The popular group chat tool Slack had its central database hacked in February, according to the company, potentially compromising users’ profile information like log-on data, email addresses and phone numbers.
The database also holds any additional information users may have added to their profiles like their Skype IDs.
The passwords were encrypted using a hashing technique. There was no indication the hackers were able to decrypt the passwords, Slack Technologies said in a blog post. No financial or payment information was accessed or compromised, it said.
The unauthorized access took place over about four days in February. The company said it has made changes to its infrastructure to prevent future incidents.
Slack was contacting a “very small number” of individual users who had suspicious activity tied to their accounts, or whose messages may have been accessed. Slack did not say how many users it thinks may have been affected in this way. A company spokeswoman declined to comment further.
There’s been strong interest in Slack’s business chat app since it launched last year, and its user base now tops 500,000.
To beef up security, Slack added a two-factor authentication feature on Friday. If it’s enabled, users must enter a verification code in addition to their normal password whenever they sign in to Slack. The company recommends that all users turn it on.
Slack has also released a password kill-switch feature, to let team owners and administrators reset passwords for an entire team at once. Barring that, users can reset their passwords in their profile settings.
Mobile malware is a growing problem, but researchers from University of Alabama at Birmingham (UAB) have developed a new way of detecting when suspicious mobile apps start trouble, such as trying to call premium-rate numbers unbeknowst to a phone’s owner.
The technique relies on using the phone’s motion, position and ambient sensors to learn the gestures that users typically make when they initiate phone calls, take pictures or use the phone’s NFC reader to scan credit cards.
Some mobile malware programs already abuse these services and security researchers expect their number will only increase.
The technology developed by the UAB researchers can monitor those three services and can check whether attempts to access them are accompanied by the natural gestures users are expected to make. If they’re not, they were likely initiated by malware.
The research, which involved collecting data from real-life scenarios to train the technology, showed that detecting different gestures and using them to differentiate between user-initiated actions and automated ones can be done with a high degree of accuracy. As such, the technique can be a viable malware defense.
The technology doesn’t require root access on the device and it’s better than the signature-based approach used by most mobile antivirus programs, according to Nitesh Saxena, director of UAB’s Security and Privacy In Emerging computing and networking Systems Lab.
Amazon’s Unlimited Everything Plan allows users to store an infinite number of photos, videos, files, documents, movies and music in its Cloud Drive.
The site also announced a separate $12 per year plan for unlimited photos. People who subscribe to Amazon Prime already get unlimited capacity for photos. Both the Unlimited Everything Plan and the Photos Plan have three-month free trial periods.
Online storage and file sharing service providers, such as Google Drive, Dropbox, and iCloud, have been engaged in a pricing war over the past year. Last fall, Dropbox dropped its Pro plan pricing for individuals to $9.99 per month for 1TB of capacity. Dropbox offers 2GB of capacity for free.
Dropbox also offers members 500MB of storage each time they get a friend to sign up; there’s a 16GB max on referrals, though. With Dropbox Pro, members can get 1GB instead of 500MB each time they refer someone.
Google Drive offers 15GB of capacity for free and charges $1.99 per month for 100GB and $9.99 per month for 1TB.
Apple’s iCloud offers 5GB of capacity for free, and charges 99 cents per month for 20GB, $3.99 per month for 200GB and $9.99 per month for 1TB.
Microsoft’s OneDrive offers 15GB of capacity for free, and charges $1.99 per month for 100GB, $3.99 per month for 200GB and $6.99 per month for 1TB.
While Amazon offers unlimited file size uploads for desktop users, it limits file sizes to 2GB for mobile devices.
Azul specializes in bespoke open source Java runtimes and has announced that it is expanding into embedded product lines.
Scott Sellers, CEO and co-founder, and Howard Green, VP of marketing, were keen to extol the virtues of an embedded system.
“If you go with an Oracle system, not only do you have to pay a license fee but you are restricted to off-the-peg solutions,” explains Sellers.
“Because we are an open source solution we can create exactly what the customer needs, then feed that expertise back into the community where it will eventually end up in the official builds of Java.”
Oracle now bases its products around the open source community before releasing its own stable, closed source editions, so Zulu Embedded will often contain cutting edge functionality which is not available to standard (and paying) Java users.
“Our products are built out of a customer need. It’s not just about cost, but about finding new ways to use the Java runtime, which is still the most popular programming language in the world, and creating ways of getting it to do new things,” says Green.
The arrival of Zulu Embedded will open a whole host of opportunities for Internet of Things (IoT) building, but Sellers is keen for the product to be seen as more than just an IoT platform.
