StandScan Pro Power Bundle

Pros Turns assorted smartphones and tablets into more reliable scanners. Portable. Includes LEDs to illuminate the scan target.

Cons Can't adjust distance from camera to target to change field of view. Bottom Line Basically a box with a peephole on top for a camera to take pictures through, the StandScan Pro Power Bundle turns smartphones and tablets into better portable scanners.

By M. David Stone

Similar in concept to the ScanJig that I recently reviewed, but notably different in design, the StandScan Pro Power Bundle offers a slightly different way to turn your phone or tablet into a better scanner. Compared with the ScanJig, it gets extra points for offering its own LEDs instead of depending on ambient light, but it also costs a little more, which puts the two products on equal footing overall.

The argument for the StandScan Pro relative to traditional scanners is the same as for the ScanJig. As I've pointed out in any number of scanner reviews, taking a picture with a camera phone or tablet is fully equivalent to scanning. That makes both phones and tablets excellent alternatives to portable manual-fed, simplex (one-sided) scanners, like the Fujitsu ScanSnap S1100 and the Epson WorkForce DS-30. Like the ScanJig, the StandScan Pro makes it easier to get good quality scans with a camera, and it also speeds up scanning for multiple pages.

Like the ScanJig also, the StandScan Pro solves the problem of trying to hold the camera absolutely steady while also filling as much of the frame as possible to take best advantage of the camera's resolution.

Basics
The StandScan Pro is basically a box with a trapezoidal cross section, one open side, a peephole on the top for the camera to look through, and a base that's a little larger than a letter-size piece of paper. The open side lets you reach in to put the scan target in the base or take it out. In addition, there's a strip of LEDs on the inside of the top, providing consistent lighting.

The StandScan Pro actually comes in two versions. The StandScan Pro itself comes with a battery pack for a 9-volt battery. The StandScan Pro Power Bundle also includes a second battery pack for eight AA batteries plus an AC power adaptor. The difference is significant. With the 9-volt battery I measured the brightness at the center point on the scan bed at only about 500 lux with a fresh battery. With AC power and with the AA battery pack, I measured between 1,319 and 1,363 lux, with the reading varying over time.

The range from 1,319 to 1,364 lux isn't enough to see a difference. The drop to 500 lux is. More important, it makes a significant difference in how well an optical character recognition (OCR) program can recognize text in the resulting file. In my tests, using Abbyy FineReader 9.0, the program managed to read text on our standard scanner test pages as small as 6 points for Arial font and 8 points for Times New Roman font without a mistake for images taken with AC power. With the 9-volt battery pack, the accuracy dropped. The smallest size the software could read without a mistake was 10 points for both fonts.

More Basics
As with the ScanJig, there's a fixed distance between the camera and the document with the StandScan Pro, so the field of view for some cameras may not be big enough to include an entire page. Rather than name specific supported devices, the StandScan Pro Web site suggests that you hold your phone 31 centimeters above a letter-size page and make sure it can see all four corners of the page. If it can, it's compatible with the StandScan Pro

In my tests the StandScan Pro worked well with a Samsung Galaxy S III and with an Apple iPhone 4S. However, I couldn't see the entire page with a Motorola Droid RAZR MAXX, an HTC Droid Incredible, or an iPad 2. Another potential issue is that the top of the StandScan Pro box may not be large enough to let you balance your tablet on it. Quite aside from not being able to see a full page with the iPad 2, I had to hold the tablet with one hand to keep it from falling off the box.

Keep in mind also that, as with any scanner, what you can actually do with your scans depends on software, and the StandScan Pro doesn't come with any. There are plenty of apps you can get elsewhere, but the point is that you have to get them separately, and, in many case, pay for them. For my tests, I scanned using the default camera app in the phones and tablets I tested with. I used Abbyy FineReader 9.0 for text recognition mostly because I had it on hand.

The Unfolding Story
Setting up the StandScan Pro involves unfolding it, bending pieces along various creases, and positioning the sides so embedded magnets will hold the overlapping edges together. I found this a little hard to do the first time, mostly because I had to figure out which parts to bend. After doing it once, however, it was easy to break the StandScan Pro down to fold it into a flat, highly portable format, and at least as easy to unfold and snap it back into its working state.

The box is made from laminated heavyweight card stock, which feels a little flimsy when you're trying to put it together. However, it holds together well once all the magnets are properly aligned. The total weight is only about 11 ounces, making it light enough to bring with you without a second thought.

...And Scan
Scanning with the StandScan Pro is simply a matter of snapping a picture. As with the ScanJig, you can put a stack of pages on the document bed and work your way through them, one page at a time, fairly quickly. It took me about one minute to scan 10 pages, which is a match for the ScanJig and a lot faster than with most manual-fed scanners. As with the ScanJig also, scan quality will depend on your phone or tablet and the app you're using.

The StandScan Pro Power Bundle is the sort of gadget that the more you use it, the more you'll appreciate it. Having its own light source is a plus, but then again, having the light source is more important for the closed-box design than for the ScanJig's open design that takes full advantage of ambient light. These two products are so closely matched that choosing between them really boils down to personal taste. That said, however, the StandScan Pro Power Bundle is certainly a reasonable choice for anyone who wants to use his or her phone or tablet as a scanner substitute.

View the original article here

Google unveils second-generation Nexus 7 tablet running Android 4.3

Google is rolling out a second-generation Nexus 7 tablet designed for improved performance and portability, featuring the company's just-announced mobile operating system, Android Jelly Bean 4.3.

The device offers numerous enhancements over the original Nexus 7 tablet that Google released last year. It is also the first device to ship with Android Jelly Bean 4.3, the latest version of Google's mobile OS, the company announced Wednesday.

[ Understand how to both manage and benefit from the consumerization of IT with InfoWorld's "Consumerization Digital Spotlight" PDF special report. | Subscribe to InfoWorld's Consumerization of IT newsletter today, then join our #CoIT discussion group at LinkedIn. ]

The product was introduced by several Google executives during a meeting hosted by Sundar Pichai, head of Android, Chrome and apps at Google.

Improved portability, speed and graphics comprise the major enhancements to the Nexus 7 tablet. The device will be available in three models: a 16GB Wi-Fi version for $229, a 32GB Wi-Fi model for $269, and a 32GB 4G LTE version for $349. The Wi-Fi models will be available starting Tuesday at the Google Play store, while the 4G model will be available in the coming weeks through T-Mobile, AT&T and Verizon, the company said.

Besides the U.S., the new Nexus 7 will be available in Canada, the U.K., Spain, Korea and Australia, with more countries to follow very soon, Google said.

In terms of portability, the new Nexus 7 is almost 2 millimeters thinner than the original and about 50 grams lighter. The device features a 7-inch display, the same size as its predecessor, but packs in more pixels, Google said, going from 1280 x 800 to true 1080 HD at 1920 x 1200 pixels in the new model. It also can show a 30 percent wider range of colors and has dual stereo speakers for virtual surround sound.

The first partner to take advantage of the new 1080 HD video feature is Netflix, which supports video streaming in the high-quality format.

The tablet also sports dual cameras, with a 1.2-megapixel camera in the front and a 5-megapixel lens in the rear.

Internally, the Nexus 7 features a 1.5Ghz Snapdragon S4 Pro processor, giving it a four-times-more-powerful graphics processing unit than the original Nexus 7, Google said. The CPU is also 1.8 times faster, Google said, and the system memory has been doubled to support 2GB of RAM.

Specs also include dual-band Wi-Fi and Bluetooth 4.0 for powering peripheral low-energy devices.

The Android 4.3 software on the Nexus 7 also includes a new restricted profiles feature to give users more controls over who else can access certain content and apps on the device.

Since its launch last year, Google's Nexus 7 has accounted for more than 10 percent of all Android-based tablets sold, Google's Pichai said.

"Nexus 7 has been a big hit, and we're going to try to follow up with another one," said Hugo Barra, product manager at Google.

In recent years Google's product portfolio has expanded significantly beyond its bread-and-butter search technology. In recent months there has even been talk of Google opening brick-and-mortar retail stores to boost its efforts in selling hardware like tablets and also laptop computers with its Chromebooks.

Zach Miners covers social networking, search and general technology news for IDG News Service. Follow Zach on Twitter at @zachminers. Zach's e-mail address is zach_miners@idg.com

View the original article here

Internet traffic jams, meet your robot nemesis

On an 80-core computer at the Massachusetts Institute of Technology, scientists have built a tool that might make networks significantly faster just by coming up with better algorithms.

The system, called Remy, generates its own algorithms for implementing TCP (Transmission Control Protocol), the framework used to prevent congestion on most networks. The algorithms are different from anything human developers have written, and so far they seem to work much better, according to the researchers. On one simulated network, they doubled the throughput.

[ Also on InfoWorld: Teach your router new tricks with DD-WRT. | Get expert networking how-to advice from InfoWorld's Networking Deep Dive PDF special report. | Subscribe to InfoWorld's Data Center newsletter to stay on top of the latest developments. ]

Remy is not designed to run on individual PCs and servers, but someday it may be used to develop better algorithms to run on those systems, said Hari Balakrishnan, the Fujitsu professor in Electrical Engineering and Computer Science at MIT. For now, it's churning out millions of possible algorithms and testing them against simulated networks to find the best possible one for a given objective.

