The approach, which they call Quantum-Secure Authentication (QSA), centers on single particles of light, or photons, and their ability to encode data so that attackers cannot determine what the information is. It exploits a property of photons that allows them to effectively be in multiple places at once, a phenomenon described in quantum physics.
Researchers in the Netherlands are applying quantum physics in an attempt to create fraud-proof credit cards and ID cards.
“Quantum-physical principles forbid an attacker to fully characterize the incident light pulse,” the researchers wrote in an article in the journal Optica. “Therefore, he cannot emulate the key by digitally constructing the expected optical response, even if all information about the key is publicly known.”
The researchers at the University of Twente and Eindhoven University of Technology coated a credit card with a thin layer of white paint containing millions of nanoparticles. When light hits the nanoparticles, it bounces around until it escapes, creating a unique pattern that depends on the precise position of the particles in the paint. The card is “enrolled” in the system by recording the way that it reflects light.
To authenticate the card, a bank machine showers the paint with a pulse of light that is unique to each transaction. When the correct tell-tale pattern of light emerges as an “answer” to the bank’s “question,” the card can be authenticated.
While an attacker could measure the entire incoming light pattern and then use a projector to return the correct answer, the ability of photons to be in multiple places at once allows the bank to create the complex light question with only a small number of photons, or even just one. Due to the characteristics of quantum physics, an attempt to observe the question and answer process between a reader and the card would destroy the information in the transmission, making it more secure.
“Even if somebody has the full information of how the card is built, technology does not allow him to build a copy,” lead author Pepijn Pinkse of the University of Twente said via email. “The nanoparticles are too small and there are too many of them which need to be positioned with too high accuracy.”
The approach could be used in everything from authenticating passports to opening electronic locks on car doors or accessing secure areas such as government buildings.
T-Mobile has announced a monthly data rollover plan for consumers and business customers called “Data Stash,” but the plan still will not allow workers to share their data with others in a work group.
Data Stash works much the same way for users who have a Simple Choice plan (or Simple Choice for Business Value Plan) and have purchased 3GB or more of LTE data per month for smartphones and 1GB or more for tablets.
T-Mobile will give those existing customers, as well as new customers, 10GB of free LTE data in January. The data must be used by the end of 2015, and once it’s gone, each month of unused data in a plan can be rolled over monhtly for up to a year.
T-Mobile CEO John Legere described data rollover as a high priority for customers, noting that they asked on Twitter in 2014 more than 40,000 times for such a program. And Legere bashed rivals like AT&T and Verizon Wireless who don’t offer such a program, contending that $50 billion annually is lost by wireless customers who have paid for data but then see it disappear at the end of the month when it doesn’t roll over.
“We’re putting an end to this appalling industry practice today,” he said.
Even so, Data Stash won’t let workers share their data allotments with other workers in a group, as T-Mobile describes on its Web site: “Our data plans are specific to the person, so businesses aren’t wasting time and effort tracking everyone’s usage. In other words, this is not a shared data option.”
Dell has merged its SonicPoints with Dell SonicWALL next-generation firewalls to create what it claims are secure wireless networks. According to the company, the Dell SonicWALL firewalls automatically detects and provision SonicPoints, while it pushes appropriate security updates as well as policies to ensure enterprise-class security.
Of course, it also claims to simplify management, deliver a lower TCO and protect you from badgers at the same time. But it is a pretty interesting product. The SonicPoint AC Series of wireless access points would be able to support the high-performance IEEE 802.11ac wireless standard in order to offer close to three times that of the last wireless standard (802.11n).
SonicPoints will offer deep packet inspection security from Dell SonicWALL next-generation firewalls. This opens the door for small- and mid-sized organizations to leverage enterprise-class wireless performance and security, all the while simplifying wireless network setup and management.
With enterprise-level performance, WiFi-ready devices are able to hook up from greater distances, while making use of bandwidth-intensive mobile apps, including video and voice, working in higher-density environments with virtually no signal degradation.
Stanford University researchers have developed a multi-layered “high-rise” chip that could significantly outperform traditional computer chips, taking on the hefty workloads that will be needed for the Internet of Things and big data.
Utilizing nanotechnology, the new chips are built with layers of processing on top of layers of memory, greatly cutting down on the time and energy typically needed to move information from memory to processing and back.
