Tech Reviews by The Corliss Group--Foxconn, which assembles gadgets for companies such as Apple Inc., said it has sold a number of its communications technology patents to Google Inc. for an undisclosed sum. Taiwan-based Foxconn, officially known as Hon Hai Precision Industry Co., made a name for itself in contract manufacturing by making Apple's iPhones and Sony's PlayStation game consoles. But few know the electronics manufacturer has been developing new technologies and has a sizable patent portfolio. In a statement, the company said it has applied for 128,400 patents and has been granted more than 64,300 patents world-wide. In the highly competitive technology industry, companies are challenging each other to set industry standards, which has led to a few patent cases. Google, which is battling with Apple for mobile dominance, has continued to strengthen its patent portfolio through acquisitions. The Internet giant's purchase of Motorola Mobility in 2011 gave it a formidable patent portfolio, and protected its Android mobile operating system and partners from legal threat from competitors, including Apple and Microsoft Corp. Foxconn, which also sold some head-mounted display technology patents to Google for an unspecified amount last year, was one of the top 20 U.S. patent owners in 2013, according to Manhattan-based patent advisory company Envision IP.

Swipe right, chat to a fake user and your personal data could be stolen. A series of bots have invaded dating app Tinder and are spreading dangerous downloads after luring users with tempting profiles and pictures, an antivirus developer has discovered. Bitdefender Labs is currently investigating both the Android application and the bots that seem to have stolen pictures from an Arizona-based photography studio. Some of these images are also being used for fake Facebook profiles. Catalin Cosoi, chief security strategist at Bitdefender, said: "After users swipe the right button on Tinder to indicate that they like a profile, the bots engage users in automated conversations until they convince them to click on a dubious link. "The name of the URL gives the impression of an official page of the dating app and for extra legitimacy scammers also registered it on a reputable .com domain." Bitdefender warns users to be aware of this risk, and advises that a typical bot message reads: "Hey, how are you doing? I'm still recovering from last night? Relaxing with a game on my phone, castle clash. Have you heard about it? Play with me and you may get my phone number."

Protecting yourself against harmful and life threatening viruses, its best to choose the antivirus by brand name. But each Antivirus download that you can find on the internet is dependent on what is most important to the user in terms of variables. Some are more dedicated to filtering through malware and spyware; some systems pride themselves on being the most reliable, or adaptable to the constant change of cyberspace gunk that's floating around. So with all these choices, how're we supposed to know which program is suited to our professional needs? We hope to address those concerns and point the potential onlooker in the right direction for a potential download, or perhaps full-on purchase of the bundled software. For the moment we'll be looking at Avast! and AVG which are both free antivirus downloads available for your computer on reliable online websites. Avast! Free Antivirus Software: The Basics Chances are if you're looking to get in on the ground floor to check if Avast! is right for you, then you'll be looking into the coverage that the free antivirus download is going to offer. Avast! is ranked as one of the top antivirus programs in the market with 17% of users in the entire market share of protection services. Which is pretty far up there with McAfee, Bitdefender, and other potential competition. AVG Antivirus Software: The Basics In comparison to Avast! the folks at AVG are a little behind in their numbers at 170 million+ having entrusted their computer's health to the program. But the software itself is secure and accessible on their website. AVG have won an array of awards for their antivirus software, and can be considered a lively competitor to Avast! and other protection bundles.

Sharing files with colleagues and clients should be easy and convenient. What it shouldn't be is a security risk - but it frequently is. Because many small businesses don't have the right file-sharing systems and policies, many turn to unsafe practices that often put both their business's and clients' privacy in jeopardy. Is your business guilty of engaging in dangerous file sharing habits? Here are five you need to watch out for and what you can do about them. 1. Sharing files via email The most obvious dangerous habit is sharing files via email. Just the other day I received a design document from a client as an email attachment. 2. Using consumer-grade cloud solutions Workers around the world are putting themselves and their employers at risk by indiscriminately using unauthorized file sharing services on their mobile and desktop devices - to the tune of $2 billion. With more workers joining the bring-your-own-device (BYOD) revolution and turning to insecure file sharing services like personal Dropbox and Google Drive accounts, the threat is greater than ever. 3. Peer-to-peer (P2P) file sharing P2P sharing is a great technology used to share data over peer networks. It's also great software to get hacked. 4. Using flash drives Flash drives are the easy tool of choice for infection since they bypass network security. If an infected file is on a flash drive and inserted into a system, it can start an infection spread from the PC. 5. Lack of visibility The danger starts when employees take matters into their own hands and engage a file sharing service on their own. The individual making a one-off decision is not going to be thinking of the bigger picture of organization-wide requirements.

