JJ News Maker: Jul 11, 2011

Monday, July 11, 2011

U.S. Suspects Contaminated Foreign-Made Components Threaten Cyber Security - ABC News

Some foreign-made computer components are being manufactured to make it easier to launch cyber attacks on U.S. companies and consumers, a security official at the the Department of Homeland Security said.

"I am aware of instances where that has happened," said Greg Schaffer, who is the Acting Deputy Undersecretary National Protection and Programs Director at the DHS.

Schaffer did not say where specifically these components are coming from or elaborate on how they could be manufactured in such a way as to facilitate a cyber attack.

But Schaffer's comment confirms that the U.S. government believes some electronics manufacturers have included parts in products that could make U.S. consumers and corporations more vulnerable to targeted cyber attacks.

A device tampered with prior to distribution or sale could act as a "Trojan horse" in the opening wave of an international cyberwar. Contaminated products could be used to jeopardize the entire network.

The admission by Schaffer came out Thursday after repeated questioning from Rep. Jason Chaffetz, R-Utah, at a House Oversight and Government Reform Committee hearing on cyber threats.

ABC News previously reported that the FBI was investigating a case in which counterfeit Cisco routers were being sold to various government agencies but this is the first time that a government official has confirmed that the threat is real.

Such attacks are difficult to detect and many go unnoticed. Cyber tactics have changed and many hackers just want to steal information without incident. Cyber thieves are going after personal information such as credit card numbers or target corporations and trade secrets.

Many in Congress have pointed to foreign governments as the source of many recent cyber attacks, although the administration has yet to call out any one nation.

Rep. Rosa DeLauro, D-Conn., in April called on Secretary of State Hillary Clinton to condemn cyber attacks launched by Chinese attackers against the American social action website Change.org.

Foreign-made components, often manufactured in Asia, play a key role in consumer electronic devices -- everything from Internet routers to home computers -- that make up the national digital infrastructure. DHS is charged with identifying and defending that infrastructure, but lacks legal authority to intervene in private companies.

While the threat of a contaminated supply chain is real, it is not exclusively directed at the United States, according to Jim Lewis, a senior fellow at the Center for Strategic and International Studies.

"The threat of a contaminated supply chain is a risk, but it's a risk that everybody has, because it's a global supply chain," he said.

Part of that challenge facing DHS includes a plan to form partnerships with the private sector, because most of the nation's cyber infrastructure is controlled by private companies.

DHS has begun classifying key infrastructure and is reaching out to private Internet companies.

But Republicans in particular have expressed concerns with the president's proposed cyber legislation, calling the new rules too burdensome on the private sector.

"The president's plan gives the Department of Homeland Security unfettered authority to regulate private industry," Rep. Bob Goodlatte, R-Va., who spoke at an earlier hearing at the House Judiciary Committee.

View the original article here

At Least 31 Dead in Indian Train Accident - Voice of America

Mangled passenger cars are seen at the site of a train accident near Fatehpur in Uttar Pradesh state, July 10, 2011

Rescuers in northern India are sorting through the wreckage of an express train that derailed, killing at least 31 people and injuring 100 more.

Authorities say the Kalka Mail train was travelling from Howrah to New Delhi Sunday when at least 12 coaches jumped the tracks near Fatehpur in Uttar Pradesh state.

The cause of the derailment was not immediately clear.

Officials say the number of casualties is likely to rise as rescuers make their way through the twisted coaches.

India's railway network is one of the largest in the world. Accidents are common, with most blamed on poor maintenance and human error.

Some information for this report was provided by AP.

View the original article here

Google doubling Google+ population - CNET

The Google+ team, facing strong demand for the new social-networking service, has expansion on its mind.

Google briefly let Google+ users invite new members last night in a plan to double the social network's population. And Google has begun detailing its plans for letting business users, not just individuals, use the service starting later this year.

Google has been limiting the individual sign-up rate, leading to frustration among many who want to get in. But Dave Besbris, the Google+ engineering director, said last night it was time for another growth spurt.

"Things are going well with the systems right now so we feel comfortable enough to open up invites for a brief period. Our goal is to double the user base in the field trial from its initial group," he said in a Google+ post.

Apparently the moment was indeed fleeting, because I couldn't find an invitation mechanism by the time I woke up here in England. That means Lutz Beyer's amusing cartoon about Google+ exclusivity remains relevant.

Google had opened invitations briefly last week, shortly after the mostly-closed beta test began. I've had success getting quite a few people in by a somewhat circuitous Google+ invitation route that involves sharing a Google+ post by e-mail with their Gmail addresses.

It's been an irregular process: some people told me they never got an invitation, and sometimes the message took days to arrive. And because Google throttles the sign-up rate, many of those I've invited had to check back several times before they happened to click when the window was open.

In a comment, Besbris apologized for the sporadic availability.

