You’ve installed antivirus software on your computers, configured your operating system to update its security automatically and password-protected your Wi-Fi. So your home network is safe against hackers, right?

Guess again. And then take a long look at your wireless router.

What Can Happen (Hint: It’s Bad)

For years, manufacturers of home routers have all but ignored security issues, at least when it comes to making sure that consumers update their firmware to close exploitable vulnerabilities. Let’s put it this way: Have you ever updated the firmware on your router? If not, odds are good that it’s got one or more security holes through which a properly motivated hacker could slip.

Attacks on routers aren’t common, partly for logistical reasons that make them uneconomical for hackers. But that could change as technology evolves, criminal incentives shift and security tightens up in other areas. One big potential trouble spot: the embedded Web servers that many routers use for managing their settings — including, of course, security.

Router manufacturers have done a lousy job informing users about firmware updates that would patch security flaws, and are even worse making it easy for users to obtain and install those updates. Such patches are seldom available through automatic services, forcing users to look up the fixes on manufacturer websites.

“These are low-priced, low-power devices,” Tod Beardsley, a researcher with application security vendor Rapid7, said. Manufacturers “may not have the margins on these devices to provide ongoing software support.”

To see what can happen when a flaw remains unpatched, look no further than a major intrusion in Brazil in 2011, when hackers broke into 4.5 million home DSL modems over the Internet. The modems were reconfigured to send users to malware-carrying imposter websites, primarily so thieves could steal their online banking credentials.

Check out what our experts rated as the best wifi routers.

From Brazil With Love

That exploit in Brazil was similar to one that application security tester Phil Purviance recently employed against a wireless Linksys EA2700, which was released about a year ago. Called a cross-site request forgery, the technique allowed Purviance to break into the router’s embedded management Web site. Once in, Purviance found he could change the login information and remotely manage the hardware.

“What I found was so terrible, awful, and completely inexcusable!” Purviance wrote in his blog. “It only took 30 minutes to come to the conclusion that any network with an EA2700 router on it is an insecure network!”

Purviance found a total of five vulnerabilities in two Linksys routers, the EA2700 and WRT54GL. Separately, flaws recently found in Linux-based routers from D-Link and Netgear could enable a hacker on the network to gain access to the command prompt on the operating system, Rapid7 reported.

D-Link and Netgear didn’t respond to requests for comment. Belkin, which bought Linksys from Cisco last month, said in an email sent to ReadWrite that the EA2700 was fixed in a firmware update released last June. Called Smart Wi-Fi, the firmware is available through an opt-in update service.

What Hackers Want

Manufacturers have gotten away with sloppy security practices because breaking into wireless routers usually requires physical proximity. That made it far harder for hackers to bust into multiple computers, because they’d have to move from network to network in order to target them. Thus hackers have tended to favor blasting out malware-carrying spam from a single location over attacking individual wireless routers.

But that could change. Industrial control systems that run manufacturing operations, power grids and other critical infrastructure are increasingly under pressure from cyberespionage campaigns. Vulnerabilities in these systems are as bad as in home routers. You can see just how bad is is via the search engine Shodan,  which collects information on 500 million connected devices, such as routers, printers, webcams and servers, each month.

In time, hackers will develop better tools and malware for breaking into hardware, and this technology will eventually find its way into the criminal underground.

How To Safeguard Your Router

In other words, it makes sense to safeguard your router now. Here are a few steps you can take to make your home network a less inviting target:

• In your router security settings, make sure you’ve changed any default usernames and passwords. These will be the first things any hacker tries, much the way a burglar jiggles a doorknob to see if it’s unlocked.
• Disable wireless access to your router’s management console, which allows you to manage its settings by pointing a Web browser to an address such as 192.168.1.1. Disabling wireless access means you’ll have to be physically plugged into the router in order to manage it, making it far more difficult to hack.
• If you’re sufficiently technically minded, consider replacing your router’s doubtless buggy internal software with an open-source alternative such as DD-WRT, Tomato or OpenWRT. While these options aren’t particularly consumer friendly, their firmware is less likely to contain obvious vulnerabilities — and will probably offer you some cool new features, too.

Image courtesy of Shutterstock

Updated at 12:35pm PT to make clear that embedded Web servers, not embedded browsers, pose a security threat in many routers.

The post Your Next Big Security Headache: Your Wireless Router appeared first on ReadWrite.

On Tuesday, Intel will formally launch Haswell, the fourth-generation Core processor the company says will help pull the PC industry out of its downward spiral.

Unfortunately for PC makers, that won’t happen. Consumers are going to continue to choosing tablets and smartphones over PCs despite Haswell’s longer battery life at cheaper prices.

Intel Singing Same Old Song

As Intel has done for years, with each new generation of processor, the company digs out the PowerPoint slides used to market the previous generation of chips, changes the codenames and touts the latest increase in battery life and performance. This time around, the mobile version of Haswell is expected to get 50 percent more battery life with no loss of performance from the previous generation.

In addition, spinmeister Intel has been touting the low prices PC buyers will find in stores during the industry’s crucial back-to-school and holiday shopping seasons. Ultrabooks will sell for as low as $499, a whopping $500 less than the rival MacBook Air from Apple, and thin-and-light notebooks will be selling in the $300 to $400 range, Intel executives told financial analysts in mid-April.

Along with low prices, stores will be stocked with new designs, such as notebooks that convert to tablets or have detachable displays that become tablets. Many of the new mobile PCs will have touch-enabled screens, courtesy of Microsoft Windows 8.

“If you look at touch-enabled, Intel-based notebooks that are ultra-thin and light using non-Core processors those prices are going to be down to as low as $200, probably,” Intel Chief Executive Paul Otellini, who stepped down last month, told analysts.

Nevertheless, a new chip, low prices and new PC designs were not enough for IDC to change its prediction that PC shipments would fall almost 8% this year, much steeper than the roughly 3% drop last year. Tablets and smartphones are responsible for the decline because they let people hold on to their PCs longer. Why buy a new PC if your more convenient mobile device can surf the Web, play video and access email?

(See also: Tablets Killing Desktops Faster Than Ever)

“The vast majority of PC sales are replacement sales, and if I keep my PC longer, then replacement sales are going to go down,” IDC analyst Bob O’Donnell says.

Chip Power Doesn’t Sell

In the 1990s, people paid attention to Intel’s latest and greatest processor, because PCs were so darn slow. Every new generation of chips from Intel held the promise of a peppier PC.

Today, people are more interested in convenience. No one cares that the ARM chip powering nearly all tablets and smartphones isn’t close to the performance level of Intel’s Core processors. As long as ARM is good enough to handle what the devices are made to do and aren’t sucking down battery power too fast, then consumers are happy.

Because Intel has yet to crack the tablet and smartphone markets, it’s stuck in a PC world of evolution, not revolution. There is nothing in PC manufacturers’ product portfolio that’s truly innovative.

Intel could get out of its rut next year, if its next-generation Atom microarchitecture, dubbed Silvermont, is successful in the tablet and smartphone markets. But even then, the chipmaker will be playing catch up.

With each generation, Intel chips deliver higher performance and better power efficiency. But that alone isn’t enough. They have to help create a mobile device that wows consumers, and that remains elusive.

Image courtesy of Shutterstock.

The post Sorry Intel: Your Next-Gen Haswell Chip Won’t Rescue The PC Market appeared first on ReadWrite.

Low-level cyberscuffles between nations may be about to escalate into more serious conflicts. U.S. government officials are reporting a new wave of attacks aimed at sabotage within the U.S., apparently originating from somewhere in the Middle East.

The New York Times reported over the weekend that saboteurs are using probes to look for ways to seize control of processing plants of mostly U.S. “energy companies” — presumably oil and gas producers. Senior officials with the Obama administration said the attacks are aimed at the administrative systems of 10 major American energy companies, which the sources have refused to name.

Tension, Apprehension And Dissension

To be sure, so far no one seems to have independently corroborated these alleged attacks. As such, there’s no good way to know whether they are as potentially serious as these unnamed government officials — and, of course, the NYT — would have us believe.

If the warnings are sound, though, cyberwar escalation still wouldn’t be a huge surprise. Security experts and government officials have long predicted that hackers bent on wreaking havoc will will eventually become as commonplace as those looking to steal government and corporate secrets.

In February, then-Secretary of Defense Leon Panetta warned that the technology used in cyberattacks is able to “cripple a country, to take down our power grid system, to take down our government systems, take down our financial systems, and literally paralyze the country. That is a reality.”

