Archive for August, 2013:

Microsoft sets $100 Surface Pro discounts in stone

Tacit admission that original prices were too high

Microsoft yesterday made permanent the $100 price cut to its Surface Pro tablet that it ran as a temporary sale through most of August.

Surface Pro devices rely on Windows 8 Pro and Intel processors, rather than the stripped-down Windows RT and lower-powered ARM processors of the Surface RT. Surface Pro tablets can run traditional Windows software, often called “legacy” software, like the full-featured Office 2013 productivity suite.

[APOLOGIES: 10 Sorriest Tech Companies of 2013]

Sale prices were first unveiled Aug. 4 and were to run only through Aug. 30, or until supplies lasted. The discounts were available only in the U.S., Canada, China and a few other markets.

According to Microsoft, the Surface Pro permanent prices will be the sales prices: $799 for the model with 64GB of storage space, $899 for the one with 128GB.

Touch Cover prices will start at $79.99, $40 off the former price, and Surface RT-Touch Cover bundles, which were also discounted, will start at $399, $50 lower than originally. The more keyboard-like Type Cover, however, will remain $129.99.

The cheaper prices will be extended to all markets where Microsoft sells the Surface.

“The customer response to recent Surface pricing and keyboard-cover promotions has been exciting to see, and we are proud to begin rollout of Surface Pro, Touch Cover and Surface RT bundles at even more affordable prices starting August 29,” a Microsoft spokeswoman said in an email.

Late Thursday, however, the Microsoft Store did not show all the new prices.

The Surface Pro discounts followed even more aggressive Surface RT price cuts in July. Then, Microsoft slashed the price of the Surface RT by up to 30%, reducing all models by $150.

Although Microsoft is expected to unveil new Surface tablets this fall, it’s had a hard time unloading the first-generation inventory. For the quarter that ended June 30, Microsoft took a $900 million charge against earnings to account for excess stock of the Surface RT, and unspecified components and accessories.

According to one analyst, that write-off was probably the precipitating event that pushed Microsoft’s board of directors to shove CEO Steve Ballmer out the door.

Microsoft has also heavily discounted the Surface RT in offers to schools, and given away thousands of the tablets at various conferences this year.

The Redmond, Wash., company could revert to the earlier, higher prices with new models later this year, but that seems unlikely considering the difficulty it’s had selling its tablets. For the period October 2012 through June 2013, Microsoft recorded just $853 million in revenue from its first foray into computing devices.

A 32GB Surface RT with a Touch Cover now costs $399, or 33% less than the price when the tablet debuted last October. The entry-level Surface Pro with a Touch Cover now runs $878, or 14% less than in February, when the more capable tablet-notebook hybrid launched.

Microsoft’s August sale price for the Surface Pro has become the permanent price.

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at



Continue Reading

Bookmaker handicaps Microsoft CEO race

Nokia CEO Stephen Elop is the current favorite at 5 to 1; Apple CEO Tim Cook is at 100 to 1

Adding insult to injury after Wall Street boosted Microsoft’s stock price when CEO Steve Ballmer announced he would retire, now a U.K. bookmaker is taking bets on Ballmer’s replacement.

Ladbrokes, a 127-year-old bookmaking conglomerate that runs nearly 3,000 betting shops in the U.K., Ireland, Belgium and Spain, has opened wagers on Microsoft’s next CEO with a list of 26 candidates that include current and former Microsoft executives as well as people from rivals such as Apple and Facebook.

“There is always interest in high-profile CEO vacancies and we feel that offering the odds gives our view of the likelihood of the chances various contenders have,” said Alex Donohue of Ladbrokes in an email.

Current Nokia chief executive Stephen Elop was the favorite, at odds of 5 to 1. Betting $100 with Ladbrokes on Elop to get the CEO chair would return a profit of $500 if he was, in fact, named to the top spot.

Elop, 49, worked for Microsoft two years, running the group responsible for Office after another former executive, Steven Sinofsky, left that position to head up Windows development. Elop has been the CEO at Nokia since September 2010.

Kevin Turner followed Elop at odds of 6 to 1, while Sinofsky and Julie Larson-Green were listed at 8 to 1.

Turner, currently Microsoft’s COO, was previously the CEO of Sam’s Club, the warehouse outlet owned and operated by Wal-Mart. Sinofsky was ousted from Microsoft last November, reportedly after clashing with Ballmer, but according to some analysts also because of his strategy and execution on Windows 8 and Windows RT. Larson-Green, a Sinofsky protégé, has worked for Microsoft for two decades and now runs the Devices and Studios Engineering Group, which handles hardware device design, including the Surface tablet line and Xbox game console. Previously, she was in charge of Windows engineering.

Ladbrokes’ list leans toward former and current Microsoft employees; 58% of the wager-ready candidates have ties to Microsoft.

