Our substance is short yet to the point, and intended to challenge you to live in and nurture with IT technologies. @http://thecorlissreviewgroup.com

Thursday, May 21, 2015

Microsoft finally unveils its new browser called Edge

At last the long wait is over, Microsoft finally reveals its official name for its new web browser plans last January, dubbed as Microsoft Edge, which is previously code-named Project Spartan.

Microsoft made the announcement at the annual Build Developer Conference 2015. Edge will replace Internet Explorer as the default browser of Windows 10 PCs, smartphones and tablets. It's not surprising that the nickname "Edge" is based on the new rendering engine that Microsoft is using for its Windows 10 browser which is called EdgeHTML.

Joe Belfiore, the Corporate Vice President, Operating Systems Group at Microsoft also said that the name was referred to the idea of Microsoft being on the edge of consuming and creating.

Microsoft Edge is designed to be a lightweight web browser with a layout engine built around web standards that is created for interoperability with the contemporary web.

The browser's new logo appears to be similar to the Internet Explorer's logo. However, the directions of the swirls have been changed and the color is a bit darker.

Microsoft Edge consists of unique features such as the ability to annotate on web pages, modern and futuristic design for new tabs which appear to have a flat design concept, jotting down notes or draw on top of web pages for a great way of reading and consuming content, favorites folder built into the browser, thumbnails of frequently visited websites, web applications and further integration with digital assistant Cortana to offer more personalized results and actions.

Developers will be able to carry their Chrome extensions or Firefox add-ons with just a couple of changes to Microsoft Edge.

Microsoft Edge also enables users to engage with sites and provide them a chance at starting to write some web code, which they may put into an application through web extensions built into the web browser.

Stay tuned on The Corliss Tech Review Group blog for more updates.

Monday, May 18, 2015

European Union accuses Google of market abuse

European Union has formally charged Google of abusing its dominant position on the internet search market.

According to a Corliss Tech Review Group report, Google has used its gigantic power as a search engine to redirect internet users from rivals to its own services, which include YouTube and its own social network Google+.

Expedia, Microsoft, and TripAdvisor, which are Google’s competitors, declare that its way of promoting its own companies above rivals on its search engine stops them from contending on a level playing field.

Insiders claim the case could prove just as costly as the EU's decade-long battle with Microsoft, which ultimately cost the company £1.6 billion in fines.

If Google fails to rebut any formal charges imposed by Brussels, the commission could impose a huge fine which could exceed £4 billion which is about 10% of Google's most recent annual revenue.

More than twenty four European organizations have filed antitrust complaints against Google. Many are from powerful publishing groups and online firms in Germany.

They have previously requested to force Google to stop blocking competition in sections like online maps, travel and shopping services.

Moreover, lawyers from France also requested for Google to reveal its secret formula for ranking websites but Google argues such transparency would expose its business secrets to rivals and leave the search engine vulnerable to spam.

In accusing Google of anti-competitive practices against rival shopping sites, the EU competition authority said it is continuing to investigate other areas, including alleged "web scraping" to copy content off of rival travel and local business review sites, and Google's restrictive practices on advertising.

Android Investigation

EU will be likely to probe Google’s operating mobile operating system Android.

The investigation will center on whether Google has entered into anti-competitive agreements or abused a possible dominant position in the field of operating systems, applications and services for smart mobile devices.

Google has given 10 weeks to reply and they will also get the chance to argue their case in a formal hearing.  But if it finds the company in the wrong then it would face the legal consequences and must change the way it does business in Europe.

The competition commissioner also claims that Smartphones, tablets and similar devices play an increasing role in many people's daily lives, and she wants to make sure the markets in the area can flourish without anti-competitive restrictions inflicted by some company.

Tuesday, May 12, 2015

The Corliss Group Tech Review: Bank hackers steal millions worldwide

The banking sector has been a frequent target for hackers nowadays. As much as US$1 billion were stolen from banks and other financial companies worldwide in about two years, wherein it is considered as one of the biggest banking breaches known, by a multinational gang of cybercriminals dubbed as the "Carbanak gang" originating from Russia, Ukraine, and other parts of Europe as well as from China.

