Subscribe to:

Subscribe to :: TheGuruReview.net ::

China Drops Big Technology Brands From State Purchase Lists

February 27, 2015 by mphillips  
Filed under Computing

China has removed some of the world’s most popular technology brands from its approved state purchase lists, while approving thousands more home grown products, in what some say is a response to revelations of widespread Western cybersurveillance.

Others put the shift down to a protectionist impulse to shield China’s domestic technology industry from competition.

Chief casualty is U.S. network equipment maker Cisco Systems Inc, which in 2012 counted 60 products on the Central Government Procurement Center’s (CGPC) list, but by late 2014 had none, a Reuters analysis of official data shows.

Smartphone and PC maker Apple Inc has also been dropped over the period, along with Intel Corp’s security software firm McAfee and network and server software firm Citrix Systems .

The number of products on the list, which covers regular spending by central ministries, jumped by more than 2,000 in two years to just under 5,000, but the increase is almost entirely due to local makers.

The number of approved foreign tech brands fell by a third, while less than half of those with security-related products survived the cull.

An official at the procurement agency said there were many reasons why local makers might be preferred, including sheer weight of numbers and the fact that domestic security technology firms offered more product guarantees than overseas rivals.

China’s change of tack coincided with leaks by former U.S. National Security Agency (NSA) contractor Edward Snowden in mid-2013 that exposed several global surveillance programs, many of them run by the NSA with the cooperation of telecom companies and European governments.

 

Google Continues Wooing Enterprise Users With Android For Work Launch

February 27, 2015 by mphillips  
Filed under Mobile

Google Inc rolled out an initiative  to make smartphones running its Android software more appealing to corporations, a move that could help extend the Internet technology giant reach into workplaces.

Google said on its official blog that its Android for Work program will provide improved security and management features for corporations that want to give their employees Android smartphones. Smartphones supported by the new initiative will be able to keep an employee’s work and personal apps separate, and a special Android for Work app will allow businesses to oversee key tools such as email, calendar and contacts.

Google said it is partnering with more than two dozen companies including Blackberry Ltd, Citrix Systems Inc, Box Inc.

Google’s Android software is the world’s most popular mobile operating system, but many corporations, which have significant security and device management requirements, give their employees smartphones made by Blackberry or Apple Inc.

 

 

Bad News For Lenovo Continues As Website Is Hacked

February 27, 2015 by mphillips  
Filed under Around The Net

Chinese PC and mobile phone maker Lenovo Group Ltd acknowledged that its website was hacked, its second security blemish days after the U.S. government advised consumers to remove software called “Superfish” pre-installed on its laptops.

Hacking group Lizard Squad claimed credit for the attacks on microblogging service Twitter. Lenovo said attackers breached the domain name system associated with Lenovo and redirected visitors to lenovo.com to another address, while also intercepting internal company emails.

Lizard Squad posted an email exchange between Lenovo employees discussing Superfish. The software was at the center of public uproar in the United States last week when security researchers said they found it allowed hackers to impersonate banking websites and steal users’ credit card information.

In a statement issued in the United States on Wednesday night, Lenovo, the world’s biggest maker of personal computers, said it had restored its site to normal operations after several hours.

“We regret any inconvenience that our users may have if they are not able to access parts of our site at this time,” the company said. “We are actively reviewing our network security and will take appropriate steps to bolster our site and to protect the integrity of our users’ information.”

Lizard Squad has taken credit for several high-profile outages, including attacks that took down Sony Corp’s PlayStation Network and Microsoft Corp’s Xbox Live network last month. Members of the group have not been identified.

Starting 4 p.m. ET on Wednesday, visitors to the Lenovo website saw a slideshow of young people looking into webcams and the song “Breaking Free” from the movie “High School Musical” playing in the background, according to technology publication The Verge, which first reported the breach.

Although consumer data was not likely compromised by the Lizard Squad attack, the breach was the second security-related black eye for Lenovo in a matter of days.

