Chinese PC and mobile phone maker Lenovo Group Ltd acknowledged that its website was hacked, its second security blemish days after the U.S. government advised consumers to remove software called “Superfish” pre-installed on its laptops.
Hacking group Lizard Squad claimed credit for the attacks on microblogging service Twitter. Lenovo said attackers breached the domain name system associated with Lenovo and redirected visitors to lenovo.com to another address, while also intercepting internal company emails.
Lizard Squad posted an email exchange between Lenovo employees discussing Superfish. The software was at the center of public uproar in the United States last week when security researchers said they found it allowed hackers to impersonate banking websites and steal users’ credit card information.
In a statement issued in the United States on Wednesday night, Lenovo, the world’s biggest maker of personal computers, said it had restored its site to normal operations after several hours.
“We regret any inconvenience that our users may have if they are not able to access parts of our site at this time,” the company said. “We are actively reviewing our network security and will take appropriate steps to bolster our site and to protect the integrity of our users’ information.”
Lizard Squad has taken credit for several high-profile outages, including attacks that took down Sony Corp’s PlayStation Network and Microsoft Corp’s Xbox Live network last month. Members of the group have not been identified.
Starting 4 p.m. ET on Wednesday, visitors to the Lenovo website saw a slideshow of young people looking into webcams and the song “Breaking Free” from the movie “High School Musical” playing in the background, according to technology publication The Verge, which first reported the breach.
Although consumer data was not likely compromised by the Lizard Squad attack, the breach was the second security-related black eye for Lenovo in a matter of days.
Visa Europe has announced a new, more secure way for consumers to pay retailers usinng their mobile phones,a move that could set the stage for Apple’s Apple Pay and rival mobile payment services to be introduced into Europe in the coming months.
Visa Europe said on Tuesday it would introduce to member banks by mid-April a “tokenization” service which substitutes random numbers for a user’s credit card details when a merchant transmits transaction data, reducing the risk of online theft.
Similar security from Visa Inc ,the former parent of Visa Europe, and rival card issuers MasterCard and American Express has been key to the success of Apple Pay since it was introduced in the United States last year, according to industry experts.
Apple Pay allows iPhone users to store their credit card details on their phones, then pay at the tap of a button. In its first three months, more than $2 out of every $3 which U.S. consumers spent using speedy new “contactless” systems at the three major credit card networks was done via Apple Pay, the company said last month.
Visa Europe’s move is one of several new services the London-based credit card giant is unveiling as it battles to retain its role as a middleman connecting banks and consumers in a fast-moving payments landscape being shaken up by major technology firms including Apple, Google and eBay’s PayPal, as well as scores of ambitious start-ups.
These include a way for card customers to send money overseas to other Visa users via their social media profiles on sites such as Facebook, WhatsApp, Twitter or LinkedIn.
Steve Perry, Visa Europe’s chief digital officer, said in an interview his association’s plan for secure credit card data transmission parallels what Visa Inc offers in the United States. But he declined to comment on whether Apple Pay had agreed to use his organization’s version in European markets.
“Providing this level of transparency is not without its complications and sometimes means we get tough questions and criticism about our decisions,” wrote Jeremy Kessel, Twitter’s senior manager for global legal policy, in a blog post Monday.
Twitter received 2,871 account information requests from various governments, targeting 7,144 accounts, during the second half of 2014, and the company complied in 52% of the cases, it said in a new transparency report.
Russia, Turkey and the U.S. were among the countries where requests for Twitter user information increased significantly.
Twitter received more than 100 requests for account information from the Russian government in the second half of 2014, from previously “having never received a request,” Kessel wrote. Twitter declined to honor any of the Russian requests.
Turkey requests rose by 150%, while those from the U.S. government increased 29%. Turkey didn’t honor any of Turkey’s requests, but it did comply with 80% of the U.S. requests.
Meanwhile, government and government-sanctioned requests for content removal jumped 84%. Leading this category were Turkey with 477 requests, Russia with 91, and Germany with 43.
During the second half of 2014, Twitter received 376 court orders for content removal and 420 other removal requests from police and other government agencies. Twitter honored the removal requests in 13% of those cases, covering 1,982 tweets.
