Planes subject to hack attack

Computer science Ph.D. student Devin Lundberg holds the three devices the researchers examined. From left: the Appareo Stratus 2, the SageTech Clarity CL01 and the Garmin GDL Computer scientists at the University of California and John Hopkins University claim equipment used by private pilots when they’re flying is vulnerable to hacking.

And that, said the scientists, could not surprisingly lead to catastrophic results.

The researchers looked at three sets of devices and apps that private pilots commonly use – the Appareo Stratus 2 receiver using the ForeFlight app; the Garmin GDL 39 receiver with the Garmin Pilot app; and the SageTech Clarity CL01 with the WingX Pro7 app.

These devices let hobby pilots use the same info that pilots of a private jet receive but the systems cost $1,000, compared to $20,000 for instruments in high end cockpits.

The devices display location, weather, airspace restrictions and nearby aircraft on a tablet computer via the apps and that’s where the vulnerabilities start.  Kirill Levchenkto, a computer scientist at UC San Diego said: “When you attack these devices, you don’t have control over the aircraft, but you have control over the information the pilot sees.”

Apparently the FAA has the authority to regulate devices but chooses not to as they’re not part of the fabric of a plane.

All three devices let attackers tamper with communication between receiver and tablet.

There are ways to fix the vulnerabilities including cryptography, signed firmware updates and explicit user interaction before downloading device firmware.

The internet of things is here in droves

Internet of ThingsNext year there will be 4.9 billion connected “things” – that is connected semiconductors with IP (internet protocol) connectivity.

But this is only the beginning, according to research from the Gartner Group.  It said that there will be 25 billion such devices in 2020 and next year’s figure of 4.9 billion is up 30 percent from this year.

Jim Tully, a VP at Gartner, said: “The digital shift instigated by the nexus of forces such as cloud, mobile, social and information, and boosed by the internet of things (IoT) threatens many existing businesses.  They have no choice but to pursue IoT, like they’ve done with the consumerisation of IT.”

Gartner estimates that the IoT will support $69.5 billion of service revenues in 2015 and a staggering $263 billion by 2020.

Tully estimates that the automotive industry will show the highest growth rate at 96 percent in 2015. This table shows how it believes things will pan out up to 2020.
internetoffangs

There are security implications here.  Gartner thinks that by the end of 2017, over 20 percent of organisations will have digital security services protecting devices and services in the internet of things.

Tor wonders how US spooks shut down sites

tor-browsingTor has been left scratching its encrypted head over how US and European law enforcement shut down more than 400 websites, including Silk Road 2.0, which used its technology.

Tor was set up, not to hide criminals, but to allow dissidents in autocratic countries to make contact with the real world. The fear is that if the US cops could break Tor, then lives could be at risk in countries whose governments would like to shut down dissident sites.

The websites were set up using a special feature of the Tor network, which is designed to mask people’s Internet use using special software that routes encrypted browsing traffic through a network of worldwide servers.

Tor—short for The Onion Router—also allows people to host ”hidden” websites with a special “.onion” URL, which is difficult to trace. But law enforcement appears to have figured out a method to find out where sites are hosted.

Last Week the Department of Justice shut down more than 410 hidden websites as part of ”Operation Onymous” and arrested more than 17 people, including Blake Benthall, 26, who is accused of running the underground marketplace Silk Road 2.0.

However, Tor is broke and does not have the cash to play a cat and mouse game with the well-funded European and US cops.

Andrew Lewman, the project’s executive director, in a blog post said that it was a miracle that its hidden services have survived so far.

It is possible that a remote-code execution vulnerability has been found in Tor’s software, or that the individual sites had flaws such as SQL injection vulnerabilities.

“Tor is most interested in understanding how these services were located and if this indicates a security weakness in Tor hidden services that could be exploited by criminals or secret police repressing dissents,” he wrote.

HP teams up with Wind River on Open Stack

founding_billDave_tcm_245_1630145Maker of jolly expensive printer ink, HP has forged a glorious alliance with Wind River to provide customers with a network functions virtualisation (NFV) solution based on HP’s Helion OpenStack.

Products which are spawned by the new alliance will enable carrier-grade   NFV capabilities.

