At last the long wait is over, Microsoft finally reveals its official name for its new web browser plans last January, dubbed as Microsoft Edge, which is previously code-named Project Spartan.

Microsoft made the announcement at the annual Build Developer Conference 2015. Edge will replace Internet Explorer as the default browser of Windows 10 PCs, smartphones and tablets. It's not surprising that the nickname "Edge" is based on the new rendering engine that Microsoft is using for its Windows 10 browser which is called EdgeHTML.

Joe Belfiore, the Corporate Vice President, Operating Systems Group at Microsoft also said that the name was referred to the idea of Microsoft being on the edge of consuming and creating.

Microsoft Edge is designed to be a lightweight web browser with a layout engine built around web standards that is created for interoperability with the contemporary web.

The browser's new logo appears to be similar to the Internet Explorer's logo. However, the directions of the swirls have been changed and the color is a bit darker.

Microsoft Edge consists of unique features such as the ability to annotate on web pages, modern and futuristic design for new tabs which appear to have a flat design concept, jotting down notes or draw on top of web pages for a great way of reading and consuming content, favorites folder built into the browser, thumbnails of frequently visited websites, web applications and further integration with digital assistant Cortana to offer more personalized results and actions.

Developers will be able to carry their Chrome extensions or Firefox add-ons with just a couple of changes to Microsoft Edge.

Microsoft Edge also enables users to engage with sites and provide them a chance at starting to write some web code, which they may put into an application through web extensions built into the web browser.

Stay tuned on The Corliss Tech Review Group blog for more updates.

Let's get the scary stuff out of the way upfront: Cybercrime costs the global economy $575 billion annually, according to reports. The United States takes a $100 billion hit, the largest of any country, according to Politico. A report from former U.S. intelligence officials counted 40 million people whose personal information was stolen within the past year.

Online theft is huge, and it only seems to be getting worse. Hardly a week goes by without some story about hackers penetrating a computer system somewhere. Corporations, individuals, even White House servers were hacked last week. I sometimes wonder just how difficult it is for a determined bad guy to access grandma's checking account or your neighbor's IRA and grab those assets.

I am not the only one thinking about this. New York State Department of Financial Services issued a report on cybersecurity in the banking sector, where more than 150 organizations rely on third-party service providers for critical banking functions. The regulators want the banks to tighten security.

So should you.

We spend most of our time in financial markets looking at ways to deploy our capital: What assets to buy or sell, how much we should save for retirement, whether we should own more of these stocks and less of those bonds.

We don't spend so much time thinking about the ways we can lose that money - to fraud and to common theft. We should be more vigilant, especially as we move our lives online, with digital access to our checking and savings accounts, our online portfolios, even our taxes.

It is impossible to make yourself hack-proof, but you can make yourself less vulnerable.

It all starts with some common-sense security steps. Three ways you probably can improve your existing practices: Develop better e-mail habits, beef up password security and (as always) remember that your behavior is the root of most of your problems.

Get your e-mail act together

Every day, your inbox fills with all manner of junk. Some of it is merely time-wasting nonsense, but let's not forget about the really dangerous stuff: phishing schemes, malicious viruses and malware. It seems the only reprieve we get are those rare occasions when the main servers in Russia - a.k.a. Spambot Central - gets temporarily knocked off-line.

It's more than a huge productivity killer, it's a financial hazard. That $100 billion a year we mentioned above comes out of everyone's pockets. Even if you have not been hacked, you are paying for it in some way. Banking costs are higher as financial firms spend hundreds of millions of dollars a year on security.

People have tried a variety of ways to tackle this: Filters, whitelists, e-mail verifiers and trusted ID services; disposable ­ e-mail addresses from sites such as Mailinator; "junk" e-mail addresses from Hotmail, Yahoo or Google. And still the danger keeps coming.

I have a few tricks I use to keep the really nasty stuff under control, such as:

●View e-mail as plain text.

All of the bad links, embedded viruses and other malware go away when you select "view as plain text." Sure, you lose all of the graphics and links, but you lose the threats as well.

●Create a primary e-mail address.

This is your main address - for colleagues, clients and peers. Never share this e-mail address. Don't subscribe to anything using this address - no Internet mailing lists, no subscriptions, nada. Use this address alone for your finance- and business-related e-mails. Anything unrelated is junk; treat it that way. Block the domains of senders. Mark junk mail as junk.

●Use an e-mail forwarder.

I have been a big fan of Leemail.me. Instead of giving out my e-mail address, I use Leemail to auto-generate an address whenever I want to share my e-mail with an unfamiliar company. It forwards my e-mail from the company to me. When I want to shut that sender off, I flick a button.

Tracking the companies that share or sell your e-mail address is invaluable. The basic version of Leemail is, astonishingly, free, and the upgrade is only a few bucks a year.

●Don't hit "unsubscribe"; get blacklisted instead.

There are a number of companies that provide e-mail services to third parties, shops such as Constant Contact, Vertical Response and iContact. They are the middlemen between businesses and consumers. And while they claim to be "opt-in only" and not spammers, in truth, they are subject to whatever bad behaviors their clients engage in. They all have become legal quasi-spammers.

On every e-mail these companies send, there is an unsubscribe button. NEVER CLICK THAT. When you do, you are not unsubscribing. Rather, you are verifying that your e-mail address is legitimate.

Instead, go to the company Web site and track down the customer service number. Call customer service and insist on having your e-mail or domain "blacklisted." Thats the only way to ensure you will truly be unsubscribed. If the company refuses, file a Federal Trade Commission complaint.

Password security

If you were like I was five years ago, you had one simple password that you used for everything - Amazon, Facebook, Wall Street Journal - everywhere. This could've been disastrous. Now all passwords are different. Avoid the common errors, such as using birthdays or your kids' names. Never use sequential numbers. And for goodness sake, don't use "password" as your actual password.

Put all of your passwords on a document named something other than "My passwords." I find burying passwords somewhere in a spreadsheet to be useful. Print out a copy and place it in your safety deposit box with other important papers.

Your biggest risk? You.

I have said all too often that when it comes to investing, people are their own worst enemy. Behavioral problems are rife in security as well. Get into the practice of thinking about security, and soon it becomes second nature.

The Securities and Exchange Commission has gotten much more serious about personal financial data security. They have informed advisers and brokers that there is a duty to protect client data. When we set up our wealth-management practice, we put into place specific policies and procedures to protect clients:

● All sensitive information is sent by secure e-mail using a third party for encryption.

● We never e-mail Social Security numbers or account numbers or other private data via regular email.

● We went totally paperless. Our file cabinets are empty, everything is cloud based.

● Any documents that arrive are shredded, so even our outgoing garbage is secure with nothing usable to a thief.

Most of this is common sense. However, many people are still vulnerable. With smarts and a bit of awareness, you can make your financial assets much more secure.

Facebook is launching a social network for cyber security professionals to share information about threats that could lead to cyber attacks, as the US government and companies search for new ways to co-ordinate their defences.

The world's largest social network is stepping up its work in cyber security by teaming with other technology companies including Yahoo and online scrapbooking site Pinterest. The platform will enable companies to share clues about how hackers are behaving in the hope of preventing security breaches.

As cyber attacks hit companies from Sony Pictures to health insurer Anthem, the private and public sector are under pressure to work together to understand their adversaries. Hackers join forces and share tips to break into networks but so far, communication about cyber defence has often been haphazard.

