Rumoured device would go back to the roots of Firefox OS, but will there be a demand for it?
Mozilla made a splash at Mobile World Congress in February with the official launch of its Firefox OS for smartphones, with several manufacturers and 18 operators already on board. Now it’s expected to turn its attention to tablets.
Mozilla is holding an event on 3 June with Taiwanese firm Hon Hai, the parent of manufacturing company Foxconn, to unveil a new device running Firefox OS, according to Reuters. News site Focus Taiwan has an “industry insider” source claiming it will be a tablet rather than a smartphone.
Such a device would not come as a surprise. Mozilla has been active in the tablets market with its Firefox browser for some time: Firefox for Android tablets launched in January 2012, for example, and its UI designer Ian Barlow was blogging a few months before that about the design lessons learned.
Indeed, a Firefox tablet would go back to the roots of Firefox OS itself, as explained by Mozilla’s vice president of mobile engineering Andreas Gal in an interview with ZDNet in February this year at MWC.
“When the project started, tablets were the initial goal that we thought about, a year and a half ago. Initially we were thinking about tablets as it’s a mobile device but it’s more similar to the desktop — a bigger screen, you can consume rich content better,” he said then.
“It became clear very quickly that the volume right now is behind smartphones. Tablets are an interesting next step… I can definitely see us going to tablets in future, right now a lot of opportunities exist in phones, at least for this year.”
Based on the first clutch of Firefox OS smartphones shown at MWC, a Firefox OS tablet is certainly viable. Also, Mozilla would be off to a running start in terms of getting apps for such a tablet, for the same reasons outlined by its senior vice president of products Jay Sullivan in February.
“There is no new ecosystem,” he told journalists at the MWC press launch. “If you’re building for the web today, and most developers are building beautiful touch-friendly mobile websites to work in modern browsers… If you are building that, you are building a Firefox OS app. You may just not know it yet.”
The big challenge for a Firefox OS tablet will be distribution – at least if it’s to become more than just a niche product for Mozillaphiles.
The tablet world is a ferociously competitive place in 2013, with 49.2m units shipped in the first quarter of 2013 according to IDC: 56.5% of them Android devices, 39.6% iPads and 3.7% running Windows or Windows RT.
Stepping up against Apple, Google and Microsoft (not to mention the manufacturing partners of the latter two) in the hardware market is a very different kettle of fish to the market-share battles in the web browser space. Much of what Charles Arthur wrote about Firefox OS in February relates as much to tablets as it does to smartphones.
That’s true in smartphones, of course, where Mozilla is hoping its trump card will be strong operator partnerships – 18 were on board at the MWC launch, with a parade of telco CEOs appearing on-stage to praise Firefox OS at the event – and a focus on emerging markets rather than the big Western countries.
Could such a strategy pay off for tablets too? A Firefox slate with cellular connectivity, subsidised by operators and making its debut in Latin America and Eastern Europe (the pattern for the first Firefox OS smartphones) would be an intriguing prospect indeed.
Roll on 3 June, when we’ll find out if that’s on the cards.
Retrieved from The Guardian
The cybersecurity threat facing the U.S. isn’t going away and, oh by the way, is a threat to China as well, U.S. Secretary of Defense Chuck Hagel said Friday.
“Cyber threats are … probably as insidious and real a threat [as there is] to the United States, as well as China, by the way, and every nation,” Hagel said according to a Reuters report. Hagel talked to reporters while traveling to a security event in Singapore on Saturday where he will meet with Chinese representatives.
China has been fingered by many — including some in the U.S. government — as the source of recent cyber attacks on Defense Department contractors. In the most recent incident, the U.S. claims that Chinese hackers stole designs for key high-tech weapons designs including the Patriot missile, the FA-18 fighter jet; and the F-35 Joint Strike Fighter. China has repeatedly denied these charges.
As GigaOM reported last week, paranoia around data security was fanned with the release of a new report (PDF) from the Commission on the Theft of American Intellectual Property which estimated that the theft of IP costs the U.S. economy $300 billion annually.
It would make sense that Hagel would want to shift focus to how both superpowers are at risk from cyber theft rather than publicly pointing the finger at China, which is, after all, the largest holder of U.S. debt.