Welcome to Gadget Review's new weekly app review column. We are starting out with iOS apps only, but in the future we will extend to other OSS ecosystems. If you have an app to recommend, please do so in the comments or via our social media channels. 1. Mynd Calendar apps have come and gone, and nothing has yet replaced the tried and true calendars from Google, Apple and Microsoft. Enter Mynd, an "intelligent mobile calendar" from Alminder Inc. This, loyal readers, is the game changer. 2. FTL: Faster Than Light Though more and more people are playing games on their iOS devices, most of those games are pretty basic and, for self-identifying gamers, extremely boring. If you've been looking for a real-deal game to sink your thumbs into, buckle up for Faster Than Light. 3. Sleep Cycle Alarm Clock In my humble opinion, the worst part of the day is setting an alarm for the next morning. But it doesn't have to be that way anymore, thanks to Sleep Cycle, an intelligent alarm clock from Northcube AB. 4. Data Count In an era of data caps, we could all use a tool to help us avoid the additional charges that accompany all those streaming overages. Data Count, from Creo, is just the ticket. 5. Monument Valley Sometimes, apps transcend ones and zeros. They usher in a new way of life, perhaps, or offer a major social improvement. And, in rare cases, they become true art. 6. Pinnacle Studio for iPhone Heres one for the pros. Or anyone who takes a lot of photos. Which is just about everyone with an iPhone.

Android, iOS, Windows Phone. Each of these mobile platforms had to start somewhere, and none were anywhere near perfect on the first try. Fortunately, each OS gets better with every iteration until, at some point, it all just clicks. Arguably, Windows Phone just came of age with its latest update, version 8.1. Even before today, Windows Phone only had a few big holes remaining and indeed, 8.1 appears to fill those gaps. In particular, the OS now has a fancy notification center in addition to those signature Live Tiles; the keyboard now allows for swipe gestures; and last but not least, it now has Cortana, a virtual assistant to take on Siri, Google Now and Samsung S Voice. The 8.1 update is a fairly significant one, and I got the opportunity to take it for a spin ahead of the official developer preview's launch. It may not be perfect yet, but it's clear Windows Phone has finally grown up. Cortana Windows Phone included a search option from the beginning, and though it was useful at the time, rivals like Siri, S Voice and Google Now have quickly turned the tide, rendering Microsoft first "voice assistant" completely obsolete. Thankfully, the 8.1 update introduces a personal assistant named Cortana to help bring Windows Phone into the modern era. Named after Master Chiefs trusty AI sidekick in Halo, Cortana is designed to help you do whatever you do on a phone. Think: scheduling appointments, alerting you to upcoming flights, telling you the weather, offering up directions, dictating messages, opening apps and adjusting settings. She even tells jokes and responds in humorous ways to (most) silly questions. Those are all givens these days, so let's instead move on to the more unusual things she can do.

It weighs just 34 grams, is 72 x 35 x 12 mm in size, and costs only the $39: The Google Chromecast looks and feels like a USB flash drive with a glandular problem. Cheap, easy to set up and even easier to use, there's really nothing to dislike about the Google streaming device, except for one thing: Canadian content (which we will get to in a moment). The Chromecast is so small that once it's plugged into an HDMI port in the back of a television set, there's almost no indication that it's a part of your home theatre setup. Only its power cord, which can either be plugged into a wall socket or available USB port, gives a hint that it's even there. Unlike other streaming media devices like the Apple TV or Roku 3, Google Chromecast doesn't come with a remote control, or in fact, any onboard applications or content. Everything, from setting up the device to watching a video from your personal media collection or browsing YouTube, is done through the use of apps on an Android phone or tablet, iOS device or via Google Chrome browser on a Chrome OS, Windows or Mac PC. No matter which device you use with the Chromecast, setup is a cinch. Simply power the device, plug it into an available television HDMI port and follow the Chromecast's onscreen prompts. The device will walk you through the process of connecting it to a Wi-Fi network, pairing with your choice of source device and downloading any available firmware updates. Even with the lousy Internet speeds I suffered while testing the hardware in rural southwestern Ontario I was setup and ready to start streaming content to my Chromecast in under 10 minutes.

 

The Heartbleed bug isn’t a “virus,” but a security error. The bug can be tested on Github and a website was set up to test out whether the bug affects a certain website, including well-known ones.

AP Update: 3 things you can do to protect from Heartbleed

The “Heartbleed” bug has caused anxiety for people and businesses. Now, it appears that the computer bug is affecting not just websites, but also networking equipment including routers, switches and firewalls.

The extent of the damage caused by the Heartbleed is unknown. The security hole exists on a vast number of the Internet’s Web servers and went undetected for more than two years. Although it’s conceivable that the flaw was never discovered by hackers, it’s difficult to tell.

There isn’t much that people can do to protect themselves completely until the affected websites implement a fix. And in the case of networking equipment, that could be a while.

Here are three things you can do to reduce the threat:

— Change your passwords. This isn’t a full-proof solution. It’ll only help if the website in question has put in place required security patches. You also might want to wait a week and then change them again.

— Worried about the websites you’re surfing? There’s a free add-on for the Firefox browser to check a site’s vulnerability and provide color-codes flags. Green means go and red means stop. You can download it here: https://addons.mozilla.org/en-US/firefox/addon/heartbleed-checker/https://addons.mozilla.org/en-US/firefox/addon/heartbleed-checker/

— Check the website of the company that made your home router to see if it has announced any problems. Also be diligent about downloading and installing and software updates you may receive.

Earlier AP Update:

NEW YORK (AP) — It now appears that the “Heartbleed” security problem affects not just websites, but also the networking equipment that connects homes and businesses to the Internet.