Mark Hammel, Facebook's manager of threat infrastructure, said ThreatExchange had been developed from a system that Facebook was already using internally to make it easier to catalogue threats to the site in real time.

Facebook's decision to share the tool comes at a time when the company is trying to broaden its appeal beyond social interactions with friends and family and make the product a tool that is useful in the workplace. The company is also trying out a site and app called Facebook at Work, designed to facilitate internal collaboration between colleagues.

Mr Hammel said Facebook would give the cyber security service away for free, unlike some other threat detection systems.

"We feel that as our product's footprint has grown, with the number of people using it to communicate, we have the ability to spend more time on broader security issues that affect the internet," he said. He added Facebook was "really well positioned" with its "social sharing model" to direct a threat project such as this.

He added that Yahoo and Pinterest were good initial partners because they faced similar threats and had sizeable user bases. "Together, we're protecting a pretty sizeable percentage of the internet," he said.

The ThreatExchange comes after Barack Obama, US president, put information sharing at the heart of his cyber security proposals announced ahead of the State of the Union speech last month. He proposed legislation that would make it easier for companies to share information about cyber threats with the government.

The US government announced this week that it would be establishing a new agency, modelled on the National Counterterrorism Center with the aim of bringing together information from all arms of government during a cyber incident.

Mr Obama is expected to flesh out those proposals at a White House summit held at Stanford University on Friday, while appealing to the technology industry to do more to help.

The financial industry already leads the way in sharing information. The Financial Services Information Sharing and Analysis Center - known as FS-ISAC - joined the Depository Trust and Clearing Corporation, the post-trade services provider, last September to launch the first widespread not-for-profit intelligence service. The project is funded by 12 large companies from sectors including finance, energy and healthcare.

But many analysts say information sharing is a key challenge for cyber defences. Last year saw a steep acceleration in attacks on businesses. These included the largest ever breach of personal data at a retailer at Home Depot, as well as the attack on Sony Pictures that the FBI has said was orchestrated by North Korea.

With the trend today of making every new smartphone thinner than the last one, most would have to make a compromise between aesthetics and productivity. Usually, a nice and thin smartphone means shorter battery life and limited processing capability.

Fortunately for us, manufacturers are now moving towards extended battery life and excellent processing power even in thin handsets. Case in point: ARM's next generation A72 processors.

ARM Holdings, a microchip designer based in Britain, has announced a new processor for tablets and smartphones that boasts improved graphics and processing capability. Their new Cortex-A72 chip design and other improvements in related technology came just in time to help the handheld device industry which struggles with cooling demand.

Corliss Tech Review Group noted that much of the advancement could be credited to big improvements made in manufacturing technology, particularly from the Asian contractors.

An event in San Francisco was held where ARM announced that the new chips pack thrice as much computing power when compared with those in use today. It is now totally possible for manufacturers to use these new processors from ARM to get superb performance minus the strain in the device's battery. In fact, the company claims that in thin profile designs, the new chip could allow for as much as 75% reduction in power consumption.

The company's vice president of marketing also mentioned that the device has "more than enough" computing power to support complex processes on tablets and smartphones even without an Internet connection. Most of the smartphone processes today that are data-heavy are usually being handled by remote servers and not the device's processor itself.

Devices with this new processor technology are expected to be available by early next year. But according to Corliss Tech Review Group, 10 companies, including MediaTek of Taiwan and Rockchip of China, have already licensed ARM's new technology.

Two years ago, Google has hyped its Glasses device as the greatest thing since sliced bread -- and for a moment, many of us believed it.

During its launch, there was much enthusiasm on the part of the consumers and developers but now people seemed to be losing interest. (Whether that's because of the $1,500 price tag or the fact that you can't really find a place to buy it from remains unknown.)

While it may still sound supercool to geeks, Glass might not even reach the hands of the general public as developers are jumping out of the bandwagon. Some of them have felt the lack of support from Google, especially since an official public launch date is yet to be set. When Glass became available for developers in 2012, 10,000 units were reportedly sold. Then last year, it became available to tech lovers and media people but as of now, there's no news when it would become commercially available.

"It's not a big enough platform to play on seriously," said the founder of Normative Design Matthew Milan who discontinued their Glass app supposed to target fitness buffs.

According to Corliss Tech Review Group, out of more than a dozen Glass app developers, 9 have already put their efforts on hold owing to the limitations of the gadget and perceived lack of customers. Meanwhile, 3 of them have instead switched their focus on developing software for businesses.

"If there was 200 million Google Glasses sold, it would be a different perspective. There's no market at this point," said Tom Frencel, CEO of a game developer firm that held back its efforts to make a Glass game.

What's more, in the past 6 months, a number of Google employees responsible for the Glass development have reportedly left. Also, the Glass Collective, a funding consortium by Google Ventures has invested in only 3 startups this year and has taken down its website without notice. A spokesperson from Google Ventures said that the reason for the website closure is for entrepreneurs to come to them directly.

Google insists it's still committed to developing Glass. Chris O'Neill, its head of business ops said, "We are completely energized as ever about the opportunity that wearable and Glass in particular represent. We are as committed as ever to a consumer launch. That is going to take time and we are not going to launch this product until it's absolutely ready."

The formerly proud "Explorers" who go around the streets touting their Glasses are now getting flak for being "Glassholes". After all, no one really wants such evident threat to privacy hanging around in obvious, or obscure, places. In fact, someone from Google admitted himself that Glass is a perfect example of privacy issues concerning wearable devices.

Experts from Corliss Tech Review Group have already predicted that it's a tall order for Glass to be a mass-market gadget. It's more likely to go down the road of Segway; a supposedly cool invention that ended up being used only in professional and industrial settings.

This year's Lemelson-MIT Prize winner discusses grassroots ways for boosting the number of women in technology and business.

I have a confession to make: I've been living under a rock.

I've actually been b usy under here - running a bioengineering lab at MIT, starting companies, teaching, consulting, being a mom. But I've been so focused on keeping all the balls in the air that, until recently, I hadn't noticed that women typically aren't the ones starting technology companies.

To be fair, I had recognized that:

* Girls choose engineering less often and drop out of engineering disproportionately (the so-called "leaky pipeline").
* The percentage of women computer science majors peaked 30 years ago.
* The higher I climb, the fewer other women there are at the table with me.

I've also seen progress in gender equity in higher education. I just didn't realize until recently that the technology industry is light years behind.

In case you've also been under a rock, here are some numbers that I found truly astonishing. Women lead only 3 percent of tech startups, account for only 4 percent of the senior venture partners funding such startups and represent only 5 percent of the founders, advisors and directors at MIT technology spinoffs.

Are you as shocked as I was? What if I tell you that more than 50 percent of students in some MIT undergraduate science majors are women - and that's been the case for almost 20 years? Where do these talented women go, and what are the implications of that drain?

If we believe that entrepreneurship is a fundamental engine of progress, that it is a path to getting ideas into the world, then what does it mean for our society if the ideas that germinate in the minds of all those young women rarely turn into companies with products? (By the way, women-led private tech companies have 12 percent higher revenue and 35 percent higher return on investment than those led by men, according to the Kauffman Foundation. This shouldn't have to be true to make us care, but it actually is.)

The Lemelson-MIT Prize is an award for invention, for making discoveries useful through commercialization, and for inspiring the next generation. As the 2014 recipient, I am truly honored and grateful to the many people who have contributed to our collective track record using miniaturization tools to impact human health.