The companies worked on the project jointly, taking the HP Helion OpenStack offering and Wind River’s carrier-grade technologies to further the already developing OpenStack NFV market. According to OpenStack-focused vendor Mirantis, telecommunications companies have been experiencing success with OpenStack-based NFV. Although still a new function, it appears that it is beginning to catch on with customers and vendors alike.

In a statement, the pair said that they wanted to create a product which allowed for the benefits of cloud computing, while meeting their rigorous reliability, performance and management requirements.

Saar Gillai, senior vice president and COO of HP Cloud and general manager for NFV at HP, in a prepared statement said the HP and Wind River project would provide a fully integrated and supported HP Helion cloud solution for carrier grade NFV.

“ We will also work together to enhance OpenStack technology to help ensure it evolves to meet carrier grade specifications,” Gillai said.

The new service will help cloud services providers compete better in a changing market. With the OpenStack NFV offering, HP and Wind River expect CSPs will be able to accelerate the transformation of their networks while also lower the total cost of ownership by adopting commercial, off-the-shelf hardware, they claim.

Carrier-grade NFV capabilities are not quite ready for customers, though. There is still some work to do to get the HP/WindRiver OpenStack NFV solution together, but the companies plan to launch in 2015.

Jim Douglas, senior vice president and CMO of Wind River said the telecom industry was eager to tap into the vast potential of NFV.

“By taking advantage of a virtualized or cloud environment, service providers can easily and quickly introduce new high-value services while reducing costs. In every case, maintaining carrier grade reliability is critical,” Douglas said.

 

Toshiba has new wearable computer chip

tieToshiba has announced it will begin sampling a new ARM-based application processor designed for wearable devices.

Dubbed the TZ1021MBG chip, it will form Tosh’s TZ1000 family of ApP Lite application processors for wearable devices such as smartwatches, smart glasses, activity monitors and smart bracelets. The new product will be on display during the four day Electronica 2014 show in Germany starting today.

The chip will be in mass production by March 2015.

The chip includes an integrated 48MHz ARM Cortex-M4F CPU with flash memory that is found in other chips in the ApP Lite product group, but it does not have Bluetooth Low Energy and the accelerometer that were integrated into the TZ1001MBG.

This makes the TZ1021MBG smaller and slimmer, according to Toshiba officials. The ARM Cortex-M4F CPU includes digital signal processing (DSP) and floating-point processing, enabling the combining of data from multiple sensors.

Toshiba officials said the chip includes highly sensitive analogue-to-digital converters (ADCs) that will help devices pick up and measure weak biomedical signals—such as a pulse or a heart’s electrical activity—and leverages a low-power design for devices that need long battery life.

The chip measures 6.7mm by 4mm by 1mm and includes 8MB of memory.

 

Chinese hack US post

postman_file_640_4806bc074ad1dChinese government hackers are suspected of breaching the computer networks of the United States Postal Service, compromising the data of more than 800,000 employees — including the postmaster general.

According to the FBI, the intrusion was discovered in mid-September, said officials, who declined to comment on who was thought to be responsible.

The announcement comes just as President Barak Obama arrived in Beijing for high-level talks with his counterpart, President Xi Jinping.

China has consistently denied accusations that it engages in cybertheft and notes that Chinese law prohibits cybercrime. But China has been tied to several recent intrusions, including one into the computer systems of the Office of Personnel Management and another into the systems of a government contractor, USIS, that conducts security-clearance checks.  Of course the US spooks have been doing the same thing in China, so it is a matter of all is fair in love and cold war.

The only question is why did the Chinese spooks think that hacking a the postal service was a good idea.

Postmaster General Patrick Donahoe said in a statement that it was an unfortunate fact of life these days that every organisation connected to the Internet is a constant target for cyber intrusion activity. “The United States Postal Service is no different. “Fortunately, we have seen no evidence of malicious use of the compromised data and we are taking steps to help our employees protect against any potential misuse of their data,” he said.

The compromised data included names, dates of birth, Social Security numbers, addresses, dates of employment and other information, officials said. The data of every employee were exposed.

No customer credit card information from post offices or online purchases at usps.com was breached, officials said.

While the OPM and USIS breaches involved data of people who had gone through security clearances and so could be useful to a foreign government seeking to gain access to individuals in sensitive government work, it is not clear why Postal Service employees would be of such interest.

