Apple's Encryption Looks Safe as U.K. Commons Passes Spy Bill

by Posted in Industry Insights & News

Apple's Encryption Looks Safe as U.K. Commons Passes Spy Bill

By Jeremy Kahn

(Bloomberg) — The U.K. House of Commons on Tuesday passed a controversial bill giving spy agencies the power to engage in bulk surveillance and computer hacking, but ceded some ground to protests from the technology industry and civil liberty groups.

The bill, which was introduced by the Conservative Party-led government in March after modifications to address concerns from tech companies and privacy advocates, passed by a vote of 444 to 69. Most of the opposition Labour Party voted with the conservative majority to advance the bill to the House of Lords, while the opposition Scottish National Party, citing concerns about privacy and civil rights, voted against it.

READ MORE: UK’s Revised Snooper’s Charter Widens Scope of Police Surveillance

Many of the surveillance techniques — such as scooping up the metadata of communications and using malware to gain access to the computers and mobile phones of terrorism suspects — have already been in use by U.K. spy agencies and the law now gives them explicit authority.

The legislation was sharply criticized by global technology companies when it was first proposed last year. Apple Inc. Chief Executive Officer Tim Cook warned of “dire consequences” if the bill passed with language weakening encryption. And Facebook Inc., Alphabet Inc.’s Google, Microsoft Corp., Twitter Inc. and Yahoo! Inc. said the law would undermine customers’ faith in their products and brands. Meanwhile, Vodafone Group Plc, the U.K. mobile company, said it was worried about the cost of modifying its systems to comply with the new law and that allowing the government to hack into its network might compromise its stability and integrity.

The version of the bill passed Tuesday makes clear that companies aren’t required to build backdoors to their encryption and will only be required to remove such code in response to a government request if doing so is technically feasible and not unduly expensive.

SEE ALSO: Under Snooper’s Charter, UK Government Gets First Look at Tech Products, Features

When Apple was battling with the U.S. Federal Bureau of Investigation over breaking the encryption on the iPhone of the attacker in a mass shooting in San Bernardino, California, the company said it would require a dedicated team of engineers working for at least a month to figure out how to crack it or modify the lock screen to allow unlimited attempts to open the device. If this U.K. bill becomes law, it would be up to a British judge to decide if that kind of effort met the “technical feasibility and reasonable cost” test.

The bill also makes clear that the government will likely reimburse communications companies, including mobile operators, for the cost of complying with the new legal obligations, such as the requirement to retain records of all the websites its customers visit for at least a year.

Civil rights and privacy advocates have also opposed the bill and the revisions the government made in the final version hasn’t mollified them. “Minor botox has not fixed this bill,” Shami Chakrabarti, the director of the civil rights group Liberty, said when the final version was introduced in March.

The House of Lords will now consider the proposed law, known as the Investigatory Powers Bill. The legislation, which some critics have branded a snooper’s charter, will also be analyzed by a panel of legal experts chaired by David Anderson QC, the U.K.’s independent reviewer of terrorism legislation. Anderson will issue a report on the bill — including an opinion on whether the bulk surveillance powers the government is asking for are justified — in time for the Lords final vote on the bill sometime in the fall. If it passes, the law will go into effect in January 2017.

Source: TheWHIR

MapR shows off enterprise-grade Spark distribution

by Posted in Industry Insights & News

MapR shows off enterprise-grade Spark distribution

At Spark Summit in San Francisco, Calif., this week, Hadoop distribution vendor MapR Technologies announced a new enterprise-grade Apache Spark distribution.

The new distribution, available now in both MapR Converged Community Edition and MapR Converged Enterprise Edition, includes the complete Spark stack, patented features from MapR and key open source projects that complement Spark.

“We’ve built this new distribution to make it easier for customers that leverage the power of Spark for their big data initiatives,” Anoop Dawar, vice president, Product Management, MapR Technologies, said in a statement yesterday. “We’ve seen significant growth of customers deploying Spark as their primary compute engine. We believe this gives our customers a converged compute and storage engine for batch, analytics and real-time processing that helps build and deploy applications rapidly.”

