The approach, which they call Quantum-Secure Authentication (QSA), centers on single particles of light, or photons, and their ability to encode data so that attackers cannot determine what the information is. It exploits a property of photons that allows them to effectively be in multiple places at once, a phenomenon described in quantum physics.
Researchers in the Netherlands are applying quantum physics in an attempt to create fraud-proof credit cards and ID cards.
“Quantum-physical principles forbid an attacker to fully characterize the incident light pulse,” the researchers wrote in an article in the journal Optica. “Therefore, he cannot emulate the key by digitally constructing the expected optical response, even if all information about the key is publicly known.”
The researchers at the University of Twente and Eindhoven University of Technology coated a credit card with a thin layer of white paint containing millions of nanoparticles. When light hits the nanoparticles, it bounces around until it escapes, creating a unique pattern that depends on the precise position of the particles in the paint. The card is “enrolled” in the system by recording the way that it reflects light.
To authenticate the card, a bank machine showers the paint with a pulse of light that is unique to each transaction. When the correct tell-tale pattern of light emerges as an “answer” to the bank’s “question,” the card can be authenticated.
While an attacker could measure the entire incoming light pattern and then use a projector to return the correct answer, the ability of photons to be in multiple places at once allows the bank to create the complex light question with only a small number of photons, or even just one. Due to the characteristics of quantum physics, an attempt to observe the question and answer process between a reader and the card would destroy the information in the transmission, making it more secure.
“Even if somebody has the full information of how the card is built, technology does not allow him to build a copy,” lead author Pepijn Pinkse of the University of Twente said via email. “The nanoparticles are too small and there are too many of them which need to be positioned with too high accuracy.”
The approach could be used in everything from authenticating passports to opening electronic locks on car doors or accessing secure areas such as government buildings.
T-Mobile has announced a monthly data rollover plan for consumers and business customers called “Data Stash,” but the plan still will not allow workers to share their data with others in a work group.
Data Stash works much the same way for users who have a Simple Choice plan (or Simple Choice for Business Value Plan) and have purchased 3GB or more of LTE data per month for smartphones and 1GB or more for tablets.
T-Mobile will give those existing customers, as well as new customers, 10GB of free LTE data in January. The data must be used by the end of 2015, and once it’s gone, each month of unused data in a plan can be rolled over monhtly for up to a year.
T-Mobile CEO John Legere described data rollover as a high priority for customers, noting that they asked on Twitter in 2014 more than 40,000 times for such a program. And Legere bashed rivals like AT&T and Verizon Wireless who don’t offer such a program, contending that $50 billion annually is lost by wireless customers who have paid for data but then see it disappear at the end of the month when it doesn’t roll over.
“We’re putting an end to this appalling industry practice today,” he said.
Even so, Data Stash won’t let workers share their data allotments with other workers in a group, as T-Mobile describes on its Web site: “Our data plans are specific to the person, so businesses aren’t wasting time and effort tracking everyone’s usage. In other words, this is not a shared data option.”
It’s already been widely reported that Microsoft is working on game-streaming technology, long enough that the company has apparently started over at least once. According to a new ZDNet report, Microsoft halted work on one such project called “Rio,” and has since begun building a new streaming service code-named “Arcadia.”
ZDNet’s Mary Jo Foley cites sources within Microsoft with the news that Arcadia is being worked on by a new team in the company’s Operating Systems Group. A job listing for the team says it will be working “to bring premium and unique experiences to Microsoft’s core platforms.”
Arcadia is said to run on Microsoft’s Azure cloud technology, and will let users stream apps as well as games. While there was talk of having Arcadia stream Android apps and games to Windows devices, Foley reported that particular feature has been tabled for the moment.
It turns out that sailing through interstellar space isn’t so peaceful.
NASA’s Voyager 1 spacecraft — the only object made by humans to reach interstellar space — might still be caught what scientists have described as a cosmic “tsunami wave,” a shock wave that first hit the probe in February, according to new research. You can hear the eerie interstellar vibrations in a video, courtesy of NASA.