Retrieved from GIGAOM
Secret lawsuit in Manhattan filed last month asks judge to force Google to cough up user data without a search warrant. A different court has already ruled that the process is unconstitutional.
The Department of Justice has asked a Manhattan judge to grant its “petition to enforce” a warrantless legal demand the FBI sent Google. FBI Director Robert Mueller and Attorney General Eric Holder, right, in this file photograph.
(Credit: Getty Images)
A new lawsuit in Manhattan pitting the U.S. Department of Justice against Google offers a rare glimpse of how determined prosecutors are to defend a process that allows federal agents to gain warrantless access to user records, and how committed the Mountain View, Calif., company is to defending its customers’ privacy rights against what it views as illegal requests.
The Justice Department’s lawsuit, filed April 22 and not disclosed until this article, was sparked by Google’s decision to rebuff the FBI’s legal demands for confidential user data. It centers on the bureau’s controversial use of so-called National Security Letters (NSL), a secret electronic data-gathering technique that does not need a judge’s approval and recently was declared unconstitutional in an unrelated court case.
U.S. District Judge Richard Sullivan has been assigned the New York case, which has taken place under seal, but as of last week has not made a final ruling. A law clerk for Sullivan did not immediately respond to queries from CNET this morning.
The use of NSLs is controversial because they gag the recipient: If you receive one, it’s illegal to tell anyone. They’re only supposed to be used in national security investigations, not routine criminal probes, and there’s no upper limit on the amount of data a single NSL can demand.
An inspector general’s report (PDF) found that the FBI made 50,000 NSL requests in 2006, and 97 percent of those included mandatory gag orders. NSLs can demand user profile information, but the law does not permit them to be used to obtain the text of e-mail messages or most log files. (Even if NSLs are eventually ruled unconstitutional, the FBI would still have a formidable array of investigative tools including subpoenas, court orders, search warrants, wiretap orders, pen registers, sneak and peek warrants, and surveillance under the Foreign Intelligence Surveillance Act.)
Court documents hint that the FBI has become vexed by Google’s legal stand.
Immediately after the FBI’s New York field office sent an NSL on April 22, the bureau filed a “petition to enforce” in Manhattan federal court on the same day, an abrupt and arguably undiplomatic move that Google says did not give it a chance to either comply or exercise its legal right to seek judicial review.
Because Google already had been challenging NSLs in a lawsuit filed weeks earlier in California, it asked U.S. District Judge Susan Illston in San Francisco to toss out the New York NSL. Illston declined, saying that issue “is more squarely raised” in the New York litigation, but adding that she would revisit the topic if necessary.
Neither the FBI nor Google responded to requests for comment. (The case before Illston is largely under seal, with Google’s identity redacted. But, citing initial filings, Bloomberg disclosed last month that it was Google that had initiated the legal challenge.)
Nick Merrill, who challenged an NSL in court, says FBI agents tend to overreach and demand data they have no right to access.
(Credit: Sarah Tew/CNET)
Why is Google fighting?
It’s not entirely clear why Google has chosen to face off against the Justice Department in court.
“My instinct tells me that Google doesn’t pick a fight with the government easily,” said Cindy Cohn, legal director of the Electronic Frontier Foundation, which has filed its own lawsuit challenging NSLs on behalf of an unnamed telecommunications company. “There’s probably something going on here that’s different from a run-of-the-mill NSL.”
Google’s history shows it prefers to resolve disputes with government agencies amicably. In 2011, rather than litigate, it paid $500 million to settle Justice Department claims relating to Canadian pharmacies. It settled allegations over Safari ad tracking. It settled complaints over Google Buzz. It settled with the Federal Trade Commission over concerns about its business practices and competition. A 2006 case in which Google resisted the Justice Department’s request for search logs — and mostly won — was a rare exception.
One possibility is that Google has simply concluded that the FBI’s demands are illegal. An NSL (PDF) that the FBI sent Nicholas Merrill, who ran a New York-based Internet service provider, asked for “electronic communication transactional records” — language that would sweep in Internet addresses and e-mail and Web browsing logs — including “all e-mail header information.”
