Bloomberg:Target failed to stop hackers from stealing the credit card

The November data breach that impacted 40 million Target customers could have been stopped in its tracks, according to a story published Thursday by Bloomberg.

Speaking with more than ten former Target employees and eight people with knowledge of the hack, Bloomberg said that Target already had in place a sophisticated malware detection system designed by security firm FireEye. The $1.6 million system was set up specifically to identify hacks and cyberattacks before they had a chance to do real damage.

Highlighting the ingenuity of FireEye's detection system, Bloomberg explained that it creates a parallel network on virtual machines. As such, the hackers are led to believe they're actually breaking into the real thing, thus exposing their attack methods and other breadcrumbs without jeopardizing the true network, at least not initially.

A team of security professionals was set up in Bangalore to monitor Target's network servers and alert security operators in Minneapolis of any detected malware. And this process worked as expected during the November hack. After detecting the hack, the people in Bangalore alerted the people in Minneapolis. But that's where the ball got dropped, according to Bloomberg. The hack continued on its merry way.

The FireEye system could have been programmed to automatically remove the malware upon detection. But that option was turned off, requiring someone to manually delete it. That's not unusual, according to one security officer interviewed by Bloomberg who explained that security professionals typically want that decision to be in their hands. But that means the security team must act quickly enough.Why was the hack successful despite all the warning signs? Bloomberg's sources pointed to a few reasons.

Two people "familiar with Target's security operations" also told Bloomberg that the company's security people may have viewed FireEye's system with some skepticism at the time of the hack. Testing of the system had just completed in May, leading to its initial rollout. Even further, the manager of Target's security operations center, Brian Bobo, had left the company in October, with no replacement to manage things.

Ultimately, though, the alerts from FireEye and from Target's Symantec Endpoint Protection system should have driven Target's security people to stop the hack before it spread.

"The malware utilized is absolutely unsophisticated and uninteresting," Jim Walter, director of threat intelligence operations at McAfee, told Bloomberg. "If Target had had a firm grasp on its network security environment, they absolutely would have observed this behavior occurring on its network."

CNET contacted Target for comment on Bloomberg's report and will update our story with any further information.

Huawei: Windows Phone is still on the agenda

Huawei is still on friendly terms with Windows Phone, but Android is the true object of its affection.

Speaking with blog site TrustedReviews, Huawei Chief Marketing Officer Shao Yang said the maker of mobile devices remains "committed" to making phones outfitted with Microsoft's mobile OS. Last year, China-based Huawei launched the Ascend W1 and struck a deal with Microsoft to sell Windows Phone devices in Africa.

But that commitment isn't quite a top priority.

"Compared with Android, the priority of Windows Phone is much lower but is still one of our choices of OS," Yang said. "We are definitely using a multi-OS strategy."

Judging from Yang's remarks, a team-up between Windows Phone and Android appears to be at the top of the agenda. He said a dual-OS phone will reach US consumers sometime next quarter. Such a device could appeal to a wider range of customers, Yang said.

"With Windows Phone, one direction for us -- and one that we are now following -- is dual OS. Dual OS as in Android and Windows together," Yang told TrustedReviews. "If it is Windows only, maybe people will not find it as easy a decision to buy the phone. If they have the Android and Windows together, you can change it as you wish and it is much easier for people to choose Windows Phone."

Though Huawei still isn't exactly a household name, at least not in the US, it has shot past many of its rivals. Last October, research firm Strategy Analytics dubbed Huawei the third-largest smartphone vendor in the world, behind Samsung and Apple but ahead of LG and Lenovo.

SC turns down Subrata Roy's bail plea; holi in jail for him

New Delhi: Subrata Roy may have to play holi inside Tihar jail and stay put there till Mar 25 with the Supreme Court on Thursday remaining unyielding on his bail plea after the Sahara group failed to come out with a new proposal for refunding Rs 20,000 crore of investors money.

The apex court said that it would consider his bail plea only if the group comes out with new proposal for refunding the money and turned down its offer of paying Rs 2,500 crore now and rest in instalments, which was rejected earlier too.

"We will consider if there is a new proposal," a bench of justices K S Radhakrishnan and J S Khehar observed when at the fag end of the two-hour hearing Senior advocate Ram Jethmalani pleaded for bail so that he can be with his family for holi.

