Heartbleed used against net thieves

29 April 2014 Last updated at 12:53 By Mark Ward Technology correspondent, BBC News

The Heartbleed bug has turned cyber criminals from attackers into victims as researchers use it to grab material from chatrooms where they trade data.

Discovered in early April, Heartbleed lets attackers steal data from computers using vulnerable versions of some widely used security programs.

Now it has given anti-malware researchers access to forums that would otherwise be very hard to penetrate.

The news comes as others warn that the bug will be a threat for many years.

French anti-malware researcher Steven K told the BBC: "The potential of this vulnerability affecting black-hat services (where hackers use their skills for criminal ends) is just enormous."

Heartbleed had put many such forums in a "critical" position, he said, leaving them vulnerable to attack using tools that exploit the bug.

The Heartbleed vulnerability was found in software, called Open SSL, which is supposed to make it much harder to steal data. Instead, exploiting the bug makes a server hand over small chunks of the data it has just handled - in many cases login details or other sensitive information.

Mr K said he was using specially written tools to target some closed forums called Darkode and Damagelab.

"Darkode was vulnerable, and this forum is a really hard target," he said. "Not many people have the ability to monitor this forum, but Heartbleed exposed everything."

Charlie Svensson, a computer security researcher at Sentor, which tests company's security systems, said: "This work just goes to show how serious Heartbleed is. You can get the keys to the kingdom, all thanks to a nice little heartbeat query."

Individuals who repeat the work of security researchers such as Mr K could leave themselves open to criminal charges for malicious hacking.

Threat 'growing'

The widespread publicity about Heartbleed had led operators of many websites to update vulnerable software and urge users to change passwords.

Paul Mutton, a security researcher at net monitoring firm Netcraft, explained that while that meant there was no "significant risk of further direct exploitation of the bug", it did not mean all danger had passed.

He said the problem had been compounded by the fact that a large number of sites had not cleaned up all their security credentials put at risk by Heartbleed.

In particular, he said, many sites had yet to invalidate or revoke the security certificates used as a guarantee of their identity.

"If a compromised certificate has not been revoked, an attacker can still use it to impersonate that website," said Mr Mutton.

In addition, he said, web browsers did a poor job of checking whether security certificates had been revoked.

"Consequently, the dangers posed by the Heartbleed bug could persist for a few more years."

His comments were echoed by James Lyne, global head of security research at security software developer Sophos.

"There is a very long tail of sites that are going to be vulnerable for a very long time," said Mr Lyne, who pointed out that the list of devices that Heartbleed put at risk was growing.

Many so-called smart devices, such as home routers, CCTV cameras, baby monitors and home-management gadgets that control heating and power, were now known to be vulnerable to Heartbleed-based attacks, he said.

A survey by tech news site Wired found that smart thermostats, cloud-based data services, printers, firewalls and video-conferencing systems were all vulnerable.

Other reports suggest the makers of some industrial control systems are also now producing patches for their software to limit the potential for attack.

How tempting this was for malicious attackers was difficult to gauge, said Mr Lyne.

"We do not really know how much Heartbleed is being used offensively because it's an attack that is hard to track and log."

23.43 | 0 komentar | Read More

Nokia names Rajeev Suri as new boss

29 April 2014 Last updated at 15:46

Nokia has named Rajeev Suri as its new chief executive.

The 46-year-old has until now led Nokia Solutions and Networks (NSN), the network equipment unit of the firm.

NSN is set to become Nokia's key business, following the sale of its mobile phone unit to Microsoft last week for 5.44bn euros ($7.5bn; £4.5bn).

The sale saw Nokia's former chief executive, Stephen Elop, leave the firm to become executive vice-president of the Microsoft devices group.

Risto Siilasmaa, chairman of Nokia, said Mr Suri had "a proven ability to create strategic clarity, drive innovation and growth, ensure disciplined execution, and deliver results".

Indian-born Mr Suri has worked at Nokia for 20 years and had led NSN since October 2009, helping to make it profitable.

The company also announced that it would pay a special dividend of 0.26 euros ($0.36) per share - subject to shareholder approval - in 2014 as a result of the sale of its mobile phone unit.

The extra dividend amounts to about 1bn euros.

Future strategy

Nokia said it would now focus on networks, mapping services, technology development and licences.

The Finnish company said it expects billions of devices to become interconnected over the next 10 years across a range of sectors such as transportation and health.

It said this development would require increased connectivity to handle the growing data traffic, improved location services as well as innovation in areas such as radio and low-power technologies.