Here are three things that made a difference for me:

Great expectations: My biggest fan and mentor has always been my dad, himself a serial entrepreneur. When I became a professor, he had mixed feelings about me climbing the ivory tower. To encourage me, he asked one simple question: "When will you start your first company?" (As it turned out, I started my first company within five years. Since then, my students and have founded 10 companies between us.)

Microclimate: Many have noted the chilly climate for women in engineering. I've been extraordinarily lucky. Of my college tribe of girlfriends, four of us are now successful entrepreneurs. My best friend is among that 4 percent of women venture capitalists; in fact, she was named one of Fortune's Most Powerful Women. I'm fortunate to work alongside female founder colleagues, MIT's Technology Licensing Office, and the ever-inspirational Professor Robert Langer. Indeed, my microclimate is actually pretty warm.

Men who believed in me: Much has been written about visible role models for women. I try to be one, even when it's hard to put myself "out there." Along the same lines, I appreciate having had a working mom who was a trailblazer, having been one of the first women in India to receive an MBA. However, it's worth noting that the people in my life who have seen more for me than I saw for myself, who believed in me and promoted me, were mostly men, including my graduate advisor, my first investor, and my husband. The truth is that changing the face of technology requires the involvement of men who care about it.

I will donate some of the prize money to the MIT Society of Women Engineers. This organization runs fabulous outreach programs designed to keep young girls interested in the STEM fields (science, technology, engineering and math). I also look forward to supporting a program for women's entrepreneurship in MIT's upcoming Innovation Initiative.

I hope other institutions will follow suit and such initiatives spread as quickly and far as the ideas set forth in the gender equity report championed by MIT's beloved former president Charles Vest. I encourage you to also do your part: If you believe strongly in a talented woman you know, why not ask her when she will be starting her first company? It could be just the kind of great expectation that makes a real difference.

Self-tracking devices like the Fitbit do a fair, if imperfect, job at measuring how much you move and then inferring how many calories you've burned in a day. But they don't measure how many calories you consume. You can enter calorie estimates into an app, but doing so is a tedious and often inaccurate process.

GE researchers have a prototype device that directly measures the calories in your food. So far it only works on blended foods-the prototype requires a homogenous mixture to get an accurate reading. But they're developing a version of the device that will determine the calories in a plate of food-say, a burrito, some chips, and guacamole-and send the information to your smartphone.

Matt Webster, the senior scientist in diagnostic imaging and biomedical technologies at GE Research who invented the calorie counter, says eventually the device might be incorporated into a microwave oven or some other kitchen appliance. Heat your food, and at the same time get a readout of the precise calorie count, without measuring out portions and consulting nutritional charts.

Webster analyzed nutritional data from the U.S. Department of Agriculture-which contains detailed information on thousands of foods-and determined that it's possible to get an accurate calorie estimate using just three pieces of data-fat content, water content, and weight. The calories from all the other constituents of food-such as sugar, fiber, and protein-can be approximated by subtracting the water and fat weight from the total weight.

In tests using the prototype to measure mixtures of oil, sugar, and water, results were within 5 to 10 percent of the results from standard, destructive means of measuring calorie content, such as the bomb calorimeter that measures food calorie content by burning it.

The device works by passing low-energy microwaves through a weighed portion of food and measuring how the microwaves are changed by the food-fat and water affect the microwaves in characteristic ways. Getting a reading is easy using existing equipment if the food is liquid or blended. Getting a good reading for a sandwich and chips will require "virtual blending" Webster says. That could be done by developing microwave antennas that form a more uniform distribution of microwaves than the current equipment and using algorithms to get an average, or by progressively scanning the food. In either case, the complete measurement could be taken in a second or two.

Others are developing devices that are being marketed as being able to count calories. For example, a pair of devices have emerged recently on crowd-funding sites. But those devices are limited to analyzing the surface of most foods (they work by measuring reflected light). This approach might work to recognize a piece of food as an apple, for example, whose caloric content can be looked up in a database. It wouldn't easily work with a burrito, where most of the calories are wrapped up inside.

"We're looking at waves that pass all the way through the food. So you're getting a complete measurement of the entire food," Webster says.

9% of large organisations face security, hacking, phishing scams and internet fraud in mobile devices
Industry experts to share insights helping businesses defend from cyberattacks during security sessions and workshops at Gulf Information Security Expo & Conference

Dubai, United Arab Emirates: As the Middle East and Africa region continue to experience a rapid growth in the sales and penetration of smartphones, with a population of more than 525.8 million using mobile devices in 20131, an increasing number of malware attacks also pose a threat to millions of smartphone users. Tackling the importance of mobile security, the second Gulf Information Security Expo & Conference (GISEC) 2014, taking place from 9 to 11 June at Dubai World Trade Centre (DWTC), will discuss ways to secure the mobile environment against evolving threats.
The unfettered growth in mobility created an alluring opportunity for cybercriminals with 9% of large organisations experienced a security or data breach in smartphones or tablets, according to a 2013 PricewaterhouseCoopers (PwC) survey. The widespread use of mobile devices resulted to various cybercrimes such as hacking, phishing scams and internet fraud. Smartphones are usually attacked through malwares, Trojan horse viruses and malicious software such as Loozon and FinFisher.

Among the GISEC Conference speakers is Nader Henein, Advance Security Solutions, Advisory Division at Blackberry, who will talk about devising a fit-for-purpose bring-your-own-device (BYOD) security plan that capitalises on the innovation and productivity of a mobile workforce. Also included in his presentation are the introduction of more stringent authentication and access controls for critical business apps and balancing the legal and electronic recovery implications of mobile devices with governance and compliance.

Heinen will also tackle mobile malware tactics and recent advances in Android malware as well as dissecting the anatomy of a mobile attack. According to Sophos Mobile Security Threat Report 2014, the exponential growth in Android devices and the buoyant and largely unregulated Android app market produced a sharp rise in malware targeting that platform. SophosLabs has seen over 650,000 individual pieces of malware for Android, which has grown quickly in a short period of time due to the increasing use of mobile devices.
"Security for mobile devices, applications and content is a paramount concern in a mobility management strategy," said Ian Evans, Managing Director and Senior Vice President, AirWatch by VMware EMEA. "Allowing corporate-owned or employee-owned devices to access corporate data requires a strong enterprise security strategy to ensure the deployment is secure and corporate information is protected."

Brian Lord, Managing Director, PGI Cyber, commented: "PGI (Protection Group International) recognises that the growth of mobile device use is essential for commerce, governments and individuals. They increase efficiency, drive down costs and afford maximum flexibility. As with all information and communication media, they also come with their own security risks. PGI's solutions, whether advisory or technical, all encompass the security risk posed by mobile devices - whether that is an individual device or an integral part of an organisation's infrastructure - and afford protection without detracting from the huge value such devices bring." he added.
During the two-day conference, leading information security experts headlined by Robert Bigman, former Chief Information Security Officer at the CIA; Mikko Hypponen, Chief Research Officer at F-Secure and Wim Remes, Chairman of the Board of Directors at (ISC)2 will discuss various topics on cyber threats and cybersecurity.