Twitter also saw an 81% increase in the number of copyright infringement takedown notices allowed under the Digital Millennium Copyright Act [DMCA], during the second half of 2014. The company received 16,648 DMCA takedown notices during the six-month period, and the company removed content 66% of the time.
Twitter Inc announced plans to acquire Indian mobile phone marketing start-up ZipDial, reportedly for $30 million to $40 million, as the U.S. microblogging service looks to expand in the world’s second-biggest mobile market.
Bengaluru-based ZipDial gives clients phone numbers for use in marketing campaigns. Consumers call the numbers and hang up before connecting and incurring charges, and then receive promotion-related text messages.
The start-up’s clients include International Business Machines Corp, Yum! Brands Inc’s KFC and Procter & Gamble Co’s Gillette.
The service capitalizes on a local tradition of communicating through so-called missed calls. A person may give a friend a missed call to signal arrival at an agreed destination, for instance, without having to pay the cost of a phone call.
Such “unique behavior” was behind ZipDial, the start-up said in a statement announcing the Twitter deal.
Twitter did not disclose terms of the purchase. Techcrunch, citing unidentified sources, reported the deal at $30 million to $40 million.
“This acquisition significantly increases our investment in India, one of the countries where we’re seeing great growth,” Twitter said in a statement.
The acquisition is the latest in India by global tech giants who have snapped up companies in a fledgling startup scene, concentrated in the tech hub of Bengaluru in southern India.
Last year, Facebook Inc bought Little Eye Labs, a start-up that builds performance analysis and monitoring tools for mobile apps. Yahoo! Inc bought Bookpad, whose service allows developers to add document viewing and editing to their own applications.
The U.S. and the U.K. have been working together to prevent cyber attacks for some time, but are going to increase the collaboration. They will combine their expertise to set up “cyber cells” on both sides of the Atlantic to increase sharing information about threats and to work out how to best protect themselves and create a system that lets hostile states and organization know they shouldn’t attack, said U.K. prime minister David Cameron in an interview published by the BBC.
Cyber attacks “are one of the biggest modern threats that we face,” according to Cameron who is visiting Washington for talks with U.S. president Barack Obama. One of the topics high on the agenda is digital security.
The countries will increase the “war games” launched at each other to test defenses. “It is happening already but it needs to be stepped up,” Cameron said, adding that British intelligence service GCHQ and the U.S. equivalent NSA have know-how that should be shared more.
“It is not just about protecting companies, it is also about protecting people’s data, about protecting people’s finances. These attacks can have real consequences to people’s prosperity,” he said.
The increased cooperation between the countries comes in the wake of the Sony hack and the apparent hacking of the U.S. Central Command’s Twitter account by ISIS (Islamic State of Iraq and Syria), which posted tweets threatening families of U.S. soldiers and claiming to have hacked into military PCs.
Mark Zuckerberg and Xiaomi Inc CEO Lei Jun held talks about a potential investment by Facebook in China’s top smartphone maker ahead of its $1.1 billion fundraising last month, but a deal never materialized, several people with knowledge of the matter told Reuters.
The discussions, at a private dinner when Zuckerberg visited Beijing in October, were never formalized, three of those people said, as the two CEOs weighed the political and commercial implications of Facebook - which has been banned in China since 2009 – buying into the Chinese tech star now valued at $45 billion.
One individual with direct knowledge of Xiaomi’s fundraising said the mooted Facebook investment was “not huge,” but the talks underscore how ties between U.S. and Chinese companies have deepened as China’s tech industry matures.
A Facebook investment in Xiaomi would have raised the international profile of the popular handset maker dubbed “China’s Apple” by its fans and linked it to a U.S. social networking phenomenon with more than 1.3 billion users.
Facebook, for its part, has long harbored ambitions to expand into the world’s most populous country, potentially with partners. One of the individuals said Facebook and Xiaomi began discussing a possible investment in mid-2014.
Xiaomi’s Lei was partly put off by the potential for political fallout at home of selling a stake to Facebook while the U.S. social network is still banned in China, two of the people said, adding Xiaomi also feared a tie-up with Facebook could threaten its relationship with Google Inc, a crucial business partner. Xiaomi’s phones are built on Google’s Android operating system.
Xiaomi ultimately announced last month it raised $1.1 billion from investors including Hong Kong-based tech fund All Stars Investment; DST Global, a private equity firm that has invested in Facebook and Alibaba Group; Singapore sovereign wealth fund GIC; Chinese fund Hopu Management; and Alibaba founder Jack Ma’s Yunfeng Capital.