"Prayer made by Ram Jethmalani, learned senior counsel for the petitioner, for bail cannot be considered at this juncture, since no written proposal for payment in compliance with the directions issued by this Court has been made so far," the bench said in its order.

Jethmalani, appearing for 65-year old Roy who has been in jail since March 4, pleaded that he should be granted bail to celebrate holi with his family and also to spend time with his mother, who is critically ill.

"We have repeatedly been saying what is your proposal. Tell us how much you can pay," the bench said adding "The key is in your hands".

Jethmalani, however, said that it is not possible to raise more money as nobody can come to our help till Roy remains in jail and that only he can arrange the money.

Turning it down, the bench posted Roy's plea against his detention order for March 25 as Jethmalani expressed his inability to argue the case tomorrow. The court will not be working next week due to holi vacation. 

The special bench, which assembled at 2 PM to conduct hearing on Roy's petition challenging its detention order, heard the case amidst tight security. Some security personnel of the Delhi police were present in the court room.

The hearing, during which Roy's counsel submitted that his detention was "illegal and unconstitutional", was conducted in a relaxed atmosphere in which the judges and the lawyers exchanged a lot of banter.

At the outset, the bench said it found nothing embarrassing in the petition as submitted yesterday by Jethmalani while questioning the validity of its order.
"We have gone through the petition and nothing is embarrassing (for the bench) in it. You can argue the case including on the issue of maintainability," the bench said while asking Jethmalani whether there is any new proposal on payment.

This was an apparent reference to Jethmalani yesterday saying it would be a little embarrassing for him argue before the bench that its order needed rectification.

"With the incarceration, things have gone worse. People expect nothing in return from a man inside jail. We can the best solution of the problem only if he comes out. Nobody is going to help us if I remain in jail," Jethmalani said adding "Bail is my right and Don't make things difficult for me".

The bench, however, refused to grant relief saying that it had given Roy enough time for the last one and half years and asked SEBI's counsel to argue on the maintainability of petition.


Agreeing to hear Roy's petition, the bench said "We have corrected our order many times even in disposed of matters but we wonder whether it can be done on a writ petition.

While opposing Roy's plea against his detention, SEBI submitted that his petition is not maintainable and the incarceration order is valid and legal.

"What other order could be passed if the man behaves like this. The order is fully justified and it (passing such order) is a tool to force obedience of court's order," senior advocate Arvind Datar submitted.

He submitted that a person can be detained for six months by IT department in case of default of Rs 250 and in this case the amount is Rs 25,000 crore.

Senior advocate Rajeev Dhawan, appearing for the group, said that there is "substantive and procedural" mistake in the March 4 order by which Roy was sent to jail.

He said that there was a grave error on the part of the bench in passing such an order in which the bail bond was virtually fixed at Rs 22,500 crore.

In a hard-hitting petition filed through advocate Keshav Mohan, Roy submitted that detaining him is "purely illegal, contrary to the procedure prescribed by law and against the principles of natural justice".

Roy had questioned the constitutional validity of the detention order saying it was passed after an "illusionary" hearing.

"The petitioner submits that the impugned order made after such illusionary hearing is in total defiance of the rules framed under the Constitution and is gross violation of principle of natural justice," he said in his petition.

"The Bench of this Court without compliance with law and principles of natural justice has incarcerated him under a law which does not exist and without following the ordinary cannons of natural justice.

"The petitioner submits the order of incarceration dated March 4 is a complete nullity and it is duty of this Court to terminate this unlawful detention and release the petitioner forthwith," the petition said. 

15 space organizations join hunt for missing Malaysian jet

As the latest piece of technology to be enlisted in the search for missing Malaysian flight MH370, satellites have the eyes of the world watching them as they watch us.

On Monday, a crowdsourcing platform called Tomnod, along with parent company DigitalGlobe, launched a crowdsourcing campaign to enlist the help of citizens in scouring satellite images to search for the plane that disappeared on March 7.

China has followed that up by activating the International Charter on Space and Major Disasters to join the hunt on Tuesday. The goal of the charter is to enlist space data from 15 member organizations to provide assistance in the case of a "natural or technological disaster." The charter describes such a disaster as "a situation of great distress involving loss of human life or large-scale damage to property, caused by a natural phenomenon, such as a cyclone, tornado, earthquake, volcanic eruption, flood or forest fire, or by a technological accident, such as pollution by hydrocarbons, toxic or radioactive substances."

