Followers

Monday, November 17, 2008

New Visa Card Features Keypad, Generates Random Security Codes


In response to popular concerns with online credit card fraud, Visa Europe has announced a newly designed credit card, complete with a keypad and digital number display, according to the Daily Mail.

While the credit card is of the usual size and features a credit card number and magnetic strip for use with conventional card readers, it does not have a security code number in the traditional sense. Instead, cardholders will enter their PIN into the keypad, which will then generate a random number on the display. This random number will serve as the cardholder's one-time security code, which can then be entered to make online purchases.

While we're all about ways to combat identity theft, and think that this card is as valid a solution as any, we still know better than to immediately jump on board with new technology, particularly when it has to do with money, and even more particularly when we're in the middle of a recession. We'll let some other folks try it first, and then have them tell us how it works out. [From: The Daily Mail]

Original here

Bug Labs creates open source Lego for software engineers

By Bruce Byfield

Most of the new breed of open source hardware centers on specific products. Bug Labs is taking a different approach. Instead of developing particular devices, Bug Labs' goal is to provide a Lego-like collection of open source hardware and software that customers can use to build their own devices. According to CEO Peter Semmelhack, the result should be not only a higher degree of innovation, but also a forerunner of the hardware business of the future.

Today, Bug Labs interacts frequently with like-minded projects such as TuxPhone and companies such as Chumby and OpenMoko. But when Bug Labs began about two years ago, few of those efforts to develop open source hardware existed.

Instead, the inspiration for Bug Labs was personal, Semmelhack says. As he sees the situation, free software has increased productivity by lowering the barriers to getting involved. "You can do a lot today with very little code," he says. "You can put up Web sites for very little money, and you can put up ads on Web sites and start making money very quickly. If you are someone coming out of university today with a great idea for a new application, you can build it without a lot of investment."

By contrast, creating a new hardware product is far more costly and difficult. "If you want to do anything with hardware," Semmelhack says, "you have to spend a lot of money, because you have to buy materials. And what we've found is that you can't just go and order anything from anybody, because you have to order a minimum order in many instances. You have to buy 5,000; you can't just buy a couple. Or they won't sell to you because there's a waiting line, or you have to be on some approved list. In the world of bits, you just have to go to an FTP site, and you're done; in the world of atoms, you have supplies and inventories and investments that create a huge barrier for entry -- especially for a student who has an idea and just wants to go and build it. It isn't an engineering issue; it's an economics issue."

Manufacturing hardware also requires considerable expertise. "To come up with a pretty cool Web site, you only have to learn a language like Perl or PHP. If you wanted to build a gadget, you have to master arcane sorts of knowledge."

Semmelhack found inspiration from two sources: Memories of the Heathkits and Lego of his childhood, both of which lowered the barriers for entry in hardware and innovation, and his reading of Eric von Hippel's Democratizing Innovation, which argues that the largest source of product innovation is the needs of individual users.

"The mission for us," Semmelhack says, "is to create a platform that allows anyone to build any project they want by snapping it together like Lego. And to have the gadget be reliable, robust, and not too ugly or clunky-looking, and to make it easy to innovate in electronics in a way that hasn't been possible before." Software engineering expertise is still required to make use of Bug Labs' products -- specifically, expertise in GNU/Linux and Java -- but Semmelhack's plans are to remove as many of the hardware-specific barriers as possible.

The new Lego

The Bug Labs product line centers on the Bugbase, which consists of a CPU, RAM, a battery, and USB hubs and other connectors for adding modules. It runs a GNU/Linux distribution built around Openembedded. The largest modifications that the company has had to make to the Bugbase are device drivers, and improvements to make all of the modules hot-swappable.

The code for all these improvements, Semmelhack stresses, has been released. "We consider ourselves an active part of the Linux community -- and not just a taker, but a contributor. We chose Linux because everything we do is open source, software and hardware. Openness is very important for innovation."

Innovation starts with the device modules that you can attach to the Bugbase. Currently, the modules include a camera, LCD display, and a motion detector. Audio and wireless modem modules are due soon, as well as a "von Hippel module," which Semmelhack describes as "a module for building other modules." He adds that the module is named for von Hippel because it was inspired by von Hippel's comment that "you can't have a system that's open if you don't give people the ability to build their own stuff" -- and, he adds jokingly, because "von Hippel is a great mad scientist kind of name."

