Posts

Hacker thrown in jail for reporting police system security flaws

Image
Summary:The sentence probably wasn't quite the reward he was looking for. A hacker has been awarded a suspended sentence for disclosing security vulnerabilities in a Slovenian police system. The student, 26-year-old Dejan Ornig, studied the Tetra police communication system and through his study found that the system contained security vulnerabilities due to incorrect configuration settings, among other issues. Between 2012 and 2014, Ornig, alongside colleagues, discovered that Tetra did not always encrypt communication sent through the protocol. As Tetra is used by the military, the Slovenian Intelligence and Security Service and other agencies, a lack of encryption could have serious ramifications for intelligence and the country as a whole. As noted by Security Affairs , the student then disclosed these security issues to law enforcement, but after waiting at least a year, there was no action taken to remedy the flaw...

Google IO: SoftBank, maker of AI Pepper robot, has news for developers

Image
Summary:The Japanese telecom is using its robot to make a big push into the U.S. market When Japanese mobile phone company SoftBank offered 1000 of its emotionally intelligent Pepper robots for the consumer market last summer, the entire run sold out in under a minute. At CES this year, SoftBank announced that IBM would be bringing Watson's artificial intelligence to Pepper, a bid to ready the robot for broad adoption in the home. Now SoftBank is planning to branch into the U.S. At Google IO today, the company announced that it's opening up a new developer portal and adding SDK Android Studio to enable the development of custom applications for Pepper, continuing to evolve it's capabilities ahead of its U.S. launch, which it's planning later this year. "We'll also be announcing the opening of SoftBank's U.S. office, headquartered in San Francisco, which will be driving the efforts surrounding the launch of Pepper in the U.S.,"...

Adobe readies patch for Flash Player zero-day exploit found in attacker toolkits

Image
Summary: We have a wait to become protected against the dangerous exploit, though. Adobe is furiously working on a fix to patch up a vulnerability in Adobe Flash Player which is being actively exploited by cyberattackers to deliver malware. According to a security advisory released by the software giant on Tuesday , the zero-day vulnerability, CVE-2016-4117 , is being used actively to compromise victim PCs. The critical vulnerability affects Windows, Mac, Linux and Chrome operating systems. Adobe says successful exploitation "could cause a crash and potentially allow an attacker to take control of the affected system." However, a patch to fix the problem will not be ready until May 12 as part of Adobe's monthly security update. Discovered by Genwei Jiang from cybersecurity firm FireEye, the exploit is bad news for users who insist on using the ever-vulnerable Adobe Flash Player. The software, which useful for disp...

Microsoft expands bug bounty program

Image
Summary: Researchers have a fresh target to explore for vulnerabilities with rewards reaching up to $15,000.   Microsoft has expanded its bug bounty program to include the Nano Server installation option of Windows Server 2016 Technical Preview 5. The expansion of Microsoft's bug bounty program , now includes the Nano Server -- the remotely administered, headless installation option of the server operating system. As a technical preview, the installation option is focused on acting as a host for computer and/or storage clusters and as a lightweight operating system in a virtual machine (VM) or container for cloud applications. Microsoft says that vulnerabilities found within this release must be original and able to be reproduced to be eligible for the new vulnerability disclosure program. The tech giant is particularly interested in remote code execution vulnerabilities, privilege escalation and remote unauthenticated d...

Google launching in-house startup incubator called 'Area 120'

Image
Summary: Google's new incubator could help it keep talent by providing new business plans with funding, but is it enough? Google headquarters Alphabet-owned Google is working to launch an in-house startup incubator that could prevent top tech talent from leaving to budding companies in Silicon Valley, according to a report from The Information. The startup incubator will be called " Area 120 ," and will be lead by Don Harrison and Bradley Horowitz. Employee's teams will be accepted into the program based on their business plans, where they can accept outside funding for their project or create a company under Google. The move would allow employees to work on Google's "special projects" full time. The company allots employees 20 percent of their work day to new projects, which have formed the beginnings of Gmail and other hit Google services. Retention is a widely discussed issue in the tech...