The gang targeted banks, electronic payment systems, and other financial institutions worldwide with the majority of the targets in Russia, USA, Germany, China and Ukraine. They already infiltrated more than 100 banks in 30 countries, stealing as much as $10 million in each raid.

Kaspersky Lab and authorities from different countries had combine efforts to uncover how the criminals act. On average, each bank cyber robbery took between two and four months from infecting the first computer at the bank's corporate network to cashing the money out.

The cybercriminals used Carbanak malware to infect the bank's network giving them access to the employees' computers, and letting them see and record everything that happened on the screens of staff who service the cash transfer systems. This way the fraudsters got to know every last detail of the bankers work that show them how to mimic the staff to transfer the money and cash out.

Once the time came to exploit on their activities, the fraudsters used online banking or international e-payment systems to transfer money to their accounts.  In the second case, the stolen money was transferred to banks in China and the US.

In other cases, cybercriminals penetrated right into the very center of the accounting systems, inflating account balances before getting the extra money through a counterfeit transaction. For instance, the account has $1,000 and the criminals can change its value to $10,000 and then transfer $9,000 to themselves. The account holder doesn't suspect a problem because the original $1,000 dollars is still there.

In addition, the cybercriminals can also take control of banks' ATMs and order them to dispense cash at a specific time. When the payment was due, one of the gang's underlings was waiting next to the machine to collect the 'voluntary' payment.

Kaspersky did not identify the banks affected by the attacks because of a confidentiality agreement. They are still working with law-enforcement organizations to investigate the attacks.

Research says that the first malicious samples were compiled in August 2013 when the cybercriminals began to test the Carbanak malware and the first infections were detected in December 2013. The gang was believed to successfully steal from their first victims during the period of February to April 2014. The peak of infections was recorded in June 2014.

However the campaign is still currently active. Kaspersky urge all financial organizations to carefully scan the network for presence of Carbanak malware and if detected, report the intrusion to law enforcement.

Monday, April 27, 2015

Google Reduced Fifty Percent of Android Malwares

As stated by Corliss Tech Review Group, a malware is a type of software that is specifically created to gain access or damage user’s sensitive data.

Android has long been seen as vulnerable to malware because it is an open platform and several devices run older versions of the mobile operating system. Android is also one of the world’s most popular mobile platform where it powers hundreds of millions of mobile devices in more than 190 countries worldwide, but its popularity has also made it a magnet for malwares based on Corliss Tech Review Group.

In the past year, Google claims that malware infections on Android devices have been reduced in half after notable developments and security upgrades for mobile phones such as improved encryption and better detection tools for malware.

According to a blog post of Google’s chief security engineer, Adrian Ludwig, the overall worldwide percentage of possibly harmful applications installed are decreased by almost fifty percent during the first and the fourth quarter of the year. Android devices in use worldwide which are over 1 billion have their devices protected by security through Google Play wherein it conducts two hundred million security scans every day and less than 1% of the devices had potentially harmful applications installed in 2014.

Google also states that the rate of possibly malicious applications installed on devices which only use Google Play apps was less than 0.15%.

Ludwig also ensured that Android is a safe place and they are still making improvements to enhance protections for Android devices wherein they are being more hands-on in reviewing applications for all types of policy violations within Google Play and they have also increased their efforts to increase security for specific higher-risk devices and regions outside of Google Play.

Monday, April 20, 2015

The Corliss Group Latest Tech Review: How secure are payment technologies?

New payment technologies have the potential to make shopping online and in store more secure, but banks, tech companies and shops must first move to upgrade their systems efficiently and correctly, say cyber safety experts.

The payments industry is working to make it faster and more convenient to move money around. Yet, if implemented wrongly, this can make life easier for hackers too, the security experts say.

