‘Heartbleed bug’ puts Web security at risk as Virus In Protocols Used By 75% Of Servers Leaves Millions Vulnerable To Data Theft
A vulnerability in the OpenSSL program could compromise encryption on much of the Internet, putting passwords and data at risk. Experts say now is not the time for online banking.
A serious bug in security protocols used by over 75% web servers has left millions of internet users vulnerable to snooping and data theft. The bug, which was found in OpenSSL protocol has been dubbed Heartbleed because of how it allows “bleeding of data” from a web server.
Cyber criminals and hackers can exploit the bug to steal information such as private encryption keys, passwords of users, credit card details that users provide during e-commerce transactions and virtually every other piece of data transmitting on the affected website. They can also capture user data like chat logs for snooping.
The risk to private encryption keys is particularly worrisome. “These are the crown jewels… Leaked (private) secret keys allow the attacker to decrypt any past and future traffic to the protected services and to impersonate the service (like a social networking website or an email service) at will,” OpenSSL explained a website set up to inform public about Heartbleed.
While large companies like Google and Facebook, which run their own customized security protocols, are probably safe, Yahoo was among the millions of websites that seem to have been affected. Yahoo officials on Tuesday said that they have taken required measures to secure Yahoo servers against Heartbleed.
The bug is so serious and widespread that Tor Project, which manages the anonymous (and popular) Tor network, has advised web users to go offline for a while. “If you need strong anonymity or privacy on the internet, you might want to stay away from the internet entirely for the next few days while things settle,” it said in a blog post.
Bruce Schneier, a cryptographer and one of the top computer security researchers, called the bug catastrophic. “On the scale of 1 to 10, this is an 11,” he said. Though Heartbleed was discovered on April 7, it had existed for more than two years. “This bug has left large amount of private keys and other secrets exposed to the internet. Considering the long exposure, ease of exploitation and attacks leaving no trace this exposure should be taken seriously,” explained the Heartbleed website.
After the bug was disclosed publicly, thousands of websites have patched and updated their web servers. But given the nature of the bug, large parts of the internet remain vulnerable.
While Heartbleed directly affects web servers, the average web user invariably ends up a victim. In an answer to a question — Am I affected by the bug? — the OpenSSL website notes, “you are likely to be affected either directly or indirectly”. “Your popular social site, your company’s site, commerce site, hobby site, site you install software from or even sites run by your government might be using vulnerable OpenSSL. Many of online services use TLS to both to identify themselves to you and to protect your privacy and transactions,” notes the website.
It is no secret that Facebook CEO Mark Zuckerberg wants to see the whole humanity connected to the web. Unfortunately internet connections are just not available in many places. But Zuckerberg believes he has a solution for this pesky problem.On Thursday, he announced that Internet.org, an organization that Facebook started in partnership with a few other technology companies, is experimenting with drones that are capable of beaming internet in an area from the sky. “In our effort to connect the whole world with Internet.org, we’ve been working on ways to beam internet to people from the sky,” Zuckerberg wrote on Facebook.
“Our team has many of the world’s leading experts in aerospace and communications technology, including from Nasa’s Jet Propulsion Lab and Ames Research Center. Today we are also bringing on key members of the team from Ascenta, a small UKbased company whose founders created early versions of Zephyr, which became the world’s longest flying solar-powered unmanned aircraft. They will join our team working on connectivity aircraft.”
Internet.org was launched last year with an aim to bring down the cost of internet connectivity across the world so that more people can connect to the web and utilize web services. Last month at Mobile World Congress, Zuckerberg revealed that Internet.org was working with several telecom operators across the world to reduce the cost of internet connectivity.
Facebook on Thursday revealed that the team exploring various methods to beam internet from sky is part of Connectivity Lab, a new department within Internet.org. It is exploring various options. A solar-powered drone is one option.
