Qualcomm Has No Plans To Split

US chipmaker Qualcomm has told the world that it will not be dumping its “essentially useless chip making” business.

Hedge fund Jana Partners said in April that Qualcomm would make a pile more dosh if it just stuck to being a patent troll and stopped trying to flog “essentially worthless” chips.

Apparently Qualcomm thought about it. Executive Chairman Paul Jacobs the idea has been talked about for a long time, but came to the conclusion that the status quo contained a lot more “synergies.” Apparently synergies are a good thing to have about the place, particularly if you have a breeding pair.

Jacobs was less optimistic about Jana Partners’ idea which was apparently full of dis-synergies which might eat the synergies – or just diss them in public.

Executive Chairman Paul Jacobs said all this intensifying industry competition was not enough to spin off his chip business from its patent-licensing business.

Jacobs said, however, that the company is always evaluating its options and that the situation could change in the future, so maybe there a future for a Qualcomm troll walloping other companies with dis-synergies.

Source

Cisco Warns Of Bug In Virtual App

Cisco has warned of a default Secure Shell vulnerability in three of its virtual applications.

The flaw could allow attackers to decrypt traffic exchanged in the services, and has been detailed in a Cisco security advisory.

It affects Cisco’s Web Security Virtual Appliance (SMAv), Email Security Virtual Appliance and Security Management Virtual Appliance, which are already commercially available.

Cisco said that it “is not aware of any public announcements or malicious use of the vulnerabilities”, but warned that attackers who got hold of the private keys could decrypt communications with a man-in-the-middle attack.

The default private encryption keys were preinstalled on all three of the products, a move which is considered bad security practice.

“Successfully exploiting this vulnerability on Cisco SMAv allows an attacker to decrypt communication toward SMAv, impersonate SMAv, and send altered data to a configured content appliance,” the advisory said.

“An attacker can exploit this vulnerability on a communication link toward any content security appliance that was ever managed by any SMAv.”

Cisco has released a patch which deletes the preinstalled SSH keys and explains how customers can correct the problem.

The Cisco-sa-20150625-ironport SSH Keys Vulnerability Fix comes as part of several product upgrades, and must be manually installed from a command line interface.

Cisco’s advisory said that the patch is not required for physical hardware appliances, or for virtual appliance downloads or upgrades after 25 June.

Cisco revealed details of a new point of sale attack earlier this year that could part firms from money and customers from personal data.

The threat, called PoSeidon by the Cisco team, came at a time when eyes were on security breaches at firms like Target.

Cisco said in a blog post that PoSeidon is a threat that has the ability to breach machines and scrape them for credit card information.

Source

Qualcomm Strengthens IoT Lineup

Qualcomm is wedging its foot more firmly in the Internet of Things (IoT) door by announcing a range of moves to secure its position in the market.

The first announcement sees the firm expanding its Internet of Everything (IoE) platform with the addition of six new ecosystem providers: Ayla Networks, Exosite, Kii, Proximetry, Temboo and Xively by LogMeIn.

“This will further simplify the development of devices that use WiFi to connect to the IoE by increasing cloud service flexibility and making these solutions available in a broader global reach,” Qualcomm said.

Qualcomm has also introduced two connectivity solutions, the QCA401x and QCA4531, which bring WiFi capabilities to connect products across development platforms and “give customers an expedited and cost-effective path to deployment”.

The QCA401x is designed to ease manufacturer demand for increased computing and memory while lowering size, cost and power consumption, Qualcomm said.

It features a fully integrated micro controller unit with up to 800KB of on-chip memory and an expanded set of interfaces to directly interconnect with sensors, display and actuators, further reducing system cost, size and complexity.

The QCA401x also includes a suite of communication protocols including Wi-Fi, IPv6, and HTTP, as well as an advanced security feature designed to maximise security in IoT devices.

The QCA4531 is a low-cost turnkey solution that brings high-performance connectivity with a user-programmable Linux/OpenWRT environment.

It is designed to serve as an IoT node taking advantage of the Linux framework and as a hub to enable an IoT Ecosystem.

“As the [IoT] ecosystem expands, the QCA4531 is ideal for multi-protocol bridging and communication, bringing together multiple wireless medium and bridging between different ecosystems,” said Qualcomm.

The QCA4531 can function as an Access Point supporting up to 16 simultaneous devices, and is also power-optimised to enable appliances to meet international standards for energy efficiency.

The firm also banged on about the development of its subsidiaries Qualcomm Technologies, Qualcomm Atheros, Qualcomm Life, and Qualcomm Connected Experiences, and their progress across its range of IoT technologies.