The fundraising valued Beijing-based Xiaomi at $45 billion just three years after it sold its first smartphone. The company had revenue of close to $12 billion in 2014.
Zuckerberg has eyed China as a critical piece of his vision to connect the global population. But, like Google and Twitter, the social networking giant has been blocked by China’s internet censors, who cite national security concerns.
In the latest case of a breach of customer information at a financial firm, an anonymous person or group using the Twitter moniker Rex Mundi said it had hacked the Genevan cantonal (state) bank’s servers and downloaded more than 30,000 emails by Swiss and foreign clients.
Hours after the hacker’s 1700 GMT (12 noon EST) ultimatum expired, the bank issued a statement saying that the intercepted material had been published, but added that it represented “no particular financial risk for clients or the bank”.
“At first analysis, this information is hardly critical, is obsolete or corresponds to foreseen contents about which it has already informed a significant number of clients concerned.”
BCGE spokeswoman Hélène De Vos Vuadens said that at this stage it appeared that all of the 30,000 mails which the hackers claimed to have intercepted had been published, including some affecting foreign clients.
She said that all the information was from clients’ inquiries over the Internet and did not involve their accounts, which require several passwords or codes to access.
The hacker had earlier posted names, addresses and messages to the bank from two people it said were BCGE clients, and said the remainder of the data it had stolen would be make public later on Friday if it was not paid 10,000 euros ($11,779).
“We chose not to give in to blackmail and chose instead the path of transparency,” the bank’s spokeswoman said.
Lizard Squad, which claimed responsibility for the outage, on Friday tweeted, “To clarify, we are no longer attacking PSN or Xbox. We are testing our new Tor 0day.”
While at least one site that maps the Tor network showed numerous routers with the name “LizardNSA,” the extent of any attack was unclear.
Tor directs user traffic through thousands of relays to ensure anonymity. In a Dec. 19 blog post, Tor managers warned of a possible attack, saying, “There may be an attempt to incapacitate our network in the next few days through the seizure of specialized servers in the network called directory authorities.”
Sony engineers, meanwhile, continued to struggle to get PSN back online Friday following the suspected denial-of-service (DDoS) attacks on Thursday.
Sony’s Twitter account for PSN asked frustrated gamers to be patient as staff worked to get the service back up and running, saying it did not know when PSN would be back online.
“We are aware that some users are experiencing difficulty logging into the PSN,” Sony said on its PlayStation support page, where the network was listed as offline.
In a Twitter post showing a chat with the alleged hackers, MegaUpload founder Kim Dotcom suggested he had convinced Lizard Squad to stop the attacks in return for lifetime memberships on his file-transfer site Mega.
Lizard Squad had taken credit for an apparent attack against PSN earlier this month, as well as an attack in August. The incident came at the same time that a U.S. flight carrying Sony Online Entertainment President John Smedley was diverted for security reasons.
CNBC.com reported that Robert Peck, an analyst at investment bank SunTrust Robinson Humphrey, predicted that Costolo will leave the social network in 2015.
“We think there’s a good chance he’s not there within a year,” Peck said. He also said there are “a lot of interesting candidates” that could take over Twitter’s helm.
Twitter did not respond to a request for comment.
Zeus Kerravala, an analyst with ZK Research, said he’s not surprised that interest in Twitter spiked on even speculation that Costolo might be leaving.
“I know there’s a lot of questions about his ability to run Twitter,” Kerravala said. “If the company doesn’t perform well or the company misses a couple of quarters, there will be tremendous investor pressure to oust him. If the company performs, he’s OK.”
Twitter, though it’s increasingly used for political and social protest and company branding, has suffered from slowing growth.
In October, the company reported slower growth in active monthly users than it had in the previous quarter. In the quarter ending in September, Twitter’s monthly user base grew by 4.8%, to 284 million users around the world. In the previous quarter, however, the user base grew by 6.3%.
Earlier this month, Twitter received more unsettling news when photo-sharing site Instagram announced that its monthly user base had jumped 50%, taking its base to 300 million users.
With that leap, Instagram surpassed Twitter in number of users.