“Of course, by creating customized solutions we are able to strip out the libraries that are unnecessary and make a more nimble runtime with a smaller footprint, which makes it ideal for the IoT, but there is far more to it than that – everything from routers, to set-top boxes to ATMs,” explains Green.
The product officially launches today, but has been subject to a significant amount of testing in the field with selected customers.
“In actual fact, it has been available on a limited basis since last September and there are already over two million units running Zulu Embedded in the field,” says Green.
The product will be monetized by offering enterprise-grade support options to customers, while the product itself is freely available.
“We see the end-of-life schedule of Java SE as a major selling point for our own product,” says Green.
Oracle’s support for Java SE 7 has already expired, and it’s another two years before version 8 also reaches end-of-life. Azul, meanwhile, remains committed to its open source products indefinitely.
“Compared to all the alternatives which are either limited in lifespan or have large upfront licensing costs, we’re sure that, combined with our ongoing support, we’re the right choice for anyone wanting flexible deployment of Java,” says Sellers.
Zulu Embedded works across a huge number of platforms, including Mac, Windows and Linux, on Intel and AMD x64 architectures with ARM compatibility to follow.
It is also compatible with physical servers such as Windows Server, hypervisors including VMware and Hyper-V and cloud solutions like Microsoft Azure, Red Hat, Suse and Docker.
For Java as a language, however, Zulu Embedded is something of a return to its roots.
“Sun Microsystems [the original owners of Java] were very successful in the embedded market and paved the way for the vast number of applications that already have a Java runtime. With the end of support for Java 7, many people will be looking at where to go next,” explains Sellars.
Consumer users of Java have repeatedly lashed out at Oracle for its use of bundleware in Java installations, which recently spread to Mac users.
Zulu is available immediately from the Azul website, along with details on working with the Embedded version.
We’ve come a long way in the past nine years, when Sun and Azul were counter-suing over patents. Today, open source is the beating heart of Java, though many won’t realize it.
The issues were found in SAP’s Electronic Medical Records (EMR) Unwired, which stores clinical data about patients including lab results and images, said Alexander Polyakov, CTO of ERPScan, a company based in Palo Alto, Calif., that specializes in enterprise application security.
Researchers with ERPScan found a local SQL injection flaw that could allow other applications on a mobile device to get access to an EMR Unwired database. That’s not supposed to happen, as mobile applications are usually sandboxed to prevent other applications from accessing their data.
“For example, you can upload malware to the phone, and this malware will be able to get access to this embedded database of this health care application,” Polyakov said in a phone interview.
The company also found another issue in EMR Unwired, where an attacker could tamper with a configuration file and then change medical records stored on the server, according to an ERPScan advisory.
“You can send fake information about the medical records, so you can imagine what can be done after that,” Polyakov said. “You can say, ‘This patient is not ill’.”
SAP fixed both of the issues about a month ago, Polyakov said.
The German software giant also fixed another flaw about a week ago found by ERPScan researchers, which affected its mobile device management software, a mobile client that allows access to the company’s other business applications.
On-body detection uses the accelerometer in the phone to detect when it’s being held or carried. If enabled, the feature requires a passcode the first time the phone is accessed but then keeps the device unlocked until it is placed down.
That means, for example, that users walking down the street won’t have to unlock the phone every time they take their phones out of their pockets.
The feature wasn’t widely announced by Google, but it began operating in some phones on Friday.
Like the other elements of smart lock, it should be used with caution as it can’t detect who is carrying the phone.
“If you unlock your device and hand it to someone else, your device also stays unlocked as long as the other person continues to hold or carry it,” reads a message displayed on phones with the new feature.
The smart lock feature was introduced with Android 5.0 KitKat and allows users to set zones around trusted places, such as a home or office, and Wi-Fi or Bluetooth devices, such as a computer or car radio. When the phone is in those zones it will remain unlocked once it’s been unlocked the first time.
It can also recognize faces and remain unlocked when it sees a trusted face.
Companies with more than 1,000 lines will pay $10 per month for each line. Other firms with multiple lines will be charged $15 a line. In both cases, every line comes with 1 gigabyte of high-speed data and allows unlimited calls and text messages.
Verizon and AT&T account for 87 percent of the $83 billion in wireless revenue from businesses, T-Mobile Chief Executive John Legere said at the company’s “Uncarrier 9.0″ event in New York.
T-Mobile’s bid to lure rivals’ business customers reflects an increasingly competitive U.S. cellular market in which new customer growth is hard to come by, forcing the dominant players to seek growth by targeting each other’s existing subscribers.
