Having your email hacked and malicious software spread on your
servers for months may be embarrassing. But being outed as the antivirus
vendor that failed to catch the vast majority of that malware is likely
more humiliating still.
The New York Times reported Wednesday that the paper has
been the subject of a sophisticated attack by Chinese hackers for the
last four months, following its reporting on the private wealth of
China’s prime minister Wen Jiabao. The story offers a rare and detailed post-mortem
of what appears to be the work of a team of well-trained infiltrators
who systematically and stealthily gained access to and collected the
news outfit’s private information as the paper dug into a subject
perceived as highly sensitive by the Chinese government.
One fact, however, will be of particular concern to the world’s
largest antivirus firm, Symantec: Out of the 45 different pieces of
malware planted on the Times‘ systems over the course of three months, just one of those programs was spotted by the Symantec antivirus software the Times used, according to Mandiant, the data breach response firm hired by the Times. The other 44 were only found in Mandiant’s post-breach investigation months later, according to the Times‘ report.
Symantec, which sells the widely-used Norton Antivirus, declined to comment for the Times‘ story, citing a policy of not speaking about clients’ cases, and the company didn’t respond to my request for comment either.
Update: A Symantec spokesperson seems to have responded in the comments below.
It may come as little surprise that antivirus programs largely fail to detect the type of custom-built malware the Times‘
hackers used, as opposed to previously-seen strains of malicious
software often re-deployed by less sophisticated cybercriminals. A study
by the Times‘ breach response firm, Mandiant, in 2010 found that only 24% of the custom malware it found on its clients’ systems had been detected by antivirus.
Another analysis performed by the security firm Imperva along with
the Technion Israeli Institute of Technology found that antivirus
managed to detect only 5% of new threats, and that it took an average of
four weeks for antivirus firms to identify a new piece of malicious
code. “Although vendors try to update their detection mechanisms, the
initial detection rate of new viruses is nearly zero. We believe that
the majority of antivirus products on the market can’t keep up with the
rate of virus propagation on the Internet,” their paper reads.
Symantec’s track record in the Times appears worse still.
But it’s worth noting that its peers would likely have been equally
useless: The security firm actually outperformed most of its competitors
in the most recent tests by German antivirus testing firm AV-Test,
which gave Symantec a rating of 5.5 out of 6 for protection of Windows 7 in its latest enterprise antivirus analysis, a better score than McAfee, Kaspersky, or Microsoft.
It’s not clear exactly what lesson companies can draw from the Times‘
penetration. The paper’s chief security officer Michael Higgins says he
suspects the breach began with a highly-targeted email sent to
unwitting employee and containing an infected link or attachment–a
difficult sort of attack to prevent. But at the very least, it shows
that antivirus protection alone barely represents a speed bump to
determined hackers.
Read the Times‘ full story about its hacker infiltration here.
Legal protection for people who unlock their mobile phones to use them on other networks expired last weekend. According to the claims
of major U.S. wireless carriers, unlocking a phone bought after January
26 without your carrier's permission violates the Digital Millennium
Copyright Act (“DMCA”) whether the phone is under contract or not. In a
way, this is not as bad as it sounds. In other ways, it's even worse.
What changed? The DMCA prohibits
"circumventing" digital locks that "control access" to copyrighted works
like movies, music, books, games, and software. It's a fantastically
overbroad law that bans a lot of legal, useful, and important
activities. In what's supposed to be a safety valve, the U.S. Copyright
Office and the Library of Congress have the power to create exemptions for important activities that would otherwise be banned by the DMCA. In 2012, EFF asked for - and won
- exemptions for jailbreaking or rooting mobile phones to run
unapproved software, and for using clips from DVDs and Internet video in
noncommercial vids. Consumers Union and several smaller wireless
carriers asked for an exemption for unlocking phones. The Copyright
Office granted their exemption too - but sharply limited the window to
just a few months.