"Nokia's vision is to be a leader over the long term in these three areas," the firm said.

But it faces challenges in achieving that, a fact that was highlighted by its latest results, also released on Tuesday

Its first-quarter sales fell by 15% from a year ago to 2.67bn euros, dragged down mostly by a drop in sales at its networks division.

However, its underlying operating profit rose 20% from a year ago to 304m euros during the period.

The firm said it expects sales at the networks unit to rise in the second half of the year.

23.43 | 0 komentar | Read More

Faked twerking video wins Webby

29 April 2014 Last updated at 09:56

A video of a twerking routine gone horribly wrong has won one of the internet's highest honours.

The "Twerk Fail" clip, which was later revealed to be a fake created by US chat show host Jimmy Kimmel, was named best viral video at the Webbys.

Other winners included the Guardian newspaper, which was honoured for its interactive coverage of the NSA leaks.

BBC News also won two "people's choice" awards, for its online mobile site and also for its news language sites.

The mobile site won in the category for News (handheld devices), while the BBC News language sites on responsive took the award in the best practices category.

The Webby Awards were established in 1996 as a way to recognise "excellence on the internet," according to the company's website.

There are dozens of categories, each with two winners. One is decided by a jury from the International Academy of Digital Arts and Sciences - which includes Netflix star Kevin Spacey and Ariana Huffington - and the other voted for by the public.

Actor and stand-up comic Patton Oswalt will host this year's ceremony to honour the winners in New York next month.

Other big-name winners included Jay Z, who was given a prize for the app accompanying his latest album, Magna Carta Holy Grail.

His wife, Beyonce, was named the people's choice in the fan website category.

Pharrell Williams won the Webby and People's Voice Award for best use of interactive video, thanks to a 24-hour music video for his hit song Happy.

Will Ferrell's Funny Or Die website won three prizes, including two for Zach Galifianakis' spoof talk series Between Two Ferns, which recently starred US President Barack Obama.

Holiday rental site Airbnb and Twitter's video app Vine also took prizes, while The New York Times was named the best news website.

Jimmy Kimmel's "Worst Twerk Fail ever" video was posted on YouTube last September and gained nine million views before the talk show host revealed it had been a set-up.

The clip appeared to show an amateur dancer twerking against a door in her apartment, before falling over onto a table and setting fire to her leggings.

But a "director's cut" of the video, broadcast on Kimmel's nightly show ended with the presenter appearing from behind a door and putting out the flames with a fire extinguisher.

He also revealed the supposed star of the video, Caitlin Heller, was in fact a Hollywood stuntwoman called Daphne Avalon.

23.43 | 0 komentar | Read More

Legal deal over MTGox bitcoin hoard

29 April 2014 Last updated at 13:08

An out-of-court deal could end legal action by many former North American customers of the failed MtGox bitcoin exchange.

It shut down in early 2014 following attacks that meant it lost millions of dollars of the online currency.

Angry US and Canadian customers of the exchange filed a class-action lawsuit seeking compensation for their losses.

The deal hands the failed exchange to the former customers and nets them a share of its remaining bitcoins.

MtGox was one of the first to be involved in the bitcoin boom, a peer-to-peer online payment system, and was for a while the world's largest bitcoin exchange.

Continue reading the main story

Bitcoin is often referred to as a new kind of currency.

But it may be best to think of its units being virtual tokens rather than physical coins or notes.

However, like all currencies its value is determined by how much people are willing to exchange it for.

To process Bitcoin transactions, a procedure called "mining" must take place, which involves a computer solving a difficult mathematical problem with a 64-digit solution.

For each problem solved, one block of Bitcoins is processed. In addition the miner is rewarded with new Bitcoins.

This provides an incentive for people to provide computer processing power to solve the problems.

To compensate for the growing power of computer chips, the difficulty of the puzzles is adjusted to ensure a steady stream of about 3,600 new Bitcoins a day.

There are currently about 11 million Bitcoins in existence.

To receive a Bitcoin a user must have a Bitcoin address - a string of 27-34 letters and numbers - which acts as a kind of virtual post-box to and from which the bitcoins are sent.

It closed its doors in early 2014 after revealing that it had lost about 850,000 bitcoins that at the time were worth about $400m (£238m).

'Best option'

The Tokyo-based company is scheduled to be liquidated after it abandoned plans to revive the exchange.

In return for ending the class action, the former customers will share 16.5% of Sunlot - the company that has applied to buy and administer MtGox's assets.

