Nearly half of all web application cyber attacks target retailers

The retail sector is the most heavily targeted by this type of attack, according to the latest web application attack report by security firm Imperva.

The warning comes as online retailers gear up for Black Friday on 28 November 2014 and Cyber Monday on 1 December, the two busiest days of the online shopping year in the US and increasingly in the UK too.

The Imperva report is based on the analysis of 99 applications over nine months by the company’s Application Defense Center(ADC) research team.

The study found 40% of all SQL injection attacks and 64% of all malicious HTTP traffic campaigns target retail websites.

“Our study shows that retail sites are a big target for hackers. This is largely due to the data that retail websites store – customer names, addresses, credit card details – which cyber criminals can use and sell in the cyber crime underworld,” said Amichai Shulman, chief technology officer at Imperva.

“Over the past year we have seen a number of retailers suffer data breaches and I expect this will continue.”

Google Announces 1TB of Free Cloud Storage for Chromebook Users

With most of its competitors in the cloud storage space slashing prices, Google has announced 1TB of storage free of cost for new Chromebook buyers. Google says the 1TB subscription, which will be valid for two years, is worth $240.

"That's enough space to keep more than 100,000 awkward holiday sweater pics safe and shareable in Drive. With that much free storage, you can use your Chromebook for work, play and pretty much everything else you'll do this holiday season," added Alex Vogenthaler, Group Product Manager, Google, on the company's Google Drive blog. Vogenthaler also added that users would need to redeem the offer before January 1 next year. Last month, the search giant announced a new service for students called Google Drive for Education.

The Drive for Education service is applicable toGoogle Apps for Education customers at no extra charge. Users will get unlimited online storage and support for individual files up to 5TB. Google's competitor, Microsoft, also announced last month that it would be rolling out unlimited OneDrive storage to Office 365 Home, Personal, and University subscribers over the coming months. Notably, the unlimited OneDrive storage for Office 365 users comes after Microsoft already bumped the storage limit up from 20GB to 1TB in June.

Microsoft has also said that OneDrive for Business users will get unlimited storage as part of the Office 365 roadmap sometime in 2015, with First Release customers first in line.

Apple Relabels 'Free' Download Button as 'Get' on App Stores

Apple, without making any big announcements, has made a minor yet noticeable change to its App Store (for iOS devices) and Mac App Store by changing the 'Free' label on the download button for free apps to 'Get'.

While there's no official word on the reason behind the change, it might be a reaction to the pressure Apple is facing from the European Commission. As per the European Commission (via Techcrunch), games labelled as 'Free' can mislead customers as they don't explicitly specify the presence of in-app purchases in the app. If this is indeed a reaction to pressure from the EC, Apple doesn't seem to be limiting the change to European regions or only for games, but has begun is rolling it out worldwide. Notably, not all free apps are marked as 'Get' - some Apple apps are still marked as 'Free' - though the differing labels don't seem related to the presence of in-app purchases.

The move by Apple doesn't seem aimed at making it harder for children to rack-up hefty in-app purchases, an issue the company has been pulled up for several times in the past; however, only at making it plainly obvious that almost nothing is free.

A report from June this year stated one case in Britain, where an 8-year-old girl managed to run up a bill of GBP 4,000 (roughly Rs. 3,88,000) making "in-app" purchases from games such as My Horse and Smurfs' Village. In that instance, Apple reimbursed the girl's father.

StoreDot Has a New Technology to Recharge Your Phone in 30 Seconds

An Israeli company says it has developed technology that can charge a mobile phone in a few seconds and an electric car in minutes, advances that could transform two of the world's most dynamic consumer industries.

Using nano-technology to synthesise artificial molecules, Tel Aviv-based StoreDot says it has developed a battery that can store a much higher charge more quickly, in effect acting like a super-dense sponge to soak up power and retain it. While the prototype is currently far too bulky for a mobile phone, the company believes it will be ready by 2016 to market a slim battery that can absorb and deliver a day's power for a smartphone in just 30 seconds.

"These are new materials, they have never been developed before," said Doron Myersdorf, the founder and chief executive of StoreDot, whose investors include Russian billionaire and Chelsea soccer club owner Roman Abramovich.

The innovation is based around the creation of "nanodots", which StoreDot describes as bio-organic peptide molecules. Nanodots alter the way a battery behaves to allow the rapid absorption and, critically, the retention of power.

The company has raised $48 million from two rounds of funding, including backing from a leading mobile phone maker. Myersdorf declined to name the company, but said it was Asian. With the number of smartphone users forecast to reach 1.75 billion this year, StoreDot sees a big market, and some experts think that -- with more work -- it could be on to a winner.