“For suburban areas in limited geographical regions, we’ve been working on solar-powered high altitude, long endurance aircraft that can stay aloft for months, be quickly deployed and deliver reliable internet connections,” Internet.org noted in a statement posted on its website. “For lower-density areas, low-Earth orbit and geosynchronous satellites can beam internet access to the ground.” In both cases, the internet connection will be beamed through free-space optical communication, which makes use of “light to transmit data through space using invisible, infrared laser beams”. “Free-space optical communication is a promising technology that potentially allows us to dramatically boost the speed of internet connections provided by satellites and drones,” noted Internet.org.
In his attempts to beam internet from sky, Zuckerberg is not alone. Larry Page and Sergei Brin, co-founders of Google, are also interested in connecting more people to the web. Last year Google announced Project Loon that intends to use high-altitude balloons to deliver fast internet in remote areas. Explaining Project Loon, Google says, “Project Loon balloons float in the stratosphere, twice as high as airplanes and the weather. People can connect to the balloon network using a special internet antenna attached to their building.” Google had earlier experimented with Project Loon balloons in New Zealand. The company is now testing these balloons in California.
A few days back Google released an Android software developer kit for wearables in a move that should lead to smartwatch and other gear. What remains to be seen is how well Android can adapt to the small screen.
In an announcement that came at the SXSW Sundar Pichai, who heads Google Chrome and Android efforts said he wants to connect to a bevy of sensors and wearables with Android. Google’s Android is already moving into automobiles. Android has proved it can move to larger screens. From the smartphone, Android has hit tablets, TVs and even PCs. However, the small screen may be trickier—assuming some of these wearables and sensor-first devices even have screens. Here’s a look at Android’s key challenges as they relate to the wearable market:
1. Wearable computing operating systems need to be silently working in the background – effortlessly and elegantly. Android’s Achilles Heel is the working in the background bit.
2. The Wearables ecosystem is a smarter one having learnt its lessons from Smartphones. Already Intel and Samsung have upped their game and presence. OEMs this time may not want to play all of it into one corner.Android means a race to the bottom for hardware makers.
3. Its hard to be one OS for all screens – the OS must have to be lightened considerably especially for wearables. Android could simply be too bulky to be useful in wearable computing.
4. Apps for the wearables will need a serious rethink – especially in the sense that these may not be visible apps or may have to pair devices in groups for serious activity
5. There’s a bit of unease about Google and data. Android in a smartwatch seems like a no brainer since the device to date is merely an extension of the smartphone. However,users may be wary of sharing vital signs with Google and may not want ads and pitches via a wearable. Google is all about the ads and wearable computing can make pitches a bit more freaky.
Sooner than later, these challenges will be overcome by Google, but I’ve been in the tech industry long enough to know that retrofits and alternates don’t always fly. Adapting Android to wearable computing is likely to be harder than it appears on the whiteboard.
A $60mn acquisition to bring internet to everyone, everywhere. Mark Zuckerberg has his sights set on his ambitious Internet.org and is busying himself delivering internet in the remotest places on earth. To do this and more Zuckerberg is reportedly buying out a manufacturer of drones, Titan Aerospace.
Titan’s drones, which resemble solar-powered airplanes, are designed to fly as high as 65,000 feet and stay aloft for as long as five years — essentially functioning like cheap satellites. They could blanket large areas with wireless Internet signals, although the signals would be slower and unable to handle as much data as land-based Internet connections. For remote places like rural Africa, they would be enough to provide at least rudimentary access to the Internet through mobile phones.
Facebook would have to overcome lots of technical and legal problems before a global Facenet would be a reality. But the idea would allow the social network to one-up its rival, Google, which has its own far-fetched plan to extend the Internet to far-flung places via a network of balloons. And it is a lot closer to reality than Amazon’s idea of drones that will deliver packages.