In addition, they will receive a share of the 200,000 bitcoins and $20m in cash still held by MtGox.

"This is the customers' best option and the only chance they have for full restitution," said a statement from Jay Edelson of the Edelson law firm handling the US case.

The Japanese administrator overseeing the liquidation of MtGox has yet to approve Sunlot's application to take over and dispose of the exchange's assets.

If this is granted, US courts will also have to approve the deal to let the customers wind up their legal action.

23.43 | 0 komentar | Read More

Glow in the dark roads not glowing

28 April 2014 Last updated at 17:57

Glow in the dark road markings have been "faded out" from a stretch of road in the Netherlands as they are sensitive to large amounts of moisture.

The pilot project was unveiled earlier this month on the N329 in Oss, approximately 100km south east of Amsterdam.

The project aims to develop an alternative to street lights in areas where they are not present.

Engineers have said they will continue testing and produce a new version.

The paint used for the markings contains a "photo-luminising" powder that charges up in the daytime and slowly releases a green glow at night, doing away with the need for streetlights.

Once the paint has absorbed daylight it can glow for up to eight hours in the dark.

Rainfall issue

Since the road markings were put in place two weeks ago it has been reported that some drivers were driving along the road in the dark with their headlights switched off so that they could experience the glow in the dark effect.

Civil engineering firm Heijmans, which is running the pilot project with interactive artist Daan Roosegaarde, confirmed to the BBC that the road markings were sensitive to large amounts of moisture due to rainfall.

This meant the road markings were not giving out a consistent level of light.

In a statement Heijmans said: "As expected the 'real life' trial enables us to learn from the environment and users.

"We will use these insights to introduce an update to the Glowing Lines 2.0 version. In the meantime we have temporarily faded out the lining to prevent any confusing situations for road users.

"As planned we are working on developing Glowing Lines version 2.0, which will be ready for this summer. It will then be introduced on a larger scale in the Netherlands and abroad."

When the road markings were initially unveiled the UK Highways Agency said it would watch the trial with interest but said that previous studies had shown that "luminescent road paint would be unsuitable for use in this country".

It said it would take several things in to account when deciding whether to include luminescent road markings in its design standards. These would include how far in advance road markings could be seen, how skid resistant they were, how visible they were during the day and how they would perform in winter when there are fewer hours of daylight.

23.43 | 0 komentar | Read More

Samsung's mobile phone sales decline

29 April 2014 Last updated at 02:02

Samsung Electronics has reported a 4% fall in sales at its mobile phone unit.

Revenues in the sector fell to 33.4 trillion won ($32.3bn; £23.3bn) in the January-to-March period.

But the South Korean company said operating profit for its mobile phone unit rose 18% from the previous three months, in part due to "positive impact from adjustments of one-off expenses".

Samsung is the world's biggest mobile phone maker and handsets account for the bulk of the firm's profits.

The figures came as the electronics giant reported a net profit of 7.57 trillion won (£4.4bn; $7.5bn) for the first quarter, up from 7.3 trillion won (£4.2bn; $7bn) in the previous three months.

Maturing market?

Continue reading the main story

This is further evidence that the global market for smartphones is maturing"

End Quote Andrew Milroy Frost & Sullivan

The success of its Galaxy range of smartphones has been one of the biggest drivers of Samsung's growth in recent years.

It helped the company dislodge Nokia as the world's biggest phone maker in 2012.

However, competition in the sector has been increasing, forcing manufacturers to lower their prices and hurting their profitability.

At the same time, demand for smartphones in developed markets - which have been key drivers of growth of the sector so far - has also begun to slow.

"This is further evidence that the global market for smartphones is maturing and as the pace of growth which firms such as Samsung have enjoyed in recent years is slowing," said Andrew Milroy, an analyst with consulting firm Frost & Sullivan.

He added that "the company will have to look at introducing lower cost models in emerging markets to sustain the business."

For its part, Samsung has been looking to tap into the emerging markets by launching low cost handsets there.

However, it has been facing increased competition on that front as well, especially from Chinese firms such as Xiaomi, Huawei and ZTE.

23.43 | 0 komentar | Read More

Yahoo announces original TV series

29 April 2014 Last updated at 02:59

Yahoo has announced two original TV series that will be shown on its website and mobile app.

It makes Yahoo the latest technology firm to join the fast-growing market for digital video content.

Companies such as Netflix, Hulu, Amazon and Microsoft have been looking to compete with traditional TV programming to attract viewers to their platforms.