The U.S. and Israel provided the motivation for their enemies to pick up the pace with their cyberattack on Iran’s nuclear facilities several years ago. The two allies used the Stuxnet worm to damage centrifuges used in making high-grade uranium that could be used for nuclear weapons, according to the NYT. Experts believe Iran retaliated last year with the attack on Saudi Aramco, one of the world’s largest oil producers.

A virus unleashed on Aramco administrative offices wiped out data on thousands of computers, replacing the deleted files with a burning American flag. The hackers targeted Aramco’s production facilities, government officials said. The mission reportedly failed because Aramco’s administrative offices were on a network separate from that used for industrial control systems. Using separate networks in this way is a best practice recommended by security experts.

The Aramco attack was soon followed by a similar one launched against Qatari energy company RasGas, which also claimed the attack was stymied because its compromised office network wasn’t connected to production systems. Israeli officials said Iran’s “cybercorps” was behind the assault. Iran organized the group after the Stuxnet attack.

Tit For Tat

These tit-for-tat attacks could be morphing into a new phase of cyberwar where the consequences are much greater than the damage caused by pilfering a company’s trade secrets. Any attack that could destroy critical infrastructure — from oil production and the electric grid to manufacturing facilities and water treatment plants — has the potential to affect the lives of hundreds of thousands of people.

Experts have warned for years that industrial control systems that run these facilities are filled with vulnerabilities that could be easily exploited. Fortunately, hackers haven’t yet been able to infiltrate the networks these systems are on.

To shore up the nation’s critical infrastructure, President Barack Obama issued this year an executive order requiring government agencies to share cyberattack information with private industry. Industry, however, is under no orders to share information with the government, and changing that will require action by Congress, which is struggling with the privacy implications of requiring companies to share data with government agencies.

The post Beware: We May Be Entering The Age Of Cybersabotage appeared first on ReadWrite.

People want their television to work like a TV. Sending tweets on Twitter, posting photos on Facebook and browsing the Web are best left to smartphones and tablets. Indeed, more than 40% of U.S. households with Internet-enabled TVs haven’t even bothered to hook them up to the Web, according to market researcher NPD Group.

This is not the future TV manufacturers expected.

RIP, Smart TV

In 2010, reimagining TVs as computer hybrids with big screens for the living room seemed to make lots of sense. Why not play games, run applications and surf the Web from the same box that shows movies and programming from a cable or satellite provider? Proponents quickly dubbed the new device the “smart TV.”

Intel, sensing a new market for its microprocessors, was a huge supporter, saying the smart TV “could be the most significant change in television history.” Yet by end of 2011, Intel had abandoned the smart TV business to focus on smartphones and tablets.

The main problem was that what Samsung, LG big TV makers delivered was a mishmash of applications that had nothing to do with watching TV — the main reason people gather around the big box in the first place. Unsurprisingly, very few consumers wanted to spend more for supposed next-generation television sets that included a bunch of features they didn’t want in the first place.

Today, the TV is evolving much differently. Internet video now comes to the set via other devices such as the Apple TV, Roku and Boxee Box. Nearly six in 10 consumers who own an Internet-connected high-definition TV use such services to supplement pay TV subscriptions, NPD says.

As for other once-vaunted “smart TV” activities — reading or posting on Twitter or Facebook, reading digital books or magazines, video calling, shopping or gaming — well, they attract well below 10% of such people.

Second-Screen TV

Video is clearly what people want on their TVs, so pay TV providers have turned their attention to tablet apps. Instead of shipping expensive set-top boxes, service providers want people to use tablets to find movies, see what friends are watching and browse their favorite programming.

The apps will add to the enjoyment of watching TV by providing player stats in a baseball game or actor bios and behind-the-scene clips from the users’ favorite shows. These apps could yield be a goldmine of subscriber data that can be fed to advertisers who could then turn around and use the information to target advertising.

Having an app that knows your viewing habits could be useful when you’re traveling. Imagine connecting your tablet to the TV in a hotel room and immediately having the same viewing experience you have at home.

“The TV needs to be more like a docking station,” Paul Gray, analyst for DisplaySearch, an NPD company, told me. “It needs to play nice with these mobile devices.”

Panasonic is one of the first manufacturers to ship televisions capable of communicating wirelessly with a tablet. Rivals will surely follow suit, as manufacturers emphasize seamless integration with mobile devices.

Dumb Monitors Need Not Apply

To call these sets “dumb monitors” would oversimplify things. A lot of good engineering is needed to provide reliable interoperability with any tablet or smartphone, irrespective of whether it runs Android or Apple’s iOS.

“I do contest people who say that TV ends up as sort of a big dumb monitor,” Gray says. “You actually probably need quite a lot of intelligence, but it’s kind of under the hood.”

TV manufacturers, however, are still stuck in the same box they’ve long tried to escape: Their products are mostly all alike and thus hard to differentiate. Shifts in broadcast technology — such as NTSC to HD, and before long, HD to 4K — or screen technology (LCD vs. LED, for instance) enable some innovation, but once things shake out and picture quality is comparable across models, TV sets once again become commodites. That leaves Panasonic, Samsung, Sony and the rest with price cuts and not much more to lure buyers.

Commoditization is the curse of the consumer electronics industry. TV makers will look for ways to add value after the use of second-screen apps become mainstream. The trick will be to avoid another failure like the smart TV.

Image courtesy of Shutterstock

The post The Smart TV Is Dead. Long Live The Second Screen appeared first on ReadWrite.

Security researchers recently found gaping vulnerabilities in a wide variety of critical business and industrial equipment. It turns out that weak or absent passwords made it easy to break into more than 100,000 terminal servers used to provide their Internet connections. Fixing the problem is simple. Change the credentials dramatically reduces the risk. But for many companies, actually solving the problem is nearly impossible.

Vulnerable, But Hidden

The threats discovered by security firm Rapid7 exemplify the difficulties organizations face in plugging even known holes in critical gear. In this case, the affected systems include industrial control equipment, traffic-signal monitors, fuel pumps, retail point-of-sale terminals and building automation equipment such as alarms and heating and ventilation (HVAC) systems.

Rapid7 found more than 114,000 unprotected terminal servers, mostly from Digi International or Lantronix, that a hacker could use to take control of the underlying systems. Finding the serial ports on the server requires the use of a scanning tool, such as Nmap. Once an active port is found, a command-line program similar to what those used in 1980s vintage home computers is all that’s needed to access a control panel or menu or capture data.

Fortunately, while tech-savvy saboteurs or terrorists would have no difficulty gaining access to the equipment, they most likely would not know who owns it or where it is located. Without that information, the find would not be very useful. “There’s no telling who they are going to hurt, if they don’t know where the device is,” explained HD Moore, chief research officer for Rapid7.

How Security Gets Missed

Nevertheless, any hole that can provide access to critical equipment is worth plugging, but it’s not likely to happen in many of these cases. Often, companies do not even know the terminal server exists, much less that it needs security updates.

How is that possible? Well, picture a vendor working with the facilities crew installing an HVAC system that uses a terminal server so the equipment can be monitored from a remote location. No one knows the server exists, and no one cares, as long as everything works. “A lot of times IT is not even aware of these systems,” said Matthew Neely, director of research at risk management company SecureState.

Vendor marketing can also exacerbate the problem. Equipment is often sold as being “secured,” when in fact it is only “capable of being secured.” That means the buyer still has to add the technology or turn on and configure the security features.

This can get missed if the installers assume the equipment is “plug and play,” said Joe Weiss, a security consultant for Applied Control Solutions. “It’s like getting a toy for Christmas and you pull it out of the box expecting it to run, because the box doesn’t tell you it needs two AA batteries,” Weiss added.

Terminal servers, also called serial port servers, often get missed by electric utility companies because they are not covered under federal cybersecurity requirements. So the devices never make it on the utility’s compliance checklist. “They don’t even have to check these out to find out if they are or not secure,” Weiss said.

This bizarre situation demonstrates that ensuring the security of critical equipment is never a matter of technology alone. True security requires people to pay attention, not just sweep everything under the rug.

Image courtesy of ShutterStock.

The post Why Security Holes In Critical Infrastructure Are So Darn Hard To Fix appeared first on ReadWrite.

Cyberespionage is usually considered a threat to government agencies and large corporations such as defense contractors and banks. But a new Verizon report on data breaches finds that cyberspies are going after small organizations with the same enthusiasm they once reserved for big outfits.