Broadly, this includes an increased focus on providing better connectivity in the smart home with the AllSeen Alliance, as well as the development of more wearables in more countries, deploying more connected cars, more active engagements in smart city developments and partnering with more customers for connected healthcare.

“Driven by the significant growth and diversity of interconnected devices, Qualcomm companies are delivering the solutions and collaborating with technology leaders to empower manufacturers to create the best connected experiences in homes, businesses, cars and cities,” the firm said.

Qualcomm also announced additional features in its AllPlay smart media platform, including Bluetooth to WiFi re-streaming, custom audio settings and optimised synchronisation. The new AllPlay feature combines Bluetooth and WiFi for “whole home streaming”.

This means that all local or cloud-based music on a consumer’s smartphone can be streamed to any Bluetooth-compatible AllPlay speaker and then re-streamed over WiFi to multiple AllPlay speakers, all in sync.

This allows simple wireless connectivity to individual speakers or an entire home audio system over the user’s existing home WiFi network, providing an advantage over Bluetooth-only speakers which are limited to one-to-one streaming.

“The range and capacity of WiFi, coupled with the ubiquity of Bluetooth, is a game-changing combination for manufacturers and consumers alike,” said Sy Choudhury, senior director of product management at Qualcomm.

“AllPlay device manufacturers like Hitachi and Monster can now offer their customers more connectivity options and access to myriad streaming services throughout their home with this new capability.”

Qualcomm announced last month that it has teamed up with Dutch semiconductor maker NXP to bolster its near field communication offering, expanding the technology outside the smartphone and into IoT devices.

NXP’s embedded secure element will be integrated across Qualcomm’s Snapdragon 800, 600, 400 and 200 processor-based platforms.

The new offering features a module variant derived from the recently launched NXP PN66T NQ220 module, now named the NQ220.

Source

USAA Exploring Bitcoins

USAA, a San Antonio, Texas-based financial institution serving current and former members of the military, is researching the underlying technology behind the digital currency bitcoin to help make its operations more efficient, a company executive said.

Alex Marquez, managing director of corporate development at USAA, said in an interview that the company and its banking, insurance, and investment management subsidiaries hoped the “blockchain” technology could help decentralize its operations such as the back office.

He said USAA had a large team researching the potential of the blockchain, an open ledger of a digital currency’s transactions, viewed as bitcoin’s main technological innovation. It lets users make payments anonymously, instantly, and without government regulation.

The blockchain ledger is accessible to all users of bitcoin, a virtual currency created through a computer “mining” process that uses millions of calculations. Bitcoin has no ties to a central bank and is viewed as an alternative to paying for goods and services with credit cards.

“We have serious interest in the blockchain and we think the technology would have an impact on the organization,” said Marquez. “The fact that we have such a large group of people working on this shows how serious we are about the potential of this technology.”

USAA, which provides banking, insurance and other products to 10.7 million current or former members of the military, owns and manages assets of about $213 billion.

Marquez said USAA had no plans to dabble in the bitcoin as a currency. Its foray into the blockchain reflects a trend among banking institutions trying to integrate bitcoin technology into their systems. BNY Mellon and UBS have announced initiatives to explore the blockchain technology.

Most large banks are testing the blockchain internally, said David Johnston, managing director at Dapps Venture Fund in San Antonio, Texas. “All of the banks are going through that process of trying to understand how this technology is going to evolve.”

“I would say that by the end of the year, most will have solidified a blockchain technology strategy, how the bank is going to implement and how it will move the technology forward.”

USAA is still in early stages of its research and has yet to identify how it will implement the technology.

In January this year, USAA invested in Coinbase, the biggest bitcoin company, which runs a host of services, including an exchange and a wallet, which is how bitcoins are stored by users online.

Source

RadioShack Plans To Sell Customer Data

RadioShack plans to keep moving forward with its plan to sell its customer data, despite opposition from a number of states.

The company has asked a bankruptcy court for approval for a second auction of its assets, which includes the consumer data.

The state of Texas, which is leading the action by the states, opposed the sale of personally identifiable information (PII), citing the online and in-store privacy policies of the bankrupt consumer electronics retailer.

The state claimed that it found from a RadioShack deposition that the personal information of 117 million customers could be involved. But it learned later from testimony in court that the number of customer files offered for sale might be reduced to around 67 million.

In the first round of the sale, RadioShack sold about 1,700 stores to hedge fund Standard General, which entered into an agreement to set up 1,435 of these as co-branded stores with wireless operator Sprint. Some other assets were also sold in the auction.

The sale of customer data, including PII, was withdrawn from the previous auction, though RadioShack did not rule out that it could be put up for sale at a later date.

The case could have privacy implications for the tech industry as it could set a precedent, for example, for large Internet companies holding consumer data, if they happen to go bankrupt.

