Monthly Archives: March 2014

The seven-book print set of Harry Potter books autographed by author J.K. Rowling are seen at the National Braille Press in Boston in 2007.

Image: Bizuayehu Tesfaye

Author J.K. Rowling and Warner Bros. have revealed that a Harry Potter spinoff will be released as a trilogy.

Fans first learned of the spinoff in September, when Rowling announced she had written the screenplays for a series of films.

See also: Disney Confirms ‘Incredibles’ and ‘Cars’ Sequels

Rowling, who released seven main Harry Potter books between 1997 and 2007 and inspired eight subsequent films based on those novels, is adapting her book Fantastic Beasts and Where to Find Them to create these three new “megamovies.” Rowling’s Fantastic Beasts, published in 2001, is also a fictional textbook used at the series’ magical school, Hogwarts.

Warner Bros. executive Kevin Tsujihara detailed the plans to the New York Times:

Three mega movies are planned. The main character will be a “magizoologist” named Newt Scamander. The stories, neither prequels or sequels, will start in New York about seven decades before the arrival of Mr. Potter and his pals.

The cast has yet to be revealed, though Rowling has given some insight into project.

“The laws and customs of the hidden magical society will be familiar to anyone who has read the Harry Potter books or seen the films,” she previously said in a statement.

Want to see those actors as they were and as they now are? Check out:

‘Harry Potter’ Actors: Then and Now

Via: mashable

Healthcare.gov is down for maintenance at the most inopportune time according to CNBC. Users are reporting not being able to access the U.S. government’s healthcare marketplace on the last day before the deadline. Technical problems due to scheduled maintenance is to blame.

The number of Obamacare signups is projected to reach 7 million enrollees by the end of the day.

As in the past, when some visitors attempted to visit the website, they were placed in a virtual waiting room until virtual space was freed in the virtual marketplace. Users from several states reported issues and an Obama administration official confirmed the outage.

Today is the deadline to obtain healthcare or face a tax penalty of $95 or 1 percent of your taxable income, whichever is greater. Procrastination is a horrible disease.

Via: techcrunch

According to Make-A-Wish, Blizzard has donated $1,000,000 to the charitable organization. The money comes from the November and December 2013 sale of the Alterac Brew Pup; which given that 50% of the proceeds from the sale were going to the charity, means that the in-game pet brought in $2 Million for Blizzard.

Blizzard has a long history of working with Make-A-Wish. Besides donating over $3 Million since 2010, they also have done amazing things like bringing in the late Ezra Chatterton to get his own weapon, receive a character boost before anyone else, get the first Ashes of A’lar in the world, and generally have an awesome day.

We firmly support Make-A-Wish and the life-changing impact of a wish experience,” said Mike Morhaime, according to Make-A-Wish. “We’re also incredibly grateful for the generosity of our World of Warcraft players- we’re always proud to work with our community in championing a good cause.”

Via: joystiq

It’s generally accepted that flight safety videos are a boring formality to which no one pays attention. In years past, as your flight taxied out of the gate and towards the runway, you could count on people putting their heads down and ignoring the flight safety video and the flight attendants’ emergency instructions prior to takeoff. A funny thing happened a few years ago though; Delta Air Lines must have realized that people hate the flight safety video, so they decided to spice it up a little. Knowing exactly what would catch the passengers’ attention, Delta started playing a pre-flight safety video that features the gorgeous redhead Katherine Lee. If you’ve taken a Delta flight over the last few years, you know Katherine Lee. She’s the sassy flight attendant who wags her finger at you if you do something bad like try to smoke. Katherine is a real flight attendant for Delta with the upside of being incredibly watchable, which makes Delta’s pre-flight safety videos something to enjoy rather than tolerate. It’s not unusual to hear laughter throughout the cabin as Katherine’s character lays down the flight rules interlaced with playful innuendo. So where does the flight safety video go from here?

