Phishing attacks cost Indian firms Rs 328 crore: RSA

NEW DELHI: Indian companies lost around $53 million (about Rs 328 crore) due to phishingscams with the country facing over 3,750 attacks in July-September this year, making it the fourth most attacked nation globally, a report by leading IT services firm EMC said. 

Globally, firms lost $1.7 billion on account of cybercriminals launching 1,25,212 phishing attacks in July-September 2013, witnessing a rise in attack volume compared to the second quarter, says Anti-Fraud Command Center's(AFCC) fraud report for Q3 2013, prepared byEMC's security division RSA. 

RSA is a provider of security, risk and compliance management solutions for business acceleration. 

Phishing involves sending emails purporting to be from reputable firms to unsuspecting individuals and also corporate entities to induce then in revealing personal and financial information like passwords, credit card numbers, etc. 

"Total amount of losses incurred in third quarter of 2013 are $1.66 Billion. Brands in the US, the UK, India and Australia were targeted by almost 50% of the phishing attacks in Q3 2013," the report said. 

Firms in the US incurred a loss of over $882 million followed by Germany ($294 million), the UK ($133 million), India ($52.9 million), South Africa ($43 million) and others ($261 million), it added. 

RSA ranked India fourth most targeted country by phishing attacks receiving 3% of the total volume. Other countries targeted by phishing attacks were US (53%), Germany (17%), the UK (8%) and South Africa (3%), it said. 

India ranks third in phishing attacks on brands with 7% of the total volume worldwide. The US with 27% tops the chart followed by the UK with 12%.

Solar system from its creation to its decline

Solar system is a set of planets and moons centred on Sun. It includes nine planets, whose Earth, more than sixty moons and many other celestial objects, whose thousands of asteroids. Sun contains more than 99% of matter of the solar system, and its powerful gravity maintains the system set. Each object, from the smallest asteroid to Jupiter, the biggest planet, is in orbit around Sun. At the extreme limit of solar system, a comets cloud extends until half-way of the nearest star.

Solar system composition

The Sun, our local star, dominates solar system and its gravity maintains coherence of that last. The whole light and heat that we receive on Earth come from Sun. 
• Mercury, the planet nearest from Sun, is also that which moves the most rapidly in the solar system. Its name corresponds to the messenger of gods in Romans. 

• Venus, second planet nearest from the Sun, it is of a size comparable to Earth. It turns on itself in the sense of hands of watch, at the contrary of other planets. 

• The Earth, our planet, is the unique which contains water and shelters life. It accomplishes a rotation on itself in 24 hours and a revolution around the Sun in one year, that is 365 days. 
• Mars, first planet beyond Earth, turns on itself at the same speed than its last, but it needs almost twice longer time to make an orbit around the Sun, that is 687 days. 

• Jupiter is immense, containing twice and half the mass of all other gathered planets. It turns on itself fastest than any other planet, in ten hours only. 

Saturn owns the most extended, coloured and complex rings system, as well as the biggest family of moons of all planets of solar system. 

• Uranus, it is twice far from the Sun than Saturn. It turns around the Sun when it rolls on itself, laid down on its orbit. 

Neptune, more a planet is far from Sun, more its orbital period is long. Its reaches almost 165 years. 
Pluto, the most far from the Sun. It has an eccentric orbit. It move apart far away from plan of other planets and, once by revolution, it penetrates in the interior of Neptune orbit. 

Solar system creation

The primitive nebula 
Solar system was formed from a primitive nebula issued from more remote stars explosion: Super Nova. In the primitive nebula, we have already found all the elements which compose now our present solar system. The mains among them are carbon, nitrogen and diverse minerals. But there are above all hydrogen and helium which are the two compounds necessary to the creation of a star, here the Sun. This nebula is, in fact, formed of clouds and dusts, which under the gravitation effect, begin to concentrate around a centre and to form a discus. 



Sun creation 
This spiral forming like that around a nebula centre, proves that this centre attracts a quantity always more important of matters. This gathering very dense characterizes by the meeting extremely violent between matter, creating like that energy partially dissipated under heat form. As mass of the new star increases, its attraction does the same thing. It results the previously explained phenomenon amplifies more and more until form an enormous fire ball: it is the formation of proto-sun. Because of the discus which surrounds the proto-sun heats from its birth moment, whose size can reach 200 UA (astronomic unit), that begins to solidify, atoms stick ones to others to form matter seed. At that moment, accretion phenomenon installs. 

