App developers to harness AI

27 February 2014 Last updated at 07:51 ET

IBM has challenged developers to come up with ways to get the vast brain of its supercomputer Watson on to the world's mobile phones.

Watson is an artificially intelligent computer system capable of answering questions posed in natural language.

It also has access to 200 million pages of information, drawn from books, encyclopaedias and other databases.

Apps could include more advanced Siri-like voice recognition systems or tools that can accurately translate text.

"The power of Watson in the palm of your hand is a game-changing proposition, so we're calling on mobile developers around the world to start building cognitive computing apps infused with Watson's intelligence," said Mike Rhodin, senior vice president of IBM Watson Group.

Medical help

The competition is the latest attempt from IBM to launch Watson as a viable business. It has invested $1bn (£601m) in the system and late last year announced that it would open it up to developers.

To date, more than 1,500 individuals and organisations have been in touch to suggest apps. Three intend to go to market this year, including an app to transform how consumers shop and one to help hospitals better procure devices.

The Watson Mobile Developer Challenge begins on 31 March when developers can submit ideas. Later in the year, IBM will select 25 finalists to turn their ideas into working software.

Other potential Watson-powered mobile apps could include medical ones to help doctors and patients sift through vast amounts of data.

Medical information doubles every five years and Watson can analyse vast amounts to allow doctors to offer patients more treatment options as well as help researchers make medical breakthroughs.

Already Watson is being used by doctors and nurses at the Memorial Sloan-Kettering Cancer Center, in New York, to help make decisions about lung cancer treatment at the hospital.

According to IBM Watson's business chief Manoj Saxena, 90% of nurses who use Watson now follow its guidance.

In the field of education, IBM envisages teachers being able to tap into Watson to identify individual pupil's needs and offer bespoke learning packages for each child.

Trivia king

Watson has got smaller and faster over the years. What started as a system the size of a bedroom is now the size of three stacked pizza boxes. It is also available via the cloud, meaning it can be accessed from anywhere.

It can process 500 gigabytes of information - equivalent to a million books - every second.

And it has proved its abilities. In 2011 it appeared on the Jeopardy game show answering general knowledge questions, without being connected to the internet.

Pitted against the two biggest winners of the trivia quiz show, despite a few stumbles it eventually walked away with the $1m prize.

23.35 | 0 komentar | Read More

Apple issues OS X security fix

25 February 2014 Last updated at 16:09 ET

Apple has issued a fix to a flaw in its OS X operating system which previously left users vulnerable to security breaches while browsing online.

A software update was released last week to iPhone, iPad and iPod owners to protect users from "an attacker" who may "capture or modify data".

It was later discovered that the problem also existed on Apple laptops and desktop computers running OS X.

On Tuesday, Apple issue a security fix through its software update service.

The problem was first spotted on Apple's mobile devices which run the iOS 7 operating system. It related to the way secure connections are made between Apple's safari browser and websites, including banking sites, Google and Facebook.

These sites have digital security certificates that allow an encrypted connection to be established between a user's computer and the website. This means any data that is sent over the connection should be secure.

Dropped the ball

However, a vulnerability in the code for Apple's iOS and OS X operating systems meant the security certificates were not being checked properly. This meant hackers could impersonate a website and capture the data that was being sent over the connection before letting it continue its journey to the real website.

Apple released a fix for mobile devices running iOS 7 last week but a spokesperson issued the following statement about OS X: "We are aware of this issue and already have a software fix that will be released very soon."

The fix was released on Tuesday.

According to researchers the security flaw had existed for months but no-one had reported it publicly.

Graham Cluley, a security analyst, said it was a failing by the company that it had not been identified earlier.

"It's pretty bad what Apple have done, they've seriously dropped the ball. How much the problem has been exploited is hard to say. Hackers may now be trying to take advantage while users wait for the security fix."

23.35 | 0 komentar | Read More

'Contagious' wi-fi threat created

26 February 2014 Last updated at 06:55 ET By Dave Lee Technology reporter, BBC News

A computer virus that can spread via wi-fi like a "common cold" has been created by researchers in Liverpool.

In densely populated areas with lots of wi-fi networks, the virus can go from network to network finding weaknesses.

Once in control of a wi-fi access point, it leaves computers on the network extremely vulnerable.

The team's lead researcher told the BBC it was working on software to prevent such attacks being possible.

