Friday, 24 April 2015

A new vulnerability in Apple's iOS operating system for mobile devices may render iPhones and iPads prone to denial-of-service (DoS) attacks, a security vendor said.
 
SkyCure's Yair Amit said the company's researchers are working with those in Apple to fix the flaws in iOS 8.
 
"Basically, by generating a specially crafted SSL certificate, attackers can regenerate a bug and cause apps that perform SSL communication to crash at will. With our finding, we rushed to create a script that exploits the bug over a network interface," Amit said.
 
Worse, the company said that under certain conditions, some devices "fall into a repeatable reboot cycle, rendering them useless."
 
Even if victims know the attack comes from a Wi-Fi network, "they can’t disable the Wi-Fi interface in the repeated restart state," it added.
 
"As SSL is a security best practice and is utilized in almost all apps in the Apple app store, the attack surface is very wide. We knew that any delay in patching the vulnerability could lead to a serious business impact: an organized denial of service (DoS) attack can lead to big losses," Amit added.
 
The company discovered the potential threat while preparing for a demonstration of a network-based attack.
 
It said that when the router was set to a specific configuration, apps of iOS devices connected to the router started to crash.
 
Skycure said it has reported the issue to Apple.
 
'No iOS Zone'
 
SkyCure noted it disclosed another vulnerability, "WiFiGate." as early as 2013.
 
With the vulnerability, attackers could create their own network, and force external devices to automatically connect to them.
 
"Combining techniques such as WiFiGate or Karma attacks with this new discovery can allow an attacker to form a 'No iOS Zone,'" the company said.
 
"Envision a small device, which automatically captures any iOS device in range and gets it to join a fake network. Then, it issues the attack and crashes attacked iOS devices again and again. Victims in range cannot do anything about it. Think about the impact of launching such an attack on Wall Street, or maybe at the world’s busiest airports, or at large utility plants. The results would be catastrophic," it said.
 
Solutions
 
For now, SkyCure suggested that:
 
  • users disconnect from the bad Wi-Fi network or change their location in case they experience continuous crashing or rebooting.
  • upgrade to the latest iOS 8.3 update, which might have fixed a few of the mentioned threats.


More from: http://www.gmanetwork.com/news/story/475506/scitech/technology/iphones-ipads-vulnerable-to-dos-cyberattacks 