Along with Elop and Sinofsky, the eight former executives on the bookmarker’s list included co-founder, former CEO and current chairman Bill Gates at 50 to 1; Jeff Raikes, who runs Gates’ foundation (25/1); and Paul Maritz, who stepped down as VMware’s CEO last September (14/1).

All seven current Microsoft employees on the list have been touted on one roundup or another of possible Ballmer replacements, including Qi Lu (10/1), head of the new Applications and Services Group; Terry Myerson (12/1), leader of the Operating Systems team; and Satya Nadella (14/1), the chief of Cloud and Enterprise.

The 11 outsiders included Reed Hastings, CEO of NetFlix and a former Microsoft board member (16 to 1 odds); eBay CEO John Donahoe (20/1); Marissa Mayer, the new CEO at Yahoo (33/1); and Sheryl Sandberg, COO of Facebook (40/1).

But the oddest candidates on Ladbrokes’ odds list were Jonathan Ive, who overseas all software and hardware design at Apple, and current Apple CEO Tim Cook. Ladbrokes gave Ive odds of 40 to 1, and Cook even longer odds of 100 to 1.

In the off chance that Cook moved north to Redmond, Wash., someone who put down $100 would see a profit of $10,000.

“We often take bets on things like this, under the umbrella of ‘novelty betting,'” said Donohue of Ladbrokes. “It’s not something we will take vast sums of money on at all, with the average stake less than £10 [$15.54 at today’s exchange rate].”

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at



Continue Reading

Perceived missteps may have hit a tipping point for Ballmer

He has been in hot water over a variety of issues, including Microsoft’s position in the tablet market

An accumulation of perceived missteps under Steve Ballmer’s leadership may have hit a tipping point this year, leading to Friday’s groundshaking announcement that Bill Gates’ former right hand and heir, as well as Microsoft’s fiercest cheerleader, will step down as CEO within the next 12 months.

In recent years, Ballmer has been the target of critics over a variety of issues, including their dissatisfaction with the company’s stock performance, Google’s dominance in search advertising, the perception that Microsoft reacted late to cloud computing and its weak position in the tablet and smartphone OS markets.

[QUIZ: Steve Ballmer said what?!]

Most recently, Ballmer has been in hot water over Windows 8, a major upgrade of its flagship OS that many perceive as a flawed release. Billed as a product of historic importance, Windows 8 represents Microsoft’s attempt to improve Windows’ anemic participation in tablets and smartphones, where Android and Apple’s iOS dominate.

However, Windows 8, which began shipping in October, has been heavily criticized due to its radically redesigned user interface, which is based on tile icons and optimized for tablets and other touchscreen devices.

Windows 8 also has a more traditional Windows desktop interface for running legacy applications, but many consumer and enterprise users have complained that toggling between the two interfaces is clunky and inconvenient. There has also been an outcry about the removal of the Start menu and button.

Microsoft plans to release an update for the OS, called Windows 8.1, in October. It addresses these complaints and several others, but there is a concern that the fixes may be too little, too late to salvage the OS’s reputation and that it might end up being a fiasco like Windows Vista.

Some critics maintain that attempting to build a single OS for desktops, laptops and tablets was a strategic mistake because Microsoft has ended up instead with a product that isn’t good enough for any of those devices. Apple’s strategy, by contrast, has been to have Mac OS for its desktops and laptops, and iOS for the iPad, iPhone and iPod.

Another focus of criticism for Ballmer has been what many consider a bad strategy related to the company’s Office cash-cow franchise of refraining from releasing a full-fledged version of the suite for iOS and Android. Seen as a move to protect Windows, critics of this strategy say Microsoft is leaving billions of dollars on the table by not giving users of iPads and Android tablets a full version of Office.

Ballmer has also shouldered the blame for the controversial and so far not very successful decision to have Microsoft manufacture and brand its own tablet, the Surface, an attempt to mimic the model popularized by Apple with its combination of iOS and the iPhone, iPod and iPad devices.

The move has upset the company’s hardware partners, because they view it as unexpected competition from Microsoft. Beyond that, the first Surface models haven’t sold well.

In its fourth quarter, which closed in late June, Microsoft missed Wall Street’s revenue and profit expectations while taking an almost $1 billion charge related to the dismal sales of the Surface RT, the model that runs Windows RT, the Windows 8 version for ARM chip devices.

The other Surface model, the Pro, which runs x86 chips, has been criticized for being too expensive and for being a battery hog.

In mid-July, Ballmer shook up the company’s executive ranks with a broad reorganization billed as necessary to reinvent Microsoft as a devices and services company, and evolve from being a provider of packaged software.

The goal is to make Microsoft function more cohesively and be more efficient and innovative so it can better compete against rivals like Apple, Oracle, IBM and Google.

The reorganization, which is being implemented now, dissolved the company’s five business units — the Business Division, which housed Office; Server & Tools, which included SQL Server and System Center; the Windows Division; Online Services, which included Bing; and Entertainment and Devices, whose main product was the Xbox console.