Why Apple’s corporate plans are doomed

Map09_oh_noes_two_elementalsKing of consumer toys, Apple is attempting its biggest push into the consumer market, according to Reuters.

Reuters claims that Apple is hiring a dedicated sales force just to talk with potential clients like Citigroup.

This is on top of its partnership with IBM to develop apps for corporate clients and sell them on devices, the iPhone maker plans to challenge sector leaders HP, Dell, Oracle and SAP.

Of course no one is saying much in the way of details, Reuters seems to think that the deal with Big Blue will mean that Apple will be welcomed into the corporate world and give HP and Dell a kicking.  This will result in the collapse of Microsoft, Samsung and Google’s own efforts in mobile work applications.

Apparently Job’s Mob is working closely with a group of startups, including ServiceMax and PlanGrid, that already specialise in selling apps to corporate America. Apple is already in talks with other mobile enterprise developers to bring them into a more formal partnership.

For example, PlanGrid is a mobile app for construction workers to share and view blueprints. ServiceMax is a mobile app that makes it easy for companies to manage fleets of field service technicians by ensuring they have access to the right information.

ServiceMax, whose existing customers include Procter & Gamble (PG.N) and DuPont, has co-hosted eight dinners with Apple over the past year in locations across the United States. About 25 or 30 chief information officers and “chief service officers” typically show up at these joint marketing and sales events.

But there are huge problems with Reuter’s desire to see Apple in charge of the world. The most obvious is that Apple makes toys it does not make corporate devices. Corporates are obsessed with security, Apple’s iCloud can’t even protect b list celebs from having their naked pictures being hacked.

Tablets were an Apple inspired Fad and any belief that corporates will rush to buy them never really happened. If they are ever adopted by corporates, they will be a low-level function which will require something a lot cheaper than Jobs’ Mob wants to support. Apple really needed BYOD to take off, which it didn’t.

Apple’s success has been due to its cult following, but religion does not work very well when it comes to business. Apple lacks functionality with business systems, corporates also take a dim view of the sort of things that Apple user agreements desire from their followers. Apple is also slow to confirm security flaws, and even slower to fix them. Its insistence on its own security, rather than that of the client also does not sit well with big business.

In short, to get business customers, Apple needs to change its mentality – something historically it has been unable to do. It not only has to deal with the experts in business, such as Microsoft, HP, Dell and SAP, its traditional rivals, such as Samsung are also harbour similar ambitions.

Samsung has confirmed that it is stepping up its efforts to sell devices to large enterprise clients and hired former chief information officer Robin Bienfait to spearhead that effort. It might hit the same experience problems that Apple has, and there is no reason to suspect it will be any more successful.

Apple’s IBM partnership might not be that key to the corporations either. It relies on IBM’s sales team selling Apple projects. IBM has as much experience selling consumer products as Apple has selling into business. Jobs’ Mob also has no clue about business software, which is the key to getting into the business market — for decades its networking technology has been the weak point of the few Apple installations in corporates.

Apple appears to hope that if it can hook the client on the software and content, they will keep them coming back for the hardware. However, that simply does not work in the corporates. Hell, Microsoft was unable to get corporates to upgrade to Windows 7 because they could not see a need.  What chance does Apple’s business model have against that attitude?

Robots will steal UK jobs

Oxford's own Bridge of Sighs, pic Mike MageePeople in the UK will have more time to watch daytime TV if the result of a survey by an Oxford University team of scientists in conjunction with Deloitte is to be believed.

According to the survey, 35 percent of UK jobs and 30 percent of jobs in London look set to be taken over by automatons or by automated processes. London employers say advances in technology will be the most important reason for job losses.

And if you’re unlucky enough to be earning less than £30,000 a year, your job is five times more likely to be replaced.

While 73 percent of London businesses plan to increase their headcounts, 84 percent of those firms say skills of employees will have to change to include digital know-how, management and creativity.

Over 36 percent of London businesses will invest in bigger properties, the survey said.

Toshiba enters the cloud management fray

Toshiba Research EuropeGiant Japanese firm Toshiba said it has made available its Cloud Client Manager.