First, the good news. The legal shield for
jailbreaking and rooting your phone remains up - it'll protect us at
least through 2015. The shield for unlocking your phone is down, but
carriers probably aren't going to start suing customers en masse,
RIAA-style. And the Copyright Office's decision, contrary to what some
sensational headlines have said, doesn't necessarily make unlocking
illegal.
Unlocking is in a legal grey area under the
DMCA. The law was supposed to protect creative works, but it's often
been misused by electronics makers to block competition and kill markets
for used goods. The courts have pushedback,
ruling that the DMCA doesn't protect digital locks that keep digital
devices from talking to each other when creative work isn't involved.
And no creative work is involved here: Wireless carriers aren't worried
about "piracy" of the software on their phones, they're worried about
people reselling subsidized phones at a profit. So if the matter ever
reached a court, it might well decide that the DMCA does not forbid
unlocking a phone.
Now, the bad news. While we don’t expect mass
lawsuits anytime soon, the threat still looms. More likely, wireless
carriers, or even federal prosecutors, will be emboldened to sue not
individuals, but rather businesses that unlock and resell phones. If a
court rules in favor of the carriers, penalties can be stiff - up to
$2,500 per unlocked phone in a civil suit, and $500,000 or five years in
prison in a criminal case where the unlocking is done for "commercial
advantage." And this could happen even for phones that are no longer
under contract. So we're really not free to do as we want with devices
that we own.
Phones are, of course, the tip of the iceberg of problems the DMCA has created.
It kills aftermarkets, interferes with legitimate research, and
squelches creativity in new media. The exemptions created by the
Copyright Office can be helpful but, as this episode shows, they are too
narrow and too brief.
They also turn a small, specialized federal
office into a sort of Technology Regulation Bureau. It's absurd that
this small group of copyright lawyers and librarians is tasked with
making decisions about the future of electronics markets.
So what can we do? Creating and defending the
next round of exemptions will start in late 2014. If lawsuits happen,
the courts should recognize that the DMCA is being misused, and refuse
to apply it to anti-competitive software locks. Ultimately, what we
really need is to either fix the exemption process or reboot the
anti-circumvention provisions of the DMCA, or both.
Any successful company is going to draw criticism. Google probably
gets more of it than others because of their ‘Don’t Be Evil’ motto.
Algorithm changes shuffle branded sites higher and people shout ‘evil!’
Google begins to disintermediate certain verticals and people shout
‘evil!’
Most of the posts about Google’s evil ways focus around these two themes. So
much time and energy is spent raging against changes that are simply a
reflection of us – the user. When we collectively stop shopping at
branded stores over smaller boutiques then we’ll see that reflected in
our search results.
And the last time I checked no one was mourning the demise of the
milk man or shedding tears over Tower Records or Blockbuster. It sucks
if you’re the business getting disintermediated but do you really want to go to another website to get the current weather?
Evil? It’s not Google, it’s you.
Google’s Evil Plan
Instead of talking about all of these natural business moves and conjuring up some nefarious plot, I want to talk about Google’s real strategy. Here’s the truth. Here’s Google’s plan. Get people to use the Internet more.
That’s it. The more time people spend on the Internet the more time
they’ll engage in revenue generating activities such as viewing and
clicking display ads and performing searches.
The way Google executes on this strategy is to improve speed and accessibility
to the Internet. Google wants to shorten the distance between any
activity and the Internet. Lets look at some of Google’s initiatives
with this in mind.
Chrome
Firefox was doing a bang up job of breaking Internet Explorer’s
browser monopoly. Chrome certainly hastened IE’s decline and helped secure more search volume. Yet Chrome developers have long said that their goal isn’t market share but to make the browsing experience faster.
In a very nearsighted way, making browsers faster is the goal. Yet,
the faster the web experience, the more page views people rack up and
the more searches they’ll perform.
Chrome is about reducing the friction of browsing the Internet.
SPDY
Google can only do so much with Chrome to speed up the web. Enter SPDY, an open networking protocol, which looks to be the basis for HTTP 2.0.
Its goal is to reduce the latency of web pages.