“Many of these evolutionary or revolutionary changes have been driven by convenience and ease of use, and often accepting a certain amount of risk,” says Amit Mital, chief technology officer of security firm Symantec.

Making the purchase of goods more secure is a priority for retailers, banks and payment companies. In the US, where payment card technology is less sophisticated than in Europe, retailers have recently been hit by massive data breaches, in which hackers have been able to steal tens of millions of customers’ card and personal data.

The highest-profile technology to hit the market is Apple Pay, which works with the iPhone 6s. It lets shoppers store their credit card information on their iPhone and pay for goods by tapping the phone on an in-store receiver. Because of a technology called “tokenisation” experts say it is more secure than current card systems.

With tokenisation, merchants receive data that obscures the shopper’s actual credit card number, reducing the chance that hackers can steal usable data from merchants’ internal systems. Because iPhones use fingerprint recognition to verify shoppers’ identity, it is also nearly impossible for a thief to steal an iPhone and make a purchase.

“We do not see any concern on our side in terms of security,” says Thierry Denis, president in North America for Ingenico, a manufacturer of credit card readers.

But there is a catch. In the first few months after Apple Pay’s launch last year, thieves have been able to take stolen credit cards, load them on to iPhones, and go shopping. They have not compromised the technology, but have got through the banks’ processes for checking — during the Apple Pay set-up — that the customer adding the card to his or her phone is the card’s real owner.

That fraud started showing up within a month of Apple Pay’s launch last year, with the level of fraud seen through the set-up far higher than that seen typically seen in credit cards, according to Cherian Abraham, a payments analyst who wrote one of the first blog posts to call attention to the issue. Given Apple’s sophisticated technology, the fraud was a “surprise to all”, he wrote.

Mr Mital of Symantec said the recent incidents of fraud on Apple Pay were “more of a failure in process than in technology”.

Joe Majka, chief security officer of Verifone, a manufacturer of point of sale terminals where shoppers swipe their cards, says that better encryption on such devices could be a security “game changer”, if widely adopted.

Like tokenisation, encryption means that hackers cannot make as much use of data they might steal if they are able to get into a retailer’s network.

Retailers have been slow to adopt such encrypted systems for various reasons. Regulations in the US are changing later this year and retailers will soon be responsible for the cost of fraud if they do not accept chip-and-pin cards, which make transactions more secure than when users just swipe their card.

But small retailers do not often see fraudulent purchases and so may be reluctant to spend on upgrading, without realising that their older systems mean they could be giving hackers a way to steal their customers’ data, says Mr Majka.

For larger retailers, making the shift takes work.

“When you talk to merchants and [payment] processors,” says Mr Majka, “there are so many changes in their systems, in their coding, that have to be made to accommodate an encrypted transaction.”
Other innovations featuring purely digital mobile payments via apps also face risks.

Cash-transfer app Venmo, which is owned by PayPal, recently faced media reports highlighting how hackers could access the app to transfer money to themselves.

Venmo has since added better email notifications and is adding multi-factor authentication to make logging in more secure. But the fact that this was already standard on services such as Gmail underlines how companies do not always use the most secure solutions available on the market.

Similarly, while US banks have been rolling out the more secure chip-and-pin cards for many months in anticipation of the regulatory changes this year, they are not yet available to all consumers.

Mr Majka of Verifone replaced his card recently and wanted a chip card. His bank, however, said he would have to wait. “It’s a little disappointing,” he says.

Wednesday, April 15, 2015

The Corliss Group Latest Tech Review - Protect Your Assets By Practicing Common-Sense Cybersecurity

Let’s get the scary stuff out of the way upfront: Cybercrime costs the global economy $575 billion annually, according to reports. The United States takes a $100 billion hit, the largest of any country, according to Politico. A report from former U.S. intelligence officials counted 40 million people whose personal information was stolen within the past year.

Online theft is huge, and it only seems to be getting worse. Hardly a week goes by without some story about hackers penetrating a computer system somewhere. Corporations, individuals, even White House servers were hacked last week. I sometimes wonder just how difficult it is for a determined bad guy to access grandma’s checking account or your neighbor’s IRA and grab those assets.

