November 29th, 2014 | Edited by Zoran Stosic | software
A federal judge in New York has given final approval to a settlement in which Apple will pay $450 million for its role in a conspiracy to fix prices for ebooks.
Judge Denise Cote of the U.S. District Court in Manhattan called the settlement “fair and reasonable.” It requires Apple to pay $400 million to consumers who bought certain books between 2010 and 2012, as well as $50 million in attorneys’ fees.
Although the settlement is final, Apple only has to pay that amount if it loses its appeal of a 2013 price-fixing ruling. If the appeal is successful, Apple will pay only $50 million to ebook purchasers and $20 million to attorneys.
A hearing on the appeal is scheduled for Dec. 15 in Manhattan. Lawyers for the ebook buyers have said they “strongly believe” that Apple’s appeal won’t be successful.
The iPhone maker was found guilty last year of conspiring with five big publishers to inflate prices for electronically downloaded books. The publishers—Hachette, HarperCollins, Macmillan, Penguin and Simon & Schuster—had already settled the charges against them for $166 million.
If Apple’s appeal is unsuccessful, there will be $566 million in total to divide among the affected consumers. They include millions of people who bought certain books from the five publishers between April 2010 and May 2012.
There are more details about who qualifies for the settlement here, although the period when buyers could make a claim ended last month. Those who applied could get $6.54 for each New York Times bestseller they bought. It will be less than a dollar if Apple wins its appeal.
November 27th, 2014 | Edited by Zoran Stosic | hardware
Prices for 4K monitors have dropped below US$500, bringing them within the reach of cost conscious buyers looking to replace 1080p displays.
The prices have been falling steadily from $700 or more earlier this year. 4K monitors are available from Samsung, Sharp, Dell, Asus, Acer, Monoprice, and small vendors.
4K gives a resolution of 3840 by 2160 pixels, or four times deeper than conventional 1080p resolution of 1920 by 1080 pixels.
Dell is selling its 28 Ultra HD P2815Q monitor for $449.99, down from $699.99 when the product started shipping earlier this year. Newegg is selling 28-inch monitors from AOC and Planar for $499.99.
Samsung has also dropped the price of its 28-inch 4K monitor, the UD590, which is now selling for $599.99 through retailers like Best Buy and Newegg.
Not all 4K prices have dipped so low. Lenovo’s ThinkVision 28-inch Pro2840m is still selling for $799.99. It was announced in January and started shipping around the middle of the year.
It’s important to check all the features on lower priced monitors. They often have a all the main features and ports but suffer on refresh rates, which affect the display’s ability to cope with fast-moving images. For example, Dell’s P2815Q monitor has been criticized for its 30Hz refresh rate. Samsung’s UD590 has the more desirable 60Hz refresh rate via its DisplayPort 1.2, but it drops to 30Hz when connected to a PC via the HDMI port.
Increased competition is bringing prices down, as monitor makers try to attract buyers. Intel recently predicted that 4K monitor prices will fall to below $400 by the end of this year.
As with the other types of computer hardware, prices will continue to fall quickly over the next couple of years and then more gradually after that, said Jonathan Gaw, a research manager at IDC.
As more content takes advantage of 4K, including games and streaming video, buyers will be more motivated to buy 4K monitors, Gaw said.
The buyers are mostly consumers. Some want the latest and greatest display while others are merely drawn by the lower prices, said Leslie Fiering, research vice president at Gartner.
The sub-$500 4K monitors have the basic features, so display makers would have to offer significant improvements to justify higher prices. For example, many low-cost 4k displays don’t have touchscreens. Other features that could command higher prices include sound bars, gesture recognition, cameras, wireless capabilities, and more ports.
“The PC monitor industry is banking on two elements in hopes of getting people to pony up for higher-priced monitors: 4K and touch interfaces. Touch interfaces need the OS vendors and the application developers to create more compelling use cases,” Gaw said.
November 25th, 2014 | Edited by Zoran Stosic | software
A malware program distributed recently through a rogue server on the Tor anonymity network was also used in targeted attacks against European government agencies.
The malware has been dubbed OnionDuke by security researchers from antivirus firm F-Secure, who believe it is connected to MiniDuke, a cyberespionage threat of Russian origin that was used to attack NATO and European governments before its discovery in February 2013.
In October, Josh Pitts, a researcher with Leviathan Security Group, found a Tor exit node located in Russia that was wrapping malware with all executable files downloaded by users through the node. When browsing the Web anonymously through Tor, the traffic is passed through random relays inside the Tor network and then it goes back out on the Internet through one of the many so-called exit nodes run by volunteers around the world.