"We live in a power hungry world ... people are constantly chasing a power outlet. StoreDot has the potential to solve this real big problem," said Zack Weisfeld, who has worked with and evaluated ventures in the mobile phone sector globally.

Apple Launches (RED) App Store to Raise Money to Fight AIDS

Apple on Monday teamed with the (RED) campaign founded by U2 singer Bono to raise money to fight AIDS.

The move came as the California-based maker of iPhones, iPads, iPods and Macintosh computers shows deeper support for social and environmental causes under the leadership of chief executive Tim Cook. It also comes as Silicon Valley technology titans use their smarts, resources and cash to help tackle global woes including Ebola, climate change and overfishing of the seas.

Apple launched a version of its App Store featuring exclusive (RED)-branded content, with all money from sales to be donated to the Global Fund to fight AIDS.

                                            The (RED) App Store will be open through December 7

"Apple is a proud supporter of (RED) because we believe that the gift of life is the most important gift anyone can give," Cook said in a release.

"For eight years, our customers have been helping fight AIDS in Africa by funding life-saving treatments which are having a profoundly positive impact."

Applications in the (RED) App Store include versions of games Angry Birds, Clash of Clans, Farmville, FIFA 15 and Kim Kardashian Hollywood.

Office for Android gets a handy update, but not the one we're waiting for

Microsoft is planning to overhaul its Office apps for Android eventually, but in the meantime users will have to settle for a smaller update.

The latest version adds the same Dropbox integration that arrived on iOS a couple weeks ago, allowing users to save, load, and share documents stored in Dropbox directly through the Office app. Users can also open a document through Dropbox, edit it in Office, and have it automatically save back to Dropbox.

The update also adds the ability to generate OneDrive share links through the Office mobile app. To do so, tap the context menu (usually in the upper-right-hand corner), hit the Share button and select “E-mail as link.” Anyone with the link will then be able to view the document through OneDrive, or edit it if the user allows.

For Android users, a much bigger update is coming that will split Office into separate apps for Word, Excel and PowerPoint, though Microsoft hasn't announced a time frame. The overhaul will include a new layout and many more tools and formatting options than the current version. Microsoft is also working on Office for Android tablets, with a preview available by filling out an online application. As with the recent iOS app overhaul, the upcoming Android apps will include free document editing, though some advanced features are hidden behind the Office 365 paywall.

Why this matters: While Microsoft has shown plenty of appreciation for Android with unique apps and features for phones and wearables, it's a bit slower on the uptake when it comes to Office. The addition of Dropbox support and share links suggests that the full Android overhaul isn't imminent, but at least users aren't being completely stranded on new features in the meantime.

Linux Mint 17.1 finally makes MATE's fancy Compiz graphics easy to use

Linux Mint isn’t chasing touch interfaces, rethinking the way we use the desktop, or enacting any other grand experiment. It’s just a polished, modern Linux desktop system—and that’s why people love it. Linux Mint 17.1 (codenamed “Rebecca”) is on the brink of being released, and it continues the Linux Mint mission of refining the interface we use every day.

Technically, Linux Mint 17.1 is out in “RC” or “Release Candidate” form, which just means “this exact image will become the final release unless we find any huge bugs.” You can snag the RC images now or wait for a stable release, which should out soon. Installers with either the MATE or Cinnamon desktop environments are available. If you’re already using Linux Mint 17, you’ll soon receive a notification asking if you want to perform an upgrade to the new version.

MATE is a fork of the GNOME 2 desktop environment once used on Ubuntu and other Linux distributions by default. It’s still popular among many people who don't see why we need new desktops like Ubuntu’s Unity or GNOME 3. Back in the day, Compiz provided fancy graphical effects for GNOME 2 desktops. It can still do so for MATE, although many people had difficulties setting this up on Linux Mint. That’s why Linux Mint 17.1 includes easy Compiz setup.

The Windows pane in the Desktop Settings window provides a box allowing you to choose between the stable-but-potentially-boring “Marco” window manager and the fancy-but-potentially-unstable Compiz window manager. Desktop cubes, wobbly windows, and more—it’s all back.

Real improvement for everyone:
Various other changes affect both desktops. Linux Mint now uses the Noto fonts by default, and the default theme comes in many other color choices. The Login Window preferences were redesigned, and the Language configuration window now allows much easier installation of “input methods”— welcome news for people who need to write Chinese, Japanese, Korean, Thai, Vietnamese, and other languages where all the characters aren’t present on the keyboard for easy input.