Planets creation 
When seeds do not go too fast and crash, they form planetoids. There are in fact small stars which turn on orbit around a star, in our case, the star is the sun. Then, they assembly between them and form a planet. In order that a planet is born, it has to count between 50 and 100 millions years. At that period, the solar system is practically terminated. In fact, the proto-sun has become fully sun because he has reached temperature which permits to install its nuclear mechanism. 

Planets on their orbit attract the last planetoids or dusts and the most far from sun capture gas more weak such as hydrogen H or helium He and become gaseous planets (in this category, we find Jupiter, Saturn, Uranus and Neptune). At the contrary, the nearest from sun have more difficulties to keep their atmosphere because sun attracts weak elements. Then they have a strong stone and a little or not atmosphere: there are telluric planets (Mercury, Venus, Earth…). At last, it remains the case of Pluto which is probably a remote satellite of Neptune. 

Besides, we remark that the number of natural satellites which owns each planet varies with the distance from sun. Like that, more the planet is far from sun and its attraction, more it has chance to own satellites. For that reason, we remark Venus has no one satellite, Earth has only one (the Moon), Mars has two and at the opposite, Jupiter owns 20. It was like that that appeared our present solar system. 

The end 
Today, Sun is at the half of this life, in 5 billions years, it will have exhausted its whole energy (it will have burnt its whole hydrogen) and will begin to burn helium, then it will become red and will inflate until reaching 50 times its current diameter. Then it will collapse on itself to form a white dwarf (of the Earth size) and will extinguish little by little. 

Embedded systems at the Edge of the Clouds

For many years, the Gateways and Set-top boxes have been nothing more than brainless end-devices situated at the edge of the service provider’s networks. Their only usage: facilitate the access of the end-user to internet and media services. Nowadays, together with the increase of processing power in the embedded systems, it is no longer the case. By implementing the critical functions into hardware to free up the system resources and by using the advantages of multi-core technology, a world of opportunities has opened up for the end-devices providers. Finally, the edge devices can be used not only to collect and publish data to and from other sources, but also to run applications and act as terminals for the services provided.

As the number of edge devices increases in a very high pace, DDS does a great job to take the problems out of the way through decoupling the data and providing scalability. Any application on any device can publish or subscribe to its data feed of interest. This way, the edge devices can contribute with information to the system and receive data necessary for the applications installed, each app being de-coupled from the others.  All these benefits give us the freedom to offer a broad variety of services regardless the operating system or platform.

But why is this flexibility so important? Well, besides a shorter time of development and increased agility (which, let’s face it, give a breath of fresh air to any technology company), thinking about the future becomes a bit easier. Especially in the technology sector, where things move at a blazing speed. When a new emerging technology appears on the market, the waves it creates could drastically change the entire ecosystem. As the new technology becomes more mature, more and more users will decide that the benefits outweigh the risks and will adopt it. So it happens with Cloud Computing. IaaS, PaaS and SaaS can all be provided from the cloud, as long as the user pays for the service and has a terminal it can access the service from.

May it be a tablet, a gateway, set-top box or any other end device, the empowered functionality of an edge device is quite limited. Seeking to accomplish specific functions, the terminal devices are specialized in providing services from within the cloud. Their main function – to give the user a possibility to control the vast resources at their disposal.

According to artofservice.com.eu, <<Cloud computing designers, engineers and gurus can actually construct embedded system devices according to the actual requirements of their proposed systems.  That’s right, cloud computing aficionados will finally be able to tailor their proposed UI devices “around their clouds” rather than the other way around. (…)   There are already companies manufacturing prepackaged boards, components, and hardware that is ready to be integrated into devices as we speak, it’s simply a matter of putting the pieces together. (…)  The private user of cloud services is mostly entrenched in entertainment right now, but cloud-like apps are also slowly making their way onto people’s smart phones, pads and tablets as well.  Sure, these apps are usually designed to do things like online storage or play music, but it’s a sign that cloud technology is becoming more relevant to individual consumers.  Embedded systems connected to a cloud network by comparison, would be extremely powerful and offer users many times the power of their most cherished tablet or PC, and to top it all off, might even be significantly cheaper to buy and own than these devices as well. 