That’s technical speak for making the web faster. This is what users
want. This is what makes users happy. Milliseconds matter when it comes
to user satisfaction. And satisfying the user is great for business.
Android
Similar to Chrome, Google saw that users would increasingly access
the Internet via phones. They learned from their web browser experience
and decided to jump into the vertical early and it’s paid off. Google now commands nearly 54% of the smartphone market.
Android doesn’t have to make money directly. It provides unfettered
access to revenue generating activities and allows Google to push the
industry forward in terms of speed.
Motorola Mobility
Not content to simply push the envelope with software, Google decided
to grab Motorola Mobility and improve on hardware too. The rumors around the Google X phone are increasing.
Long battery life and wireless charging are two of the more
tantalizing possibilities These are clearly features that would greatly
benefit users but … they also ensure that you’ll nearly always be able
to connect to the Internet. See how that works?
Google Now
Not using the Internet enough? Google Now
can help change that by automagically serving up useful cards based on
your search history and behavior. Don’t get me wrong. I like Google Now
and find it to be more and more valuable as they add more functionality.
But it’s no mystery that predictive search is also about stimulating more Internet activity.
Google Fiber
Many seem to think Google is crazy to pursue fiber. It’s massive. It’s expensive. But it’s also exactly in line with their goal of increasing Internet usage. In fact, they’re pretty clear in the messaging on the Google Fiber page.
Google Fiber starts with a connection speed 100 times
faster than today’s broadband. Instant downloads. Crystal clear high
definition TV. And endless possibilities. It’s not cable. And it’s not
just Internet. It’s Google Fiber.
It’s not that Google would control the transmission (though that’s a
nice side benefit), it’s that the friction to using the Internet would
be nearly zero.
Can it be any more clear? Google wants ubiquitous Internet access.
Google Drive
I often see people argue that the cloud is Google’s big picture
strategy. I think that’s still missing the point. The cloud is a means
to an end.
Giving people the ability to access files from anywhere simply keeps them online longer. You don’t have the browser off working on your document, instead your online editing and saving your document. You’re searching for those documents.
You’re just a browser tab away from areas of the Internet where
Google makes money. In short, Google Drive shortens the distance between
work and activities that produce revenue for Google.
Chromebook
Taken to the extreme, Chromebook is essentially a computer that runs off the Internet and cloud. Everything is done online.
A new type of computer designed to help you get things done faster and easier.
Faster. There’s that word again. And easier is just a friendly way of
saying ‘reduce friction’. At $199 and $249 Google is hoping that this
new type of computer will start to find a market. This strikes me as the
ultimate lock-in.
Google+
So what about Google+? At first blush, it doesn’t seem to fit.
I still believe a substantial reason for building Google+ was to
develop better social signals and increase search personalization.
However, I think the time spent in places where Google couldn’t reach
(aka Facebook) was troubling.
Google needed to break the stranglehold Facebook had on social
attention. They’ve certainly made inroads there and that’s really all
they needed to do to ensure attention didn’t pool and persist in a
Google dead zone.
Self Driving Cars
I’m shocked that people don’t see the brilliance of a self-driving car. The average commute time in the US is 25 minutes (pdf). So that’s nearly an hour each day that people can’t be actively on the Internet. Yet, they obviously want to be.
If you play Ingress (like
I do) you can see where XM (roughly phone usage) is highest. It’s super
high in parks and doctor’s offices and movie theaters. But it’s also
concentrated at intersections. A red light and we’re diving for our phones.
Now imagine a self-driving car and how much more time you’d have to …
be on the Internet. I’m just talking about commuting which is less than
20% of the driving done in this country! A self driving car unlocks a vast amount of time that could be spent on the Internet.
Google Glass
I know the latest big thing is Sergey on the Subway
but to me his skydive was more transformative. The message? Even if
you’re falling out of the sky you can still use the Internet.
Google Glass could be the ultimate way to keep you connected to the Internet.
Perhaps we’ll reach a point where much of our consciousness is
actually online. Why waste your time remembering useless things when you
can simply retrieve them from your personal cloud?
