IBM Admits to Selling PC Division to Lenovo to Please the Chinese Government

IBMIn 2005, Lenono acquired IBM’s PC business to instantly become the third largest PC supplier in the world, edging out Dell and others who were also vying for the massive and profitable division.

Now, Samuel J. Palmisano, who has successfully led IBM through the past decade, has revealed that Lenovo was picked as a buyer due to political considerations. Palmisano fought off intense internal opposition against selling the PC division as he was convinced that the real opportunity to innovate and shine was elsewhere. His decision led to IBM losing its title of the world’s largest information technology company, but resulted in generating more value for shareholders.

Palminaso revealed to NYTimes that he deflected overtures from Dell and private equity firms and sold to Lenovo to please the Chinese government. The Chinese government wants its corporations to expand globally, and by helping Lenovo fulfill that national goal IBM was hoping to get into the good books of the government. China, where the government still wields a large amount of influence, is a lucrative market for IBM. The Chinese government is also a stakeholder in Lenovo thanks to investments by the state-owned Chinese Academy of Sciences.

Yahoo Reveals Top Search Queries of 2011

iPhoneYahoo has revealed the most searched queries of 2011, and the list is as pointless as ever. Big news stories such as revolutions in the Middle East and floods in Thailand and US failed to find a place in the top ten, while celebrities continued to dominate public interest. As many as five out of the top ten queries were celebrities. However, somewhat surprisingly, iPhone managed to edge out everyone and land at the top of the table. This is the first time since 2002, when PlayStation 2 had topped the list, that a gadget managed to climb to the top.

The iPhone is followed by Casey Anthony, whose trial was extensively covered by the US media. Casey Anthony was accused of murdering her two year old child Caylee Anthony, and was found not guilty of murder or manslaughter. The entertainment industry occupied positions three through eight with Kim Kardashian, Katy Perry, Jennifer Lopez, Lindsay Lohan, American Idol, and Jennifer Aniston.

The Japan Earthquake and Osama Bin Laden, which were only two major news related queries to make the cut, form the bottom of the list. The Fukushima Earthquake that had a magnitude of magnitude of 6.6 on the Richter scale, caused a Tsunami and threatened to trigger a major Nuclear meltdown, while Osama Bin Laden’s death concluded a ten year old hunt for the world’s most notorious terrorist.

Google, Microsoft, Yahoo and AOL Team Up to Combat Phishing

In spite of spirited efforts from email providers, browser developers, and security firms, phishing continues to be a major nuisance. There are already repositories like Phishtank that rely on crowdsourcing to identify phishing campaigns. However, crowdsourcing is not nearly nimble enough to tackle phishing scams that often require just a few hours to cause the intended damage.

Now, a new Cisco spinoff called Agari is trying to tackle the problem by combining multiple sophisticated approaches including authentication of the sender, message analysis, and end-to-end email channel visibility. Google, Microsoft, Yahoo, and AOL, who are amongst the biggest email providers, have joined hands to provide metadata about emails passing through their networks to Agari, which uses its cloud infrastructure to analyze more than 1.5 billion messages every day. It doesn’t receive the actual messages, but might receive suspicious links contained in the message along with miscellaneous metadata. Agari, which is launching today, has Facebook and some of the largest financial institutions, social networks, and ecommerce companies as its customers. Besides the aforementioned four email giants, file sharing website YouSendIt, social network LinkedIn, and Cisco are also part of its trust fabric network.

Agari

“Facebook can go into the Agari console and see charts and graphs of all the activity going on in their e-mail channel (on their domains and third-party solutions) and see when an attack is going on in a bar chart of spam hitting Yahoo,” for instance, Daniel Raskin, vice president of marketing for Agari, explained to CNET. “They receive a real-time alert and they can construct a policy to push out to carriers (that says) when you see this thing happening don’t deliver it, reject it.”

Agari, which had been operating in stealth mode for the past couple of years, protects 50 percent of U.S. consumer e-mail traffic and more than one billion individual mailboxes. During its stealth phase, it rejected more than one billion messages across its email partners. Agari believes that by having end-to-end visibility over most messages it can rapidly react and stop phishing campaigns in their tracks.

Google Introduces New Navigation Bar

Following the launch of Google Plus, several Google products, including Maps, Docs, Gmail, and Reader, have received a fresh coat of paint. Google has been extensively tweaking the look and feel of different services in order to provide a uniform and consistent experience across the board. Now, Google has announced that it’s ready for the next stage of its redesign.

Google is doing away with the black navigation bar that it had introduced just a few months back. Instead, it’s adding a dropdown menu that will appear on hovering over the Google logo. It’s touting the new navigation system as a significant improvement since it reduces vertical space wastage, and allows one click access to more services. For signed-in users, Google Plus notifications and other options will now be available on the right hand side of the search box.

Google-Bar

“Making navigation and sharing super simple for people is a key part of our efforts to transform the overall Google experience, which is why we’re very excited about this redesign”, wrote Google Technical Lead Eddie Kessler.

The new navigation bar is being rolled out in a phased manner, and should become available to all users by the end of this week.