Air New Zealand must have liked Delta’s spicy flight safety video idea, but they’ve decided to take it a step further. Whereas Katherine’s character for Delta isn’t overtly serving as eye candy, Air New Zealand throws that plausible deniability to the wind and brings in swimsuit models to recite the flight safety procedures. And not just any swimsuit models – Sports Illustrated swimsuit models. Do you suppose they might catch the attention of a few of the passengers who were about to zone out into their iPads? We’re guessing yes. Watch below as Sports Illustrated swimsuit models Jessica Gomes, Chrissy Teigen, Hannah Davis and Ariel Meredith lay out the flight safety rules for Air New Zealand. Since this video is also meant to celebrate the 50th anniversary of Sports Illustrated‘s Swimsuit Edition, they’ve even incorporated the legendary Christie Brinkley, who is looking pretty darn good at 60 years old (thanks to Chuck Norris and the Total Gym). Since being posted online, the video has gone viral with hundreds of thousands of views in just two days!

via: viraltrek

Spotify is making a land grab.

In a space that continues to fill up with competition from small startups and incumbents alike, Spotify is trying to acquire as many new users as possible with the launch of a 50 percent discount for college students.

The discount takes Spotify’s premium $10 subscription and slashes it in half, as long as the user is registered in any four-year, two-year or junior college in the country. SheetID will verify that these subscribers are, in fact, enrolled in school.

The idea here is to grab new users as quickly as possible, and worry about the money later. And eventually, without a doubt, Spotify will have to worry about the money.

Streaming music is an expensive business, which is why so many of these apps and services struggle to make money. Another reason they struggle is that big boys like Spotify and Pandora have already won over a major chunk of the audience.

Then again, Spotify has plenty of cash lying around.

This isn’t the first time that Spotify has tried to make its service more affordable and attractive to potential users. In December, Spotify announced a free internet radio-type product called Shuffle for smartphones, and opened up full, free access on Android tablets.

But even with the discounts and the free products, it’s a tough world out there for a streaming music startup. Even one valued at $4 billion.

Students interested in taking advantage of the discount can sign up here.

Via: techcrunch

Microsoft has released a security bulletin announcing of a zero-day vulnerability affecting Microsoft Word. Furthermore, the company states that there are “limited, targeted attacks directed at Microsoft Word 2010.” If exploited, this vulnerability (CVE-2014-1761) could allow a remote attacker to execute commands remotely via specially crafted files and email messages.

Microsoft has also released preliminary details of the vulnerability and the exploit code. The vulnerability is exploited if a user opens an RTF file in Microsoft Word or previews or opens an RTF email message in Microsoft Outlook using Microsoft Word as the email viewer. It should be noted that Microsoft Word is the default email reader for Microsoft Outlook 2007, Microsoft Outlook 2010, and Microsoft Outlook 2013.

Several workarounds were included in Microsoft’s initial bulletin, including disabling opening of RTF files and enforcing Word to always open said type of file in Protected View. A fixtool has also been made available to help address the vulnerability while Microsoft works on a more permanent solution.

What’s interesting is that Microsoft Word 2003 is listed as one of the affected software for this particular vulnerability—just a couple of weeks before support for Microsoft Office 2003 ends on April 8^th.  We advise users to upgrade to later versions of the software to continue receiving security updates.

We are currently looking into this vulnerability and will provide further information as appropriate. Trend Micro Deep Security has released a new deep packet inspection (DPI) rule to protect against exploits leveraging this vulnerability:

• 1005990 – Microsoft Word RTF Remote Code Execution Vulnerability (CVE-2014-1761)
  

Via: trendmicro

Banks impacted by the Target breach are suing the company as well as security firm Trustwave.

Banks impacted in the late-2013 breach of Target have banded together to file a class-action against the retail giant, as well as against Trustwave, a Chicago-based security firm said in the lawsuit to have failed to bring Target’s systems up to industry standards.

“On information and belief, Trustwave scanned Target’s computer systems on [Sept.] 20, 2013 and told Target that there were no vulnerabilities in Target’s computer systems,” according to documents filed on Monday in U.S. District Court in Chicago by Trustmark National Bank and Green Bank, N.A.

The documents, filed on behalf of all similarly situated institutions, continued, “To the contrary, however, and as reported by The New York Times, Target kept credit and debit card data on its servers for six full days before hackers transmitted the data to a separate webserver outside of Target’s network.”