Toshiba said the cloud service is aimed at companies of every size and shape to manage so called endpoint devices – that is to say mobile phones and tablets, notebooks and the like.

The software currently gives patch management, asset inventory, power management and distribution of software device drivers. But in early 2015 the company will add mobile device management and cloud back up.

Here’s how it works.

Adminstrators use a standard web browser to control IT devices online without the need to invest in servers or dedicated management software.

The asset management feature shows all the managed machines in an enterprise and lets them see which software is installed on which machine.

Toshiba said the additional functionality in early 2015 will let administrators create user profile permissions and implement password strength, encryption, device lock and data wiping.

IBM takes aim at cloud entrepreneurs

IBM logoB2B startups are being given the chance to get up to $120,000 worth of credit if they buy into the IBM cloud.

The company said it wants to provide entrepreneurs with “instant infrastructure” to launch businesses and use their resources to code, build, scale and bring their products to market.

IBM is also offering the startups the chance to connect into its enterprise client base which, it said, are always looking to startups to help them with their own problems.

The global programme includes access to BM’s Bluemix platform that includes over 75 runtimes and services. Bluemix provides integration with Twitter, high speed data transfer tools, application health and performance monitoring services and database as a service (DaaS).

IBM estimates that by 2016 a quarter of all apps will sit on the cloud and 85 percent of new software is built for the cloud.

Entrepreneurs are also being offered technical support and consulting using IBM’s 43 “Innovation Centres”, and incubator space in Silicon Alley.

Microsoft software is unsafe again

Stained Glass - picture Mike MageeExpect a slew of critical updates to Microsoft Windows and other Microsoft software this week.

The company last week warned that much of its software needed patches to be safe and sound.  Many will need you to restart your machine or machines.

At the same time Microsoft will release an upgrade to its Malicious Software removal tool, its update services and the download centre.

Affected software includes Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows 8 and 8.1, Windows Server 2008 R2, Windows Server 2012 and Windows Server 2012 R2, Windows RT and Windows RT 8.1, Windows Technical Preview and Windows Server Technical Preview.

Microsoft doesn’t support Windows XP anymore so you are on your own unless like the NHS or people that use point of sale (POS) embedded software you have additional security built in. You can find the whole sorry tale at the Microsoft site, here.

Heartbleed bug still compromises websites

The Bleeding Heart Dove - Wikimedia CommonsA bug that compromised systems in April this year still poses threats despite patches made to cover the security hole.

According to researchers at the University of Maryland, website administrators are still at threat from the Heartbleed bug.

The malefic sofware compromises the OpenSSL (secure sockets layer) making it possible for those with a malicious bent to read the memory of systems.

The Maryland researchers looked at a million sites in the United States in a bid to discover whether sys admins applied the correct protocols to prevent the bug.

While nearly 93 percent of web administrators patched the hole within three weeks of the arrival of Heartbleed, the researchers found only 13 percent followed up with other measures to make their systems bulletproof.

Sys admins should have patched OpenSSL software, revoke current certificates and re-issue new ones, said the researchers.

If these measures hadn’t been taken, attackers with a website private key could still pose as a website.

Google did evil to the Berlin Wall

ap6108231298-ab0817725a55e10f913b3d4d8f1ba2d18f00f8d4-s6-c30 Over the weekend, Google celebrated the Fall of the Berlin Wall with one of its doodles, failing to note its part in the history of one of the sections.

According to the Google Doodle team, they  “took a short bike ride from our Mountain View, California headquarters to our local public library to study an actual piece of the Berlin Wall.” These segments of the Berlin Wall were featured in the Doodle.

What the post fails to mention is how the two sections ended up at the library and how it might not have had to do that cycle ride if it had taken a less evil interest in history sooner.

The 12-foot-tall remnants sections of wall were bought over to the US by German-born businessman Frank Golzen. It all seemed fair enough. After all, they were spoils of a war which the US had spent a lot of time and money winning and made a suitable monument to the victory. They were placed in the Bayside Business Plaza where they were a lot more attractive than many of the other things on the estate and provided a bit of history that is missing in many Industrial Parks.

In 2012, Google bought the entire park, did not like the inclusion of the two sections of the Berlin Wall, and gave the Golzen family until summer 2013 to take the historic Berlin Wall out of the industrial park.