A defect in the security technology used by many websites and equipment makers have put millions of passwords, credit card numbers and other personal information at risk. The extent of the damage caused by Heartbleed isn’t known. The threat went undetected for more than two years, and it’s difficult to tell if any attacks resulted from it because they don’t leave behind distinct footprints.

But now that the threat is public, there’s a good chance hackers will try to exploit it before fixes are in place, says Mike Weber, vice president of the information-technology audit and compliance firm Coalfire.

Two of the biggest makers of networking equipment, Cisco and Juniper, have acknowledged that some of their products contain the bug, but experts warn that the problem may extend to other companies as well as a range of Internet-connected devices such as Blu-ray players.

“I think this is very concerning for many people,” says Darren Hayes, professor of security and computer forensics at Pace University. “It’s going to keep security professionals very busy over the coming weeks and months. Customers need to make sure they’re getting the answers they need.”

Here’s a look at what consumers and businesses should know about Heartbleed and its effects on networking devices.

— How is networking equipment affected?

Just like websites, the software used to run some networking equipment — such as routers, switches and firewalls — also uses the variant of SSL/TLS known as OpenSSL. OpenSSL is the set of tools that has the Heartbleed vulnerability.

As with a website, hackers could potentially use the bug as a way to breach a system and gather and steal passwords and other sensitive information.

— What can you do?

Security experts continue to advise people and businesses to change their passwords, but that won’t be enough unless the company that created the software in question has put the needed fixes in place.

When it comes to devices, this could take a while. Although websites can be fixed relatively quickly by installing a software update, device makers will have to check each product to see if it needs to be fixed.

Both Cisco Systems Inc. and Juniper Networks Inc. continue to advise customers through their websites on which product is still vulnerable, fixed and unaffected. Owners may need to install software updates for products that are “fixed.”

Hayes praises Cisco and Juniper for being upfront with customers. He cautions, though, that many other companies make similar products that likely have the bug, too, but haven’t come forward to say so.

As a result, businesses and consumers need to check the websites for devices that they think could have problems. They must be diligent about installing any software updates they receive.

Weber says that while there are some checks companies can do to see if their networking equipment is safe, they’re largely beholden to the device makers to let them know what’s going on.

Companies also need to make sure that business partners with access to their systems aren’t compromised as well.

— Are other devices at risk?

Hayes says the bug could potentially affect any home device that’s connected to the Internet, including something as simple as a Wi-Fi-enabled Blu-ray player.

He also points to recent advances in home automation, such as smart thermostats, security and lighting systems.

“We simply don’t know the extent of this and it could affect those kinds of devices in the home,” he says.

  

Version 4.1.1 of Android Jelly Bean was released in 2012

Millions of Android devices remain vulnerable to the Heartbleed bug a week after the flaw was made public.

Google announced last week that handsets and tablets running version 4.1.1 of its mobile operating system were at risk.

The search giant has since created a fix, but it has yet to be pushed out to many of the devices that cannot run higher versions of the OS.

It potentially places owners at risk of having sensitive data stolen.

In addition security firms warn that hundreds of apps available across multiple platforms still need to be fixed.

These include Blackberry's popular BBM instant messaging software for iOS and Android.

The Canadian firm has said that it will not issue a fix until Friday, but said there was only an "extremely small" risk of hackers exploiting the bug to steal its customers' data.

In the meantime the program remains available for download from Apple's App Store and Google Play.

Data theft 

News of the vulnerability with recent versions of the OpenSSL cryptographic software library was made public last Monday after researchers from Google and Codenomicon, a Finnish security firm, independently discovered the problem.

OpenSSL is used to digitally scramble data as it passes between a user's device and an online service in order to prevent others eavesdropping on the information.

It is used by many, but not all, sites that show a little padlock and use a web address beginning "https".

The researchers discovered that because of a coding mishap hackers could theoretically access 64 kilobytes of unencrypted data from the working memory of systems using vulnerable versions of OpenSSL.

Although that is a relatively small amount, the attackers can repeat the process to increase their haul.

Furthermore, 64K is enough to steal passwords and server certificate private keys - information that can be used to let malicious services masquerade as genuine ones.

Press reports initially focused on the risk of users visiting vulnerable websites, but attention is now switching to mobile.

At-risk handsets

 

UK versions of the HTC One S handset cannot currently be upgraded beyond Android 4.1.1

Google's own statistics suggest that fewer than 10% of Android devices currently run version 4.1.1.

However, since close to one billion people currently use the OS that is still a significant number.

Some of those device owners can protect themselves by upgrading Android to a more recent version.

But several machines are unable to be upgraded higher than 4.1.1.

Customer websites indicate these include Sony's Xperia E handsets, HTC's One S, Huawei's Ascend Y300 and Asus's PadFone 2.

"Privacy and security are important to HTC and we are committed to helping safeguard our customers' devices and data," said the Taiwanese firm.

"We're currently working to implement the security patch issued by Google this week to the small number of older devices that are on Android 4.1.1."

Asus said its device was "expecting an update imminently". Sony and Huawei were unable to comment.