It’s A Small Cyberworld

Not surprisingly, 95% of the state-affiliated attacks aimed at stealing intellectual property, which included classified information, trade secrets and technical resources, originated from China last year, according to the 2013 Data Breach Investigations Report. No organization, no matter how small, was safe.

“The big surprise for us was that there were a lot of small organizations being targeted for cyberespionage,” Jay Jacobs, senior analyst with the Verizon RISK team, told ReadWrite. The targets included manufacturing companies, computer and engineering consultants and professional services firms that were “relatively small, even under 10 employees kind of small.”

The attackers went after small outfits using the same tactics waged against big companies. In a way, the hacker strategy parallels the way investigators go after the small players in a criminal enterprise, hoping to flip them in order to implicate higher-ups. Only in this case, the hackers are frequently targeting small companies to lay hands on the trade secrets of their larger partners.

Roughly one in five cyberattacks in 2012 were to steal intellectual property in order to further a country’s national and economic interests. The most common mode of attack was spearphishing, which involves sending an email disguised as coming from a colleague of the recipient. The message typically contains a malicious link or attachment.

Chinese hacking of American computer networks has placed a damper on relations between China and the Obama administration, which has demanded the country curtail its hacker army. On Monday, Joint Chiefs of Staff chairman, Gen. Martin E. Dempsey, and Gen. Fang Fenghui of China met to discuss cybersecurity.

Other Attacks

Despite all the attention, cyberespionage was a distant second in terms of attacker motivation. Three quarters of data breaches committed last year was for financial gain, with the remaining 5% a result of hactivism, the report found. Verizon confirmed a total of 621 data breaches and more than 47,000 reported “security incidents,” which included denial-of-service attacks.

Among the companies that suffered data breaches, 37% were financial services firms, 24% restaurants and retailers, 20% manufacturers, transportation organizations or utilities, and the remainder classified as “information and professional services firms.” Malware was used in 40% of breaches. Three quarters of the compromises involved exploiting weak or stolen user names and passwords.

Discovering data breaches was not easy for most organizations. Verizon found that the time from compromise to discovery took months, and sometimes years.

Verizon worked with 18 organizations worldwide in gathering data for the report. The groups included national computer emergency response teams and law enforcement agencies.

No one found any cutting-edge methods used by attackers to break into networks, so organizations can go a long ways toward protecting themselves by focusing on the basics, such as stronger passwords and educating employees about bogus email.

Image courtesy of Shutterstock

The post How Hackers Steal Trade Secrets By Targeting Smaller Companies appeared first on ReadWrite.

IBM has no stomach for low-margin businesses, which is why Big Blue may be ready to dump its commodity server business — i.e., servers that run on Intel-compatible “x86” processors. If the reported talks with Lenovo lead to a sale, the move would mark IBM’s final break with the low-end computer business.

A Win-Win

The deal would be a win-win for both companies. Lenovo, which bought IBM’s PC business in 2005 for $1.75 billion, would immediately become the third largest maker  of x86 servers, behind market leader Hewlett-Packard and runner-up Dell. Thanks to its market clout in its homeland, the Chinese company has risen to become the second largest PC maker worldwide, according to the latest numbers from IDC. 

Adding x86 servers to its portfolio makes perfect sense for Lenovo, which has shown in PCs that it can do well in a low-margin, commodity market. For IBM, the opposite is true. The company’s strength in hardware is in selling expensive — and profitable — mainframes.

IBM’s mainframe business is the reason the company leads the global server market, at least in revenue terms. To give you some sense of how expensive these systems are, IBM’s “System z” mainframe represented more than 12% of all server revenue worldwide in the fourth quarter. Because of a refresh in the product line, along with the introduction of new products, such as the zEnterprise, revenue from IBM’s mainframe business rose almost 56% year over year in the quarter, according to IDC.

“Although revenue results for System z are traditionally heavier in the fourth quarter, this accelerated acquisition shows the breadth and depth of the IBM mainframe installed base,” Jean Bozman, analyst for IDC said in a statement.

Lenovo would be a good buyer for IBM, because it doesn’t compete in any of the markets IBM cares about, namely software and IT services. That wouldn’t be the case if HP or Oracle were the buyer.

Disruption In Server Market

IBM may also have decided it wants no part of the disruption heading for the server market like a freight train. The increasing number of companies adopting cloud computing will mean fewer server sales, Larry Dignan points out at ZDNet. In addition, Internet companies with large server farms, such as Facebook and Google, buy customized white-box servers, which can’t be good in the long term for traditional sellers, like HP, Dell and IBM.

While no one outside of IBM or Lenovo know how much the business would fetch, someone familiar with the talks told Bloomberg that the price would range from $2.5 billion to $4.5 billion, depending on the assets and liabilities included.

Lenovo Is Fired Up And Ready To Go

Not everyone agrees that IBM would be doing itself a favor by selling its x86 business. Gartner analyst Sergis Mushell says that without x86, IBM only non-mainframe servers would be its lineup of machines that run its Power processors — and that demand for those products is shrinking.

In other words, IBM would miss out on the opportunities to build systems based on x86 “while [its Power] architecture’s ecosystem is shrinking,” Mushell said. “Do you see how it would not make a lot of sense?”

Lenovo, meanwhile, is hungry to move beyond the PC market. The company announced last year a partnership with EMC in which Lenovo planned to introduce x86 servers that would include EMC storage systems. As part of the deal, Lenovo agreed to sell EMC networked storage products in China.

Given the jumpstart it would get from owning IBM’s x86 business, Lenovo may be willing to make an offer that’s hard for IBM to refuse.

Image courtesy of Shutterstock

The post Why IBM Should Dump Its Low-End Server Business On Lenovo appeared first on ReadWrite.

The federal government appears ready to take dramatic action against U.S. wireless carriers that fail to protect Android smartphone buyers against malware — specifically by not pushing out timely operating-system updates. And the catalyst most likely to kick the feds into gear is an American Civil Liberties Union complaint filed Tuesday with the Federal Trade Commission.

Let The Market Decide

What the ACLU is asking is not difficult.  Rather than have the FTC order carriers to ship security updates to the Android operating system as soon as they are made available by Google, the ACLU wants customers to be told upfront that they won’t be getting the updates needed to protect their personal data from hackers.

“We think the companies should be forthcoming about this,” Christopher Soghoian, principal technologist and a senior policy analyst for the ACLU, said. “If consumers knew that certain phones weren’t going to get updates, they might not buy those phones in the first place.”

Rather than force carriers to spend a lot of money on automatic update services, the ACLU wants the market to fix the problem, a stand that many lawmakers in Congress should applaud.

“We want the market to work, but consumers are never going to get to vote with their wallets if they don’t know which phones are secure and which phones are not secure,” Soghoian said.

(See also: FTC To Carriers: Fix Security Or End Up Like HTC)

The ACLU complaint names AT&T, Verizon Wireless, Sprint Nextel and T-Mobile USA. AT&T declined comment, Sprint said it follows “industry-standard best practices,” and Verizon said it works closely with manufacturers to provide “mandatory updates to devices as quickly as possible.”

T-Mobile was the only carrier to say that it keeps Android customers up to date with the latest software. “T-Mobile takes security very seriously, and regularly provides security updates to our customers, including those using the Android operating system,” a company spokesman said.

The FTC Plays The Heavy

If that is what T-Mobile does, then it is more in line with the FTC’s thinking than its rivals. In a February settlement with smartphone manufacturer HTC, the agency pointedly emphasized the need to secure mobile devices.

Under FTC pressure, HTC agreed to a “comprehensive security program” that includes patching vulnerabilities that could be exploited by hackers and spammers. The agreement was significant because it outlined for all device manufacturers what the FTC considers best practices for security.

Keeping software up to date is a critical defense against hackers, who often target known vulnerabilities in software because so many users continue to run older, bug-ridden versions. In a blog post following the HTC settlement, FTC chief technologist Steve Bellovin made it clear that securing mobile devices was the responsibility of manufacturers and carriers, and they have to work together at getting updates out to customers.

“Bugs happen, ergo fixes have to happen,” Bellovin said.

Android malware is a much larger problem outside the U.S., particularly in Asia and Eastern Europe. That’s because people in those regions will download applications from third-party app stores, many of which distribute malware-infected software. In the U.S., most people get their apps from the Google Play store, which regularly checks for malicious software.