IP networks don't dictate how fast each attached computer sends out packets or whether they keep transmitting after the network has become congested. Instead, each system makes its own decisions using some implementation of the TCP framework. Each version of TCP uses its own algorithm to determine how best to act in different conditions.

These implementations of TCP have been refined many times over the past 30 years and sometimes fine-tuned for particular networks and applications. For example, a Web browser may put a priority on moving bits across the network quickly, while a VoIP application may call for less delay. Today, there are 30 to 50 "plausibly good" TCP schemes and five to eight that are commonly used, Balakrishnan said.

But up to now, those algorithms have all been developed by human engineers, he said. Remy could change that.

"The problem, on the face of it, is actually intractably hard for computers," Balakrishnan said. Because there are so many variables involved and network conditions constantly change, coming up with the most efficient algorithm requires more than "naive" brute-force computing, he said.

Figuring out how to share a network requires strategic choices not unlike those that cyclists have to make in bike races, such as whether to race ahead and take the lead or cooperate with another racer, said Balakrishnan's colleague, graduate student Keith Winstein.

"There's a lot of different computers, and they all want to let their users browse the Web, and yet they have to cooperate to share the network," Winstein said.

However, Remy can do things that human algorithm developers haven't been able to achieve, Balakrishnan said. For one thing, current TCP algorithms use only a handful of rules for how a computer should respond to performance issues. Those might include things like slowing the transmission rate when the percentage of dropped packets passes some threshold. Remy can create algorithms with more than 150 rules, according to the researchers.

View the original article here

HP, NEC to develop next-generation x86 servers

Hewlett-Packard and Japan's NEC will expand their existing partnership to develop high-end x86-based servers for cloud and Web applications.

The companies said Thursday they will team up to accelerate research on HP's next generation of blade-based server systems, which the U.S. company is gradually introducing alongside its traditional Itanium Unix-based servers. They said their focus will be on creating x86 hardware that can run with the same reliability as the Unix products, which can then be employed in mission-critical roles running today's social networks, mobile applications, and cloud-based services.

[ Dell, HP, IBM blade servers battle for the virtual data center; find out which comes out on top in InfoWorld Test Center's review. | Use server virtualization to get highly reliable failover at a fraction of the usual cost. Find out how in InfoWorld's High Availability Virtualization Deep Dive PDF special report. ]

HP is trying to catch up to rivals such as Amazon Web Services in the growing market for cloud services, while also stay competitive in hardware amid a general shift away from Unix. The company announced a strategy to pursue a hybrid cloud approach last year, based on a solution it is calling HP Converged Cloud. Last month it announced a new operating system for cloud computing, HP Cloud OS, built on the open-source hosting software platform OpenStack, but said initially the new operating system will only run on its own hardware.

The new partnership will aim to speed up the development of HP's Project Odyssey, which it first announced in 2011. The project is an attempt to integrate x86 server blades running Windows or Linux with its Itanium-based server lineup based on Unix. NEC said the companies will specifically focus on a system that HP has been developing for years called "DragonHawk," which is supposed to be able to incorporate both types of servers into a single cabinet but has been slow to materialize.

HP and NEC first began working together in 1995, offering systems built on HP's Unix-based solutions.

NEC is also trying to expand its cloud offerings, competing with local rivals like Fujitsu, which is closely allied with HP rival Oracle in server hardware. NEC runs a dozen data centers across Japan, where it counts major domestic firms and local governments among its clients.

HP is trying to turn itself around as its main PC division suffers from an overall decline in the market, and its server business attempts to adjust to the rise in cloud-based services. In May, HP said profit for the first quarter dropped 32 percent from a year earlier as sales in both its PC division and business server fell sharply. Last year the company took an $8.8 billion charge related to its acquisition of U.K. software firm Autonomy.

View the original article here

Google Play store inundated with scam apps, Symantec says

A steady stream of questionable applications is flowing daily into Google's Play store for Android devices, according to security vendor Symantec.

Over the last seven months, Symantec found more than 1,200 suspicious applications in the Play store. Google removes many shortly after they're published, but others stay in the store for a few days.

[ Security expert Roger A. Grimes offers a guided tour of the latest threats and explains what you can do to stop them in "Fight Today's Malware," InfoWorld's Shop Talk video. | Keep up with key security issues with InfoWorld's Security Adviser blog and Security Central newsletter. ]

"Although they have short lives, the apps must provide ample profit for the scammers as they show no signs of halting their development of new ones," wrote Joji Hamada of Symantec.

The applications can be difficult to assess and employ a series of maneuvers and layers in order to attempt to rip off users.

Hamada wrote one application aims to get users to subscribe to an online adult video site at a cost of more than $3,000 a year. The application's sole purpose is to launch a link to an adult website.

The website then asks the user to register in order to play videos. An email form is drafted, and the user is asked to hit send. The email, sent to the user, contains a link to another service on a different website.

This time, the user is prompted to enter a password. If that button is clicked, the phone is supplied with a number. When called, the number gives out a password. The person is then given registration details and told of a ¥315,000 ($3,200) annual fee that is due within three days.

Applications that launched only links "can be almost impossible for any system to confirm anything malicious," Hamada wrote.

"The manual steps required in this scam is another strategy used to keep the apps on the market as long as possible," Hamada wrote. "Human analysis may be the only way to discover these sorts of apps."

Apple closely examines applications submitted for its App Store, which has kept its marketplace relatively free of malware. Google also scans applications in the Play store. It also added a feature to the latest 4.3 version of the Android OS that scans any application for malicious code.

More than 100 applications similar to the adult videos one have been published on Google Play since the beginning of the month, Hamada wrote. Thirty applications from three developers are still in the market.

Symantec informs Google when it finds such applications, he wrote, but the scam applications flow into Play daily. Many of the applications float into some of the top keyword searches, apparently as the result of abuse of Play's search function.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk.

View the original article here

Google buys speech recognition patents

Google has acquired from the SR Tech Group a portfolio of U.S. patents and patent applications that includes several speech related patents.

The portfolio includes a patent covering a speech interface for search engines and a patent that covers a system for modifying and updating a speech recognition program, the SR Tech Group said in a news release on Monday.

[ Simon Phipps tells it like it is: Why software patents are evil. | Stay ahead of the key tech business news with InfoWorld's Today's Headlines: First Look newsletter. | Read Bill Snyder's Tech's Bottom Line blog for what the key business trends mean to you. ]

The patents and patent applications complement Google existing portfolio of 50,000 patents worldwide, it said. A spokesman could not immediately comment on what Google was planning to do with the patent portfolio.

Details of the deal were not disclosed.

Google has been investing in voice enabled search technology for a while. It introduced voice-enabled search for the desktop at Google's I/O developer conference in San Francisco in May. This will allow people will be able to search using voice commands on their Chrome desktops and laptops.

Conversational Search, as Google calls it, is already used on mobile devices and taps into the company's knowledge graph, which contains hundreds of millions of objects and billions of facts that enhance Google's search.

At Google I/O, Amit Singhal, a senior vice president at Google, said that voice enabled searching is another step forward to let people use Google in as natural a way as possible. Users should be able to sit back, relax and ask a question, with Google giving the answer in speech, he said.

Loek is Amsterdam Correspondent and covers online privacy, intellectual property, open-source and online payment issues for the IDG News Service. Follow him on Twitter at @loekessers or email tips and comments to loek_essers@idg.com

View the original article here

Oracle and ARM to tweak Java

Oracle and ARM are working together to make the Java programming language more suitable for ARM processors in order to encourage its use for embedded systems and enterprise software.

The work will customize the Java Platform, SE (Standard Edition) for ARM 32-bit platforms, making it more suitable for embedded systems, and the Java SE for ARMv8 64-bit platforms, where it could be used to build enterprise software and networking firmware to run on ARM servers and networking gear.

[ Learn how to work smarter, not harder with InfoWorld's roundup of all the tips and trends programmers need to know in the Developers' Survival Guide. Download the PDF today! | Keep up with the latest developer news with InfoWorld's Developer World newsletter. ]

While Java was originally developed to work across different platforms, the new work will focus on improving the throughput and scalability of Java applications on ARM multicore systems.

In the market for embedded systems, Java could play a role in the emerging, so-called Internet of things, where it could be used in conjunction with energy-efficient ARM chips to build industrial control and factory automation systems.

As ARM pitches its processors as an energy-efficient alternative to x86 chips for servers, a boost in the one of the chief programming languages and runtime environments for enterprise software could help attract more organizational customers.

An optimized JVM (Java Virtual Machine) could enhance performance of enterprise Java systems on ARM multicore systems in a number of ways, according to ARM. Bootup times could be cut and more power could be saved through the additional work.

"A diverse, optimized software ecosystem must be in place to support these systems. This extended relationship with Oracle to enhance Java SE is an important step in growing the ARM ecosystem," said Ian Drew, an ARM chief marketing officer and executive vice president for business development, in a statement.

Although ARM did not specify what work specifically the two companies would do, Java and ARM are no strangers. Oracle, and former Java owner Sun Microsystems, have been working on making Java and ARM compatible since 1996, when ARM helped port the JavaOS to the ARM architecture.