Google Updates Maps for Android to v6, Launches Indoor Mapping Project

Now that Google has managed to map most of the places across the world in a fair amount of detail, it has set its eyes upon conquering the next frontier – indoor navigation. Yes, I am not kidding. Google wants to map notable indoor locations like airports and retail stores to provide floor by floor navigation to users. With that goal in mind, it has released a new version of Maps for Android that is fine tuned for indoor navigation.

Google Maps is launching indoor navigation with floor plans for a few dozen airports and retail locations in the US and Japan. The list of supported locations in the States include Mall of America, IKEA, The Home Depot, select Macy’s and Bloomingdale’s. “We’re thrilled Google Maps continues to provide you with new and helpful perspectives—whether you’re rushing through the airport or finding your way around a mall”, wrote Brian McClendon, VP of Engineering, Google Earth and Map.

Besides introducing indoor maps, Google Maps 6 also features a couple of other improvements. The Places user interface has been revamped, and it now helpfully lists your frequent searches on the home screen, besides featuring direct Latitude check-in integration. The Maps user interface has also been tweaked slightly to accommodate floor selector for indoor mapping, and convenient switching between common features.

The updated Google Maps is available for download in the Market.

Google-Maps-Indoor-Airport

Microsoft Office 15 Beta Planned for January 2012

Microsoft-Office-15The next generation of Microsoft Office, titled Office 15, is expected to be released towards the end of next year. However, we should be able to get our first taste of Office 15 a lot sooner than that. If WinRumours sources are correct, then the first technical preview will be released in early January at the CES, followed by a public beta towards the end of the same month.

We have been tracking the development of Office 15 for more than a year. However, we still have very little concrete information about Microsoft’s market leading productivity suite. Microsoft is widely expected to adopt the new Metro interface, which has already impressed us in Windows Phone 7 and Windows 8. Office 15 should also play better with touchscreen devices like tablets. Earlier in the year, screenshots of Word, Excel, PowerPoint, and Outlook leaked out, followed by a M2 build. The leaked build included a new tile-based gallery app called Moorea that is showcased below.

The first beta of Windows 8 is also expected to be released at the next CES. Windows 8 will be Microsoft’s first operating system that has been designed from the ground up to work in multiple form factors and even multiple hardware architectures. Office 15 has the potential to become one of Windows 8’s biggest unique selling points as far as tablets are concerned. However, the million dollar question is, can Microsoft successfully make a traditional desktop app like Office usable and intuitive on smaller resolution touchscreen tablets? Come January, we should have the answer.

Massive DNS Poisoning Affects Major Brazilian ISPs

Brazil is currently under a massive DNS cache poisoning attack, reports Kaspersky Labs. When a user tries to visit popular, local and global sites, such as Google, Yahoo and Facebook, a popup like the one shown below is displayed. It asks the user to download a security suite called Google Defender in order to access the site.

clip_image002

As Kaspersky’s Fabio Assolini explains in his blog post,

In reality, though, this file is a Trojan banker detected by Kaspersky’s heuristic engine. Research into this IP highlighted several malicious files and exploits hosted there:

80.XX.XX.198/Google_setup.exe

80.XX.XX.198/google_setup.exe

80.XX.XX.198/Google_Setup.exe

80.XX.XX.198/ad2.html

80.XX.XX.198/flash.jar

80.XX.XX.198/FaceBook_Complemento.exe

80.XX.XX.198/ad.html

134XX69350/AppletX.class

80.XX.XX.198/YouTube_Setup.exe

80.XX.XX.198/FlashPlayer.class

80.XX.XX.198/google2.exe

80.XX.XX.198/crossdomain.xml

80.XX.XX.198/favicon.ico

In fact the file ad.html is an encrypted script, exploiting CVE-2010-4452 and running arbitrary code in an old installation of JRE. The exploit detected by us as Exploit.Java.CVE-2010-4452.a calls up one of the files in this list. According to statistics in KSN (Kaspersky Security Network) all the infected users are from Brazil; we registered more than 800 attempts to access this site which were thwarted by our web antivirus.

The attack has been going on for some time. It is suspected that employees of ISP companies, who had access to DNS records, were paid to change them in order to redirect the users to malicious sites. Fabio also notes that an arrest has already been made in this case by the Brazilian Federal Police. The accused (who is an employee of an ISP company) allegedly changed the DNS records over a 10 month period.

So, if you are from Brazil and have experienced similar pop-ups, we recommend that you do not click it. Follow the usual procedures such as updating your OS, security software as well as all other install programs and run a complete system scan. Kaspersky also suggests changing your DNS provider to someone other than your ISP, such as  Open DNS or Google DNS.

Hard Drive Prices Soar as Supply is Affected Due to Thailand Floods

Thailand, the beautiful South Asian country known for its tourist attractions, has been devastated by a series of floods that have lasted more than three months. More than four hundred lives have been lost, and 2.3 million people have been affected. The financial impact is estimated to be in excess of 5.1 billion USD. Last month, some of Thailand’s biggest industrial estates including Nava Nakorn, Bang-Pa-in, Hi-Tech, Factory Land, Rojana, and Saha Rattana Nakorn were flooded. Among the companies impacted were Western Digital, Toshiba, and Seagate. So far, Seagate’s factories haven’t been directly affected; however, the Dublin based storage giant is suffering from component shortages.