Nevertheless, 97% of new mobile malware is directed at Android devices, which comprise 72% of the smartphone market, according to security vendor Symantec’s latest Internet Security Threat Report. While most infections today occur from downloading bad apps, experts say hackers are increasingly trying to compromise devices through spam that carries links to malicious Web sites.

Given the mood of the FTC, and trends in Android malware, it should be obvious to carriers that the status quo is unacceptable. If they aren’t ready to make changes on their own, then they’re likely to get an unfriendly shove from the feds.

Image courtesy of Shutterstock

The post Hey, The FTC Might Finally Break The Carriers’ Android-Update Logjam appeared first on ReadWrite.

Just looking at ads is bad enough, so who would want to talk to them? While many people would likely answer “no one,” voice-recognition software maker Nuance says the opposite is true.

What Is A Voice Ad?

Wanting in on the booming mobile ad market, Nuance developed a way for people to chat with ads much as they do with Siri on the iPhone. Called Voice Ads, the technology works off the Internet connection of any iOS or Android mobile device.

Voice-recognition software has been around for years, but remains relatively immature as a form of communication between humans and computers. Founded in 1994, Nuance has been developing the technology longer than most other companies. Nuance’s technology reportedly powers Apple’s Siri, although neither company will confirm it.

Nuance’s voice-ad technology is available today through the mobile ad frameworks of Jumptap,Millennial Media and Opera Mediaworks. An ad framework is what developers embed into their mobile apps, so they can display advertising distributed by an ad network.

Advertisers using Nuance’s software development kit could build two-way communications requiring only “Yes” and “No” answers – or ones with more complicated responses. An example of Voice Ads can be seen on YouTube.

The development process is not self-service, though. Ad developers have to work directly with Nuance to connect the advertising to the company’s voice-recognition servers over the Internet. And because the technology is so new, it isn’t supported in third-party rich-media ad creation tools, except Celtra.

Talking To Ads Could Make Sense

In many ways, Voice Ads make sense on a smartphone. Why fiddle with clicking on tiny links and trying to type on a 4-inch screen, when you can click once and start talking with a brand?

As people get comfortable talking to their smartphones through personal assistants like Siri, it’s possible they could be enticed into starting a conversation through a product discount or promotional pricing. According to Nuance, advertisers see lots of potential.

“When you actually have a live conversation with an ad, it’s sort of like you’re creating more of a tight relationship with the brand itself, because you’re having a discussion with it,” said Peter Mahoney, chief marketing officer for Nuance. “The brand feels more responsive. It feels like something you can actually have a real live relationship with.”

While the thought of having a “tight relationship” with an ad may sound absurd, there is big money at stake. Worldwide mobile advertising revenue is expected to hit $11.4 billion this year, reaching $24.5 billion by 2016, according to Gartner. 

The key is the quality of the experience. Nuance’s technology will have to convince people they are actually having a meaningful, two-way conversation. Advertisers will have to give potential customers something in return for having that conversation with a brand.

Speech is continuing to evolve as a means of communication with computers. As people get used to talking to the machines they use in their everyday lives, the jump to talking to an ad may not seem so extreme.

Image courtesy of ShutterStock.

The post Would You Talk To An Ad On Your Smartphone? appeared first on ReadWrite.

The money-go-round between app developers and ad networks is starting to blur the line between many free Android apps and malware. While these legitimate apps aren’t stealing passwords, they’re still riding roughshod over user privacy by gratuitously sucking up your contact and location information — or worse.

What These Bad Apps Glom Onto

Between last September and March, security vendor Bitdefender analyzed 130,000 popular Android apps on Google Play and found that roughly 13% collected your phone number without explicit notification, 12% stored your location data and 8% sucked up your email address. Included in those numbers are apps that siphoned off one or more of the three.

Many apps don’t stop there. Other data they glom onto includes your browsing activity, your contact list, the unique identification number of your device and even your call registry.

These apps took all that information legally. Android apps display their privacy policies in seeking permission to gather personal data, and many developers bank on the fact that most people will just click through to the app.

(See also: Hey! iOS Apps Play Faster And Looser With Your Data Than Android)

All that data gathering typically starts when an app developer download an ad framework provided by more than 400 companies listed on the Ad Network Directory. Such frameworks makes it easy for developers to display ads in the app, and thus to get paid every time someone clicks on them.

Since free apps only make money for developers from such clicks (and, it turns out, the distribution of associated user data), very few pay attention to exactly what kind of information ad frameworks are gathering.

“Because they copy-paste the code, they don’t really debug it; they don’t really look through it and see what data it collects,” Bitdefender researcher Liviu Arsene told me. “I bet they don’t even care.”

And It Doesn’t Stop There

App privacy policies often stake out even more aggressive data-collection goals, presumably to pave the way for future updates to vacuum up more info and further erode user privacy.

Take, for instance, Airpush, the second-largest ad network for Android developers with 40,000 apps. Its privacy policy reads, in part:

The policy goes on to explain that Airpush might supply that information to third-party advertisers who are part of its ad platform and third-party vendors, consultants and other service providers. Because the data is available to so many organizations, it’s virtually impossible to know who is using your personal data, and how, once it leaves the device.

Obviously, the possibilities for abuse here are legion. Suppose one of those third-party organizations is acquired by an outfit that is, shall we say, less reputable. Or that a third party company’s computers are hacked, spilling your data into the hands of cybercriminals.

The Feds Agree: It’s A Huge Problem

Federal regulators acknowledge that a huge problem exists. “Mobile technology provides unique privacy challenges,” Jon Leibowitz, departing chairman of the Federal Trade Commission, said in February, as reported by The Wall Street Journal. “Some would say it’s a sort of Wild West.”

The FTC wants the mobile industry to bolster privacy controls by allowing phone users to opt out of being tracked by ad networks. The commission also wants apps to prominently display the kind of data they’re collecting, rather than burying it in fine print. Congress is also considering proposals to tighten privacy protections on mobile devices, though it’s hard to say how such measures will fare given firm opposition from industry.

In the meantime, here’s some free (!!) advice: Scrutinize your free mobile apps as if they’re malware ready to wreak havoc on your personal information.

The post Many Free Android Apps Are Starting To Look A Lot Like Malware appeared first on ReadWrite.

Amazon Web Services is on fire, and EMC and VMware are feeling the heat. So the established enterprise-computing duo is striking back — by launching Pivotal, a joint venture that aims specifically to dethrone the current king of cloud computing.

Pivotal is led by Paul Maritz, the ex-CEO of VMware and a former senior executive at Microsoft. In leading the charge against AWS, Maritz is diving into a cloud-computing mosh pit that will include other tech heavyweights, such as IBM, Microsoft and Oracle.

(See also: Amazon: Can It Stay King Of Cloud Computing Forever?)

Pivotal heads for battle with parent-company assets — database technologies, data analytics and an application platform — it is combining into services that customers can lease to run their own software in the cloud. EMC owns 69% of Pivotal and VMware the rest. The two owners will have to invest a total of $800 million this year and next in order to kick start Pivotal, which Maritz conservatively estimates will reach $1 billion in revenue in five years from $300 million this year.

Amazon’s Lead

Those numbers show how long it will take Pivotal to catch up with AWS. While Amazon won’t break out the numbers for its cloud-computing unit, analysts say it is lumped inside the revenue category the online retailer calls “other.” In Amazon’s fourth quarter earnings released in January, “other” accounted for $769 million in revenue for the quarter and $2.52 billion for the year. That’s a respective growth of 68% and 64%, according to the International Business Times. 

(See also: VMWare: “If Amazon Wins, We All Lose”)

And AWS doesn’t appear to be slowing down. Macquarie Capital analyst Ben Schachter estimates AWS

will surpass $3.8 billion

in revenue this year, and values the business at $19 billion.

Nevertheless, the market is still young. Most AWS customers today are startups and small and medium-sized businesses. Amazon is expected to shift focus to large companies soon, heading right into EMC’s and VMware’s sweet spot. This is making both companies very nervous.

During a partner conference in February, VMware Chief Executive Pat Gelsinger warned that if “a workload goes to Amazon, you lose, and we have lost forever,” CRN reported. To avoid that kind of customer drain, Pivotal will provide the public-cloud option for VMware customers using its infrastructure technology for private clouds. Supporting that migration is important to EMC, because it owns 80% of VMware.

Pivotal In The Cloud

On paper, Pivotal will provide an enterprise-class cloud-computing platform and infrastructure. The company includes Greenplum, EMC’s Big Data analytics division, and Pivotal Labs, the storage company’s application development environment. VMware is contributing cloud-computing platform CloudFoundry, and middleware and tools for building and running data-intensive Java applications.