The company has done a lot of work with setting standards for Java in the embedded market in particular. ARM engineers have served on the Java EEMBC (Embedded Microprocessor Benchmark Consortium) subcommittee, which helps establish benchmark metrics for the embedded market, as well as on the Java Community Process Executive Committee, which helps to outfit Java for the embedded systems.

Joab Jackson covers enterprise software and general technology breaking news for The IDG News Service. Follow Joab on Twitter at @Joab_Jackson. Joab's e-mail address is Joab_Jackson@idg.com

View the original article here

Open-source project Crypton seeks to make encryption easier

An open-source software project aims to give software developers a simple way to wrap encryption into their applications to thwart online surveillance efforts.

The project, called Crypton, comes from SpiderOak, a company known for its Dropbox-like online storage and synchronization service. SpiderOak differentiates itself by encrypting data in a such a way that none of its employees can access it, unlike Dropbox, where a few employees do have limited access to some kinds of data.

[ Build and deploy an effective line of defense against corporate intruders with InfoWorld's Encryption Deep Dive PDF expert guide. Download it today! | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. ]

Crypton started out as an internal tool that SpiderOak needed for some of its other software projects, said CEO Ethan Oberman. The company wanted a way for data to be securely encrypted without the need for users to download a separate program.

SpiderOak also wanted to create an easy way for application developers to utilize encryption, which can be notoriously complex and prone to implementation errors.

"We wanted to develop more of a privacy platform that other developers and companies could use to integrate privacy in their applications without having to be cryptographers," Oberman said. "We want people to understand the power of privacy and understand it is not an interference and not an inhibitor to product development."

Crypton is essentially a framework that allows applications to encrypt data within a web browser before it is sent to a remote server.

Advancements in web browsers over the last few years have made Crypton possible. The JavaScript engines in web browsers are much more powerful and can handle intensive encryption tasks such as generating the key needed to lock and unlock encrypted data, Oberman said.

Users have peace of mind that even if a company was subpoenaed by a court, the company would not be able to decrypt the data, making it useless, Oberman said. The encryption keys remain on a user's computer.

The same approach is being used by Mega, the online storage service from Kim Dotcom that succeeded his controversial Megaupload service.

How secure data is from prying eyes and spies has become increasingly discussed after extensive U.S. government surveillance programs were revealed in June by former NSA contractor Edward Snowden.

"There are portions of our digital lives or our documents or things that are important to us that we do really want to retain privacy over," Oberman said.

SpiderOak plans to use Crypton for a secure instant messaging application and collaboration program it is working on, Oberman said. Crypton will work with desktop, web and mobile applications.

An early version of the code is on GitHub, and a more complete version should be available in about six weeks. SpiderOak plans to license it under the AGPL version 3, which allows people to use Crypton for open-source projects for free.

If a company wants to build a closed-source commercial service with Crypton and not contribute code changes back to the community, it can choose to pay SpiderOak a license fee, Oberman said.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk.

View the original article here

Oracle hitches Java to 'Internet of things'

With an upgrade to the embedded version of Java announced Tuesday, Oracle wants to extend the platform to a new generation of connected devices, aka the Internet of things. Oracle also hopes that Java can supplant the C language in some embedded development projects.

The company is releasing Oracle Java ME (Micro Edition) Embedded 3.3 and Oracle Java ME Software Development Kit 3.3, providing a client Java runtime and toolkit for microcontrollers and resource-constrained devices. Version 3.3 is geared to low-powered devices and systems without screens or user interfaces. It also supports the ARMv5 through ARMv7 chip architectures and enables greater connectivity between edge devices and network peripherals and systems.

Oracle anticipates that Java developers can leverage their skills building applications for very small devices to begin developing solutions for the Internet of things, which includes devices ranging from street lights to home automation and security systems, said Peter Utzschneider, Oracle vice president of product management: "It's basically the third generation of the Internet."

An analyst sees a shift from C toward Java in the embedded space. "There's just a growing interest in object-oriented languages and a move away from C," said Christopher Rommel, vice president of machine-to-machine and embedded technology at VDC Research. Oracle is making strides in addressing segments of the marketplace that historically have not been large users of Java, he said. Java and C rest atop the monthly Tiobe Programming Community Index, which gauges the popularity of programming languages.

The Java ME 3.3 Embedded rollout features improved device APIs to increase the number of external peripherals that can be integrated, runtime monitoring, and logging enhancements are featured. Supported developer boards include Raspberry Pi and Keil STM32 F200 Evaluation Board. Java ME SDK 3.3 backs Windows 7 32-bit and 64-bit systems in addition to Windows XP 32-bit, and it has plug-ins for the NetBeans IDE and Eclipse.

Oracle also is looking to provide partners with the ability to customize Java ME embedded products for different device types and market segments with its Oracle Java Platform Integrator program, which provides support, patches, and updates. Downloads of Oracle's embedded Java technologies are available at Oracle's website.

This story, "Oracle hitches Java to 'Internet of things'," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow InfoWorld.com on Twitter.

View the original article here

PayPal opens up bug bounty program to minors

PayPal is opening up its bug bounty program to individuals aged 14 and older, a move intended to reward younger researchers who are technically ineligible to hold full-fledged PayPal accounts.

PayPal's program, which is a year old this month, only applied to those 18 years and older. Under the old rule, participants in the program were required to hold valid accounts, which excluded minors, said Gus Anagnos, PayPal's director of information security.

[ Also on InfoWorld: Where are the kid coders? Not in U.S. schools. | Security expert Roger A. Grimes offers a guided tour of the latest threats and explains what you can do to stop them in "Fight Today's Malware," InfoWorld's Shop Talk video. | Keep up with key security issues with InfoWorld's Security Adviser blog and Security Central newsletter. ]

In May, 17-year-old Robert Kugler, a student in Germany, said he'd been denied a reward for finding a vulnerability. PayPal said the bug had already been found by two other researchers, which would have made Kugler ineligible for bounty.

In an apparent miscommunication, Kugler said he was initially told he was too young rather than the bug had already been discovered. Nonetheless, PayPal said it would look to bring younger people into its program, which pays upwards of $10,000 for remote code execution bugs on its websites.

Those who are under 18 years old can receive a bug bounty payment through a PayPal student account, an arrangement where a minor can receive payments via their parent's account, Anagnos said.

Anagnos said other terms and conditions have been modified to make its program more transparent, such as clarifying which PayPal subsidiaries and partner sites qualify for the program.

PayPal pays much less for vulnerabilities on partner websites, which have a URL form of "www.paypal-__.com." A remote execution bug found on that kind of site garners only $1,500 rather than up to $10,000 on the company's main sites.

Like other bug bounty programs run by companies such as Microsoft and Google, PayPal will publicly recognize researchers on its website with a "Wall of Fame" for the top 10 researchers in a quarter. Another "honorable mention" page lists anyone who submitted a valid bug for the quarter.

Eusebiu Blindu, a testing consultant from Romania, was one of the researchers listed on the Wall of Fame for the first quarter of this year.

"I think Paypal is the best bug bounty program, and I am glad I participated in it from the first days of its launching," he wrote on his blog.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk.

View the original article here

Researcher claims responsibility for security breach at Apple developer website

An independent security researcher claimed responsibility for the security breach incident that forced Apple to close down its Developer Center website last week.

Ibrahim Balic claims that he reported the vulnerability to Apple and didn't act with any malicious intentions, but he confirmed extracting user IDs, names, and email addresses from the website.

[ Learn how to greatly reduce the threat of malicious attacks with InfoWorld's Insider Threat Deep Dive PDF special report. | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. ]

On Sunday, Apple announced that an intruder broke into its developer website and attempted to download the personal information of users registered on the site. The site had been offline since Thursday.

"Sensitive personal information was encrypted and cannot be accessed, however, we have not been able to rule out the possibility that some developers' names, mailing addresses, and/or email addresses may have been accessed," the company said in a message posted on the site's home page.

Balic, a security researcher who is based in London, tried to clarify his involvement in the incident via Twitter and in a video posted on YouTube.

"This is definitely not a hack attack; I have reported all the bugs," Balic said Monday on Twitter. "I am not an hacker, I do security research," he said in a separate message.

Balic's name is listed on Facebook's acknowledgement page for security researchers who responsibly reported security issues to the company.

"I reported security bugs to Facebook and Opera before over numerous times," Balic said Tuesday via email.

He posted a video on YouTube in order to demonstrate how the exploit works, but he has since removed it because it exposed the information of some users. The title of the video suggested that he had gained access to the details of over 100,000 Apple Developer Center accounts.

"The video is now removed from YouTube," Balic said on Twitter. "I apologize for sharing some of the confidential information."

He confirmed via email that he obtained the names, email addresses and user IDs associated with over 100,000 Apple Developer Center users.

The vulnerability exploited to extract the information was reported to Apple via the company's "Bug Reporter" system along with other issues, Balic said. Apple shut down the Developer Center website four hours after the last report was sent, he said.

Balic claims that the company did not respond to his reports until today, when he received an email saying that the issues are being investigated.

Apple did not respond to a request for comment filed Monday.

Some people on Twitter and in comments on other websites criticized Balic's decision to download over 100,000 user details and the subsequent exposure of the now-removed YouTube video.