I am not the only one thinking about this. New York State Department of Financial Services issued a report on cybersecurity in the banking sector, where more than 150 organizations rely on third-party service providers for critical banking functions. The regulators want the banks to tighten security.

So should you.

We spend most of our time in financial markets looking at ways to deploy our capital: What assets to buy or sell, how much we should save for retirement, whether we should own more of these stocks and less of those bonds.

We don’t spend so much time thinking about the ways we can lose that money — to fraud and to common theft. We should be more vigilant, especially as we move our lives online, with digital access to our checking and savings accounts, our online portfolios, even our taxes.

It is impossible to make yourself hack-proof, but you can make yourself less vulnerable.

It all starts with some common-sense security steps. Three ways you probably can improve your existing practices: Develop better e-mail habits, beef up password security and (as always) remember that your behavior is the root of most of your problems.

Get your e-mail act together

Every day, your inbox fills with all manner of junk. Some of it is merely time-wasting nonsense, but let’s not forget about the really dangerous stuff: phishing schemes, malicious viruses and malware. It seems the only reprieve we get are those rare occasions when the main servers in Russia — a.k.a. Spambot Central — gets temporarily knocked off-line.

It’s more than a huge productivity killer, it’s a financial hazard. That $100 billion a year we mentioned above comes out of everyone’s pockets. Even if you have not been hacked, you are paying for it in some way. Banking costs are higher as financial firms spend hundreds of millions of dollars a year on security.

People have tried a variety of ways to tackle this: Filters, whitelists, e-mail verifiers and trusted ID services; disposable ­ e-mail addresses from sites such as Mailinator; “junk” e-mail addresses from Hotmail, Yahoo or Google. And still the danger keeps coming.

I have a few tricks I use to keep the really nasty stuff under control, such as:

●View e-mail as plain text.

All of the bad links, embedded viruses and other malware go away when you select “view as plain text.” Sure, you lose all of the graphics and links, but you lose the threats as well.

●Create a primary e-mail address.

This is your main address — for colleagues, clients and peers. Never share this e-mail address. Don’t subscribe to anything using this address — no Internet mailing lists, no subscriptions, nada. Use this address alone for your finance- and business-related e-mails. Anything unrelated is junk; treat it that way. Block the domains of senders. Mark junk mail as junk.

●Use an e-mail forwarder.

I have been a big fan of Leemail.me. Instead of giving out my e-mail address, I use Leemail to auto-generate an address whenever I want to share my e-mail with an unfamiliar company. It forwards my e-mail from the company to me. When I want to shut that sender off, I flick a button.

Tracking the companies that share or sell your e-mail address is invaluable. The basic version of Leemail is, astonishingly, free, and the upgrade is only a few bucks a year.

●Don’t hit “unsubscribe”; get blacklisted instead.

There are a number of companies that provide e-mail services to third parties, shops such as Constant Contact, Vertical Response and iContact. They are the middlemen between businesses and consumers. And while they claim to be “opt-in only” and not spammers, in truth, they are subject to whatever bad behaviors their clients engage in. They all have become legal quasi-spammers.

On every e-mail these companies send, there is an unsubscribe button. NEVER CLICK THAT. When you do, you are not unsubscribing. Rather, you are verifying that your e-mail address is legitimate.

Instead, go to the company Web site and track down the customer service number. Call customer service and insist on having your e-mail or domain “blacklisted.” Thats the only way to ensure you will truly be unsubscribed. If the company refuses, file a Federal Trade Commission complaint.

Password security

If you were like I was five years ago, you had one simple password that you used for everything — Amazon, Facebook, Wall Street Journal — everywhere. This could’ve been disastrous. Now all passwords are different. Avoid the common errors, such as using birthdays or your kids’ names. Never use sequential numbers. And for goodness sake, don’t use “password” as your actual password.