These vulnerabilities, “either undetected or ignored by Trustwave,” enabled the hackers to pilfer 40 million payment cards and encrypted PIN data, among heaps of other personal information, according to the documents, which add that the breach was preventable.

Sourcing the Consumer Bankers Association, the documents state that U.S. member banks have already spent $172 million reissuing stolen cards, and, sourcing global investment banking firm Jefferies, the documents suggest that payment card issuers may in total suffer upwards of a billion dollars in damages as a result of the breach.

Via: scmagazine

Tumblr has added a very important security feature to its service, with the addition of two-factor authentication – an option available within the blogging service’s “Settings” section as of now. The move sees Tumblr at last joining the ranks of other top tech companies, including Facebook, Google, LinkedIn and Twitter, the majority of which offer some sort of two-factor authentication in order to provide an extra layer of security and protection for user accounts, making them less vulnerable to unauthorized access by hackers.

Two-factor authentication, for those who don’t understand what that means, is a blanket term describing a method involving two stages (factors) for verifying a user’s identity. Simply put, it means you need two things in order to prove you are who you say you are – not just a username and password. One typical scenario would involve a user providing something they know, like a password, combined with something they have, like a cell phone tied to a verified phone number.

In Tumblr’s case, the cell phone scenario is exactly the method they’re using. On the Account Settings page, users can first step up two-factor authentication by doing the following:

• Click “Enable” next the new Two-Factor setting
  
• Enter your cell phone number and Tumblr password
  
• Decide if you want to get the code via text message or an authenticator app (like Google Authenticator). Or both.
  
• Follow the steps on the Settings page to complete the process, which includes configuring two-factor for your Tumblr mobile apps.
  

After setup is complete, you’ll then need to provide the authentication code at the time of login in an additional field below the username and password box on the web (see screenshot above). On mobile, you’ll also need to generate a special one-time password in order to log in through your mobile apps on iOS or Android, Tumblr notes.

Unfortunately, in initial tests, we had some difficulties getting Tumblr to accept the provided code, and attempts at having the code re-sent failed, implying there could still be some kinks in to work out here. [Update: after waiting a bit and trying a third time, the system worked flawlessly.]

Tumblr users with two-factor authentication switched on will immediately be less vulnerable to attacks and hacking attempts. While nothing will absolutely protect you from someone determined to gain unauthorized access to your account on Tumblr or anywhere else, two-factor authentication makes it much harder, as the would-be hacker would need both your username and password, and physical access to your phone to proceed.

Tumblr until recently was one of the few companies cited on TwoFactorAuth.org, a website that lists which services support two-factor (abbreviated 2FA), and which methods they offer – like SMS, Google Auth, Authy, or another custom method. Most of the big-name tech companies – at least in the social space – either support 2FA or have it in development, like Reddit, noted as being “in progress.” Tumblr, however, was the only social service listed that was noted as lacking 2FA altogether.

More info on the new feature is available here on Tumblr’s website.

Via: techcrunch

The new European Union data protection regulation to replace the outdated 1995 directive will not be finalised before May’s European Parliament elections.

The council of ministers’ lawyer is challenging the “one stop shop” principle, which is a major setback for the European Commission and humiliation for EU Justice Commissioner Viviane Reding, who has championed the reforms.

After 27 months of intense lobbying and debate, we are no closer to being able to say exactly what the future of the law reform process looks like or how it will affect business in the region – despite the European Parliament voting to adopt the draft legislation on its first reading on 12 March, to consolidate the work done so far and hand it over to the next Parliament. This means that MEPs newly elected in May 2014 can decide not to start from scratch, but instead build on work done during the current term.

But for many people in business, the outlines of the regulation set out in the proposed draft  and what it will all mean, has become obscured by a storm of controversy.

The UK government is deeply opposed, and now that there is a storm of Euro-scepticism setting in across much of Europe, the draft regulation is likely to remain controversial for the foreseeable future.

A review of the draft in late 2013 by the Committee on Civil Liberties, Justice and Home Affairs (LIBE) unleashed even more debate that resulted in 91 amendments.