View the original article here

Researchers spot new breed of infected Android apps in the wild

Cyber criminals are successfully using a recently found Master Key vulnerability to inject malicious code into legitimate Android apps without invalidating their digital signatures. The code enables the attacker to remotely take control of infected devices, steal sensitive data, send texts, and disable select security applications using root commands.

The news, which comes from Symantec, certainly won't help Android's reputation for being insecure: Earlier this year, McAfee reported that Android was the mobile platform target of choice among cyber criminals. More recently, Kindsight Security Labs reported an increasing number of Android devices are infected with malware capable of transforming them into spy tools.

In this latest spate of Android infections, bad guys are exploiting the Master Key vulnerability to hide code inside apps, letting them use existing permissions to manipulate infected devices. An attacker can "remotely control devices, steal sensitive data like IMEI (International Mobile Equipment Identity) and phone numbers, send premium SMS messages, and disable a few Chinese mobile security software applications by using root commands," according to the company.

The perpetrator is using a recently discovered Master Key vulnerability in Android, which lets a would-be attacker inject malicious code into legitimate Android apps without invalidating their digital signatures. "Using the vulnerability, the attacker has modified the original Android application by adding an additional classes.dex file (the file that contains the Android application code) and also adding an additional Android manifest file (the file which specifies permissions)," according to Symantec.

This approach represents an evolution in malicious-code injection: Previously, attackers had to change "both the application and publisher name and also sign any Trojanized app with their own digital signature. Someone who examined the app details could instantly realize the application was not created by the legitimate publisher," Symantec reported earlier this month. "Now that attackers no longer need to change these digital signature details, they can freely hijack legitimate applications, and even an astute person could not tell the application had been repackaged with malicious code."

Notably, the six infected apps spotted by Symantec are all geared toward Chinese-language speakers: Two are legitimate applications for finding doctors and making appointments, available via Android marketplaces in China. The others include a news app, a couple of games, and a betting and lottery app, according to Symantec.

That doesn't mean Android users who use apps in languages other than Chinese should rest easy, though: It's entirely plausible that infected versions of apps in English and other languages are forthcoming if not already in the wild as well.

This story, "Researchers spot new breed of infected Android apps in the wild," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow InfoWorld.com on Twitter.

View the original article here

Security researcher claims good intentions in hacking Apple Dev Center

Apple has finally explained why its Dev Center has been mysteriously shut down since last Thursday: An intruder broke in to the company's developer site in an attempt to steal registered developers' personal information. While Apple says it's in the process of "completely overhauling" its developer systems, updating its server software, and rebuilding its entire database, a Turkish security researcher named Ibrahim Balic has emerged claiming credit for the successful hack -- and claiming he had only the best white-hat intentions.

Balic's tale is reminiscent of other security researchers who claim to have breached a third party's systems or software for the greater good. Whether Apple or affected developers will share his view that he was acting in their best interests (as well as Apple's) remains to be seen; for the time being, it's not crystal clear what went down.

Apple's take on the breach goes like this:

Last Thursday, an intruder attempted to secure personal information of our registered developers from our developer website. Sensitive personal information was encrypted and cannot be accessed, however, we have not been able to rule out the possibility that some developers' names, mailing addresses, and/or email addresses may have been accessed.... In order to prevent a security threat like this from happening again, we're completely overhauling our developer systems, updating our server software, and rebuilding our entire database.

Apple has since told TechCrunch that only developer accounts and not iTunes accounts were compromised and no credit card data was stolen. Developers, however, have reported receiving unsolicited password reset requests.

Since Apple revealed the breach, Balic has come forward to claim credit for discovering the vulnerability in the Dev Center site as well as 12 other bugs. He has also posted a video on YouTube (which at time of writing has been set to private), showing he had in his possession developer credentials extracted from Apple's developer database. However, he claims that his intention all along has been to light a fire under Apple's bottom to fix the bugs before a malicious hacker exploited them.

Balic posted his confession to the Comments section of TechCrunch. Following are some excerpts (with spelling and grammar corrected for clarity):

My name is Ibrahim Balic, I am a security researcher. You can also search my name [on] Facebook's Whitehat List. I do private consulting for particular firms. Recently I have started doing research on Apple....

In total I have found 13 bugs and have reported through http://bugreport.apple.com. I gave details to Apple as much as I [could], and I've also added screenshots. One of those bugs has provided me access to users details. I immediately reported this to Apple. I have taken 73 users details (all Apple workers only) and [provided] them as an example. Four hours [after] my final report, [the] Apple developer portal [was] closed down.

Balic claimed that Apple never responded to his reports but has since learned that the company has contacted law enforcement to investigate: "I'm not feeling very happy with what I read and [I am] a bit irritated, as I did not [do] this research to harm or damage," he said. "I didn't attempt to publish or have not shared this situation with anybody else. My aim was to report bugs and collect the data for the [purpose] of seeing how deep I can go within this scope.

"I do not want my name to be in blacklist," he concluded. I'm keeping all the evidences, emails, and images; also I have the records of bugs that I made through Apple bug report."

Balic appears to have lost sympathy from some observers for two reasons: First, he posted the aforementioned video to the public -- and neglected to redact the names and email addresses he'd collected. (I had a chance to view the video before Balic changed the privacy setting on YouTube.)

Second, Balic claimed in the same admission that he took only 73 users' details and has "100,000-plus user details." That's an obvious contradiction, though whether Balic took 73 users' details or 100,000, Apple developers should be rightly concerned. The Dev Center clearly has been breached by at least one third party, and Apple is worried enough to have shut down the Dev Center for days to pour time and resources into rebuilding the database and overhauling the site.

Developers also may not find much comfort in Apple's assurances that "sensitive personal information was encrypted and cannot be accessed." If cyber criminals have gotten their hands on developers' contact info, they're a step away from getting their hands on associated password information, either via cracking or spear-phishing. The last thing a developer wants is to have a bad guy take control of his or her developer account and attempt to propagate malware in his or her name.

For the time being, we don't know Balic's true intentions. We don't know someone other than Balic knew about the vulnerability that enabled him to make off with either 73 or 100,000-plus developers' data. What's clear, though, is that if you're an Apple Developer, you need to be mindful that your account may have been breached and to take necessary precautions to change your password as soon as possible.

This story, "Security researcher claims good intentions in hacking Apple Dev Center," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow InfoWorld.com on Twitter.

View the original article here

SIM card hack has severe implications for business

It's amazing it took so long. More than 20 years after its initial development, the SIM card has been hacked. A German cryptographer named Karsten Nohl will be presenting findings to that effect at the annual Black Hat computer security conference at the end of the month.

The impact of hacked SIM cards, one of the few stalwarts in the high-tech industry that has not seen a serious exploit, could be monumental. The exploit involves simply sending a specially configured, hidden SMS to the phone, giving the attacker an easy way around that phone's built-in encryption. Ultimately this would then give the attacker the ability to do all manner of nasty things, from having the phone send pricy for-pay text messages to recording telephone conversations. While some seven billion SIM cards are in use today, Nohl estimated that roughly half a billion mobile devices worldwide would currently be vulnerable to this type of attack.

[ iOS vs. Android vs. BlackBerry vs. Windows Phone -- see how mobile security measures up in each OS in InfoWorld's breakdown. | Keep up on key mobile developments and insights with the Mobilize newsletter. ]

Fixes are already in the works, but as any IT manager who's survived an old-fashioned Windows virus onslaught knows, a fix does not necessarily equal a solution. Even if patches are made available, that's no guarantee they'll be universally rolled out in a timely fashion. SIM cards can be updated invisibly over the air by network operators, but that poses a secondary problem. Because users have no visibility into whether their phones are vulnerable to the attack or not, wireless customers won't know whether or not their devices are safe.

For individuals, the risk of someone hijacking your phone and listening in on calls or making phony purchases is bad enough.

For business users, these problems may soon be compounded considerably.

As business data continues to move from the desktop PC to mobile devices, even rank-and-file employees are finding themselves walking around with a mountain of sensitive data in their pocket or purse. Lost and stolen phones have become an epidemic for the corporate world, and solutions to this dilemma have been unbearably slow in presenting themselves. Compound that with the risk that a large number of business devices may also be able to be attacked via a remote exploit and cell phones are looking increasingly like the weak link in any business's infrastructure.

Let's say a business does take steps to secure its handsets and ensure that SIM cards are properly patched and safe from attack. What then? Even if businesses correct company-owned devices, plenty of risks are sure to remain, thanks to the rise of BYOD (bring your own device) programs. BYOD, for the uninitiated, is the policy of allowing employees to use their own phone or tablet for work -- often in lieu of issuing them a company-owned mobile phone or even a landline. This saves the company money but remains a serious security risk -- doubly so given the current news, since BYOD devices can't be easily patched or protected from a central location.

Finally, as phone-based commerce becomes increasingly popular, this opens up yet another avenue where businesses will face risks. Hackers could theoretically redirect payments or change the amounts involved, potentially leaving merchants high and dry at the end of a transaction.

View the original article here

SIM cards vulnerable to hacking, says researcher

Millions of mobile phones may be vulnerable to spying due to the use of outdated, 1970s-era cryptography, according to new research due to be presented at the Black Hat security conference.

