as $200 with a two-year contract, and separate pricing for installment plans. AT&T will be a Nexus provider for the first time, and Verizon Wireless will carry the phone despite a spotty history with the Nexus line.
Such a carrier push to sell Nexus 6 phones with a subsidy seems to indicate that Google is intent on spreading wider adoption of its pure Nexus line that it so far hasn’t achieved. Google has long described Android as an operating system for all, but Google also wants to promote a more refined Android device, which it is trying to do with its Nexus line.
The $649 Nexus 6, which will run Android 5.0 Lollipop with support for 64-bit architecture, is a better phone than the $349 Nexus 5 that runs Android 4.4 KitKat. Nexus 6 also starts with 32 GB storage, double the capacity of its predecessor the Nexus 5. (A 64 GB Nexus 6 will run $699 unlocked on Google Play.)
But all the enhancements in the new Nexus 6, including its 5.96-in. Quad HD display and Snapdragon 805 quad-core processor, still don’t fully account for the 86% increase in starting price for the unlocked model, analysts said.
Sundar Pichai, senior vice president of Android at Google, noted in a blog post that wireless carriers will offer the Nexus 6 on monthly contracts or installment plans. A number of industry sources predicted the two-year contract price will start at $200, a common industry price for high-end smartphones, including the new iPhone 6.
The four major carriers, Google and Motorola, which is the Nexus 6 manufacturer, all refused to discuss the prices that carriers will charge. They also would not disclose the November release date.
The credit-card company showed a prototype of the card in London on Friday along with Zwipe, the Norwegian company that developed the fingerprint recognition technology.
The contactless payment card has an integrated fingerprint sensor and a secure data store for the cardholder’s biometric data, which is held only on the card and not in an external database, the companies said.
The card also has an EMV chip, used in European payment cards instead of a magnetic stripe to increase payment security, and a MasterCard application to allow contactless payments.
The prototype shown Friday is thicker than regular payment cards to accommodate a battery. Zwipe said it plans to eliminate the battery by harvesting energy from contactless payment terminals and is working on a new model for release in 2015 that will be as thin as standard cards.
Thanks to its fingerprint authentication, the Zwipe card has no limit on contactless payments, said a company spokesman. Other contactless cards can only be used for payments of around €20 or €25, and some must be placed in a reader and a PIN entered once the transaction reaches a certain threshold.
Norwegian bank Sparebanken DIN has already tested the Zwipe card, and plans to offer biometric authentication and contactless communication for all its cards, the bank has said.
MasterCard wants cardholders to be able to identify themselves without having to use passwords or PINs. Biometric authentication can help with that, but achieving simplicity of use in a secure way is a challenge, it said.
TSMC has announced that it will begin volume production of 16nm FinFET products in the second half of 2015, in late Q2 or early Q3.
For consumers, this means products based on TSMC 16nm FinFET silicon should appear in late 2015 and early 2016. The first TSMC 16nm FinFET product was announced a few weeks ago.
TSMC executive CC Wei said sales of 16nm FinFET products should account for 7-9% of the foundry’s total revenue in Q4 2015. The company already has more than 60 clients lined up for the new process and it expects 16nm FinFET to be its fastest growing process ever.
Although TSMC is not talking about the actual clients, we already know the roster looks like the who’s who of tech, with Qualcomm, AMD, Nvidia and Apple on board.
This also means the 20nm node will have a limited shelf life. The first 20nm products are rolling out as we speak, but the transition is slow and if TSMC sticks to its schedule, 20nm will be its top node for roughly a year, giving it much less time on top than earlier 28nm and 40nm nodes.
The road to 10nm
TSMC’s 16nm FinFET, or 16FinFET, is just part of the story. The company hopes to tape out the first 10nm products in 2015, but there is no clear timeframe yet.
Volume production of 10nm products is slated for 2016, most likely late 2016. As transitions speed up, TSMC capex will go up. The company expects to invest more than $10bn in 2015, up from $9.6bn this year.
TSMC expects global smartphone shipments to reach 1.5bn units next year, up 19 percent year-on-year. Needless to say, TSMC silicon will power the majority of them.
U.S. Federal Communications Commissioner Jessica Rosenworcel, on Friday, stated that U.S. regulators will look “to infinity and beyond” to harness new technology that can help build a new generation of mobile wireless connections.
The FCC on Friday voted unanimously to open a so-called “notice of inquiry” into what it and the industry can do to turn a new swath of very high-frequency airwaves, previously deemed unusable for mobile networks, into mobile-friendly frequencies.
The FCC’s examination would serve as a regulatory backdrop for research into the next generation of wireless technology, sometimes referred to as 5G and which may allow wireless connections to carry a thousand times more traffic.
“Today we’re stepping in front of the power curve,” FCC Chairman Tom Wheeler said on Friday at the meeting.
In question are frequencies above 24 gigahertz (GHz), sometimes called millimeter waves, that have previously been deemed technically unweildy for mobile connections, though have the potential to carry large amounts of data and give the promise of lightning-fast speeds.
Millimeter waves work best over short distances and have required a direct line-of-sight connection to a receiver. They are now largely used for point-to-point microwave connections.
The FCC said it will study what technologies could help get around the technological and practical obstacles and what kind of regulatory regime could help a variety of technologies to flourish on those airwaves, including the potential for services other than mobile.
The U.S. wireless industry continues to work on deploying the 4G connections, though some equipment manufacturers, such as Samsung are already testing data transmission on the higher frequencies.