The rogue Russian exit node identified by Pitts was banned from the Tor network, but researchers from F-Secure analyzed the malware it distributed and found that upon installation, it was downloading additional malicious components from several command-and-control servers.
“We have, for instance, observed components dedicated to stealing login credentials from the victim machine and components dedicated to gathering further information on the compromised system like the presence of antivirus software or a firewall,” the F-Secure researchers said in a blog post Friday.
One of the command-and-control domain names used by the malware was registered in 2011 by someone who used the alias John Kasai. At about the same time, the John Kasai name was used to register a number of other domains, including two used by MiniDuke.
“This strongly suggests that although OnionDuke and MiniDuke are two separate families of malware, the actors behind them are connected through the use of shared infrastructure,” the F-Secure researchers said.
“Based on compilation timestamps and discovery dates of samples we have observed, we believe the OnionDuke operators have been infecting downloaded executables at least since the end of October 2013,” the researchers said. Since at least February 2014, OnionDuke has also been distributed through infected executables in pirated software downloaded over BitTorrent.
The F-Secure researchers found what they describe as “strong evidence” that OnionDuke has also been used in targeted attacks against European government agencies, like MiniDuke, but they haven’t identified the exact attack vectors used in those campaigns yet.
“On one hand is the ‘shooting a fly with a cannon’ mass-infection strategy through modified binaries and, on the other, the more surgical targeting traditionally associated with APT [advanced persistent threat] operations,” they said.
November 22nd, 2014 | Edited by Zoran Stosic | software
Facebook lets its users control whether other people can see the information they post, but when it comes to controlling what Facebook itself gets to see, privacy-conscious users are out of luck.
In fact, Facebook doesn’t think it would make sense to let users do that.
“With most online services, there’s an understanding that when you use those services to share information, you’re also sharing information with the company providing the service,” said Matt Scutari, manager of privacy and public policy at Facebook.
“For users who are truly concerned with sharing their information with a particular platform, honestly, you might not want to share information with that platform,” he said, speaking during a conference on digital privacy in Palo Alto, California, on Friday 14th November.
“I don’t think there are many services out there who could claim they’re not using your information that you’re sharing with them for any purpose. They have to at least use that information to provide the service,” he added.
Scutari was responding to a question from the audience about what tools, if any, Facebook might provide to people who want to post and share information but keep it from Facebook itself.
Data collection—what companies collect, and how it’s used—is an area of concern for Internet users in general, highlighted by some dramatic findings in a recent Pew survey.
Facebook does have a team of employees tasked with looking at privacy issues related to its products, features and tools. The team has a number of programs in place, including daily surveys of users and talks with people in other countries to get their views on privacy, Facebook said on Friday 14th November.
November 20th, 2014 | Edited by Zoran Stosic | software
Apple has acted quickly to address a malware threat to iOS and Mac OSX computers, saying on November 6th it has blocked apps from running that are infected with the WireLurker malicious code.
A day earlier, security vendor Palo Alto Networks revealed a campaign in which hackers were transferring malware to Apple devices through infected desktop applications downloaded from a Chinese marketplace.
The attack was a novel one in that it compromised iOS devices that had not been jailbroken, or altered to remove the restrictions that prevent people from downloading apps outside of the thoroughly-vetted App store.
About 467 Mac desktop applications were found to be infected with WireLurker at an app store for Chinese users called Maiyadi. The malware waits until an iOS device is connected to the desktop via USB, then uses one of a two methods to infect the mobile device. WireLurker can then steal data from the device, such as phone logs.
Apple didn’t say exactly what steps it has taken to stop the attack, but said “we are aware of malicious software available from a download site aimed at users in China, and weve blocked the identified apps to prevent them from launching.”
The company reiterated its longstanding advice to download software only from trusted sources.
Dave Jevans, founder and CTO for mobile security company Marble Security, said Apple had a few different options for thwarting WireLurker.
One way it infects devices is by using an enterprise provisioning certificate, which is used by developers building apps for in-house that don’t appear on the App Store. The certificates are what allows those apps to run on iOS, and in the hands of a malicious hacker could be used to spread infected applications. Apple revoked the certificate used by WireLurker’s creators, Jevans said.
That would help protect phones that aren’t jailbroken from running infected apps, but it might not help those whose devices have already been infected, he said.
Apple could also update Safari to prevent people from navigating to the Maiyadi website, but users would still be able to get there using Chrome or other browsers. The company could also update its XProtect antivirus engine with a signature to block WireLurker installations, Jevans said.