"Rather than rely on people to use strong passwords, you want to integrate intrusion detection systems to the access points," said Alan Marshall, professor of communication networks at the University of Liverpool.

He would not go into detail about the methods in order to prevent the attack being used on real victims but said a proof-of-concept attack had been developed at the university.

'Under control'

The virus, dubbed Chameleon, seeks out wi-fi access points - devices that transmit the wi-fi signal, found in many homes - that have not had their admin password changed.

This password is different from the one used to log on to the wi-fi network itself, and is often left unchanged from the default setting.

Once an access point is under a hacker's control, new firmware can be installed.

"So it's now under our control," explained Prof Marshall.

"Once you do that you can then do other things with it. You can recover passwords, steal data - anything you want."

Spreading out

But it is the next step of the virus that is most unusual.

Once installed on one access point, the virus can - without being controlled by a human - automatically seek out other vulnerable access points, taking them over as and when they are found.

Prof Marshall told the BBC that this was unlikely to be a threat to big business wi-fi networks, which should have enhanced security in place.

However, networks in homes, or at small premises like coffee shops, are typically found with less stringent protection measures in place.

Now that his team has demonstrated the threat, Prof Marshall said attention would turn to creating a product that could be installed in wi-fi access points to prevent this kind of hijacking - without requiring the user to take responsibility.

Follow Dave Lee on Twitter @DaveLeeBBC

23.35 | 0 komentar | Read More

Password 'treasure trove' found

26 February 2014 Last updated at 07:47 ET By Kevin Rawlinson BBC News

A "treasure trove" of stolen personal details has been found on sale on black market websites, a security firm says.

About 360 million account credentials including email addresses and passwords were reportedly uncovered.

Hold Security said it had also found 1.25 billion email addresses without passwords.

It is unknown where the credentials, which were found in the past three weeks, came from - but the company said they included major email providers.

Experts said that the batch was exceptionally large in size. "It is Godzilla-sized, it is a monster," said online security consultant Graham Cluley.

He added: "There may be some duplicates but, even so, it sounds like a complete treasure trove for cybercriminals."

Hold Security said that its findings were the result of "multiple breaches which we are independently investigating".

'Mind boggling'

In a post on its website, it said: "In the first three weeks of February, we identified nearly 360 million stolen and abused credentials and 1.25 billion records containing only email addresses.

It called the numbers "mind boggling" and said the disclosure represented a "call to action" over online security.

According to Mr Cluley, the details could be used to access not only the accounts they are directly associated with, but potentially others.

"What normally comes out is not only spam and phishing attacks, but also that the combination of email and password can be used in multiple places because people use the same ones across different sites," he said.

Mr Cluley added: "If people have a big database of passwords, they use it to find out what the regular ones are. The next time they want to crack into an account, they can use the most common passwords."

And Reuters reported concerns that the discovery could represent more of a risk to consumers and companies than stolen credit card data because of the chance the sets of user names and passwords could open the door to online bank accounts, corporate networks, health records and virtually any other type of computer system.

Spamming and phishing

Alex Holden, chief information security officer of Hold Security, told the agency: "The sheer volume is overwhelming."

He said the credentials had been stolen in breaches yet to be publicly reported. The companies attacked could remain unaware until they were notified by third parties who found evidence of the hacking, he said.

"We have staff working around the clock to identify the victims," he said.

The batch also included email addresses not paired with passwords, which would be of use to people intending to launch spamming and phishing attacks.

23.35 | 0 komentar | Read More

Troubled MtGox Bitcoin boss emerges

26 February 2014 Last updated at 08:45 ET

The head of troubled Bitcoin exchange MtGox has made his first statement since the service went offline.

Mark Karpeles said he was "working very hard with the support of different parties" to address issues with the service, which went offline on Tuesday.

An estimated 744,000 bitcoins - about $350m (£210m) - are believed to have been stolen thanks to a loophole in Tokyo-based MtGox's security.

Japanese authorities are investigating the company.

"I understand that ministries and agencies concerned - financial services, police and the finance ministry - are looking into the matter to learn the full scope of the issue," said Yoshihide Suga, Japan's chief cabinet secretary.

"Once we have full knowledge of what happened, we will take action if necessary."

Separate investigations into MtGox and businesses linked to it are also said to be taking place in the US, Reuters reported.

Missing money

Mr Karpeles' statement on Wednesday also addressed concerns he had gone into hiding.

"I would like to use this opportunity to reassure everyone that I am still in Japan," the notice read.