 

Anthem Says Nearly 79M Records Were Exposed In Data Breach

February 26, 2015 by mphillips  
Filed under Around The Net

The Anthem data breach may have exposed 78.8 million records, according to deeper analysis provided in an estimate by the health insurance company, but Anthem is still investigating exactly how many records hackers captured from a database.

Hackers accessed a database at Anthem that contained customer and employee records with names, birth dates, Social Security numbers, addresses, phone numbers, email addresses and member IDs, the health insurance company said on Feb. 4. Some records included employment information and income levels, but no financial information was compromised, it said.

It marked one of the largest data breaches to affect the health care industry, adding to a string of recent attacks that have shaken large companies, including retailers Home Depot, Target and Michaels.

Anthem, formerly known as Wellpoint, runs health-care plans under the Blue Cross Blue Shield, Empire Blue Cross, Amerigroup, Caremore, Unicare, Healthlink, DeCare, HealthKeepers and Golden West brands.

Between 60 million and 70 million of the 78.8 million records belong to current or former Anthem members, the company said in a statement.

The remainder — between 8.8 million and 18.8 million — belong to non-Anthem members who used their insurance in a state where Anthem has operated over the last decade.

Anthem is still trying to identify those people who may have been affected. Part of the problem is that Anthem has found 14 million incomplete records that can’t be linked to a product or line of business. Those records lack data fields that could be used to identify members, though they probably are not active Anthem members.

No information has been formally released on who may have compromised the database. Security firm CrowdStrike, which is not involved in the investigation, said the attackers used infrastructure linked to a suspected China-based state-sponsored group known as Deep Panda.

 

 

 

 

More Lawyers, Lawsuits Descend On Lenovo Over Superfish

February 26, 2015 by mphillips  
Filed under Around The Net

Lenovo and adware maker Superfish were subjected to more legal action as two new lawsuits were filed in California federal courts taking the firms to task for putting consumers at risk of hacker spying and information theft.

The two complaints — the second and third since the China-based computer OEM (original equipment manufacturer) admitted it had pre-loaded adware on its consumer PCs in the second half of 2014 — named both Lenovo and Superfish, and each lawsuit requested class-action status so that others could join the case.

Last week’s first lawsuit covered much of the same ground as the two lodged Monday.

David Hunter of North Carolina, the plaintiff in one of the lawsuits, alleged that Lenovo and Superfish violated the U.S. Electronic Communications Privacy Act and other laws, and asked that the court force the firms to surrender any revenue generated by the sale of consumers’ browsing data and monies earned from the advertising produced by the adware.

Hunter said he bought a Lenovo Y50 laptop — one of dozens of models Lenovo said it had pre-installed Superfish on from September through December 2014 — via the OEM’s website in October.

In the second complaint, filed by Sterling International Consulting Group (SICG) of Statesville, NC, Lenovo and Superfish were charged with breaking the U.S. Wiretapping Act, state and federal anti-fraud regulations and other laws.

Of the two new complaints, Hunter’s was the more interesting as it relied not only on press reports about Superfish’s vulnerability and Lenovo’s actions both before and after last week’s explosion of information, but also dug a bit deeper and offered insights into the adware’s operation.

Lenovo today declined to respond to the new lawsuits, with its head of corporate communications, Brion Tingler, saying, “We do not comment on pending legal matters,” in an email.

Superfish also declined comment on the lawsuits’ specifics, like Lenovo citing the pending litigation. But in a statement, company CEO Adi Pinhas said, “Superfish takes these matters seriously and is reviewing the allegations in the complaints.”

 

 

 

 

Was Old Code The Culprit For Security Breaches In 2014?

February 26, 2015 by Michael  
Filed under Computing

Nearly half of all security breaches come from vulnerabilities that are between two and four years old, according to this year’s HP Cyber Risk Report entitled The Past Is Prologue.

The annual report found that the most prevalent problems came as a result of server misconfiguration, and that the primary causes of commonly exploited software vulnerabilities are defects, bugs and logic flaws.

But perhaps most disturbing of all was the news that Internet of Things (IoT) devices and mobile malware have introduced a significant extra security risk.