Satellites are just one of the tech tools involved in the massive multi-national aircraft hunt that already includes the use of 42 sophisticated ships and 39 high-tech aircraft combing the waters according to the BBC. For example, listening devices are being lowered into the water to pick up the "ping" of the black box, and sophisticated MH60 Seahawk helicopters from the United States are employing Forward Looking Infra-red (FLIR) cameras that arm the searchers with night vision.Now that the charter has been activated, space scientists around the planet will enlist the satellites available to them to gather images from the suspected area in which flight MH370 disappeared. The hope is that one of those images will pick up something that can direct search and recovery efforts.

The International Charter on Space and Major Disasters was most recently activated on February 13 to help with monitoring the Mount Kelud volcano explosion on the Indonesian island of Java. Prior to that it's been used to monitor flooding, forest fires, snowfalls, cyclones, oil spills and other damaging events around the world. It was also used to assist in recovery efforts from earthquakes, including the one that rocked Japan in March 2011 and caused a devastating tsunami and the meltdown of the Fukushima Daiichi Nuclear plant. The charter has been activated 400 times in its history, but Tuesday represents the first time it was called into service to look for a missing aircraft. The only other transportation-related event for which it's been used was to assist in gathering data after a train full of dynamite exploded in North Korea on April 23, 2004.

The charter, which began after Vienna's Unispace III conference in 1999 with three agencies, has grown to its current membership of 15 organizations with the Russian Federal Space Agency being the most recent to join in 2013. Other member organizations include the European Space Agency, the Korea Aerospace Research Institute and China's National Space Administration. The US member organizations include the United States Geological Survey and the National Oceanic and Atmospheric Administration. After the charter has been activated, data typically starts coming in within 24 hours, according to a report in Phys.org.

Toyota: Apple CarPlay, yes. When? Not saying, actually

For a little while on Wednesday, it looked like we had a date for when Toyota would start offering Apple's new CarPlay smartphone integration for iOS devices.

Then early Thursday, the automaker shifted from drive to neutral, with this brief note on itsofficial Toyota UK blog :

 UPDATE 13/3/14: A previous version of this article said Apple CarPlay would be in Toyota cars from 2015. This is incorrect and we are happy to put the matter straight. No announcements have been made about if and when Apple CarPlay will arrive in Toyota cars.

The headline on the blog post does suggest a certain amount of enthusiasm for the new iPhone-related technology -- "Apple CarPlay: Toyota joins in-car iOS project" -- but the subhead takes a more tentative, standoffish tone: "Apple's CarPlay software could bring the iPhone experience to future Toyota models." (Emphasis added.)

So it's going to be a while before your Corolla can become the biggest iPhone accessory that you own. A single model year certainly would have been a fairly quick adoption in the glacial world of automotive update cycles. (Remember, it took over a decade for USB ports and Bluetooth to reach their current levels of ubiquity as audio sources.)On Wednesday, the blog entry had given a more definitive sense of timing, stating that "come 2015" we'll be seeing the technology in Toyota dashboards.

We've known since the announcement of CarPlay that Toyota was a "committed partner" and would eventually be bringing the technology to future models in its line. We knew this because it said so right there at the bottom of Apple's Web site.

And we're still left to wonder which Toyota models will be the first to get CarPlay compatibility, how the CarPlay technology might coexist with the automaker's Entune app connectivity suite, or if (or, more precisely, when) we'll see any bleed-over into the automaker's Lexus luxury marquee.

Editors' note: This story was originally posted March 12 at 5:22 p.m. PT with Toyota's original statement of AirPlay adoption being on track for 2015. It has been recast with Toyota's subsequent statement that it has made no commitment on when AirPlay might land in its cars

.

Amazon Prime fee jumps to $99 a year

Amazon's Prime premium service just got a little more expensive.

For the first time, the online retailing giant will raise the membership fee for Prime, hiking it by $20 to $99 a year. Amazon Student Prime will rise $10 to $49 a year. Prime members will pay the higher fee when their accounts come up for renewal.

The critical cut-off date is April 17. If your renewal comes up before then, you'll still pay the original $79 fee. If comes up on April 17 or after, you're stuck with the higher fee.

Prime, introduced nine years ago, has become one of Amazon's key drivers of revenue growth, with consumers increasingly willing to pay the premium for free two-day shipping, access to more than 40,000 online videos, and the ability to borrow more than 500,000 books fromKindle Owners' Lending Library. The company has been working to make Prime even more attractive, including adding original programming in page taken from Netflix's playbook.