Tab grab

 

Sony and Huawei were not able to say when they planned to patch vulnerable devices

Google has now created a fix to address the problem. However, manufacturers still need to adapt it for their devices and this software will need to be tested by the various operators before they release it.

Users can check which edition of Android they are running by going to the "about phone" or "about tablet" option in their Settings app.

Alternatively several free apps have been released that can scan phones and tablets to say if they are vulnerable.

Lookout - a security firm behind one of the products - explained how hackers might take advantage of a vulnerable handset.

"Someone could build a malicious website or advert designed to steal data from your memory," Thomas Labarthe, the firm's European managing director, told the BBC.

"If you happen to be browsing it and have other tabs opened in your browser, it could take data from a banking site - for example.

"No-one could steal a whole document - they can only take 64K of data - but that's still enough to steal your credentials."

'Forgotten about'

 

Blackberry aims to offer safe versions of its BBM app on Friday

Another security firm, Trend Micro, has focused on the issue of vulnerable apps.

These can affect any mobile operating system because the problem is caused by the servers that send data to the apps not having been updated to the latest version of OpenSSL.

Trend Micro said it was currently aware of 6,000 such risky apps, including shopping and bank-related services. That is 1,000 fewer than its figure for Friday - suggesting some server operators are addressing the problem.

But it acknowledged that it was hard for members of the public to know which of the hundreds of thousands on offer were safe to use.

"Some of these are services that were set up and then forgotten about," said senior malware researcher David Sancho.

"There's no way from using an app you can know if it's good or bad.

"So, for the moment, the best thing to do is use the ones from the major vendors that we know have been patched... but for the minor ones that have said nothing, be wary."

Human error is behind the latest threat to website security but giant corporations need to take their share of the blame

Were you a thriller writer seeking a name for an apocalyptic software security flaw that threatened the future of civilization as we know it, then "Heartbleed" would be hard to beat. Last week saw the discovery of such a flaw, and Heartbleed was the name assigned to it.

Most security flaws are of interest only to specialists, but this one was different. Why? Because it's been around for something like three years, during which time it could have exposed the passwords and credit card numbers that countless millions of people had provided to online stores and other services. Heartbleed would enable attackers to eavesdrop on online communications, steal data directly from services and users, and impersonate both services and users. It could have affected up to two-thirds of the world's internet servers. And unlike some earlier such problems, the solution isn't as simple as immediately changing one's password. It was, said Bruce Schneier, a security expert not much given to hyperbole, a "catastrophic" flaw. "On the scale of one to 10," he wrote, "this is an 11."

Heartbleed is a flaw in the computer code that encrypts your personal data while it's in transit from your computer to an online service. When you buy something from Amazon, say, or proceed to the checkout on any reputable site, then the URL you're dealing with will change from one prefixed by "http" to one prefixed by "https". This indicates that the Secure Sockets Layer (SSL) protocol has been invoked and that your personal data will now be transmitted only in encrypted form.

SSL is an essential component of the global e-commerce system, and the most common implementation of it is an open-source version called OpenSSL. Any flaw in it could indeed be catastrophic – which is why there was such a furore a while back when it was revealed that the National Security Agency had apparently been working actively to weaken the cryptographic protection that SSL offered. Not surprisingly, therefore, the default assumption when the Heartbleed story first surfaced was that the NSA must be behind it. But this comforting conjecture was rapidly discounted when it was realized that the flaw was most probably the result of a relatively mundane programming error.

It turns out that within OpenSSL there is something called the "heartbeat" protocol. This is needed to ensure that communications between user and site are kept alive even when the line goes quiet. What seems to have happened is that when one of the programmers who works on OpenSSL was doing a software update in 2011, he made a coding error which then – unusually for open-source software – went undetected for several years.

The implications of this are both intriguing and troubling. It's possible that the flaw – and the opportunities it provided for undermining the protections offered by SSL – was indeed undetected by anyone and that therefore the world of online commerce was safe even though the door to the safe was swinging open in the breeze. But most security people are unwilling to make that bet. Instead they are assuming that some people knew about Heartbleed and have been either quietly exploiting the vulnerability or using it to hoover up personal data for later nefarious uses.

An equally troubling implication is that huge online companies, instead of developing their own SSL code, simply lifted the OpenSSL code and just bundled it into their web-service software. They are perfectly entitled to do this, provided that they adhere to the terms of open-source licensing. But in behaving as they did they have in effect been free-riding on the public domain.

Most open-source software – and Open SSL is no exception – is produced voluntarily by people who are not paid for creating it. They do it for love, professional pride or as a way of demonstrating technical virtuosity. And mostly they do it in their spare time. Responsible corporate use of open-source software should therefore involve some measure of reciprocity: a corporation that benefits hugely from such software ought to put something back, either in the form of financial support for a particular open-source project, or – better still – by encouraging its own software people to contribute to the project.

If the giant internet companies had taken the latter approach to OpenSSL, then they might have spotted the Heartbleed vulnerability earlier. In which case we wouldn't be in the mess that we are in now. Sometimes the ethical thing to do turns out also to be the prudent thing to do.