The entire top 10 vulnerabilities exposed in 2014 came from code written years, and in some cases decades, previously.

The news comes in the same week that HP took a swipe at rival Lenovo for knowingly putting Superfish adware into its machines.

“Many of the biggest security risks are issues we’ve known about for decades, leaving organisations unnecessarily exposed,” said Art Gilliland, senior vice president and general manager for enterprise security products at HP.

“We can’t lose sight of defending against these known vulnerabilities by entrusting security to the next silver bullet technology. Rather, organisations must employ fundamental security tactics to address known vulnerabilities and, in turn, eliminate significant amounts of risk.”

The main recommendations of report are that network administrators should employ a comprehensive and timely patching strategy, perform regular penetration testing and variation of configurations, keep equipment up to date to mitigate risk, share collaboration and threat intelligence, and use complementary protection strategies.

The threat to security from the IoT is already well documented by HP, which released a study last summer revealing that 90 percent of IoT devices take at least one item of personal data and 60 percent are vulnerable to common security breaches.

Courtesy-TheInq

 

IBM, ARM Team Up To Offer IoT Starter Kit

February 26, 2015 by mphillips  
Filed under Around The Net

ARM and IBM want Internet of Things (IoT) enthusiasts to make their own connected devices in a matter of minutes with a new development kit that they have unveiled.

The ARM mbed IoT Starter Kit — Ethernet Edition will allow users to make cloud-ready Internet of Things products that could receive or transmit data for analysis or alerts. The development kit will come with ARM’s mbed OS and connect into IBM’s BlueMix cloud, which will help in the development of applications and services.

The kit is for those with little to no experience in embedded or Web development. Prototype designs will guide enthusiasts through the process of making a device and connecting to IBM’s BlueMix cloud service.

The starter kit will get data from “the on board sensors into the IBM cloud within minutes of opening the box,” said the product page on ARM’s website.

ARM and IBM hope to cash in on the mass adoption of IOT, which has led to a mesh of interconnected devices used in smart homes, smart city implementations and enterprises. The devices, which could range from weather sensors to health devices, already number 1.2 billion, and could touch 5.4 billion by 2020, according to a recent study by Verizon.

The IOT market is currently fragmented with a wide variety of hardware, operating systems and communication standards in use. Through the developer kit, ARM and IBM want to bring a level of consistency in hardware and software across IOT devices. Beyond making it easier for devices to talk one another, the developer kit could make it easier to push or pull data out of a larger number of cloud services.

ARM didn’t provide details on the pricing or availability of the starter kit. The first devices resulting from the development kit are expected to be released later this year.

 

 

Chrome Browser Now Has Early Warning Alert

February 25, 2015 by mphillips  
Filed under Around The Net

Google has added an early warning alert to Chrome that appears when users try to access a website that the search giant believes will try to trick users into downloading suspicious software.

The new alert pops up in Chrome when a user aims the browser at a suspect site but before the domain is displayed. “The site ahead contains harmful programs,” the warning states.

Google emphasized tricksters that “harm your browsing experience,” and cited those that silently change the home page or drop unwanted ads onto pages in the warning’s text.

The company has long focused on those categories, and for obvious, if unstated, reasons. It would prefer that people — much less, shifty software — not alter the Chrome home page, which features the Google search engine, the Mountain View, Calif. firm’s primary revenue generator. Likewise, the last thing Google wants is to have adware, especially the most irritating, turn off everyone to all online advertising.

The new alert is only the latest in a line of warnings and more draconian moves Google has made since mid-2011, when the browser began blocking malware downloads. Google has gradually enhanced Chrome’s alert feature by expanding the download warnings to detect a wider range of malicious or deceitful programs, and using more assertive language in the alerts.

In January 2014, for example, Chrome 32 added threats that posed as legitimate software and tweaked with the browser’s settings to the unwanted list.

The browser’s malware blocking and suspect site warnings come from Google’s Safe Browsing API (application programming interface) and service; Apple’s Safari and Mozilla’s Firefox also access parts of the API to warn their users of potentially dangerous websites.