T-Mobile, controlled by Germany’s Deutsche Telekom, hopes to encourage business owners to switch to its network by offering their family members plans with discounts, Legere said.
As added sweeteners for prospective clients, T-Mobile will offer each business client a free GoDaddy.com domain, a website and email addresses from Microsoft Office 365.
Turning to the consumer market, T-Mobile said it would make permanent various promotional offers from recent months that had been labeled temporary. It also broadened a previous offer to lure other companies’ customers by paying up to $650 in early termination fees to also cover those potential customers’ equipment costs.
Over the last two years, T-Mobile has focused on the consumer market, aggressively cutting prices and shaking up the market with moves to simplify signing up for and keeping cellular and data plans.
The apps have not yet been patched against the FREAK attack, short for Factoring attack on RSA-EXPORT Keys, which was revealed by researchers on March 3.
The unpatched apps, which were not identified, are in categories including finance, communication, shopping, business and medicine, computer security company FireEye said in a blog post Tuesday.
The findings highlight how even some of the most publicized and severe flaws can take quite a bit of time to get fixed. That poses risks for people using apps whose developers are not quick to patch them.
Researchers revealed earlier this month that many software programs and browsers were vulnerable to FREAK, which is a flaw that can allow an SSL/TLS (Secure Sockets Layer/Transport Security Layer) encryption key to be downgraded to 512 bits — much weaker than the 2,048-bit keys typically used today.
The flaw is a legacy of U.S. government export restrictions in the 1990s that banned selling software products overseas with strong encryption keys. Many products can still be forced into using weaker keys, which can be cracked by running mathematical software on a public cloud service.
FREAK is unique in that a wide variety of products need to be upgraded to fix the problem. Apple and Google have patched their mobile operating systems, but many apps compatible with those devices must also be upgraded. FireEye found many examples where, as of last week, that hadn’t happened.
It found 1,228 Android applications in Google Play that are still vulnerable, of the 10,985 they analyzed. All the apps had been downloaded more than a million times. On the iOS side, FireEye said 771 of 14,079 apps it looked at were vulnerable, though in most cases only if they were running on iOS versions prior to 8.2, which patched the issue. Only seven apps were still vulnerable on iOS 8.2.
Users can tap or click a dollar icon in a new chat window to send money to their friends, after they link a Visa or MasterCard debit card issued by a U.S. bank to their accounts.
The free feature will roll out over the next few months for users in the United States who access Facebook Messenger through desktop computers or Google Inc’s Android and Apple Inc’s iOS operating systems on mobile devices.
Users can create a PIN or enable Touch ID if they have an iPhone to add a level of security to the payments.
Snapchat had launched a similar service last November, called Snapcash.
The mobile messaging company partnered with online payments company Square to allow Snapchat users to link their debit cards to their account and quickly send money to a contact by starting a chat on a smartphone.
Sprint will allow companies that sign up for the new Workplace-as-a-Service to use other carriers for wired or wireless communications, while Sprint will continue to manage all the various networks involved.
However, Sprint will offer its own Workplace customers discounts on basic wireless connectivity, such as unlimited voice, texting and data plans for smartphones for $40 — $20 less than the comparable plan for consumers.
Certain pieces of the Workplace offer include actual connectivity, such as Wide Area Network connections, enterprise-grade managed Wi-Fi, voice connections, online collaboration, audio and video conference and instant messaging. But Sprint will also provide mobile device management across all carriers and bring-your-own-device support for laptops, tablets and smartphones.
Zeus Kerravala, an analyst for ZK Research, called the Workplace offer unique. “There are plenty of managed and cloud services on the market today that deploy a particular app or service, but nobody has actually taken the time to figure out how to package a complete workplace service,” he said in an interview. “It’s truly turnkey.”
Mike Fitz, vice president of business solution commercialization at Sprint, said the service is focused on businesses with 100 to 10,000 workers at multiple locations with perhaps 20 to 200 workers at each site. Still, he said, Sprint is using the same concept for its own 35,000 employees, an indication that Workplace will scale up for much larger companies.
The largest corporations will still want multiple providers on a global basis, Kerravala said. But Workplace will be ideal for branch offices, where there often isn’t an IT professional around.
Sprint estimated its Workplace service would be half as expensive as more conventional ways of delivering similar services. The various services also include a single monthly bill from Sprint based on $200 a month for each worker. “That makes op-ex predictable,” he said.
Apple Inc’s frequently mentioned TV service may soon become a reality as the iPhone maker is having discussions with programmers to offer a slimmed-down bundle of TV networks this fall, the Wall Street Journal reported, citing people familiar with the matter.