Bigman's keynote address of Day 1 of the GISEC Conference will shed light on the vulnerability of Heartbleed, especially clear prevention methods the audience can use to protect their internal corporate networks under the theme 'Change the way you connect to the internet'. Hypponen - the man who tracked down the authors of the first PC virus ever recorded - will deliver his keynote address on Day 2 of the GISEC Conference and will discuss critical information security issues to empower one with superior protection. Remes will focus on strategies to map out existing infrastructures to adequately protect them against realistic threats among several others.

Meanwhile, GISEC will also hold free-to-attend security sessions on vendor-run educational presentations, workshops, demonstrations, informative speeches and case-studies giving I.T. professionals useful insights to help defend their businesses from cyberattacks. Based on the Official CISSP CBK® Review Seminar, (ISC)2 will offer an education programme focusing on two of the most challenging domains of the CISSP CBK: Information Security Governance and Risk Management; and Access Control delivered by an Authorised (ISC)2 Instructor. All attendees will receive CISSP certificate.

As the region's only large-scale information security platform, GISEC will gather industry, government and thought leaders as well as international and regional cybersecurity experts in various business verticals such as I.T., oil & gas, banking & finance, government, legal, healthcare and telecoms to meet the growing requirements for information security and countermeasures in the region.

The must-attend event is set to draw 3,000 trade visitors from 51 countries and more than 100 exhibitors from the world's leading information security companies and brands. 91% of last year's attendees were purchasing decision makers from a wide range of industries.

Among the key sponsors of the exhibition are BT Global as Strategic Sponsor; GBM as Diamond Sponsor; Spire Solutions and Protection Group International as Platinum Sponsors; Access Data, Websense International, Fire Eye and F5 Networks as Gold Sponsors; Research in Motion (Blackberry), CSC Computer Sciences, Guidance Software and Palo Alto Networks as Silver Sponsors. Meanwhile, Palladium is the sponsor for the IT Security Awards.

Powered by GITEX TECHNOLOGY WEEK, the region's leading Information and Communications Technology (ICT) event, GISEC is strictly a trade-only event and is open to business and trade visitors from within the industry only. GISEC is open 10am-6pm from 9-11 June. Visitor attendance is free of charge. For more information, please visit www.gisec.ae.

Two weeks after the Obama administration announced a groundbreaking criminal case, accusing five Chinese military officers of hacking into US companies to steal trade secrets, the accused have yet to be placed on Interpol's public listing of international fugitives.

What's more, there is no evidence that China would entertain a formal US request to extradite them.



Short of the five men flying to the US for a vacation, for example, there's no practical way they could be arrested outside China without help from foreign governments. It's also unclear whether the charges levied by the US are accepted internationally as crimes. No country so far has publicly expressed support for the groundbreaking charges.

The Obama administration described the unusual indictment on May 19 as a wake-up call for China to stop stealing US trade secrets. The FBI published "wanted" posters with pictures of all five Chinese military officers. Attorney General Eric Holder said such hacking suspects "will be exposed for their criminal conduct and sought for apprehension and prosecution in an American court of law".

Now, weeks later, that's looking less likely than ever, illustrating the complex legal and diplomatic issues posed by the indictment. There may be no viable options for Holder to make good on his word.

"The next step needs to be [we], here in the US, saying this is not just a US-China issue," said Shawn Henry, former cyber director at the FBI and now president of CrowdStrike Services, a security technology company. "This is a China-versus-the-world issue."

So far, the US does not appear to have the world on its side.

Neither officials in China nor the US said they would comment on any efforts by American prosecutors to arrest the Chinese military officers. The White House and State Department directed inquiries to the Justice Department, where spokesman Marc Raimondi said: "Our investigation is active, and we are not going to comment on specific actions to locate the individuals charged in the indictment."

A federal grand jury charged the five Chinese military officials with hacking into five US nuclear and technology companies' computer systems and a major steel workers union's system, conducting economic espionage and stealing confidential business information, sensitive trade secrets and internal communications for competitive advantage.

The US and China have no extradition treaty. And China's laws preclude extraditing citizens to countries where there's no treaty.

China has denied the hacking allegations and wants the US to revoke the indictment. A defence ministry spokesman, Geng Yansheng, said last week that the case ran counter to China-US military cooperation and had damaged mutual trust. Citing the suspension of dialogue on computer security, Geng said further responses from China would depend on Washington's attitude and actions.

"The Chinese are obviously not going to extradite their officials to the US," said John Bellinger, former State Department legal adviser. For this reason, Bellinger said he did not expect the US to make the request. "To ask them to do something that they're obviously going to then deny makes [the US] look ineffectual," he said.

The US can ask Interpol, the international criminal police organization, to place defendants on its "red notice" list of wanted fugitives, which would alert the 190 member countries if the men were to travel outside of China. But the five officers were not on Interpol's public list as recently as yesterday, although there were 24 other Chinese citizens on that list wanted by the US on charges that included fraud, sexual assault, arson and smuggling.

Raimondi, the Justice Department spokesman, would not say whether the US had asked Interpol to assign red notices to the men. Interpol does not allow red notices in cases it considers political in nature, but spokeswoman Rachael Billington declined to say whether Interpol considered economic espionage to be political.

"Whilst we could not comment on a hypothetical situation, requests for red notices are considered on a case by case basis to ensure that they comply with Interpol's rules on the processing of data," Billington said.

A former Interpol official said especially sensitive international cases were far more complex.

"In this kind of case, where it has a lot of attention around the world and involves superpowers, it's going to be more under a microscope about what they have," said Timothy Williams, former director of Interpol's national central bureau in Washington, and now general manager of G4S Secure Solutions, a security consulting company.

Interpol sometimes circulates secret red notices, such as cases involving sealed indictments or arrest warrants. But listing the five Chinese men secretly on Interpol's list would not be effective in this case, since China is a member of Interpol and would see that the US wants them detained if they were to travel outside China.

The Chinese defendants could argue they are immune from prosecution in the US under international law. Such claims were so often contested that the issue was under review by a United Nations commission, said Tim Meyer, a law professor at the University of Georgia in the United States. He expected the case of the Chinese to come up during the UN discussions.

"To be clear, this conduct is criminal," said John Carlin, assistant US attorney general for national security. "And it is not conduct that most responsible nations within the global economic community would tolerate."

But few countries want to upset China and suffer trade repercussions. The lack of support for the US position could also be due to other countries committing the same practices as China.

"I have no comments on the US action on China," said Joao Vale de Almeida, the European Union's ambassador to the U.S.

Still, the Obama administration says it is committed to bringing the five Chinese men to justice, and it says this case will be the first of many like it.

In a 2003 case, the US charged a Cuban general and two pilots with murder in the shooting down of two civilian planes in 1996. Like China, the US has no extradition treaty with Cuba. And, at the time, some questioned whether the indictment was politically motivated.

Eleven years later, the former US attorney in Miami in 2003, Marcos Jimenez, said the case against the Cuban military officials was still worth bringing, even if no one was ever prosecuted in the US.

"It's a message to the world that we're not going to tolerate these types of crimes," Jimenez said. "You can't just kill unarmed civilians in international air space. You can't just hack into our computer systems. These aren't things that we're just going to ignore and not prosecute."

That case has been stagnant since 2003.

The Star Wars Cantina of cybercriminals targeting your identity, health care, finances and privacy today might seem like a movie you've seen so many times you could lip sync the entire thing. Nevertheless, cybercrime and identity-related scams change faster than trending hashtags on Twitter, and the fact is nobody knows what's going to happen next. Who would have thought Apple's iCloud was vulnerable (much less to ransomware)? Or eBay? Data breaches are now the third certainty in life and sooner or later, you will become a victim.