Karsten Nohl, an expert cryptographer with Security Research Labs, has found a way to trick mobile phones into granting access to the device's location and SMS functions and allow changes to a person's voicemail number.

[ Security expert Roger A. Grimes offers a guided tour of the latest threats and explains what you can do to stop them in "Fight Today's Malware," InfoWorld's Shop Talk video. | Keep up with key security issues with InfoWorld's Security Adviser blog and Security Central newsletter. ]

Nohl's research looked at a mobile phones' SIM (Subscriber Identification Module), the small card inserted into a device that ties it to a phone number and authenticates software updates and commands sent over the air from an operator.

More than 7 billion SIM cards are in use worldwide. To ensure privacy and security, SIM cards use encryption when communicating with an operator, but the encryption standards use vary widely.

A mobile communication trade group, the GSM Association, said in a statement that only a "minority" of SIM cards that use older encryption standards would appear to be vulnerable.

"There is no evidence to suggest that today's more secure SIMs, which are used to support a range of advanced services, will be affected," GSMA said.

Nohl's research found that many SIMs use a weak encryption standard dating from the 1970s called DES (Data Encryption Standard), according to a preview posted on his company's blog.

DES has long been considered a weak form of encryption, and many mobile operators have upgraded now to more secure forms. It is relatively easy to discover the private key used to sign content encrypted with DES.

In its experiment, Security Research Labs sent a binary code over SMS to a device using a SIM with DES. Since the binary code wasn't properly cryptographically signed, it would not run on the device.

But while rejecting the code, the phone's SIM makes a crucial mistake: it sends back over SMS an error code that carries its own encrypted 56-bit private key, according to the company. Because DES is considered a very weak form of encryption, it's possible to decrypt the private key using known cracking techniques.

Security Research Labs did it in about two minutes on a regular computer with the help of a rainbow table, a mathematical chart that helps convert an encrypted private key or password hash into its original form faster.

With the private DES key in hand, it is then possible to "sign" malicious software updates with the key, and send those updates to the device. The device believes the software comes from a legitimate source and then grants access to sensitive data.

GSMA said that it has not seen the full details of Nohl's research, but that use of the DES algorithm has been "discontinued in over the air (OTA) standards for several years."

Security Research Labs outlined an attack scenario against SIM cards that run some form of Java virtual machine, a software framework for Java applications.

Using the SIM's private key, an attacker could force the SIM to download Java applets, which are essentially very small programs that perform some function. Those applets would be "allowed to send SMS, change voicemail numbers, and query the phone location, among many other predefined functions."

"These capabilities alone provide plenty of potential for abuse," the company wrote.

Possible remedies to the problem including ensuring SIM cards use state-of-the-art cryptography and also using Java virtual machines that restrict applets' access to certain information.

GSMA said it has already provided guidance to network operators and SIM vendors that might be affected by Nohl's findings.

Nohl's presentation, "Rooting SIM cards," will take place at the Black Hat security conference in Las Vegas on July 31.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

View the original article here

Software employment grows 45 percent in 10 years as angst in engineering grows

You may remember Darin Wedel. Early last year, his wife, Jennifer, asked President Barack Obama during a town hall-style conference call, about H-1B visas. Her husband had been laid off from Texas Instruments, she told him, despite strong credentials that included a patent he held.

Why does the government continue "to issue and extend H-1B visas when there are tons of Americans just like my husband with no job?" Mrs. Wedel asked the president.

[ Keep up on the day's tech news headlines with InfoWorld's Today's Headlines: Wrap Up newsletter. ]

Obama never directly answered the question. But he backs immigration reform legislation approved in the Senate that will substantially raise the base 65,000 cap on H-1B visas to as high as 180,000.

What that H-1B change would mean for electrical engineers, if the House agrees to the legislation, remains to be seen. Wedel, who trained as an electrical engineer and worked in the semiconductor industry, has been in the bull's-eye of some of the most turbulent changes in his field.

Software development employment has increased over the past 10 years, but not all IT areas are doing as well. And electrical engineering declined over this same period.

Some of that decline is a consequence of a fall-off in manufacturing, argue some. Offshore outsourcing gets blamed, as more engineering is done overseas.

Engineering is connected to manufacturing, and "manufacturing is shrinking as a fraction of our economy, as work moves offshore," said Stan Sorscher, labor representative at the SPEEA (Society for Professional Engineering Employees in Aerospace), a union representing more than 24,000 scientists, engineers, technical and professional employees in the aerospace industry.

"Engineering work follows manufacturing," said Sorscher, who has a Ph.D. in physics. "As low-tech suppliers take on more complex work, they will necessarily develop their own capacity for manufacturing R&D. As part of the offshoring business model, U.S.-based manufacturers transfer manufacturing technology to foreign suppliers and often integrate the offshore manufacturing into the overall design process," he said.

Wedel has found new work. He has been employed for about a year as a quality engineer for a large eye care/pharma company.

Ask about outsourcing, Wedel said it has "affected just about anyone with a technical degree -- it's purely business getting its way with government. Lobbyists have bamboozled our politicians into thinking we have a shortage of qualified engineers and that we need to import more via the H-1B -- simply not true.

"For electrical engineers, unless you are in the actual design of circuits, then you're not in demand," said Wedel, arguing that much of the job loss in the field is due to the closing of fabrication facilities.

Electrical engineers "are the life blood of our industry, whether they are designing, manufacturing or selling our products," Darla Whitaker, senior vice president, worldwide Human Resources, for Texas Instruments, testified during a 2011 Congressional hearing. Whitaker urged Congress to do more to improve immigration.

View the original article here

The open source job market is booming

Apparently, the notion of free software has not killed off job opportunities in the software space. Open source software is in fact creating numerous job opportunities, if the multitude of companies hiring at this week's OSCON (O'Reilly Open Source Convention) are any indication.

A walk through the convention floor in Portland features numerous companies advertising their need for more people. "This conference in two words? 'We're hiring,'" said conference attendee Tim Bray, the XML co-inventor who now is a developer advocate at Google. "Everybody's got a 'we're hiring' booth." Bray sees it as a symptom of an improved economy and open source becoming mainstream.

When open source software began taking a serious hold on the software industry more than a decade ago, it was feared that the commercial software market would not survive the onslaught of free software. But not only is commercial software software still thriving, open source itself is providing new employment opportunities for developers and others. Companies ranging from music service provider Spotify to educational content provider Wikimedia to online travel service vendor Expedia and cloud vendor Amazon Web Services made known their need for more people to the folks walking around OSCON. Booking.com, which provides online hotel reservations, is looking for developers, engineers, MySQL DBAs, and Web designers. The company notes its use of Apache, MySQL, Git, and Linux. Even a billboard within view of the convention center, posted by Web hosting company HostGator, professes "Do you know Linux? We are hiring!"

Wikimedia, which relies on open source for development and deployment, is mostly hiring in engineering. "There's a lot of work to be done, and we're definitely growing," said Wikimedia recruiter Heather McAndrew. Linux-based Web hoster Inmotion hosting also made known its need for people. "We're are always hiring, especially for tier 1 support reps," said Matt Bell, a consultant at the company. The company has grown from about 25 persons to about 200 people in about four years, he said.

It certainly is a good time to have expertise in open source technologies. The jobs are out there.

This story, "The open source job market is booming," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow InfoWorld.com on Twitter.

View the original article here

When tech stalls, flat earnings count as a win

The tech industry's doldrums drag on, with earnings wilting like the East Coast under a heat wave. After Google's and Microsoft's disappointing results last week, Apple's announcement of flat earnings this week could almost be seen as a big win.

Microsoft especially missed big in its fourth-quarter earnings. As The Seattle Times noted, the company was "hit especially hard on the sales side by the slumping PC market and on the profit side by a write-down in the inventory of Surface RT tablets."

InfoWorld's Woody Leonhard wrote that the earnings report "begs the question of what Microsoft will do next, as PC sales inexorably fall into the abyss -- first for consumers, then for companies." His take? Look for more financial sleight of hand from Microsoft, including updated Windows 8 sales numbers showing a healthy increase in the number of licenses sold, and organizational changes designed to make things look rosy -- from an accounting point of view at least.

Google also failed to meet expectations, as its search business continued to slow and the cost of paid clicks fell 6 percent compared to the same period last year. As Sam Grobart of Bloomberg Businessweek writes, "Google is part of an elite club of otherwise-wildy successful companies (Facebook,Yahoo, Twitter) with highly capable, well-educated employees who can't seem to get a handle on mobile advertising for love or money." Grobart continues:

Google gives away its operating system, Android, for free, because the company wants as many people using the Internet as possible. The more people online, the more searches. The more searches, the more revenue for Google. But if the rates for those searches continue to fall, how long can that strategy last?

Meanwhile, some analysts are grousing that prices at Apple aren't falling fast enough. While the company's earnings remained flat versus a year ago, sales of iPods, iPads, and Macs all declined. An analyst with Technology Business Research says that in order "to keep selling large numbers of iPads, keep the competition at bay and protect its ecosystem, Apple has to recognize that the gravy train days of outrageous margins are over."

InfoWorld's Bill Snyder has a different take on Apple's higher prices and margins, which he says tell you two things: "It produces very efficiently, and buyers are willing to pay more for its products."