Max Shulaker, a researcher on the project and a Ph.D candidate in Stanford’s Department of Electrical Engineering, said they have built a four-layer chip but he could easily see them building a 100-layer chip if that was needed.
“The slowest part of any computer is sending information back and forth from the memory to the processor and back to the memory. That takes a lot of time and lot of energy,” Shulaker told Computerworld. “If you look at where the new exciting apps are, it’s with big data… For these sorts of new applications, we need to find a way to handle this big data.”
The conventional separation of memory and logic is not well-suited for these types of heavy workloads. With traditional chip design, information is passed from the memory to the processor for computing, and then it goes back to the memory to be saved again.
In relative terms, that takes a lot of energy and time – way more than the computation itself.
“People talk about the Internet of Things, where we’re going to have millions and trillions of sensors beaming information all around,” said Shulaker. “You can beam all the data to the cloud to organize all the data there, but that’s a huge data deluge. You need [a chip] that can process on all this data… You want to make sense of this data before you send it off to the cloud.”
The researchers, led by Subhasish Mitra, a Stanford associate professor of electrical engineering and computer science, and H.S. Philip Wong, a professor in Stanford’s school of engineering, used carbon nanotube transistors instead of silicon and replaced typical memory with resistive random-access memory (RRAM) or spin-transfer torque magnetic random-access memory (STT-RAM). Both use less power and are more efficient than traditional memory systems.
Chinese smartphone maker Coolpad has created an extensive “backdoor” into its Android devices that can track users, serve them unwanted advertisements and install unauthorized apps, a U.S. security firm alleged today.
In a research paper released today, Palo Alto Networks detailed its investigation of the backdoor, which it dubbed “CoolReaper.”
“Coolpad has built a backdoor that goes beyond the usual data collection,” said Ryan Olson, director of intelligence at Palo Alto’s Unit 42. “This is way beyond what one malicious insider could have done.”
Coolpad, which sells smartphones under several brand names — including Halo, also called Danzen — is one of China’s largest ODMs (original device manufacturers). According to IDC, it ranked fifth in China in the third quarter, with 8.4% of the market, and has expanded sales outside of the People’s Republic of China (PRC) and Taiwan to Southeast Asia, the U.S. and Western Europe.
Tipped off by a string of complaints from Coolpad smartphone users in China and Taiwan — who griped about seeing advertisements pop up and apps suddenly appear — Palo Alto dug into the ROM updates that Coolpad offered on its support site and found widespread evidence of CoolReaper.
Of the 77 ROMs that Palo Alto examined, 64 contained CoolReaper, including 41 hosted by Coolpad and signed with its own digital certificate.
Other evidence that Coolpad was the creator of the backdoor, said Olson, included the malware’s command-and-control servers — which were registered to domains belonging to the Chinese company and used, in fact, for its public cloud — and an administrative console that other researchers had found last month because of a vulnerability in Coolpad’s backend control system. The console confirmed CoolReaper’s functionality.
The U.S. Consumer Financial Protection Bureau has filed a lawsuit against Sprint Corp over unauthorized charges on customers’ cellphone bills, a practice known as cramming, in the agency’s first foray into mobile payments.
Marking the third cramming-related government enforcement action this year, the CFPB alleges that from 2004 through 2013, the wireless carrier allowed third parties to charge consumers tens of millions of dollars for services like ringtones or text-message horoscopes that consumers had not requested, while keeping 40 percent of the gross revenue.
The Federal Communications Commission is weighing a $105 million cramming fine against Sprint.
“Sprint mistreated consumers egregiously by creating a billing system that invited illegal third-party charges and processed them in a highly irresponsible manner,” the CFPB’s director, Richard Cordray, said.
Sprint expressed disappointment in being the target of the CFPB’s lawsuit and disputed the accusations, listing various steps it said it took to monitor third-party charges, such as hiring an outside compliance vendor and vetting billing companies.
“We strongly disagree with (the CFPB’s) characterization of our business practices,” Sprint spokeswoman Stephanie Vinge Walsh said in a statement.
“It appears the CFPB has decided to use this issue as the test case on whether it has legal authority to assert jurisdiction over wireless carriers,” she said in an email.
In July, the Federal Trade Commission sued T-Mobile US Inc over similar billing issues, and in October, the FCC and the FTC settled such a case with AT&T Inc.
For the CFPB, which oversees consumer financial products such as mortgages and credit cards, this case marked the first public action coordinated with the FCC.