Those business units are being replaced by four engineering groups organized by function, around OSes, applications, cloud computing and devices, and by centralized groups for marketing, business development, strategy and research, finance, human resources, legal and operations.

However, the plan has also met with skepticism among those who believe that it will lead to less accountability, less clarity and ultimately less agility.

Others maintain that the “One Microsoft” mantra at the center of the reorganization is misguided because the opposite approach is needed, namely to reorganize it into more independent operating companies because it now houses businesses and products that are too different — like the SQL Server enterprise database and the Xbox console.

Ballmer’s departure will be a historic turning point for Microsoft. Ballmer, who is 57 and joined Microsoft in 1980, has been CEO since 2000. In a statement, he said the decision to step down wasn’t easy, but that he believes it is the right one.

In particular, he’s convinced Microsoft should have a CEO who is on board for the entire “transformation” process set off by the reorganization announced last month.

“Our new senior leadership team is amazing. The strategy we have generated is first class. Our new organization, which is centered on functions and engineering areas, is right for the opportunities and challenges ahead,” Ballmer wrote.

Wall Street’s response has been enthusiastic, with the share price up almost 7 percent in late morning trading.

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at




Continue Reading

Motorola uses NFC to enable touch-to-unlock for smartphones

The next best thing to a password pill, the Motorola Skip can both bolster a smartphone’s security and make it more convenient to use.

Earlier this year, Motorola’s head of advanced technologies Regina Dugan discussed an alternative to the increasingly vulnerable password method for authentication – a “password pill” that would store credentials within the user’s body.

The password pill would transmit an EKG-like signal to authenticate the user with any appropriately equipped device touched by the user. Dugan talked about the password pill much like a one-a-day vitamin.

Most smartphone users don’t authenticate their devices, and those who do limit it to a four-number PIN, because anything longer than that makes it more difficult to check notifications as frequently.

It makes sense, then, for Motorola to introduce a non-invasive version. The Skip, a magnetized clip that can be worn on clothes without the intrusiveness of a password pill, looks like a derivative of the password pill research, providing strong authentication with simplicity of operation. It’s based on NFC technology, the same technology used to secure contactless payments and building access.
image alt text
The clip-on NFC Motorola Skip at left, and the adhesive sticker versions at right.

The Skip does not at first stand out as something that “you didn’t know you needed until you had it,” but a security-cognizant smartphone user who frequently checks his or her smartphone might jump at it.

Few smartphones employ passwords of sufficient length to really secure the device. Why? The National Institute of Standards and Technology(NIST) recommends a 12-character random password. Those who check smartphones 50 times a day would find a 12-character password annoying.

The Skip is installed from the Google Play store. Once installed, Skip authentication is enabled by touching the smartphone to it. Thereafter, the user only has to touch the smartphone to the Skip to unlock it.

The Skip also comes with three stickers, with embedded NFC tags encoded with the same level of authentication as the body-worn device. Presumably, the user might affix the tags to a desk or an car’s smartphone dock to simplify unlocking.

Losing one’s Skip is not a disaster, because the user can revert to a previously set pattern, PIN or password. Given the ease of the Skip’s NFC-based touch authentication, and the low risk involved with losing it, a user can afford a long, complex and secure password in the event the Skip is lost. Smartphone users can sleep better knowing they won’t be the victim of identity theft if their smartphone is lost or stolen.

The Skip is a good solution for people who have sensitive data on smartphones who want strong authentication, but also care about convenience.

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at

Continue Reading

In their own words: Unix pioneers remember the good times

We caught up with the pioneers who brought us the Unix operating system and asked them to share some memories of the early days of Unix development.

Unix co-developer Ken Thompson worked at Bell Labs from 1966 until he retired in December 2000. He recalls this prank:

“The Unix room was on the sixth floor at one end of Bell Labs. The cafeteria was on the ground floor about a quarter of a mile away. There were dozens of ways to walk to lunch. You could pick one of four or five staircases and any segment of the six floors. One day, we were walking through the fourth floor, which was being renovated. It looked like a bombed out city. The walls and ceilings were open with pipes and wires hanging everywhere. I noticed that there were, what looked like, speakers throughout the ceiling. I had always wanted to tap into the Bell Labs PA system and thought this was a perfect chance.”

[ALSO: The last days of Unix]

[Celebrating Unix’s heroes]

“At night, I examined the speakers more closely and discovered that they were not really speakers, but white noise transducers. I chased the wires back to a panel that contained the generator and amplifier. Without anything specific on my mind, I borrowed the keys to the panel, duplicated them and put them back. Months later, after the construction was all done, I discovered the keys in my desk and decided to investigate. The generator was active and the amplifier volume was set to 1. In the office area, I could hear the noise, but only because I knew it was there.”