According to the Privacy Rights Clearinghouse Chronology of Data Breaches tracking tool, at least 867,254,692 records were exposed through data breaches between 2005 and May 22, 2014. The Milken Institute says the number of compromised records was more than 1.1 billion between 2004-2012. The Identity Theft Resource Center reported 91,982,172 exposed records in 2013 alone. Frankly, it really doesn't matter who is right. The amount of information out there is simply staggering.

You probably realize that identity thieves are after your email addresses and passwords, but that's not all they want. In particular, each of us is attached to various sets of numbers that, when cobbled together, enable sophisticated identity thieves to get their claws into you. The fraudster doesn't need all your information to complete the problem set. They just need enough to convince others that they are you. Here are eight numbers that they are gunning for.

1. Phone Numbers

You want people to be able to call you; you may even list your phone number on a public-facing site. If you do, bear in mind some companies use your phone number to identify you, at least in part. With caller ID spoofing, it's not hard for a fraudster to make your number appear when they call one of those companies.

2. Dates and ZIPs

Birth, college attendance, employment, when you resided at a particular address, ZIP codes associated with open accounts -- these are all numbers that can help a scam artist open the door to your identity by cracks and creaks. Many people put this information on public websites, like personal blogs and social media sites. In the post-privacy era, it is imperative you grasp the concept that less is more. Another tactic worth trying is populating public-facing social media sites with inaccurate information -- though you might want to check each site's rules since some sites frown upon the practice.

3. PIN Codes

Card-skimming operations use a device to capture your debit card information while a camera records you as you type in your PIN code, making it very easy for a thief to replicate. Cover your hands and be paranoid, because it's possible someone actually is watching you.

4. Social Security Numbers

Your Social Security number is the skeleton key to your personal finances. There are many places that ask for it but don't actually need it. Be very careful about who gets it and find out how they collect it, store it and protect it. Whenever you're asked for your SSN, always consider whether the request is logical based upon the context of your relationship with them.

5. Bank Account Numbers

Your bank account number is on your checks, which makes a personal check one of the least secure ways to pay for something. Consider using a credit card. You get rewards, buyer protection and less of your information will be out there.

6. IP Addresses

Scammers can use malware and a remote access tool to lock files on your computer and then demand a ransom in exchange for access. A message informing a user that his or her IP address is associated with online criminal activity is a common scare tactic used in ransomware scams. Don't fall for it. While it's not difficult to track an IP address, there are a number of browsers that hide your IP address and associated searches from the bad guys, and there are fixes for ransomware.

7. Driver's License and Passport Numbers

These are critical elements of your personally identifiable information that represent major pieces of your identity puzzle and, once you have the number, these documents can be counterfeited. Countless times each day, millions of personal documents undergo major makeovers and suddenly feature new names, addresses and photographs of fraudsters.

8. Health Insurance Account Numbers

Health insurance fraud is on the rise, and one of the biggest growth areas is identity-related health care crimes. This can jeopardize your life -- not just your credit or finances, as the fraudster's medical information can be commingled with yours, precipitating blood type changes, and eliminating certain allergies to meds or presenting new ones. The results can be catastrophic when a course of treatment is prescribed based upon incorrect information in the file.

It's time to become a data security realist. Data breach fatigue is the enemy. Every new compromise and scam is potentially crucial news for you, since it may point to weak spots in your own behaviors and ways that your data hygiene might be putting you at risk. So keep reading articles about new threats to your personal data security, and read every single email alert that you receive -- though be careful of the obviously fake emails and always verify directly with the institution.

The smartest thing you can do is to assume the worst. Your personally identifying information is out there, and, in the wrong hands, you're toast -- even if you are really on top of things. That said, by monitoring your bank and credit card accounts and the Explanation of Benefits Statements you receive from your health insurers, you'll be in a better position to minimize the damage. Most importantly, read your credit reports. You can do that for free once a year at AnnualCreditReport.com, and use free online credit tools, like those on Credit.com, which updates your information monthly, explains why your credit scores are what they are, and give tips for what you can do to improve your credit standing. But then what?

It is also vital for you to have a damage control program in place once you suspect that you have an identity theft issue. Contact your insurance agent, bank and credit union account rep, or the HR Department where you work to learn if there is a program to help you recover from an identity theft. You may well be surprised that there is and you are already enrolled for free as a perk of your relationship.

While there is no way to avoid cybercrime and identity theft, there is plenty you can do to make sure the damage is minimized and contained, and that no matter what happens, your daily life can go on without too much disruption.

Read more related article…

Corliss Tech Review Group
Facebook
Twitter

Robocoin Bank users will be able to send bitcoin to phone numbers around the world

Leading Bitcoin ATM manufacturer Robocoin is upgrading its network of machines with bank-style features, including the ability to send funds to phone numbers.

The Las Vegas-based company, which launched the world's first Bitcoin ATM in Canada last October, said its ATMs in 13 countries will allow users to buy bitcoin or get cash in 12 currencies easily.

It's billing the new Robocoin Bank as "the fastest way to send cash worldwide."

The ATM services, which will launch this summer, will include the ability to store, access and send bitcoins from any ATM, or "branch," as the company is now calling them. They can also transfer bitcoin instantly without users having to wait for confirmation on the blockchain, the public ledger of transactions in the cryptocurrency.

The machines will also let customers withdraw cash from their bitcoin holdings.

In a move the company believes will disrupt the remittance industry, users will be able to send money to people by addressing it to a phone number instead of a Bitcoin address. If recipients don't have Bitcoin accounts yet, the funds will wait for them at their local machine.

For security against fraud, the ATMs will use three ways to authenticate users: a phone number that acts as a username, a PIN and palm-vein scans.

The manufacturer is hoping its revamped approach, as well as use of banking terms like "deposits" and "withdrawals," will broaden the appeal of Bitcoin beyond early adapters.

"The new Robocoin Bank removes the pain and the barrier to entry," Robocoin CEO Jordan Kelley wrote in an email.

"No longer do customers have to worry about private keys and public addresses. With the Robocoin Bank, customers deposit into their Robocoin Account and send money between phone numbers, not public keys, which will yield incredible network effects."

Bitcoin transfers have relied on public-key cryptography, which uses secret codes to verify a user's ownership of bitcoins. Private keys are matched to Bitcoin addresses, unique identifiers that allow users to receive the digital currency.

The Robocoin Bank will enable faster and easier transactions than before, Kelley added.

Robocoin did not immediately respond to a request for information about the bank's fee structure.

Japan become one of the latest countries to receive a Robocoin ATM when importing company Raimu unveiled in April the first of three it ordered from the U.S.

The machine is expected to be set up in the busy Shibuya district of Tokyo this month, according to Raimu.

LAHORE-The 3G technology, besides helping increase the GDP of Pakistan, encouraging infrastructure investments, will also help reducing fraud and economic leakage in financial sector and improve farm production in the agriculture sector. The evolution of technology has made life easier for customer base. The launch of 3G services is great news as it will not only improve the general standard of life and the quality of the way business is done but will also help boost the economy.

These views were expressed by the Ufone CCO Asher Yaqub Khan in an interview with The Nation. Following are details of the extracts of the talks with him.


Q: How 3G could be utilized for information?