For once it is nice to see drones connecting rather than decimating indiscriminately with Hellfire missiles…
As for Zuckerberg, the nay-sayers and skeptics see another grand vision of taking control of user personal data (this thought has taken serious roots with the $19bn acquistion of WhatsApp)
Highlights from the Gartner Report
1. The worldwide sales of tablets to end users reached 195.4 million units in 2013, a 68 percent increase on 2012
2. This is fuelled by an improved quality of smaller low-cost tablets from branded vendors and white-box products continued to grow in emerging markets
3. The emerging markets recorded growth of 145 percent in 2013, while mature markets grew 31 percent.
4. Around 121 million Android tablets were sold worldwide in 2013, up from 53 million in 2012.
5. Android surpasses Apple iOS in tablet market. Android now holds 62 percent marketshare.
6. Despite Microsoft now acting more rapidly to evolve Windows 8.1, its ecosystem still failed to capture major consumers’ interest on tablets.
7. To compete, Microsoft needs to create compelling ecosystem proposition for consumers and developers across all mobile devices, as tablets and smartphones become key devices for delivering applications and services to users beyond the PC
1. 2013 saw PC shipments contract by 9.8%, the severest on record.
2. The bad news is not over as the category is expected to see another drop of 6.1% in 2014 basis lackluster demand from in developing markets
3. The weak economic environments in emerging markets coupled with significant shifts in device priorities is causing the decline in PC category.
4. Long-term growth in PC shipments is expected to remain just below zero, with shipments in 2018 expected to decline 0.2 percent
China recently allocated TD LTE licenses to its carriers on the 2300MHz band. This is a significant event in the technology life cycle of LTE as TD LTE develops as mainstream standard and is set to massify on the global scale. The debate between TD and FD LTE has hovered around the lines of GSM versus CDMA and the emergence of one technology as the dominant standard. However, with technology and eco-system maturities, TD LTE emergence alongside FD LTE is now seen as a complementing effort and effect. This would create technology inter-operability between TD and FD LTE.
Why is the China LTE launch key to LTE eco-system world over?
China LTE implementation is all about scale – China Mobile for instance has deployed 200K BTSs for the LTE pilot covering 500 million people initially. That’s the size of the whole of Europe put together. The number of 4G base stations is expected to increase to 500K by the end of 2014. In addition, China Mobile is set to offer more than 200 different 4G-compatible handsets this year, including a handset priced at CNY 1,000 ($165) and a number of self-branded 4G devices. Apple’s iPhone portfolio has also recently been made available to China Mobile customers. Similarly, China Telecom plans to launch entry-level 4G smartphones at similar prices to its rival in the first half of the year before introducing mid-range and high-end models before year-end. By this time it expects to have 60,000 4G base stations. In contrast, China Unicom confirmed in December 2013 that although it has been issued a licence for TD-LTE (like its rivals), but it remains focused on running the majority of its 4G network via FDD-LTE – for which it is yet to receive a license. It is likely we will see a rather slower start to the 4G era for China Unicom.
With such large-scale rollouts underway, China Mobile and China Telecom will have the fastest initial 4G migration rates seen outside of South Korea, with close to 10% of their combined total connections migrating to 4G by the end of this year. According to new GSMA Intelligence, take-up of 4G-LTE in China will happen twice as fast as the earlier move to 3G HSPA networks. By contrast, it took twice as long for China Mobile and China Telecom to migrate their 2G customers (on GSM and CDMA2000 1x networks, respectively) on their 3G networks (TD-SCDMA and CDMA2000 EV-DO) following launch. For example, it took China Mobile 14 quarters to migrate 10% of its 2G connections base to 3G, but it will take approximately half that time to reach the same milestone in the move from 3G to 4G. Subscribers are estimated at 900 million 4G connections in the China by the end of 2020, up from around 100 million this year.
It is important to note that FDD and TDD LTE are two flavours of what is essentially the same standard, marking a different situation to when two technology standards (GSM/HSPA and CDMA) were competing for 2G and 3G hegemony. The availability of dual-mode FDD-TDD chipsets help mobile operators running either LTE variant to offer a wider choice of attractive 4G devices. Device manufacturers can therefore generate greater economies of scale given that dual-mode FDD-TDD chipsets remove the need to create multiple variants, serving to lower costs. Currently TD LTE accounts just over one in 40 LTE connections globally. However, China Mobile, China Telecom, Reliance Jio and Airtel could alter these TD LTE subscriber numbers by a wide margin. Even though there could be more instances of FD LTE launches by operators, number of subs on TD LTE networks could outweigh those on FD networks.