"We are also ensuring, as we grow, things keep working well, so occasionally we may have to pause/slow down/speed up the signup rate to keep the service smooth and fast. The combo can make it seem unpredictable," he said. "I'm sorry [about] that and thanks for your patience."

An official invitation clearly would be a far better way to handle this than the e-mail technique. Google, though, is proceeding cautiously.

"I wanted to take a moment to explain why we're growing the system slowly," Besbris said. "First, we want to make sure our infrastructure scales so the service remains fast and reliable. Second, we want to ensure that bugs are fixed while there are still a relatively few people in the field trial."

Google has made a couple tweaks--shutting down the ability to publicly share an initially private post last week, for one thing. Another change came yesterday involving profile pictures. "Changing your public profile picture or scrapbook photos will no longer generate a public post to the stream, just to the people you have in your circles. So only people in your circles will engage in discussions about the photos you post," Google+ product manager Shimrit Ben-Yair said in a Google+ post.

A look at the Google+ feature introduction page for new arrivals.

(Credit: screenshot by Stephen Shankland/CNET)

1.7 million Google+ users so far?
Besbris wouldn't say how many people are using Google+ right now, but it's certainly in the thousands at least. Paul Allen, founder of Ancestry.com and president of FamilyLink.com, estimated that there were 1.7 million people on Google+ on Monday, a figure based on a statistical extrapolation from the frequency of surnames. "My model uses surname distribution data from the U.S. Census Bureau and compares it to how many Google+ users there currently are with a small sampling of surnames in the U.S. and in the world," he said of his method.

Google+ is a sprawling product, too, and it's taken time for people to grasp its many mechanisms for organizing contacts, sharing posts publicly or selectively, and figuring out details such as, say, the difference between the default stream of contacts' posts (which shows posts from people in all your circles) and the "incoming" stream (which shows posts from people who put you in one of their circles). And Google+ can be used either through a sophisticated Web app or a full-featured Android app; an iOS app for Google+ has been submitted for approval.

No wonder then that newbie guides are popping up. My favorite compendium so far is one from Andrew Shotland. I also liked this flowchart showing how comments are shared with others on Google+.

Google+'s tentacles extend well beyond Google+ itself. Google Docs notifies you of updates. E-mail invitations arrive frequently with word of new followers and discussion replies. The Google home page features a link to your Google+ page. People's Google Profile pages now anchor their Google+ identities--and in a sign that Google is serious about this social networking thing, Google will delete any profiles that aren't made public by July 31. (Here's an idea: why doesn't Google send anybody in that situation an automatic Google+ invitation to try to win them over?)

It's not clear when Google will open up the invitations again, though clearly it will. When it does, Besbris advises you proceed cautiously, too.

"We continue to throttle invites, so please don't mass invite folks as it won't work," he said. "If you invite a handful of your most important friends and family you're much more likely to get these folks into our system."

Business demand, too
Google also is wrestling with business demand for Google+--something to match Facebook pages that need not be tied to a single individual.

Business accounts will be coming later this year, Google product manager Christian Oestlian said yesterday in a Google+ post. He also noted that Google will shut down existing non-individual accounts--well, most of them at least.

"Right now we're very much focused on optimizing for the consumer experience, but we have a great team of engineers building a similarly optimized business experience for Google+. We're very excited about it and we hope to roll it out later on this year," Oestlian said in a video about the option.

Several corporations have already jumped onto Google+, but it's not "optimally suited" for them, Oestlian said, and Google is shutting them down even as it plans to test what it hopes to actually launch:

The business experience we are creating should far exceed the consumer profile in terms of its usefulness to businesses. We just ask for your patience while we build it. In the meantime, we are discouraging businesses from using regular profiles to connect with Google+ users. Our policy team will actively work with profile owners to shut down non-user profiles.
Over the next few months we are going to be running a small experiment with a few marketing partners to see the effect of including brands in the Google+ experience. We'll begin this pilot with a small number of named partners.

Given that companies had already jumped aboard, it appears that at least some businesses would prefer a suboptimal experience to none at all. A measured debut is a sensible way of heading off problems before they're big, but Google also would do well to tap into the Google+ enthusiasm while it's still strong.

View the original article here

Microsoft Baidu Deal, Android Royalties Marked Week - eWeek

Microsoft continued its Android march this week, with a report that the company plans on demanding $15 from Samsung for each Android smartphone produced by the manufacturer.

That information apparently came from unnamed industry officials speaking to the Seoul-based Maeil Business Newspaper, and found its way into a July 6 Reuters report. Were Samsung to enter some sort of royalties deal, it would become the latest in an increasingly long string of companies paying Microsoft an "Android tax." Microsoft insists that Google's Android platform violates a variety of patents it holds.

