Posts Tagged ‘enterprise’

Apple Denies Working with NSA on iPhone Backdoor

December 31, 2013  |  All Things Digital  |  No Comments

Apple just responded to newly released documents claiming that the U.S. National Security Agency has a method for gaining backdoor access to its iPhone. It says it has never worked with the agency, and is unaware of the alleged program targeting the iPhone known as DROPOUTJEEP. The program was disclosed in a trove of documents leaked yesterday and shared by the security researcher Jacob Appelbaum and the German news magazine Der Spiegel. Here’s Apple’s statement in full: Apple has never worked with the NSA to create a backdoor in any of our products, including iPhone. Additionally, we have been unaware of this alleged NSA program targeting our products. We care deeply about our customers’ privacy and security. Our team is continuously working to make our products even more secure, and we make it easy for customers to keep their software up to date with the latest advancements. Whenever we hear about attempts to undermine Apple’s industry-leading security, we thoroughly investigate and take appropriate steps to protect our customers. We will continue to use our resources to stay ahead of malicious hackers and defend our customers from security attacks, regardless of who’s behind them. According to the Der Spiegel documents, DROPOUTJEEP is software that can be implanted on an iPhone. It provides SIGINT or signals intelligence including the ability to push and pull files from the phone, retrieve text messages, contact lists, voice mail messages, the phone’s location, and turn on the internal microphone and activate the camera. Data can be removed or “exfiltrated” as the slide reads, over wireless data connections. Here’s another interesting line, which you can read in the original slide below

Read More

You Won’t Believe All the Crazy Hardware the NSA Uses for Spying

December 30, 2013  |  All Things Digital  |  No Comments

Over the weekend we learned a lot about the National Security Agency’s Access Network Technology, or ANT, division, that, in the words of Der Spiegel, the German news magazine that first disclosed it based on leaked documents from Edward Snowden, can break pretty much any lock on any computing or network hardware you can think of. Now we can see the catalog itself. Courtesy this post on Leaksource, you can flip through the numerous single-page descriptions of the NSA’s specialized hardware. For example, there’s FEEDTHROUGH, a method for gaining access to firewalls from Juniper Network’s Netscreen product line. There’s also JETPLOW, which burrows into firewalls from Cisco Systems. In a stroke of irony that will not be lost on anyone , there’s HEADWATER, which is used on routers from China’s Huawei. Here are a few more that caught my eye: NIGHTSTAND, a mobile Wi-Fi exploitation and insertion device “typically used where wired access to a target is not possible.” PICASSO is an otherwise typical, if outdated, GSM wireless phone (including two models from Samsung) that “collects user data, location information and room audio” and allows data to be collected via a laptop or via SMS “without alerting the target.” And this one blows my mind: COTTONMOUTH-I. To the untrained eye, it looks like a typical USB plug at the end of an otherwise unremarkable USB cord. Inside there is a motherboard that provides a “wireless bridge into a target network as well as the ability to load exploit software onto target PCs.” Here’s where to find it, if you want to look for yourself .

Read More

HP Is Negotiating to Settle Bribery Charges

December 30, 2013  |  All Things Digital  |  No Comments

Computing giant Hewlett-Packard said today that it is in “advanced discussions” to settle investigations brought by two U.S. regulators concerning allegations of bribery. The company said it is under investigation by the U.S. Department of Justice and by the SEC for allegations that some former and current employees paid millions of dollars to win an IT contract with a Russian government agency. The investigations center on a 35-million-euro deal between a former HP subsidiary in Germany and the Russian General Prosecutors Office, and cover a time period beginning in 2001 and ending in 2006. The deal called for the HP subsidiary to install a new IT network at the Russian agency. The disclosure came in HP’s annual 10-K filing with the U.S. Securities and Exchange Commission. German authorities have indicted four people involved in the deal, including two former and one current HP employee, on charges of bribery, breach of trust and tax evasion. In the U.S., the DOJ has been investigating the deal under the Foreign Corrupt Practices Act. In the filing, HP also said that U.S. regulators, as well as those in Mexico and Poland, are investigating other bribery allegations relating to deals with certain public sector agencies in those countries. HP said in the filing that it is cooperating with all the agencies probing the Russian deal, and is in talks with U.S. authorities to resolve the matter. The investigations first surfaced in 2010 . It has been a tough couple of years for U.S.

