Apple sued over security software

21 March 2013 Last updated at 07:27 ET

A Silicon Valley-based software firm, Intertrust Technologies, claims Apple's entire product line infringes security-related patents.

It is suing over the alleged violation of 15 patents, on products including iPhones, iPads, Mac computers, iTunes and App Store.

Intertrust is partly owned by Sony and Philips, and develops security software for digital content.

Apple has not yet issued a comment to the BBC.

It is the latest patent-related case against the technology giant.

"Apple makes many great products that use Intertrust's inventions," said Intertrust's chief executive Talal Shamoon in a statement.

"Our patents are foundational to modern internet security and trusted computing and result from years of internal research and development.

"We find it regrettable that we are forced to seek court assistance to resolve this matter."

Intertrust filed its claim in the US Federal Court in the Northern District of California.

The company is represented by law firm Quinn Emanuel Urquhart & Sullivan - the same one representing Samsung in its patent design suit against Apple.

It is not the first time Intertrust has made a claim against a technology firm over intellectual property. In 2004, it won a $440m (£290m) settlement from Microsoft.

23.52 | 0 komentar | Read More

Internet scanned for security holes

21 March 2013 Last updated at 07:34 ET

A surreptitious scan of the entire internet has revealed millions of printers, webcams and set-top boxes protected only by default passwords.

An anonymous researcher used more than 420,000 of these insecure devices to test the security and responsiveness of other gadgets, in a nine-month survey.

Using custom-written code, they sent out more than four trillion messages.

The net's current addressing scheme accommodates about 4.2 billion devices. Only 1.3 billion addresses responded.

The number of addresses responding was a surprise as the pool of addresses for that scheme has run dry. As a result, the net is currently going through a transition to a new scheme that has a vastly larger pool of addresses available.

The scan found half a million printers, more than one million webcams and lots of other devices, including set-top boxes and modems, that still used the password installed in the factory, letting almost anyone take over that piece of hardware. Often the password was an easy to guess word such as "root" or "admin".

"Whenever you think, 'That shouldn't be on the internet, but will probably be found a few times,' it's there a few hundred thousand times," wrote the un-named researcher in a paper documenting their work.

HD Moore, who carried out a similar survey in 2012, told the Ars Technica news website the results looked "pretty accurate".

He added he had seen malicious hackers exploiting the security failings of these devices to run criminal networks known as botnets that are used to send out spam, mount phishing attacks and bombard websites with deluges of data.

23.52 | 0 komentar | Read More

Google joins digital memo market

21 March 2013 Last updated at 07:41 ET

Anyone who has ever jotted down a note on the back of an envelope and promptly lost it might be interested in Google's latest offering, Keep.

The service allows users to keep checklists and voice notes, and annotate photos.

The digital memo market is a burgeoning one and the offering will put Google head to head with services such as Evernote.

Experts predict that Google might have entered the market a little too late.

Memory aid services are striking a chord with consumers and employees who are increasingly swamped by information.

Current market leader Evernote has 15 million active users.

Microsoft has a similar product - OneNote - and there are smaller rivals such as Springpad and Catch.

Now it seems Google wants a piece of the action.

"Every day we all see, hear or think of things we need to remember. Usually we grab a pad of sticky notes, scribble a reminder and put it on the desk, the fridge or the relevant page of a magazine," said Google software engineer Katherine Kuan in a blog post.

Keep is Google's attempt to turn this ad-hoc notetaking into a more efficient digital service.

"With Keep you can quickly jot ideas down when you think of them and even include checklists and photos to keep track of what's important to you," she added.

The information is stored in Google Drive. Users can also speak memos and Keep transcribes them. And there is a search facility for people to quickly find what they are looking for.

Currently Keep is available only via the web or as an app for phones and tablets running Android 4.0 or above.

'800lb gorilla'

But with little to differentiate it from competitors, some feel Google may struggle to make an impact.

"My gut instinct is that Google may have come too late to this. It has a track record - with cloud services and social networking - of coming too late and struggling to make an impact," said Chris Green, principal technology analyst at Davies Murphy Group.

"But, if anyone can make an impact, it will be Google," he added.

"If there is a 800lb gorilla like Google behind you you are going to be worried. Evernote cannot rest on its laurels but it does have a huge user base and they are not all going to desert it overnight."

Tony Cripps, analyst at research firm Ovum, thinks Google might benefit from the fact that many already use its myriad services.