Maritz will have to build a business on top of all this technology, but EMC’s and VMware’s commitment to Pivotal shows how they believe customer migration to cloud-computing environments outside their data centers is inevitable. The companies also know that failing to have what customers want would be suicidal.

In 2011, Gelsinger, then president and chief operating officer for EMC, said the company did not intend to become a casualty of any major change in the industry.

“The technology industry is ruthless and relentless,” he said during an interview at the VMworld conference. “If you are not in front of those major waves of technological innovation, you will become one of the driftwood on the shores of the industry.”

In cloud computing, stopping Amazon is how EMC and VMware plan to reach that shore alive.

Image courtesy of Shutterstock

The post EMC & VMware Vs. Amazon: The Empire Strikes Back appeared first on ReadWrite.

Over the past dozen years or so, Intel has repeatedly demonstrated that it has a tin ear when it comes to consumer electronics. Despite a long trail of failure, the tenacious chipmaker keeps coming back with one bad idea after another.

Its latest scheme has Intel going toe-to-toe with… wait for it… Comcast, Time Warner Cable and DirecTV. Yes, Intel — Intel! — plans to launch an online pay-TV service delivered through its own set-top box.

This isn’t a new idea. Apple, Google and Microsoft have also wanted to reshape television in a similar way, but have yet to convince Time Warner, NBC Universal and Viacom to license their TV shows and movies in a way that would give Internet TV a fighting chance. Go figure. And so none of them have moved forward.

A Desperate Intel

Intel, however, is plowing ahead. Why? Because it’s desperate to break into new markets as sales of PCs, the majority of which are powered by Intel microprocessors, continue to deteriorate. The meteoric rise of smartphones and tablets that eroded the PC business blindsided Intel, which has had little success in supplying chips to these new markets. In the fourth quarter ended in December, Intel net income fell 27% year to year and revenue was down 3%.

The speed with which the PC market is vaporizing has made Intel willing to take on a lot of risk. According to Bloomberg, Intel is making progress in talks with media companies. But what that means isn’t clear.

As a smaller operator, Intel would likely pay more for TV channels and movies than incumbent cable, satellite and telecommunications companies, which spend almost $38 billion a year licensing TV channels according to the Wall Street Journal. Media companies have no incentive to anger current licensees — much less cut into their potential profits — by agreeing to any terms that would give Intel an advantage.

So Intel will be paying more to go to market with a service that looks, well, a lot like what its larger rivals are already selling — only, maybe, less so. In addition, Intel would be dependent on  broadband services to deliver its pay TV services. This could be a problem if cable and telecoms decided to ratchet down their data caps.

Intel’s set-top box could offer unique whiz-bang features, such as a camera  for video-conferencing and personalizing content based on facial recognition. But that won’t be enough, since people watch TV for the programming, not what’s inside the set-top box.

Intel Outside

Intel’s history is a study in how not to combine technology with entertainment. Each of its attempts follows the same lame pattern: Intel hypes its plans at the Consumer Electronics Show, then programs its executives to continue slinging marketing BS in interviews with the press. Eventually, the whole venture falls apart, usually with in a year or so.

To wit:

• In 2010, Intel launched chips and big plans for partnering with manufacturers to build the “smart TV,”  which was really nothing more than a set that would let users run apps and tap into the Internet while watching programs. The problem: no one wanted to play with apps on their TV. So Intel pulled the plug in 2011.
• In 2006, Intel embarked on another would-be game changer, Viiv. This chipset for Windows PCs running Microsoft’s Media Center was going to turn PCs into entertainment hub — along the way, moving the battle with viruses, software updates and computer crashes to the living room. The Intel hype machine churned into high gear, at least until the first Viiv PCs came out. As The Washington Post reported,  the typical Viiv box offered little more than a “smattering of free Web video clips and discounts on online music, movie and game rentals — plus a nifty rainbow-hued Viiv sticker on the front of the computer.” By 2008, Viiv was dead.
• In 2001, Intel was pondering slower-than-expected demand for its Pentium 4 chips and a modest 10% growth in its core microprocessor business. So the company decided to jump into the market for digital music players with a $300 gadget to take on the leading models from Sony, Philips and the Rio division of Sonicblue. Unexpectedly, though, Apple released the iPod later that year and wiped out all its competitors. Including Intel.

Despite its money and army of smart people, Intel simply doesn’t get the consumer electronics market, and likely never will. The company is very good at building the innards of PCs, including chips, memory and motherboards, but has shown little talent for doing much else.

Rather than launch pay-TV services that will take the company in a direction far beyond its expertise, Intel has to get much better at picking market winners. Missing out on the smartphone and tablet craze was a huge blunder. While making up for that miss, Intel needs to watch for what’s next and move quickly. Launching a pay-TV service just makes the company seem desperate to try anything.

Image courtesy of ShutterStock

The post Why Intel TV Is Just Another Doomed Lunge At The Consumer Market appeared first on ReadWrite.

In June 2007, Apple launched the first iPhone, marking a new era in corporate mobility. Before the fashionable mini-computer, people used smartphones for voice, texting and email. With the iPhone and its remarkable touchscreen users could also be entertained with music, video and games. Corporate executives became so attached to their hip device, they wanted to use it for business, so they bullied IT departments into providing access to email and corporate data. Employees soon joined their bosses and the bring-your-own-device trend began.

Six years later, what started out with one smartphone has grown into an army – far too much for the Wild West atmosphere of BYOD to continue as it has been. Many companies that have allowed BYOD will soon be pulling back on such freedoms. While BYOD may not die altogether, it will carry stricter restrictions meant to finally get this trend under control.

The Fate Of BYOD

“BYOD is clearly an important trend, but we expect it to plateau in the coming one to two years as enterprises decide that the cost and security issues associated with unlimited BYOD do not warrant the anarchy and increased support costs it has often caused,” a recent report from tech analyst J.Gold Associates said.

Where the iPhone use to be in a class by itself, the smartphone now competes with Android phones from Samsung, HTC, LG, Sony and 10 other vendors.  In addition, there is the BlackBerry and multiple devices running Microsoft’s Windows Phone.

In 2010, Apple added the iPad to the chaos, creating a whole new market for tablet computers that brought lots of competitors from manufacturers in the Android camp.

From the beginning, BYOD was a challenge for IT departments, which had to wrestle with data security, device manageability, support and app control. Nevertheless, enterprises went along with the trend and the majority allowed at least some workers to use their personal devices for business.

But configuration, workflow and security issues were always making things difficult for IT. For instance, cyber-criminals saw an easy target in Android – with so many devices running older versions of the OS, hackers could target known vulnerabilities that were left unpatched by manufacturers and wireless carriers.

BYOD Limits

A survey of enterprises that allow employees to use their own notebooks, smartphones and tablets found that nearly half had experienced a security breach. As a result, more than 40% of the companies either restricted mobile data access or installed security software, according to the poll of more than 400 IT professionals and chief executives conducted by Decisive Analytics and released in August 2012.

Despite the breaches, only 12% of companies outright cancelled BYOD programs, an indication that most remained committed to providing flexibility to employees, while moving toward imposing rules.

Indeed, Gold found that companies are realizing “the current mostly wide-open, laissez fare approach to BYOD is not sustainable longer term, and that more controls and better strategy are needed.”

As companies clamp down on BYOD, employees will likely find they will have to surrender their devices in order for IT departments to install technology to protect corporate data and communications. At the same time, manufacturers are providing more enterprise features in order to ensure their products get approved for work and play.

Samsung recently launched technology called SAFE that the vendor boasts brings enterprise-class security to selected devices. People who buy the Galaxy S III or S 4 smartphones, the Galaxy Note II smartphone/tablet hybrid or the Note 10.1 tablet have the option of including SAFE, which provides a container for corporate data and email in order to separate it from personal applications.

BlackBerry, which has always been considered the gold standard in device security, has added similar data-separating technology in the new Z10.

In time, enterprises are likely to give the nod to those devices that can meet the demands of consumers and businesses and shun those that don’t. So instead of BYOD, the policy of the future will be BYODA, or bring-your-own-device-for-approval.

Image courtesy of Shutterstock.

The post No More Wild West For Bring Your Own Devices appeared first on ReadWrite.

In 2010, Apple captivated PC users with the release of the iPad. The thin and light tablet with exceptional battery life, ease of use and attractive design became the must-have mobile device for many corporate executives and employees. With nothing comparable in the Windows PC world, Apple had the business market to itself.