AYK: Users can use 3G for watching TV on their handsets, downloading and streaming videos at high speed, sharing clips as well as enriched social media experience.


Q: How do you see loadshedding will affect the quality of 3G service on networks of telcos?

AYK: Loadshedding will not affect the quality of 3G service, in fact it will provide relief to our customers by facilitating them to use internet and watch their favorite programs or chat with their friends. The beauty of having 3G technology is that you can enjoy services on your phone even when there is no electricity provided you have your phone fully charged of course!


Q: Will a large section of customers' base, out of 132m, be able to afford the rates of 3G?

AYK: At Ufone, customers are our top priority and we will ensure that the transition will be as smooth as possible to provide the best packages. Even if you look at our history, we have been known to provide world class service at affordable rates and this will be the case with 3G too.


Q: Do we see price hikes across the band or the model will continue to be price-centric?

AYK: we will keep the tariffs as simple and customer friendly as possible. At Ufone, as we have always stressed, it is always about you. We do not believe in exploiting our customers. The approach will remain the same in future as well and we will continue delivering affordable services to our customer base that by the way, has been great to us in return as well.


Q: What are the challenges that are expected to create impediments in the fastest deployment of 3G networks?

AYK: One major hold up point is that the technology is only supported on handsets that are 3G compatible. So only users who have a 3G handset will be able to experience the technology.
Customer awareness of how to use services is another issue. We are working on building awareness for the technology. Setting up the technology is one thing but making customers aware about it and then selling it is another.


Q: What are your demands from the government related tax rationalization on mobile phone services as the telecom sector in Pakistan is made to suffer from discriminate and highest tax regime?

AY: This needs to be rationalized. Telecoms tax burden in Pakistan is amongst highest in the world and that effects all efforts of increasing teledensity. If we understand and acknowledge the sea change that access to telecoms can bring in our economy, I am sure we will appreciate the need for reduction of taxes here.


Q: What are some of the challenges in minimizing costs?

AYK: Increased taxes being levied by the government, indirect taxes, cost of infrastructure, power crisis, security issues, network shutdown, license cost, regulatory barrier on commercial activity as well as right of way the main challenge in minimizing costs.

The White House issued a warning last week: Big data may be harmful to our privacy.

Give the White House credit. It is trying to keep an important issue before the eyes of the public. OK, this one does not deal with Benghazi or Obamacare. But in the long term, it will probably be even more important. The topic is big data.

The White House issued two well-thought out reports last week, one on the ethical ramifications and another on the technical aspects of big data in our lives. The topic did not gather a lot of press coverage, probably because it is not as sexy as other issues. In addition, it did not draw a lot of attention. It is one of those issues that simmers, rather than boils.

Big data is the gathering of massive amounts of information from all kinds of sources, from bridge crossings to online purchases to Internet searches to tweets and phone calls to bank records. You name it. With the new power of computers, all of those data points can be quickly analyzed and directed to detect patterns. The problem is that some of these patterns tell too much about our personal lives and leave us open to exploitation.

The analysts may be the National Security Agency or your friendly broadband company. It can even be that ice cream store down the street. The records of how many raspberry ice cream cones you bought or which movies you watched on cable are being recorded and analyzed. The NSA wants to predict the likelihood of terrorists living next store. The grocery store wants to predict what soda you will buy and what it will take to make you buy more.

The White House reports were based on a series of conferences with experts from various fields. The experts lauded the potential for good that big data can bring us, but they also warned of dangers.

Among the positives that big data can bring us: Medicare and Medicaid searching records and decoding fraud. That has the potential of saving taxpayers millions of dollars. Locally, the New Castle County police department uses big data analysis to track reported crimes, from the most dangerous to the trivial. The patterns that emerge can help direct the location of officers and thus lead to a decrease in crime. Many cities around the country use big data analysis to track and predict locations of violent crime. Wilmington should take note.

On the other hand, government agencies like the NSA know our comings and goings, who we talked to on the phone and what messages we sent online. Delaware police agencies, like those across the nation, have large libraries of digital photos of car license plates as the cars moved intersections. Storage of those images can be harnessed to powerful computer programs to detect and track the movement of cars. We would be foolish if we believe that there will never be a breach of trust in guarding that information.

The White House's experts echoed that warning.

Big data will be both a blessing and a curse in the years to come. How we respond to warnings, like those from the White House, will determine which comes out on top.

 

The Heartbleed bug isn’t a “virus,” but a security error. The bug can be tested on Github and a website was set up to test out whether the bug affects a certain website, including well-known ones.

AP Update: 3 things you can do to protect from Heartbleed

The “Heartbleed” bug has caused anxiety for people and businesses. Now, it appears that the computer bug is affecting not just websites, but also networking equipment including routers, switches and firewalls.

The extent of the damage caused by the Heartbleed is unknown. The security hole exists on a vast number of the Internet’s Web servers and went undetected for more than two years. Although it’s conceivable that the flaw was never discovered by hackers, it’s difficult to tell.

There isn’t much that people can do to protect themselves completely until the affected websites implement a fix. And in the case of networking equipment, that could be a while.

Here are three things you can do to reduce the threat:

— Change your passwords. This isn’t a full-proof solution. It’ll only help if the website in question has put in place required security patches. You also might want to wait a week and then change them again.

— Worried about the websites you’re surfing? There’s a free add-on for the Firefox browser to check a site’s vulnerability and provide color-codes flags. Green means go and red means stop. You can download it here: https://addons.mozilla.org/en-US/firefox/addon/heartbleed-checker/https://addons.mozilla.org/en-US/firefox/addon/heartbleed-checker/

— Check the website of the company that made your home router to see if it has announced any problems. Also be diligent about downloading and installing and software updates you may receive.

Earlier AP Update:

NEW YORK (AP) — It now appears that the “Heartbleed” security problem affects not just websites, but also the networking equipment that connects homes and businesses to the Internet.

A defect in the security technology used by many websites and equipment makers have put millions of passwords, credit card numbers and other personal information at risk. The extent of the damage caused by Heartbleed isn’t known. The threat went undetected for more than two years, and it’s difficult to tell if any attacks resulted from it because they don’t leave behind distinct footprints.

But now that the threat is public, there’s a good chance hackers will try to exploit it before fixes are in place, says Mike Weber, vice president of the information-technology audit and compliance firm Coalfire.

Two of the biggest makers of networking equipment, Cisco and Juniper, have acknowledged that some of their products contain the bug, but experts warn that the problem may extend to other companies as well as a range of Internet-connected devices such as Blu-ray players.

“I think this is very concerning for many people,” says Darren Hayes, professor of security and computer forensics at Pace University. “It’s going to keep security professionals very busy over the coming weeks and months. Customers need to make sure they’re getting the answers they need.”

Here’s a look at what consumers and businesses should know about Heartbleed and its effects on networking devices.

— How is networking equipment affected?

Just like websites, the software used to run some networking equipment — such as routers, switches and firewalls — also uses the variant of SSL/TLS known as OpenSSL. OpenSSL is the set of tools that has the Heartbleed vulnerability.

As with a website, hackers could potentially use the bug as a way to breach a system and gather and steal passwords and other sensitive information.

— What can you do?

Security experts continue to advise people and businesses to change their passwords, but that won’t be enough unless the company that created the software in question has put the needed fixes in place.

When it comes to devices, this could take a while. Although websites can be fixed relatively quickly by installing a software update, device makers will have to check each product to see if it needs to be fixed.