“Most people would have thought the interstellar medium would have been smooth and quiet,” study researcher Don Gurnett, professor of physics at the University of Iowa, and the principal investigator of Voyager 1′s plasma wave instrument, said in a statement from NASA. “But these shock waves seem to be more common than we thought.” [Photo Timeline: Voyager 1 in Interstellar Space]
Such a shock wave was what helped scientists determine that Voyager 1, which launched in 1977 on a “grand tour” of the outer planets, had officially left the solar system.
Last year, researchers keeping tabs on the car-sized spacecraft (12 billion miles away) analyzed measurements the Voyager 1 made in the aftermath of a powerful eruption from the sun known as a coronal mass ejection, or CME. This solar blast occurred in March 2012 and hit Voyager 1 from April to May 2013. The shock wave caused the particles around the spacecraft to vibrate substantially. Based on the frequency of these vibrations, scientists could measure the density of the probe’s surroundings.
The density of the particles around Voyager 1 was 40 times higher than scientists had previously observed when the space probe was still in the outer layers of the heliosphere, the giant bubble of charged particles and magnetic fields that surrounds the sun and the planets in our solar system. Voyager 1 team members concluded that the spacecraft had exited the heliosphere and entered a new cosmic realm. After researchers went back and looked at old data, they concluded that Voyager 1 crossed into interstellar space on August 25, 2012.
Voyager 1 detected its third and most recent interstellar shock wave in February. The vibrations were still going on as of November data, according to NASA. That’s remarkable considering that over the course of this event, the spacecraft has traveled 250 million miles (400 million kilometers).
The researchers say they are not sure how fast the wave is moving or how big a region it covers. And they’re still trying to understand what they can learn from these waves.
“The density of the plasma is higher the farther Voyager goes,” Ed Stone, project scientist for the Voyager mission from the California Institute of Technology, said in a statement from NASA. “Is that because the interstellar medium is denser as Voyager moves away from the heliosphere, or is it from the shock wave itself? We don’t know yet.”
Chinese smartphone maker Coolpad has created an extensive “backdoor” into its Android devices that can track users, serve them unwanted advertisements and install unauthorized apps, a U.S. security firm alleged today.
In a research paper released today, Palo Alto Networks detailed its investigation of the backdoor, which it dubbed “CoolReaper.”
“Coolpad has built a backdoor that goes beyond the usual data collection,” said Ryan Olson, director of intelligence at Palo Alto’s Unit 42. “This is way beyond what one malicious insider could have done.”
Coolpad, which sells smartphones under several brand names — including Halo, also called Danzen — is one of China’s largest ODMs (original device manufacturers). According to IDC, it ranked fifth in China in the third quarter, with 8.4% of the market, and has expanded sales outside of the People’s Republic of China (PRC) and Taiwan to Southeast Asia, the U.S. and Western Europe.
Tipped off by a string of complaints from Coolpad smartphone users in China and Taiwan — who griped about seeing advertisements pop up and apps suddenly appear — Palo Alto dug into the ROM updates that Coolpad offered on its support site and found widespread evidence of CoolReaper.
Of the 77 ROMs that Palo Alto examined, 64 contained CoolReaper, including 41 hosted by Coolpad and signed with its own digital certificate.
Other evidence that Coolpad was the creator of the backdoor, said Olson, included the malware’s command-and-control servers — which were registered to domains belonging to the Chinese company and used, in fact, for its public cloud — and an administrative console that other researchers had found last month because of a vulnerability in Coolpad’s backend control system. The console confirmed CoolReaper’s functionality.
The U.S. Consumer Financial Protection Bureau has filed a lawsuit against Sprint Corp over unauthorized charges on customers’ cellphone bills, a practice known as cramming, in the agency’s first foray into mobile payments.
Marking the third cramming-related government enforcement action this year, the CFPB alleges that from 2004 through 2013, the wireless carrier allowed third parties to charge consumers tens of millions of dollars for services like ringtones or text-message horoscopes that consumers had not requested, while keeping 40 percent of the gross revenue.
The Federal Communications Commission is weighing a $105 million cramming fine against Sprint.
“Sprint mistreated consumers egregiously by creating a billing system that invited illegal third-party charges and processed them in a highly irresponsible manner,” the CFPB’s director, Richard Cordray, said.
Sprint expressed disappointment in being the target of the CFPB’s lawsuit and disputed the accusations, listing various steps it said it took to monitor third-party charges, such as hiring an outside compliance vendor and vetting billing companies.