But Apple is a consumer electronics company at heart; so future iPad models remained devoid of features that were needed to meet corporate requirements for security, deployment, manageability, up-time, support and training. In the meantime, Microsoft, Intel and PC manufacturers picked themselves up and plotted their comeback. After three hard years, PC makers have finally released Windows tablets that tech analyst firm Moor Insights & Strategy says will likely reverse Apple’s gains in the corporate market.

Apple’s Party Is Over

“Enterprise tablets now exist that provide the best of both worlds between end user and IT, which puts the Apple in a precarious position of needing to add more robust enterprise features,” Moor says in a white paper released Monday. “Until that point, Moor Insights & Strategy recommends enterprises re-evaluate their iPad pilot and deployments.”

In other words, the enterprise party is over for Apple’s tablets.

The new Windows tablets that finally get it right when it comes to meeting the needs of corporations and their employees are the Hewlett-Packard ElitePad 900, the Dell Latitude 10 and the Lenovo ThinkPad Tablet 2. Moor makes a convincing argument as to why it believes these three devices will steer companies away from the iPad.

What’s In the New Windows Tablets

Two crucial components are Microsoft’s Windows 8 and Intel’s Atom processor Z2760. The former provides a touch-based interface that’s a key element of any tablet’s appeal, while the former delivers the performance and battery life. In fact, a comparison review by AnandTech found that battery life with the Z2760 surpassed the iPad 4 when Web browsing.

Because Intel has built a competitive chip based on the X86 instruction set, the three tablets can run the latest touch-enabled apps for Windows 8, as well as Windows 7 apps. Among the most important app is Microsoft Office, the enterprise standard for office productivity. Office doesn’t run on the iPad, and Apple’s productivity tools are not regarded as being on par with Microsoft’s.

There’s also more baseline expandability with the Windows tablets. Depending on the vendor, the devices can come with a dock, USB, miniHDMI and microSD. Add other optional manufacturer-supported accessories and the iPad is left in the dust.

Other pluses include playing nicely with Active Directory, Microsoft’s directory service for authenticating and authorizing users and computers in a Windows network. The tablets, through the Atom processor, also offer Intel security, which includes Secure Boot and the firmware-based Platform Trust Technology.

Overall, the fourth-generation iPad provides roughly a half-dozen enterprise features, while the Windows tablets have more than a dozen. Most important, those features are already in use in corporations, so there’s no need to evaluate them before deployment, train IT staff or purchase new tools.

What this ultimately means is the Windows tablets will be less expensive when considering the total cost owning and managing the devices. In addition, they are more durable and as nicely designed as the new iPads, and have larger displays. The resolutions are less, but still more than adequate for businesses.

Some Disagreement

How much of a head start Apple has in the enterprise is tough to determine, since the company won’t say how many iPads have been sold to businesses. However, a running tally of the top 100 iPad rollouts kept by SAP show that nearly 70 are K-12 schools, where Apple has always done well. Nevertheless, there are some notable names on the list, including the U.S. Air Force, United Airlines, British Airways, General Electric and the Walt Disney Company.

Not everyone agrees with Moor. Jack Gold, principal analyst for J. Gold Associates, believes the market momentum is still behind the iPad. Units within an organization, not the IT department, will often choose the tablet they want to use and many want the iPad.

“The iPad, and Android (tablets), will have a place as long as users demand it,” Gold said. “And the Win8 devices will find a niche, particularly in those organizations that have company-owned assets that IT fully controls.”

While Gold has a point, the advantages the latest Windows tablets have are too numerous for corporations to ignore.

Image courtesy of Wikimedia.

The post The Enterprise Tablet Party Is Over For Apple appeared first on ReadWrite.

Since 2002, when Microsoft launched its Trustworthy Computing initiative, security in the company’s products have improved each year. But while the company has increasingly battened down Windows, Office and its other programs, the number of vulnerabilities in harder-to-patch third-party applications has grown dramatically, making overall security on the PC worse than ever.

More Risk In Third-Party Apps

Rather than go through the expense of battling Microsoft directly, many hackers now focus on low-hanging fruit, such as the Java and Adobe Flash browser plug-ins, which are often left un-patched even by users who conscientiously update Windows and Office. This trend was highlighted in a new study by Secunia.

The security vendor found Microsoft’s highly effective automatic security updates now address only 8.5% of the vulnerabilities in a PC. The rest have to be patched through updates from various software developers, each with their own unique process. The complexity leads users who are not security savvy to forgo updates, vastly increasing their risk of infection.

“There is, to date, no one fix-it-all solution,” warned Morten Stengaard, director of product management and quality assurance at Secunia, in the company’s blog.

Theoretically, Microsoft could overhaul Windows to place each third-party application in its own container, making it more difficult for hackers to load malware in the operating system. However, such a massive change would require Windows software vendors to rebuild their own products, which would have a ripple affect on every corporate and consumer customer.

“Microsoft, to some extent, is hamstrung by legacy code and what they’ve done in the past,” Jack Gold, analyst for J. Gold Associates, said. “They can’t just rip everything up and start all over again very easily.”

Fewer Flaws In Microsoft Apps

Ironically, the third-party threat is blossoming even as Microsoft continues to get its own house in order. In 2012, out of all the known vulnerabilities in the top-50 PC programs, Microsoft products accounted for only 14% of them, the study found. The rest were in other software. And the share of vulnerabilities on a Windows PC coming from third-party applications has been growing. In 2007, they accounted for 57% of the security flaws, compared to 86% last year, Secunia says.

“It’s well known that they [Microsoft] have put great efforts into improving security of the operating system and the applications that they provide,” Stengaard said in an interview. “What we’re seeing is the long-term involvement and dedication is now paying off.”

Windows, Office, Silverlight and other Microsoft products are not ironclad, of course. Given enough time, knowledgeable hackers can find their way in through these channels. But in the world of cybercrime, most hackers are not interested in a challenge. Instead, they look for the easiest way to break into as many PCs as possible, to enslave the machines into the many armies of remotely controlled botnets, or to steal credit-card numbers, social-security numbers and corporate intellectual property that will fetch a good price on the underground.

Including both Microsoft and third-party applications, the number of PC vulnerabilities has dropped by 5% since 2011, and by 10% among the top 50 applications. Since 2007, though, overall vulnerabilities are up 15%, Secunia found, and that jumps to a whopping 98% increase among the top 50 applications.

Where The Danger Lies

Applications most likely to provide an easy path into Windows machines include Java, Flash, Adobe Reader and Apple iTunes, according to Secunia. If these applications are not kept up to date, hackers can exploit known vulnerabilities that enable them to load their malware via the PC’s system memory.

In addition, all these applications have very large user bases, which makes it easier for hackers to find targets.

Why PCs have so much outdated software varies. Sometimes it’s because the update process is too cumbersome, so they don’t bother. Other times, the vendor is slow in fixing flaws that hackers are already targeting. Updating Java, an open platform for running software on any operating, system has been a pain for a long time. However, Java steward Oracle is working to improve the process and is getting updates out quicker, most experts agree.

In 2012, Adobe had the worst record for updating applications, according to Secunia. The software maker released patches at a rate 80% slower than in 2011, based on the time it took the vendor to release updates of vulnerabilities reported by Secunia.

Overall, though, patch speed for third-party apps is increasing, Secunia said:

In fact, in 2012, 84% of vulnerabilities had patches available on the day of disclosure. In 2011, the number was only 72%. The most likely explanation for this improvement in ‘time-to-patch’ is that more researchers coordinate their vulnerability reports with vendors.

Patching Is Critical

The vendor based its study on 6 million PCs, mostly in the U.S. and Europe, running its freeware called Personal Software Inspector, which checks for application vulnerabilities. Microsoft products accounted for 35% of the programs on the PCs.

If you take Secunia’s study seriously, then the takeaway is clear. Even if patching all your software is getting more complicated,  making sure everything is always up to date is more important than ever.

Image by Fredric Paul.

The post Whose Fault Is It When Your PC Gets Hacked? Probably Not Microsoft’s appeared first on ReadWrite.

Entrepreneurs have often used technology to bring us services we didn’t even know we needed. Who would have thought a billion people would be willing to share their lives on Facebook and hundreds of millions more would change the news industry by microblogging on Twitter? But oftentimes entrepreneurs get it wrong and throw technology at a problem that only exists in their dream-chasing heads.