Police department computers hit by virus attack

Image
Summary: Newark Police Department in New Jersey was forced to spend four days cleaning up after a virus attack. A virus infected computer systems at Newark Police Department in New Jersey last week, taking four days to clean up. The police department said there was no evidence of any sort of data breach and that the attack "did not disrupt the delivery of emergency services to our citizens". "Through the efforts of the city's and the division's IT, as well as assistance from the Essex County Prosecutor's Office, New Jersey State Police and federal authorities, we were quickly able to get the system cleaned and operational in four days," said a police spokesperson . According to one report, the virus temporarily locked down the servers, blocking access to the program used to track and analyze crime data . In accordance to police protocols, Newark reported the breach to the FBI, New Jersey state police, and the county prosecutor...

Hortonworks announces new alliances and releases; Hadoop comes to fork in road

Image
Summary: As its Hadoop Summit Europe event ramps up in Dublin, Hortonworks makes several announcements. Much of the news furthers the schism in the Hadoop space, between Hortonworks' technology and Cloudera's. As Hortonworks' Hadoop Summit event kicks off in Dublin today, the Hadoop distribution vendor has a full slate of announcements. The announcements themselves are substantial and impressive, and I'll cover each of them here. As you read through them, however, keep in mind that they at once highlight and reinforce the idea that the "retail" Hadoop world is becoming split in two -- as Hortonworks and Cloudera each introduce unique components in their distros that often meet corresponding needs and requirements. Announcements, please First off, a bit of a bombshell. Pivotal , which entered the Hadoop distribution race over three years ago, with the introduction of Pivotal HD, will now be reselling Hortonworks Data Platform (HDP) , which...

The Linux Foundation launches Linux-based Civil Infrastructure Platform

Image
Summary: There's the Internet of Things -- DVRs, refrigerators, and cars -- and then there's the Internet of civic things -- electrical power grids, oil and gas production facilities, and highway traffic management. Linux has a role to play in both. The Linux Foundation SAN DIEGO -- The Linux Foundation announced today at the Embedded Linux Conference & OpenIoT Summit a new project: The Civil Infrastructure Platform (CIP). This, an open-source framework, is meant to provide the foundation needed to deliver essential services for civil infrastructure and economic development on a global scale. And what, you ask, is a Civil Infrastructure Platform? According to the CIP FAQ , it's "Any technical systems responsible for supervision, control, and management of infrastructure supporting human activities, including, for example, electric power generation and energy distribution, oil and gas, wa...

Google to Oracle: $9.3bn Android Java damages claim is mad

Image
Summary: Google downplays the importance of Java to Android, to disprove Oracle claims that it's owed $9.3bn in damages. Google has filed a rebuttal to Oracle's claim that it's due $9.3bn in damages for unlicensed use of Java code in Android. Google disputes Oracle's claim that the Java APIs got app developers on board with Android early. Google says its own damages expert "strongly disagrees" with the financial relief Oracle has demanded, ahead of the companies' May district court retrial over claims that 37 Java SE application protocol interfaces in Android infringed Oracle's copyright. Oracle has argued that the Java APIs were necessary to get app developers on board with Android early, which helped Google net billions in profits through app sales and mobile advertising. Oracle's damages expert estimated that Google has made $8.8bn in "profits apportioned to infringed Java copyrights" and that those profits should ...

Supreme Court to weigh in on Samsung vs Apple patent fight

Image
Summary: Years in the making, the Supreme Court has agreed to listen to Samsung's appeal of Apple's design patent awards. At first it looked like Apple won its design patent wars over Samsung. As time went on, that "victory" started looking more like a defeat as Samsung won its appeals. Now, Apple is in even more trouble. The Supreme Court of the United States (SCOTUS) has elected to hear Samsung's appeal of the $548-million award lower courts gave Apple. In December 2015, Samsung agreed to pay Apple $548 million in damages over iPhone patents. But Samsung has also claimed "all rights to obtain reimbursement from Apple". So, Samsung appealed this loss to Apple to the Supreme Court . SCOTUS has agreed to address the issue. Specifically, Samsung is asking that the court decide that when a design patent is applied to only a component of a product, the award of infringer's profits should be limited to those profits attributable to the com...