EU wants big fines for data breaches

21 January 2014 Last updated at 07:42 ET

The EU's justice commissioner has called for bigger fines for companies that breach European data privacy laws.

Viviane Reding dismissed recent fines for Google as "pocket money" and said the firm would have had to pay $1bn under her plans for privacy failings.

Ms Reding said such punishments were necessary to ensure firms took the use of personal data seriously.

And she questioned how Google was able to take so long to getting round to changing its policy.

"Is it surprising to anyone that two whole years after the case emerged, it is still unclear whether Google will amend its privacy policy or not?" she said in a speech.

Ms Reding, who is also vice-president of the European Commission, wants far tougher laws that would introduce fines of up to 2% of the global annual turnover of a company for data breaches.

Combining privacy data

The new proposals, currently under debate in the European parliament, aim to create a single EU regulator, which would be able to issue fines on behalf of all national watchdogs.

The continuing row between Google and local data authorities was a case in point for why new laws were needed, she said.

The company changed its privacy policy in March 2012 and began the process of combining the data that people surrendered when they used its many services.

The Spanish data protection agency said that Google had collected information across almost 100 services but had not obtained the consent of people to gather information, or done enough to explain what would be done with the data.

As a result, it imposed a maximum data-breach fine of 90,000 euros ($122,000, £74,000), while in France Google was fined 150,000 euros ($203,000, £124,000).

Continue reading the main story

• An attempt to create strong data protection laws for Europe's 500 million citizens.
• Includes a clause to prevent European data being shared with another country in response to Edward Snowden's allegations
• Sets out ways that citizens can erase their personal data - the so-called right to be forgotten
• Seeks to limit user profiling, requiring companies to explain their use of personal data and seek prior consent
• In order to comply, most businesses would need to have designated data-protection officers

Under her proposed rules, this would have risen to $1bn (740m euros, £610m ), Ms Reding pointed out - "a sum much harder to brush off".

Trust 'low'

Google remains under investigation in four other countries, and Ms Reding threw down the gauntlet to them.

"Europeans need to get serious," she said.

According to Ms Reding, European trust in the way private companies store data is low.

She claimed 92% of Europeans are concerned about mobile apps collecting their data without consent, while 89% of people said they wanted to know when the data on their smartphone was being shared with a third party.

Not everyone is convinced that the new law is the answer, though.

French consumer group La Quadrature du Net said there were some "big loopholes" that could nullify the effectiveness of the legislation.

The legislation is currently being debated between the European Commission, the European Parliament and the European council, and is expected to be concluded in March.

23.43 | 0 komentar | Read More

Spotify adds shop as Dre preps rival

20 January 2014 Last updated at 14:22 ET By Dave Lee Technology reporter, BBC News

Music-streaming service Spotify is now allowing merchandise sales through its player, as it prepares itself for the arrival of a major new rival.

Dr Dre is set to launch his Beats Music service in the US on Tuesday.

Spotify's foray into merchandising is seen as the site's latest way to improve its relationship with artists and record labels.

The company said it would not be taking any percentage of the products sold through the platform.

Compared with services like Apple's iTunes, where music is bought, streaming sites offer revenues that are regarded by some as unreasonably minuscule.

Radiohead's Thom Yorke took his work off Spotify in July last year, declaring on Twitter that he was "standing up for our fellow musicians".

Tom Pakinkis, deputy editor of Music Week, said: "Spotify's main thrust recently is transparency.

"That's what the artists have been crying out for for quite a while now. The market as a whole is slowly but surely winning [over] the last few artists that are holding out from the service."

As part of that effort, Spotify has recently sought to include other ways for artists and labels to earn money.

In conjunction with London-based start-up Songkick, Spotify suggests local gigs and concerts based on the music a user has been listening to.

Announcing the plans, Spotify's head of artist services, Mark Williamson, said: "We're really excited that Spotify's 24 million music-loving users can now see merchandise and concerts while listening to their favourite artists, and that we, in turn, can provide additional revenue opportunities for artists of all sizes."

'Song with banjos'

Keeping artists on-side will be a key part of any streaming site's continued success as the market becomes more crowded.

Beats Music will now be competing not only with Spotify but the likes of Pandora, Rdio, Bloom.fm, Deezer and Google Play, which all offer similar services.