Merrill’s NSL, signed by then-FBI national security attorney Marion Bowman, requested more than federal law permitted. The law, 18 USC 2709, says the FBI may use an NSL to obtain only a user’s “name, address, length of service, and local and long-distance toll billing records.”
The FBI has been abusing its power and the letters have sought information to which the FBI was not entitled. Without the gag orders issued on recipients of the letters, it is doubtful that the FBI would have been able to abuse the NSL power the way that it did. So the combination of free reign for FBI to write its own warrants without judicial review, combined with the never-ending gag orders are the ingredients of a perfect storm of abuse potential.
Google effectively put the FBI on notice on March 5 that it would only divulge what the law requires. In a statement on its Web site at the time, the company said that “the FBI can’t use NSLs to obtain anything else from Google, such as Gmail content, search queries, YouTube videos, or user IP addresses.”
The litigation over NSLs began three weeks later.
Another possibility, said EFF’s Cohn, is that Google is “fighting to give notice” to their subscribers. That would mean arguing that the NSL gag orders are unconstitutional, which the Second Circuit Court of Appeals said was the case in a mixed ruling (PDF).
A three-judge panel of the Second Circuit took an odd approach: The judges agreed “that the challenged statutes do not comply with the First Amendment,” but went on to rewrite the statute on their own to make it more constitutional. They drafted new requirements, including that FBI officials may levy a gag order only when they claim an “enumerated harm” to an investigation related to international terrorism or intelligence will result.
EFF is hoping to convince the Ninth Circuit to reach a different result, which would be near-guaranteed to result in review by the U.S. Supreme Court. The civil liberties group won a preliminary victory in March, when Judge Illston in San Francisco ruled the gag order “violates the First Amendment.”
Illston, who is stepping down from her post in July, noted that “there is no evidence” that the FBI has adopted policies or regulations to comply with the Second Circuit’s requirements.
She gave the Obama administration 90 days to appeal to the Ninth Circuit, which it did on May 6.
While the FBI’s authority to levy NSL demands predates the Patriot Act, it was that controversial 2001 law that dramatically expanded NSLs by broadening their use beyond espionage-related investigations. The Patriot Act also authorized FBI officials across the country, instead of only in Washington, D.C., to send NSLs.
Retrieved from CNET
Google’s security researchers are well known for uncovering vulnerabilities in other people’s products. Standard operating procedure is to give the affected company sixty days before publishing the problem, keeping things under wraps until a fix can be shipped out. But when it comes to critical vulnerabilities that are actively being exploited, Google wants its researchers to cut that down to just a week. A post on its Online Security Blog explains the reasoning behind the seven-day guideline: “each day an actively exploited vulnerability remains undisclosed to the public and unpatched, more computers will be compromised.”
The change in policy comes two weeks after Google engineer Tavis Ormandy disclosed a publicly unknown vulnerability (“zero day”) in Windows 7 and Windows 8. Ormandy made the announcement just five days after informing Microsoft of the bug, bemoaning the company’s security team as “difficult to work with.” And while Google finds vulnerabilities in various companies’ products, Redmond is a frequent target. In Microsoft’s huge “Patch Tuesday” bugfix in February, Google researchers uncovered more than half of the reported flaws.
The company says it’s holding itself to the same standard
So is Google in the right? The company argues that speedy disclosure is important for a bug that’s actively being exploited, and that even if it’s not enough time for the affected vendor to patch its software, it should be long enough to tell users about workarounds that mitigate the problem. Others disagree, arguing that the benefits are outweighed by the likelihood that publicizing vulnerabilities puts hacking tools in the hands of malicious users. Google is still recommending the normal 60 days for vulnerabilities that are non-critical or aren’t being actively exploited, and the company says it’s holding itself to the same standard, but we doubt everyone is going to take too kindly to the revamped schedule.
Retrieved from The Verge
Don’t look for any resolution when President Obama meets with President Jinping next week, but they can calm things down
When he meets President Xi Jinping next week in California, President Barack Obama is expected to raise cyber-security as one of the most pressing issues in the US-China relationship. The meeting comes in the wake of a Washington Post report that Chinese hackers stole information from over two dozen weapons programs, including the Patriot missile system, the F-35 joint strike fighter, and the navy’s new littoral combat ship.