A 2012 City of Mountain View Staff Report stated that although the donating family has until next summer to remove the installation from the current location, their preference (and the preference of the new owner of the property) was to remove it sooner.

However, the recommendation to relocate the seven-ton concrete slabs to remote Charleston Park, adjacent to the Googleplex, was nixed by the City Council, who voted instead to move the Berlin Wall sections to its current home in front of a downtown public library. The walls were moved and re-dedicated in November last year.

 

Cambridge boffin dismisses the existence of a general processor

martin-luther-nails-thesis-1David Chisnall, of Cambridge University become the general processor’s first atheist, by refusing to believe in the existence of a general-purpose chip.

Writing in Queue  he said that there was a general trend to categorise processors and accelerators as “general purpose.” Of the papers published at this year’s International Symposium on Computer Architecture (ISCA 2014), nine out of 45 referred to general-purpose processors; one additionally referred to general-purpose FPGAs (field-programmable gate arrays), and another referred to general-purpose MIMD (multiple instruction, multiple data) supercomputers, stretching the definition to the breaking point.

However Chisnall nailed a statement on the door of the Intel research division that there was no such thing as a truly general purpose processor and that the belief in such a device was harmful.

Risking the wrath of the great Intel God he said that many of the papers presented at ISCA 2014 that did not explicitly refer to general-purpose processors or cores did instead refer to general-purpose programs, typically in the context of a GPGPU (general-purpose graphics processing unit), a term with an inherent contradiction.

He said that a modern GPU has I/O facilities, can run programs of arbitrary sizes (or, if not, can store temporary results and start a new program phase), supports a wide range of arithmetic, has complex flow control, and so on. Implementing Conway’s Game of Life on a GPU is a common exercise for students, so it’s clear that the underlying substrate is Turing complete.

Chisnall argues that it is not enough for a processor to be Turing complete in order to be classified as general purpose; it must be able to run all programs efficiently. The existence of accelerators (including GPUs) indicates that all attempts thus far at building a general-purpose processor have failed. If they had succeeded, then they would be efficient at running the algorithms delegated to accelerators, and there would be no market for accelerators.

Apple conducted a “bait and switch” on GT Advanced

6a01053686a547970c017d3e73793e970c-piCourt documents appear to show that Apple sank GT Advanced by offering it what would have been its largest sale ever and then changed the terms of the agreement after it was too late for the smaller company to go elsewhere.

In documents unsealed by a US  Bankruptcy Court in Springfield, Massachusetts, GT Advanced Chief Operating Officer Daniel Squiller says Apple conducted a bait and switch which brought the company to its knees.

GT Advanced, a maker of sapphire furnaces that supplied sapphire material to Apple for its smartphone screens, filed for Chapter 11 protection but has refused to publicly explain why it had imploded, because of  confidentiality clauses which Apple forced it to sign.

All this came to light because Judge Henry Boroff denied requests by the companies to keep some of the documents in the case under seal.

Last year, GT Advanced outfitted a plant owned by Apple in Mesa, Arizona with furnaces that it would use to make scratch-resistant sapphire exclusively for Apple.

“With a classic bait-and-switch strategy, Apple presented GTAT with an onerous and massively one-sided deal in the fall of 2013,” Squiller wrote.

At the start of negotiations, Apple offered to buy 2,600 sapphire growing furnaces from GT Advanced, which GT Advanced would operate on behalf of Apple, the “ultimate technology client to land,” according to Squiller.

“In hindsight, it is unclear whether Apple even intended to purchase any sapphire furnaces from GTAT,” he wrote.

Apple offered a deal, under which it would shift away economic risk by lending GT Advanced the money to build the furnaces and grow the sapphire, and then sell it exclusively to Apple for less than market value, Squiller wrote.

GT Advanced was effectively forced to accept the unfair deal in October 2013 because its intense negotiations with Apple had left it unable to pursue deals with other smartphone makers, he said.

However, Apple called GT Advanced’s accusations “scandalous and defamatory” and said that the statements are intended to vilify Apple and portray “Apple as a coercive bully.”

It said GT Advanced was eager to make a deal, and pointed to a jump of over 20 percent in the shares of GT Advanced after it was unveiled.