Check to See if Yours Is One of Them

 

 

Disturbing news: The now-infamous Heartbleed security flaw might reach further than your favorite websites. It could affect your mobile device, too.

According to an announcement by Google, smartphones and tablets running a specific version of Android were affected by the widespread web security bug,

which could potentially spill your sensitive login information (like passwords).

The company assured Android owners in a blog post April 9 that most versions are not affected by the flaw. However, as Bloomberg notes, Google added that a version called 4.1.1 Jelly Bean is a “limited

exception.”

That version of Android was released in 2012 and is likely to be running on older Android smartphones. According to the most recent statistics released by Google, about 34 percent of Android devices use a version of

the 4.1 Jelly Bean software. Though the company said that fewer than 10 percent of devices in use are vulnerable, a Google spokesperson confirmed to Bloomberg that millions of devices still run 4.1.1 Jelly Bean.

So how can you check to see if your device is affected? You’ll need to go to the Settings menu of your phone and find your way to the About Phone section. There you’ll be able to learn what version of

Android you’re running and see if any updates are available.

There’s also a free Android app available that will tell you if your device is vulnerable to the bug.

Whether there is an immediate update to patch this bug is still unclear. Google’s blog post says that “patching information for Android 4.1.1 is being distributed to Android partners.” A Verizon

spokesperson told Bloomberg that the company was aware of the “security vulnerability referred to as ‘Heartbleed,’ ” and that the company was “working with our device manufacturers to test and deploy

patches to any affected device on our network running Android 4.1.1.”

We’ve reached out to Google for comment. In the meantime, fingers crossed that you’re not affected.

Viruses used to be so simple.

You'd go online with your dial-up modem, take 25 minutes to naively download an appealing-sounding .exe file, and suddenly a sheep would walk across the screen or an embarrassing e-mail would be sent to your entire address book. Some would even wish you a Happy New Year.

Annoying, maybe, but they had their own '90s cyber-kiddie sense of charm.

Some viruses, of course, were incredibly disruptive. Now, though, viruses and malware have become even more malicious. They're out for more than just hacker cred - they're out for your money.

For a long time, malware scammers used tactics known as Scare ware. The malicious software fraudulently claims that your computer has a serious virus infection then sends you to a page to buy their (useless) anti-virus software.

Related: Porn, Drugs, Hit men, and Hackers: This Is the Deep Web

While this is certainly still around, many people have gotten wise to the fraud. Now some scammers are playing hardball. Enter Ransom ware.

Ransom ware is a form of malware that encrypts files on your hard drives with a highly complicated algorithm then presents you with an ultimatum: Pay up or you lose your files forever. The inherent brilliance in the software is this: While the software can be removed, the files remain encrypted. Paying the ransom is the only chance you have to see your files again.

Although this scam has been around since 1989, only recently has it become widespread due to advancements in cryptography algorithms, the ability to extort via the anonymous currency Bit coin, and the digitization of once-analog items of sentimental value like family photos and home videos.

Some consumers are aware of the latest and most notable iteration of this trend known as Crypto Locker, which encrypts the user's data with a 2048-bit RSA Algorithm. The scammers weren't fooling around when they invented this complicated algorithm, which is incredibly difficult - if not impossible - to crack without a key, which will cost victims about $150 to $300.

Crypto locker has been incredibly successful. Owing to surprisingly good "customer service" - the majority of people who pay the ransom have their files restored - the men behind the Crypto locker curtain have raked in over $27 million in Bit coin over a period of three months, according to an examination of the Bit coin block chain by ZDNet.

Related: Cyber Crime Pays: A $114 Billion Industry

Due to the inherent success of the software, it seems only logical that a bevy of copycats would show up.

And they have. IN droves.

One version, which claimed the owner of the computer had been caught with illicit material on his computer, demanded a fine. The ordeal caused a Romanian man to take his own life and that of his son two weeks ago.

While Ransom ware has evolved as a threat to home computer users, it bears a sizeable risk to the business world as well. After all, the earlier versions of Crypto locker actually targeted business professionals, hiding it within emails claiming to be a "consumer complaint."

McAfee, the prominent maker of anti-virus products, predicts that Ransom ware in 2014 will evolve to further target businesses and business owners, and that the software will shift to the mobile realm this year. Scammers will, according to McAfee, use the information gleaned from business owners' mobile devices to gain a "tactical advantage" over the businesses, which could end up costing them untold amounts of money.

It's scary stuff certainly, but home users and business owners still have one easy way out - ensuring all their files are backed up using a cloud-based service, untouchable to any scammers.

In terms of which service to pick, there are hundreds of them out there.

*           Box for Business is an affordable option, offering a terabyte of storage per user, at a price of $15 a user.

*           Amazon's S3 offer's a pay-per-use monthly pricing scale at 10 cents a gigabyte.

*           At $55 a month for 3 users, Sugar Sync for Business is a slightly pricier option, but boasts a collaborative sharing platform and mobile access.

Suffice it to say, regardless of the particular needs of your family or your organization, there's a service out there's that caters to them. There's no excuse to keep only data stored locally.

Once everyone does this, Ransom ware will seem much less threatening.