Some have even been signing deals with internet service providers to stream videos faster and more smoothly.

On Monday, Netflix announced a deal with Verizon - one of the biggest internet service providers in the US - which will see Netflix servers connected directly to Verizon's network, resulting in faster speeds.

"We have reached an interconnect arrangement with Verizon that we hope will improve performance for our joint customers over the coming months," Joris Evers, spokesman for Netflix, said in a statement.

The firm had agreed a similar deal with Comcast earlier this year.

'Continue to build'

Yahoo said its first two original series will be comedies titled: Other Space and Sin City Saints.

The firm said it has got 500 million streams on Yahoo Screen in the US since it launched its comedy line up on the website seven months ago.

"We are continuing to build our library with universally loved comedy such as Saturday Night Live and Comedy Central," Kathy Savitt, chief marketing officer on Yahoo, said in a statement.

Yahoo said its two original series will also be available to viewers on Apple TV and Roku.

However, the company is likely to face growing competition.

Earlier this month, Amazon agreed a deal with HBO that will allow US customers of its streaming service, Amazon Prime, to watch HBO's TV shows, including The Sopranos.

It is the first time HBO programming has been licensed to an online-only subscription streaming service.

Amazon Instant Video has also announced a series called The After - a post-apocalyptic drama by X-files creator Chris Carter - among other commissions.

Meanwhile, Microsoft is expected to launch two sci-fi series - Halo and Humans - on its Xbox Live service over the coming months.

Sony is developing Powers, a series about detectives investigating people with superhuman abilities, for the PlayStation Network.

23.43 | 0 komentar | Read More

Delay to mobile number bank payments

29 April 2014 Last updated at 09:19

Please turn on JavaScript. Media requires JavaScript to play.

Rory Cellan-Jones takes a closer look at how Paym works

Twenty million bank account holders will have no immediate access to the new Paym mobile payment technology, which officially launches on Tuesday.

Over 5 million - mainly customers of the Nationwide Building Society - will not be able to use the system fully until 2015.

The technology allows people to pay or receive money using a phone number, but without giving out their bank details.

All account holders need to do is to share the number of their mobile phone.

However around 30m customers of banks including Barclays, Bank of Scotland, Halifax, HSBC, Lloyds, Santander or TSB will now be able to use the service, as soon as they have registered their mobile number with their bank.

Continue reading the main story

• Register your mobile number with your bank
• Use payments app to select friend's mobile number
• Confirm recipient, then press 'send'
• You can send up to £250 a day
• You still receive money, even if your phone is switched off
• No need to give out sort code and account number

They will be able to send up to £250 a day on their mobile phones through Paym, although some banks offer a higher limit.

Computer problems

Customers of RBS, NatWest, Ulster Bank, First Direct, Clydesdale and Yorkshire banks will be able to join the scheme later this year.

The RBS group has over 13m current account holders, and First Direct has 1.2m.

However those with current accounts at the Nationwide will not be able to make payments until next year.

Other banks, including Metro Bank and some of the smaller building societies, have not set a timetable for joining the scheme.

RBS, whose customers have faced a series of computer problems over the last year, said it was giving priority to improving its IT systems.

"We are prioritising the volume of system changes we are making to ensure we can deliver the best service to our customers. ," said an RBS and NatWest spokesperson.

The reluctance of some banks to be ready for the scheme's launch is not the only problem.

A survey from the market research company Consumer Intelligence suggests only a quarter of customers will be using it.

'Like a balloon'

The survey, conducted earlier this month, claims that 47% of account holders will not be using Paym at all.

Their biggest worry is security.

"It's clear that the banking industry has a job to do educate many of them that mobile payments are a safe and consumer-friendly development," said David Black of Consumer Intelligence.

Others have warned consumers to watch transactions on their accounts very carefully.

"They will need to be vigilant and monitor their accounts to make sure that there is no suspicious activity, as with every advance in banking technology comes a new fraud risk," said Gabriel Hopkins of the from the data consultancy FICO.

"Fraud is like a balloon - if you squeeze it in one place, it bulges somewhere else - so banks need to stay alert and have the highest level of mobile fraud protection for customers," he said.

But the Payments Council, which is running the scheme, insists the technology is perfectly secure.

Customers still have to access their accounts through a banking app, which is password-protected.

Paym is a "safe and easy option", said Adrian Kamellard, the chief executive of the Payments Council.