Total Boox

Such is the case of Total Boox, a digital bookselling startup founded by Israeli entrepreneur Yoav Lorch. Total Boox is scheduled to open for business this month, selling e-books on a pay-as-you-read basis. If you read a quarter of the book and decide it’s not worth anymore of your time, then you only pay a quarter of the retail price. The way Total Boox sees it; customers win by not having to pay the full price for a book they may lose interest in. Publishers win by increasing revenues through “finding more readers, the right readers.”

“When it comes to e-books, people talk about the technology a lot but they don’t spend much time looking at business models,” Lorch, a trained economist, told online magazine Publishing Perspectives. “And so the old business model of pay first read later – which makes sense when applied to physical books – has been smart and sneaky enough to creep into the world of e-books. But it doesn’t belong there.”

Lorch could not be more wrong. “There are very few things I can think of that strike me as having less of a chance of being commercially viable than this,” said Mike Shatzkin, founder and chief executive of The Ideal Logical Company, a consultancy firm focused on digital change in the book publishing industry.

Few Benefits

People deciding whether to buy a book online can usually read a whole chapter, and sometimes more, for free. There’s no evidence that people are looking to pay to sample a book. Also, given that there are lots of e-books that sell for less than $10, the amount of money saved doesn’t justify the complexity of pay-as-you-read, which requires having a credit card on file to continuously pay for every page.

For publishers and authors the benefits are even less. Just because people may not finish the e-book they buy is not a reason to give them an opportunity to pay less.

“I see him solving a problem that doesn’t exist with a solution that the owners of the rights are not likely to be happy with,” Shatzkin says. “I think he’ll get stopped by not having any content that matters before he begins.”

Indeed, Total Boox has no major publishers onboard, and messages seeking comment from several of them went unanswered.

Some of the most expensive books in publishing are college textbooks, which can cost a student several hundred dollars per semester. Students would likely jump at the chance of spending less, but publishers have no reason to give them that opportunity. After all, students have to buy the textbooks in order to pass their classes. Even if the books are shared, they still have to be bought.

Publishing Isn’t Dead

While e-books and the Internet have certainly caused major changes in the publishing industry, booksellers overall are adjusting. The stock price for the industry rose almost 24% year to year in 2012, easily beating the roughly 7% gain of the Dow Jones Industrial Average, according to Publishers Weekly Stock Index. Even if the leader Amazon is removed from the index, it was still up almost 11%.

Investors believe with good reason that book publishers and retailers are managing the disruption the industry has faced. In the first half of 2012, book sales rose more than 13% to $2.33 billion, according to the latest figures from the Association of American Publishers.

This doesn’t mean the industry doesn’t still have its challenges. Among the biggest are shrinking profit margins due to higher discounts and falling prices. Total Boox is offering a business model to make that problem worse. If it wants industry support, it will have to go in the other direction.

Image courtesy of Shutterstock.

The post Pay-As-You-Read E-Bookselling Won’t Make It Off The Shelves appeared first on ReadWrite.

The technology industry has been excluded from the government’s definition of what constitutes the nation’s critical infrastructure, giving them a free pass from regulations. While this may be good for IT businesses, telecom companies like AT&T and Verizon Communications are crying foul.

Information technology is crucial to business, and according to these telecom companies, IT is just as important in securing power plants, telecommunications and water filtration systems. Which is why they want IT companies to be listed as part of the nation’s critical infrastructure, something IT vendors are resisting because they don’t want to be saddled with more government regulation.

The very political situation raises many questions, and has few answers.

Obama’s Executive Order

Currently, IT – think companies like Microsoft, IBM, Apple, Oracle, Cisco and more – is excluded from the government’s definition of critical infrastructure, as defined by President Obama in an executive order issued last month. In directing the Secretary of Homeland Security to identify critical infrastructure at the greatest risk of attack, the order says the Secretary “shall not identify any commercial information technology products or consumer information technology services under this section.”

This exclusion, the result of heavy lobbying by the IT industry, is not sitting well with telecom companies, such as AT&T and Verizon. They believe technology vendors are as important as the network operator in building adequate security to fend off cyberattacks from terrorists.

“The Internet ecosystem is far more interconnected and dependent on a host of players than it was even five years ago,” a Verizon spokesman said.

Fighting Regulations

While the government battles terrorism, telecom and IT companies are trying to fend off regulations. The executive order sets the groundwork for cybersecurity legislation from Congress. So far, the IT industry has been excused, and the telecom industry wants it to share whatever regulatory burden results from current negotiations between the White House and Congress.

“The telecom community is concerned the tech industry is going to get a free pass here,” David Kaut, a Washington analyst with Stifel Nicolaus & Co. told Bloomberg. “You have an ecosystem and only the network guys are going to get submitted to government scrutiny.”

Telecom companies have a point when it comes to critical infrastructure. Hackers who break into the Windows computer of a telecommunications company could wind their way into control systems and shutdown wireless or landline service for hundreds of thousands of people. But is regulating IT security directly the best way to prevent such a breach? I don’t believe so.

Instead of more regulations, the government should focus on requirements for companies directly involved with maintaining the nation’s critical infrastructure. As IT customers, these companies, which include utilities, financial institutions, defense contractors and manufacturers, are in a much better position to get the security they need built into the products they agree to buy. If an IT company such as Microsoft, Oracle or IBM cannot meet the requirements, than another one will.

“Commercial products and services often are the weakest link, but regulating them directly means imposing costs that many users won’t be able to shoulder,” Stewart Baker, a partner at law firm Steptoe & Johnson and a former assistant secretary for policy at DHS, said. “So you end up imposing costs on everyone to protect a portion of the economy.”

Political Talks

This issue is sure to come up during negotiations underway between the White House and congressmen supporting a cybersecurity bill introduced in the U.S. House Intelligence Committee. The bill emphasizes sharing threat information between businesses and government, while the Obama administration also wants minimum security standards set for the most critical companies.

For telecom companies to get what they want, they will have to convince the Republican majority in the House, which adamantly opposes more government regulation, to broaden the cybersecurity bill to include the IT industry. That’s unlikely, so telecom and other critical infrastructure companies should be prepared to take full responsibility for securing their systems.

Image courtesy of Shutterstock.

The post AT&T/Verizon Challenge Tech Companies’ Commitment To National Security appeared first on ReadWrite.

With IBM tossing its might behind OpenStack, the open source software used to run cloud-computing installations is in a strong position to become the dominant platform in the industry.

OpenStack Rising

IBM announced Monday that it will make OpenStack the foundation of its cloud services and software. In backing the open source project, Big Blue joined other tech heavyweights behind the technology, including Hewlett-Packard, Dell, Cisco, Red Hat and Rackspace.

“IBM is the big fish in the sea and for them to make the level of commitment that they did today is a big deal,” said James Staten, analyst for Forrester Research. “That’s the kind of heft OpenStack needs.”

The announcement is likely to send OpenStack’s two main competitors VMware and CloudStack, another open source cloud computing platform, into a battle for second place.

“OpenStack has won the race to become the standard, and it has done it rapidly,” Ann Winblad, a venture capitalist and a managing director of Hummer Winblad Venture Partners, told AllThingsD.

IBM And Open Source

IBM has conducted a long love affair with open source software. In 2000, it backed Linux and a year later committed $1 billion to the development of the operating system. IBM’s support helped drive Linux into large organizations and made it a viable competitor against Microsoft as a server platform.

“IBM could have the same impact on OpenStack as it did on the Linux world,” Staten said.

IBM recognized years ago that open source code fit its business strategy a lot better than proprietary technology. The company draws most of its $100 billion in annual revenue from providing IT services. By basing a lot of its own technology on the code from various open source projects, as well as industry standards, IBM is able to work its hardware and software into what enterprise types call “heterogeneous computing environments” — the combinations of patched-together technology from a variety of vendorstypically found in large companies, the segment of the tech market IBM is strongest.

“IBM has really great credibility in the open source community,” Gary Chen, analyst for International Data Corp., said. “They really do understand open source.”

IBM’s First OpenStack Product

IBM followed its announcement with the introduction of its first OpenStack-based product, SmartCloud Orchestrator. SmartCloud is the brand name for IBM’s platform for running cloud installations in customers’ or IBM’s data centers or in a combination of both. Orchestrator is a service customers use to configure the computing, storage and networking resources for cloud applications.

One unanswered question is how IBM will integrate its current SmartCloud code base with OpenStack. In an interview with NetworkWorld, Robert LeBlanc, a senior vice president of software for IBM, waxed mystical in describing how Big Blue will handle the transition.