Chrome 40, the browser’s current most-polished version, can be downloaded for Windows, OS X and Linux from Google’s website.

 

 

Google Acquiring Softcard’s Mobile Wallet Technology

February 25, 2015 by mphillips  
Filed under Mobile

Google announced it has reached a deal with three of the country’s major cellular carriers to acquire “technology and capabilities” from Softcard, a competing mobile wallet app created jointly by the telecom operators. But the deal appears to be less about technology and more about branding.

The biggest immediate change is that Verizon, AT&T and T-Mobile will begin pre-installing Google Wallet on new Android smartphones later this year — something that had been blocked before in preference for the Softcard app.

At their heart, both apps are based on the same contactless payment technology as Apple Pay and a new generation of payment cards from banks and credit unions. They use NFC (near-field communication) to complete a transaction once a payment card or phone is brought within a few centimeters of a terminal.

Apple Pay brought the technology widespread recognition when it launched late last year, but Google Wallet has been around since 2011. However a lack of support from carriers, retailers, card issuers and Google itself had relegated the technology to the sidelines.

While Google Wallet and Apple Pay share a technology base, there are key differences in how they work. Perhaps the biggest is that in Google Wallet, all transactions are routed through Google before being charged to the customer’s credit card.

That gives Google even greater insight into the lives of its users. In contrast, Apple doesn’t see any details of purchases made on its system.

Getting the Google Wallet app in front of more consumers could help reduce confusion over the different brands — an important consideration when the biggest Android phone maker is making moves of its own in mobile payments.

 

 

 

Are Health Companies Tracking You?

February 25, 2015 by Michael  
Filed under Around The Net

US sites which offer medical advice are tracking queries, sending the sensitive data to third party corporations, even shipping the information directly to the insurance brokers who monitor credit scores.

Tim Libert, a researcher at the University of Pennsylvania, custom-built software called webXray to analyze the top 50 search results for nearly 2,000 common diseases (over 80,000 pages total). He found the results startling: a full 91 percent of the pages made what are known as third-party requests to outside companies. The highly ranked “Cold Sores Topic Overview WebMD” link, passrd your request for information about the disease along to one or many other corporations.

According to Libert’s research, which is published in the the Communications of the ACM, about 70 percent of the time, the data transmitted “contained information exposing specific conditions, treatments, and diseases.”

Other issues are connected to the fact that sites like the Centers for Disease Control has installed Google Analytics to measure its traffic stats, and has, for some reason, included AddThis code which allows Facebook and Twitter sharing, the CDC also sends a third party request to each of those companies.

Apparently the request looks something like this—http://www.cdc.gov/std/herpes/STDFact-Herpes.htm—and makes explicit to those third party corporations in its HTTP referrer string that your search was about herpes.

The vast majority of health sites, from the for-profit WebMD.com to the government-run CDC.gov, are loaded with tracking elements that are sending records of your health inquiries to the likes of web giants like Google, Facebook, and Pinterest, and data brokers like Experian and Acxiom.
Companies receiving the requests can use other data mining techniques to identify you and your illness.

According to Motherboard the CDC example is notable because it’s a government site which should be free of a profit motive.

Profit health sites are often much worse. WebMD, for instance, is the 106th most-visited site in the US, according to Alexa, and figures prominently in search results for most commonly searched diseases. It sends third party requests to a whopping 34 separate domains, including the data brokers Experian and Acxiom.

“WebMD is basically calling up everybody in town and telling them that’s what you’re looking at,” Libert said. Seeing as how there’s a good chance that’s a sensitive disease, users would likely not be pleased.

Courtesy-Fud

ARM and IBM Join Forces On IoT

February 25, 2015 by Michael  
Filed under Computing

ARM has joined forces with IBM to launch its Internet of Things (IoT) mbed Device Platform as a starter kit with cloud support, offering developer tools with cloud-based analytics.

ARM’s mbed tool was announced last year and is primarily an operating system built around open standards to “bring internet protocols, security and standards-based manageability into one integrated tool” and make IoT deployment faster and easier and thus speed up the creation of IoT-powered devices.