"If you are a converted Google user it represents a good option. There is a level of convenience about having access to a range of services using one log-in," he said.

"I use Evernote but I'll give this a spin and see if it works for me."

23.52 | 0 komentar | Read More

Hackers attack BBC Twitter accounts

21 March 2013 Last updated at 13:34 ET

Several BBC Twitter accounts, including its weather, Arabic and Radio Ulster feeds were hijacked by a group calling itself Syrian Electronic Army earlier.

A series of tweets about fake weather conditions in Middle Eastern countries began appearing on Thursday afternoon.

The accounts are the latest in a series of large corporate Twitter feeds to have been breached.

The BBC said that it now has control of all three accounts and all inappropriate content has been deleted.

A BBC spokeswoman said: "We apologise to our audiences that this unacceptable material appeared under the BBC's name."

The attacks began in the early afternoon on Thursday. At the same time, BBC staff were alerted to a phishing email that had been sent to some BBC email accounts. It is not yet clear if the two are related.

The email contained a link that if clicked on could expose password details.

The BBC weather Twitter feed, which has 60,000 followers, was among those affected.

Alongside the standard tweets from the weather feed such as "'last night was chilly" some more bizarre comments began emerging.

They included: "Saudi weather station down due to head-on collision with camel."

Another read: "Chaotic weather forecast for Lebanon as the government decides to distance itself from the Milky Way."

The group claiming responsibility has previously spread messages in support of Syrian President Bashar-al-Assad.

The BBC's Arabic and Radio Ulster feeds were also affected.

Faris Couri, BBC Arabic's editor-in-chief said in a statement: "Today at around 11.00GMT, BBC Arabic's twitter account @BBCArabicOnline was hacked. Since then, several pro-Assad news tweets were published by the account.

"We strongly condemn such action and apologise to our audiences," he said.

Social engineering

The attacks on the BBC are the latest in a series of hacks on high-profile Twitter accounts.

Last month Burger King and Chrysler saw their Twitter feeds hijacked while a quarter of a million Twitter users had their passwords stolen.

"The BBC is an obvious place to attack as it a trusted brand and so anyone who wishes to broadcast a message can reach a audience that are likely to pay attention, certainly initially," said Prof Alan Woodward from the department of computing at the University of Surrey.

"The most likely source of the hack is via social engineering - someone managing to elicit the password by fooling the user who keeps the password," he added.

Increasingly experts are now calling for Twitter to step up security and offer two-factor authentication, essentially a disposable, single-use password for its users.

Writing about the hack on his blog, security consultant Graham Cluley said it was unclear how the password had been cracked.

"The good news is that the hack doesn't appear to have been done with the intention of spreading malicious links or scams. Instead, it appears that the Syrian Electronic Army are trying to spread political messages about Syria instead," he said.

"You should always use hard-to-guess, hard-to-crack, unique passwords for your online accounts that you are not using anywhere else on the web."

23.52 | 0 komentar | Read More

BBC commissions iPlayer dramas

22 March 2013 Last updated at 04:49 ET

The BBC has commissioned its first original dramas for its catch-up service iPlayer.

Six short films will be broadcast over the next two years by "up and coming talent" as part of a BBC Three strand.

Some comedy pilots and spin-offs from other shows have previously been screened on iPlayer, including Doctor Who mini-series Pond Life.

However this is the first time original drama programming has been created specifically for the service.

Victoria Jaye, BBC's head of TV online content, said it would help to explore "storytelling outside of a scheduled TV slot or duration".

BBC Three controller Zai Bennett added: "This new drama strand is exactly the kind of venture BBC Three is all about."

A record 272 million iPlayer requests for TV and radio programmes were made in January - up 26% on the previous month thanks to new mobile and tablet devices unwrapped on Christmas Day.

The most popular TV programmes requested include David Attenborough series Africa, Top Gear and Miranda.

Figures from the BBC showed usage of the service has grown some 42% in the 12 months to January 2013.

23.52 | 0 komentar | Read More

S Korea: China hack link 'a mistake'

22 March 2013 Last updated at 06:11 ET

Officials in South Korea say they incorrectly linked a Chinese IP address to a cyber-attack earlier this week.

On Thursday, the Korean Communications Commission said it had traced the attack to an internet address in China, although the identity of those behind the attack could not be confirmed.

But it said further investigation showed the malware came from a local computer in one of the affected banks.

However, officials still believe the attack was orchestrated from abroad.

Wednesday's cyber-attack on six South Korean banks and broadcasters affected 32,000 computers and disrupted banking services.