These in turn gave rise to further debate as the European Parliament sought to thrash out a final version of the regulation through a series of negotiations with member states.

Stewart Room, partner at law firm Field Fisher Waterhouse believes there will be a new law in the medium term because there is consensus across Europe and the data controller community that change is needed. However, he does not believe that a regulation is certain.

“I would much prefer to hedge my bets on an amended data protection directive of much less ambition than Viviane Reding’s model,” he told Computer Weekly.

But despite the confusion in the law reform process, Room says there is no reason for businesses to wait until the final version is agreed and published before taking any action – EU data protection regulators are acting as if the regulation were already in force on key points, so there will be no excuse for being unprepared when the new law comes into force, whatever its make up or complexion.

Room believes that the greatest effects will be around corporate governance and enforcement, which will involve a lot more red tape for businesses and costs that they will inevitably pass on to customers.

According to Field Fisher Waterhouse, after clearing away all the misleading and irrelevant clutter, there are 10 key features of Viviane Reding’s model that now need to be debated properly. These are:

1. ‘One stop shop’ versus ‘lead authority’

The “one stop shop” mechanism – whereby local data protection watchdogs can act on behalf of all EU countries – has been replaced by the concept of a “lead authority”, which will be responsible for consulting with the other competent authorities, taking their opinions into account and working towards an agreed position.

Room says this proposal is unlikely to satisfy global businesses because he sees the proposal as a “fudge” that looks good on paper. “There will still be too many regulatory views put into the system to call it streamlined and business friendly,” he says.

2. Increased fines

The draft has introduced significant fines and sanctions. Businesses that do not comply with the new regulation could be subject to fines of up to €100m or 5% of annual worldwide turnover, whichever is greater.

This is a significant increase from the original 2% proposed. Written warnings for first offences and regular data protection audits have also been proposed as an alternative to the standard financial sanctions.

Room says  the new regime needs to focus more on positive incentives for compliance. “Presently there are none. This is a big mistake. Businesses often respond better to carrots than sticks,” he says.

3. Icon-based privacy notices

A new concept is the requirement for information to be provided to individuals in two ways: (i) in a yes/no icon-based table; and (ii) in a detailed notice.

This means it is highly likely that businesses will need to update all of their existing transparency mechanisms to meet this additional obligation, incurring unavoidable external costs.

“From an online shopper’s point of view there will be very little change except that privacy notices will be more prominent than before, but basic interactions with businesses online will essentially remain the same,” says Room.

Beyond this, users of online services are unlikely to be aware of any extra protection afforded by the new regulation. In fact, Room says it may take decades before any real benefits become obvious.

4. Privacy impact assessments (PIAs)

Businesses will be required to complete PIAs at least annually and in some instances the data protection officer or supervisory authority will need to be consulted. This is another example of increased administration and costs for businesses as a result of the proposals.

However, Room says that businesses do need to think hard about privacy risk. In the long run, he believes that businesses everywhere will see PIAs as part of the core business.

5. Increased threshold for appointment of Data Protection Officers (DPO)

The latest draft also introduces a requirement for all businesses processing personal data relating to 5,000 or more data subjects in any consecutive 12-month period, to appoint a DPO. It also introduces a two- or four-year minimum term for the DPO and they must also meet certain minimum criteria to be appointed.

Room is deeply critical of the DPO proposal. He does not see is as being evidence-based. “Businesses should have more flexibility about mechanisms they implement for monitoring compliance,” he says.

6. Territorial scope

The scope of the law has been extended so that it would also apply to businesses outside of the EU as long as they are processing personal data related to individuals established within the EU. This includes businesses processing personal data in order to offer services to or to monitor data subjects in the EU.

According to Room, this ultimately means that most website operators anywhere in the world could be captured and would be directly subject to EU law. But, in reality, the law firm says it is difficult to see how EU authorities would effectively monitor and enforce the regulation against non-EU businesses.