Spark catching fire

“ESG research shows Apache Spark adoption is poised to grow quickly, with 16 percent of businesses already in production and another 47 percent very interested in implementing Spark,” Nik Rouda, senior analyst with Enterprise Strategy Group, added in a statement Monday. “As such, Spark will power the next wave of big data. Yet enterprises will demand a robust platform to meet their operational requirements. MapR is helping to accelerate Spark by addressing this need.”

The Apache Foundation's incredible rise

by Posted in Industry Insights & News

The Apache Foundation's incredible rise

The Apache Software Foundation recently released its 28-page annual report for its 2015-2016 year, but here’s the TL;DR in one word: amazing.

What started as a simple HTTP server supported by a handful of developers in 1995 has become an army of 3,425 ASF committers and 5,922 Apache code contributors building 291 top-level projects.

Of course, during this same time, open source in general has grown exponentially. But the ASF has seen particularly impressive growth as it propels big data forward with dozens of popular projects, along with dev tools and more general fare. The reason, as board member Jim Jagielski explained in an interview, is the ASF’s emphasis on neutral, community-focused development.

Not bad for an organization that costs less than $1 million to run each year — especially compared to other open source foundations that put the needs of corporate interests above those of the developer community.

Raytheon Says $1 Billion Cyber Deal Confirmed After Protests

by Posted in Industry Insights & News

Raytheon Says Billion Cyber Deal Confirmed After Protests

By Nafeesa Syeed

(Bloomberg) — The U.S. Department of Homeland Security has reaffirmed a $1 billion contract won by Raytheon Co. to protect the networks of dozens of federal agencies from cyber threats over protests by competitors.

Raytheon was picked in September as the prime contractor and systems integrator for the department’s Network Security Deployment division, which oversees cybersecurity for more than 100 federal civilian agencies. After completing “corrective actions” following questions from the Government Accountability Office, Homeland Security last week reaffirmed Raytheon as its pick, according to Jack Harrington, vice president for cybersecurity and special missions at Raytheon Intelligence, Information and Services.

“It’s providing all of the infrastructure, all of the kind of capabilities” that will be deployed “to all of these agencies to help protect .gov,” Harrington said in an interview Monday at his office in Sterling, Virginia.

A Department of Homeland Security spokesman said that the agency reaffirmed on June 2 its decision to award the contract. The deal will provide services to operate and maintain the department’s breach detection and prevention system, known as Einstein, and develop new cybersecurity capabilities, the spokesman said.

Raytheon rose less than 1 percent to $134.78 at 2:36 p.m. New York time, its highest since July 29, 1980.

Compromised Data

Beefing up online security has become a priority for government agencies and companies after repeated cyber attacks. Last year, the Office of Personnel Management experienced a breach traced to hackers in China that compromised data on 21.5 million individuals.

“If you think about the federal agencies, many of them have been underserved because of budgets. When you think about even OPM their mission is not cybersecurity, their mission is getting people cleared,” Harrington said. “This whole cybersecurity thing is a new element, and a hard element for a lot of these agencies who have budgets for many, many years that didn’t include IT security.”

In a January report, the Government Accountability Office said Homeland Security’s National Cybersecurity Protection System “provides DHS with a limited ability to detect potentially malicious activity entering and exiting computer networks at federal agencies.” It raised concerns about the system’s ability to monitor network traffic and address threats.

Raytheon, which says it has invested more than $3.5 billion in building its cybersecurity services, will “support DHS in providing those capabilities out to those agencies,” Harrington said.

The company already works with Homeland Security as a liaison, sharing classified cyberthreat intelligence with the private sector. Raytheon also shares threat indicators it finds with the Defense Department and within the defense industry, but not all companies are ready to do so. The defense and financial industries are further along in cyber information-sharing, Harrington said. Retail industry groups have approached Raytheon about how they can start providing cyber intelligence, he said.

Privacy, Litigation

“There are those who find it complicated: ‘’Do I want to provide my data to the government? Do I want provide my data to my competition? What if I release private, personal identifiable information?’” Harrington said. “There’s a lot of concerns that people have around privacy, that people have around lawsuits and litigation.”

Current debates over encryption meant to protect data have underscored those questions. After the FBI seized an iPhone used by a shooter involved in a terrorist attack in December, the agency was initially unable to crack its password protections. A federal judge ordered Apple to create new software to get past this encryption. Apple refused, saying this could threaten the data security of all its customers.