The service would have about 25 channels, anchored by broadcasters such as ABC, CBS and Fox, and be available across all devices powered by Apple’s iOS operating system, including iPhones, iPads and Apple TV set-top boxes, the newspaper said.
Apple has been talking to Walt Disney Co, CBS Corp, and Twenty-First Century Fox Inc and other media companies to offer a “skinny” bundle with well-known channels like CBS, ESPN and FX, leaving out the many smaller networks in the standard cable TV package, the Journal said.
Apple, which is aiming to price the new service at about $30 to $40 a month, plans to announce the service in June and launch it in September, the newspaper said.
Apple spokesman Tom Neumayr said the company does not comment on rumor and speculation. Fox and CBS declined to comment.
Several media companies are considering joining streaming-only services, or launching their own like HBO and CBS, to attract young people who do not subscribe to traditional pay TV packages. But programmers also fear the packages could become so popular that they undercut current, more profitable deals with cable companies.
In January, Dish Network Corp unveiled its long-anticipated video streaming service, named Sling TV, targeted at younger consumers who shun pricey cable and satellite subscriptions.
Apple has launched a first-ever public beta for iOS, offering some iPhone and iPad users a chance to test iOS 8.3, a still-under-development edition that has been in developers’ hands for more than a month.
The program, first reported two weeks ago by9to5mac.com, followed the debut of a similar program last year for OS X Mavericks. The Mac beta was later extended to include Yosemite, the current OS edition.
It was unclear whether Apple is allowing anyone to register with the iOS 8.3 beta, is rolling out the program gradually, or is limiting access to those who had previously received invitations via the Cupertino, Calif. company’s AppleSeed preview program.
Computerworld staffers who had previously registered for the Yosemite beta were unable to access the iOS version. They were not alone, as discussion threads filled with questions from people who wanted to know why they could not find the preview.
For one Computerworld reader, that might be just as well.
“With all beta software on a computer, users are generally discouraged from testing a beta operating system on their main computer, or a computer used for critical work,” noted Eric Jacobs in an email last month after news circulated about a possible iOS public preview. “For Mac users, that’s easily doable with a second computer, with an external hard disk, or a partitioned hard drive. Users can hop back and forth between the beta OS and the current OS.
For those who do try iOS 8.3, Apple recommended that they first back up their iPhone or iPad to their PC or Mac using iTunes — not to iCloud through an over-the-air backup — so that they can, if necessary, restore the device to its pre-beta state.
The SecuTABLET, based on Samsung’s Galaxy Tab S 10.5 and being presented by BlackBerry unit Secusmart at tech fair CeBIT 2015 in Germany, reflects the Canadian company’s stress on secure connections for governments and businesses as it seeks to preserve a niche market after a drubbing in recent years at the hands of emerging smartphone makers such as Apple Inc.
“Security is ingrained in every part of BlackBerry’s portfolio, which includes voice and data encryption solutions,” said Dr. Hans-Christoph Quelle, chief executive officer of Secusmart GmbH, in a statement on the new device.
The device was undergoing certification by the German Federal Office for Information Security for secure rating, the statement said, adding that the new tablet used the same security technology as the Secusmart Security Card.
“Working alongside IBM and Samsung, we have added the last link in the chain of the Federal Security Network. Subject to certification of the SecuTABLET, German government agencies will have a new way to access BlackBerry’s most secure and complete communications network in the world,” Quelle said.
However, the survey also showed limited awareness of the watch. The poll was taken after Apple Chief Executive Tim Cook debuted the product last week, and only about half of respondents said they had heard news of the timepiece in the last few days.
Also, in an encouraging sign for Apple, roughly 13 percent of survey respondents who did not own an iPhone said that they would consider buying one in order to buy an Apple Watch, which needs an iPhone to work fully.
Apple overcame skepticism about the iPad and iPod when they first debuted, but the survey suggests that the world’s largest technology company has work to do to make the watch ubiquitous.
The new watch, a test of Cook’s leadership, is the company’s first new product in five years, and it hits stores on April 24.
It allows users to check email, listen to music and make phone calls from their wrist. Apple will sell various versions, from a $349 ‘sport’ edition to a $17,000 18-karat gold timepiece.
Ipsos surveyed 1,245 Americans online between March 9 and March 13. The data was weighted to reflect the U.S. population and has a credibility interval of plus or minus 3.2 percentage points.
Apple did not immediately respond to a request for comment on the poll.
More than half of respondents, 52 percent, agreed with the statement that smartwatches are a “passing fad.”