“OK, I started turning the volume up by one notch every week. I would walk through the office area at least once a week on the way to the cafeteria. By the time that the volume was up to 8, still no one had noticed it but, to me, it sounded like Niagara. Everyone in the offices was screaming at each other. At that point, I couldn’t help but laugh. On questioning, I told my lunch buddies what was going on. The word spread like a virus and, the very next day, the panel was open and the amplifier was removed. I still have a mental image of two people sitting across a table from each other yelling at each other in a normal conversation.”

Doug McIlroy remembers Unix co-developer Dennis Ritchie, who died in 2011.
Dennis Ritchie
Dennis Ritchie

“Ken Thompson was undoubtedly the original moving spirit for Unix, but Dennis Ritchie was in on it from the start. And it is Dennis we have to thank for the C language. C made Unix easy to modify and, eventually, easy to install on new hardware. With hindsight, one might view C as a distillation of previous practice. Not so. Dennis discussed at length the puzzle of how to fully exploit byte-addressed machines. He finally came up with a beautiful way to reconcile address arithmetic with indexing — one of those inventions that is so right that once you see it, you think you always knew it. The rightness of C is further attested by the fact that while Unix spread to all kinds of computers, C and its descendents spread even further. C became the language of choice for implementing all kinds of system software, both in and outside of Unix shops. C even influenced hardware architecture: proposed instruction sets came to be evaluated partly on the basis of how well they could be exploited by a C compiler.

“Ritchie and Thompson made an amazing team; and they played Unix and C like a fine instrument. They sometimes divided up work almost on a subroutine-by-subroutine basis with such rapport that it almost seemed like the work of a single person. In fact, as Dennis has recounted, they once got their signals crossed and both wrote the same subroutine. The two versions did not merely compute the same result; they did it with identical source code. Their output was prodigious. Once I counted how much production code they had written in the preceding year — 100,000 lines. Prodigious didn’t mean slapdash. Ken and Dennis have unerring design sense. They write code that works, code that can be read, code that can evolve.”

Peter Neumann remembers Joe Ossanna, who died in 1977.

“Joe and Stan Dunten at MIT were the two people with the deepest experience on input-output system issues. They became the ‘go-to’ folks at Bell Labs and MIT for the Multics I/O subsystem, in addition to what it had to do in order to fit in with the rest of Multics.

“Joe had an amazing grasp of everything in that area. He was invaluable to the Multics effort. He was also a warm and thoughtful person. I miss him very much.”

Douglas McIlroy shares vivid memories from the Unix lab

“Personal high for me was the introduction of pipes — a story that’s often been told. I had been smitten with stream processing back in 1964 when Conway published the idea of co-routines. I had lobbied for direct process-to-process IO for some time, but only when I came up with the catchy name, ‘pipe’ and suggested a workable shell syntax did Ken Thompson vow to do it. It happened overnight and, the next day, we had a wonderful orgy of ‘look at this one.’ Within a week, even our secretaries were using pipes as if the feature had always been there.

“The birth of C, which I think can fairly be called the baseline workhorse language even today — it is the implementation language for myriad other languages and systems.

“I don’t know the counts of Unix and Linux servers. I do know that my heart sinks whenever I look under the hood in Linux. It is has been so overfed by loving hands. Over 240 system calls! Gigabytes of source! AC compiler with a 250-page user manual (not counting the language definition)! A simple page turner, ‘less,’ has over 40 options and 60 commands! It’s proof that open-source can breed monsters just like the commercial pros. Miraculously, though, this monster works.”

Peter Neumann explains the etymology of Unix.

“Don’t fall for the story in Peter Salus’s book that I coined the name Unics. I don’t think I ever claimed that, although I certainly contributed to the pun on the original version of Ken’s system being a castrated one-user Multics (Eunuchs). Brian Kernighan may well have been the initiator of ‘unics.’ The Bell Labs PR folks eventually wanted it changed to Unix, probably to avoid the pun.”

“I remember Ken coming in for lunch one day (he tended to program into the wee hours) with a thousand-line operating system kernel that he had written to run on a PDP-7, which Max Matthews had that no one was using. I suggested that it was only a one-user system, so the next morning, Ken came in with another thousand lines and it had become a multiuser system. The rest is history…”


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at



Continue Reading

Pricing a low-cost iPhone: How ‘cheap’ is cheap?

How, and why, Apple may price an “iPhone 5C”

Though still unsubstantiated, a low-cost iPhone is now widely seen as a possible product announcement in early September, along with a new high-end phone. And it’s finally possible to create a coherent explanation of why such a move makes sense for Apple in 2013.

Analyses by a range of Apple watchers and others now paint a picture of a lower-cost iPhone, often dubbed “iPhone C,” selling for under $400, and as low as $300. It would have full support for the soon-to-be-released iOS 7, but lower-end hardware and features compared to the current top of the line iPhone 5.

[Background: 5 years ago they said iPhone would flop. Now?]