Bug Labs' plan is to add "20 or 30" more modules by the end of next year, so that users can build any sort of device that they can imagine. "Our goal is to come up with as many of these modules as we can," Semmelhack says. "One of the things we like to say is that we would like to have our unfair share of developers' imaginations."

With these building blocks, the Bug Labs community is starting to release its own devices. So far, they include an Asterisk server and a radar detector that locates police speed traps and posts them on an online map. "A lot more applications are coming out of the community than we would have thought of for ourselves, which is exactly what we want," Semmelhack says.

The plans for these community-built devices are being posted on the company site. So far, Semmelhack says, everyone is using the GNU General Public License or another free license, although he suspects that might change as other companies become interested in Bug Labs.

Making money from open source

Asked why a company should buy Bug Labs products, Semmelhack replies, "We have a very low transaction cost model, meaning you can use all of our intellectual property for nothing. You can download and start working with it for nothing, so the barrier for entry is very, very low. I think we appeal for the same reason as Linux. There's no cost to experiment, and no cost to start playing around."

And what is Bug Labs' business model? "Our biggest market going forward is selling hardware, obviously," Semmelhack says. "But we'll also be selling services for hardware around that stack." Possible revenue sources include custom programming and devices, brokering deals for companies that need specific expertise from the community, and a fee for listing commercial devices on the Bug Labs site. Hardware maintenance and software update services are also possibilities.

Semmelhack acknowledges that nothing in Bug Labs' business plan prevents another company from using its intellectual property and building cheaper modules. However, by the time that happens, he intends for Bug Labs to have a large enough community that it remains at the center of things.

To that end, Bug Labs gives considerable attention to meeting the community at demos and Maker Faires. "Because this is a device, a physical object, people like to hold it and play with it in the proximity of others," Semmelhack says. "So, for us, the more physical we can get in terms of building the community, the better."

Such attitudes may prove as difficult for hardware manufacturers to accept as free software has been for software vendors. However, Semmelhack suggests that such models are the wave of the future. "In the same way that the recording industry has had to be dragged into the future, proprietary models for protecting innovation are going to go away. And I think that, in the future, big companies are going to be built, not on patented, proprietary models, but on open areas of innovation -- areas where communities have been harnessed to create whole new ways of doing things.

"What we're trying to do is identify a market. We're trying to bring something to the world that hasn't really existed before, and that's choice. In the past 20 years, control has been moving from the hands of manufacturers to those of the end users. When I was growing up, you watched TV according to what NBC, ABC, and CBS had to say about it. But today, you can watch it any time you want, even without commercials, and that has completely upended the broadcasting community. I think the same thing is happening everywhere with control of all the products in our lives. Ten years from now, we're going to look back at this time and ask how we endured letting big companies dictate to us what we could buy. It's going to seem bizarre. And we're going to make that change happen in electronics."

Bruce Byfield is a computer journalist who writes regularly for Linux.com.

Original here

Expect Obama to move fast on FCC transformation

By Matthew Lasar

What will a Barack Obama Federal Communications Commission look like? Veteran telecom attorney Andrew Lipman's first advice: don't blink or sneeze while following the Obama transition at the FCC. "This is the fastest I've seen it," Lipman told investors at a briefing on Friday held by Barclays Capital and Bingham McCutcheon.

Lipman has seen a lot of presidential transitions. He has been practicing Telecom, Media, and Technology law for Bingham for 25 years, advocating before the FCC, state regulatory bodies, Congress, and the courts. Lipman's bottom line: With FCC Chair Kevin Martin moving on and his fellow Republican Deborah Taylor Tate termed out when Congress expires, Obama will appoint two, and maybe even three Commissioners relatively soon (Lipman didn't say who the third ship jumper might be).

"We think it's highly likely that Martin will step down if not immediately, then probably in February at the latest after the DTV transition," Lipman predicted—in other words, after the February 17 analog-to-digital switch-off for full power TV stations.

Dark horses

What will happen then? Obama might make Democrat Michael Copps interim chair, until somebody gets FBI cleared and senatorially approved around the second quarter of 2009. Would he give Copps or fellow Democrat Jonathan Adelstein the permanent top job? "I would say 'probably not'," Lipman suggested, then threw out a bunch of possible "dark horse" candidates for the main position, most "one degree away from Reed Hundt"—Clinton's FCC Chief in the mid-1990s, now on Obama's transition team.