Earlier this month, the Pentagon directly ascribed blame for cyber-attacks (pdf) for the first time on the Chinese government and the People’s Liberation Army. There is little reason to believe that the meeting will moderate the pace or scope of Chinese cyber-espionage, but the two sides can signal a willingness to cooperate on some of the other difficult challenges in cyberspace.
“Sophisticated, targeted theft of confidential business information and proprietary technologies through cyber intrusions [are] emanating from China on an unprecedented scale.”
Both Secretary of State John Kerry and Chairman of the Joint Chiefs of Staff General Martin Dempsey broached cyber-attacks during visits to China. White House spokesman Jay Carney said this week that hacking is brought up at “every level in our meetings with our Chinese counterparts“.
Yet neither airing grievances nor naming culprits have seemed to shame China. Chinese officials have responded by arguing that China is in fact the world’s biggest victim of cyber-attacks, the majority of which originate in the US. The Chinese press also paints accusations of hacking as attempts to discredit China and misdirection away from offensive actions by the US. One Chinese article called the United States “the real hacking empire.”
Moreover, while APT1, the group of hackers allegedly responsible for hacking the New York Times and other targets, went silent soon after they were publicly named, they were active again just three months later, according to government officials and the cyber-security firm Mandiant.
Economic cyber-espionage is particularly thorny point of discussion because the US, unlike China, distinguishes between attacks on private industry and more bread and butter political and military espionage. The US would like to limit Chinese theft of intellectual property from American companies, but is not particularly interested in negotiating any constraints over US intelligence gathering. As Michael Hayden, former director of the CIA and NSA, put it: “You spy, we spy, but you just steal the wrong stuff.’ That’s a hard conversation.”
President Obama should warn President Xi that continued Chinese economic cyber-espionage could result in more punitive policies, including possible sanctions against firms that benefit from theft, and broader restrictions on access to the US market. But he should also use the meeting to address the strategic mistrust between the two sides that extends beyond espionage.
There have been media reports of Chinese hackers penetrating oil, electric, and communication grids, and the Defense Department notes “sustained investment” in military cyberspace capabilities. For its part, Beijing criticizes Washington for being the first to “militarize” cyberspace by setting up the US Cyber Command, and is suspicious of the budget and personnel increases announced for cyber operations.
Both sides, however, have an incentive to diminish hacking and prevent a full-blown cyber war. In March, Director of National Intelligence James Clapper told the Senate that a destructive cyber-attack was the biggest threat to the nation. China’s relatively self-contained internet infrastructure makes it comparatively less vulnerable to attacks, but that is changing as their economy modernizes, and Chinese analysts publicly worry about vulnerable industrial control systems.
There are still no mutually agreed upon terms of what types of cyber-attacks would be considered a use of force or what constitutes a legitimate target. A standoff could very easily escalate, producing unintended and disastrous outcomes, if both sides miscommunicate and misperceive red lines.
The presidents won’t come to any agreements next week, but over the course of the two days, they should try and dispel the growing mistrust by explaining their national interests and intentions in cyberspace.
Retrieved from The Guardian
Sprint, SoftBank receive U.S. security clearance
Sprint Nextel and SoftBank said Wednesday that they received U.S. national security clearance to proceed with their proposal to merge, clearing a hurdle in the Japanese carrier’s ambition to enter the lucrative U.S. wireless market but agreeing to mitigating steps to assuage critics.
The Committee on Foreign Investment in the United States, a U.S. Treasury Department agency authorized to review transactions involving a foreign person or company, has completed its investigation and concluded that “there are no unresolved national security issues relating to the transaction,” Sprint announced Wednesday.
The deal still requires clearance from the Federal Communications Commission and Sprint’s shareholders.
“When you look at possibly major barriers for this (deal), this was probably the biggest single one,” says Michael Davies, chairman of Endeavour Partners, a mobile telecom consulting company, adding the completion of the merger is “much more likely” now.
In October, Japan’s SoftBank entered a deal to buy 70% of Sprint for $20 billion. But the deal has renewed concern from critics that foreign control of U.S. wireless networks could compromise national security. As part of the deal, SoftBank agreed to refrain from buying equipment from China’s Huawei, a supplier which allegedly has ties to the Chinese military.