Both Cisco Systems Inc. and Juniper Networks Inc. continue to advise customers through their websites on which product is still vulnerable, fixed and unaffected. Owners may need to install software updates for products that are “fixed.”

Hayes praises Cisco and Juniper for being upfront with customers. He cautions, though, that many other companies make similar products that likely have the bug, too, but haven’t come forward to say so.

As a result, businesses and consumers need to check the websites for devices that they think could have problems. They must be diligent about installing any software updates they receive.

Weber says that while there are some checks companies can do to see if their networking equipment is safe, they’re largely beholden to the device makers to let them know what’s going on.

Companies also need to make sure that business partners with access to their systems aren’t compromised as well.

— Are other devices at risk?

Hayes says the bug could potentially affect any home device that’s connected to the Internet, including something as simple as a Wi-Fi-enabled Blu-ray player.

He also points to recent advances in home automation, such as smart thermostats, security and lighting systems.

“We simply don’t know the extent of this and it could affect those kinds of devices in the home,” he says.

  

Version 4.1.1 of Android Jelly Bean was released in 2012

Millions of Android devices remain vulnerable to the Heartbleed bug a week after the flaw was made public.

Google announced last week that handsets and tablets running version 4.1.1 of its mobile operating system were at risk.

The search giant has since created a fix, but it has yet to be pushed out to many of the devices that cannot run higher versions of the OS.

It potentially places owners at risk of having sensitive data stolen.

In addition security firms warn that hundreds of apps available across multiple platforms still need to be fixed.

These include Blackberry's popular BBM instant messaging software for iOS and Android.

The Canadian firm has said that it will not issue a fix until Friday, but said there was only an "extremely small" risk of hackers exploiting the bug to steal its customers' data.

In the meantime the program remains available for download from Apple's App Store and Google Play.

Data theft 

News of the vulnerability with recent versions of the OpenSSL cryptographic software library was made public last Monday after researchers from Google and Codenomicon, a Finnish security firm, independently discovered the problem.

OpenSSL is used to digitally scramble data as it passes between a user's device and an online service in order to prevent others eavesdropping on the information.

It is used by many, but not all, sites that show a little padlock and use a web address beginning "https".

The researchers discovered that because of a coding mishap hackers could theoretically access 64 kilobytes of unencrypted data from the working memory of systems using vulnerable versions of OpenSSL.

Although that is a relatively small amount, the attackers can repeat the process to increase their haul.

Furthermore, 64K is enough to steal passwords and server certificate private keys - information that can be used to let malicious services masquerade as genuine ones.

Press reports initially focused on the risk of users visiting vulnerable websites, but attention is now switching to mobile.

At-risk handsets

 

UK versions of the HTC One S handset cannot currently be upgraded beyond Android 4.1.1

Google's own statistics suggest that fewer than 10% of Android devices currently run version 4.1.1.

However, since close to one billion people currently use the OS that is still a significant number.

Some of those device owners can protect themselves by upgrading Android to a more recent version.

But several machines are unable to be upgraded higher than 4.1.1.

Customer websites indicate these include Sony's Xperia E handsets, HTC's One S, Huawei's Ascend Y300 and Asus's PadFone 2.

"Privacy and security are important to HTC and we are committed to helping safeguard our customers' devices and data," said the Taiwanese firm.

"We're currently working to implement the security patch issued by Google this week to the small number of older devices that are on Android 4.1.1."

Asus said its device was "expecting an update imminently". Sony and Huawei were unable to comment.

Tab grab

 

Sony and Huawei were not able to say when they planned to patch vulnerable devices

Google has now created a fix to address the problem. However, manufacturers still need to adapt it for their devices and this software will need to be tested by the various operators before they release it.

Users can check which edition of Android they are running by going to the "about phone" or "about tablet" option in their Settings app.

Alternatively several free apps have been released that can scan phones and tablets to say if they are vulnerable.

Lookout - a security firm behind one of the products - explained how hackers might take advantage of a vulnerable handset.

"Someone could build a malicious website or advert designed to steal data from your memory," Thomas Labarthe, the firm's European managing director, told the BBC.

"If you happen to be browsing it and have other tabs opened in your browser, it could take data from a banking site - for example.

"No-one could steal a whole document - they can only take 64K of data - but that's still enough to steal your credentials."

'Forgotten about'

 

Blackberry aims to offer safe versions of its BBM app on Friday

Another security firm, Trend Micro, has focused on the issue of vulnerable apps.

These can affect any mobile operating system because the problem is caused by the servers that send data to the apps not having been updated to the latest version of OpenSSL.

Trend Micro said it was currently aware of 6,000 such risky apps, including shopping and bank-related services. That is 1,000 fewer than its figure for Friday - suggesting some server operators are addressing the problem.

But it acknowledged that it was hard for members of the public to know which of the hundreds of thousands on offer were safe to use.

"Some of these are services that were set up and then forgotten about," said senior malware researcher David Sancho.

"There's no way from using an app you can know if it's good or bad.

"So, for the moment, the best thing to do is use the ones from the major vendors that we know have been patched... but for the minor ones that have said nothing, be wary."

Human error is behind the latest threat to website security but giant corporations need to take their share of the blame

Were you a thriller writer seeking a name for an apocalyptic software security flaw that threatened the future of civilization as we know it, then "Heartbleed" would be hard to beat. Last week saw the discovery of such a flaw, and Heartbleed was the name assigned to it.

Most security flaws are of interest only to specialists, but this one was different. Why? Because it's been around for something like three years, during which time it could have exposed the passwords and credit card numbers that countless millions of people had provided to online stores and other services. Heartbleed would enable attackers to eavesdrop on online communications, steal data directly from services and users, and impersonate both services and users. It could have affected up to two-thirds of the world's internet servers. And unlike some earlier such problems, the solution isn't as simple as immediately changing one's password. It was, said Bruce Schneier, a security expert not much given to hyperbole, a "catastrophic" flaw. "On the scale of one to 10," he wrote, "this is an 11."

Heartbleed is a flaw in the computer code that encrypts your personal data while it's in transit from your computer to an online service. When you buy something from Amazon, say, or proceed to the checkout on any reputable site, then the URL you're dealing with will change from one prefixed by "http" to one prefixed by "https". This indicates that the Secure Sockets Layer (SSL) protocol has been invoked and that your personal data will now be transmitted only in encrypted form.

SSL is an essential component of the global e-commerce system, and the most common implementation of it is an open-source version called OpenSSL. Any flaw in it could indeed be catastrophic – which is why there was such a furore a while back when it was revealed that the National Security Agency had apparently been working actively to weaken the cryptographic protection that SSL offered. Not surprisingly, therefore, the default assumption when the Heartbleed story first surfaced was that the NSA must be behind it. But this comforting conjecture was rapidly discounted when it was realized that the flaw was most probably the result of a relatively mundane programming error.

It turns out that within OpenSSL there is something called the "heartbeat" protocol. This is needed to ensure that communications between user and site are kept alive even when the line goes quiet. What seems to have happened is that when one of the programmers who works on OpenSSL was doing a software update in 2011, he made a coding error which then – unusually for open-source software – went undetected for several years.

The implications of this are both intriguing and troubling. It's possible that the flaw – and the opportunities it provided for undermining the protections offered by SSL – was indeed undetected by anyone and that therefore the world of online commerce was safe even though the door to the safe was swinging open in the breeze. But most security people are unwilling to make that bet. Instead they are assuming that some people knew about Heartbleed and have been either quietly exploiting the vulnerability or using it to hoover up personal data for later nefarious uses.