Windows XP flaw allows attacks via Adobe, security firm says

A new zero day flaw in Windows XP and Server 2003 is being exploited in the wild to bypass the sandbox on unpatched versions of Adobe Reader, security firm FireEye has reported.

According to the firm's analysis, the vulnerability allows for a standard user running XP SP3 to elevate privileges to admin level, allowing a targeted attack on users running Reader versions 9.5.4, 10.1.6, 11.0.02 and before using a malicious PDF.

"An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights," said Microsoft in a separate advisory (2914486).

In other words, attackers hitting this flaw can beat Adobe's sandbox by routing their sneakiness via a lower-level call through the OS itself.

The issue has been designated CVE-2013-5065 and an out-of-band patch looks like a distinct possibility given its seriousness.

"Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs," said Microsoft's advisory, dropping a heavy hint that early action was likely.

Upgrades urged as answer

In order to fix the problem, users are advised to update Adobe Reader to a later version orsimply abandon Windows XP for Windows 7 or 8.

News of the issue will be taken as further confirmation that users need to get off XP although privilege elevation flaws can in principle affect any OS from time to time. They have become rarer in recent years, hence their importance when they surface.

A month ago Microsoft's Q3 Security Intelligence Report (SIR) found that XP was not only more likely to encounter malware but significantly more likely to fall prey to it all things being equal. Later versions of Windows—especially Windows 8—are architected with a greater level of low-level security designed to beat off some attacks.

Microsoft is urging all Windows XP users to upgrade because it is retiring the operating system and on April 8, 2014 will no longer supply even security upgrades.

Tablets will rule 2014, analysts say, but vendors will battle

Tablets will out ship almost all other PC form factors combined next year, forming nearly 50 percent of the total market, according to a report from analysts at Canalys.

The worldwide client PC market grew 18 percent in the third quarter of this year, despite desktop and notebook shipments continuing to decline.

However, tablet shipment accounted for 40 percent of PC shipments, less than half a million units behind global notebook shipments.

Canalys predicts this trend to continue and has forecast 285 million units to ship in 2014, growing to 396 million units in 2017.

Apple, Samsung fight for lead

Apple and Samsung are expected to keep ahead of their competitors in the near term. But both vendors could face challenges as the market heats up.

Apple has maintained its top vendor position throughout 2013, while Canalys predicts the launch of the iPad Air and new iPad mini to strengthen that position in in the final quarter of this year.

Its desktop and notebook business has remained stable while other vendors have seen their shipments deteriorate. Apple's prioritization of protecting gross margins will see its PC market share continue to decline.

Canalys analyst Tim Coulling said Apple's decline in PC market share was unavoidable when considering its business model.

"Samsung narrowly took the lead in EMEA this quarter and Apple will lose its position to competitors in more markets in the future," he said. "However, Apple is one of the few companies making money from the tablet boom. Premium products attract high value consumers; for Apple, remaining highly profitable and driving revenue from its entire ecosystem is of greater importance than market share statistics."

Microsoft's a player, analyst says

Canalys forecasts that Microsoft will take 5 percent of the tablet PC market in 2014, up from just 2 percent in 2012.

Canlys analyst Pin Chen Tang said 2014 will bring another major shift for the company asthe Nokia acquisition brings it a step closer to being a fully-fledged smart mobile device vendor.

"As a vendor Microsoft needs to prove to channel partners and consumers that it is in this market for the long haul," he said. "Balancing the competition with its vendor partners and embracing a 'challenger' rather than an incumbent mentality is essential. To improve its position it must drive app development and better utilize other relevant parts of its business to round out its mobile device ecosystem."

Android-derived operating systems will be responsible for driving growth in the market and are forecast to take a 65 percent share in 2014 with 185 million units.

Samsung continues to lead with strong year-on-year growth coming from its broad tablet portfolio, and in the third quarter of 2013 it had a 27 percent share of Android tablet shipments.

But with hundreds of small-to-micro brand vendors in established and high-growth markets and international players such as Acer, Asus, Lenovo, and Hewlett-Packard, analysts say this market share statistic will also start to decline.

Botnet busts more for stunts than security, expert says

Microsoft and Symantec made headlines in September and in the summer by taking down major botnets. Now, one expert calls their actions ineffective, and wonders if the only reason they happened was to garner good press.

Working backwards, Symantec announced in September that they used a vulnerability within the ZeroAccess botnet's code to take down a significant part of it. Their actions gained headlines, because ZeroAccess has existed since 2010, and had a foothold on millions of systems globally.