MtGox was a service that allowed people to convert virtual currency Bitcoin in US dollars, and vice versa.

On 7 February MtGox halted transfers of the digital currency to external addresses.

The firm said that thieves had been using a flaw in the system to fool the transaction process into sending double the correct number of Bitcoins.

A leaked report - which Mr Karpeles has confirmed is authentic - said the huge theft had made MtGox insolvent.

Supporters of Bitcoin as an alternative currency have said they are working together to "re-establish" trust among users and were "committed to the future of Bitcoin".

They said they "will be coordinating efforts over the coming days to publicly reassure customers and the general public that all funds continue to be held in a safe and secure manner".

23.35 | 0 komentar | Read More

Maverick Top Gun tweeter shot down

26 February 2014 Last updated at 09:32 ET By Kevin Rawlinson Technology reporter

A Twitter account that was being used to tweet the film Top Gun frame by frame has been suspended following a complaint from the film studio.

Lawyers for Paramount Pictures said that the retelling of the 1986 film breached its copyright.

But the decision has been derided on social media sites as heavy-handed.

The user had been posting updates, which included captions, for more than a month, but still had the majority of the film to cover.

A letter from the studio's lawyers to Twitter dated 21 February read: "No-one is authorised to copy, reproduce, distribute, or otherwise use Top Gun without the express written permission of Paramount.

"Notwithstanding this, it has come to our attention that a user of your website, @555uhz, is distributing the Top Gun film, frame by frame, via [Twitter].

"We request that you immediately remove all the Top Gun images from this website relating to the @555uhz user account."

Continue reading the main story

I would have thought there is an argument that it is mean-spirited"

End Quote Emily Goodhand Copyright expert

'Mean-spirited'

The Digital Millennium Copyright Act takedown notice was published on the Chilling Effects website, which documents legal complaints about online activity. The @555uhz Twitter account has now been suspended.

The move proved unpopular with some. Writer Holly Brockwell said on Twitter: "Ridiculous - Paramount gets Top Gun Twitter account taken down because they're big bullies."

It was, nevertheless, to be expected, according to copyright expert Emily Goodhand.

She said: "In terms of the law, it is even the frames, so even a photograph of a film is classed as a film in law, rather than as a stand-alone photograph."

Ms Goodhand, who works at the University of Reading, said: "A court would look at the amount of frames and the substantiality of them. If it was considered to be a substantial portion that was being tweeted, that would be copyright infringement.

"If it was a single frame, [the letter] would be strongly disproportionate."

But she was less sure about the extent to which the tweets could have affected Paramount Pictures financially.

"I would have thought there is an argument that it is mean-spirited. If he is taking a potshot at the movie industry, that is one thing. But if it was just a joke, then perhaps it is mean-spirited," she said.

"It is quite an unusual case because you would expect it to be on YouTube. But to tweet it frame by frame, it is an interesting approach."

23.35 | 0 komentar | Read More

Web activists 'threaten World Cup'

26 February 2014 Last updated at 13:21 ET

Brazilian online activists are threatening to disrupt the 2014 Fifa World Cup, it has been reported.

A group that affiliated itself to the loose collective known as Anonymous said it would target official websites.

There have been major protests in Brazil against what some have said is an overly extravagant outlay.

The Brazilian Army admitted it could not provide complete protection, but insisted it would respond to the most likely threats.

"We are already making plans... I don't think there is much they can do to stop us," one activist - who went by the alias Eduarda Dioratto - told the Reuters press agency.

The activists reportedly said that the World Cup offered an unprecedented global audience and an opportune moment to target sites operated by world football's governing body Fifa, the Brazilian government and corporate sponsors.

'Fast and damaging'

"The attacks will be directed against official websites and those of companies sponsoring the cup," an activist known as Che Commodore said.

He added that the most likely tactics would be to launch distributed denial of service attacks, which flood target websites with traffic and cause them to crash.

"It's fast, damaging and relatively simple to carry out," Che Commodore told Reuters.

He said his colleagues' fire would not be turned on ordinary Brazilians, however. And, despite the government's preparations, the activists said they were confident of success.

"It's nothing out of this world", said one called Bile Day. "Security remains very low."

Continue reading the main story

It's not a question of whether the cup will be targeted, but when"

End Quote William Beer Alvarez & Marsal

Reuters said it was unable to independently verify the true identities of the people it had contacted online.