Texas has asked the U.S. Bankruptcy Court for the District of Delaware for a case management order to ensure that in any motion for sale of the PII, RadioShack should be required to provide information on the kind of personal data that is up for sale and the number of customers that will be affected.

On Monday, Texas asked the court that its motion be heard ahead of RadioShack’s motion for approval to auction more assets.

The court had ordered in March the appointment of a consumer privacy ombudsman in connection with the potential sale of the consumer data including PII. RadioShack said in a filing Friday that it intends to continue working with the ombudsman and the states with regard to any potential sale of PII, but did not provide details.

Source

Medical Data Becoming Valuable To Hackers

The personal information stored in health care records fetches increasingly impressive sums on underground markets, making any company that stores such data a very attractive target for attackers.

“Hackers will go after anyone with health care information,” said John Pescatore, director of emerging security trends at the SANS Institute, adding that in recent years hackers have increasingly set their sights on EHRs (electronic health records).

With medical data, “there’s a bunch of ways you can turn that into cash,” he said. For example, Social Security numbers and mailing addresses can be used to apply for credit cards or get around corporate antifraud measures.

This could explain why attackers have recently targeted U.S. health insurance providers. Last Tuesday, Premera Blue Cross disclosed that the personal details of 11 million customers had been exposed in a hack that was discovered in January. Last month, Anthem, another health insurance provider, said that 78.8 million customer and employee records were accessed in an attack.

Both attacks exposed similar data, including names, Social Security numbers, birth dates, telephone numbers, member identification numbers, email addresses and mailing addresses. In the Premera breach, medical claims information was also accessed.

If the attackers try to monetize this information, the payout could prove lucrative.

Credentials that include Social Security numbers can sell for a couple of hundred dollars since the data’s lifetime is much longer compared to pilfered credit card numbers, said Matt Little, vice president of product development at PKWARE, an encryption software company with clients that include health care providers. Credit card numbers, which go for a few dollars, tend to work only for a handful of days after being reported stolen.

Source

Samsung Buys LoopPay

Samsung Electronics Co Ltd has acquired U.S. mobile wallet startup LoopPay, signaling its intention to launch a smartphone payments service to compete with rival Apple Inc.

Mobile payments have been slow to catch on in the United States and elsewhere, despite strong backing. Apple, Google, and eBay Inc’s PayPal have all launched services to allow users to pay in stores via smartphones.

The weak uptake is partly because many retailers have been reluctant to adopt the hardware and software infrastructure required for these new mobile payment options to work. These services also fail to offer much more convenience than simply swiping a credit card, Samsung executives said on Wednesday.

LoopPay’s technology differs because it works off existing magnetic-stripe card readers at checkout, changing them into contactless receivers, they said. About 90 percent of checkout counters already support magnetic swiping.

“If you can’t solve the problem of merchant acceptance…, of being able to use the vast majority of your cards, then it can’t really be your wallet,” said David Eun, head of Samsung’s Global Innovation Center.

Injong Rhee, who is leading Samsung’s as-yet-unannounced payments project, said the Asian giant will soon reveal more details of its envisioned service. He would not be drawn on speculation the company may do so during the Mobile World Congress in Barcelona.

He said new phones such as the upcoming, latest Galaxy would support the service.

Apple Pay, launched in September, allows iPhone users to pay at the tap of a button. Executives have lauded its rapid rollout so far, including the fact that more than 2,000 banks now support it and the U.S. government will accept Apple Pay later this year.

But Apple Pay requires retailers to install near-field communication and some have been reluctant. In addition, many retailers such as Wal-Mart Stores Inc and CVS Health Corp, back their own system, CurrentC.

Samsung had invested in LoopPay, along with Visa Inc and Synchrony Financial, before its acquisition. Terms of the deal, which Samsung negotiated over several months, were not disclosed.

It’s unclear how else Samsung could differentiate its service versus Apple’s or other rivals.

Source

Can The USPS Win At E-commerce?

Dealing with a decline in the mail it has been delivering since the days of America’s Revolutionary War, in 2012 the U.S. Postal Service began aggressively targeting e-commerce and lapsed customers as the way to salvage its slumping business.

“Really it started almost at the level of cold-calling, talking to people who really hadn’t spoken to us in a long time,” said Nagisa Manabe, who joined the USPS in May 2012 as chief marketing and sales officer from Coca-Cola Co after a career in the private sector. “And really trying to persuade them to consider us as a very viable alternative in the shipping market.”

With further drops in its traditional bread-and-butter products ahead, the USPS wants to capitalize on e-commerce, which consulting firm Detroit LLP has predicted should grow 14 percent this holiday season alone. But industry experts question whether the USPS has enough space in its delivery vans and whether its unionized work force can handle a greater proportion of the e-commerce market.