“If a company is processing payments over a mobile network, that’s something that the bureau has jurisdiction over,” the CFPB’s deputy enforcement director, Jeff Ehrlich, told reporters. “We’ll take action against anyone who violates the consumer financial protection laws.”
FCC spokespeople said the FCC and the CFPB have agreed to continue close cooperation “on this and other cases on behalf of wireless customers nationwide.”
British chip designer ARM could cash in on the mobile industry’s rush to transition to 64-bit operating systems and hardware.
Canaccord Genuity analyst Matt Ramsey argues that ARM is still a ‘Buy’ stock, as it’s trading at $43, while his price target is $54 to $56. Ramsay is upbeat for a number of reasons and the 64-bit craze is one o them.
He pointed out that sales of ARMv8 chips are raping up and are no longer limited to Apple. Qualcomm’s upcoming Snapdragon 810 is also based on ARMv8, along with all other upcoming 64-bit SoCs. Ramsey named Qualcomm, MediaTek and Samsung as the three biggest contributors to ARM’s 64-bit business.
In addition to smartphones, ARMv8 designs are finding their way into enterprise networks and servers, creating even more opportunities. This is good news for ARM, as its royalties for processor designs based on the ARMv8 instruction set are significantly higher than for venerable 32-bit parts.
Hundreds of thousands of websites running WordPress have been infected by a piece of malware called SoakSoak. Google has flagged more than 11,000 domains hosting a WordPress website as malicious.
Websites running a third-party plug-in called Slider Revolution are being hacked, and malicious code is being installed that will in turn infect those who visit the website. The developers of the plug-in, ThemePunch, have admitted that they knew about the vulnerability in February this year but kept quiet about it.
ThemePunch in developed 29 security fixes from February to September, resisting a public call for action because of a “fear that an instant public announcement would spark a mass exploitation of the issue”.
The company had hoped that most users would install these updates, solving the problem, but it now admits that this was “sadly not the case.”
“We as a team would like to apologize officially to our clients for the problems that arose due to the security exploit in Revolution Slider Plugin versions older than 4.2, ? it says on its website.
Short answer is that you have to upgrade everything that moves on your wordpress site or it will be toast.
BlackBerry Ltd rolled out its much anticipated Classic on Wednesday, a smartphone it hopes will help it win back market share and woo those still using older versions of its physical keyboard devices.
The Canadian mobile technology company said the new device, which bears striking similarities to its once wildly popular Bold and Curve handsets, boasts a larger screen, longer battery life, an expanded app library with access to offerings from Amazon.com Inc’s Android App store, and a browser three times faster than the one on its legacy devices.
“The conversation about BlackBerry has changed in the last year,” Chief Executive John Chen said as he launched the Classic at Manhattan’s upscale Cipriani restaurant. “We are here to stay, there is no question about that. Now we have to engineer our growth.”
He said BlackBerry had listened to its fans and brought back the command bar functionality that helped make its legacy phones easy to navigate.
When the company initially introduced its new BlackBerry 10 operating system and devices early in 2012 it put more emphasis on touchscreens, alienating many fans of its physical keyboard.
Those who moved to the new physical keyboard phones that BlackBerry launched later were unhappy that command keys such as the Menu, Back, Send and End buttons, along with the trackpad had been dropped.
With the Classic and the recent launch of its Passport smartphone, Chen is in some ways taking the company back to its roots, re-emphasizing the physical keyboard, rather than trying to compete directly against the touchscreen handsets of dominant rivals like Samsung Electronics and Apple.
“We expect the Classic to be the most popular BlackBerry enterprise device and the easiest transition for current BB7 (legacy device) users,” said Wells Fargo analyst Maynard Um.
Android apps really take advantage of those permissions they ask for to access users’ personal information: one online store records a phone’s location up to 10 times a minute, French researchers have found. The tools to manage such access are limited, and inadequate given how much information phones can gather.
In a recent study, ten volunteers used Android phones that tracked app behavior using a monitoring app, Mobilitics, developed by the French National Institute for Informatics Research (INRIA) in conjunction with the National Commission on Computing and Liberty (CNIL). Mobilitics recorded every time another app accessed an item of personal data — the phone’s location, an identifier, photos, messages and so on — and whether it was subsequently transmitted to an external server. The log of the apps’ personal information use was stored on the phone and downloaded at the end of the three months for analysis.