In a similar situation, Microsoft took out 88 percent of the Citadel botnet this summer, going to far as to send configuration files to the infected systems that forced them to connect to sinkholes, removing them from criminal control. At the time, Microsoft said that 40 percent of the computers that were part of the operation were cleaned of infection.

However, there were those that said Microsoft's actions were nothing more than a clever PR stunt, and that they had no real impact on the threat landscape.

In a recent blog post, Damballa's CTO, Brian Foster, says that botnet takedowns often don't meet their stated goals of reducing the risk of infection online. In fact, he says, it's something else entirely.

"It makes me wonder if these efforts are for the sole purpose of garnering press, because they certainly don't have any lasting impact on end user safety," Foster wrote.

Shortcomings noted

Supporting his theories, Foster listed three reasons that botnet takedowns are ineffective. To start, he noted, most takedowns are done haphazardly. In most cases, only a small percentage of the command and control servers for a given botnet ware grabbed by the do-gooders. Thus, while it makes good coverage to show that 24 percent of a botnet has been taken offline, "[it] still leaves 76 percent of it active. The attacker still has a strong foothold and can easily recover."

Further, takedowns do not account for secondary communication methods such as P2P channels, or domain generation algorithms (DGA) that may be used by malware.

"We looked at 43 pieces of malware and discovered that three of them had secondary callback methods. This means that for at least three of the botnets, security researchers need to take additional steps to make sure the botnet is disabled," Foster said.

Finally, he noted, the takedowns themselves do not result in the arrest of the person(s) behind the botnet itself. Unless the attacker has been arrested, it doesn't prevent them from starting anew and building a different botnet.

"Bottom line: If security researchers and their organizations are doing takedowns for marketing reasons, then it doesnt matter how they go about it. But if they are doing takedowns to truly limit Internet abuse and protect end users, then there needs to be a more thoughtful approach than what has typically been used by the industry. Otherwise, the bots will once again veer their ugly heads," Foster concluded.

MiseryMap tracks weather, flight delays in real time

Approximately zero people enjoy flying over the holidays. Not only is it more expensive and the airports more crowded, in many areas, the weather is also just worse. How bad is it and where? FlightAware's Misery Map shows you in real time.

The map shows the proportion of on-time flights at major airports compared to delays and cancellations. The East Coast was particularly hit over the Thanksgiving holiday, courtesy of the Nor'easter wrecking havoc. The map is also interactive, so if you hover over an area, you can see the routes that are particularly miserable.

It might not be as useful a tool for travelers as, say, FlightStats, which offers a greater level of detail. On the other hand, it could make those of us who aren't flying this holiday season more thankful. Stay safe and calm, all you travelers. The holiday traveling season is only beginning.

Quick tips to secure passwords

One of the more frustrating exercises in using anything online is keeping your passwords safe. They have to be easy to remember and hard to guess.

Here is a trick I've used for years that seems to work for passwords, Social Security numbers, telephone numbers, birthdates and anything that needs to be safe.

Develop a solid base password

This should be a 79-character base that has a combination of upper/lower case letters, numbers, and one or two special characters. For example, the airport code for Phoenix, AZ is PHX' and a date I easily remember is the day JFK was assassinated, 11-22-1963. 

So using that as a starting point, I can morph it a little to increase the complexity: PHX becomes PhX, and with 11-22-1963 I can substitute ! for the 1s and the # (shift 3) for the number 3. That results in a base password of PhX!!22!96#Now that you have the base password, develop a schema for any password site name. For exampleGoogle Gmail could become gml or gglgml, making my password for Google Gmail PhX!!2!!96#gml or PhX!!2!!96#gglgml. Easy to remember and difficult to crack.

Disguise important numbers

It's important to be able to access Social Security numbers, but also important to guard them.

I have to store lots of Social Security numbers for spouse, kids, parents, grandkids, and so on. I've identified two ways to encrypt these in plain site.

The first was is to change every other number by +1 or -1 (or any number +/-). For example, 123-45-6789 using +1 becomes 224-46-6890. Since I know the key getting back is straightforward. 