These include co-transition team member and Obama Harvard Law Review buddy Julius Genachowski, FCC veteran and former Al Gore adviser Don Gips, former Common Carrier Bureau chief Larry Strickling, former Florida PUC Commissioner Julia Johnson, or broadcast media owner Richard Reingold.

Whoever gets the job will be working with Obama administration's new cabinet-level position: Chief Technology Officer. Lipman predicts that the duo won't "dial back" because of the recession, because Obama sees high speed Internet as a crucial means to get the country back on its economic feet.

Obama "looks at technology as holistic and as a catalyst for job creation, economic development, closing economic divides, clearly a multiplier impact on the economy," he says. "Especially with broadband. And everybody knows he's an enthusiast for the Internet. Why not with 370,000 Internet contributions?"

So the transition may slow down a few dockets, not surprisingly the intractable problem of Universal Service Fund/Intercarrier Compensation reform. But "expect the vast majority of other issues to keep moving," the attorney assured his audience.

Hot items to watch include stories we faithfully follow here at Ars: the implementation of the FCC's Order giving the go-ahead to unlicensed white space devices; the AWS-3 band, which Martin presently wants contoured for a national free and smut-free broadband service; and how to finally auction off the 700MHz public safety D Block.

But the front stage lights will shine fullest on the DTV transition. "This is an issue that is inevitably going to cause hiccups," Lipman warns. "The Hill is going to get involved."

Everyone's a winner?

Which portions of the media/telecom industry will do well during the Obama/Biden years? A big part of Lipman's talk focused on potential winners and losers in the saga. But, in fact, the telecom lawyer didn't mention a lot of losers. Those he did he called "slight losers," among them the big telcos.

The favored will include Internet portals and application providers ("Google, Yahoo! etc—big winners," Lipman declared). The reason is pretty obvious. Obama is a net neutrality supporter, and observers should expect plenty of proactivity in this area from Obama and Congress, including policies "prohibiting discrimination, prohibiting rationing of capacity," and "prohibiting prioritization of traffic charges." Plus Obama "probably would be skeptical of even bandwidth caps," Lipman speculated.

But the net neutrality fight is "toning down" somewhat, he notes—in part thanks to industry efforts to find private sector fixes for P2P network management hurdles. The war might tone back up, though, if Comcast's lawyers beat the FCC's Order sanctioning its BitTorrent throttling in a federal appeals court. "Expect Congress to move very quickly" if that happens, the attorney warns.

Obama's FCC will probably make smaller competitive telcos smile, Lipman says. Don't expect a lot more forbearance deregulatory breaks going to Verizon and Qwest. Those special access rates that the smaller carriers depend on for interconnection to the big telcos will probably get looked at, too. Rural carriers might like the Obama administration as well, among them carriers crabby about exclusive mobile device deals between electronics manufacturers and the big wireless firms.

Anticipate Obama continuing to support the fight to roll back Kevin Martin's relaxation of the FCC's limits on newspaper/TV cross ownership, Lipman predicted, and being skeptical of media consolidation in general. In fact, "I would submit that under an Obama administration some [finalized merger] deals could not have gotten done," he said—XM/Sirius and the AT&T/BellSouth mergers among them.

Expect disability rights groups to get taken seriously about making the next generation of broadband applications more accessible. And get ready for some Congressional Democrats to grumble about bringing back the Fairness Doctrine, a move that Obama and key reform group leaders say they oppose. "I'm not sure that this will be enacted, but expect more pressure here," Lipman mused.

Even the cable industry may get a better deal from Obama than it's getting from Martin—at least in some areas. The President-elect doesn't share Martin's enthusiasm for "a la carte" pricing, letting consumers pick and choose which individual channels to buy.

In any event, "I don't think that the regulatory environment for cable could be any worse than it is today," Lipman noted.

Original here

Hacker Takes Over Torrentz, Sort Of…

Written by Ernesto

A hacker has successfully changed the nameservers of the popular BitTorrent meta-search engine Torrentz.com. For a few hours the site was replaced with an Adbrite ad, and a link to a warez forum. To top it off, the hacker then contacted the Torrentz admin to brag about his hacking abilities.

torrentzLast week we reported that Torrentz was facing a hostile domain takeover. With a forged driver’s license, the impostor attempted to change the domain Whois. Yesterday, the nameservers to Torrentz were indeed changed, giving the ‘hacker’ control over the Torrentz domain.