The tournament is expected to cost about 33bn Brazilian real (£8.4bn), and the level of expenditure has highlighted the inequalities present in Brazil.

Kicks off

A series of protests during last year's Confederations Cup - seen as a warm-up for this summer's main event - drew more than a million people on to the streets.

Brazil's race to get its stadiums ready for the tournament, which kicks off on 12 June, has dominated the headlines so far.

But experts agreed that little attention was being paid to the country's telecommunications infrastructure, Reuters reported.

The country suffers from overstrained networks, widespread use of pirated software and low investment in online security, as well as a sophisticated domestic cyber-criminal community, which is already disrupting ticket sales and other World Cup commerce.

"It's not a question of whether the cup will be targeted, but when," said William Beer, a cyber-security expert with the consultancy firm Alvarez & Marsal.

"So resilience and response become extremely important."

General Jose Carlos dos Santos, the head of the cyber-command for Brazil's army, said: "It would be reckless for any nation to say it's 100% prepared for a threat.

"But Brazil is prepared to respond to the most likely cyber-threats."

A Fifa spokesman declined to comment on online security.

23.35 | 0 komentar | Read More

Energy firm cyber-defence 'too weak'

26 February 2014 Last updated at 19:26 ET By Mark Ward Technology correspondent, BBC News

Power companies are being refused insurance cover for cyber-attacks because their defences are perceived as weak, the BBC has learned.

Underwriters at Lloyd's of London say they have seen a "huge increase" in demand for cover from energy firms.

But surveyor assessments of the cyber-defences in place concluded that protections were inadequate.

Energy industry veterans said they were "not surprised" the companies were being refused cover.

"In the last year or so we have seen a huge increase in demand from energy and utility companies," said Laila Khudari, an underwriter at the Kiln Syndicate, which offers cover via Lloyd's of London.

The market is one of few places in the world where businesses can come to insure such things as container ships, oil tankers, and large development projects and to secure cash that would help them recover after disasters.

Continue reading the main story

"Start Quote

I think what's behind it is the increase in threats and the fact that a lot of these systems were never previously connected to the outside world"

End Quote Laila Khudari Underwriter

'Worried'

For years, said Ms Khudari, Kiln and many other syndicates had offered cover for data breaches, to help companies recover if attackers penetrated networks and stole customer information.

Now, she said, the same firms were seeking multi-million pound policies to help them rebuild if their computers and power-generation networks were damaged in a cyber-attack.

"They are all worried about their reliance on computer systems and how they can offset that with insurance," she said.

Any company that applies for cover has to let experts employed by Kiln and other underwriters look over their systems to see if they are doing enough to keep intruders out.

Assessors look at the steps firms take to keep attackers away, how they ensure software is kept up to date and how they oversee networks of hardware that can span regions or entire countries.

Unfortunately, said Ms Khudari, after such checks were carried out, the majority of applicants were turned away because their cyber-defences were lacking.

"We would not want insurance to be a substitute for security," she said.

What was not clear, she said, was why firms were suddenly seeking cover in large numbers.

Although many governments had sent warnings about the threat from hackers, attackers and hacktivists to utility firms and other organisations running critical infrastructure, none had mandated them to get cover.

"I think what's behind it is the increase in threats and the fact that a lot of these systems were never previously connected to the outside world," she said.

Mike Assante, who helped develop cyber-security standards for US utilities and now helps to teach IT staff how to defend critical infrastructure including power networks, said it was "unfortunately not surprising" that insurers were turning away energy firms.

Power generators and distributors had struggled with the complexity and size of the networks they managed, he said. In addition they had found it hard to find and recruit staff with the specialist skills to defend these systems, he added.

"There have been a number of incidents that have caused company leadership to re-evaluate their risk and develop strategies to mitigate it," he said in an email to the BBC.

Growing threat

Financial pressures and the ability to manage systems remotely was inadvertently giving attackers a loophole they could slip through, said Nathan McNeill, chief strategy officer at remote management firm Bomgar.

Trying to cut costs by linking up plant and machinery to a control centre so they could be managed remotely meant those systems were effectively exposed to the net, he said.

"If something has basic connectivity then it will become internet connectivity through some channel," he said.

This left critical infrastructure exposed, he said, because typically the control systems for such hardware was written long before the web age and had only rudimentary security tools.