ARM has launched the mbed IoT Starter Kit – Ethernet Edition today to coincide with the opening of Embedded World in Nuremberg. Partnering with IBM means that ARM’s mbed tool can channel data from internet-connected devices directly into IBM’s Bluemix cloud platform.

The IoT Starter Kit consists of an ARM mbed-enabled development board from Freescale, powered by an ARM Cortex-M4 based processor, together with a sensor IO application shield.

It also support standards such as Bluetooth Smart, 2G, 3G, LTE and CDMA cellular technologies, Thread, WiFi, and 802.15.4/6LoWPAN along with TLS/DTLS, CoAP, HTTP, MQTT and Lightweight M2M.

The mbed OS also features the mbed Device Server, a licensed software product that provides the server-side technologies to connect and manage devices in a more secure way. It also provides a bridge between the protocols designed for use on IoT devices and the APIs used by web developers.

“The combination of a secure sensor environment by ARM with cloud-based analytics, mobile and application resources from IBM will allow fast prototyping of new smart products and unique value-added services,” explained ARM.

Krisztian Flautner, general manager for IoT business at ARM, said that securely embedding connectivity into devices from the start will allow for cloud-connected products that are far more capable than we see today.

“Smart cities, businesses and homes capable of sharing rich information about their surroundings will be critical in unlocking the potential of IoT,” he said.

“The ARM IoT Starter Kit will accelerate the availability of connected devices by making product and service prototyping faster and easier.”

The first products developed using the kit are expected to enter the market later this year.

Future versions of the kit will run the new ARM mbed OS and use ARM mbed Device Server software to deliver a wider range of efficient security, communication and device management features.

Prototypes have been given to a few early adopters, including the Science and Technology Facilities Council which said that the kit and its connection to the IBM IoT Foundation will help businesses realise the value during the development and production phases of any venture.

The mbed software also comes with its own community, Mbed.org, a focus point for a more than 70,000 developers around the platform.

The website provides a database of hardware development kits, a repository for reusable software components, reference applications, documentation and web-based development tools. It is already up and running, ARM said.

Courtesy-TheInq

 

Visa Europe Announces New Mobile Payments Method

February 25, 2015 by mphillips  
Filed under Mobile

Visa Europe has announced a new, more secure way for consumers to pay retailers usinng their mobile phones,a move that could set the stage for Apple’s  Apple Pay and rival mobile payment services to be introduced into Europe in the coming months.

Visa Europe said on Tuesday it would introduce to member banks by mid-April a “tokenization” service which substitutes random numbers for a user’s credit card details when a merchant transmits transaction data, reducing the risk of online theft.

Similar security from Visa Inc ,the former parent of Visa Europe, and rival card issuers MasterCard and American Express has been key to the success of Apple Pay since it was introduced in the United States last year, according to industry experts.

Apple Pay allows iPhone users to store their credit card details on their phones, then pay at the tap of a button. In its first three months, more than $2 out of every $3 which U.S. consumers spent using speedy new “contactless” systems at the three major credit card networks was done via Apple Pay, the company said last month.

Visa Europe’s move is one of several new services the London-based credit card giant is unveiling as it battles to retain its role as a middleman connecting banks and consumers in a fast-moving payments landscape being shaken up by major technology firms including Apple, Google  and eBay’s PayPal, as well as scores of ambitious start-ups.

These include a way for card customers to send money overseas to other Visa users via their social media profiles on sites such as Facebook, WhatsApp, Twitter or LinkedIn.

Steve Perry, Visa Europe’s chief digital officer, said in an interview his association’s plan for secure credit card data transmission parallels what Visa Inc offers in the United States. But he declined to comment on whether Apple Pay had agreed to use his organization’s version in European markets.

 

Lenovo Hit With Lawsuit Over Superfish Adware

February 24, 2015 by mphillips  
Filed under Computing

Lenovo admitted to pre-loading the Superfish adware on some consumer PCs, and now outraged customers are dragging the computer maker to court on the matter.