Such an average selling price would put the low-cost iPhone close to the range of Android phones globally, but not at the very bottom of their price range. The price paid by consumers could be even lower through promotions, special offers, and by offering it with a two-year mobile contract.

The new phone hardware features would be contrasted with the expected high-end “iPhone 5S,” the 2013 iPhone model, which presumably will have the same starting retail price as the iPhone 5: $649 for the 16-Gbyte model. The 5S could have a more powerful processor, improved camera, and possibly a fingerprint scanner integrated with the phone’s home button, all setting it apart from the low-cost phone, and from the existing iPhone 5. By contrast, iPhone 5C can realize cost savings by using a plastic instead of metal body, possibly using the iPhone 5’s existing A6 processor (or a tweaked version of it), less memory, and having only a front-facing camera. Yet it would give the “full iPhone experience” by virtue of supporting all of iOS and its attendant cloud services.

Between these two, Apple can then discount the iPhone 5, offering just the 16-Gbyte model at $549 full retail, or lower via promotions and two-year contracts.

As Apple watcher John Gruber argues, Apple’s model for the low-cost iPhone could be the iPod Touch, which starts at $229 for the 16-Gbyte model, introduced earlier this year without the rear-facing 5 megapixel camera still found on the 32- and 64-Gbyte Touch models (but it retains a 1.2 megapixel at the front for FaceTime video chatting, and for video and still photos.

“Take an iPod Touch and add cellular networking components. Boom, there’s your lower-priced iPhone,” he writes.

Apple charges $130 to add a cellular radio to the Wi-Fi-only iPad. At that price, a cellular-equipped 32-Gbyte iPod Touch would be $429, or $359 for the 16-Gbyte Touch. But Gruber believes the $130 is a premium and the actual cost of the radio is much less.

“All told, I think Apple could build and sell an iPod Touch-caliber iPhone 5C for $399, possibly as low as $349,” Gruber concludes.

That’s a lower price point than suggested in this analysis – “How will iPhones 5S and 5C be priced?” — by Asymco’s Horace Dediu, an independent analyst who covers the mobile market.

He drew on Apple’s data on average selling price for both iPhone and iPad models, made a number of assumptions about the mix of models, and compared how the ASP tracked over time for both product lines. Here’s the diagram.

As he notes, the iPad 3 was replaced with a “’bracketed’ portfolio of the higher-priced iPad 4 and the lower-priced iPad mini. Note also that the mini reflects similar pricing to the legacy iPad 2.”

Based on this iPad bracketing, Dediu assumes that Apple will do the same with the upcoming 5S and 5C. “This means that the 5C will take up the [average selling price] trajectory of the 4S while the 5S will take up the upper bracket around $650,” he concludes.

The end result: 5S starts in the $650 range at the high end, the discounted 5 at about $550, and the low-end 5C at something under $500, perhaps close to $450.

The final price for the low-end iPhone will hinge in part on the savings Apple can achieve in hardware, and in part on how much lower a profit margin it will accept for the cheaper handset.

Apple may be willing to quite aggressive with regard to margin and price for the 5C, according to an analysis by Benedict Evans, who writes about mobile technology for, among other outlets, Enders Analysis, a subscription research service. In his own blog, Evans posted an excerpt, “Defending iOS with cheap iPhones,” from his more extensive Enders analysis.

Evans argues that the key change in the competitive dynamic between Android and iOS is not mainly the larger number of Android devices sold compared to iOS devices – raw market share. What’s really important is that Android users are finally starting to do more with their Android smartphones.

“Android has had a larger installed base than iOS since mid-2011, but [user] engagement remained far behind,” Evans writes. “Until well into 2012 publishers and developers tended to see app download rates on Android of a half to a quarter of what they experienced on iOS, in absolute terms, while payment and purchase rates were a quarter or lower of iOS rates.”

That has now changed, he says, with engagement measures rising for Android. “Hence, by the first half of 2013 Android cumulative downloads caught up with iOS (both at around 50bn), and both now see a run-rate of something around five apps downloaded per active device per month.”

“If total Android engagement moves decisively above iOS, the fact that iOS will remain big will be beside the point,” Evans writes. “This is a major strategic threat for Apple. A key selling point for the iPhone (though not the only one) is that the best apps are on iPhone and are on iPhone first. If that does change then the virtuous circle of ‘best apps therefore best users therefore best apps’ will start to unwind and the wide array of Android devices at every price point will be much more likely to erode the iPhone base.”

A successful low-priced iPhone can block that erosion. “A new, cheaper, high-volume iPhone would have the potential to mitigate or even reverse this trend,” according to Evans. “Clearly, like current low-end Android, [iPhone 5C] would sell to a demographic with a lower average engagement and purchase rate and so the average iOS rates would drop. However, it would mean that iOS’s reach would expand significantly at the expense of Android. How would a $200 or $300 iPhone sell? Easily double digit millions, possible up to 50m units a quarter.”