Maintaining cyber capabilities within the government also has been a challenge. U.S. Air Force and Navy program managers haven’t yet made “big moves” to incorporate cybersecurity requirements into bid documents or contract selections, Harrington said.

“Both the services have been looking at it very hard from the requirement side, as to how do they articulate that and what’s good enough, and how do you measure it and how much money do they have to pay for it,” Harrington said. “But we haven’t seen it come out as a big, major shift.”

Source: TheWHIR

California Man Charged $124K in Connection to NetSuite Hacks: Report

by Posted in Industry Insights & News

California Man Charged 4K in Connection to NetSuite Hacks: Report

A California man who pleaded guilty to intentional damage of a computer network in relation to a series of 2012 hacks has been sentenced to a year in prison and a $124,000 fine. Robert Saunders, 30, of San Jose, was apprehended in Oregon in 2014, and pled guilty in February to hacks causing approximately $189,000 in losses to a San Meteo-based company. Reports indicate that the company is NetSuite.

The series of hacks included blocking potential customers by changing details associated with a demo account, obtaining information from a database, and posting offensive material in the company’s test account, according to a release by the US Justice Department.

READ MORE: FBI Subpoenas Tor Developer to Testify in Criminal Hacking Investigation

Saunders was ultimately charged with one count of Intentional Damage to a Protected Computer; four counts of Obtaining Information from a Protected Computer without Authorization; and two counts of Possession of a Firearm in Interstate Commerce while Unlawfully using a Controlled Substance. He pleaded guilty to the intentional damage charge under the conditions of a plea agreement.

SEE ALSO: Hacker Lifts Millions of User Credentials from Webmail Providers: Report

The wording of the Justice Department release headline “restitution for costs incurred” indicates the inclusion of mitigation and related costs in the $189,000 damages.

Saunders will also serve three years of probation, and forfeits the property seized in the investigation. His prison sentence is shorter than those received by the four members of cyber-vandal group Lulzsec in a UK court in 2013.

Source: TheWHIR

CloudCodes Releases New Security Product

by Posted in Industry Insights & News

CloudCodes Releases New Security Product

CloudCodes announces the availability of their next generation cloud security product SSO1. It is an advanced version of their existing product gControl. The SaaS based gControl helped to secure Google For Work customers whereas SSO1 provides support for multiple enterprise cloud applications such SalesForce, Zoho, DropBox, FreshDesk etc-etc.

SSO1 is a Single Sign On(SSO) solution and supports out of the box integration with Google For Work. SSO1 can be integrated with organisation Active Directory or can itself act as an Identity Provider(IdP). The solution is designed ground up keeping security in mind. The solutions provides the capabilities of IdP such as password management, self-password and multi-factor authentication(MFA).

The MFA comes with support for biometric through a smartphone and OTP. Mostly all the advanced smartphones now available with support for fingerprint scan. It leverages the fingerprint scanner available in the smartphones to act as an additional factor for authentication.

The new SSO1 comes with support of anti-phishing control. The solution enables the administrator to restrict access to the login page based on the country or the IP address. This ensures that only internal users have access to the login page. This allows the administrator to control access to the applications from countries which are known for hacking or phishing attacks.

Another important aspect of the new SSO1 is its additional capabilities to control access to organisation’s cloud application based on perimeter. The cloud security solution enables the administrator to control the access of the application based on the IP address, Geo Fencing, Time and Browser. This brings a tighter control based on compliance and regulatory requirements.

SSO1 supports integration with multiple cloud based applications. It uses the standard SAML based integration to integrate with the various cloud applications. Currently SSO1 supports integration with Google For Work, SalesForce,Zoho, DropBox and Freshdesk. The roadmap expects to cover most of the popular cloud applications within the next three months. Another important feature is mapping of multiple users to single account of the cloud application.

Source: CloudStrategyMag

Egenera Partners With Portland Europe To Distribute Xterity Cloud Services

by Posted in Industry Insights & News

Egenera Partners With Portland Europe To Distribute Xterity Cloud Services

Egenera has announced it has signed a strategic partnership with Portland Europe, a leader in providing high-quality, easy-to-use software and cloud solutions for business use. Portland will deliver Egenera’s Xterity wholesale managed cloud services to its SME customers in the Benelux region.