Friday, 21 November 2014

Google Contributor

Want an ad-free Web experience? Now you can, via Google Contributor, a pilot program that lets people donate money to rid certain sites of advertising.
Marketed as "an experiment in additional ways to fund the Web," Contributor requires a small monthly fee for you to visit participating sites without the hassle of public notices.
Google is rolling out the new service with 10 initial publishing partners, including Urban Dictionary, The Onion, WikiHow, Imgur, Mashable, and Science Daily.
You choose whether to pay $1, $2, or $3 per month, which is collected through an accompanying Google payment account, then distributed to the specific sites you visit; Google also takes a cut of the funds
In return for your donation, you'll find a thank-you message (often accompanied by a pixel pattern) in place of a Google ad. On some mobile sites, ads may disappear altogether, Gigaom reported.
For now, you can sign up online to join the waitlist and receive an emailed invite when a spot opens up.
Those early adopters who already have an invite code can get started surfing a sometimes ad-free Web.
This move, which Google told Gigaom is an example of the company's attempts to help Web publishers and content providers better monetize their readership, is turning a lot of heads. It's likely to take a bite out of Google's ad impressions, and may, in the end, prove that people actually prefer conspicuous advertisements to paying for service.
Google did not immediately respond to PCMag's request for comment.
In June, Google-owned YouTube took a similar approach when it rolled out a fan funding process, by which interested viewers could donate money to creators whose videos they found especially compelling. "YouTube Fan Funding" is still in beta mode, but interested users can sign up online.
Mobilink, Twitter enter partnership
KARACHI: Mobilink has joined hands with Twitter to accelerate internet usage in Pakistan and to enable its users share ideas and information instantly through Twitter’s mobile services, said a press release on Thursday. As part of the partnership, Mobilink users will not incur any data charges on Twitter usage for a limited time period, it added.
Topline Securities wins eight awards
KARACHI: Topline Securities has been ranked as the ‘Best brokerage firm in Pakistan’ for the year 2014, according to Asiamoney’s latest poll.
The brokerage was the first in Pakistan to get this award for the fourth consecutive year. Out of 12 awards for Pakistan, it won eight awards for the year.
Apple, Xiaomi trade smartphone barbs in China
WUZHEN: Top executives from US technology giant Apple and Chinese smartphone upstart Xiaomi traded light-hearted barbs on Thursday at a Chinese Internet conference, acknowledging the fierce competition between the rivals.
Apple stood in sixth place in China’s smartphone market with only a 6.9 per cent share in the March-June period while Xiaomi ranked second with 13.5pc.
Bruce Sewell, Apple’s general counsel and senior vice president of legal and government affairs, told a panel discussion at the World Internet Conference that there are “many good competitive phones in China” in a nod to Xiaomi founder Lei Jun, sitting alongside him.
But when asked about Lei’s previous claims that Xiaomi will become the world’s market leader in smartphones, he said: “It is easy to say, it is more difficult to do,” to laughter and applause from the audience in Wuzhen. Lei shot back: “In this magic land, we produced not only a company like Alibaba, but a small miracle like Xiaomi.”—AFP
BNP Paribas reorganises investment banking
PARIS: French bank BNP Paribas said on Thursday it was reorganising its corporate and investment banking activities to fold securities services into the division and bring equities and fixed-income activities closer together. The shake-up, which the bank said was to adapt to regulator changes and clients’ shifting needs, comes as the division tries to move on from a US sanctions violations case earlier this year that cost the bank nearly $9 billion.

Wednesday, 19 November 2014

email marketing thinkstock

Verse email from IBM is the sort of service you'd normally associate with a scrappy startup. Its mission: Make email less of a headache -- and, if possible, deal a blow to Google and its near-total dominance of the Web-based email market for individuals and businesses.

A blog post by Jeff Schick, VP, IBM Social Software, provides details about Verse in a demonstration video. Verse is designed to make mail self-organizing and tasks easier to prioritize, with people rather than messages as the basic unit of communication. Content shared between team members can be previewed without downloading, reminiscent of Office 365's handling of common document types.
Some of Verse's search and classification functionality will be powered by IBM's Watson machine-learning service. IBM's says this will "[enable] users to query Watson on a given topic and receive a direct reply with answers ranked by degree of confidence."
In many ways, Verse parallels Google's Inbox, which attempts to automatically categorize incoming email based on both the content of emails and user's behaviors with the messages. IBM also casts Verse as stronger on privacy than Google; the release notes that Verse offers functionality akin to "freely available mail services that mine a user’s inbox to increase advertising and monetize that data in other ways."
Verse was originally announced back in January as Mail Next, an overhaul to IBM's long-standing Lotus Notes product; the aim of making a user's inbox self-organizing was in the mission statement back then as well. Verse is based on the IBM Domino mail server system, and since Lotus Notes continues to eke out an existence in deployments around the globe, IBM is banking at least in part on having existing Notes users migrate into Verse.
When asked about the distinction between Notes and Verse, Schick replied in an email: "Notes is a rich client that IBM will continue to invest in. Verse is a Web-based experience that changes the paradigm on how people will work. IBM's mail service will support both Notes and Verse, giving our clients and business partners the ability to choose which option they prefer. If you are already running Notes, we protect your investment in IBM's mail service and allow users to seamlessly access Verse."
Apart from Notes users, another major audience for Verse may be users, period, as IBM is apparently preparing to offer Verse to most anyone who wants it. This is a major pivot from business -- and echoes Apple's path into businesses as it become a favorite of rank-and-file users (and one of IBM's new partners for enterprise applications). 
IBM hasn't disclosed how it plans to monetize Verse. With ads out of the question, the service will likely be free for individuals, with the advanced workgroup and Watson-powered analytics features available for paying customers. It's also possible that IBM may be looking to monetize Watson indirectly through Verse: examining the ways Verse users interact with Watson, using the data to further refine Watson's own intelligence, then adding monetizable Watson features 