So far, most of those companies have been small: Wistron Corp., Onkyo Corp., Velocity Micro and General Dynamics Itronix have all agreed within the past 10 days to a royalty agreement. However, both Amazon and HTC pay Microsoft, suggesting that some big enterprises are also in Microsoft's sights.

And some companies have fought back. Motorola retaliated to a Microsoft patent-infringement suit with an intellectual-property complaint of its own. And Barnes & Noble, whose Nook e-reader uses Android, filed a countersuit against Microsoft after the latter sued it for patent infringement.

"Microsoft is misusing these patents as part of a scheme to try to eliminate or marginalize the competition to its own Windows Phone 7 mobile-device operating system posed by the open-source Android operating system and other open-source operating systems," read the bookseller's counterclaim, filed April 25 with the U.S. District Court for the Western District of Washington at Seattle. "Microsoft's conduct directly harms both competition for and consumers of eReaders, smartphones, tablet computers and other mobile electronic devices, and renders Microsoft's patents unenforceable."

Even as Microsoft pushes for Android royalties, there are indications that its own smartphone market share is in serious trouble. For the three-month period between the end of February and the end of May, research firm comScore estimated Microsoft's U.S. share dipping from 7.7 percent to 5.8 percent. That comes despite the marketing push behind the Windows Phone platform.

During the same period, adoption of Android rose from 33 percent to 38.1 percent, while Apple enjoyed a slight uptick from 25.2 percent to 26.6 percent. Research In Motion continued its market slide, declining from 28.9 percent to 24.7 percent.

The top mobile OEMs, in descending order of market share, included Samsung, LG Electronics, Motorola, Apple and RIM.

Microsoft can only hope that its upcoming Windows Phone "Mango" update will increase the platform's appeal to consumers and businesspeople. As Microsoft executives demonstrated for a small group of media and analysts during a May press event in New York City, Mango's new features include a redesigned Xbox Live Hub, home-screen tiles capable of displaying up-to-the-minute information, the ability to consolidate friends and colleagues into groups, and visual voicemail?more than 500 new elements in all, if Microsoft is to be believed.

Mango is due for release sometime this fall. Samsung, HTC, LG Electronics and Nokia have all committed to building new Windows Phone devices preloaded with Mango. Meanwhile, Acer, Fujitsu and ZTE have apparently agreed to produce Windows Phone units for the first time.

Microsoft's issues with Google also extended to the search realm, with news that Redmond is pairing with China's largest Internet search provider, Baidu, to provide users with search results for English-language queries.

Although Google continues to dominate the worldwide market for Web search, the company's run-ins with the Chinese government over issues like censorship are well known. Following a hack of Google servers in early 2010 that exposed Gmail accounts of human-rights activists, Google ceased censoring search results in the country and redirected users to the Google.hk domain in Hong Kong. In March, the company accused the Chinese government of disrupting Gmail service.

A spokesperson for Shanghai MSN Network Communications Technology, also known as MSN China, told the Wall Street Journal July 4 that the results would be labeled as coming from Bing. The deal holds substantial benefits for both companies: Baidu is looking to expand its user base, while Microsoft has made no secret of its desire for inroads into the Chinese market.

The question is whether the Chinese government will demand Microsoft censor those English-language results. "Microsoft respects and follows laws and regulations in every county where we run business," a Microsoft spokesperson told The New York Times July 4. "We operate in China in a manner that both respects local authority and culture and makes it clear that we have differences of opinion with official content-management policies."

Follow Nicholas Kolakowski on Twitter

View the original article here

Sex May Have Resulted From Infections - Care2.com

University of Indiana researchers found evidence that sexual reproduction may have begun as a way to avoid infection and death from parasites. Asexual reproduction is more efficient because it does not require a partner, but it also results in limited genetic variation. If a species has limited genetic variation, a parasitic species than can infect one organism might be able to infect the whole species, resulting in extinction.

Sexual reproduction inputs different genes into the new generation with each cycle. New genetic material in a host generally helps it prevent attacks and infection from parasites. The IU researchers tested the Red Queen hypothesis which is intended to explain the advantage of sexual reproduction, and the constant and sometimes deadly competition between species.

One of the lead researchers explained, “We were able to conduct a controlled test showing that exposure to coevolving parasites led to extinction of populations that could only self-fertilize, while populations that could have sex were able to survive and even adapt to the coevolving parasites.” (Source: io9.com)

In their experiment experiment bacteria became more infective, but the subjects that were reproducing asexually and therefore making genetic copies of themselves, did not get more resistant to the bacteria and eventually went extinct. The round worm Caenorhabditis elegans was used in the study.

Sex could be a strategy against co-evolving parasites, but the Red Queen hypothesis is not the only plausible explanation for its existence. The co-evolutionary activity might also be seen in the fact there are a number of pathogens also associated with sexual reproduction.

Image Credit: ChrisO

(Photo is an example of sexual dimorphism.)