Various music professionals and DJs have been enlisted by the firm to create expert playlists, rather than the algorithm-based approach used by other sites.

"We tried to remember a time a robot found us magic but all we could find were the times the robot made us laugh," the company said in a blog post poking fun at existing services.

"'You like Pantera? Have you heard of Black Sabbath? You like Mumford and Sons? Here's another song with banjos!'"

'Significant player'

Dr Dre's involvement in the headphone industry, which started with the launch of Beats in 2008, has attracted hundreds of millions of dollars in revenue and spawned a vast array of other artist-endorsed headphone products.

Mr Pakinkis said the strength of the Beats brand alone set the music service apart as a credible rival.

"It's a big company with a lot of marketing resource, and that gives the implication that it could be a significant player," he said.

"There are a lot of different players on the market now, and the struggles of some of them financially are well-documented."

To clutter the market further, another streaming service - from controversial internet tycoon Kim Dotcom - was launched on Monday.

His offering, Baboom, went live with a single album available to play - Mr Dotcom's own release, Good Times. More content is expected at a later date.

New Zealand-based Mr Dotcom is currently fighting extradition to the US on charges of copyright infringement.

Follow Dave Lee on Twitter @DaveLeeBBC

23.43 | 0 komentar | Read More

Millions of German passwords stolen

21 January 2014 Last updated at 07:13 ET

The passwords and other details of 16 million email users in Germany have been stolen, the country's security agency has revealed.

The Federal Office for Security said criminals had infected computers with software which allowed them to gather email addresses and account passwords.

The agency has not commented on what progress it has made in tracking down the hackers.

It has set up a website for people to check whether they have been victims.

The agency learnt that the online criminals had managed to infect millions of computers with a program that would enrol them on to a network from where data could be stolen.

It believes most of those targeted are in Germany as many of the email addresses end in .de which is the identifier for German web addresses.

The scale of the attack is the equivalent of almost a fifth of the German population being at risk.

The BBC's correspondent in Germany, Steve Evans, said that so many people were anxious to check if they were victims of this hack that they overwhelmed the official security website causing it to crash.

23.43 | 0 komentar | Read More

Nintendo shares fall on loss warning

20 January 2014 Last updated at 00:16 ET

Shares of Japan's Nintendo plunged as much as 18% on Monday after the gaming giant issued a profits warning.

On Friday, Nintendo said it expects to make an operating loss of 35bn yen ($335m; £205m) for the financial year ending 31 March 2014.

It had initially forecast an operating profit of 100bn yen for the period.

The company blamed weaker-than-expected sales of its Wii U console during the holiday season for the downgrade in its earnings forecast.

As a result, it lowered its global Wii U sales forecast for the business year from nine million to 2.8 million units - a cut of nearly 70%.

Nintendo also reduced the sales forecast for its 3DS console from 18 million to 13.5 million units.

The firm's shares fell to as low as 11,935 yen on the Tokyo Stock Exchange on Monday.

Mario on mobile?

Continue reading the main story

Its console-based business model spells doom for stakeholders. It has no choice but to accept the change"

End Quote Jefferies analysts

The maker of Super Mario and Donkey Kong had previously hoped to match the global success of its original Wii game console which helped raise the firm's shares to a record high in 2007.

The company had, till three months ago, backed its initial forecasts for Wii U sales despite setbacks in markets such as the UK.

In July last year, UK supermarket chain Asda said it would no longer be selling the Wii U in its stores.

But the gaming giant has faced stiff competition from rival console makers including Microsoft with its new Xbox One, and Sony with its new PlayStation 4.

At the same time, some console makers are moving towards allowing users to play their games without the need to own a console.

Earlier this month, Sony announced plans to make its games available over a variety of devices, including its smart TVs as well as other third-party products.

Analysts said that given these factors, Nintendo - which has so far not allowed its games to be played on tablets or other mobile devices - needed to re-evaluate its strategy.

"Its console-based business model spells doom for stakeholders," analysts at Jefferies wrote in a note. "It has no choice but to accept the change."

"We believe Mario on mobile is coming."

23.43 | 0 komentar | Read More

Huge data theft hits South Korea

20 January 2014 Last updated at 05:46 ET

Credit card details from almost half of all South Koreans have been stolen and sold to marketing firms.