Flippy, the admin of Torrentz told us that he noticed some worrying changes when he checked his website late last night. There were banners from Adbrite at the top and bottom of the site, banners that didn’t belong there. It turns out that “the hacker” we mentioned before, managed to change the nameservers of the torrentz.com domain. In the middle of the new page torrentz.eu was now loading in a frame, so the site was usable apart from the extra ads.

When Flippy added some Javascript to the torrentz.eu site to prevent it from loading inside the frame, the .com domain suddenly linked to some fresh warez forum and an image hosting site. The warez forum, warez2share.com, was apparently hosted on a shared hosting account, and it didn’t take long before the account was suspended because of the traffic overload.

The hacker didn’t stop there of course, and he soon changed the page to a single Adbrite banner. And as if that wasn’t enough, he decided to email Flippy, to tell him how good of a hacker he is. “So, I emailed him back, and informed him that I have a lawyer who will subpoena Adbrite first thing in the morning, to get the account’s details,” Flippy told us.

After some emails back and forth, the hacker suddenly changed his tone. After Flippy reminded him that forging a US driver’s license is a serious crime, he suddenly became surprisingly cooperative. Instead of bragging about his hacker skills, he was suddenly willing to change the nameservers back. At the time of publication, the domain details have indeed been reverted, and until the changes clear, torrentz.com is being redirected to the backup domain, torrentz.eu.

It is not over yet though, as Flippy told us that he will do everything he can to find out the identity of the ‘hacker’, so stay tuned.

Original here

EXCLUSIVE: Cyber-Hackers Break Into IMF Computer System



Another major international financial institution has had its computer system attacked by unknown cyber-hackers, FOX News has learned.

The discovery of the assault last week threw into crisis the Washington, D.C. based International Monetary Fund (IMF), which offers emergency financial aid to countries faced with balance-of-payments problems, and provoked a shutdown of IMF computers that lasted for several days.

In October, FOX News reported that the computer system at the World Bank had also been hacked over a period of months.

FOX News has been unable to determine what, if any, information may have been obtained by the hackers. The IMF denies any critical intrusion took place.

The spyware discoveries came at a particularly sensitive time for the international bailout institution, which along with the World Bank is expected to play a central role in trying to combat global financial turmoil. The pair of institutions are described on the IMF's website as the "twin intergovernmental pillars supporting the structure of the world's economic and financial order."

Both will be intensively discussed at this weekend's meeting of G-20 nations in Washington, hosted by President Bush, in the effort to put global finance back on a stable basis.

Europe in particular is promoting an expanded role for the IMF, which traditionally has a European CEO, in that future architecture. IMF computers contain highly sensitive information not only on distressed nations, but also on currency payments and central bank balances around the world, all of which could be invaluable to outsiders.

What the IMF intrusion also shows is that the physical wiring of the world's financial systems is increasingly vulnerable — and getting worse.

"Electronic safety in the financial sector is in dire jeopardy," says Tom Kellermann, a former senior computer security official at the World Bank's ultra-sensitive treasury unit — which FOX News reported last month had been penetrated by illicit spyware. "What people don't realize is that the financial sector is the most heavily targeted sector of all critical infrastructures."

Kellermann today is the commissioner of the Commission on Cyber Security for the 44th Presidency, a unit of the Center for Strategic and Internal Studies — a Washington-based security think tank — that is preparing to issue recommendations in early December to President-elect Barack Obama on how to keep the country's computer systems from being penetrated.

IMF officials clamped down on their computer systems on November 7, after they discovered spyware that was quickly spreading through the institution's high-security computer system. Spyware is software that is secretly installed on a computer to intercept information or take control of the system.

The IMF's network link to the World Bank, the world's largest anti-poverty agency, was also temporarily severed, a move that IMF spokesman Bill Murray described as a "precaution."

But IMF officials strenuously deny that any lockdown of its computers took place, and insist that no important or sensitive financial information had been affected.

"There was no lockdown as far as I'm aware" says Murray. "I'm not aware of any major breaches, but enhanced security measures have been taken."

Prodded further as to the discovery of spyware, Murray responded: "As part of our ongoing [security] regime, we've had a scan of Fund personal computers and laptops and we found some workstations that did have malicious software, but absolutely no evidence that any sensitive information or systems were breached."