The company also shuffled several executives this year, with three different heads of product in 2014 alone. Daniel Graf, one of Twitter’s head of products this year, was demoted in November and then left the company in December,according to re/code.
“There appears to be a lot of executives leaving for other companies,” said Patrick Moorhead, an analyst with Moor Insights & Strategy. “Twitter has had a tough time compared to Facebook and that’s what investors are fixated with. I think they’re feeling mounting pressure from shareholders and employees.”
Apple has issued a fix for a “critical security issue” in OS X following the discovery of a vulnerability in the Network Time Protocol which affects the Yosemite, Mavericks and Mountain Lion operating systems.
The bug, revealed earlier this month, could allow hackers to execute arbitrary code on systems not updated with the fix, and trigger buffer overflows while using OS X Network Time Protocol daemon (NTPD) privileges.
The exploit, named CVE-2014-9295, was uncovered by Stephen Roettger of the Google Security Team earlier this month, but Apple didn’t issue a fix straight away because the firm likes to be sure that the flaw is authentic.
“For the protection of our customers, Apple does not disclose, discuss or confirm security issues until a full investigation has occurred and any necessary patches or releases are available,” said Apple on its support page.
The update is available now for OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10.1.
Users can find the update via Software Update. It will have already downloaded if the ‘Install system data files and security updates’ option is checked in the App Store menu of System Preferences.
Those who want to verify their NTPD version can do so by opening Terminal and typing what /usr/sbin/ntpd. If the the update is already installed, users should see the following versions:
Mountain Lion: ntp-77.1.1
Apple hasn’t had the best luck with security in recent months, which is unusual as the firm is renowned for its tough defenses against the vulnerabilities that affect operating systems like Windows.
The company beefed up its iCloud security in October, adding per-application passwords for third-party apps that don’t support two-factor authentication following the high-profile celebrity iCloud hack in September.
The most recent addition is app-specific passwords to guard against exposure of a user’s iCloud details.
The project did not name the group or agency that may try to seize its directory authorities, which guide Tor users on the list of distributed relays on the network that bounce communications around.
“We are taking steps now to ensure the safety of our users, and our system is already built to be redundant so that users maintain anonymity even if the network is attacked. Tor remains safe to use,” wrote “arma” in a post Friday on the Tor project blog. The “arma” developer handle is generally associated with project leader Roger Dingledine.
Rather than take a direct route from source to destination, data packets on the Tor network, designed to mask people’s Internet use, take a random path through several relays that cover user tracks.
Unless an adversary can control a majority of the directory authorities, he can’t trick the Tor client into using other Tor relays, according to the Tor project website. There are nine directory authorities spread across the U.S. and Europe, according to arma.
The project promised to update the blog and its Twitter account with new information.
Users who live under repressive regimes look to Tor as a way to escape surveillance and censorship. But the network has also been used by illegal websites including online sellers of drugs, like the underground drug market Silk Road. A second version of the market, Silk Road 2.0,was launched a few weeks after the first was seized by law enforcement in October 2013, according to the U.S. Department of Justice.
Millions use the Tor network at their local Internet cafe to stay safe for ordinary Web browsing, as also banks, diplomatic officials, members of law enforcement, bloggers and others, according to the Tor project.
Instagram, which launched in 2010, edged past 8-year-old Twitter and its reported 284 million monthly active users.
Facebook, which bought Instagram in 2012 for $1 billion, has nothing to worry about. In September, the social network reported that its own active monthly user base had hit 1.35 billion.
“Over the past four years, what began as two friends with a dream has grown into a global community that shares more than 70 million photos and videos each day,” wrote Instagram CEO Kevin Systrom in a blog post. “We’re thrilled to watch this community thrive and witness the amazing connections people make over shared passions and journeys.”
Zeus Kerravala, an analyst with ZK Research, said Instagram’s impressive growth stems from its popularity with millennials, who have a strong connection with social networking, selfies and images.
“The younger generation, in particular, is a very visually oriented group that loves selfies,” Kerravala said. “Pictures just say more — they’re fast and easy. Instead of saying, ‘What a great view of the Grand Canyon,’ snap a photo and upload it.”
He noted that Twitter users can upload photos and short videos to the micro-blogging site, but the site is mainly used for its 140-character or less messages.
“I think Twitter is more for information dissemination, where Instagram is more about sharing content,” Kerravala said.