Clearly that projection would change if the iPhone 5C was priced higher. If Evans is right, the iPhone 5C is intended to counter this “strategic threat,” and not simply add incremental revenue and profits.

“This means that the financial value of a cheaper iPhone cannot be considered in isolation,” he concludes. “A large part of its purpose is to defend sales of the high-end model.”

Many had expected that the iPad mini would be priced under $300. Instead, Apple slapped on a $329 price tag. It’s possible the low-ball estimates for the low-cost iPhone will also prove too low. Evans himself says Android phones average $250-300 globally versus $600 for the iPhone. A low-cost iPhone for around $350 may achieve Apple’s goals.



MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at



Continue Reading

Smartphones could evolve into password killers

The ubiquitous smartphone, which many people now depend on for business and in their personal lives, is emerging as a promising replacement for passwords used in authentication.

Most experts agree that a password killer is necessary to bolster Web site security. People’s fondness for easy-to-guess passwords that are often used across sites has severely weakened their effectiveness. In addition, sophisticated decryption technology has made even encrypted passwords easily acquirable by hackers.

Because a smartphone is the one device few people are without, it’s seen as the perfect place to store credentials. Add the many sensors in a phone that can be used to identify a user, and the case for using the device for authentication becomes stronger.

“I think it’s brilliant,” Trent Henry, analyst for Gartner, said of smartphone-based authentication. “We’re finding that this will be the type of authentication mode in the future.”

A number of vendors with the same view as Henry are trying their best to drive the industry in that direction. Authy, Clef and Duo Security are examples of such vendors.

Even large security companies are getting into the market. Last month, EMC-owned RSA acquired PassBan, which provides technology for using a smartphone for voice and facial recognition for multifactor authentication.

Today, most vendors use the mobile phone for two-factor authentication. If a Web site supports a vendor’s service, then when a person logs in, a unique personal identification number (PIN) is sent to the phone. Inputting the PIN completes the sign-in process.

Unfortunately, most consumers are unwilling to take those extra steps, so the search for an easier and more seamless method continues.

Authy moved in that direction last week with the introduction of an app that connects an iPhone or Android phone to an Apple computer via Bluetooth. From then on, when a person visits Facebook, Dropbox, Google Gmail or another supporting Web site, the credential stored in the phone is used to log into the site automatically.

Authy founder and CEO Daniel Palacio sees the app as only a beginning. In time, the same means of authentication could be used with Google Glass, a digital watch or some other type of wearable computer.

Authy’s work and that of its competitors reflect the industry’s search for the perfect solution, which is still a ways off.

“The frothy experimentation in the market means we haven’t found the right sweet-spot solution yet, and we may never find a single one that suffices for all scenarios,” said Eve Maler, analyst for Forrester Research. “Passwords are unlikely to be entirely supplanted unless that single solution appears some day.”

For mobile phones to replace passwords, the devices will have to know when the actual owner is logging into a site and not a crook that either stole a phone or found it. Biometrics is one possible answer, as long reliable and highly secure fingerprint scanners and voice and facial recognition technology can be developed. Another possibility is phone sensors that can identify the user by the way he or she walks. Such technology, called gait recognition, is currently in the research stage at Georgia Institute of Technology and the Massachusetts Institute of Technology.

Once biometrics becomes rock solid in identifying a device’s user, “we’ll start to have a very, very, very secure authentication system that’s very hassle free,” Palacio said. “People just buy it and it works.”

While such a system may be much better than the passwords now in use, it does not mean hackers will be out of business.

“The attackers continue to go after these new techniques, so we have to be very careful about the security properties,” Henry said. “In other words, you still have to evaluate what kind of attacks could occur.”

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at

Continue Reading

Trend Micro: Hacker threats to water supplies are real

A security researcher has shown that hackers, including an infamous group from China, are trying to break into the control systems tied to water supplies in the U.S. and other countries.

Last December, a decoy water control system disguised as belonging to a U.S. municipality, attracted the attention of a hacking group tied to the Chinese military, according to Trend Micro researcher Kyle Wilhoit. A dozen similar traps set up in eight countries lured a total of 74 attacks between March and June of this year.

Wilhoit’s work, presented last week at the Black Hat conference in Las Vegas, is important because it helps build awareness that the threat of a cyberattack against critical infrastructure is real, security experts said Tuesday.

“What Kyle is saying is really neat and important,” said Joe Weiss, a security expert and consultant in industrial control systems (ICS). “What he’s saying is that when people see what they think is a real control system, they’re going to try and go after it. That’s a scary thought.”

Indeed, people behind four of the attacks tinkered with the special communication protocol used to control industrial hardware. While their motivation is unknown, the attackers had taken a path that could be used to destroy pumps and filtration systems or whole facilities.