Read More

CIOs Brand Enterprise Social Tools as Most Overhyped Technology of the Year

December 30, 2013  |  All Things Digital  |  No Comments

It’s the end of the year, and that means a plethora of stories and lists with a lot of hyperbolic words like “hottest” or “greatest” in the headline rendering some kind of judgment on the prior 12 months. Usually I tend to avoid these stories because there are too many of them . But I was attracted to this one in part because of its balance of the cynical and the not-cynical, and by the source of the survey data: The CIOs of large corporations. It comes by way of Sierra Ventures, the enterprise-focused venture capital firm based in Palo Alto, Calif. For years that firm has maintained a network of about 70 CIOs at some of the world’s biggest companies, and has routinely sought their input on their needs from directly in the corporate IT trenches. Sierra has in turn allowed that advice to help guide its investment decisions and how it helps its portfolio companies grow. Recently it held its annual CIO Summit, and the time came to ask about 40 of those CIOs what was on their minds. The result was a simple survey with one key question: What were the most overhyped and underhyped technologies being hawked to large enterprises during the year? The answers were pretty clear and, at least in the overhyped category, close to unanimous. The most overhyped, in their view, were social tools aimed at the enterprise. This would include products like Jive, Microsoft’s Yammer, Salesforce.com’s Chatter, Moxie, VMWare’s Socialcast and a host of others. Their reasoning, as Al Campa, a partner at Sierra Ventures put it, was equally simple: “They don’t feel there’s any evidence for a return on investment or ROI,” he said. “It just didn’t move the needle for them when compared to other technologies they looked at.” It’s a kind of predictable answer where CIOs are concerned, but not chief marketing officers, or CMOs, said Tim Guleri, a managing partner at Sierra Ventures. “CIOs are all about controlling spending and driving down their costs and finding money to fund innovation elsewhere,” he said.

Read More

Target Says PIN Numbers Among Data Stolen in Breach

December 27, 2013  |  All Things Digital  |  No Comments

Retail giant Target, still reeling from the disclosure that some 40 million credit and debit card numbers of its customers were stolen in a massive data breach, just announced that the among the information stolen were the personal identification numbers related to those cards. The company just issued a statement, which you can read in full below, saying that the data in question was “strongly encrypted,” meaning it would be difficult, if not impossible, for the attackers to put to use without significant computing power required to break the encryption. Target says it doesn’t keep copies of the encryption keys around, and the PIN information is only decrypted once it reaches the payment processor, someone like, say, First Data. “What this means is that the ‘key’ necessary to decrypt that data has never existed within Target’s system and could not have been taken during this incident,” the statement says. The breach affects people who used a credit or debit card at Target stores between Nov. 27 and Dec.

Read More

Intel Bets on Video Everywhere With Investment in Taiwan’s SanJet

December 27, 2013  |  All Things Digital  |  No Comments

Intel Capital, the investment arm of the world’s biggest chipmaker, made a bet on ubiquitous video today with a stake in SanJet, a Taiwan-based company that makes small video cameras and DVRs that are designed to be worn, mounted on the dashboards of cars, and go pretty much anywhere. Intel didn’t disclose the size of the investment — that will probably come later in a regulatory filing — but it did say that it came out of its $100 million Connected Car Fund and is intended to boost development of in-car video products. You can see some examples of the car cameras and a few other products in action at SanJet’s YouTube site here . SanJet is a four-year-old company that designs action-video cameras comparable to those turned out by GoPro, the popular sports-oriented video camera outfit , but with more of an emphasis on day-to-day, as-you-go recording. You might wear one while you ride your bike or as your drive your car. One model has a tubular shape that’s similar to the Ion Air Pro . The deal amounts to Intel Capital’s fifth investment in Taiwan this year. Last year, it invested $352 million in 150 deals, most of which were outside North America.

Read More

As ATD Draws to a Close, Here Are Some Staff Highlights — Part One: Kafka, Hesseldahl, Gannes

December 26, 2013  |  All Things Digital  |  No Comments

On December 31 at the stroke of midnight, All Things Digital will be no more. Of course, the archives of what we have written since April of 2007 — close to 38,000 posts — will remain in the digital ether for your perusal ( thanks, Edward! ). And, as has been reported elsewhere, the whole staff of ATD is reportedly moving on to a new online tech and media news effort with new investors and a new name (ironic, we know, but no comment from us!). While we are not exactly sentimental types, I asked the crew to come up with a few of the stories they liked best from their tenure. I am posting them here, three ATD writers today, three tomorrow, three on Saturday and two Sunday. (Note: I have not included Katherine Boehret and Walt Mossberg , as they did roundup pieces already for this site and The Wall Street Journal.) And, on Monday and Tuesday, I will round up the really remarkable highlight videos of 11 years of D conference speakers. Without tooting the horn too much, using tools of accuracy, fairness, quality and more than a little humor, you will see via this small sampling of stories a staff that has truly distinguished itself over the nearly seven years in bringing its audience the very best in news and analysis. I have posted only a handful for each, but it should give you a glimpse into the wide range of topics the ATD reporters have covered over the years.