Over the past two years the USPS has rolled out real-time scanning for packages, a vital tool for online retailers and consumers alike to track their packages. It is also upgrading all of its delivery workers’ handheld scanners.

The rise of the Internet has taken a heavy toll on first-class mail, the USPS’s most profitable product. That falling business played a significant role in the USPS’s fiscal 2014 loss of $5.5 billion, its eighth consecutive year in the red.

From 2009 to 2013, the volume of first-class mail deliveries dropped more than 20 percent. In the fiscal year ending Sept. 30, USPS deliveries declined to 155.4 billion pieces from 158.2 billion. First-class deliveries accounted for 2.2 billion pieces of that decline.

But package deliveries rose to more than 4 billion pieces from 3.7 billion, accounting for $1.1 billion of the USPS’s revenue growth of $1.9 billion. In the run-up to Christmas, the USPS has been doing Sunday deliveries for Amazon.com Inc in a number of cities. Manabe adds that the agency will handle the online retailer’s push into same-day and next-day deliveries “in many markets.”

EBay Inc is another major customer and Manabe says “pretty much anyone who’s in the e-commerce space at least does some volume with us.”

Source

Yet Another Retailer System Hacked

Women’s clothing retailer Bebe Stores has become the latest in a growing list of national retailers to be hit by an attack on its credit card payment system.

The company said Friday that the cardholder name, account number, expiration date, and verification code could have been stolen by hackers who apparently had access to the company’s payment processing system between Nov. 8 and 26.

The incident came to light in late November when Bebe said it noticed suspicious activity on computers that operate the payment processing system. Stores affected were the roughly 200 it operates in the U.S., Puerto Rico and the U.S. Virgin Islands.

“If you used a payment card at a U.S., Puerto Rico or U.S. Virgin Islands store during this time frame, you should review your account statements for any unauthorized activity,” it said in a message to customers.

The last couple of years have been bad ones for the safety of credit card data at major U.S. retailers. Millions of credit and debit card numbers have been compromised in breaches at retailers, including Target, Home Depot, PF Chang’s restaurants, Super Valu grocery stores, Neiman Marcus, UPS Store and others.

In many cases, the attacks were targeted at payment processing terminals and used sophisticated malware that stole card details as consumers swiped their cards. Many of the thefts were only discovered after the card numbers appeared for sale on Internet hacking forums.

Such was the case with Bebe Stores. First news of the hack came earlier this week through the closely followed Krebs on Security blog.

Source

Will The Drupal Flaw Be Catastrophic?

The Drupal web content management system has been exposed as having backdoor access that could deliver your site to hackers.

The problem is not particularly new. Drupal warned about it earlier this month, but it still needs tackling as millions of websites may be at risk.

Drupal said that sites running version 7 really ought to have upgraded to 7.32 by now, because not doing so leaves them as open as a torn tea bag.

Initially the alert was about the threat, but the firm has updated its earlier advice and is now warning of in-the-wild attacks.

That earlier advice was about a problem in a database API. “A vulnerability in this API allows an attacker to send specially crafted requests resulting in arbitrary SQL execution,” warned Drupal in a security alert.

“Depending on the content of the requests this can lead to privilege escalation, arbitrary PHP execution, or other attacks. This vulnerability can be exploited by anonymous users.”

More recent information from the firm points users toward the released upgrade, and informs them that attacks started not long after the initial announcement.

“You should proceed under the assumption that every Drupal 7 website was compromised unless updated or patched before Oct 15th, 11pm UTC, that is seven hours after the announcement,” it said, adding that, even when updated, sites will have some cleaning up to do.

“If you have not updated or applied this patch, do so immediately, then continue reading this announcement; updating to version 7.32 or applying the patch fixes the vulnerability but does not fix an already compromised website,” it explains.

“If you find that your site is already patched but you didn’t do it, that can be a symptom that the site was compromised – some attacks have applied the patch as a way to guarantee they are the only attacker in control of the site.”

Gavin Millard, EMEA technical director at Tenable Network Security, advised people to follow Drupal’s advice.

“The so-called ‘Drupageddon’ vulnerability could have easily led to exploitation of any systems running the vulnerable code. With such an easy to exploit flaw, the chance of exfiltration of data or further exploitation are high,” he said.

“For those who have good security controls, reviewing of logs and traffic directed at the sites following the vulnerability being announced and the patch applied is common sense and highly advisable, with appropriate action taken if indicators of compromise are found.

“For those who don’t have such a good level of security or visibility into the logs, the advice from the Drupal team should be heeded. If you don’t know if you were exploited you should assume that you have been.”

Source

« Previous Page — Next Page »