The volunteers were encouraged to use the phones as if they were their own, and together used 121 apps over the period from July to September. A similar study last year used a special iOS app to examine the way iPhone apps access users’ personal data.
Many apps access phones’ identifying characteristics to track their users, the researchers said. One of the few options users have to avoid this tracking is a switch in the “Google Settings” app to reset their phone’s advertising ID. That’s not much help, though, as apps have other ways to identify users. Almost two-thirds of apps studied in the three-month real-world test accessed at least one mobile phone identifier, a quarter of them at least two identifiers, and a sixth three or more. That allows the apps to build up profiles of their users for advertising purposes.
Location was one of the most frequently-accessed items of data. It accounted for 30 percent of all accesses to personal information during the test, and 30 percent of the apps studied accessed it at some point. The Facebook app recorded one volunteer’s location 150,000 times during the three-month period — more than once per minute, on average, while the Google Play Store tracked another user ten times per minute at times. Often, the only use apps make of such information is to serve personalized advertising, as was the case with one game that recorded a user’s location 3,000 times during the study.
At the same time, China, which in past years had flooded the market with solar panels, did not see growth as strong as had been expected. The growth was mainly due to healthy U.S. and Japanese markets, according to the report from EnergyTrend, a research division of TrendForce.
Overall, supply and demand remained stable, according to EnergyTrend.
“At the end of 2014, the overall supply chain maintained a solid utilization rate, while China’s tier-one module manufacturers also continued to break shipment records,” Jason Huang, research manager at EnergyTrend, said in the report.
Ironically, because the price of photovoltaic (PV) modules (the building blocks of solar panels) bottomed out last year, investors worldwide became concerned that profits would also drop. PV prices plummeted after China saturated the market with low-cost solar panel modules. The result: PV capacity rose from 31 gigawatts (GW or a billion watts) in 2012 to a record 39GW last year, even as investments in solar capacity dropped, according to a 2014 report by Bloomberg New Energy Finance.
In 2015, worldwide solar demand is projected to be 51.4GW, with the key markets — China, the United States and Japan — taking up 57% of the overall share.
The rise of emerging markets (the solar installation countries that are not in the top 10) has begun to appear. In 2015, the growth momentum of the emerging markets will become more apparent, and the overall demand will surpass 10GW.
Red Hat has announced the availability of Red Hat Enterprise Linux (RHEL) 7.1 Beta with enhancements to improve ease of use, manageability and performance, as well as support for IBM Power8 little endian architecture.
RHEL 7.1 Beta is the next point release following the enterprise Linux vendor’s initial production release of RHEL 7.0 in June.
RHEL 7.1 adds OpenLMI support to streamline system configuration management with thin logical volume manager provisioning, along with kernel and user mode components supporting Ceph block storage devices.
The update also offers support for Microsoft CIFS for mixed vendor data centre environments that need it, providing native access to Microsoft Windows file and print services.
RHEL 7.1 also enhances identity management security with one-time password authentication via LDAP and Kerberos protocols and the FreeOTP standard, and introduces a certificate authority management tool.
In addition, RHEL 7.1 includes Security Content Automation Protocol Security Guides that reduce the complexity of compliance testing and enhance security assurance.
Building on RHEL 7.0 support for Linux containers in physical, virtual and cloud deployments in development, test and production environments, RHEL 7.1 adds access to Docker 1.2 in the RHEL 7 Extras channel.
For users with demanding workload responsiveness requirements, RHEL 7.1 adds real-time dispatching for workloads that require very precise and deterministic processing times. This capability is delivered with Linux kernel enhancements and additional userspace packages that can be added on top of a stock RHEL 7.1 installation.
Finally, RHEL 7.1 includes support for IBM Power8 little endian architecture for customers using the IBM Power8 systems infrastructure.
Running in little endian mode accelerates application portability to the IBM Power8 systems, thus allowing customers using IBM Power8 systems to use the existing ecosystem of Linux applications as developed for the x86 architecture.
Interested users can read the RHEL 7.1 Beta Release Notes, and can download the RHEL 7.1 Beta at Red Hat’s website.
South Korea’s LG Electronics Inc will roll out a new range of high-tech TVs in early 2015, expanding its line-up while it strives to cut costs that make its prized light-emitting diode (OLED) sets too expensive for most consumers.
A spokesman for the world’s No. 2 TV maker after domestic rival Samsung Electronics Co Ltd said on Tuesday LG will start selling products using quantum dot technology early next year. He didn’t disclose details including pricing.