And while growth at Apple may be slowing, as InfoWorld's Galen Gruman writes, "It tells you something that Apple's performance, as modest as it was, is considered to be good compared to its traditional competitors." Also in Apple's favor: The company traditionally introduces new products in the fall, with recent speculation centering on a new iPad mini tablet and possible iWatch.

There are also signs the economic slowdown is spreading, as China's manufacturing activity in July contracted at its quickest pace since last summer. As the New York Times noted, "This could also be bad news for the rest of the world, which had been hoping that booming expansion in Asia could inject some much-needed oxygen into a global economy that is weighed down by anemic growth in the West."

So it's a safe bet that the doldrums dragging down tech will linger a while longer.

This story, "When tech stalls, flat earnings count as a win," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow InfoWorld.com on Twitter.

View the original article here

With Chromecast, Google reveals Chrome as its strategic big gun

Chrome is Google and Google is Chrome.

The Chrome browser is Google's most potent strategic weapon, a former Microsoft program manager said last week.

[ Get your websites up to speed with HTML5 today using the techniques in InfoWorld's HTML5 Deep Dive PDF how-to report. | Learn how to secure your Web browsers in InfoWorld's "Web Browser Security Deep Dive" PDF guide. ]

"Chrome is the focus at Google; Android is an afterthought," asserted Ben Thompson, who writes on his Stratechery blog. Thompson, who left Microsoft earlier this month, has quickly made a name for himself with insights into the technology market, in particular Microsoft, Apple and Google, ranging from Microsoft's massive reorganization to the possible role for a larger, 13-inch iPad.

"Chrome shouldn't be thought of as a Web browser," Thompson wrote. "Rather, it's an optimized bi-directional delivery vehicle: the best experience with Google services for users, and maximum user data for Google. And it runs everywhere. This is why Google has been investing millions of dollars in building the Chrome brand."

Thompson's latest post was reacting to the debut of Chromecast, the $35 stream-to-TV device Google introduced last week. Chromecast, said Google, is powered by a simplified version of Chrome OS. (Although GTVHacker.com claimed Chromecast is "more Android than ChromeOS.")

"As a horizontal company, Google wants to be on every screen, and their vehicle to accomplish that across verticals, both from a technical and brand perspective, is Chrome," Thompson added. By "verticals," Thompson meant "devices."

It's hard to argue with Thompson.

Google has been expending significant resources to push Chrome into as many corners as possible.

Not only is Chrome (the browser) available for all major desktop and mobile platforms -- from Windows and OS X to Android and iOS -- the major features of Chrome OS are being added to the browser, including packaged, nee "native," Web apps and the ability to view and edit Microsoft Office documents.

The goal? From Thompson's viewpoint, control of a "multi-screen world."

Others have had similar thoughts.

"It looks like Google is defining the Chrome platform as what I'd call 'Web Platform Plus,' and intends for Chrome OS and the Chrome browser to be a 'platform on a platform' on any device it is permitted to run on," said IDC analyst Al Hilwa in a May interview, months before Chromecast.

By defining that "platform on a platform" -- Chrome on Windows, on Android, on iOS, on OS X, on the television -- Google is trying to turn as many devices and screens as possible into ones locked into the company's ecosystem, keep users loyal to that same ecosystem of sites, service and apps, and entice others to join them.

View the original article here

Canonical to crowdfund first batch of Ubuntu Edge phones

IDG News Service - Canonical is taking its innovative smartphone design directly to potential customers. The company has launched a crowdfunding campaign to build the original batch of its planned Ubuntu Edge devices.

Canonical hopes to raise $32 million within 30 days, to build 40,000 units. It will use the Indiegogo service and the Paypal electronic payment service, to collect the contributions.

"We'll use crowdfunding to see if there is a real market," said Mark Shuttleworth, Ubuntu founder, in a press conference. "Today there are very few people who decide what will go into the next generation of handsets. And they can't possible get it right all the time. With crowdfunding, we can connect the passionate forward-thinking types directly to manufacturers."

Contributors who pledge $600 on Tuesday, or $830 for the remaining 29 days, will get one of the devices, which are due to be shipped in May 2014. Canonical will not build the phones should the full $32 million not be donated, though handset manufacturers have indicated a willingness to build the phones on their own, should they receive sufficient interest from the phone carriers.

Like Microsoft did with its Windows RT tablets, Canonical is hoping to kickstart interest among device manufacturers for an innovative hardware design by introducing its own device. Unlike Microsoft, Canonical has no plans to stay in the hardware market after this test run of devices. The company plans to break even in this project, though obviously it will benefit by raising awareness of the Ubuntu Edge.

Ubuntu sees two potential users of Ubuntu Edge: early adopting consumers and the organizations that wish to use the product as a combined smartphone and a sort of thin-client device to power worker desktops.

The Ubuntu Edge is a unique smartphone design in that it would be the first that could be used as a smartphone as well as a full-fledged personal computer, when docked to a monitor with an HDMI cable and linked to an optional keyboard and mouse.

Canonical's idea is that the user can use the phone when out and about, but switch to a PC when docked, thereby consolidating two devices into a single one.

"If you only have to buy one set of RAM, CPU and storage and CPU for your phone, your tablet and your PC, there are enormous savings there in doing that," Shuttleworth said. "If developers only have to target one platform, there are enormous benefits for them."

"This will be the first phone you can connect to a screen and get a full PC experience," Shuttleworth said. The Ubuntu Edge would dual boot both the Ubuntu desktop OS and Android.

Reprinted with permission from IDG.net. Story copyright 2012 International Data Group. All rights reserved.

View the original article here

Chief Digital Officer: Hot new tech title or flash in the pan?

Computerworld - There's a new C-level executive -- the Chief Digital Officer (CDO) -- in the boardroom, charged with ensuring that companies' massive stores of digital content are being used effectively to connect with customers and drive revenue growth.

At first blush, an executive title that includes the word "digital" would seem to encroach on IT's territory. Not so, observers say -- but that doesn't mean tech leaders don't need to be prepared to work closely with a CDO somwhere down the line.

Gartner last year reported that the number of CDOs is rising steadily, predicting that by 2015, some 25% of companies will have one managing their digital goals, according to analyst Mark P. McDonald. (See also CDOs by the numbers.)

While media companies are at the forefront of this movement, McDonald says, all kinds of organizations are starting to see value in their digital assets and in how those assets can help grow revenue.

"I think everybody's asking themselves whether they need [a CDO] or should become one," McDonald enthuses. "Organizations are looking for some kind of innovation or growth, and digital technologies are providing the first source of technology-intensive growth that we've had in a decade."

While the CIO and the CDO are both concerned with digital information, their responsibilities diverge sharply.

"The role of IT in the past has been to procure and secure IT equipment for the company, lock [data] up and bolt it down," says Jason Brown, the CDO for trade show and event management company George Little Management. "Whereas with digital content, you want to get it out to the world so the rest of the world can see it and access it. I don't care about Exchange servers, Web servers or any of that stuff," continues Brown, who was hired in September 2011 as George Little's first-ever CDO, reporting to the company's CEO. (Previously he worked as a vice president of digital media for what is now events and media company UBM Canon.)

"I'm interested in building products that can be monetized," he says. "Companies need to look at their products and see areas where they can make money digitally." (For details, see Digital assets defined.)

Organizations including Sears, Starbucks, Harvard University, the City of New York and many others have hired CDOs, says David Mathison, founder of the Chief Digital Officer Club, where current and would-be CDOs can find training, job opportunities and more. Their goal? To improve efforts in digital content promotion, a motive shared by CDOs from Forbes, Columbia University and elsewhere, who described to Computerworld how they go about helping their companies take advantage of their large digital resources.

According to estimates from CDO Club founder David Mathison, the top three kinds of companies hiring CDOs today are advertising agencies, publishers and broadcasters, while the biggest growth is being seen in the non-profit sector and state and local governments.

"When I started tracking this two years ago, there were 75 CDOs worldwide in major organizations," says Mathison, who curated the first-ever CDO Summit last February. "Today there are hundreds -- more than 300 at most recent count."

Mathison started tracking CDOs in August 2011 while working at the search firm Chadick Ellig, and he has continued his analysis via conversations and interviews with corporate executives and by reviewing hundreds of resumes and online profiles.

That research, plus data from CDO Club members, indicates that salaries for a Chief Digital Officer range from $89,000 to $600,000, depending on the business sector and location, with the median falling between $250,000 and $300,000, he says.

Small and midsize businesses are moving to the cloud to host their communications capabilities. Learn how enterprise-quality phone benefits, online management, conferencing, auto attendant, and ease of use are built into a system that is half the cost of a PBX.

Read now.

View the original article here

Chambers: Cisco will become the number 1 IT company

Network World - Think software-defined networking will change the industry? You're thinking way too small, according to Cisco CEO John Chambers. In Cisco's strategy, SDN is just a single element in a holistic architecture that brings intelligence, programmability and application awareness to every facet of your infrastructure and spans the data center to the cloud. In this installment of the IDG Enterprise CEO Interview Series, Chambers spoke with Chief Content Officer John Gallant about the power of Cisco's Unified Framework and how delivering on that vision could make Cisco the number one IT company overall. No small ambition there.