Portland Europe is one of the leading distributors for value-added resellers and IT managed services providers in the Benelux countries and specializes in delivering IT services and cloud and managed services. Portland provides an extensive toolbox of on-premise and cloud solutions to partners with thousands of endusers. The distribution partnership with Egenera comes as Portland Europe continues to help companies embrace the full potential of the cloud.

“The cloud is the way forward for SMEs to take advantage of hosting applications, disaster recovery, backup, and more,” said Kim van Brugge, managing director, Portland Europe. “We are happy to be teaming with Egenera and to continue to strengthen our network of suppliers to ensure we provide the most state-of-the-art technology to enable seamless cloud migrations.”

Egenera’s Xterity Cloud Services deliver a full range of dedicated, managed, private and public cloud services, including Infrastructure as a Service (IaaS), Disaster Recovery as a Service (DRaaS), Backup as a Service (BaaS), and CloudMigrate? exclusively through the channel. Xterity’s business continuity services deliver on-premise server-to-cloud or cloud-to-cloud backup and disaster recovery. With Xterity, resellers can quickly enter the cloud services market with no up-front capital or ongoing maintenance costs.  Unlike reselling cloud services from large, commodity cloud vendors, Xterity delivers the margins resellers need to develop a profitable cloud services business.

“To say that we are happy to see Xterity offered in the Benelux region is an understatement. Our new partnership with Portland is a key milestone in the adoption of Xterity worldwide,” said Till Brennan, vice president, EMEA, Egenera. “We’re excited about working with Portland to deliver our full range of cloud services to its SME customers.”

Source: CloudStrategyMag

LATAS is the air traffic controller for drones

by Posted in Industry Insights & News

LATAS is the air traffic controller for drones
It’a likely that hundreds of drones will be flying in our skies over the next couple of year. So how do we keep track of them?

I caught up with Vice President of Airspace Services at PrecisionHawk to talk about LATAS, the company’s new drone communication service.

Question 1: What is LATAS?
Latas is our technology…our platform of essentially different data layers of what’s around the drone that I need to know to be able to fly the drone safely. We are taking lots of satellite data that we collect via satellites and we are processing that data into a very high resolution, 3D map of the Earth. So now I know what’s on the ground. I know where the buildings are, I know where the trees are, where the power lines are. So that I can take that data in conjunction with airspace data and manned air traffic data so that I can understand what’s around the drone. And if I can understand what’s around the drone, I can understand what that risk is.

Question 2: How does it work?
All the software we’re using to process this data has been developed in-house. We’re working with a number of our partners, such as Digital Globe, who owns a number of satellites, and what we’re actually doing is we’re pulling in satellite data, we’re processing that satellite data and turning that 2D image into a 3D model. And we can see where the buildings are, how tall the buildings are, where the trees are. So now we are taking that data from the satellites and using it in a new way.

Question 3: Why do this?
From our company’s background, traditionally we work with large enterprise companies. In the agriculture space, in the energy space, insurance space. That they wanna roll out very large fleets of drones. They wanna put them in the hands of agronomists, they wanna put them in the hands of insurance adjusters, who may not be pilots. So we’re developing technologies, and we were pushed by those partners to develop technologies like LATAS to help them mitigate their own risks so that they could understand how to fly safely. So when they put a drone in the hand of an agronomist, we would know that that drone won’t run into things on the ground and won’t run into things in the air because we know where those things are.

Question 4: What’s next for LATAS?
Our theme is ‘just fly.’ You should be able to have the technology in the drone itself to allow you to go out and fly that drone safely from day one. Whether you’re an amateur or a professional going out and doing a commercial job. So we’re working with a number of different drone manufacturers today, to integrate this technology into their drones, from the recreational drones, all the way up to the expensive commercial drones because everybody needs the same data. We understand what’s around us, so that we don’t run into things. And we mitigate that risk and make flying the drone safer.

Source: InfoWorld Big Data

Real or virtual? The two faces of machine learning

by Posted in Industry Insights & News

Real or virtual? The two faces of machine learning

There’s a lot of sci-fi-level buzz lately about smart machines and software bots that will use big data and the Internet of things to become autonomous actors, such as to schedule your personal tasks, drive your car or a delivery truck, manage your finances, ensure compliance with and adjust your medical activities, build and perhaps even design cars and smartphones, and of course connect you to the products and services that it decides you should use.