But perhaps the biggest change is in the Update Manager application. It no longer shows individual package updates, but groups updates by “source package.” This means that—for example—when an update for LibreOffice is available, you won’t simply see a list of 22 packages. Instead, by default, you’ll see a single “LibreOffice” update in the list, although you’re free to drill down if you choose. According to Linux Mint’s developers, installing some individual package updates but not others —for packages like Mesa 3D graphics library, for example—can sometimes break people’s systems, however.

Why is Microsoft updating Windows PCs for a security bug on the server?

When Microsoft released a critical update for multiple versions of Windows Server this month, it also pushed out a fix for several releases of the Windows client OS, including even the technical preview for Windows 10.

It was critical to get the patch out for Windows Server: An exploit affecting Windows Server 2008 R2 and earlier versions has already been detected, and Windows Server 2012 and later releases are vulnerable to a related but more difficult attack. But the vulnerability isn’t present in the desktop versions of Windows. In Windows Server, the flaw allows attackers to employ the username and password of anyone in an Active Directory domain to get the same system privileges as a domain administrator, using a forged Privilege Attribute Certificate to fool the Kerberos Domain Controller that manages remote access.

The bulletin for the patch says there’s no security impact for the client versions of Windows. So why did Microsoft also release an update for Windows Vista, Windows 7, Windows 8, Windows 8.1 and the Windows 10 Technical Preview? It’s because although they don’t have that specific vulnerability, looking into the Windows source code to understand how the Privilege Attribute Certificate could be forged revealed some older code that Microsoft was no longer satisfied with, a representative for the company told us.

That could mean other potential attacks, although they declined to give more details.

Apple's $450 million e-books settlement gets final approval

A federal judge in New York has given final approval to a settlement in which Apple will pay $450 million for its role in a conspiracy to fix prices for ebooks.

Judge Denise Cote of the U.S. District Court in Manhattan called the settlement “fair and reasonable.” It requires Apple to pay $400 million to consumers who bought certain books between 2010 and 2012, as well as $50 million in attorneys’ fees.

Although the settlement is final, Apple only has to pay that amount if it loses its appeal of a 2013 price-fixing ruling. If the appeal is successful, Apple will pay only $50 million to ebook purchasers and $20 million to attorneys. A hearing on the appeal is scheduled for Dec. 15 in Manhattan. Lawyers for the ebook buyers have said they “strongly believe” that Apple’s appeal won’t be successful.

The iPhone maker was found guilty last year of conspiring with five big publishers to inflate prices for electronically downloaded books. The publishers—Hachette, HarperCollins, Macmillan, Penguin and Simon & Schuster—had already settled the charges against them for $166 million.

If Apple’s appeal is unsuccessful, there will be $566 million in total to divide among the affected consumers. They include millions of people who bought certain books from the five publishers between April 2010 and May 2012.

Microsoft turns to robotic security guards to watch for trouble

OK, so the robot apocalypse probably won’t happen any time soon, but the new robot sentries guarding Microsoft’s Silicon Valley campus seem like something straight out of a futuristic sci-fi movie.

According to ExtremeTech, each of the K5 security guard robots from robotics company Knightscope stands 5 feet tall and weighs 300 pounds, so you probably don’t want to mess with one.

The K5 robots don’t come with any weapons onboard—thankfully—but they use a suite of alarms, sirens, and cameras to monitor and patrol the grounds of Microsoft’s campus. If one spots trouble, it’ll either sound an alarm or dispatch a human security guard to its location. 

ExtremeTech notes that the K5 can run for up to 24 hours on a single charge, and can recharge in only about 20 minutes. Its battery won’t die out in the field, though—these bots will return to the charging station by themselves when their batteries start to run dry.

Robots are playing an increasingly large role in security and military operations. Google-owned robotics company Boston Dynamics, for example, has been working with DARPA to develop various robots to aid soldiers in combat settings. Meanwhile, South Korea deployed a robotic sentry to guard its side of the Demilitarized Zone  in 2010. Unlike K5, though, South Korea’s guard robot came fully armed.

UK plans to introduce new Web snooping law

A U.K. counterterrorism bill would require ISPs to retain IP addresses in order to identify individual users of Internet services.

The proposed law is meant to bridge a “capabilities gap” that authorities face when trying to obtain communications data, said U.K. Home Secretary Theresa May, who introduced the bill, in a speech on Monday. The measures will build on emergency legislation that the U.K. introduced during the summer, May said, who added that “it is not a knee-jerk response to a sudden perceived threat.”