The technology incorporates a film of tiny light-emitting crystals into regular liquid crystal displays (LCD), boosting picture quality. LG will have 55-inch and 65-inch ultra-high definition quantum dot TVs on display at the major CES trade show next month in Las Vegas.
Japan’s Sony Corp is so far the only major TV maker selling quantum dot models.
LG was widely expected to launch quantum dot TVs next year, having declared its intention to use the products in a dual-track strategy as the firm and its affiliate LG Display Co Ltd try to push OLED prices down. Analysts say it may take the LG firms several years to meet that goal.
The OLED TV sets remain expensive: a 65-inch ultra-high definition model launched in Korea earlier this year was priced at 12 million won ($10,993). A comparable Sony quantum dot TV costs about $3,799, according to the Japanese firm’s website.
Samsung Electronics has said quantum dot is one of many technologies it is considering. Analysts expect Samsung Electronics to launch quantum dot TVs next year, and believe it could be more aggressive in pushing the products than LG, which remains committed to OLED.
The LG spokesman said Dow Chemical Co is supplying quantum dot material. Dow Chemical confirmed the supplier relationship in an emailed statement.
Dow is building a quantum dot factory in South Korea using technology from partner Nanoco Group Plc, with production starting in the first half of 2015.
The FCC voted last Thursday to update its rules for the Connect America Fund, the broadband subsidy program funded through fees on telephone service, with a major change being the increase in minimum download speeds from 4Mbps to 10Mbps from fixed broadband providers.
Broadband providers AT&T and Verizon had opposed the speed increase, and one of the FCC’s Republican commissioners questioned whether the new speed requirement could limit deployment.
The new speed requirements could double the cost of deployment to rural areas, but the commission did not also double the time that broadband providers could complete their deployments, Commissioner Ajit Pai said.
Instead of increasing the funding window for deployments from five to 10 years, as dozens of members of Congress had requested, the commission increased funding term to six years in most cases. Adding new speed requirements without allowing much more time for broadband providers to receive funding may discourage broadband providers from participating, Pai said.
“I fear we are going to leave many communities without broadband for the foreseeable future,” Pai said. “Incentivizing wireline broadband providers to deploy service deep into the unserved countryside requires a balance act. Today’s order disrupts that balance.”
But FCC Chairman Tom Wheeler said the agency doesn’t want to pay for “second-class broadband service.” If large broadband providers don’t agree with the terms of the subsidy, the FCC will use an auction to bring service to rural areas, he said.
Patent wars have become commonplace with smartphone vendors across the world, and now Xiaomi is no exception. The Chinese company announced it had halted its product sales in India, due to a patent dispute with Swedish network equipment vendor Ericsson.
The legal troubles throw a wrench in Xiaomi’s international expansion, and could open the company to even more lawsuits from other patent holders, analysts warn.
In Ericsson’s case, the company said it had spent more than three years complaining to Xiaomi about the alleged patent infringement, which relates to the telecommunications technology used in the company’s phones.
“Ericsson, as a last resort, had to take legal action,” the company said in an email, which claimed that Xiaomi had declined to pay a fair licensing fee for the technology.
In response, Xiaomi said it was working with Ericsson to resolve the matter, without elaborating. But doing so will probably come at some financial cost.
Xiaomi has enjoyed an almost meteoric rise, becoming China’s top smartphone maker this year. However, the company was only founded in 2010, and doesn’t possess an extensive patent portfolio that so many older technology firms like Ericsson wield.
Although Xiaomi declined to comment on its patent activities, analysts expected that the company would eventually run into intellectual property matters at some point in its international expansion.
“It’s possible lawsuits will be filed in other countries, and not just from Ericsson, but other vendors that want to use patents as a weapon against Xiaomi,” said Wang Jingwen, an analyst with research firm Canalys.
Xiaomi, which still sells most of its phones in China, made India a focus of its international efforts. The company still has a small market share in the country, but its phones have been selling like hot cakes there.
It could simply end up paying Ericsson and other companies for access to their patents, but that could mean paying a hefty price.
“If Xiaomi is willing to pay for the licensing fees to Ericsson, the issue can be resolved,” said Xiaohan Tay, an analyst with research firm IDC. “But the higher cost for smartphones may be passed on to consumers, and Xiaomi may not be able to offer phones at such a low cost to consumers anymore.”