AN increase in cybercrimes is costing Irish companies over €600m a year, according to a new report.

Reports of data breaches are mounting in Ireland as both foreign and Irish criminals infiltrate business computer systems, according to a Grant Thornton business report.

Common crimes include identity fraud, online scams, and cyber theft and cyber extortion.

Notifications of security breaches rose 36pc in 2012. Incidents are typically under-reported to the Data Protection Commissioner because company's fear a hit to their reputation should they disclose their security systems failed, according to Grant Thornton partner Mike Harris, who launched the company's cyber security service.

SECURITY

Breaches since 2011 include attacks on Loyalty build, Eircom Study Hub and Recruit Ireland. Loyalty build suffered a breach of customer data and credit card information and had to invest €500,000 on security.

It is estimated that 55pc of cybercrime is by international organized crime gangs - typically operating in countries where regulation is weak.

Mr Harris said: "Our estimate of €630m is likely to be below the actual level given that many companies still do not report security breaches for fear of the reputational damage."

He said Irish businesses should be focusing... on the ability to detect and react to data security breaches.

"It is not a question of if an Irish business will be subjected to an online attack, but a question of when," he said.

PayPal employees in Tel Aviv, mostly veterans of the army intelligence corps, team up with algorithms to decide whether your transaction should go through.

A few years ago, an American living in Indiana opened an account with PayPal, the U.S. Company for making payments and money transfers online. A few months later, funds were drawn from the account - from Iraq, and the delivery address for the goods ordered was in Germany.

So was the account hacked? Or maybe it was simply an American soldier scheduled for transfer to Germany. This fictional case illustrates real issues that PayPal has to sift through. The company's battle against fraud is led by a team of 100 Israelis, mostly veterans of the Israel Defense Forces' intelligence corps who work at the firm's Tel Aviv development center.

"Fraud is a significant threat; there are countries in which PayPal handles more than 20% of online commerce," says Tomer Barel, who five months ago was appointed director of risk management for PayPal worldwide. He previously headed the Tel Aviv development center since 2009.

"As a result, PayPal is a major target for fraud," Barel says. "We have almost 150 million users, so theoretically this involves a huge number of people who could become theft victims. Every day, 10 million transactions are conducted on PayPal, and the company's loss rate is 0.2% of sales, most of which stems from fraud."

Barel and the Israeli development center have the fascinating job of making Internet purchases simple and secure without invading users' privacy. The increasing use of the Internet on mobile phones, the development of virtual currencies such as Bit coin and the growing online criminality are just some of the challenges.

Kingpins recruit hackers

Organized crime has changed drastically over the past decade, Barel says. In the past, criminals would go from restaurant to restaurant demanding protection money, not to mention the occasional beating or shooting. Now organized crime can recruit people around the world; all the recruit needs is skill, an Internet connection and the ability to convince him that what he's doing is acceptable.

"We get into the hackers' [online] forums and see a lot of rationalization there. The hackers view people who use violence as criminals," Barel says.

"Organized crime recruits a lot of smart and talented people who tell themselves they're not really stealing from individuals because [consumers] are protected and get their stolen money back. And everything is done without violence; there's no contact. The victim is faceless, so there's no compassion."

It's a model involving a minimum of friction between the criminal and the victim, Barel notes.

"Someone's sitting in China, Britain or Moldova and tells himself: 'I'm stealing from multinational corporations, those rich bad people. I'm a kind of Robin Hood,'" he says.

"But that money flows to organized-crime groups and funds their other activities, some of which are violent. The ability of a group to be scattered all over the world and not directly confront its victims contributes to its success."

The Israeli team has the expertise to take data from a transaction and make an immediate decision, Barel says. The idea is to prevent fraud while limiting the inconvenience to good customers whose transactions might be a bit out of the ordinary.

A fraction of a second

Most of the time, the process is carried out automatically. The job of PayPal's Israel center is to flag use of a PayPal account by someone other than the account holder. There are standard tools to do this, such as a user's IP address - the number assigned to a particular computer - but there are less obvious ways.

"Activity on a computer produces a number of electronic signatures; the trick is to identify them and make links among them," Barel says.

Whether the task is an art or a science, there isn't much time to do it.

"We need to identify attempted fraud in real time, and that's a matter of a fraction of a second," Barel says. "I need to identify that a stranger is using your account. You're not going to wait in front of your computer or mobile device for five minutes for the system to approve the transaction."

The Israeli team also has to analyze sophisticated cases that a computer can't recognize as fraudulent. This involves research and intelligence gathering; graduates of the Israel Defense Forces' technology units are natural candidates.

"It's a cat-and-mouse game. Fraudsters adapt to the model that you put in place, so we came to the conclusion that the human dimension is critical," Barel says.

"In our research groups in Israel, there's a large team of analysts who look at huge volumes of data, identify patterns and help the algorithm make a decision. People are still more powerful than machines in trying to foresee and identify human behavior."

The Google Nest thermostat goes on sale, Sony gives away some free music and we bring you a great app for the Easter holes.

GADGET OF THE WEEK
NEST * From £170 plus VAT

Your central heating is about to get a whole lot cooler thanks to Google's new Nest thermostat.