The data was stolen by a computer contractor working for a company called the Korea Credit Bureau that produces credit scores.

The names, social security numbers and credit card details of 20 million South Koreans were copied by the IT worker.

The scale of the theft became apparent after the contractor at the centre of the breach was arrested.

Unprotected data

Managers at the marketing firms which allegedly bought the data were also arrested.

Early reports suggest that the contractor got hold of the giant trove of data thanks to the access Korea Credit Bureau enjoys to databases run by three big South Korean credit card firms. The contractor stole the data by copying it to a USB stick.

Regulators are now looking into security measures at the three firms - KB Kookmin Card, Lotte Card, and NH Nonghyup Card - to ensure data stays safe. A task force has been set up to investigate the impact of the theft.

The three bosses of the credit card firms involved made a public apology for the breach.

In a statement the Financial Services Commission, Korea's national financial regulator, said: "The credit card firms will cover any financial losses caused to their customers due to the latest accident."

Another official at the FSC said the data was easy to steal because it was unencrypted and the credit card firms did not know it had been copied until investigators told them about the theft.

This theft of consumer data is just the latest to hit South Korea. In 2012, two hackers were arrested for getting hold of the details of 8.7 million subscribers to KT Mobile. Also, in 2011, details of more than 35 million accounts of South Korean social network Cyworld were exposed in an attack.

23.43 | 0 komentar | Read More

EE rushes to fix broadband box risk

20 January 2014 Last updated at 07:11 ET

Network provider EE will push out an emergency upgrade to its broadband customers after a security flaw was discovered by a UK researcher.

Scott Helme said the vulnerability made "remote access" to EE's routers possible.

The problem affects customers who have either the Brightbox 1 or 2 router in their homes.

EE described the threat as "moderate", but plans to send out an automatic upgrade before the end of this month.

Any broadband customer who has signed up to EE since early 2012 is affected, as are earlier customers who upgraded their routers, the company told the BBC.

It has not specified how many of its customers will need the upgrade, but the BBC understands it to be in the region of 350,000.

In a statement, EE said: "We treat all security matters seriously, and while no personal data will be compromised by the device itself, we would like to reassure customers that we are working on a service update which we plan to issue shortly, and which will remotely and automatically update customers' Brightboxes with enhanced security protection."

Phishing risk

In his blog post, Mr Helme detailed how gaining the wi-fi password would provide sufficient access for a hacker to gain administrator-level control - potentially exposing personal details about the customer.

He wrote that the vulnerability exposed enough personal data to enable a hacker "to go as far as cancelling someone else's broadband package altogether".

EE told the BBC that on Friday it changed its measures so that such actions were no longer possible, and it had briefed its call centre staff on the change of procedure.

The network said it had not received any complaints about the flaw.

It stressed that customers were protected as long as they did not disclose their wi-fi passwords - although security professionals pointed out that such details could be gleaned through phishing attacks designed to trick a user into handing over details.

"We are aware of Mr Helme's article," an EE spokesman said.

"As is the case for all home broadband customers, regardless of their provider, it is recommended they only give network access to people they trust.

"Customers should also be suspicious of any unsolicited emails and web pages, and keep their security software up to date."

23.43 | 0 komentar | Read More

Chrome extras targeted by ad firms

20 January 2014 Last updated at 10:05 ET

Adware pedlars are buying extensions for the Chrome browser and adding code that hijacks searches or inserts sponsored ads, reports suggest.

Extensions are self-contained software add-ons for Chrome that add specific functions to the browser.

At least three extensions for Chrome are suspected of being taken over by adware pedlars.

One developer said he sold his Chrome extension for a "four-figure" sum to an ad marketing firm.

Google has now removed two of the extensions believed to have been compromised in this way.

Cash offer

News that adware makers were seeking to buy up Chrome extensions emerged via the blog of developer Amit Agarwal.

In a blogpost, Mr Agarwal recounted how he had been offered a significant sum in late 2013 for an extension he wrote that worked with the Feedly RSS reader.

Soon after, the new owners of the extension updated it to provide adverts that invisibly replace links on the webpages people visit.

Mr Agarwal said he now regretted selling the extension and felt he had let down its 30,000 users.