The apparent link to China had fuelled speculation that North Korea was to blame.

Hackers can route their attacks through addresses in other countries to obscure their identities, and intelligence experts believe that North Korea routinely uses Chinese computer addresses to hide its cyber-attacks.

North Korea has been blamed for previous cyber-attacks on the South in 2009 and 2011.

South Korean officials initially linked the cyber-attack to an IP address in China, but on Friday said they had made a mistake.

Further investigation showed the IP address was in the internal server of Nonghyup bank, one of the victims of Wednesday's attack.

Its IP address "coincidentally matched" a Chinese IP address, the KCC said.

"Malicious code seemed to be spread from the server [of Nonghyup Bank] and there were records of [it] being approached by someone at that time," Lee Jae-il, vice-president of Korea's Internet Security Agency (Kisa), told reporters.

"We're still tracking some dubious IP addresses which are suspected of being based abroad," he said, adding that they were "keeping all kinds of possibilities open".

23.52 | 0 komentar | Read More

Microsoft details data snoopers

22 March 2013 Last updated at 07:03 ET

More than 75,000 requests were made by police forces around the world for data on Microsoft users in 2012.

The figures were revealed in Microsoft's first transparency report which detailed how often police forces sought data to aid investigations.

US police forces topped the list of agencies keen to know who created specific images or other content.

In most cases, Microsoft only handed over basic information such as login names and IP addresses.

The transparency report from Microsoft follows similar efforts by Google, Twitter and others to let users know who is seeking data about what people do online.

The requests covered more than 137,000 accounts on Microsoft's many services including Hotmail, Outlook.com, Xbox Live, Skype and others. It was hard to estimate how many individual users that involved, said Brad Smith, Microsoft's general counsel, in a blogpost, because many people ran lots of separate accounts.

Content control

Only 2.1% of the requests involved Microsoft handing over the content people created. This includes documents or images stored on servers or sent via email as well as copies of messages sent through its services. More than 99% of requests for content data came from US law enforcement agencies.

Most of the other requests were for non-content data such as login names, IP addresses or other low-level identifiers. Police forces in five countries - the US, UK, Turkey, Germany and France - made the bulk of these requests.

Finally, about 18% of requests involved Microsoft handing over no data at all, said the report, either because there was no data to be found or the request was not submitted properly.

"While law enforcement requests for information unquestionably are important... only a tiny percentage of users are potentially affected by them," wrote Mr Smith. He estimated that only 0.02% of its users felt the effect of a police request for data.

Microsoft said it would update the report every six months.

23.52 | 0 komentar | Read More

China starts work on home-grown OS

22 March 2013 Last updated at 07:28 ET

China is working with software firm Canonical on an open-source operating system customised for Chinese users.

The collaboration will produce a version of Canonical's Ubuntu operating system called Kylin which will be released in April.

The deal is part of a five-year plan by China to get more people using open source software.

This software gives people more access to its internal workings so they can modify it themselves.

The first version of Ubuntu Kylin is intended for desktop and laptop computers. As well as using Chinese character sets, Kylin will also do more to support the way Chinese people interact with computers as well as reflect China's date conventions.

Future versions will include tools that let people use popular Chinese web services such as Baidu maps, the Taobao shopping service as well as versions of office programs and image management tools, directly from Ubuntu's main screen.

The code will be created at a laboratory in Beijing staffed by engineers from Canonical as well as several Chinese R&D agencies.

Canonical is also working with the Chinese Ministry of Industry and Information Technology on a version of Kylin that will run on servers so websites, online shops and hosting firms can adopt the software.

The move is widely seen as an attempt by China to wean its IT sector off Western software in favour of more home-grown alternatives.

Ubuntu is based on the Linux operating system and its development and use is governed by an open ethic that emphasises the sharing of core computer code. It stands in contrast to the closed or proprietary systems of Microsoft and Apple who restrict access to the core or source code for their operating systems.

23.52 | 0 komentar | Read More

'Sexist joke' whistle-blower fired

22 March 2013 Last updated at 08:18 ET By Zoe Kleinman Technology reporter, BBC News

A woman who was offended by an exchange between two men at the US PyCon developer conference and tweeted their photo has been fired.

Adria Richards was near two delegates who joked about "big dongles" and used a technical term - forking repos - in what she felt was a sexual way.

She complained to the conference organisers and one of the men was fired by his company, a sponsor of the event.