The space-aged gadget not only looks the business but will also save you a heap of money.

Using tech wizardry, Nest learns about you and your home then decides when to switch on your boiler. You can also control the heating while away via your smartphone.

Google reckons the £249 Nest will save 20% off your gas bill.

+++TECH NEWS+++

JACKO IS BACK & FREE ON SONY'S NEW XPERIA Z2

The brilliant Sony Xperia Z2 is now available to pre-order.

And with a stunning screen, waterproof design and new 4K camcorder it's one of the best Android phones on the market.

If you decide to fill your pockets with this phone then there's an added bonus.

You'll get a free copy of the new album from the king of pop Michael Jackson, when it's released next month.

XSCAPE features eight new tracks which have been optimized especially for the Xperia Z2. ShaMOAN!

TAKING shots of celebs on the red carpet usually requires a top-end camera.

But pro snapper Dan Rubin ditched his trusted DSLR last week in favor of an iPhone 5s.

Photographing stars like Graham Norton, above, shows just how good phone cameras have become.

Here are Dan's top tips for shooting with your smartphone.

How did you find the experience differed to shooting with a DSLR?

The iPhone is essentially a point-and-shoot camera, so there are far fewer things to think about when shooting.

The size of the device makes a big difference when trying to connect with a subject, they see me and not just a massive camera and lens.

This allowed me to be conversational with each person as they passed by, and in many cases they returned the favor.

It was also easy to slip my arm between a few paparazzi and get a shot.

But there are certain types of images I wasn't able to capture without a strobe or a big lens.

  

Are you happy with the results?

Once I got used to the lighting and how the celebrities were behaving, I was able to get results I was really happy with especially with a camera I could fit in my pocket

What apps did you use for shooting and editing?

I shot almost exclusively with the default iOS Camera app, with a few select shots captured using CortexCam (an app that averages multiple shots to remove noise in extremely low light).

All editing/post-production was done in VSCO Cam.

 

+++TECH NEWS+++

NEW RULES COULD SPELL THE END OF DATA ROAMING CHARGES

GOOD news for ­travellers.

The EU is hoping to put an end to data roaming charges, leaving you to tweet and text abroad without getting a nasty shock.

The new rules won't take effect until at least 2015, so for now you're best switching off your smartphone and enjoying the sun.

 

APP OF THE WEEK

ADDISON LEE

Apple * Android - FREE

IF you're heading to London this Easter, pop the new taxi app from Addison Lee on your smartphone.

It allows you to book a cab for a set time or simply hit the "pick me up now" button for an instant collection.

It's fast, friendly and will save you a sweaty trip on the Tube.

 

The risks and rewards of cloud. According to Alan Priestley, director of strategic marketing EMEA at Intel, there is one very big barrier to adoption of cloud marketing: risk aversion.

That risk aversion is no doubt born of fear, if not of the unknown, then certainly of the sheer work required before organizations are able to benefit from the flexibility and, potentially, cost savings of moving applications to the cloud.

It isn’t just about the fact that they have built far-reaching IT infrastructures in-house over the course of many years. It’s also about the changes required in how the IT department is run and in the skills of the people who work in it.

Intel, though, has already shifted some of its IT to the cloud, as appropriate. “Intel uses cloud, both private and public, but we also have a lot of IT that we cannot and will not put into the cloud,” Priestley told attendees at this week’s Computing IT Leaders’ Forum, which focused on the management of hybrid clouds.

Feel the fear

However, when an organisation is already facing acute IT problems, the fear factor comes from not facing up to them. UCAS, the universities’ clearing service, has always faced a particular challenge: for a few days every year in August, demand for its services goes through the roof as students rush to secure a university place.

By 2011, the website through which everything had been automated was struggling to cope: a new approach that could handle the August spike in traffic was needed.

The solution proposed by James Munson, head of IT at UCAS, was radical: it would shift much of its computing services to the cloud. Not only that, but it insisted on a contract that would enable it to ramp up its compute capacity in August when it was all-action, and reduce it (and the price) for the rest of the year when the service is quieter.

“In 2011 and 2012, UCAS had problems being able to deliver the scale that was required for that intense period in the morning when everyone was getting their results at the same time,” said Munson.

“It was all hosted on-premise where we’re based in Cheltenham. We had created quite a complex infrastructure environment – some Microsoft .NET, some database, some Unix, different storage area networks all hosted there, and quite a lot of bandwidth that all needed to go in to that location on that one day, so it was not surprising that we were having ‘issues’.”

Furthermore, the architecture around which UCAS’s services had been built was monolithic, which meant changes required far-reaching testing and the systems lacked comprehensive monitoring. “So when things started to go wrong, we didn’t have great insight into what was going wrong and what was causing the problems. Something had to change.”

In late 2012, that change was decided: a transition to a public cloud infrastructure, with services shifting to a combination of Microsoft Azure, which made sense given UCAS’s existing .NET application investments, Amazon Web Services to host the organisation’s Oracle databases, and Rackspace, with whom UCAS already had a relationship.