Account holders can find out more from their bank's website, or by visiting the Paym website.

23.43 | 0 komentar | Read More

Microsoft must release overseas data

29 April 2014 Last updated at 10:18

A judge in the US has ordered Microsoft to hand over a customer's emails, even though the data is held in Ireland.

The company had attempted to challenge the search warrant on the basis that the information was stored exclusively on computer servers outside the US.

Microsoft previously said it planned to offer business and government clients control over where their data resided.

This followed concerns about data privacy raised by whistleblower Edward Snowden's leaks about US spying.

But the ruling potentially undermines that pledge.

The judge said warrants for online data were different to other warrants.

The search warrant, which was issued to Microsoft by US authorities, sought information associated with a member of the public's email account including their name, credit card details and contents of all messages.

Microsoft said it would continue to oppose the release of the Dublin-stored data.

"This is the first step toward getting this issue in front of courts that have the authority to correct the government's longstanding views on the application of search warrants to content stored digitally outside the United States," it said.

'Government disagrees'

Judge James Francis in New York said that this was true for "traditional" warrants but not for those seeking online content, which are governed by federal law under the Stored Communications Act.

He said the warrant should be treated more like a subpoena for documents. Anyone issued with a subpoena by the US must provide the information sought, no matter where it was held, he said.

Law enforcement efforts would be seriously impeded and the burden on the government would be substantial if they had to co-ordinate with foreign governments to obtain this sort of information from internet service providers such as Microsoft and Google, Judge Francis said.

In a blog post, Microsoft's deputy general counsel, David Howard, said: "A US prosecutor cannot obtain a US warrant to search someone's home located in another country, just as another country's prosecutor cannot obtain a court order in her home country to conduct a search in the United States.

"We think the same rules should apply in the online world, but the government disagrees."

A new data-protection law, currently being drafted by the European Union, aims to make sure companies no longer share European citizens' data with authorities of another country, unless explicitly allowed by EU law or an international treaty.

In response to the ruling in the US, Mina Andreeva, European Commission spokeswoman for justice, fundamental rights and citizenship, told the BBC: "The commission's position is that this data should not be directly accessed by or transferred to US law enforcement authorities outside formal channels of co-operation, such as the mutual legal assistance agreements or sectoral EU-US agreements authorising such transfers.

"Access by other means should be excluded, unless it takes place in clearly defined, exceptional and judicially reviewable situations."

Ms Andreeva also said that "the European Parliament reinforced the principle that companies operating on the European market need to respect the European data protection rules - even if they are located in the US."

Earlier this year German Chancellor Angela Merkel proposed building up a European communications network to help improve data protection and avoid emails and other data automatically passing through the United States.

Both of these actions were prompted by allegations of mass surveillance by the US National Security Agency.

Microsoft is hoping for a review of the decision from a federal district judge.

23.43 | 0 komentar | Read More

Tablets drive over-65s' web use rise

29 April 2014 Last updated at 16:17

Tablet computers are behind a swift rise in people aged 65 and over using the internet, a survey suggests.

Drawn up by Ofcom, the annual survey looks at the way UK adults use media and technology.

It indicates in the past 12 months the percentage of older people going online rose by more than a quarter to 42%.

The study also suggests that half of the apps that people download to their phones are redundant because they are used so infrequently.

Old apps

The growing use of the net among pensioners had been driven by their surging tablet use, said Ofcom.

In 2013, 17% of people in the 65-and-over category had used a tablet for their web browsing, it said. In 2012, tablet use in this group stood at just 5%.

Despite this increase, the oldest group of people spend the least amount of time online of any adult age group. On average, according to Ofcom, those over 65 spend nine hours 12 minutes online every week. By contrast those aged 16-24 devote about 24 hours each week to online activities.

The rise in web use amongst the elderly has driven net use among all adults to 83%, said Ofcom. Also contributing to this rise was greater web use among those 25-34 and 45-54.

Adults are using a wide variety of gadgets to go online, the survey suggests, with desktop computers, laptops and netbooks used by 78% of those questioned. Smaller percentages also used tablets (30%) and smartphones (59%).

The greater use of smartphones has led to the rise of a huge swathe of what Ofcom dubbed "redundant apps".

On average, the survey suggests, smartphone users have 23 separate apps installed but make regular use of only 10 of them.

Apps on smartphones tended to be used to read news, watch videos or listen to music. By contrast, web browsing programs were respondents' preferred choice for shopping or searching out information.

23.43 | 0 komentar | Read More