Dish Network, which has submitted its own proposal to buy all of Sprint for $25.5 billion, has openly criticized the deal and created a media campaign and its own website to address security concerns.
As part of the review, Sprint and SoftBank have entered into a national security agreement with the U.S. government. Other U.S. agencies that oversee telecom issues – the Department of Justice, including the Federal Bureau of Investigation, and the Department of Homeland Security – will notify the FCC that they have completed their review for national security, law enforcement and public safety concerns.
Once the FCC receives the notice from the agencies, it can proceed with its public interest review of the transaction.
As part of the national security review, Sprint and SoftBank agreed to appoint an independent member to the new Sprint board of directors to serve as the security director, whose appointment must be approved by U.S. regulators.
U.S. regulators also will have the right to review and approve certain network equipment vendors and services providers of Sprint.
Sprint currently owns about half of another wireless carrier, Clearwire, and plans to buy more shares to gain control. Once the acquisition is completed, U.S. regulators also get one-time right to require Sprint to remove certain equipment deployed in the Clearwire network by the end of 2016.
Sprint and SoftBank have “gone a little bit further than they might have had to” in agreeing to the concessions, Davies says. But they will help quiet down politically driven “fear mongering” from the deal’s opponents, he says. “Some of the fears are overstated.”
The concessions also will ease the review process undertaken by the FCC, which is considering the merger’s impact on consumers and competition, Davies says.
“It’s a prudent thing to do for any deal such as this,” he says.
Sprint and SoftBank said they anticipate the merger will be completed in July but a special committee of Sprint’s board of directors is currently discussing and negotiating with Dish Network regarding its proposal.
Retrieved from USA Today
The target computer is picked. The order to strike has been given. All it takes is a finger swipe and a few taps of the touchscreen, and the cyberattack is prepped to begin.
For the last year, the Pentagon’s top technologists have been working on a program that will make cyberwarfare relatively easy. It’s called Plan X. And if this demo looks like a videogame or sci-fi movie or a sleek Silicon Valley production, that’s no accident. It was built by the designers behind some of Apple’s most famous computers — with assistance from the illustrators who helped bring Transformers to the silver screen.
Today, destructive cyberattacks — ones that cause servers to fry, radars to go dark, or centrifuges to spin out of control — have been assembled by relatively small teams of hackers. They’re ordered at the highest levels of government. They take months to plan. Their effects can be uncertain, despite all the preparation. (Insiders believe, for example, that the biggest network intrusion in the Pentagon’s history may have been an accidental infection, not a deliberate hack.)
With Plan X, the Defense Advanced Research Projects Agency is looking to change all that. It wants munitions made of 1s and 0s to be as simple to launch as ones made of metal and explosives. It wants cyberattack stratagems to be as predictable as any war plan can be. It wants to move past the artisanal era of hacking, and turn cyberwarfare into an industrial effort. Across the U.S. government, there are all kinds of projects to develop America’s network offense. None are quite like this.
“Plan X is a program that is specifically working towards building the technology infrastructure that would allow cyber offense to move from the world we’re in today — where it’s a fine, handcrafted capability that requires exquisite authorities to do anything… to a future where cyber is a capability like other weapons,” Darpa director Arati Prabhakar told reporters last month. “A military operator can design and deploy a cyber effect, know what it’s going to accomplish… and take an appropriate level of action.”
But you can’t expect the average officer to be able to understand the logical topology of a global network-of-networks. You can’t expect him to know whether its better to hook a rootkit into a machine’s kernel or its firmware. If cyberwar is going to be routine, Darpa believes, the digital battlefield has to be as easy to navigate as an iPhone. The attacks have to be as easy to launch as an Angry Bird.
“Say you’re playing World of Warcraft, and you’ve got this type of sword, +5 or whatever. You don’t necessarily know what spells were used to create that sword, right? You just know it has these attributes and it helps you in this way. It’s the same type of concept. You don’t need the technical details,” says Dan Roelker, the cybersecurity specialist who helped develop some of the world’s most widely-used intrusion detection software, came up with the idea for Plan X, and joined Darpa to make it happen.