WhatsApp has announced that it will encrypt all its 600m users' text messages by default, which is a serious stride forward for privacy - and one which will no doubt be criticised by spooks and police worldwide.
The rollout, announced today, was described by the app maker as the "largest deployment of end-to-end encryption ever.” The feature will, it's hoped, safeguard messages from eavesdroppers by encrypting chats between people.
There are limits to Facebook-owned WhatsApp's end-to-end encryption. So far, it only covers text messaging (as opposed to group messages or pictures), it only works on Android, and it remains open to potential man-in-the-middle attacks because there's no way to verify the identity of the person you're messaging.
Whisper Systems – the company behind the TextSecure software used for the encryption – said in ablog post that it was working on those issues, but nevertheless seems justifiably pleased with itself.
"We have a ways to go until all mobile platforms are fully supported, but we are moving quickly towards a world where all WhatsApp users will get end-to-end encryption by default," it said.
WhatsApp is estimated to have 600 million monthly active users cranking out billions of messages every day.
The open-source TextSecure software allows two devices to exchange encryption and decryption keys in a way that an eavesdropper and the TextSecure servers cannot crack. Assuming WhatsApp uses the same system, and hasn't compromised it for the feds, WhatsApp can't decrypt messages in transit, and TextSecure encrypts data at rest. It uses Curve25519, AES256, and HMAC-SHA256 to protect chats over the wires.
The software also provides perfect forward secrecy by using new AES keys for each message: if an attacker is able to decrypt one text, past messages cannot be cracked using that unique key.
Apple's iMessage system, according to Cupertino [PDF, page 30], works along the same lines, except Apple manages a central database of public keys: every registered iThing and Mac has its own private-public key, with the public keys stored in the iCloud, and every message sent to someone is encrypted using the public keys for each of the recipient's devices.
This means a message sent to someone can be delivered simultaneously to each of the receiver's devices. If the feds were able to persuade Apple to silently and secretly create an extra public-private key pair for a target, with the g-men holding the private key to decrypt the chatter, well, that's another matter. Apple says it cannot decrypt messages because it doesn't hold users' private keys.

Wider picture

In the bigger scheme of things, simple and everyday messages and personal information wrapped up in hard-to-break encryption may soon become the norm. Up until now, encryption has either required extra effort or technical knowledge, use of a special service, or trusting third parties not to reveal your details even when faced with secret government orders.
Or to put it another way: when you are communicating with your mother or father over encrypted text, it's game over for crims and other miscreants, and a huge headache for the NSA and GCHQ.
US and UK government officials – and even the EU's top cop – accuse technology companies of hindering efforts against terrorism by encrypting data. With the head of the FBI demanding front-door access to encrypted phones, unbreakable encryption is not for the little people, in the authorities' eyes.
And yet Whisper Systems got $455,000 from the US government [PDF, page 17] to fund TextSecure development.
Speaking of money, the founder of WhatsApp, Jan Koum, announced yesterday that he had given $1m to the FreeBSD Foundation.
The Foundation "has helped millions of programmers pursue their passions and bring their ideas to life," he wrote on Facebook. The issue is personal for him: "I started using FreeBSD in the late 90s, when I didn’t have much money and was living in government housing. In a way, FreeBSD helped lift me out of poverty – one of the main reasons I got a job at Yahoo! is because they were using FreeBSD, and it was my operating system of choice. Years later, when Brian and I set out to build WhatsApp, we used FreeBSD to keep our servers running. We still do."
WhatsApp was bought for $19bn by Facebook, with the deal going through last month. ®