The second way is to use your Social Security number with some +/- number added to numbers within your Social Security number. Lets say your Social Security number is 123-45-6789 and your spouse's number is 987-65-4321. Adding a +1 to the last digit in each results in your number becoming 124-46-6780 and your spouse's number becoming 988-65-4322. By storing both numbers you have the key to decrypting. Put your Social Security number back to the original and you know how to put your spouse's number back to the original.

The second scenario works equally well for phone numbers, addresses, lock combinations, etc.

Exercise caution

The caveat in the first case is to keep your key to yourself and the in the second case keeping your Social Security number private.

For the most part the bad guys are interested in low-hanging fruit and big fish. If the bad guys get your computer and all the information is encrypted as above there is little that can be gained.

The problem is that Social Security numbers do have a way of popping up. The good thing is that correlating a Social Security number to a specific person and then decrypting the information takes time...the one thing the bad guys don't have.

Akamai to buy DDoS protection specialist Prolexic

Content delivery services provider Akamai Technologies plans to buy Prolexic Technologies, a distributed denial-of-service (DDoS) mitigation specialist, for $370 million in cash.

Akamai, in Cambridge, Massachusetts, runs one of the world's largest content delivery networks with 137,000 servers in 87 countries. Its clients span a variety of industries and include a third of the companies on the Fortune Global 500 list.

Akamai already offers security services that protect Web sites and Web applications against a variety of threats, including DDoS attacks. However, Prolexic, located in Hollywood, Florida, specializes in defending enterprise applications against application-layer and network-layer attacks.

By acquiring Prolexic, Akamai wants to expand its services and provide customers with the technology needed to protect Web and IP infrastructure.

The transaction is pending regulatory approvals and is expected to close in the first half of 2014.

According to Scott Hammack, CEO of Prolexic, combining the expertise of both companies will allow customers to use a single provider for the Internet performance and security needs of their applications, which will simplify the resolution of network availability issues and clarify accountability.

Prolexic operates a network of so-called scrubbing centers spread around the world that have a combined bandwidth of more than 1.5 Tbps. When a DDoS attack occurs, the targeted customer routes in-bound traffic to the nearest Prolexic center, which has enough bandwidth capacity to analyze it and apply DDoS filtering techniques in order to identify and drop the malicious packets. The clean, scrubbed traffic is then routed back to the customer.

The size and number of DDoS attacks has increased significantly in recent years and the methods used by attackers have become more sophisticated, according to past reports from Prolexic and other DDoS mitigation vendors.

Bitcointalk.org warns passwords in danger after DNS attack

A popular Bitcoin discussion forum warned on Monday some user passwords may have been intercepted after the site’s DNS (Domain Name System) registrar was breached.

An attacker found a flaw in Bitcointalk.org’s domain name registrar, a company based in Japan called Anonymous Speech, wrote an administrator for the forum who goes by the nickname “Theymos.” Anonymous Speech could not immediately be reached for comment.

Tampering with a DNS server is a powerful attack. A hacker can direct traffic destined for one website to one that he or she controls, even if a person types in the correct domain name in the URL address bar of a browser.

The attacker could then execute a man-in-the-middle attack on Bitcointalk.org, intercepting encrypted forum submissions, passwords sent during login sessions, authentication cookies, private messages and more, Theymos wrote.

The attack occurred between 06:00 UTC on Sunday and 20:00 UTC Monday. People who logged into the site during this period should change their passwords, Theymos wrote.

Since many people tend to re-use passwords, hackers usually try to see if the captured login credentials are valid on other services.

People who had the “Remember me” login feature enabled should not be at risk, Theymos wrote. Security codes used to let people login without entering their passwords again have now been invalidated.

A Bitcointalk.org user noticed the change and “immediately transferred Bitcointalk.org to a different registrar,” Theymos wrote. But DNS changes can take up to a day to be updated on servers around the world.

In the meantime, Theymos wrote that users want to make sure they’re communicating with the right server. Users can add this IP address to their hosts file: “109.201.133.195 bitcointalk.org” and remove it later when the updated settings have been distributed through the DNS.

Bitcointalk.org’s TLS certificate—which allows users to cryptographically verify they’re talking to the correct server—has a SHA1 fingerprint of “29:0E:CC:82:2B:3C:CE:0A:73:94:35:A0:26:15:EC:D3:EB:1F:46:6B,” Theymos wrote.

Additionally, Bitcointalk.org was targeted by a DDoS (distributed denial-of-service attack), Theymos wrote. “These two events are probably related, though I’m not yet sure why an attacker would do both of these things at once.”