Thailand-Floods

Thailand is the world’s largest manufacturer of hard drives, and accounts for a quarter of the total worldwide production. After years of plummeting prices, the shortage of supply is already sending hard drive prices skywards. The prices of several of the hard drive models have already increased by more than 200%, and the situation will only get worse as we approach the holiday season.

Newegg-Seagate-Price-Rise
Newegg-Western-Digital-Price-Rise

The road to recovery is likely to be a slow and painful one. Digitimes expects hard drive shortages to reach 19 million units in Q4. Western Digital has temporarily suspended operations in Thailand, and will not be supplying hard drives to Taiwan channels in November. Samsung, another major vendor to be impacted, will also do the same, and instead ship shipments for manufacturing its own devices. The prices might start dropping within one or two quarters, but industry experts estimate that it will take nearly a year for normalcy to return.

Have you been pwned? PwnedList will help you find out

Do you, at times, wonder whether your accounts have been compromised? If the answer is yes, you can now verify your doubt by using a service appropriately called PwnedList (Pwn is a jargon used by hackers to imply that an account has been compromised).

It was developed by two security researchers – Alen Puzic and Jasiel Spelman, of DVLabs. They explain the birth of PwnedList as:

The site started out as small research project with a rather simple premise. To discover how many compromised accounts can be harvested programatically in just a couple of hours. Well, needless to say, the results were astonishing. In just under 2 hours we had close to 30,000 accounts, complete with logins and passwords. The truly scary part, however, was the quality of data we were able to collect in such a short amount of time. The accounts we were able to retrieve consisted of email services, social media sites, merchants and even financial institutions. It was clear that something had to be done.

At that moment PwnedList was born. We wanted to create a simple one-click service to help the public verify if their accounts have been compromised as a part of a corporate data breach, a malicious piece of software sneaking around on their computers, or any other form of security compromise.

All you have to do is head to PwnedList.com and enter your email id or username in the text box and click Check. The data is then compared with SHA-512 hashes of harvested account dumps stored as key value pairs. The site says that the entered data is used only once for the search and is not stored. Still, if you don’t want to enter your username/email, you can use the SHA-512 hash of your email (or username) instead.

pwnedlist_homepage

So, what if your email or username is identified in their database? Immediately change their passwords as well as passwords of your other accounts just to be on the safe side. See my article, The Layman’s Guide to Computer Security  for tips on creating a strong password.

A Look at Facebook’s Security Infrastructure

25 billion actions a day or 65,000 actions a second! That is the volume of actions generated by Facebook’s 800 million users. And Facebook this week, released some information about its massive Security infrastructure called the Facebook Immune System or FIS that scans all of these actions for any kind of suspicious activities.

As New Scientist explains,

It protects against scams by harnessing artificially intelligent software to detect suspicious patterns of behaviour. The system is overseen by a team of 30 people, but it can learn in real time and is able to take action without checking with a human supervisor.

The system was developed over a three year period and the numbers released by Facebook shows that it has been pretty effective. The number of users affected by spam has been reduced to less than 1%. Even though that 1% accounts for about 8 million users, with a little bit of caution from the end user while using Facebook, that number can be reduced even further.

Microsoft Research has put forward a PDF detailing the principles of FIS. According to it, the main components of FIS are

• Classifier services: Classifier services are networked interfaces to an abstract classifier interface. That abstraction is implemented by a number of different machine-learning algorithms, using standard object-oriented methods. Implemented algorithms include random forests, SVMs, logistic regression, and a version of boosting, among other algorithms. Classifier services are always online and are designed never to be restarted.

• Feature Extraction Language (FXL): FXL is the dynamically executed language for expressing features and rules. It is a Turing-complete, statically-typed functional language. Feature expressions are checked then loaded into classifier services and feature tailers1 online, without service restart.

• Dynamic model loading: Models are built on features and those features are either basic or derived via an FXL expression. Like features, models are loaded online into classifier services, without service or tailer restart. As well, many of classifier implementations support online training.

• Policy Engine: Policies organize classification and features to express business logic, policy, and also holdouts for evaluating classifier performance. Policies are Boolean-valued FXL expressions that trigger responses. Policies execute on top of machine-learned classification and feature data providers. Responses are system actions. There are numerous responses.

Some examples are blocking an action, requiring an authentication challenge, and disabling an account.

• Feature Loops (Floops): Classification generates all kinds of information and associations during feature extraction. The floops take this data, aggregate it, and make it available to the classifiers as features. The floops also incorporate user feedback, data from crawlers2, and query data from the data warehouse.

clip_image002

Although FIS has come a long way in tackling spam, it should be noted that FIS is still vulnerable to tactics that are new to it, such as,  socialbots. A socialbot works by sending friend requests to random people. The profile data of people who accept this friend request is used for identity theft, phishing attacks etc.

So, it is always up to the end user to remain cautious of these types of attacks in order to protect their personal information.

You can find some of the common tips to protect your Facebook account here.