The key services for finding and tracking courses were rebuilt in Microsoft Azure, with in-house Oracle databases upgraded, re-engineered and ported across to Amazon. These are load-balanced across two zones and the website is hosted by Rackspace.

Skills challenge

Munson found that the new skills required of an IT department in the era of cloud are very different from those required to run IT in-house – a skills gap also found by Rocco Labellarte, CIO at the Royal Borough of Windsor and Maidenhead.

“We are looking at a whole new set of skills,” he said. “There are lots of kids out there with the right qualifications in terms of understanding the environments. But actually getting people with the practical skills who have ‘been there and done that’ is another matter.”

He continued: “We have broken down our skill sets into a three areas: one is to move to a monitoring team, which is effectively just sitting there, watching the large screens all the time and being able to react very quickly because we are maintaining the service integration element internally.

“The second is having commissioned technical architects that understand exactly how everything is put together, both from a hardware perspective, and from a networking, security and applications perspective.”

Finally, although the organisation may be outsourcing to cloud providers, there is still a need for technical architects that can inform the organisation how it should be done, on the one hand, while challenging providers and their recommendations on the other.

Going the extra mile to get appropriately skilled staff in-house can save a fortune, he added. “Having internal skills, if they are significant, provides a cost benefit. We have avoided about £500m in spend by having the right skills from the start,” said Labellarte.

The Corliss Review Group: What are the top security concerns when moving to the cloud?

techradar.com

Cloud computing brings a myriad of benefits for any enterprise, but it is also a cause for concern in a world where, according to InformationWeek, cyber criminals are now targeting "any company where they can find data to resell, disrupt or exploit."

Moving your company's sensitive data into the hands of third party cloud providers expands and complicates the risk landscape in which you operate every day.

In order to understand what concerns should be given emphasis in your cloud security strategy, you need to understand what you can't afford to lose and what can protect you.

Understanding what you can't afford to lose

Data breaches, according to the Cloud Security Alliance, are the top cloud computing security threat for 2013 and beyond. Sensitive data can be of enormous value to a hacker, so you need to consider what sensitive data you are storing in the cloud.

This might be anything a criminal can use to determine or steal someone's identity, such as personally identifiable information (PII) like full names, addresses, birth dates, some IP addresses, and online logins and passwords; and financial information such as bank account numbers and PINs. Furthermore, you should consider any confidential corporate information you might share in the cloud.

Essentially, ask yourself "What do I have that others might want?" and "What do I have that I can't afford to lose?" Data privacy regulations often demand public breach notifications in the event of a malicious data breach or inadvertent data loss - particularly if the information is in the clear.

If your security strategy fails to protect sensitive data, your enterprise could face severe consequences in terms of business and reputation loss as the result of disclosure.

Understand what can protect you if you do lose your data

Businesses migrating to the cloud should lock down any sensitive data before it leaves the premises. As the Snowden leaks indicate, third party cloud surveillance is ubiquitous, so the more open your data and access policies are for harvesting, the greater the risks to your cloud security strategy.

Deploy an encryption scheme that provides limited, controlled, enterprise-exclusive encryption key access. When you retain exclusive control of your encryption keys, you eliminate that concern of a data breach regardless of where your data resides or how many copies of it exist.

In many jurisdictions, a breach of strongly encrypted data to which the enterprise holds the key does not require public notification.

Even the systems you and your CSPs may have in place to prevent accidental erasure of your data can pose dangers to your enterprise's data privacy.

While backups, redundancy and other failover strategies protect against data loss due to deletion or system failures, they also create extra opportunities for the theft of this data that you consider important.

Keep in mind that, if you terminate your services with a particular CSP, you can never be certain the data has been digitally destroyed.

Moving to the cloud need not be complicated. An important element is for businesses to decide what data to put in the cloud - and then to encrypt it and retain the keys.

Unsere Hochschule ist eine Tochter der Steinbeis-Stiftung für Wirtschaftsförderung. Das weltweit verzweigte Expertennetzwerk des Steinbeis-Verbunds deckt neben Aus- und Weiterbildung auch die Dienstleistungsbereiche Beratung, Forschung und Entwicklung sowie Analysen und Expertisen ab. Der Name Steinbeis steht für die effiziente und effektive Verzahnung von Theorie und Praxis, von Wissenschaft und Wirtschaft. 1983 in Baden-Württemberg in der heutigen Form gestartet, ist der Steinbeis-Verbund zum Synonym für konkreten wettbewerblichen Wissens- und Technologietransfer geworden. Zum Steinbeis-Verbund gehören über 800 Zentren, die fachlich spezialisiert sind und alle Technologie- und Managementbereiche abdecken. Die Zentren werden größtenteils von Professoren geleitet, die unsere Anforderung der Verzahnung von Theorie und Praxis leben. Wir fördern ein effektives und effizientes Zusammenwirken von wissenschaftlichen Einrichtungen und Wirtschaft, indem wir Wissens- und Technologiequellen streng nach den Spielregeln der Märkte verfügbar machen. Zentrale Rahmenbedingungen sichern in unserem dezentral organisierten Verbund das Zusammenwirken von unternehmerischer Eigenverantwortung und Orientierung gebenden verbindlichen Spielregeln.