“We strongly disagree with (the CFPB’s) characterization of our business practices,” Sprint spokeswoman Stephanie Vinge Walsh said in a statement.
“It appears the CFPB has decided to use this issue as the test case on whether it has legal authority to assert jurisdiction over wireless carriers,” she said in an email.
In July, the Federal Trade Commission sued T-Mobile US Inc over similar billing issues, and in October, the FCC and the FTC settled such a case with AT&T Inc.
For the CFPB, which oversees consumer financial products such as mortgages and credit cards, this case marked the first public action coordinated with the FCC.
“If a company is processing payments over a mobile network, that’s something that the bureau has jurisdiction over,” the CFPB’s deputy enforcement director, Jeff Ehrlich, told reporters. “We’ll take action against anyone who violates the consumer financial protection laws.”
FCC spokespeople said the FCC and the CFPB have agreed to continue close cooperation “on this and other cases on behalf of wireless customers nationwide.”
British chip designer ARM could cash in on the mobile industry’s rush to transition to 64-bit operating systems and hardware.
Canaccord Genuity analyst Matt Ramsey argues that ARM is still a ‘Buy’ stock, as it’s trading at $43, while his price target is $54 to $56. Ramsay is upbeat for a number of reasons and the 64-bit craze is one o them.
He pointed out that sales of ARMv8 chips are raping up and are no longer limited to Apple. Qualcomm’s upcoming Snapdragon 810 is also based on ARMv8, along with all other upcoming 64-bit SoCs. Ramsey named Qualcomm, MediaTek and Samsung as the three biggest contributors to ARM’s 64-bit business.
In addition to smartphones, ARMv8 designs are finding their way into enterprise networks and servers, creating even more opportunities. This is good news for ARM, as its royalties for processor designs based on the ARMv8 instruction set are significantly higher than for venerable 32-bit parts.
HGST has bought flash memory specialist Skyera after weeks of speculation.
Skyera, a startup offering cloud server arrays at prices comparable to those offered by traditional spindle drives, was already considered ripe for a takeover.
The company will be absorbed into HGST, the parent of which, Western Digital, was an early funder of Skyera along with Dell, Toshiba and Micron, giving it unprecedented access to NAND technology from the inside.
Western Digital is clearly pleased with what it has bought its HGST subsidiary for Christmas.
“Western Digital has established a leadership position in the fastest growing areas of the storage industry,” said Steve Milligan, president and CEO of Western Digital.
“The Skyera acquisition supports our strategic growth objectives and plans to deliver long-term value to customers, shareholders and employees.”
The INQUIRER spoke to HGST president Mike Cordano in September, when he warned us that HGST was “no longer your father’s hard drive company”. The combination of the Skyera acquisition and the company’s purchase of the Virident optimisation platform has made it a major force in flash memory at the enterprise level.
HGST is still seeking ways to make the most out of traditional spindle drives, through the use of helium, but is increasingly looking like a company in the midst of a transformation into a flash specialist.
Terms of the deal have not been announced, but it is understood to be an all cash affair with a value reflecting the importance of this transformation.
Cordano also explained that HGST wanted to disrupt the mindset of storage purchasing to look at whole-life costs. With Skyera, which is known for very high density, low-cost systems that reduce total costs, this could certainly help HGST achieve its goal.
Hundreds of thousands of websites running WordPress have been infected by a piece of malware called SoakSoak. Google has flagged more than 11,000 domains hosting a WordPress website as malicious.
Websites running a third-party plug-in called Slider Revolution are being hacked, and malicious code is being installed that will in turn infect those who visit the website. The developers of the plug-in, ThemePunch, have admitted that they knew about the vulnerability in February this year but kept quiet about it.
ThemePunch in developed 29 security fixes from February to September, resisting a public call for action because of a “fear that an instant public announcement would spark a mass exploitation of the issue”.
The company had hoped that most users would install these updates, solving the problem, but it now admits that this was “sadly not the case.”
“We as a team would like to apologize officially to our clients for the problems that arose due to the security exploit in Revolution Slider Plugin versions older than 4.2, ? it says on its website.
Short answer is that you have to upgrade everything that moves on your wordpress site or it will be toast.