An equally troubling implication is that huge online companies, instead of developing their own SSL code, simply lifted the OpenSSL code and just bundled it into their web-service software. They are perfectly entitled to do this, provided that they adhere to the terms of open-source licensing. But in behaving as they did they have in effect been free-riding on the public domain.

Most open-source software – and Open SSL is no exception – is produced voluntarily by people who are not paid for creating it. They do it for love, professional pride or as a way of demonstrating technical virtuosity. And mostly they do it in their spare time. Responsible corporate use of open-source software should therefore involve some measure of reciprocity: a corporation that benefits hugely from such software ought to put something back, either in the form of financial support for a particular open-source project, or – better still – by encouraging its own software people to contribute to the project.

If the giant internet companies had taken the latter approach to OpenSSL, then they might have spotted the Heartbleed vulnerability earlier. In which case we wouldn't be in the mess that we are in now. Sometimes the ethical thing to do turns out also to be the prudent thing to do.

Check to See if Yours Is One of Them

 

 

Disturbing news: The now-infamous Heartbleed security flaw might reach further than your favorite websites. It could affect your mobile device, too.

According to an announcement by Google, smartphones and tablets running a specific version of Android were affected by the widespread web security bug,

which could potentially spill your sensitive login information (like passwords).

The company assured Android owners in a blog post April 9 that most versions are not affected by the flaw. However, as Bloomberg notes, Google added that a version called 4.1.1 Jelly Bean is a “limited

exception.”

That version of Android was released in 2012 and is likely to be running on older Android smartphones. According to the most recent statistics released by Google, about 34 percent of Android devices use a version of

the 4.1 Jelly Bean software. Though the company said that fewer than 10 percent of devices in use are vulnerable, a Google spokesperson confirmed to Bloomberg that millions of devices still run 4.1.1 Jelly Bean.

So how can you check to see if your device is affected? You’ll need to go to the Settings menu of your phone and find your way to the About Phone section. There you’ll be able to learn what version of

Android you’re running and see if any updates are available.

There’s also a free Android app available that will tell you if your device is vulnerable to the bug.

Whether there is an immediate update to patch this bug is still unclear. Google’s blog post says that “patching information for Android 4.1.1 is being distributed to Android partners.” A Verizon

spokesperson told Bloomberg that the company was aware of the “security vulnerability referred to as ‘Heartbleed,’ ” and that the company was “working with our device manufacturers to test and deploy

patches to any affected device on our network running Android 4.1.1.”

We’ve reached out to Google for comment. In the meantime, fingers crossed that you’re not affected.

Viruses used to be so simple.

You'd go online with your dial-up modem, take 25 minutes to naively download an appealing-sounding .exe file, and suddenly a sheep would walk across the screen or an embarrassing e-mail would be sent to your entire address book. Some would even wish you a Happy New Year.

Annoying, maybe, but they had their own '90s cyber-kiddie sense of charm.

Some viruses, of course, were incredibly disruptive. Now, though, viruses and malware have become even more malicious. They're out for more than just hacker cred - they're out for your money.

For a long time, malware scammers used tactics known as Scare ware. The malicious software fraudulently claims that your computer has a serious virus infection then sends you to a page to buy their (useless) anti-virus software.

Related: Porn, Drugs, Hit men, and Hackers: This Is the Deep Web

While this is certainly still around, many people have gotten wise to the fraud. Now some scammers are playing hardball. Enter Ransom ware.

Ransom ware is a form of malware that encrypts files on your hard drives with a highly complicated algorithm then presents you with an ultimatum: Pay up or you lose your files forever. The inherent brilliance in the software is this: While the software can be removed, the files remain encrypted. Paying the ransom is the only chance you have to see your files again.

Although this scam has been around since 1989, only recently has it become widespread due to advancements in cryptography algorithms, the ability to extort via the anonymous currency Bit coin, and the digitization of once-analog items of sentimental value like family photos and home videos.

Some consumers are aware of the latest and most notable iteration of this trend known as Crypto Locker, which encrypts the user's data with a 2048-bit RSA Algorithm. The scammers weren't fooling around when they invented this complicated algorithm, which is incredibly difficult - if not impossible - to crack without a key, which will cost victims about $150 to $300.

Crypto locker has been incredibly successful. Owing to surprisingly good "customer service" - the majority of people who pay the ransom have their files restored - the men behind the Crypto locker curtain have raked in over $27 million in Bit coin over a period of three months, according to an examination of the Bit coin block chain by ZDNet.

Related: Cyber Crime Pays: A $114 Billion Industry

Due to the inherent success of the software, it seems only logical that a bevy of copycats would show up.

And they have. IN droves.

One version, which claimed the owner of the computer had been caught with illicit material on his computer, demanded a fine. The ordeal caused a Romanian man to take his own life and that of his son two weeks ago.

While Ransom ware has evolved as a threat to home computer users, it bears a sizeable risk to the business world as well. After all, the earlier versions of Crypto locker actually targeted business professionals, hiding it within emails claiming to be a "consumer complaint."

McAfee, the prominent maker of anti-virus products, predicts that Ransom ware in 2014 will evolve to further target businesses and business owners, and that the software will shift to the mobile realm this year. Scammers will, according to McAfee, use the information gleaned from business owners' mobile devices to gain a "tactical advantage" over the businesses, which could end up costing them untold amounts of money.

It's scary stuff certainly, but home users and business owners still have one easy way out - ensuring all their files are backed up using a cloud-based service, untouchable to any scammers.

In terms of which service to pick, there are hundreds of them out there.

*           Box for Business is an affordable option, offering a terabyte of storage per user, at a price of $15 a user.

*           Amazon's S3 offer's a pay-per-use monthly pricing scale at 10 cents a gigabyte.

*           At $55 a month for 3 users, Sugar Sync for Business is a slightly pricier option, but boasts a collaborative sharing platform and mobile access.

Suffice it to say, regardless of the particular needs of your family or your organization, there's a service out there's that caters to them. There's no excuse to keep only data stored locally.

Once everyone does this, Ransom ware will seem much less threatening.

AN increase in cybercrimes is costing Irish companies over €600m a year, according to a new report.

Reports of data breaches are mounting in Ireland as both foreign and Irish criminals infiltrate business computer systems, according to a Grant Thornton business report.

Common crimes include identity fraud, online scams, and cyber theft and cyber extortion.

Notifications of security breaches rose 36pc in 2012. Incidents are typically under-reported to the Data Protection Commissioner because company's fear a hit to their reputation should they disclose their security systems failed, according to Grant Thornton partner Mike Harris, who launched the company's cyber security service.

SECURITY

Breaches since 2011 include attacks on Loyalty build, Eircom Study Hub and Recruit Ireland. Loyalty build suffered a breach of customer data and credit card information and had to invest €500,000 on security.

It is estimated that 55pc of cybercrime is by international organized crime gangs - typically operating in countries where regulation is weak.

Mr Harris said: "Our estimate of €630m is likely to be below the actual level given that many companies still do not report security breaches for fear of the reputational damage."

He said Irish businesses should be focusing... on the ability to detect and react to data security breaches.

"It is not a question of if an Irish business will be subjected to an online attack, but a question of when," he said.