Bitcointalk.org was defaced in early October and taken offline after hackers apparently found a flaw in the Simple Machines forum software the site uses.

Sneaky software turns your PC into a Bitcoin-mining zombie -- and owns up to it in the EULA

As the Bitcoin bubble inflates to over $1,000 per unit, legions of newcomers are scrambling to join the digital gold rush. For some companies, that means accepting the currency at online checkout counters; for others, it means releasing PC hardware designed to "mine" new Bitcoins at blistering rates. But an unscrupulous few have turned in a more sinister direction, covertly converting users' hardware into Bitcoin-mining zombies.

The E-Sports Entertainment recently agreed to pay a $1 million settlement after secretly installing Bitcoin mining software on more than 14,000 computers nationwide. But this holiday weekend, the makers of the superb Malwarebytes anti-malware software shined a light on a new type of malicious miner—one that announces its plans right in the installation agreement.

Malwarebytes says that the "Your Free Proxy" software by We Build Toolbars, LLC, includes the innocently named "Monitor.exe," which not-so-innocently "beacons out constantly, waiting for commands from a remote server, eventually downloading the [jhProtominer mining software] and installing it on the system."

Bitcoin mining is an intensive process that strains your CPU and GPU alike, to the point of drastically slowing down your system (depending on your setup).

IN YOUR FACE!

Secret commands and secret Bitcoin mining software installed by slyly named executables just screams "MALWARE!" doesn't it? Well, not technically. Malwarebytes scrounged up the following interesting tidbit in Your Free Proxy's EULA:

COMPUTER CALCULATIONS, SECURITY: as part of downloading a Mutual Public, your computer may do mathematical calculations for our affiliated networks to confirm transactions and increase security. Any rewards or fees collected by WBT or our affiliates are the sole property of WBT and our affiliates.

Yep, Your Free Proxy flat-out says it plans to thrash your CPU in a quest for digital gold, literally banking on the fact that no one—no one—reads EULAs or TOS agreements.

Malwarebytes has labeled We Build Toolbars' software as a "Potentially unwanted program," or PUP.

"In my opinion, PUPs have gone to a new low with the inclusion of this type of scheme, they already collected information on your browsing and purchasing habits with search toolbars and redirectors," Malwarebytes' Adam Kujawa wrote. "They assault users with pop-up ads and unnecessary software to make a buck from their affiliates. Now they are just putting the nails in the coffin by stealing resources and driving user systems to the grave."

If you don't like the idea of shady software putting your PC's pedal to the metal under your nose, grab a solid anti-malware program and read up on how to protect your PC against the Web's most devious security traps. (Yes, Malwarebytes is in there.) This episode drives home another point, as well: Make it a point to read the EULA of any software you install—or at least utilize the services of a legalese scanner like the superb EULAyzer donationware.

Encryption and security booming in post-Snowden Internet, but will it help or hinder?

The very concept of the Internet changed in people's minds with whistleblower Edward Snowden's revelations last summer. Before Snowden, we thought it was the information superhighway: a place where we could research, play, shop, and hang out with friends, even if we had to worry a bit about security and privacy.

But when Snowden blew his whistle, we discovered what the Internet really was: a US-made, digital version of the Stasi--the East German secret police determined to know everything about everyone. Even if criminal hackers don't get their hands on your private information, the government will.

The natural and entirely justifiable response for users is to encrypt everything you can. For software entrepreneurs, the natural response is to offer new programs to protect people's privacy--even if some of those programs aren't very good. According to an Associated Press article by Martha Mendoza, "the flood of new computer security services is of variable quality, and much of it, experts say, can bog down computers and isn't likely to keep out spies."

"Every time a situation like this erupts you're going to have a frenzy of snake oil sellers who are going to throw their products into the street," warns CloudPassage CEO Carson Sweet. CloudPassage offers security for cloud storage--and if anything needs security, it's cloud storage. The trick is to use encryption and security at your end, and not in the cloud, where someone else can control it.

I've seen enough flawed security products over the years to believe Sweet's claim. ConsiderCryptocat, an encrypted instant messaging service first introduced in 2011. Last year, Quinn Norton praised Crypotcat highly in a Wired article titled This Cute Chat Site Could Save Your Life and Help Overthrow Your Government. But only a few weeks later, another Wired author, Patrick Ball, found Cryptocat not so cute. In fact, "your security depends entirely the security of the host. This means that in practice, CryptoCat is no more secure than Yahoo chat…no better than having no crypto at all."