A proposed class-action lawsuit was filed late last week against Lenovo and Superfish, charging both companies with “fraudulent” business practices and of making Lenovo PCs vulnerable to malware and malicious attacks by pre-loading the adware.

Plaintiff Jessica Bennett said her laptop was damaged as a result of Superfish, which was called “spyware” in court documents. She also accused Lenovo and Superfish of invading her privacy and making money by studying her Internet browsing habits.

The lawsuit was filed after Lenovo admitted to pre-loading Superfish on some consumer PCs. The laptops affected by Superfish include non-ThinkPad models such as G Series, U Series, Y Series, Z Series, S Series, Flex, Miix, Yoga and E Series.

Lenovo has since issued fixes to remove Superfish applications and certificates from PCs. Microsoft’s Windows Defender and McAfee’s security application also remove Superfish since Friday.

Lenovo earlier admitted it “messed up” by preloading Superfish on computers. The software plugs product recommendations into search results, but can hijack connections and open major security holes, thus leaving computers vulnerable to malicious attacks.

The first complaints of Superfish on Lenovo’s laptops emerged in September last year, but it became a real security issue when a hacker Marc Rogers pointed it out in a blog post.

Bennett, a blogger, purchased a Yoga 2 laptop to conduct business and communicate with clients. She noticed “spam advertisements involving scantily clad women” appearing on her client’s website when writing a blog post for the customer. After seeing pop-ups on other websites, she assumed her computer had spyware or had been hacked, but then scoured the forums to notice similar behavior on other Lenovo laptops. She then rooted out the problem to be Superfish, which could intercept secure communication and leave computers vulnerable.

Superfish also used memory resources and took up Internet bandwidth, according to the court document.

Damages from Lenovo and Superfish are being sought as part of the lawsuit filed in the U.S. District Court for the Southern District of California.

 

 

 

Antitrust Case Against Google Over Android Apps Dismissed

February 24, 2015 by mphillips  
Filed under Mobile

A federal judge has dismissed an antitrust lawsuit that alleged Google harmed consumers by forcing Android mobile phone makers to use its apps by default. The plaintiffs were given three weeks to amend their complaint.

The two consumers who filed the suit failed to show that Google’s allegedly illegal restrictive contracts on manufacturers of Android devices resulted in higher prices on phones, U.S. District Judge Beth Labson Freeman said in a Feb. 20 ruling.

The complainants, who were seeking class-action status for the lawsuit, said that Google required manufacturers, including Samsung Electronics, to set the search giant’s own apps as default options on Android-based phones, restricting access to competing software such as Microsoft’s Bing search engine. The complaint alleged that this practice limited competition in the search engine market, stifled innovation and resulted in higher prices for phones.

But Freeman ruled that the complainants failed to establish a link between software requirements and phone pricing, also noting that “there are no facts alleged to indicate that defendant’s conduct has prevented consumers from freely choosing among search products or prevented competitors from innovating.”

She gave the plaintiffs three weeks to amend the antitrust complaint, filed in U.S. District Court, Northern District of California.

 

 

SIM Card Maker Gemalto Sees Little Impact From Hacking

February 24, 2015 by mphillips  
Filed under Mobile

Gemalto said  its initial investigations into a reports that U.S. and British spies had gained unauthorized access to it systems showed its products were secure and it thus did not expect a significant financial impact.

Gemalto’s shares fell sharply late last week after news website Intercept reported a hack by the U.S. National Security Agency (NSA) and Britain’s Government Communications Headquarters (GCHQ).

The hack into the world’s biggest maker of phone SIM cards allowed the spies to potentially monitor the calls, texts and emails of billions of mobile users around the world, the investigative news website reported.

Gemalto said it would communicate on the results of its investigations on Wednesday, Feb. 25 through a press release and a press conference that will be held in Paris at 0930 GMT.

Gemalto makes smart chips for mobile phones, bank cards and biometric passports and counts Verizon, AT&T Inc and Vodafone among its 450 wireless network provider customers around the world.