Thousands of extensions are available for Chrome and many have been downloaded and installed millions of times.

Almost every modern browser can be extended via its own add-on program.

Further evidence of the practice of subverting popular add-ons to the Chrome browser came via a Q&A session on social news site Reddit.

Offers 'best avoided'

In that online chat the developers of the coupon-finding extension, Honey, said they had been approached by several makers of adware and malware who offered cash to take over the program.

One company offered Honey a "six-figure" sum every month if it co-operated, said the developers.

The company has turned down every offer because it believes it will do better in the long run by avoiding "shady" marketing practices.

A quick survey of the comment pages associated with Chrome extensions by tech reporter Ron Adameo suggested evidence that other add-ons had been compromised, too.

Many people were reporting that formerly benign add-ons had suddenly transformed into ad-spewing irritants after an update, he wrote in a report for Ars Technica.

"While it's extremely easy for a novice user to install an extension, it's nearly impossible for them to diagnose and remove an extension that has turned sour," he said.

Following the reports, Google has now removed two extensions revealed to have been take over by ad firms - one of which was the add-on created by Mr Agarwal.

23.43 | 0 komentar | Read More

Fans help fund Jamaica bobsleigh bid

21 January 2014 Last updated at 06:47 ET

Jamaica's bobsleigh team has raised more than $110,000 (£67,000) in a series of online fundraisers after qualifying for the Winter Olympics.

Donations have been pouring in to crowdfunding platforms, and via dogecoin, the internet currency.

The two-man bobsleigh team will be returning to next month's Games in Sochi, Russia, after a 12-year absence.

The team had initially hoped to raise $80,000 to cover various costs including travel and equipment.

Driver Winston Watts and brakeman Marvin Dixon will represent Jamaica.

Mr Watts said he had spent around $150,000 of his own money in an attempt to ensure qualification.

He said that financial constraints had prevented them from flying to Europe to take part in the final qualifying races.

'Underdogs'

On Monday, the Jamaica Olympic Association said it would cover the teams's travel costs, and the Sochi organising committee will also provide assistance.

Continue reading the main story

It's wild to harness the power of the internet like this"

End Quote Lincoln Wheeler Crowdtilt user

However, the team said it still needed money for basic equipment such as "proper jackets" and a second pair of runners for the sled.

The pair launched a funding appeal on their website, which was then picked up by the online community.

Users of Reddit were encouraged to donate to the Jamaican team in the form of dogecoins, a virtual currency with a fluctuating valuation, similar to Bitcoin, and based on the Doge meme.

Liam Butler, who runs the Dogecoin foundation, said he had been inspired by the team's plight.

"As someone who grew up in the 90s, [the 1993 Disney film] Cool Runnings was the ultimate feel-good movie about underdogs out of their element achieving their dreams," Mr Butler told the Guardian.

"We started without a concrete plan in mind. I sent a few emails out… but that was the extent of it," he said.

Lincoln Wheeler, who started the Crowdtilt campaign, said he was thrilled to have helped the team.

"It's wild to harness the power of the internet like this," he told ESPN. "Obviously the movie had some influence, but I think this also became about the idea that we, as fans, could have an opportunity to influence sports."

Jamaica first qualified for the Winter Olympics in 1988 in Calgary, an achievement later portrayed in the film Cool Runnings, and last competed in the 2002 Winter Olympics in Salt Lake City.

Jamaica did not feature in the 2006 Turin and 2010 Vancouver Games, partly due to a lack of finance.

23.43 | 0 komentar | Read More

Microsoft in more hacking misery

21 January 2014 Last updated at 07:25 ET

A Microsoft blog has been hacked by the Syrian Electronic Army shortly after two of its Twitter accounts and another blog were attacked by the same group.

The Office blog had just been redesigned before it was targeted by the hackers who posted a screenshot of their work on their Twitter feed.

Previous attacks were used to post pro-Syrian government messages and criticisms of the firm.

Microsoft has not yet commented on the latest attack.

Twitter warning

Several articles appeared on Microsoft's site with the title, "Hacked by the Syrian Electronic Army", before being removed, reported tech news site The Verge.

After the attack the SEA addressed a tweet to Microsoft which said: "Changing the [content management system] will not help if your employees are hacked and they don't know about it."