Put all of your passwords on a document named something other than “My passwords.” I find burying passwords somewhere in a spreadsheet to be useful. Print out a copy and place it in your safety deposit box with other important papers.

Your biggest risk? You.

I have said all too often that when it comes to investing, people are their own worst enemy. Behavioral problems are rife in security as well. Get into the practice of thinking about security, and soon it becomes second nature.

The Securities and Exchange Commission has gotten much more serious about personal financial data security. They have informed advisers and brokers that there is a duty to protect client data. When we set up our wealth-management practice, we put into place specific policies and procedures to protect clients:

● All sensitive information is sent by secure e-mail using a third party for encryption.

● We never e-mail Social Security numbers or account numbers or other private data via regular email.

● We went totally paperless. Our file cabinets are empty, everything is cloud based.

● Any documents that arrive are shredded, so even our outgoing garbage is secure with nothing usable to a thief.

Most of this is common sense. However, many people are still vulnerable. With smarts and a bit of awareness, you can make your financial assets much more secure.

Monday, April 13, 2015

The Corliss Group Latest Tech Review - Us Regulator To Impose New Cyber Security Standards For Banks And Their Supply Chain

A new report highlighting deficiencies in US banks' oversight of suppliers' cyber security should serve to remind financial services companies in Europe of the due diligence they need to undertake, an expert has said.

Financial services and technology law expert Angus McFadyen of Pinsent Masons, the law firm behind Out-Law.com, said that regulators in both the US and Europe are increasingly interested in what financial services companies are doing to address cyber security threats.

McFadyen was commenting after the New York State Department of Financial Services (NYDFS) announced its intention to introduce new regulations "strengthening cyber security standards for banks' third-party vendors" in the "coming weeks".

The announcement was made as it revealed that fewer than half of the banks it surveyed said they do not "conduct any on-site assessments" of "high-risk" suppliers, such as data processing companies and other suppliers that typically have access to "sensitive bank or customer data".

The NYDFS report (7-page / 313KB PDF) also said that only about 30% of the banks surveyed "require their third-party vendors to notify them in the event of an information security breach or other cyber security breach".

A fifth of the banks do not require suppliers to set "minimum information security requirements", whilst of those that do only a third "require those information security requirements to be extended to subcontractors of the third-party vendors", it said.

"A bank's cyber security is often only as good as the cyber security of its vendors," Benjamin Lawsky, superintendent of financial services at the NYDFS, said. "Unfortunately, those third-party firms can provide a backdoor entrance to hackers who are seeking to steal sensitive bank customer data. We will move forward quickly, together with the banks we regulate, to address this urgent matter."

McFadyen said that although "security is a growing concern on both sides of the Atlantic" the action proposed by the NYDFS is "the most forthright we’ve seen".

"European regulators are also actively looking at security," McFadyen said. "We’ve seen new rules around payment security come out of Europe and the Financial Conduct Authority’s (FCA's) own guidance on bank outsourcing touches on its importance. Security measures are rarely perfect, as we’ve seen with the takedown of the French TV channel TV5Monde, but the risks presented by a compromise in the sector are growing as we are increasingly digitising financial services."

McFadyen pointed to a recent announcement by the FCA on the implementation of new internet payments security guidelines in the UK as highlighting the regulatory focus there is on cyber security.

The FCA has said it will incorporate the new guidelines into its "supervisory framework" at the same time as the new EU Payment Services Directive (PSD2), which is still being negotiated, is transposed into UK law. The internet payment security guidelines were finalised late last year by the European Banking Authority (EBA).

"We are fully supportive of the objectives behind the guidelines and agree with the importance of consumers being protected against fraud when making payments online," the FCA said. "Ensuring the security of payments and the protection of sensitive customer data is a critical part of the infrastructure of robust payment systems."

"Many firms already have in place measures for strong customer authentication, and we would remind payment service providers of their responsibility to ensure consumers’ payments are safe and secure. We will be incorporating the detail of the requirements of the guidelines into our supervisory framework in line with the revised Payment Services Directive (PSD2) transposition timeline," it said.