Since Snowden's revelations, new security offerings keep springing up. For instance, Pirate Bay co-founder Peter Sunde released Heml.is--named after the Swedish word for secret. But Sunde has refused to make Heml.is' code open source. When a program is open source, anybody with the technical skills can read the code and look for flaws. While this may seem like a security breach, it actually results in more reliable and secure programs. According to security expert Bruce Schneier, "In the cryptography world, we consider open source necessary for good security; we have for decades."

Considering the massive computing power available to the NSA for cracking encryption, some companies feel that the only secure option is to get out of the United States. San Francisco-based data storage provider Pogoplug is doing just that, moving cabinets and cables across the Atlantic at the request of a major client, Paris-based Bouygues Telecom. PogoPlug CEO Daniel Putterman told AP's Mendoza that "They want French law to apply, not U.S. law." They're planning a similar move for an Israeli client.

The government is spying on you. So are criminals and corporations. And not all the companies selling solutions are trustworthy. If you’re concerned about privacy, keep your cards close to your vest and your ear to the ground – the game is changing on a daily basis, and the players are some of the biggest organizations in the world.

Done with the cloud? Alternatives for online backups

External drives

Long before cloud backup services sprang up, businesses and individuals made do by using external USB hard drives. Backing up data locally to an external USB hard drive is faster than uploading it to the cloud—especially via a USB 3.0 connection—and external drives are a relatively cheap, one-time investment rather than an ongoing subscription. Still, two potential concerns with backing up to an external hard drive remain.

The ioSafe Solo protects your backed-up data from fire and flood.

One concern: What happens when the external drive malfunctions or crashes? Consumer-grade drives are pretty reliable, but they will inevitably fail—usually about the same time your PC crashes, if Murphy has anything to say about it. Second, if a fire or flood destroys your home or office, your external drive will succumb right along with your PC.

You can resolve both of these issues, however, with a couple of simple steps. First, perform backups to two external USB hard drives. Then store one of the drives in a fireproof safe (preferably on a shelf to avoid water damage from a flood) or offsite in a safety deposit box.

For even more security, use a disaster-proof drive like an ioSafe Solo as one of your two backup drives. They’ve been designed and tested to survive man’s and Mother Nature’s destructive worst.

Peer-to-peer backup

One of the biggest benefits of using a cloud backup service is that the data is stored safely offsite.

As an alternative to locking away a hard drive in a fireproof box, you could instead use a peer-to-peer backup system such as the one offered by CrashPlan.

CrashPlan Free creates a peer-to-peer network for backing up data offsite. (Click to enlarge.)

CrashPlan is a cloud backup provider, but it also offers a free service that lets you back up data to the PC of a friend or family member, while they back up their data to yours. Your backup will be stored safely offsite and encrypted, so it can be accessed only by using your personal account information.

You have a few caveats to consider, though. The process takes place over the Internet, so, depending on your broadband speed, it may take a lot longer than a local backup. Your friend or family member’s PC must also be turned on, connected to the Internet, and have enough available storage to accommodate your data.

Private cloud

Another advantage of storing data in the cloud is that you can access it from virtually anywhere, anytime, via a mobile app or Web browser. A network-enabled external drive like the Western Digital (WD) My Cloud provides the same convenience.

Western Digital’s My Cloud gives you anywhere access to your local backup.

My Cloud offers 2 terabytes or more of storage, and WD has apps for both Android and iOS that let you access the data stored on the drive from wherever you are. The apps also integrate with cloud services like Dropbox, SkyDrive, and Google Drive, enabling you to transfer files from your My Cloud drive to the cloud, or vice versa. WD also has a four-bay version called My Cloud EX4, which adds the assurance of a RAID array's mirrored copies.

ioSafe offers a networked version of its patented disaster-proof drives. It features two drives set up in a RAID configuration with similar syncing and mobile app access, for use as a private cloud.

Another option is a service like Younity or MiST; these services index your data where it is and make it available from mobile apps and other PCs.

MiST connects your PC and mobile devices into a personal file-sharing network.