BlackBerry Ltd rolled out its much anticipated Classic on Wednesday, a smartphone it hopes will help it win back market share and woo those still using older versions of its physical keyboard devices.
The Canadian mobile technology company said the new device, which bears striking similarities to its once wildly popular Bold and Curve handsets, boasts a larger screen, longer battery life, an expanded app library with access to offerings from Amazon.com Inc’s Android App store, and a browser three times faster than the one on its legacy devices.
“The conversation about BlackBerry has changed in the last year,” Chief Executive John Chen said as he launched the Classic at Manhattan’s upscale Cipriani restaurant. “We are here to stay, there is no question about that. Now we have to engineer our growth.”
He said BlackBerry had listened to its fans and brought back the command bar functionality that helped make its legacy phones easy to navigate.
When the company initially introduced its new BlackBerry 10 operating system and devices early in 2012 it put more emphasis on touchscreens, alienating many fans of its physical keyboard.
Those who moved to the new physical keyboard phones that BlackBerry launched later were unhappy that command keys such as the Menu, Back, Send and End buttons, along with the trackpad had been dropped.
With the Classic and the recent launch of its Passport smartphone, Chen is in some ways taking the company back to its roots, re-emphasizing the physical keyboard, rather than trying to compete directly against the touchscreen handsets of dominant rivals like Samsung Electronics and Apple.
“We expect the Classic to be the most popular BlackBerry enterprise device and the easiest transition for current BB7 (legacy device) users,” said Wells Fargo analyst Maynard Um.
Android apps really take advantage of those permissions they ask for to access users’ personal information: one online store records a phone’s location up to 10 times a minute, French researchers have found. The tools to manage such access are limited, and inadequate given how much information phones can gather.
In a recent study, ten volunteers used Android phones that tracked app behavior using a monitoring app, Mobilitics, developed by the French National Institute for Informatics Research (INRIA) in conjunction with the National Commission on Computing and Liberty (CNIL). Mobilitics recorded every time another app accessed an item of personal data — the phone’s location, an identifier, photos, messages and so on — and whether it was subsequently transmitted to an external server. The log of the apps’ personal information use was stored on the phone and downloaded at the end of the three months for analysis.
The volunteers were encouraged to use the phones as if they were their own, and together used 121 apps over the period from July to September. A similar study last year used a special iOS app to examine the way iPhone apps access users’ personal data.
Many apps access phones’ identifying characteristics to track their users, the researchers said. One of the few options users have to avoid this tracking is a switch in the “Google Settings” app to reset their phone’s advertising ID. That’s not much help, though, as apps have other ways to identify users. Almost two-thirds of apps studied in the three-month real-world test accessed at least one mobile phone identifier, a quarter of them at least two identifiers, and a sixth three or more. That allows the apps to build up profiles of their users for advertising purposes.
Location was one of the most frequently-accessed items of data. It accounted for 30 percent of all accesses to personal information during the test, and 30 percent of the apps studied accessed it at some point. The Facebook app recorded one volunteer’s location 150,000 times during the three-month period — more than once per minute, on average, while the Google Play Store tracked another user ten times per minute at times. Often, the only use apps make of such information is to serve personalized advertising, as was the case with one game that recorded a user’s location 3,000 times during the study.
At the same time, China, which in past years had flooded the market with solar panels, did not see growth as strong as had been expected. The growth was mainly due to healthy U.S. and Japanese markets, according to the report from EnergyTrend, a research division of TrendForce.
Overall, supply and demand remained stable, according to EnergyTrend.
“At the end of 2014, the overall supply chain maintained a solid utilization rate, while China’s tier-one module manufacturers also continued to break shipment records,” Jason Huang, research manager at EnergyTrend, said in the report.
Ironically, because the price of photovoltaic (PV) modules (the building blocks of solar panels) bottomed out last year, investors worldwide became concerned that profits would also drop. PV prices plummeted after China saturated the market with low-cost solar panel modules. The result: PV capacity rose from 31 gigawatts (GW or a billion watts) in 2012 to a record 39GW last year, even as investments in solar capacity dropped, according to a 2014 report by Bloomberg New Energy Finance.
In 2015, worldwide solar demand is projected to be 51.4GW, with the key markets — China, the United States and Japan — taking up 57% of the overall share.