Body hacking conjures up images of horror slasher movies (Jason, Freddy) with gruesome and grizzly murders every alternate minute. However body hacking today is a far more engaging activity with more salutary and healthy living effects.
With the advent of the smartphone, many Americans have grown used to the idea of having a computer on their person at all times. Wearable technologies like Google’s Project Glass are narrowing the boundary between us and our devices even further by attaching a computer to a person’s face and integrating the software directly into a user’s field of vision. The paradigm shift is reflected in the names of our dominant operating systems. Gone are Microsoft’s Windows into the digital world, replaced by a union of man and machine: the iPhone or Android.
Body Hacking thus is the union of machines and body – machines as a part & extension of the body and its features, organs that help humans do more efficient or target oriented tasks than was “humanly” possible. Now then, there are different levels of body hacking and this blpog will refer to the casual level of body hacking where in this pursuit is more of a fitness frame than others. Thus Body hacking is about putting a number to everything that is being done.
This includes how much energy is burnt per activity, intensity of workout, how much we eat, depth and patterns in sleep, steps we take, fitness milestones and more. Most of these things can be charted, compared and recorded, shared, challenged, co-worked post quantification. This can be a true motivator to develop new habits and break away from old ones – a tool to re-invent oneself.
Presenting a few relevant options and devices of body hacking relevant and available currently:
At a time when Google steps out of the hardware business, Microsoft steps in. Satya Nadella, Microsoft’s incoming chief executive, faces some urgent questions: Does the Nokia deal still make sense? And how does Microsoft expect to survive, let alone prosper, in a cut throat hardware market where Google is giving up?
Windows and Nokia marriage makes sense in combining hardware, software and appware – but Nadella and Microsoft are 4 years too late. In an email to Microsoft employees on February 4, his first day as chief executive, Nadella said, “Our job is to ensure that Microsoft thrives in a mobile and cloud-first world.” It’s hard to imagine how Microsoft could be “mobile and cloud-first” without mobile. Does mobile necessarily have to be owning a mobile company?
The basic problem with Microsoft is not technology – but choice and the effects of scale. Android had an opportune entry when Smartphones were gathering momentum and Android took the game away from every one – Symbian, Apple, Blackberry and Microsoft. Now with the effects of scale – Android is the best suited for low end smartphones where as others are still planning forays into $50 smartphones. The basic problem for Microsoft is that Android has won the smartphone war. Not withstanding the din of the third eco-system, Android has taken it away. Today Messrs Brin and page are not worried about Android on smartphones, that is a default arrangment – they are looking at Android in Cars, Android in Glasses, Android in the toaster, fridge – Android as the enabler to Internet of things.
That in sense and effect is the crux of Microspoft’s problem – in a post PC world, where devices are increasingly non- enterprise – they have lost their raison d’etre. Google has successfully migrated itself from Search to the OS synonymous with all things internet. Apple is very clearly the best in terms of combining hardware, OS-ware and App-ware. Come to think of it Microsoft is missing a very clear proposition like Google or Apple. It has enterprise, it has cloud, it has search, it has some gaming, it has a mobile OS, it has a hardware company, it has many things – but it doesnt have the ONE BIG THING. The one big thing from which the future roadmap follows – it is key that Mr. Nadella defines that ONE BIG THING – and creates that. So long, Microsoft continues to be a relic of the past – a jack of many spaces, and the master on none.
The fight between the OTT and the operator is all set for the operator to loose. As the Vibers of the world eat into voice revenue and the WhatsApps of the world eat into messaging pie, there is little that the operator can do in the short and medium term to turn the tides. The OTT operators as well have the classic monetization problem – Monetizing an OTT service is easier said than done.
But from the operator perspective, Rich Content suit of solutions is the key – that bridges media, messaging, voice and content – but building this up is a time consuming activity and will require operators to fundamentally redefine the business models for the telecom operators.
One way or the other – short term, medium term and long term- the operators will blled revenues before being able to re-capitulate on their suite of solutions.