Google today is introducing a new way to manage your Gmail inbox. This new view of your inbox puts a number of tabs at the top of Gmail’s inbox column. By default, Google shows tabs – and automatically categorizes your messages into them – for your social updates from sites like Google+, Twitter, Facebook or YouTube, promotions from the likes of Google Offers and Groupon, and a kind of catch-all “Updates” tab for your bills, receipts and similar messages.
You can also add a tab for forum notifications which, at least in my test, also includes email lists. Google, of course, allows you to add or remove as many of these tabs as you want. To go back to the classic inbox, you just have to turn off all of the tabs or switch to another inbox style.
This update, which will start rolling out for all Gmail users today, will be available on both the desktop and through Google’s mobile apps for iOS and Android, which should get an update early next week. As Google told me, this will be a gradual roll-out, so it may take a little bit before the new design appears in your inbox.
If you can’t wait, also keep an eye on the gear menu. Once “configure inbox” appears there, you will be able to turn this new feature on manually.
It’s worth noting that the tabbed interface doesn’t work with the Priority Inbox feature or any other non-default Gmail view. As Alex Gawley, Google’s product manager for Gmail, told me yesterday, the team believes that the new inbox is the best default for the majority of Gmail users. In the long run, both Priority Inbox and this new view could potentially work together in some form, but it’s not an option for now and Gawley didn’t have any ETA for when this could happen.
Gmail will, however, also expose these new categories in the sidebar, so you can still see your auto-sorted emails there.
Updated Mobile Apps
As Gawley stressed when I talked to him, it was important for the team to ensure that this new inbox view would be available on mobile as well, so both the iOS and Android apps will now show what Google calls “teasers” for updates in these tabs inside the regular inbox stream on these devices. These are basically notifications that there are updates available in these categories, but they don’t include the usual summaries, and multiple updates will just be bundled together into a single line.
With this update, Google is also introducing the recently leaked navigation drawer for the Android app, which now makes it easier to switch between categories than the “spinner” the company used in the previous design. By default, of course, the apps will always open on the “Primary” tab.
As Gawley told me, the main motivation behind this redesign was to figure out how to help users navigate the constant stream of new emails most of us have to handle today. What the team realized, he said, was that while Gmail added filters, Priority Inbox and more customization features, “your inbox started to feel like your master.” As users browse through messages, they are constantly switching context and that takes its toll as you handle a few dozen emails.
Google learned quite a bit from a similar Google Labs feature that also categorized and labeled emails automatically, he told me. The system will also learn as users move emails around to re-categorize them (you can drag and drop messages into the different categories by hand).
Retrieved from Techcrush
Supporters of Anonymous hacker and self-styled online anarchist, Jeremy Hammond, are circulating this online petition aimed at cajoling authorities into granting the 28-year-old leniency. Hammond pled guilty this morning to participating in the December 2011 hacking of online publication Stratfor.
Hammond supporters maintain that e-mails he helped steal from Stratfor and post online exposed Stratfor’s complicity in surveillance of anti-corporate activists. Stratfor founder George Friedman strongly refutes such notions as nonsense. He has said that Stratfor is a straight-forward, for-profit online publication that charges subscribers $350 a year for well-researched and written essays on global affairs.
Stratfor’s site was knocked off line for several weeks. The Stratfor hack was a wakeup call for many web businesses, small and large, that have been lax about data protection. Not much has changed, says Jeremy Bergsman, a practice manager at management consultancy CEB.
The average Fortune 500 company only has about 42% of the state-of-the-art protections that are available for key systems, up from 39% in 2011, according to a CEB study.
“Our understanding of hactivism—and sophisticated attacks in general—has changed in one important way in the last year: we now realize it is impossible to predict who is going to attack you and why,” Bergsman says.
In a statement posted widely online, Hammond says part of the reason he pled guilty was his firm belief “in the power of truth.”
“This non-cooperating plea agreement frees me to tell the world what I did and why, without exposing any tactics or information to the government and without jeopardizing the lives and well-being of other activists on and offline,” Hammond asserts. “Now that I have pleaded guilty it is a relief to be able to say that I did work with Anonymous to hack Stratfor, among other websites. . . . I did this because I believe people have a right to know what governments and corporations are doing behind closed doors. I did what I believe is right.”