To sabotage specific systems, attackers would need design documents. Wilhoit’s research showed that there are hackers willing to destroy without knowing the exact consequences, according to Andrew Ginter, vice president of industrial security at Waterfall Security. “If you just start throwing random numbers into (control systems), the world is going to change,” said Ginter, who studied Wilhoit’s research. “Things are going to happen. You don’t know what. It’s a random type of sabotage.”

The Chinese hacking group, known as APT1, is the same team that security vendor Mandiant had tied to China’s People’s Liberation Army. The group, also called the Comment Crew, is focused on stealing design information, not sabotage, experts said.

Because sabotage would open itself up to retaliation and possibly war, China is unlikely to mount that type of attack. Those kinds of restraints do not exist for terrorists, however.

While Wilhoit did not identify any terrorist groups, his research did show that the attackers are interested in small utilities. He created eight honeypots, each masked by Web-based login and configuration screens created to look as if they belonged to a local water plant. The decoys were set up in Australia, Brazil, China, Ireland, Japan, Russia, Singapore and the U.S.

Attackers will often start with smaller targets to test software tools and prepare for assaults on larger facilities, Weiss said. “The perception is that they’ll have less monitoring, less experience and less of everything else (in security) than the big guys,” he said.

While Wilhoit’s honeypots showed that a threat exists, they did not reflect a real-world target. Control systems are typically not as easy to access through the Internet, particularly in larger utilities.

Buried within a company’s infrastructure, a control system would not be accessed without first penetrating a company’s defensive perimeter and then finding the IP address of the hosting computer, said Eric Cosman, vice president of standards and practices for the International Society of Automation.

None of the attackers in Wilhoit’s research showed a high level of sophistication, which wasn’t surprising. That’s because hackers typically use only the technology needed to succeed, nothing more.

“(Advanced attackers) are known to have many cards in their pockets, and they pull out the cheapest card first,” Ginter said. “If they can win the game with a two of hearts, then that’s the card they’ll play.”

Wilhoit’s research is seen as one more step toward building public awareness of the threats to critical infrastructure. In addition, such reports are expected to have an impact on regulators.

“You’re going to have public utilities commissions reading this report and asking the utilities questions,” Ginter said. “In a sense, this is a good thing. The awareness level needs to go up.”

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at


Continue Reading

Windows Phone 8 could out-earn Android, if Microsoft would let it

Windows Phone 8 could out-earn Android, if Microsoft would let it
Some unofficial analysis of Android revenue and that of Windows Phone 8 shows Microsoft’s true potential in the smartphone market.

Take a step through the looking glass, folks, and see a world where Windows Phone is more lucrative than Google’s Android.

Actually, you don’t have to. That world is real and you live in it. Here’s how it works.

Let’s start with the basics. Google offers the Android operating system to manufacturers for free so long as they use Google’s homegrown tools and applications with it. Google figures it will make that money back through search. The phrase is frequently called “giving away the razor and making money on the blades.” Game consoles operate like this, too.

The Android operating system enjoys global dominance approaching 75% of the market, with iOS a distant second and WP8 getting the scraps. BlackBerry, despite a nice showing with BB10 and the new phones, is imploding. IDC puts 2012 smartphone sales around the 720 million mark, which means 540 million phones shipped in 2012 that didn’t pay a penny in royalties. Google might want to rethink its strategy there.

Google doesn’t break out the profit and loss of products in its annual reports. Motley Fool reported that the best picture we have comes from the ongoing lawsuit between Google and Oracle, in which Oracle estimated that Google generates $10 million per day on Android, which would total $3.6 billion per year. Of course, that’s Oracle’s estimate, and they want beaucoup damages.

During trial, the judge revealed that Android generated roughly $97.7 million in revenue during the first quarter of 2010, well below Oracle’s estimate. Granted, $400 million a year is nothing to sneeze at, but for a company the size of Google, it is chump change.

And then there’s Windows Phone 8. There’s actually a lot of back-and-forth between the two companies. Microsoft paid Nokia $1 billion in flat-fees, while Nokia pays Microsoft a per-set fee for every phone. Now, the Fool estimates Nokia pays Microsoft about $35 per device, while other analysts have guestimated the licensing fee for Windows Phone 8 to be around $30 to $35 per device. Microsoft has never officially confirmed it.

Microsoft also makes money when customers use the applications built into Windows Phone, like Bing, and there are Bing ads used in ad-driven applications.

With 7.4 million Lumias sold in the most recent quarter, that’s an estimated $259 million for Microsoft. I can’t rightfully compare it to the $97.7 million estimate from the Android trial since that is based on a 2010 number, but I can compare Android’s position in the market in 2010 to Windows Phone’s in the most recent quarter. In the first quarter of 2010, Android was breezing past Apple to account for 28% of the market, assuming the No. 2 spot in the market behind Research In Motion, the NPD Group estimated at the time. Meanwhile, Windows Phone 8 reached an all-time high in market share in the most recent quarter – a whopping 4%, according to Strategy Analytics.