The measures include a requirement for ISPs to supply information allowing law enforcement to match an IP address to the person using a service. In July, the U.K. government pushed through the Data Retention and Investigatory Powers Act (DRIPA), an emergency surveillance law. DRIPA replaced earlier legislation that the European Union court said interfered with fundamental privacy rights.

The new IP retention requirement proposed by May also builds on the Communications Data Bill that was blocked in April 2013 by the Liberal Democrats because they found it unworkable and disproportionate to the problems it sought to address. Better known as the “snoopers’ charter,” that bill would have required British ISPs and telecom providers to retain records of users’ browsing activity and social media communications, among other things, and store them for law enforcement purposes.

'Less" means more to malware authors targeting Linux users

Using the “less” Linux command to view the contents of files downloaded from the Internet is a dangerous operation that can lead to remote code execution, according to a security researcher.

At first glance, less appears to be a harmless command that outputs a file’s content to a terminal window and allows the users to navigate forward and backward through it. Less does not allow file editing, which is a job for file editors like the widely used vi, but has the benefit of displaying data on the fly without needing to load an entire file into memory. This is useful when dealing with large files.

Less is frequently used to view text files, but on many Linux distributions, including Ubuntu and CentOS, it supports many more file types, including archives, images and PDF. That’s because, on these systems, less is extended through a script called lesspipe that relies on different third-party tools to process files with various extensions.

When Zalewski ran a fuzzing program—a vulnerability testing tool that feeds malformed input to applications—against the cpio file archiving utility, one of the programs supported by lesspipe, it quickly identified a memory bug that can lead to arbitrary code execution.

“While it’s a single bug in cpio, I have no doubt that many of the other lesspipe programs are equally problematic or worse,” the researcher said.

According to the Ubuntu manual, lesspipe has support for files with the following extensions: *.arj, *.tar.bz2, *.bz, *.bz2, *.deb, *.udeb, *.doc, *.gif, *.jpeg, *.jpg, *.pcd, *.png, *.tga, *.tiff, *.tif, *.iso, *.raw, *.bin, *.lha, *.lzh, *.pdf, *.rar, *.r[0-9][0-9], *.rpm, *.tar.gz, *.tgz, *.tar.z, *.tar.dz, *.gz, *.z, *.dz, *.tar, *.jar, *.war, *.xpi, *.zip and *.zoo.

“On CentOS, lesspipe appears to include things such as groff + troff + grotty, man, and cpio,” Zalewski said. “On Ubuntu, there’s isoinfo (?!), ar from binutils, and so on. Ancient and obscure compression utilities and doc converters crop up, too.”

iMessage: Features and Benefits...

Apple, perhaps, most loved brand among old and young customers never lags behind in innovations. Proof to this is devices like iPad, iPhone, iPod which are huge success. Apple knows how much important it is to give something unique to its customers.  Privacy and effective communications are something everyone wishes to have. To make your communications faster, better and personal Apple has with App called ‘iMessage’ a smart messenger. It works with iPad, iPhone, iPod touch  running iOS 5 or higher and Mac running OS X Mountain Lion or later.

A loyal messenger like iMessage can save lots of your money on data uses as you can do unlimited chat with people who uses iMessage in your list of phone and email contacts.

iMessage comes with Rapid Message status; when you send a message it shows D for delivered and R for read which means once you send a message, no need to worry if its delivered to your contact or read by your contact or not. For messaging, iMessage uses same internet connection to which your iPhone, iPad and iPod touch or Mac  is connected.

You can keep iMessage On or Off as you wish, when a message arrives in your iMessage, a notification appears on screen like ‘UsernameeX’ trying to contact you and short message preview. This notification does not cost you anything.

iMessage is great for both SMS i.e. text messaging and MMS i.e media messaging.

Manage Chat Logs is one of the beautiful features iMessage has you can utilize to email Chat logs to a friend.  The iMessage comes with following capabilities-

• Bypass of login screen; no more long waits for loading
• Opening iMessage without data connection
• Great for viewing logs
• Improved sending/receiving MMS
• Push MMS support
• Voice message support
• Finger drawing support
• Manage Chat Logs
• Load prior messages
• Email chat logs
• Share via WiFi

Forget typing in passwords, Intel wants you to use your body to log into email and online bank accounts.

McAfee software that will use biometric technology to authenticate users will be available for download by the end of the year, said Kirk Skaugen, senior vice president and general manager of the PC Client Group at Intel, last week.