With Younity or MiST, the data itself stays in its original location—on your mobile device, or your Windows or Mac computer. The source of the data has to be turned on and connected to the Internet for the data to be accessible from other platforms or devices, but you can use these services along with some other backup alternative to enjoy the same anywhere-access to data that you get from the cloud.

Backing up your data using a mix of these tools isn’t as turnkey-simple as using an online service. But once you have have a process in place, you can confidently kiss the cloud goodbye.

Qualcomm Toq aims to give smartwatches a shot in the arm

Qualcomm is making the Toq available only to US consumers

Continue reading the main story

Qualcomm has released a smartwatch that it says can last days between recharges despite the fact its touchscreen display is always on.

The US company says the "limited edition" Toq is designed to showcase its new technologies rather than compete with its other products.

Qualcomm is best known for making processors that power smartphones.

However, one analyst suggested the device was too bulky to appeal beyond a niche enthusiast audience.

The $349 (£215) gadget is being made available via only Qualcomm's website to US customers, and the company said it was "unlikely" it would sell the watch elsewhere.

Wrist action

The Toq is designed to be paired with any smartphone running Android 4.0.3 or higher.

It allows its owner to receive and send text messages, manage reminders and view other information - such as weather forecasts or stock prices - obtained via their handset.

There is no software store for the watch itself, but existing handset apps can be adapted to send details to its display and activate a vibrate function. In addition it can be used to accept or reject calls, and control what music is being played from the linked phone's library.

The company says that the watch's key innovation is its use of its proprietary Mirasol technology.

Rob Chandok, president of Qualcomm Interactive Platforms, described this as being similar to the e-ink displays commonly used by e-book readers and another smartwatch - the Pebble - but better.

Backlight

"In addition to the fact it offers colour, the refresh rate of Mirasol can be 30 frames a second, which allows you to build a touch interface," he told the BBC.

"That's tremendously important when you are trying to offer some of these experiences.

Continue reading the main story

"In an e-ink display you can't refresh the screen fast enough to follow the finger."

Mirasol is significantly less power-hungry than the OLED tech used by Samsung's Galaxy Gear watch, meaning that unlike its rival, its screen does not have to turn itself off when angled away from the user's face to extend battery life.

Sony's Smartwatch 2 does offer an always-on LCD display - however, it requires the user to switch on a backlight in dim conditions.

Although Qualcomm suggests the Toq's lack of an on/off switch makes it the superior option, Mr Chandok acknowledged that the Toq display's graphics were not as vibrant or crisp as the alternatives.

"But we've got other versions of Mirasol in the pipeline that are going to have a better colour gamut and vibrancy," he added.

Samsung's Galaxy Gear, Sony's Smartwatch 2 and the Pebble are other cheaper options

Qualcomm has also included three other technologies it has developed that it hopes will attract the attention of manufacturers:

• Stereo Bluetooth headphones, allowing synchronised left and right-channel audio without the need for a wire between the earphones and the watch
• WiPower LE - the firm's "drop 'n' charge" tech that allows the headphones and watch to be recharged by placing them on top of the same base
• AllJoyn peer-to-peer networking, a system the firm is promoting as a cross-platform way to share data between various gadgets

Mr Chandok said "tens of thousands, but not hundreds of thousands" of the watches were being produced, adding that its appeal was likely to be limited to an "early adopter" crowd.

"We would consider making more if the demand were high," he said. "But our preference is for our partners to bring out products [using the new technologies] in the next six months, and we're working hard with a few people to do that."

He declined to name the companies involved, but did reveal that in theory the Toq could be made compatible with Apple's iPhones.

"We limited the spend on what we were doing and just built the applications on the Android side," he said.

"There's nothing keeping us from doing an iOS app, we just haven't invested in that."

Unproven market

Many analysts believe the market in smartwatches and other wearable technologies - such as Google's Glass eyewear - has the potential for huge growth.

However, one expert warned that Qualcomm and others had to make major improvements to achieve such numbers.The research firm NextMarket Insights has predicted 373 million smartwatches will be shipped in 2020 compared with fewer than one million this year.

"They are still relatively bulky in watch terms and you still have issues with recharging, which is an alien concept to people with watches," said Chris Green, an analyst at the consultants Davies Murphy Group.

"The Toq offers a little bit more than some of the other smartwatches in terms of what it can do, but it's still ultimately a basic thing offering little more than a second screen, and is quite gimmicky.

"We've still to see anyone offer a smartwatch that delivers something that we actually need."