Read More

The One Big Question About RSA and Its Relationship With the NSA

December 24, 2013  |  All Things Digital  |  No Comments

Last week, the Internet security world was jolted by a Reuters report detailing a secret $10 million payment to the security company RSA from the National Security Agency. The source of the information, Reuters said, came from new documents from former NSA contractor Edward Snowden. The point of the payment, according to the report, was to help the NSA boost the adoption of a formula it had created for generating random numbers, which was then inserted as the default option on RSA security products. The result would essentially amount to the creation of a “back door,” giving the NSA the ability to decrypt Internet traffic that had been encrypted using a product known as BSafe. On Sunday, RSA, a division of storage and IT giant EMC best known for its widely used security tokens, denied the report in a corporate blog post. It said that it has worked with the NSA for years and has never kept the relationship a secret, doing so with the intent of strengthening security products used in both the government and private sectors. But its explanation is incomplete — RSA’s statement has been attacked by many — and leaves many questions. Among them is one big one that hangs above all the others: What did RSA know about the algorithm that was ultimately found to contain the “back door,” and, perhaps more importantly, if it did have some idea, why did it say nothing about it for six years? The problematic formula is known as Dual EC DRBG, which stands for Dual Elliptic Curve Deterministic Random Bit Generator . Generating a random number is a crucial function in encrypting communications on the Internet. RSA included the software libraries for using it in BSafe products beginning in 2004. At the time, the method was on its way to being approved by the U.S.

Read More

Talk of an RSA Boycott Grows After Reports It Colluded With the NSA

December 24, 2013  |  All Things Digital  |  No Comments

A boycott may be brewing against security company RSA’s annual conference, in the wake of reports that the company used encryption technology that had been created by the U.S. National Security Agency in its products in order to create a “back door” in them. A well-known security researcher has announced that he is boycotting RSA’s annual security industry conference in San Francisco early next year, and will no longer deliver a scheduled talk at that event. In an open letter addressed to Joe Tucci, the CEO of EMC, of which RSA is a unit, and Art Coviello, the head of RSA, Mikko Hypponen, chief research officer at F-Secure, said he is “withdrawing his support for the event.” (See the full text of the letter below.) In a story on Friday, Reuters reported that RSA had accepted a $10 million payment from the NSA to use a random-number generator created by that agency in a widely used security product called BSafe. After being developed by NSA, the technology, known as Dual EC DRBG, which stands for Dual Elliptic Curve Deterministic Random Bit Generator , was recommended by the National Institute of Standards and Time (NIST) as an algorithm to create random numbers, a key part of the process of encrypting and securing data communications. RSA has issued a carefully worded denial of what Reuters described as a “secret contract” with the NSA. The company said that it has long worked with the NSA openly for what it described as an “effort to strengthen, not weaken” security products. RSA’s annual conference, scheduled Feb. 24-28, 2014, at San Francisco’s Moscone Center, is a significant event for large and small companies in the computer security industry, and is also widely attended by independent researchers. The conference boasts attendance of about 15,000 people. Hypponen has worked for F-Secure, based in Helsinki, since 1991. He’s a sought-out speaker on security topics, and is frequently quoted in the media (such as this example from AllThingsD in 2011 ), and has spoken at the influential TED conference. He has also has worked with law-enforcement agencies around the world. His research into the SoBig virus was the subject of a lengthy 2004 feature in Vanity Fair magazine. The name of the talk that he won’t be giving: “ Governments as Malware Authors .” Others in the security industry are talking about boycotting the RSA event, too.

Read More

BlackBerry Reports Massive $4.4 Billion Quarterly Loss, Inks a Deal With Foxconn

December 20, 2013  |  All Things Digital  |  No Comments

BlackBerry, the troubled Canadian smartphone company, just reported its quarterly results and, well, let’s just say its troubles aren’t getting any smaller. Its loss, on a GAAP basis, came out to $4.4 billion on revenue of $1.2 billion. That works out to a per-share loss of $8.37. The loss was the result of a huge $2.7 billion charge against assets, and another $266 million restructuring charge. After backing out those charges, the company lost $354 million, or 67 cents a share. It exited the quarter with $3.2 billion in combined cash and short-term investments. Sales fell by 56 percent compared to the year-ago quarter

Read More