“Your biometrics basically eliminate the need for you to enter passwords for Windows log in and eventually all your websites ever again,” Skaugen said. Further product details were not immediately available. But one of the major inconveniences in using PCs and tablets is remembering passwords, which biometrics can tame. An average user has about 18 passwords and biometric authentication will make PCs easier to use, Skaugen said.

Biometric authentication isn’t new. It’s being used in Apple Pay, where fingerprint authentication helps authorize credit card payments through the iPhone or iPad. Intel has been working on multiple forms of biometric authentication through fingerprint, gesture, face and voice recognition.

McAfee is owned by Intel, and the chip maker is building smartphone, tablet and PC technology that takes advantage of the security software. Intel has also worked on biometric technology for wearable devices like SMS Audio’s BioSport In-Ear Headphones, which can measure a person’s heart rate.

15 Hot New Technologies That Will Change Everything

The Next Big thing? The memristor, a microscopic component that can "remember" electrical states even when turned off. It's expected to be far cheaper and faster than flash storage. A theoretical concept since 1971, it has now been built in labs and is already starting to revolutionize everything we know about computing, possibly making flash memory, RAM, and even hard drives obsolete within a decade.

The memristor is just one of the incredible technological advances sending shock waves through the world of computing. Other innovations in the works are more down-to-earth, but they also carry watershed significance. From the technologies that finally make paperless offices a reality to those that deliver wireless power, these advances should make your humble PC a far different beast come the turn of the decade.

In the following sections, we outline the basics of 15 upcoming technologies, with predictions on what may come of them. Some are breathing down our necks; some advances are still just out of reach. And all have to be reckoned with.

• Memristor: A Groundbreaking New Circuit
• 32-Core CPUs From Intel and AMD
• Nehalem and Swift Chips Spell the End of Stand-Alone Graphics Boards
• USB 3.0 Speeds Up Performance on External Devices
• Wireless Power Transmission
• 64-Bit Computing Allows for More RAM
• Windows 7: It's Inevitable
• Google's Desktop OS
• Gesture-Based Remote Control
• Radical Simplification Hits the TV Business
• Curtains for DRM
• Use Any Phone on Any Wireless Network
• Your Fingers Do Even More Walking
• Cell Phones Are the New Paper
• Where You At? Ask Your Phone, Not Your Friend

Nokia Lumia 730 Dual SIM Review: Ending on a High Note

Nostalgia reigns supreme as we start writing this review. Nokia, as a brand, evokes a lot of emotions. For a large number of Indians, their first phones would most likely have been Nokias. We are talking about a brand that transcended all divisions based on social class - rich, poor and middle. A brand that a surprising number of Indians swear by even today. A brand that truly "connected people".

But alas, Nokia's glory days have finally come to an end. Microsoft, the tech major that acquired Nokia's handset division, recently announced the launch of the Microsoft Lumia 535 - the first smartphone that isn't preceded by the Nokia tag. The last major launch that we are likely to see from the original company with its own Nokia branding is the Lumia 730 Dual SIM.

This phone is a big upgrade to last year's Lumia 720 (Review | Pictures). The mid-range Lumia 730 Dual SIM adds a good mix of features that include a capable processor, sufficient RAM, 6.7-megapixel front camera, and - its most promoted feature - a 5-megapixel, 24mm wide-angle front camera. Let's find out how the Lumia 730 Dual SIM fares in our tests, and ascertain if Nokia can exit the world stage with its head held high.

Xiaomi Redmi Note and Redmi Note 4G: First Impressions

Xiaomi on Monday launched the Redmi Note and Redmi Note 4G phablets in India. The Xiaomi Redmi Note is priced at Rs. 8,999 and will be sold through the company's online retail partner Flipkart in India. Flash sale registrations will start from November 25 at 6pm IST, and the first sale will happen on December 2, similar to way the Xiaomi Mi 3 and Redmi 1S have been sold so far.

On the other hand, the Xiaomi Redmi Note 4G will be sold by Filpkart as well as at 100 Airtel exclusive stores in six cities - Bengaluru, Chennai, Delhi, Hyderabad, Kolkata, and Mumbai - but its launch is slated for the second half of December. Even though it will be available at physical stores, consumers will need to register on Airtel's website in advance and only those who win invitations from the company will be able to pick one up in person.

Xiaomi says that the 4G variant is specifically made for India, and it supports FDD LTE band 3 and TDD LTE band 40. Both the Redmi Note and Redmi Note 4G look the same, and there is no difference whatsoever from the outside. Upfront, both smartphones feature 5.5-inch HD (720x1280-pixel) IPS LCD displays with Corning Gorilla Glass 3 protection. Notably, Xiaomi offers the Redmi Note in some regions without protective glass.