Chambers also explained the role the much-talked about spin-in venture Insieme plays in that strategy and why competitors will struggle to keep up with Cisco's architectural play. He also talked about what IT leaders should be doing to drive the Internet of Everything and why customers should expect big changes in the network and IT vendor landscape in the years ahead.

What's your feeling about the overall economic state of IT in the U.S. right now?

Learn More

Already an Insider? Sign in

Reprinted with permission from NetworkWorld.com. Story copyright 2012 Network World, Inc. All rights reserved.

View the original article here

Google buys speech recognition patents

IDG News Service - Google has acquired from the SR Tech Group a portfolio of U.S. patents and patent applications that includes several speech related patents.

The portfolio includes a patent covering a speech interface for search engines and a patent that covers a system for modifying and updating a speech recognition program, the SR Tech Group said in a news release on Monday.

The patents and patent applications complement Google existing portfolio of 50,000 patents worldwide, it said. A spokesman could not immediately comment on what Google was planning to do with the patent portfolio.

Details of the deal were not disclosed.

Google has been investing in voice enabled search technology for a while. It introduced voice-enabled search for the desktop at Google's I/O developer conference in San Francisco in May. This will allow people will be able to search using voice commands on their Chrome desktops and laptops.

Conversational Search, as Google calls it, is already used on mobile devices and taps into the company's knowledge graph, which contains hundreds of millions of objects and billions of facts that enhance Google's search.

At Google I/O, Amit Singhal, a senior vice president at Google, said that voice enabled searching is another step forward to let people use Google in as natural a way as possible. Users should be able to sit back, relax and ask a question, with Google giving the answer in speech, he said.

Loek is Amsterdam Correspondent and covers online privacy, intellectual property, open-source and online payment issues for the IDG News Service. Follow him on Twitter at @loekessers or email tips and comments to loek_essers@idg.com

Reprinted with permission from IDG.net. Story copyright 2012 International Data Group. All rights reserved.

View the original article here

Google Play store inundated with scam apps, Symantec says

IDG News Service - A steady stream of questionable applications is flowing daily into Google's Play store for Android devices, according to security vendor Symantec.

Over the last seven months, Symantec found more than 1,200 suspicious applications in the Play store. Google removes many shortly after they're published, but others stay in the store for a few days.

"Although they have short lives, the apps must provide ample profit for the scammers as they show no signs of halting their development of new ones," wrote Joji Hamada of Symantec.

The applications can be difficult to assess and employ a series of maneuvers and layers in order to attempt to rip off users.

Hamada wrote one application aims to get users to subscribe to an online adult video site at a cost of more than $3,000 a year. The application's sole purpose is to launch a link to an adult website.

The website then asks the user to register in order to play videos. An email form is drafted, and the user is asked to hit send. The email, sent to the user, contains a link to another service on a different website.

This time, the user is prompted to enter a password. If that button is clicked, the phone is supplied with a number. When called, the number gives out a password. The person is then given registration details and told of a $3,200 annual fee that is due within three days.

Applications that launched only links "can be almost impossible for any system to confirm anything malicious," Hamada wrote.

"The manual steps required in this scam is another strategy used to keep the apps on the market as long as possible," Hamada wrote. "Human analysis may be the only way to discover these sorts of apps."

Apple closely examines applications submitted for its App Store, which has kept its marketplace relatively free of malware. Google also scans applications in the Play store. It also added a feature to the latest 4.3 version of the Android OS that scans any application for malicious code.

More than 100 applications similar to the adult videos one have been published on Google Play since the beginning of the month, Hamada wrote. Thirty applications from three developers are still in the market.

Symantec informs Google when it finds such applications, he wrote, but the scam applications flow into Play daily. Many of the applications float into some of the top keyword searches, apparently as the result of abuse of Play's search function.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

Reprinted with permission from IDG.net. Story copyright 2012 International Data Group. All rights reserved.

View the original article here

Google's Chromecast menaces Apple TV

Computerworld - Google's new stream-to-TV Chromecast threatens rival Apple's efforts to gain a foothold in the living room, analysts said Wednesday.

But the $35 Chromecast hardware dongle -- and the move to integrate it with mobile apps and Google's Chrome browser -- is far from a mortal blow to Cupertino.

"I think this begins to threaten the Apple TV," said Ezra Gottheil, an analyst with Technology Business Research who covers both Google and Apple. "It goes right to the sweet spot, video that I can watch on a very hi-res screen. And it's looks like a nice product at a very reasonable price."

Charles Golvin of Forrester Research had somewhat the same reaction -- Chromecast menaces Apple TV -- but cautioned against taking that too far.

"Any of Apple's competitors, if they come up with a more elegant solution for that experience [of getting content onto your TV], is a threat to Apple," said Golvin. "Still, this is at such an early stage, it's not like this knocks Apple out of the game. This just raises the bar."

On Wednesday, Google introduced Chromecast at a California press briefing, touting the device and technology as a way to push content from the cloud to a television set without requiring yet another box with its snake's nest of cables. Initially, that content will be limited to video from Google Play Movies & TV, Netflix and YouTube; audio from Google Play Music; and whatever is displayed on a Chrome browser's tab.

Android tablets and smartphones, iPhones and iPads, as well as any device running the Chrome browser, serve as remote controls. Chromecast does not mirror locally-stored content to the TV, as does AirPlay and Apple TV, Apple's pairing. Instead, everything is drawn from online services or the Web, then shot straight to the TV via the Wi-Fi-enabled dongle without the bits hopping through another device.

The Chromecast dongle, which plugs into a TV's HDMI port, costs $35. It went on sale Wednesday at Amazon.com, BestBuy.com and Google Play, and will reach Best Buy store shelves Sunday. Initial supplies quickly evaporated: Today, Amazon said the device was out of stock and Google Play listed it as shipping in three to four weeks. Only Best Buy showed Chromecast as available.

Chromecast isn't Google's first attempt to get into the living room. It was preceded by the much more ambitious, but now nearly moribund Google TV of 2010, and last year's aborted Nexus Q.

But analysts liked what they saw in the newest effort.

"Google is saying, 'Hey, you already have a device in your hands to control the experience,'" said Golvin. "Now they've gone a step further [than Nexus Q] and shrunken down the hardware so that it's basically invisible. There are tons of people with big-screen TVs, who have portable devices and broadband Wi-Fi in the house. Marrying these things in a natural and simple way to get content on that big-screen TV -- I think it moves the needle."

Apple TV, meanwhile, has not climbed out of the "hobby" basement that co-founder and former CEO Steve Jobs put it in, though Apple has sold millions of the devices. In May, CEO Tim Cook claimed his company had sold 13 million Apple TVs, about half of them in the past year.

Small and midsize businesses are moving to the cloud to host their communications capabilities. Learn how enterprise-quality phone benefits, online management, conferencing, auto attendant, and ease of use are built into a system that is half the cost of a PBX.

Read now.

View the original article here

Netgear 802.11ac A6200 WiFi Adapter

Pros Supports 802.11ac.

Cons Unimpressive throughput. Buggy software. Puzzling design. Bottom Line While Netgear has a decent 802.11ac router in its R6300, its 802.11ac adapter suffers from poor performance, buggy software, and a clunky design.

By Samara Lynn

802.11ac is a new wireless standard worth getting excited about, even though it has yet to be ratified. Netgear has a solid 11ac router on the market, the R6300 WiFi Router 802.11ac Dual Band Gigabit, and an 802.11ac wireless adapter to go with it: the 802.11ac A6200 WiFi Adapter. Unfortunately, the A6200 is less impressive than the router and that's testing it with the R6300—which should turn in its best test results. In fact, in 11ac mode the A6200 is among the slower-performing 11ac wireless adapters we've tested, and its performance in other modes is underwhelming, too. Add in some quirky software and this is an adapter that needed more time in the oven.

Specs and Design
The A6200 supports up to 300 Mbps at 2.4 GHz and 867 Mbps at 5 GHz.  It can work on USB 1.1 or 2.0 ports, and it only works with Windows 8, 7, XP, and Vista—either 32 or 64 bit.

The adapter measures 3.75 by 1.23 by 0.56 inches (HWD). It can plug right into a computer's USB port or you can connect its accompanying USB base (which the adapter then connects to) into a USB port.  The adapter also has an antenna that you can push up or to the side, kind of like a stiff little arm that sticks out from the antenna—the antenna and the base are to give users adapter placement flexibility.

I have to state outright that I don't like the design. First of all, no matter which way I had the antenna arm oriented, or whether I had the adapter plugged in directly to the USB port or the base, made no difference in performance in my testing. Also the adapter and the way you move the antenna reminds me of those snake toys back in the 80's, remember? You could twist and bend the puzzle into shapes like a dog or diamond.  I think the design is too overcomplicated and the antenna arm seems like you could easily break it if you accidentally twisted it the wrong way. 

The adapter is dual-band but, honestly, the performance at either band and in any wireless mode is a big yawn. 

Setup
The A6200 ships with a resource CD. Pop in the CD and it auto-runs, opening up a menu of options. These include: Setup, Install Windows Standalone Driver, Documentation, Customer Support, and Online Registration.