Early this week there were discussions about Facebook at Work, including ZDNet posts on the pros andcons of the idea. Facebook just announced a dedicated Groups app for iOS and Android that makes it easier to communicate with project teams, family and friends.
Groups remain a part of the full Facebook application, much like Messenger, but pulling it out as a dedicated app makes it more efficient and much more functional. In my experience, I am much more likely to use Facebook services with dedicated apps, rather than access message and group communications from within the Facebook app.
With the new Facebook Groups app, you can easily organize your groups so that the most used ones appear at the top of the launch page. It is also much easier to jump into a group and communicate and then jump over to another group. In the Facebook app itself, groups appear within your News Feed so communication is not as distinct as within the Groups app.
Notifications for each group are managed within the Facebook Groups app. You can also discover other groups to join within the app.
We use Microsoft Lync to communicate via messages in my office, but most people are also on Facebook. I still try to keep Facebook separate as a personal sharing tool though and am not planning to use Facebook for work any time soon.

Tuesday, 18 November 2014

Nokia N1


Lumia 2520

Nokia is launching an Android-powered tablet, marking the Finnish company's return to consumer electronics.
The surprise launch pits the firm against Microsoft, which completed its takeover of Nokia's previous mobile-devices business in April.
The N1 tablet is due to go on sale in China towards the start of 2015, ahead of other countries.
Nokia said it was not making the device itself, but had licensed its brand, design and software to a third-party.
Taiwanese manufacture Foxconn is the licensee.
"This is a great product for Nokia fans and everyone who has not found the right Android tablet yet," said Sebastian Nystrom, head of products at Nokia Technologies, who announced the product at the Slush technology conference in Helsinki.
One company watcher was startled by the move.
"I'm surprised how quickly Nokia has decided to do this. But equally if Nokia was going to do anything with its brand, it was going to have to do it quickly," said Ben Wood, chief of research at CCS Insight.


"The brand has been in a consistent state of freefall over the past three years, so if they are going to extract any value from it they needed to do it sooner than later."
Microsoft sells Nokia-labelled kit of its own, including the Lumia 2520 Windows RT-powered tablet.
Earlier this month, it unveiled its first Lumia smartphone without the Nokia name. But it indicated that it would continue using the brand on its less powerful "feature phone" line-up, saying it had the right to do so for up to a decade under the terms of its $7.2bn (£4.6bn) takeover.
It is not clear whether Nokia's announcement affects those plans.
"There's no question Microsoft will not be a little frustrated that at a time when it's trying to defocus the Nokia brand, here is something that resurrects it prematurely," said Mr Wood.
"In some respects it will also cause a bit of confusion."
The only comment from Microsoft was a brief statement: "This is a Nokia announcement and is not associated in any way with Microsoft."
Android skin
The N1 is a 7.9in (20.1cm) aluminium-framed tablet, whose design resembles the iPad Mini.
Unlike Apple's device, however, it is powered by Google's Android 5.0 operating system, features an Intel Atom processor and has a Micro-USB slot. The planned retail price is $249 (£159).
Nokia N1The N1 features a 64-bit Intel quad-core Atom processor and an aluminium shell
It runs Nokia's own Z Launcher user interface - known as a skin - on top of Android.
The previously announced software allows owners to draw letters on the tablet's screen with one of their fingers to search for related content and changes the apps presented on the machine's home screen according to the time of day and the device's location.
"For Nokia, the advantages of licensing are considerable. Nokia can enter the mobile device market without needing to worry about manufacturing, supply chain management, stock control or hardware distribution," said Ian Fogg, director of mobile analysis at research firm IHS Technology.
But, he noted, previous partnerships had not lived to expectation.
"The Symbian venture over a smartphone OS ran into the ground amid bureaucracy and differing partner visions," he said.
"Nokia failed to establish successful licensing of its Series 60 software. The Intel partnership with Meego [an operating system] was aborted after just one year in as Nokia switched to Microsoft.
"And, Nokia has only just extricated itself from the choice of Windows Phone. Nokia must execute much better with licensing and mobile devices this time if it is to succeed."
Nokia reported a return to health in October after it posted a third-quarter net profit of 747m euros ($935m; £597m) thanks to the work of its network equipment, mapping and software divisions, which had previously been weighed down by its loss-making hardware business.