Sometimes the future
in Charles Stross’ Accelerando seems almost inevitable.
Mind you, at times I feel the urge to live in a cabin in the woods
but it’s usually quickly followed with a caveat of ‘with good satellite
coverage or Internet access.’
Google TV
I think YouTube was initially thought to be the future of TV. The
problem is that we’re very entrenched in traditional TV and inertia (and
a lack of proper execution by Google TV) has allowed traditional TV to catch up.
This is the one place where Google is behind. Maybe Google TV picks
up steam, or Google Fiber is the wedge into homes or Google acquires
someone big like TiVo or Netflix.
Twitter is also both a major rival and potential acquisition target because of their position as the glue between screens.
Share of Time
I’m surprised that no one has compared Google’s strategy to Coke’s now abandoned ‘share of stomach‘ strategy. Google wants people to spend more of their time on the Internet. Think about that.
Once again it comes down to the ‘Don’t Be Evil’ motto. Coke didn’t
care if they were creating a health epidemic as they rang up profits.
Google, on the other hand, believes their services can improve our lives.
That kind of belief is what the tin foil hat conspiracy folks should really be worried about. It’s not any small tactical gaffe that could be chalked up in the evil column. It’s that Google believes they’re doing good. I sort of think so too.
TL;DR
Google’s strategy is to get people to use the Internet more. The more
time people spend on the Internet the more time they’ll engage in
revenue generating activities. As such, nearly every Google effort
is focused on increasing Internet speed and access with the goal
to shorten the distance between any activity and the Internet.
// AJ Kohn // January 27th 2013 // Technology
http://www.blindfiveyearold.com/google-evil-plan
40 inShare
In early January, Facebook began testing free calling over Wi-Fi and cellular data for all Messenger for iPhone
users in Canada, and said that a US launch could be coming soon.
Apparently, the test went well — a new free calling button has appeared
in the app. Facebook has confirmed to The Verge that the feature
began rolling out to US users today, and requires no update through the
App Store. To make a call to another Messenger for iPhone user, all you
need to do is open a conversation with that person, tap the "i" button
in the top-right corner, and tap Free Call.
If you live in the US, you can now call other Facebook users for free over Wi-Fi or using your phone's data connection
What this means is that if you live in the US, you can now call other
Facebook users for free over Wi-Fi or using your phone's data
connection while you're on the go. When you call someone, a push
notification appears on their screen that says "Ellis Hamburger is
calling," for example. The feature is especially critical for people
with bad cell service at work or at home, and for those who want to
conserve cell phone minutes. It's also a huge step for Facebook — which
with a single feature emerges as one of the largest communities of VoIP
users in the world. After a few tests, the call quality sounds very
good, and is certainly on par with competitors Viber, Vonage, and Skype —
which have had the feature for some time, but all have much smaller
user bases.
Facebook has had a partnership with Skype for video calling inside Facebook's website
since summer 2011, but Messenger still notably lacks video calling.
Facebook offered no more details or information about an international
rollout, VoIP calling through its Messenger for Android app, or VoIP
calling through its website, but we'd bet these things are coming soon.
By Ellis Hamburger
http://www.theverge.com/2013/1/16/3883538/facebook-launches-free-calling-in-messenger-for-iphone-us
The International Game Developers Association will not seek to impede
scientific study into links between games and real-world violence but
asks that any new research also explore benefits of violent video games.
Vice President Joe Biden meets with pro-gun groups in Washington.
(Credit:
Getty Images)
Ahead of a meeting
between Vice President Joseph Biden and video game makers, one of the
trade organizations representing game developers put out a statement
today saying it "does not seek to impede more scientific study about our
members' products."
In a letter to Biden
the International Game Developers Association's Daniel Greenberg wrote
that the organization would "welcome more evidence-based research into
the effects of our work to add to the large body of existing scientific
literature that clearly shows no causal link between video game violence
and real violence."
Greenberg also urged Biden to look at the
positive effects of game playing. "Instead of simply trying to find
negative effects, we ask that any new research explore the benefits of
violent video games, too."
