European Union has formally charged Google of abusing its dominant position on the internet search market. According to a Corliss Tech Review Group report, Google has used its gigantic power as a search engine to redirect internet users from rivals to its own services, which include YouTube and its own social network Google+. Expedia, Microsoft, and TripAdvisor, which are Google's competitors, declare that its way of promoting its own companies above rivals on its search engine stops them from contending on a level playing field. Insiders claim the case could prove just as costly as the EU's decade-long battle with Microsoft, which ultimately cost the company £1.6 billion in fines. If Google fails to rebut any formal charges imposed by Brussels, the commission could impose a huge fine which could exceed £4 billion which is about 10% of Google's most recent annual revenue.

Sårbarhed oplysninger vil blive nøje holdt indtil patches er klar, OpenSSL Project sagde.

Sikkerhedsbulletiner for OpenSSL bør ikke anvendes til konkurrencefordel, ifølge projektets udvikling bag komponenten udbredte kryptografi.

Advarslen kommer fra OpenSSL Project, som har offentliggjort for første gang retningslinjerne for hvordan det internt håndterer sikkerhedsproblemer, en del af en løbende indsats for at styrke projektets efter Heartbleed sikkerhed skræmme i April.

Høj sværhedsgrad spørgsmål såsom fjernudførelse af kode effektuering sårbarheder vil blive holdt privat i Openssls udviklingsteam, ideelt for ikke længere end en måned, indtil en ny udgivelse er klar.

Hvis en opdatering er planlagt, en anmeldelse vil blive frigivet på openssl-annoncere e-mail liste, men "ingen yderligere oplysninger om spørgsmålene, der vil blive givet," det sagde.

Nogle organisationer, der udvikler et generelt formål OS, der omfatter OpenSSL vil være prenotified med flere detaljer om patches for at have et par dage til at forberede. Men OpenSSL Project advarede om, at jo flere mennesker, der er meddelt på forhånd "jo højere sandsynligheden for, at en lækage opstår."

"Vi kan tilbagekalde anmeldende individuelle organisationer fra fremtidige prenotifications hvis de lække spørgsmål før de er offentlige eller over tid ikke tilføje værdien (værdien kan tilføjes ved at give feedback, rettelser, testresultater, etc.)," det skrev.

Hvis oplysninger om en sårbarhed lækager, gør det det mere sandsynligt, at hackere kan muligvis finde ud af software fejl og lanceringen angreb før softwareprodukter er lappet.

OpenSSL Project også opmærksom på, at "det ikke er acceptabelt for organisationer at bruge varsel i markedsføringen som en konkurrencefordel. Det objekter, for eksempel, at markedsføring påstande som "Hvis du havde købt vores produkt/brugt vores service, du ville have været beskyttet for en uge siden."

OpenSSL har gennemgået en intens kode anmeldelse, da Heartbleed sårbarhed blev opdaget i April. Fejlen ramt tusindvis af hjemmesider over hele internettet og mange softwareprogrammer.

OpenSSL er en kryptografisk bibliotek, der giver mulighed for SSL (Secure Sockets Layer) eller TLS (Transport Security Layer)-kryptering. De fleste websteder bruger SSL eller TLS, som er angivet i browsere med en hængelåssymbol.

At udnytte Heartbleed kan tillade hackere at udtrække private SSL nøgler fra en server og potentielt dekryptere trafik. I nogle tilfælde forårsage fejlen serveren til at lække brugerlegitimationsoplysninger.

Drawing on their experience building complex software for simulating spaceflight, Portuguese scientists have created a 21st-century way of detecting banking fraud here on Earth.

Today, every electronic purchase in Portugal runs through their software. Around the globe, Feedzai products screen some US$229 billion-worth of payments every year.

But what do space missions and software designed to find thieves have in common? More than you might think - in addition to high-tech hardware, space missions require a great deal of sophisticated software.

"When you launch a spacecraft, you need software to guide it," explained Feedzai's Paulo Marques, who was an ESA consultant before founding Feedzai in 2009. "You also need software for communications from the ground."

Long before a spacecraft is launched, the software must be thoroughly tested for flaws. There's just one problem, explained Paulo: "You don't have an actual spacecraft yet."

So, scientists build a software universe to simulate the mission.

"What you need to have is something that represents the spacecraft, mission control and ground stations, along with many other components, in order to check it all."

At ESA, Paulo and Feedzai's Nuno Sebastiao called on high-performance computing techniques to create virtual satellites: "Clusters of computers pretend to be everything involved. A computer acts like a spacecraft."

The software must be very robust in order to mimic each element of the mission and spacecraft perfectly.

And it must be able to do this quickly - in far less time than it would take to complete an actual mission.
"The software has to be able to process all the information it gets in a very, very effective way," said Paulo, "as if it were the real spacecraft."

Spacecraft operators also train using this software. "You are not going to put a spacecraft in the hands of someone who hasn't trained before."

Space experience for stopping fraud

Fraud detection and space mission software face similar challenges. For one thing, both need to process huge amounts of information in real time. "If we talk about a bank, you need to process thousands of transactions every single second."



In bank fraud detection, as in space, software must recognise anything that is out of the ordinary.
In space, an unexpected change in temperature could indicate a crack in the wall. In banking, anomalies often point to fraud: if a petrol station suddenly starts generating sales figures like those of a luxury car dealership, it is a sign of trouble.

However, there are differences. While hard-and-fast rules are set to detect an anomaly in space, fraud requires decisions on a case-by-case basis. A sudden temperature change in a spacecraft is always a problem, but each bank customer has his own, individual habits.