The rise of emerging markets (the solar installation countries that are not in the top 10) has begun to appear. In 2015, the growth momentum of the emerging markets will become more apparent, and the overall demand will surpass 10GW.
Red Hat has announced the availability of Red Hat Enterprise Linux (RHEL) 7.1 Beta with enhancements to improve ease of use, manageability and performance, as well as support for IBM Power8 little endian architecture.
RHEL 7.1 Beta is the next point release following the enterprise Linux vendor’s initial production release of RHEL 7.0 in June.
RHEL 7.1 adds OpenLMI support to streamline system configuration management with thin logical volume manager provisioning, along with kernel and user mode components supporting Ceph block storage devices.
The update also offers support for Microsoft CIFS for mixed vendor data centre environments that need it, providing native access to Microsoft Windows file and print services.
RHEL 7.1 also enhances identity management security with one-time password authentication via LDAP and Kerberos protocols and the FreeOTP standard, and introduces a certificate authority management tool.
In addition, RHEL 7.1 includes Security Content Automation Protocol Security Guides that reduce the complexity of compliance testing and enhance security assurance.
Building on RHEL 7.0 support for Linux containers in physical, virtual and cloud deployments in development, test and production environments, RHEL 7.1 adds access to Docker 1.2 in the RHEL 7 Extras channel.
For users with demanding workload responsiveness requirements, RHEL 7.1 adds real-time dispatching for workloads that require very precise and deterministic processing times. This capability is delivered with Linux kernel enhancements and additional userspace packages that can be added on top of a stock RHEL 7.1 installation.
Finally, RHEL 7.1 includes support for IBM Power8 little endian architecture for customers using the IBM Power8 systems infrastructure.
Running in little endian mode accelerates application portability to the IBM Power8 systems, thus allowing customers using IBM Power8 systems to use the existing ecosystem of Linux applications as developed for the x86 architecture.
Interested users can read the RHEL 7.1 Beta Release Notes, and can download the RHEL 7.1 Beta at Red Hat’s website.
Sources are sighting a rating seen on the Australian classifications that seem to point to an upcoming Remastered Edition of Borderlands is coming for Xbox One and PlayStation 4. So far this has remained unconfirmed by publisher 2K and franchise developer Gearbox.
The new remastered version is expected to be simply called “Borderlands Remastered Edition”, but with no confirmation from 2K and Gearbox it is difficult to say what all it might contain or if it is simply a converted and compiled version of the first three games for the Xbox One and PlayStation 4.
Bottom line if it is in fact a complied remastered release of the first three games, the reality is that this could actually be a good thing for those that own the new consoles.
South Korea’s LG Electronics Inc will roll out a new range of high-tech TVs in early 2015, expanding its line-up while it strives to cut costs that make its prized light-emitting diode (OLED) sets too expensive for most consumers.
A spokesman for the world’s No. 2 TV maker after domestic rival Samsung Electronics Co Ltd said on Tuesday LG will start selling products using quantum dot technology early next year. He didn’t disclose details including pricing.
The technology incorporates a film of tiny light-emitting crystals into regular liquid crystal displays (LCD), boosting picture quality. LG will have 55-inch and 65-inch ultra-high definition quantum dot TVs on display at the major CES trade show next month in Las Vegas.
Japan’s Sony Corp is so far the only major TV maker selling quantum dot models.
LG was widely expected to launch quantum dot TVs next year, having declared its intention to use the products in a dual-track strategy as the firm and its affiliate LG Display Co Ltd try to push OLED prices down. Analysts say it may take the LG firms several years to meet that goal.
The OLED TV sets remain expensive: a 65-inch ultra-high definition model launched in Korea earlier this year was priced at 12 million won ($10,993). A comparable Sony quantum dot TV costs about $3,799, according to the Japanese firm’s website.
Samsung Electronics has said quantum dot is one of many technologies it is considering. Analysts expect Samsung Electronics to launch quantum dot TVs next year, and believe it could be more aggressive in pushing the products than LG, which remains committed to OLED.
The LG spokesman said Dow Chemical Co is supplying quantum dot material. Dow Chemical confirmed the supplier relationship in an emailed statement.
Dow is building a quantum dot factory in South Korea using technology from partner Nanoco Group Plc, with production starting in the first half of 2015.