I opted for Setup. I have to say, the Genie software that installed with the adapter's Windows drivers is a poorly designed eyesore and, worse, it's buggy. The interface froze on me once, and every time I opened it and clicked to scan for all wireless networks in range, the networks would show up and then a few seconds later, they would all disappear. This happened to me several times.

I don't even care for the way the installed software opens. After it installs, a Network Genie shortcut is placed on the desktop. I double-click it open and all I see is the icon appear minimized in the Windows System Tray at the bottom-right of my laptop's screen. So then I have to click on the icon minimized to open the program. Opening the software takes two steps therefore, instead of one.

If you do decide to go with the A6200, therefore, I recommend not using the CD's Setup option. Just install the Windows standalone drivers.

Performance
Yes, you will be able to surf the Web fine with the A6200. Yet, for any internal network multimedia streaming or large file handling, there may be some latency. The adapter produced unimpressive performance even with Netgeat's R6300 router.  At 15 feet from the R6300 in 802.11ac mode, throughput reached 74 Mbps. I've seen triple digit throughput in that mode from other pre-draft 802.11ac routers such as the Linksys Wireless Mini USB Adapter AC 580 Dual Band (AE6000) and the Asus USB-AC53 Dual-band Wireless-AC1200 Adapter.

The A6200's performance is more on par with another 802.11ac adapter that I found less-than-impressive, the Trendnet AC1200 Dual Band Wireless USB Adapter . The A6200 had a slighter edge at the 2.4GHz mode over the Trendnet: At 15 feet the A6200 clocked 64 Mbps versus 33 for the Trendnet. We rated the Trendnet adapter two out of five stars. Click on the image for the full comparison chart.

Because of a performance edge over the Trendnet in the 2.4 GHz band, the A6200 earns 2.5 stars. I expect Netgear will offer another 802.11ac adapter that's quite a bit more robust when the 802.11ac standard is ratified. For now, it's just an adapter that I can't quite recommend, not only for performance but bcause of the buggy software and clunky design. The Editors' choice for 802.11ac wireless adapters remains Edimax's AC1200 Wireless Dual-Band USB Adapter.

View the original article here

Lifeproof Fre for iPad mini

Pros Full body protection. Completely dustproof and waterproof. Thin and light.

Cons Makes screen dimmer and more reflective. Expensive. Difficult to remove. Bottom Line It's a bit pricey, but if you're serious about protecting your iPad mini, the Lifeproof Fre is an excellent choice that will withstand dirt, water, and light drops with aplomb.

By Eugene Kim

Whether you're clumsy, overprotective, or both, a good case can go a long way in providing some peace of mind when toting your iPad mini around in the wild. And if that wilderness extends beyond the concrete jungle and into some hairier locales, it would behoove you to check out the Lifeproof Fre for iPad mini ($99.99 direct). The Lifeproof Fre is the company's signature case for the Apple iPad mini, providing drop, dust, shock, and full waterproof protection in a remarkably thin and light package.

Design, Features, and Setup
The Fre for iPad mini looks just like the company's other Fre cases, with a clear plastic screen protector and two-part plastic body. It measures 8.5 by 5.8 by 0.6 inches (HWD) and weighs 4.64 ounces, compared with the iPad mini's 7.87 by 5.3 by 0.28 inches and 10.9 ounces. Though it doubles the thickness of the mini, it remains relatively thin and light, especially when you consider its rugged credentials. The edges are a bit rounded, with rubber accents, and add a comfortable grip to the mini.

On the other side is a clear panel that shows off the iPad mini's back, with a glass lens for the camera. There are rubber buttons for accessing Power and Volume buttons, but they require a bit of force to press and their position on the back half of the case makes them a bit cumbersome to locate. A threaded rubber plug covers the 3.5mm headphone jack, which is a departure from previous Lifeproof cases that used a screw-on plastic cap—the new rubber cap makes it easier to open and close, and it's also attached to the case itself so you don't lose it. A flap along the bottom covers the Lightning port and easily snaps open or shut. Two speaker slots flank the Lightning flap, and despite the waterproof seal, the iPad mini's audio comes through surprisingly loud when in the case.  

The clear plastic screen protector actually does a decent job of staying out of your way, but it's not perfect. It adds a bit of graininess to the display and is also pretty reflective. And it doesn't stay flush with the mini's screen, which makes it feel almost like a resistive display rather than capacitive. Touch input is accurate, though, so the case won't affect usability.

Initial setup for the Fre is a bit more intense than with your run-of-the-mill case. It's one of the few fully waterproof cases; you can dunk it under water up to 6.6 feet for up to 30 minutes, but it must be water-tested before you begin using it. This is easy enough; simply assemble the case without the mini inside and fully submerge it in water. (Detailed instructions on setup and testing can be found on LifeProof's website.) The case is also dustproof, snowproof, and shock proof, meaning it can withstand drops from up to 4 feet. The mini slips easily into the case, but snapping down the edges requires a bit of force. There's an audible snap to let you know that the case fits correctly, but I'd probably double or triple-check the edges before subjecting your iPad to the elements.

Removing the iPad from the Fre is even more difficult. You'll have to wedge a coin into a thin slot along the bottom edge and really use some force to separate the two halves. It's reassuring that the seal appears to be very strong, but I wish it was a little easier to remove.

Performance and Conclusions
After I felt satisfied with my installation, I started putting the Lifeproof Fre to the test. I submerged the case for 30-minutes in a bucket of water, dropped it from about waist height, and generally roughed it up as best as I could. Everything worked swimmingly, and the iPad mini was left unscathed when removed from the Fre. Touch gestures do not register when the iPad is fully submerged, but you can start the camera app up before going under and use the hardware Volume Up button to snap photos or start video recordings. The lens opening on the back is covered in anti-reflective glass, which did not distort photos or wash out the phone's built-in flash.

It's a bit pricey, but if you're serious about protecting your iPad mini, the Lifeproof Fre is an excellent choice. It combines a relatively thin and light design with full body protection from pretty much anything you can imagine. 

View the original article here

MaskMe

Pros Disposable email addresses can be wiped out if they start receiving spam. Easy email forwarding. Online management. Creates unique, strong passwords. Identifies re-used passwords. Captures and replays login credentials.

Cons No ability to organize passwords or link directly to sites with stored credentials. Doesn't handle non-standard login pages. Doesn't import or export passwords. Bottom Line Abine's MaskMe service creates unique disposable email addresses for every website you communicate with, thereby keeping your real email off of spammers' lists. As a bonus, it will create and manage strong, unique passwords.

By Neil J. Rubenking

Hardly a day goes by without news of another organization suffering a data breach involving thousands or even millions of stolen user data records. If your email information appears in the mix, your antispam utility will probably see a spike in pointless mail. Abine's free MaskMe service lets you communicate with retailers, discussion groups, and other websites without ever giving them your actual email address, so they can't lose it in a data breach (or sell it to spammers). As a bonus, it also serves as a simple password manager.

MaskMe installs as an add-on for Firefox or Chrome; support for Safari and Internet Explorer is planned. The only immediately visible sign of MaskMe's presence is a small button on the toolbar.

Levels of Service
Just after installation, MaskMe runs as a local service. Your password data stays on your PC or Mac, and you can check your masked emails by logging in to your MaskMe temporary Inbox online. That arrangement is very secure, but not nearly as convenient as just using your normal email client.

Most users will want to set up email forwarding. In this mode, MaskMe forwards each received message to your actual email address, keeping a copy in the temporary inbox for four hours in case there's a problem with forwarding. Any response to the forwarded message will be automatically tweaked to show the masked email address as the sender. Setting up an email address also lets you have MaskMe fill in your real, unmasked email address, if you desire.

Upgrading from basic MaskMe to MaskMe Online is free. Doing so lets you backup your MaskMe data to the cloud, sync between multiple PCs, and access your data from any computer.

MaskMe Premium, currently in beta, will add a number of very useful features. With a Premium subscription you can sync your MaskMe data to iOS or Android devices and make masked phone calls, so the person you call won't get your actual phone number. Even more impressive is the masked credit card feature, which lets you generate a one-use credit card for each transaction. We'll review MaskMe Premium when its beta period finishes.

Masked Email
Using MaskMe to protect your email account is really, really easy. When you click on a Web form field that asks for an email address, MaskMe pops up a tiny menu window just below the field offering to mask your email. Click the button and it fills in the field with a random email address like "7bf147ea@opayq.com" that's specific to the website in question. If you've set up email forwarding, you'll also get the option to auto-fill your real email address.

When the website sends you mail, it first hits the MaskMe online mailbox and then, assuming you've set up forwarding, moves along to your regular inbox. Here's where it gets interesting. If you ever receive a spam message to one of your masked emails, you can immediately disable that address by clicking a link in the header that MaskMe inserts into the message. You can also review your masked email addresses online and block or un-block any of them with a single click.

In testing, I found a few sites where MaskMe didn't offer to mask my email. If that happens to you, just right-click the entry field and find "Mask My Email" under the MaskMe submenu. It's also possible to enter a domain directly in the MaskMe online console and generate a masked email for that domain.

Of course, MaskMe can't do anything about spammers who've already obtained your actual email address. To get full-scale spam protection, you'd need to create a brand-new email address and remember to always, always mask it.

View the original article here