As a result, the software must recognise what is normal for a business-owner and what is normal for a teacher, based on the past practices of each, before it can identify any odd behaviour.

To make this possible, Feedzai came up with an artificial intelligence software system.
"We developed software that can process a huge number of transactions," said Paulo. This software can look at every transaction a customer has made for the last four years.

By applying both 'machine learning' and 'big-data techniques' to look at all the data, the software learns to distinguish fraudulent-looking from non-fraudulent-looking transactions.

"The software creates the rules."



Feedzai's software is certainly robust. Tracking over 300 variables per person, it creates very detailed, individualised spending profiles for as many as 20 million credit cardholders per system. "In total we are tracking over five billion variables continuously."

"It's like having 500 very intelligent people looking at every single transaction and making a call based on their experience if it's fraud or not. It's a huge amount of computing power."

Carlos Cerqueira from Instituto Pedro Nunes, the Portuguese broker in ESA's Technology Transfer Network part of ESA's Technology Transfer Programme, believes Feedzai's technology will mean savings for banks, as well as improved customer loyalty: "Feedzai's machine learning models and big data science are able to detect fraud up to 30% earlier than traditional methods, and illustrate how the competencies developed at ESA research centres can be useful to other sectors."

Space knowledge generates growth

This year, Feedzai moved its headquarters from Portugal to California as they expand further into the world market.

"It is great to see that the expertise and knowledge generated on European space programmes also can lead to innovative techniques in fighting credit card fraud," said Frank M. Salzgeber, Head of ESA's Technology Transfer Programme Office.

"It illustrates very well the spin-off potential from our space programmes. Dealing with space calls for leading-edge technological solutions, which explains why the space industry is often far ahead of others."

Portugal's delegate to ESA, Luís Serina, emphasised that, "This success case shows us that the investment in ESA also contributes to the creation of jobs and growth through technological innovation, which is even more important nowadays."

Certainly, there is plenty of fraud to go around: each year, $11.4 billion is lost to credit card fraud. As cybercriminals grow more sophisticated, that number is likely to grow.

"We're part of the defence mechanism," said Feedzai spokesperson Loc Nguyen. "The invisible layer you as a consumer never think about. If you don't know about us, it means that we're working."

Online security is a horrifying nightmare. Heartbleed. Target. Apple. Linux. Microsoft. Yahoo.eBay. X.509. Whatever security cataclysm erupts next, probably in weeks or even days. We seem to be trapped in a vicious cycle of cascading security disasters that just keep getting worse.

Why? Well - "Computers have gotten incredibly complex, while people have remained the same gray mud with pretensions of godhood … Because of all this, security is terrible … People, as well, are broken … Everyone fails to use software correctly," writes the great Quinn Norton in a bleak piece in Medium. "We are building the most important technologies for the global economy on shockingly underfunded infrastructure. We are truly living through Code in the Age of Cholera," concurs security legend Dan Kaminsky.

Most of which is objectively true. And it's probably also true, as Norton states and Kaminsky implies, that a certain amount of insecurity is the natural state of affairs in any system so complex.

But I contend that things are much worse than they actually need to be, and, further, that the entire industry has developed learned helplessness towards software security. We have been conditioned to just accept that security is a complete debacle and always will be, so the risk of being hacked and/or a 0-day popping up in your critical code is just a random, uncontrollable cost of doing business, like the risk of setting up shop in the Bay Area knowing that the Big One could hit any day.

What's more, while this is not actually true, most of the time it is no bad thing.

I'm pleased that I was a Heartbleed hipster, dissing OpenSSL before it was cool (i.e. ten days before Heartbleed emerged into the light) but I don't pretend to be a security expert. I do write software for a living, though … and recent events remind me vividly of the time I attended DefCon just after Cisco tried to censor/gag-order Michael Lynn. Continue reading…

Here is a short Q&A that provides an overview of Consumer Electronics Show:

Q: What is the Consumer Electronics Show all about?

A: The Consumer Electronics Show aims to serve as a launching pad for a new must-have gadget as spending on such new tools drops as the whole globe reaches a saturation point on the use of tablets and smartphones. Beginning on January 14, 2014, CES promises to showcase an “Internet of Things” with users at its heart. Once a venue for showcasing TV technology yearly in Las Vegas, CES now promotes once-dumb devices which are turbo-charged with interconnective capabilities for the modern IT user.

Q: Are these devices for everyone or only for specialized users?

A: There are basically two types of devices showcased: those which are feasible and those which are commercially viable. Like the concept cars shows we see around, CES has devices that are within the realm of possibilities (if some cars are dreamed of to fly eventually, IT devices might just have the same ability, as drones can show) and others in the realm of actually becoming a source for business ventures (innovative things which can be done can be sold).

Q: So, these are all devices that will not be available in the market in the near future?

A: If bendable screens and 3D printers, which are catching so much attention worldwide and being sold at a subdued level, are any indication, other gadgets similarly interesting and intriguing can eventually build their own market that will grow and make headway.

Q: Please give an example of a ‘once-dumb” device that can become interconnected?

A: Cars. Refrigerators. These things can be accessed or controlled through your smartphone – to turn on/off or open/shut a door at will. Even a bracelet which can track your bodily vital signs and help maintain a healthful life. Hence, anything for that matter, which can be made to provide information to the user as well as others who have access to the device?

This is just one specific case where Corliss Tech Review Group provides online information on the latest IT developments. And there are many more articles and materials that the group makes available online.