The group had previously used Twitter to warn the company that more attacks may happen after some of Microsoft's social media sites were compromised earlier in the year.

It said: "We didn't finish our attack on @Microsoft yet, stay tuned for more."

After that incident the company shut down its affected accounts for "maintenance".

In a statement issued at the time it said "no customer information had been compromised".

"What the SEA does is not very sophisticated. But it works and people need to be much more vigilant," said security analyst Graham Cluley.

"This is embarrassing for Microsoft but will it mean people won't buy Microsoft software? Probably not."

The company also confirmed that at the time of the earlier attack a small number of employee email accounts had been accessed by the SEA.

Screenshots of conversations between Microsoft executives were tweeted by the group.

Microsoft said that the accounts had been "reset".

23.43 | 0 komentar | Read More

UK set for faster internet on the go

21 January 2014 Last updated at 08:49 ET

People on boats, planes and trains could soon enjoy fast broadband on their travels after Ofcom approved the use of new satellite technology.

The UK telecoms regulator has given the green light to the use of so-called earth stations on moving vehicles.

The devices connect to a geostationary satellite orbiting above the equator.

But critics suggest Ofcom should be concentrating on bringing home-broadband services up to speed before focusing on transport.

Recent advances have improved the effectiveness of earth stations.

Newer antennas are capable of maintaining very stable pointing accuracy, allowing the earth station to track the satellite closely, even on a fast-moving vehicle, providing a reliable internet connection.

Valuable services

The regulator is making a relatively large amount of high-frequency spectrum available ensuring fast data speeds and capacity at the stations.

Speeds could be reach around 50Mbps (megabits per second) to a single earth station, which would mean speeds of more than 10Mbps for individual passengers.

Trains will be exempt from the need for a spectrum licence, but planes or ships will need to be licensed by Ofcom, as they cross into other countries' jurisdictions.

Philip Marnick, group director of spectrum at Ofcom., said: "We want travellers to benefit from super-fast broadband on the move at the kinds of speeds they expect from their connection at home.

"Today's decision means that operators of trains, boats and planes will soon be able to begin the process of making these valuable services available to their passengers."

Adam Kirby, telecoms experts at uSwitch welcomed the news but questioned Ofcom's priorities.

Home first?

Continue reading the main story

I suspect that we will be watching live video from the Mars One lander -the current aim is for this is 2018 - before we are able to have a Skype video call that does not drop out from the moment a train leaves London until it arrives in Birmingham and you get off the train"

End Quote Andrew Ferguson ThinkBroadband

"Being connected is no longer a luxury, it's a necessity," he said. "However, at the moment getting online on the go can be frustrating, with more than half of commuters experiencing patchy coverage or slow speeds while trying to use their smartphones or tablets on the daily commute.

"But while earth stations are now improving things for broadband users on the move, too many people at home are still having to endure a woefully sluggish and patchy service.

"Before Ofcom gets carried away with providing super-fast speeds on transport, it needs to concentrate on getting the basics right and make sure broadband in homes is vastly improved - particularly in remote rural areas that sometimes get ignored," he added.

Currently people on the move can access the internet using a variety of methods.

People on planes rely on entertainment consoles with a small amount of wi-fi also being made available, while wi-fi hotspots are often used on trains. Other travellers have to rely on smartphones or internet-connected dongles.

Trains could start using the technology by the summer, although experts are not sure that it is the best solution, due partly to bandwidth having to be shared among all passengers and the fact that tunnels will cut off the satellite link.

"The real solution for internet connectivity on the move in the UK is for there to be a concerted effort to ensure that all the rail network has access to 2G, 3G and 4G services," said Andrew Ferguson, founder of broadband news site ThinkBroadband.

"I suspect that we will be watching live video from the Mars One lander -the current aim is for this is 2018 - before we are able to have a Skype video call that does not drop out from the moment a train leaves London until it arrives in Birmingham and you get off the train," he added.

For planes, the service will work outside UK airspace as long as airlines adhere to local regulations, the regulator said.

Applications for ship- and plane-mounted earth stations will begin in February, with the first commercial deployment of the technology on vehicles to begin later in the year, it said.

23.43 | 0 komentar | Read More