That’s Silicon Valley’s path for artificial intelligence/machine learning, predictive analytics, big data, and the Internet of things. But there’s another path that gets much less attention: the real world. It too uses AI, analytics, big data, and the Internet of things (aka the industrial Internet in this context), though not in the same manner. Whether you’re looking to choose a next-frontier career path or simply understand what’s going on in technology, it’s important to note the differences.

A recent conversation with Colin Parris, the chief scientist at manufacturing giant General Electric, crystalized in my mind the different paths that the combination of machine learning, big data, and IoT are on. It’s a difference worth understanding.

The real-world path

In the real world — that is, the world of physical objects — computational advances are focused on perfecting models of those objects and the environments in which they operate. Engineers and scientists are trying to build simulacra so that they can model, test, and predict from those virtual versions what will happen in the real world.

U.S. Closely Eyeing China's Corporate Hacking Vow, Official Says

by Posted in Industry Insights & News

U.S. Closely Eyeing China's Corporate Hacking Vow, Official Says

By Nafeesa Syeed

(Bloomberg) — It’s too early to proclaim a U.S.-Chinese agreement to curb the theft of corporate trade secrets a success, according to the chief cyber diplomat at the State Department.

Nine months after Chinese President Xi Jinping and U.S. President Barack Obama vowed that they wouldn’t condone hacking to steal commercial secrets, the U.S. is closely monitoring whether China carries out any “intrusions and theft of intellectual property,” Christopher Painter, the department’s coordinator for cyber issues, said in an interview.

While progress has been made, “the jury is still out. We’re looking very carefully, we’re continuing to watch this,” Painter said in Washington on Wednesday. “We haven’t taken any of the tools we have off the table, but we’re very serious in making sure that this commitment is upheld.”

Before Xi and Obama reached their accord on corporate hacking last year, the U.S. said it was considering economic sanctions on Chinese individuals and companies in response to a string of cyber attacks against American businesses and government agencies. In 2014, the U.S. indicted five Chinese military officials on charges that they stole trade secrets from companies including Westinghouse Electric Co. and United States Steel Corp.

After meeting with Xi, Obama pointedly said he hadn’t ruled out resorting to sanctions if their agreement was violated. China has denied being involved in hacking and has said it’s a victim of cyber espionage.

‘Absolute Sovereignty’

Ahead of an annual gathering of U.S. and Chinese officials in Beijing, the U.S. is trying to “mainstream” cybersecurity as a foreign policy issue and seeking to create standards of acceptable behavior, Painter said. He’ll join Secretary of State John Kerry at the meeting on June 5 to 7 where cyber issues will be just part of the agenda.

“China promotes absolute sovereignty in cyber space; they want to draw borders around their cyber space,” Painter said. “We think sovereignty has a role, but absolute sovereignty doesn’t have a role. There are internationally recognized human rights that transcend national borders.”

Cyber Diplomacy

Painter, a 58-year-old former prosecutor who worked on cyber policy on the National Security Council, said his “cyber diplomacy” also extends to Russia, whose state-linked and organized crime groups are often blamed for hacking attacks.

“We have very different views of the world with the Russians, in terms of how they look at cyber space and the fact they want more state control,” Painter said. “We are looking for ways that we can avoid the inadvertent escalation and keep conflict from happening, so there’s some common ground there.”

By contrast, there’s no “cyber dialogue” with Iran, Painter said. He wouldn’t discuss specific cases but said the U.S. puts “countries on notice of conduct that we think is unacceptable.”

The U.S. faces a range of online threats, from nation-states to “lone gunman hackers” as well as terrorists, he said.

“Terrorists have used the internet to recruit and to spread their messages,” he said. “They haven’t attacked infrastructure yet – but we’re worried about that.”

The U.S. also continues to worry about the economic effects of trade-secret theft, Painter said. In the private sector, technology and financial businesses have more robust cybersecurity, while others, such as manufacturers, are playing catch-up, he said.

“Companies are beginning to see this is a big challenge for them, because it’s the bottom line. If their trade secrets are leaving the door, that’s their future,” he said. “Some of the other sectors who haven’t dealt with this day-in and day-out are still trying to find good policies.”

Source: TheWHIR