Continue reading the main story

"Start Quote

It's surprising no big incident has happened given how weak the infrastructure is"

End Quote Ed Skoudis 'War games' expert

Known as Scada (Supervisory Control and Data Acquisition), this software has come under increasing scrutiny by security researchers who have exposed many flaws in it.

In addition, added Mr McNeill, it was often very difficult to update the core code in many Scada systems to close loopholes that attackers had slipped through.

Ed Skoudis, who runs "war games" for IT and security staff at many US utilities, said the numbers of attacks on Scada and other control systems was escalating.

Malware was being written just to get at particular vulnerable elements in the infrastructure run by many utilities and manufacturers, he said.

Some attackers were just curious but others were thought to be carrying out reconnaissance in service of some future event.

US power companies had begun sharing information about attacks so everyone knew about all the threats to them, said Mr Skoudis.

"However," he added, "it's surprising no big incident has happened given how weak the infrastructure is. It's very hackable."

23.35 | 0 komentar | Read More

'Self-destruct' phone made by Boeing

27 February 2014 Last updated at 07:22 ET

A smartphone designed for handling top secret communications has been developed by Boeing.

If the phone is tampered with, it automatically deletes any data and renders itself inoperable.

Better known for its aeroplanes, the firm said it needed to help organisations get "trusted access to data to accomplish their missions".

The device, named Black, joins a growing range of high-security smartphones entering the market.

At the Mobile World Congress in Barcelona, a similarly-titled Blackphone was announced, aimed more at businesses and consumers worried about private data.

Boeing already provides secure communications for US government officials - including the president.

Expandable

Boeing's Black is not intended for mainstream use - and does not yet have a price or release date.

The device took 36 months to produce, the company said, and has drawn on expertise from recent acquisitions of companies specialising in mobile technologies.

Product specifications posted on Boeing's website state that the device contains two SIM cards to allow switching between government and commercial networks.

The smartphone runs a heavily-customised version of Google's Android operating system and Boeing has added its own branded security apps.

But where Black goes beyond typical mobile security is in physical enhancements to the hardware itself.

"There are no serviceable parts on Boeing's Black phone and any attempted servicing or replacing of parts would destroy the product," the company explained in documents sent to the Federal Communications Commission.

"The Boeing Black phone is manufactured as a sealed device both with [extremely strong glue] epoxy around the casing and with screws, the heads of which are covered with tamper-proof covering to identify attempted disassembly.

"Any attempt to break open the casing of the device would trigger functions that would delete the data and software contained within the device and make the device inoperable."

Furthermore, the phone's hardware can be expanded to include biometric sensors, satellite receivers or solar panels.

23.35 | 0 komentar | Read More

UK spies 'intercepted webcam images'

27 February 2014 Last updated at 10:27 ET

British spy agency GCHQ intercepted webcam images from millions of Yahoo users around the world, according to a report in the Guardian.

Yahoo denied prior knowledge of the alleged programme, describing it as a "completely unacceptable" privacy violation.

According to leaked documents, sexually explicit images were among those gathered - although not intentionally.

In a statement GCHQ has said all of its actions are in accordance with the law.

The operation, which was called Optic Nerve and was aided by the US National Security Agency, is alleged to have stored images between 2008 and 2010. In one six-month period in 2008, images from 1.8m users were gathered.

The report originated from documents leaked by whistleblower Edward Snowden.

It suggested that sexually explicit content would be captured by the system.

"Unfortunately … it would appear that a surprising number of people use webcam conversations to show intimate parts of their body to the other person," it read.

"Also, the fact that the Yahoo software allows more than one person to view a webcam stream without necessarily sending a reciprocal stream means that it appears sometimes to be used for broadcasting pornography."

'Whole new level'

"We were not aware of nor would we condone this reported activity," Yahoo said in an emailed statement.

"This report, if true, represents a whole new level of violation of our users' privacy that is completely unacceptable and we strongly call on the world's governments to reform surveillance law consistent with the principles we outlined in December.

"We are committed to preserving our users' trust and security and continue our efforts to expand encryption across all of our services."

A statement from GCHQ said it would not comment on matters of intelligence, but added: "All of GCHQ's work is carried out in accordance with a strict legal and policy framework which ensures that our activities are authorised, necessary and proportionate, and that there is rigorous oversight, including from the secretary of state, the interception and intelligence services commissioners and the Parliamentary Intelligence and Security Committee.

"All our operational processes rigorously support this position."

23.35 | 0 komentar | Read More