The vice president heads a commission
charged by President Obama to come up with recommendations to stem gun
violence. His report is due by the end of the month.
Here's the text of Greenberg's letter:
Re: Task Force on Shootings Policy Recommendations
Dear Mr. Vice President,
Thank you for your call for information to inform policy recommendations on America's problem with gun violence.
The International Game Developers Association (IGDA) is the primary
membership organization serving individuals that create video games. We
are a nonprofit organization with more than 100 chapters in major U.S.
and international metropolitan areas and over 30 special interest groups
and committees. The IGDA is committed to advancing the careers and
enhancing the lives of game developers by connecting members with their
peers, promoting professional development, and advocating on issues that
affect the developer community.
The Need for Science Unlike some industry groups, the
IGDA does not seek to impede more scientific study about our members'
products. We welcome more evidence-based research into the effects of
our work to add to the large body of existing scientific literature that
clearly shows no causal link between video game violence and real
violence.
We ask that any new government research look at the totality of
imaginary violence. Instead of simply trying to find negative effects,
we ask that any new research explore the benefits of violent video
games, too. For example, recent research shows a steam valve effect in
which violent video gameplay helps release stress and aggression before
it can lead to violence. Others studies have indicated that recent
declines in real world violence can be attributed in part to potentially
violent people spending more time looking for thrills in video games
instead of on the streets. Psychologists tell us that playing with
imaginary violence is healthy and can help children master experiences
of being frightened. This is beneficial and can even be life saving. We
can supply links to this research and spokespersons on these issues. The
IGDA supports good research and we ask for more science, not less.
Rights The U.S. Supreme Court upheld the
Constitutional protection of video games in 2011, finally extending to
video game developers the same legal protections enjoyed by authors,
filmmakers, and musicians. We are grateful that our artistic works are
finally beyond legal threat, and we do not take our newly recognized
First Amendment protection for granted. We understand that our rights,
like all rights, are limited. We may not make games that are libelous or
pose a clear and present danger to others. The government has a valid
role in protecting people and especially children from products that are
genuinely dangerous. While scientific study has shown that imaginary
violence in video games does not cause real world violence, the game
developer community recognizes that we have responsibilities along with
our rights.
Responsibilities Game developers have been engaged in
active and passionate discussions about our role in society and our
responsibilities for decades, often facilitated by the IGDA. One way
that game developers choose to recognize our responsibilities is by
creating games with richer, deeper meanings in the lives of our
audiences and by offering a wider range of experiences available than
ever before. For example, some violent games add nonviolent options and
solutions based on problem-solving and player creativity. Other games
offer greater rewards for mercy and compassion. Many popular video games
offer tough lessons in making better choices through interactive
storylines that let players experience the consequences of their
actions. And some game developers have responded to real world violence
by creating games designed for conflict resolution, anti-bullying and
aggression reduction. The government can help this process by supporting
this unique, cutting edge research into harnessing the power of video
games to help solve our nation's problem with violence.
Unique Artistic Medium As creators, working in one of
the most popular new forms of art and entertainment, we recognize that
video game development not only allows us to express ourselves, but the
games we make allow players the chance to express themselves as well.
Due to the unique nature of interactivity, video gameplay is not a
passive, one-way experience, but an active experience that can be
exponentially expanded in multiplayer environments. Governments should
not be seeking ways to constrain this emerging medium so early in its
development by scapegoating video games for societal ills. The U.S.
government did irreparable damage to the comic book industry in the
1950s by using faulty research to falsely blame juvenile delinquency and
illiteracy on comic books. The comic book industry never recovered in
sales to this day. Censoring violent comic books did not reduce juvenile
delinquency or increase literacy, it decimated the production of one of
the few kinds of literature that at-risk youths read for pleasure.
Censoring video games could have similar unintended consequences that we
cannot currently foresee. Ironically, comic books are now used as part
of the solution to illiteracy, even by the government. It may seem
counter-intuitive, but video games, even violent video games, could be
part of the solution here, as well.