By these estimates, we can say Microsoft earns more revenue from a platform that accounts for 4% of the market than Google did when Android stood at 28%.

So while it’s far from a slam dunk, it looks like Windows Phone brings in more money for Microsoft than Android, the vastly more popular OS, has for Google in the past. Admittedly, these aren’t perfect numbers, but the bigger picture here is that the Windows Phone 8 strategy stands to earn Microsoft a whole lot of money if it can get some momentum.

A per-set fee, on the other hand, might not be a bad idea for Google. It might help clean up the low end of the Android line, which is really low-rent.

But Microsoft really needs to get its tail in gear with WP8. It needs another OEM, if only to keep Nokia honest, it needs to support developers better, and it needs to fix the ad pipeline for in-app advertising, because that has been broken for months. It has a potential winner if it would just apply some effort.

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at

Continue Reading

General Alexander heckled during Black Hat keynote address

Speaking to a packed house this morning, General Keith Alexander faced a skeptical, and hostile crowd during his keynote address. A first for the conference, the NSA director faced a State of the Union-like disruption, when someone in the darkened room shouted “bulls..t!” after the General commented that the U.S. Government, “stands for freedom.”

[LIGHTER SIDE: Head-spinning history of the Propeller Beanie]

The heckling happened several times, ending towards the end of the keynote when the General was holding a Q&A with Black Hat General Manager, Trey Ford.

After commenting that his reason for attending Black Hat was to ask the community represented by the attendees help the government (i.e. the NSA) “make it better” when it comes to data collection and the legal intercept programs, the unknown heckler responded to the General with a shout of, “read the Constitution!” to which Alexander responded, “I have, you should too.”

For those sitting near CSO that were willing to talk, the heckling marked a low point in Black Hat’s history, but it serves to show just how passionate InfoSec people are at times, and how much of a pressure point the NSA’s actions have become.

The keynote left many attendees that CSO spoke with feeling as if they wasted their time. It wasn’t that they didn’t appreciate the General taking the time to speak, but the keynote was more of a presentation than a meaningful discussion, and when the questions came they were focused more on business than anything else.

General Alexander made no apologies for the news cycle this summer, one that has placed his agency directly in the crosshairs of the public, the media, and politicians on both sides of the isle. The intercept programs, he explained (reiterating previous remarks on the record) are managed with strict oversight. They acquire only the data that is needed for counter-terrorism programs, and it’s collected in a way that is the least intrusive when it comes to privacy. This is the point that many disagreed with, and left many of them feeling let down.

However, the General did show how the controversial Sections 215 and 702 (known as PRISM) of the Patriot Act, were used to stop attacks. In fact, he said that 54 terror plots were stopped by the programs, and of the 13 plots halted in the U.S., 12 of them were directly linked to the intercept programs.

General Alexander’s keynote at Black Hat also happens to fall on the same day that intelligence officials are slated to begin testifying on Capitol Hill in a Senate hearing on government surveillance. Shortly after the General began speaking, the Office of the Director of National Intelligence (ODNI), released three documents that were previously classified, including a records collection order under Section 215.

The three documents outline some of the basics of the intercept programs, and once again stress that only basic information is collected, and that most of the data “is never viewed.” One of the ODNI’s documents says that only those with proper training and authorization are allowed to access the collected data.

Yet, in what looks to be a contradiction (including going against what the General mentioned during his keynote), a footnote in the 215 order says that the FISA court understands that “technical personnel responsible for the NSA’s underlying corporate infrastructure and the transmission of the [collected data] from the specified persons to [the] NSA will not receive special training regarding the authority granted herein.”

According to General Alexander, only 22 people have access to the collected data in order to authorize a trace on a given piece of collected data, and only 35 people are allowed to query the database that houses all the collected data. So the footnote in the document released by the ODNI begs the question of who else in that infrastructure chain has access to the collected data (directly or otherwise) and where did Edward Snowden fit in?

CSO was unable to find anyone to address this apparent discrepancy on the record, and the topic of Eric Snowden was off limits with those attending Black Hat who represented a contractor or three-letter agency.

Also on Wednesday, adding another layer to the ODNI questions, a report from The Guardian, exposes the existence of XKeyscore, the “widest reaching” system the NSA has for developing intelligence from the Internet.

According to the report, this program “allows analysts to search with no prior authorization through vast databases containing emails, online chats and the browsing histories of millions of individuals, according to documents provided by whistleblower Edward Snowden.”

General Alexander knew he was walking into a hot room, but he did it anyway. The problem most had with his address is that the questions asked of him focused on businesses, and not the customers they represent. While it was an embarrassing moment for the conference, the heckler’s comments aptly summed up the mood of those sitting near CSO during the keynote:

“What I’m saying is that we don’t trust you. How do we know you’re not lying to us right now?”

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at



Continue Reading

Follow Us

Bookmark and Share

Popular Posts