That is not, however, the version given by other IMF insiders and World Bank security officials, who requested anonymity.

According to them, the November 7 lockdown came only days after the World Bank moved more than 100 of its employees into an empty floor of one of the IMF's two buildings on Washington's Nineteenth Street, N.W., just across from the World Bank headquarters.

As FOX News reported on October 10, the World Bank itself suffered a series of cyber-attacks starting in the summer of 2007, both at headquarters and at other offices around the world. The World Bank strenuously denies that the intrusions took place, and none of the bank's 24 board members contacted by FOX News would discuss the matter. But sources told FOX News that at least one of those breaches also involved spyware, penetrating the World Bank's ultra-sensitive Treasury unit, which manages a $75 billion portfolio for itself and for several nations

The World Bank, however, did not take the dramatic step of shutting down all its computer systems to eliminate any spyware. Security experts say it is possible that the bank may have inadvertently infected the IMF — simply by sharing some wires in the IMF's sublet building. Moreover, as FOX News reported last month, hundreds of workers previously employed by an Indian contractor that is barred from Bank contracting work on security grounds still work at the institution, either as regular staffers or as employees of other contractors.

Click here to read the story.

Shortly before the spyware was discovered, the World Bank's Independent Evaluation Group — a unit responsible for critiquing the quality of bank projects—was moved into the IMF's headquarters building, where it is now taking up an entire floor.

"Before the move, there was a single point of access — a server that acted as a firewall between the IMF and the bank," explains a technology expert at the bank. "The IMF was allowed into the World Bank's network, but not vice-versa. After the move, World Bank data, or packets, intermixed with the IMF data because they were all on the same wires."

Belatedly, it seems, the World Bank is attempting at least a partial cleaning of its systems. A bank insider tells FOX News that, in the wake of the FOX articles about its security penetrations, "all of the computer systems are being 'changed out' and overhauled in the Dept of Institutional Integrity [the bank's internal investigative arm]."

In fact, the computer assaults on the World Bank and the IMF are only part of a rash of sensitive cyber-burglaries that even reached into the U.S. presidential campaign. Both London's Financial Times and Newsweek recently reported that the computer network of the White House, and the Obama and McCain campaigns, were seriously breached.

The Pentagon claims the Chinese army has established units to develop viruses to attack enemy computer systems. Chinese hackers penetrated the Pentagon last year, in an attack that obtained e-mails from the system serving Defense Secretary Robert Gates.

Despite vigorous Chinese denials, "everyone in the intelligence community knows that China is the biggest player in cyber espionage," says John Tkacik, a former head of China intelligence for the U.S. State Department. Tkacik told FOX News that later this month, President-elect Obama will be presented with a new top-secret National Intelligence Estimate (NIE) report that "will cause the scales to drop from his eyes" regarding Chinese cyber-espionage.

"What the Chinese are particularly interested in at the IMF is what loans the IMF is likely to give to other countries," says Nick Day, a former British intelligence officer who runs Diligence, a private investigative firm that does extensive work for many international corporations and institutions.

"The geopolitics of this is that essentially you've got a few countries in the world that are stacked on huge foreign capital reserves — Russia, China, Japan, the Middle East — and the rest of us are pretty much borrowers to those lenders.

"And what the Chinese are looking to do is to get influence over a number of third world countries where there are assets in particular, where there's minerals, oil, etc. — where there's wealth that would be strategically useful. And if the IMF is not going to bail them out, or is going to bail them out at a rate which is fairly punitive, then the Chinese can go into those countries and say, "Don't go to the IMF. Come to us. We'll bail you out and we want exclusive deals over the next 20 years to all your mining concessions in your country, access to mineral wealth, access to oil'— all the raw materials that China is going to need to keep carrying its economy forward."

At the World Bank, water-cooler speculation about Chinese intelligence-gathering has taken another turn. FOX News has learned that the bank's internal watchdogs have recommended sanctions against five major Chinese government-owned companies for corruption on roads-building projects in the Philippines.

"People in the bank are wondering about the coincidental nature of all this," a well-placed bank security expert told FOX News. "The cyber-attacks ramp up just as these guys are heading right into the Sanctions Board."

Asked to comment on the impending possibility of sanctions, a World Bank spokesman instead offered FOX News an exclusive on the "full and complete story" if FOX would delay publication of the news well beyond this weekend — when world leaders would be discussing the institution. FOX News declined.

Original here