Our hearts go out to the victims and survivors of mass shootings. We
support your efforts to reduce real-world violence. But we would not
want to see those efforts diverted toward noncausal sources and away
from meaningful change to real dangers. This is an important effort, and
we look forward to working with you further.
Sincerely,
Daniel Greenberg
Chairman, Anti-Censorship and Social Issues Committee
International Game Developers Association
by Charles Cooper http://news.cnet.com/8301-13578_3-57563302-38/game-developers-urge-balanced-approach-in-biden-probe-of-violence/?part=rss&subj=news&tag=title
LAS VEGAS--A senior Lenovo executive has again reiterated the Chinese
company is planning for a Windows Phone 8 handset and, should the plans
be approved, consumers have a "good chance" of seeing it released this
year.
JD Howard, vice president of business operations & worldwide
business development at Lenovo's Mobile Internet and Digital Home (MIDH)
business group, told ZDNet Asia in an interview here Wednesday that as a
device manufacturer, the company will go where the market leads in
terms of deciding which operating system (OS) to include in its
handsets.
Android is currently "very solid" and Lenovo is riding the OS' success with the latest portfolio of six phones it unveiled at this year's Consumer Electronics Show (CES), including its flagship K900 smartphone and the enterprise-ready IdeaPhone P770, he said.
However, Howard said should consumers be concerned over any possible
security vulnerabilities in Android OS, or that the phones are made in
China, the security features in Windows Phone 8 should help mitigate
many of their fears. This is why the MIDH unit has put in a proposal to
develop smartphones running Windows Phone 8 OS to the management, given
that it is Lenovo's planning cycle now. He said its fiscal year ends in
March 2013, and any concrete decisions will only be known in April.
That said, should the management give the greenlight, there is a
"good chance" consumers will see a Lenovo-branded Windows Phone 8
handset in 2013, the vice president stated.
News of the company's plans to produce a Windows Phone handset proved premature in 2012, when online news site ChinaTechNews.com reported in June the company will launch the device last autumn.
Rival Huawei Technologies on Tuesday unveiled its own Windows Phone 8 phone--the
Ascend W1--at CES. The Ascend W1 is 10.15mm thin and features a
4-inch 480x800 LCD screen with OGS technology. It is powered by
Qualcomm's Snapdragon S4 dual-core 1.2GHz processor and Adreno 305
graphics processing unit (GPU), the company stated. Credit: Huawei
The Ascend W1 will be available in China and Russia from January
2013, followed by western Europe, the Middle East, the United States,
and other selected markets, it added.
By Kevin Kwang
http://www.zdnet.com/cn/lenovo-confirms-windows-phone-8-handset-plans-7000009608/
Rumors come and go quickly in the tech
world. A report from TechCrunch stirred up rumors that Apple was
planning on buying the navigation app Waze. But CNET has learned that Apple has no plans to acquire Waze. It wasn't a radical idea, since Apple already works with Waze as a partner for Apple's mapping software.
Apple is, however, addressing a bug in the Do Not Disturb feature of iOS 6.
The company said it won't be fixed until January 7. Do Not Disturb will
silence incoming calls, alerts and notifications for a particular time
period. But for some reason, the feature remains on past the set time
frame, causing some users to miss messages unless it is manually turned off within settings.
Sprint could be launching its own prepaid service on January 25, according to the documents posted on the Android Police blog.
Sprint owns Boost Mobile and Virgin Mobile, which already focus on
prepaid. But this would be the first time a Sprint-branded phone can be
purchased with a prepaid plan.
Ready for another smartphone operating system? Ubuntu, which is an open-sourced operating system for PCs and TVs, is launching an operating system for smartphones.
This isn't something you'd see in stores anytime soon, but it will be
on display at the Consumer Electronics Show next week in Las Vegas.
Also at CES, we'll learn more about the Smart Evolution Kit for Samsung TVs.
Last year, Samsung said it was working on a device that users would
attach to their TVs to give it a system upgrade. We'll learn more about
this product on Monday at the show.