One-quarter of respondents said they were interested in purchasing the Apple Watch, but 69 percent said they had no desire, and 6 percent said they were unsure.
Initial demand for the watch is expected to come primarily from existing iPhone users, but its wider success is seen depending on whether developers create enticing apps tailored to the device, so-called killer apps.
Every three years I install Linux and see if it is ready for prime time yet, and every three years I am disappointed. What is so disappointing is not so much that the operating system is bad, it has never been, it is just that who ever designs it refuses to think of the user.
To be clear I will lay out the same rider I have for my other three reviews. I am a Windows user, but that is not out of choice. One of the reasons I keep checking out Linux is the hope that it will have fixed the basic problems in the intervening years. Fortunately for Microsoft it never has.
This time my main computer had a serious outage caused by a dodgy Corsair (which is now a c word) power supply and I have been out of action for the last two weeks. In the mean time I had to run everything on a clapped out Fujitsu notebook which took 20 minutes to download a webpage.
One Ubuntu Linux install later it was behaving like a normal computer. This is where Linux has always been far better than Windows – making rubbish computers behave. I could settle down to work right? Well not really.
This is where Linux has consistently disqualified itself from prime-time every time I have used it. Going back through my reviews, I have been saying the same sort of stuff for years.
Coming from Windows 7, where a user with no learning curve can install and start work it is impossible. Ubuntu can’t. There is a ton of stuff you have to upload before you can get anything that passes for an ordinary service. This uploading is far too tricky for anyone who is used to Windows.
It is not helped by the Ubuntu Software Centre which is supposed to make like easier for you. Say that you need to download a flash player. Adobe has a flash player you can download for Ubuntu. Click on it and Ubuntu asks you if you want to open this file with the Ubuntu Software Center to install it. You would think you would want this right? Thing is is that pressing yes opens the software center but does not download Adobe flash player. The center then says it can’t find the software on your machine.
Here is the problem which I wrote about nearly nine years ago – you can’t download Flash or anything proprietary because that would mean contaminating your machine with something that is not Open Sauce.
Sure Ubuntu will download all those proprietary drivers, but you have to know to ask – an issue which has been around now for so long it is silly. The issue of proprietary drives is only a problem for those who are hard core open saucers and there are not enough numbers of them to keep an operating system in the dark ages for a decade. However, they have managed it.
I downloaded LibreOffice and all those other things needed to get a basic “windows experience” and discovered that all those typefaces you know and love are unavailable. They should have been in the proprietary pack but Ubuntu has a problem installing them. This means that I can’t share documents in any meaningful way with Windows users, because all my formatting is screwed.
LibreOffice is not bad, but it really is not Microsoft Word and anyone who tries to tell you otherwise is lying.
I download and configure Thunderbird for mail and for a few good days it actually worked. However yesterday it disappeared from the side bar and I can’t find it anywhere. I am restricted to webmail and I am really hating Microsoft’s outlook experience.
The only thing that is different between this review and the one I wrote three years ago is that there are now games which actually work thanks to Steam. I have not tried this out yet because I am too stressed with the work backlog caused by having to work on Linux without regular software, but there is an element feeling that Linux is at last moving to a point where it can be a little bit useful.
So what are the main problems that Linux refuses to address? Usability, interface and compatibility.
I know Ubuntu is famous for its shit interface, and Gnome is supposed to be better, but both look and feel dated. I also hate Windows 8′s interface which requires you to use all your computing power to navigate through a touch screen tablet screen when you have neither. It should have been an opportunity for Open saucers to trump Windows with a nice interface – it wasn’t.
You would think that all the brains in the Linux community could come up with a simple easy to use interface which lets you have access to all the files you need without much trouble. The problem here is that Linux fans like to tinker they don’t want usability and they don’t have problems with command screens. Ordinary users, particularly more recent generations will not go near a command screen.
Compatibly issues for games has been pretty much resolved, but other key software is missing and Linux operators do not seem keen to get them on board.
I do a lot of layout and graphics work. When you complain about not being able to use Photoshop, Linux fanboys proudly point to GIMP and say that does the same things. You want to grab them down the throat and stuff their heads down the loo and flush. GIMP does less than a tenth of what Photoshop can do and it does it very badly. There is nothing that can do what CS or any real desktop publishers can do available on Linux.
Proprietary software designed for real people using a desktop tends to trump anything open saucy, even if it is producing a technology marvel.
So in all these years, Linux has not attempted to fix any of the problems which have effectively crippled it as a desktop product.
I will look forward to next week when the new PC arrives and I will not need another Ubuntu desktop experience. Who knows maybe they will have sorted it in three years time again.