Ms Richards has since faced a barrage of online abuse for her actions.

She has received death threats and her website was attacked by hacking collective Anonymous.

Ms Richards, a former "development evangelist" at SendGrid, has also now lost her job.

'Crossed the line'

"A SendGrid developer evangelist's responsibility is to build and strengthen our developer community across the globe," wrote SendGrid chief executive Jim Franklin in a blog post.

"In light of the events over the last 48+ hours, it has become obvious that (Adria's) actions have strongly divided the same community she was supposed to unite. As a result, she can no longer be effective in her role at SendGrid.

"Her decision to tweet the comments and photographs of the people who made the comments crossed the line."

Ms Richards claims she decided to take action after seeing pictures of young female coders displayed at the conference and felt they would be put off joining the industry if such behaviour continued.

"Women in technology need consistent messaging from birth through retirement they are welcome, competent and valued in the industry," she wrote on her blog.

"Everyone must take personal accountability and speak up when they hear something that isn't OK. It takes three words to make a difference: 'That's not cool'."

'Forking'

"Forking a repo" is a term used by developers to mean using somebody else's project as a starting point for your own.

Ms Richards also pointed out that PyCon's own code of conduct states that "sexist, racist, or exclusionary jokes are not appropriate for PyCon".

The man who was fired worked at PlayHaven. Its chief executive Andy Yang wrote in a blog post that a "thorough investigation" had been carried out before the decision was made to terminate his employment.

Someone claiming to be the man in question apologised in online forum Hacker News for any offence caused but denied saying anything inappropriate about "forking".

"While I did make a big dongle joke about a fictional piece of hardware that identified as male, no sexual jokes were made about forking," he wrote.

"My friends and I had decided forking someone's repo is a new form of flattery (the highest form being implementation) and we were excited about one of the presenter's projects; a friend said 'I would fork that guys repo'.

"The sexual context was applied by Adria, and not us.

"Let this serve as a message to everyone, our actions and words, big or small, can have a serious impact," he added, also saying that he has now lost the job he liked and has three children to support.

Equality

Ms Richards has received criticism from both men and women about her actions.

"What you did reflects poorly on all of us women, but even worse on humankind," wrote Malia Stubben on Adria Richards' blog.

"How can you be so offensive in the name of equality? I thought programmers were logical," wrote Joshua Jones.

Others have been supportive.

"They didn't lose their jobs because of Adria Richards, they lost their jobs because of unprofessional actions reflecting badly on their employers," wrote Jake.

"You inspire me to speak out against inappropriate behaviour in the moment," wrote Jessica Keyes.

23.52 | 0 komentar | Read More

Blizzard reveals trading card game

22 March 2013 Last updated at 12:04 ET

Blizzard has taken the wraps off the new video game it has been developing - a collectable card game.

Called Hearthstone: Heroes of Warcraft, the duelling game is based around cards players gather.

The game will be free to play in that people can earn cards by playing, but they will advance faster by buying cards in stores.

Blizzard said Hearthstone was going through internal testing but would be released before the end of 2013.

Cards in the game are based around characters, spells and artefacts from Blizzard's Warcraft world to make them immediately familiar to players, said Rob Pardo, Blizzard chief executive during a presentation about Hearthstone at the Pax East gaming convention. Packs of five cards would cost about $1 (60p) each, he said.

Cards bought in stores are replicated in the online game in which people duel with other players calling on weapons, spells and followers to help defeat an opponent.

Duplicate cards can be converted online into "arcane dust" that can be stockpiled and then used to craft the rare cards players need to do better in duels.

Currently, there is no direct connection between World of Warcraft and the Hearthstone game. However, people will need a Blizzard Battlenet account to play the card game. It will be playable on PCs, Macs and on Apple tablets.

Hearthstone could face competition from game studio Mojang which is developing a similar game called Scrolls. In addition, there are many other well-established collectable card video games such as Duel of the Planeswalkers.

Olivia Grace, a contributing editor at online gaming site Wow Insider, said the game was "definitely not" what she and other keen gamers were expecting,

"This is something of a surprise, yes, and it's not that remarkable that there have been feelings of disappointment," she told the BBC.

Despite this, she said, Hearthstone looked well put together.

"The microtransaction-based free-to-play business model is a new endeavour for Blizzard, and hopefully they'll execute it well," she added. "Also, given the existence of the WoW Trading Card Game, it'll be interesting to see whether there's any incorporation of the TCG into this new one."

23.52 | 0 komentar | Read More