7. Distorted scope of international data transfers

The criteria for assessing adequacy has been amended, blurring the lines of what is acceptable in relation to data transfers to non-EU countries. However, Field Fisher Waterhouse believes for those businesses that frequently transfer personal data from the EU to third countries, they may be able to transfer data more freely if both the EU-based data controller and the non-EU recipient have been granted a valid European data protection seal.

8. European data protection seal (certification by authority or third party)

The latest draft encourages businesses to certify their data processing with a supervisory authority. When granted, the certification would be valid for up to five years and recorded on a public register.

Field Fisher Waterhouse says the primary benefit of this proposal is that it potentially provides businesses with lawful grounds for international transfers.

However, Room is sceptical about the viability of seal proposals. “Europe got it deeply wrong on e-signatures seals and killed the industry for trust certificates in Europe. My main concern is that business is too proprietorial to adopt seals, and trust authorities are too cumbersome or inefficient to scale,” he says.

9. Data breaches to be reported ‘without undue delay’

The latest draft requires notification “without undue delay” as opposed to “within 24 hours”where there has been a data breach. There is also an obligation on supervisory authorities to maintain a public register of the types of breach notified.

This will place greater emphasis on the compliance function of most businesses to ensure internal policies and procedures are implemented and maintained.

“I am a big fan of breach disclosure as a theoretical benefit for consumers and the economy, but too much disclosure creates information overload. It is also worrying that breach disclosure could be merely creating a sausage machine for data protection fines,” says Room.

10. Consent must be freely given

Consent must be freely given and obtained for a specific purpose. Many have expressed concerns that to obtain “explicit” consent may not be achievable in many cases. However, the concept has been retained in the latest draft, so unless this is removed in the final stages, businesses and websites that currently rely on implied consent will face difficulties.

Considering the above 10 points, Room believes that core business processes will be affected little, with most changes relating to corporate governance and supervision.

“If the regulation survives, you will see a lot more red tape around corporate governance and much more regulatory intervention,” he warns.

This means businesses will have to spend more time each year on new processes that enable them to demonstrate they are taking reasonable steps to ensure all personal data is protected adequately.

The most evident initial effect of the new regulation, therefore, is likely to be financial as providers of goods and services online pass those costs on to their customers.

The same is true when it comes to enforcement of the new regulations, which will, for example, require much more careful categorisation of data to ensure personal data is properly identified and protected.

The new regulation, therefore, would be likely to result in a lot more interference in business processes by data protection authorities.

This has led to some businesses questioning whether data protection authorities are to be trusted with the extra powers that will come with the new regulation.

In the UK, at least, the outlook is bright. Room says UK data protection authority, the Information Commissioner’s Office (ICO) is a much better regulator than it was back in 2011.

“I am seeing much more maturity in terms of enforcement which has led to a better understanding of business issues. From the business perspective, the ICO is to be congratulated,” he says.

However, Room says not all EU data protection authorities have matured in a similar way, which means some countries will see a marked increase in enforcement action.

Only once the maturing process is complete in all countries, he says, will the EU as a whole enjoy a better level of privacy with all data protection regulators working in partnership with business.

Via: computerweekly

Google announced that it has enhanced encryption for its Gmail email service, bolstering security to protect customers from prying eyes, especially those of governments.

As of today, Gmail will “always use an encrypted HTTPS connection” whenever a user checks their mail, or sends a new missive. According to Google, the expanded protection will ensure that your mail is safe from being snooped on as it travels from your machine to Google’s data centers. This means you are protected regardless of what sort of network you are logged into, either a public connection or whatever else.

Perhaps even more importantly now, messages inside of the Google datacenter network will be encrypted — so as your note moves from one Gmail server to another, it will be protected.

This matters as it was revealed recently that the NSA was tapping the cables between foreign data centers of United States technology companies, to mine information directly. Google delicately calls the effort a “top priority after last summer’s revelations.”

In other words: Back off, NSA.

The above must and will become the default for more than email, I think. Encryption should be pervasive and airtight, both internally and externally. Startups are beginning to follow this arc of history. Convo recently implemented at-rest encryption, and so forth.

If they won’t keep their damn hands off our stuff, we can make sure at least that what they steal they can’t read.

Via: techcrunch