“We’re on a continual journey,” LeBlanc said. “But we think this is a major step in that journey.”

Cloud Standards

IBM clearly wants to influence OpenStack’s technological direction and efforts to develop industry standards for cloud computing, which is still a relatively immature architecture. IBM has formed a 400-member Cloud Standards Customer Council to help push other tech vendors in a direction favorable to IBM. The company says it has more than 5,000 customers running private clouds on its platform.

IBM is also a major player in standards bodies, such as the World Wide Web Consortium and the Organization for the Advancement of Structured Information Standards (OASIS).

While standards are key to making different technologies work together, they won’t help companies make the cultural changes necessary to adopt cloud computing and make it work. Delivering applications as a Web service dramatically changes the role of IT departments and affects how employees interact with software, too.

Because of its success in professional services, IBM is in a strong position to help companies make those cultural changes, but it won’t be easy. “A lot of enterprises are not ready to hear it,” Staten said.

Nevertheless, the momentum in the tech industry is behind cloud computing. The public cloud service market alone is expected to grow 18.5% this year to $131 billion worldwide.

With that much money on the table, IBM plans to become a major player in the market and is betting that OpenStack can help it achieve that goal.

Image courtesy of ShutterStock

The post IBM Makes OpenStack The Cloud Platform To Beat appeared first on ReadWrite.

Cybercriminals and the mayhem they can cause have become the leading concern of security experts in cloud computing. That’s the takeaway from the Cloud Security Alliance’s latest poll on the top nine threats the industry faces.

Changes In Security Priorities

The nonprofit’s latest survey found a reshuffling of security priorities pointing to the growing danger posed by cyberattacks aimed at stealing corporate data. Data breaches and account hijackings that were in the middle of CSA’s 2010 list of top threats rose to the number one and three spots, respectively, this year. At the same time, denial of service attacks made their debut as the fifth most worrisome threat.

The CSA report is meant to give cloud service providers and their customers a snapshot of what experts see as the greatest dangers to storing data and conducting business with customers in the cloud. Fueling fears is a steady stream of break-ins at service providers and Web sites owned by businesses, government and educational institutions.

So far this year, 28 breaches attributed to hackers have been made public, resulting in the loss of 117,000 data records, according to the Privacy Rights Clearinghouse. Service providers hacked included Zendesk and Twitter. In 2012 there were 230 publicly disclosed breaches for a loss 9 million records. Service providers that suffered breaches included Yahoo, eHarmony and LinkedIn.

Experts agree that no organization doing business on the Internet is immune from a break-in, particularly as the quality of software tools available to hackers through the underground development community continues to grow in sophistication.

“All the vulnerabilities and security issues that on-premise, non-virtualized and non-cloud deployments have still remain in the cloud,” Lawrence Pingree, analyst for Gartner, said. “All that cloud and virtualization does is enhance the potential risks by introducing virtualization software and potentially mass data breach issues, if an entire cloud provider’s infrastructure is breached.”

Hackers Not The Only Threat

Surprisingly, the second greatest threat in CSA’s latest list is data loss not from cybercriminals, but from cloud service providers themselves. Accidental deletion happens more often than a lot of people may think.

In a survey released in January of 3,200 organizations, Symantec found that more than four in 10 had lost data in the cloud and have had to recover it through backups. “It’s really kind of astounding,” Dave Elliott, a cloud-marketing manager at the storage and security company, told Investor’s Business Daily.

Whether from hackers or a service provider SNAFU, the loss of data is damaging to the reputation of all parties involved – customer and service provider — no matter who is to blame, Luciano “J.R.” Santos, global research director for the CSA, said. The potential financial impact from losing customer trust is why data loss is so high on the threats list.

“It’s your reputation,” Santos said. “A lot of folks are saying these are the things that if it happened to me or if it happened to me as a provider, they would have the most impact to the business.”

The fourth top threat according to the CSA marks an improvement in internal security. In 2010, insecure application programming interfaces was the second greatest threat listed by experts.

APIs are what customers use to connect on premise applications with cloud services, as well as to manage the latter. While the technology is improving, the fact that it remains on the list indicates that cloud service providers still have a ways to go in locking down their APIs.

The Bottom Four

The remaining top threats, starting in order with number six, are malicious insiders, abuse of cloud services, insufficient planning on how to use cloud services and the vulnerabilities that may exist as a result of the way a cloud provider architects its infrastructure, so it can be shared among many customers.

Abuse of cloud services refers to hackers who rent time on the servers of cloud computing providers to perform a variety of nefarious acts, such as launching denial of service attacks and distributing spam. This along with the other bottom four threats was higher in 2010.

Overall, I see this year’s list as a mixed bag for cloud security. While some areas show improvement, data protection needs to get a lot better. Gartner predicts public cloud services will reach $206.6 billion in 2016 from $91.4 billion in 2011. That much growth won’t happen unless businesses are comfortable with data security.

The Notorious Nine: Cloud Computing Top Threats in 2013

1. Data Breaches
2. Data Loss
3. Account Hijacking
4. Insecure APIs
5. Denial of Service
6. Malicious Insiders
7. Abuse of Cloud Services
8. Insufficient Due Diligence
9. Shared Technology Issues

Image courtesy of Shutterstock

The post The 9 Top Threats Facing Cloud Computing appeared first on ReadWrite.

Free iPhone and iPad apps from Apple’s App Store pose a greater privacy risk than free apps from Google Play. That’s the finding of the latest study by Appthority, which is in the business of evaluating mobile apps for companies.

Why the App Store Loses

On the surface, the Appthority study — released Tuesday during the RSA security conference in San Francisco  — appears to find iOS and Android apps equally culpable of privacy violations. Of the 10 top-selling apps the firm tested in each of five categories, 60% of the iOS apps shared data with advertising and analytics networks. So did 50% of Android apps.

A closer look, however, revealed that iOS apps were far leakier than their Android counterparts. A full 60% of iOS apps gathered your location data, 54% vacuumed up your contact lists and 14% siphoned information from your calendar. With Android apps, those percentages were 42%, 20% and zero, respectively — not exactly laudable, but certainly an improvement over the performance of Apple apps.

Encrypting user data was not a big priority for apps on either platform. All of the iOS apps sent unencrypted data to ad networks, while 92% of Android apps did the same.

Appthority says iOS apps fall short because ad networks are willing to pay more for user data from Apple devices, giving developers a greater incentive to gather and hand over as much information as possible. At the same time, there are more developers making iOS apps, so they have to work harder at making a buck — and that apparently tempts some to compromise on privacy.

“Developers are struggling to monetize, because it’s hard to run a company giving apps for free or selling apps for 99 cents,” says Domingo Guerra, president and co-founder of Appthority. “So, in turn, they use the ad networks to try and get money, and the ad networks will pay more money if the developers share more data on the users.”

The Overall Numbers

Appthority tested business, education, entertainment and finance apps, as well as games. Entertainment apps were the worst when it came to user privacy. This category had the highest number of apps that tracked location and shared data with ad networks. Education and finance apps posed the smallest threat — relatively speaking, at least — to user privacy.

Individual developers built roughly 80% of the apps tested. Companies with iOS apps in the study included Apple, Intuit, Kids Games Club and PayPal. On the Android side, the companies included Imangi Studios, Intuit, PayPal and Intellijoy.

Appthority’s last report was in July 2012, when the apps tested posed a slightly higher risk to user privacy. However, the study was done differently. It analyzed the top 50 free apps in each platform, regardless of category.

Last year’s study also showed iOS apps gathering more user data than Android apps, though less than iOS apps this year.

The Trend

Guerra predicts the next Appthority study in three months will show a decline in risky app behavior, thanks to recent government crackdowns on online privacy abuse.

This month, the Federal Trade Commission announced an $800,000 settlement with social networking start-up Path, which was charged with uploading users’ address book data without permission and gathering personal information on several thousand children without parental consent.

In addition, some states are also taking a hard stand on privacy. California Attorney General Kamala Harris last year formed a Privacy Enforcement and Protection Unit to prosecute companies that violated the state’s privacy laws.

While prosecuting scofflaws can be a deterrent, sometimes the best way to protect privacy is to pay for an app, rather than hunt for something similar that’s free. In general, paid apps gather less user data than free apps, Guerra says. “Your privacy is worth more than 99 cents, so just buy the app.”

Image courtesy of ShutterStock

The post Apple iOS Apps Leak More Personal Info Than Android appeared first on ReadWrite.