Internet startup Trustev is expanding its digital fingerprinting business beyond e-commerce by launching Trustev for Publishers aiming to help publishers ban toxic Internet commenters completely from their websites, providing no leeway for even setting up a second account. Trustev thinks this can raise the level of online discourse and help stop harassment campaigns the likes of #GamerGate before they even begin.
Trustev CEO Pat Phelan said this solution came about after his own experiences on Twitter: He describes his online persona as “pretty outspoken,” but still finds himself in a perpetual state of shock at the vitriol he sometimes gets about even mundane things.
“Jesus, the language used there is incredible,” Phelan said.
There’s a cycle to online harassment. You block the offender. The offender sets up a second Twitter/Wordpress/Yahoo/whatever account. You block that one, too. So they set up a third. And so on. Phelan calls it “whack-a-mole.”
The best case scenario is that the harasser on the other end gives up before you do. The worst case is that your choices become put up with abuse forever or just stop trying. That doesn’t really make for healthy online discussion, especially when it comes to controversial subjects.
“The whole story is destroyed,” Phelan said.
There are good comments sections out there, to be sure:the AV Club, among others, stands out, largely because of the strong hand it takes to moderating a discussion and kicking out bad seeds as they sprout. But keeping up with the aforementioned cycle takes a tremendous investment of time and talent, which isn’t for everybody. Our colleagues at Re/code, for instance, recently made thecontroversial decision to shut down comments entirelyand urged readers to take any discussion to social media.
Trustev sees a better way. With Trustev for Publishers, blocking a person once means they’re gone. That “digital fingerprint” takes everything into account when banning a user — not just the IP address, which is easy to spoof, but everything from browser configuration and extensions down to operating system version and amount of RAM installed.
Phelan said that digital fingerprinting has a 99.93% positive rate (which sucks for the other 0.07%).
You can’t even get around a Trustev ban with a virtual machine running on your desktop. The only way to beat it, Phelan says, is to get a new computer entirely. And if you mess up again, it’s back to the blacklist.
The company said it will now require less information from users flagging inappropriate content and that it will be easier to submit tweets and accounts for review, even when wrongful behavior is simply observed and not received directly.
“We are nowhere near being done making changes in this area,” Shreyas Doshi, director of product management and user safety said in a message posted on Twitter’s website.
“In the coming months, you can expect to see additional user controls, further improvements to reporting and new enforcement procedures for abusive accounts.”
Users also will be able to view all the accounts they have blocked in a new blocked accounts page accessible from the settings menu on Twitter.
The changes, which will be rolled out to all users in the next few weeks, include modifications designed to speed up Twitter’s response by better streamlining and prioritizing reports of abusive content, technology news website The Verge reported.
A way to block multiple accounts at once also appears to be in the works, according to The Verge.
Twitter has faced criticism in the past over a response to harassment and abuse deemed too lax by many of its users.
In December last year, the company was forced to nix a change to its “block” feature under criticism that the new policy still allowed blocked users to interact with those who had blocked them.
Earlier this year, a survey by online advocacy groups found that nearly half of Americans under the age of 35 have been bullied, harassed or threatened online.
Twenty-four percent of the people surveyed said the harassment happened on Twitter.
Sony Pictures Entertainment has hired FireEye’s Mandiant forensics unit to clean up a cyber attack that knocked out the studio’s computer network nearly a week ago, and resulted in three movies ending up online.
The FBI is also investigating the incident. Sony went down last Monday after displaying a red skull and the phrase “Hacked By #GOP,” which reportedly stands for Guardians of Peace. Emails to Sony have been bouncing back with messages asking senders to call employees because the system was “experiencing a disruption.”
Mandiant is an incident response firm that helps victims of breaches identify the extent of attacks, clean up networks and restore systems. The firm has handled some of the largest breaches uncovered to date, including the 2013 holiday attack on Target. Sony is investigating to determine whether hackers working on behalf of North Korea have launched the attack in retribution for the studio’s backing of the film “The Interview” which is to be released on Dec. 25 in the United States and Canada.
The movie is a comedy about a CIA attempt to assassinate North Korean leader Kim Jong Un, who is such a funny guy. The Pyongyang government denounced the film as “undisguised sponsoring of terrorism, as well as an act of war” in a letter to UN. Secretary-General Ban Ki-moon.