In its note to customers, Amazon makes the argument that the company hasn't ever raised prices on the service despite rising fuel and transportation costs.

The hike comes as Amazon continues to post losses despite its immense reach and brand recognition. It isn't a complete surprise, as Amazon's chief financial officer hinted at a price increase of up to $40 in January.

Amazon just celebrated a record holiday season for Prime, boasting that it signed up more than a million new customers in the third week of December. The signups were coupled with Amazon launching the ability for customers to give a Prime membership as a gift. In October, Amazon raised the threshold for free shipping for non-Prime customers from $25 to $35 while also plugging its Prime program.

If you're really keen on keeping your $79 membership fee going for an additional year,Slickdeals.net has a workaround that involves buy a Prime gift membership and having it delivered to you as your current membership expires.

Amazon said it has been alerting Prime and Student members about the increase and specific renewal date.

Here's the note:

"computer vision technology company," 3D modeled

Picture a 3D virtual representation of your living room, one you can fly over in a top-down view and even move through with the fluidity of a first-person video game. Now imagine having the ability to tinker with that space: Change the paint on your walls, drop in a new couch to see how it fits with the existing furniture, or perform accurate measurements of the room, all on a computer screen.

That's Matterport's vision for the future of 3D modeling, and it extends beyond home renovation. From architecture and construction to real estate and crime scene visualization, the scope of 3D models is expanding and the hardware and software that allow us to map our physical world are getting cheaper, faster, and better. Matterport is hoping it can be not only the Nikon and Canon, but also the Adobe of the burgeoning industry, offering a professional-grade camera and a cloud-processing platform for making 3D modeling exponentially easier and accessible.

If you've heard the name Matterport recently, it was likely in association with Project Tango, the mobile 3D mapping venture out of Google's Advanced Technology and Projects division, the research arm of Motorola Mobility that Google absorbed into Androidbefore selling Motorola to Lenovo. Matterport got its hand on a prototype and last monthreleased one of the first 3D models using Tango. Matterport, however, is aiming for a more pro-grade, less experimental market when it comes to its own breed of modeling.

On Thursday, the Mountain View, Calif.-based company -- created in 2011 and running on Y Combinator and VC funding amounting to $10 million -- launched its full platform suite, which includes the $4,500 Matterport Pro 3D camera alongside its subscription-based cloud service and Web player. Before that, an early-adopter program saw only a few dozen cameras get out into the wild to create more than 1,000 3D models. Matterport will sell the device and service directly, aiming primarily at contractors, real estate companies, and architects with the intention of drastically changing how those industries work with digital visualization.

The Matterport Pro 3D Camera, which costs $4,500, can create a fully immersive 3D model of a space with as little as half a dozen scans, each taking less than half a minute.

(Credit: James Martin/CNET)

Matterport modeling is all about automation

Although 3D modeling is of course not new technology -- it has been used for years in architectural modeling, video game design, film CGI, and computer animation -- it's still an incredibly intensive and multistep process. You need people to take measurements and draw out schematics to build an outline of a space, photographers and videographers to capture images for texture and depth, and designers and engineers working in 3D CAD software to construct it. Even then, there's still no easy way to cohesively stitch together all those parts into an easily transferable and reasonably sized file.

"If you spend enough effort and time, you can make a model that looks like something we can make," said Matterport CEO Bill Brown in an interview with CNET. "You'll have spent $20,000 or $30,000, but you end up with something you can't distribute. You can give it to someone if they have a CAD package."

Matterport CEO Bill Brown.

It's no coincidence that Brown was tapped by Matterport's three co-founders -- Reactrix founder Matt Belle, PayPal alum Dave Gausebeck, and former SRI 3D guru Mike Beebe -- to be CEO. Brown came from Motorola Mobility, where he was general manager of a division called "converged consumer products" during its time under Google's wing, and where Project Tango would later be hatched. The combined expertise of Brown and Matterport's co-founders results in a highly focused effort that's more practical than flashy, and less intent on doing something radical -- like Tango -- than it is in tackling what the company thinks is a dormant technology ready for acceleration in select fields.

That's how Matterport was able to take the 3D modeling process and automate away the most tedious aspects of it. "In a matter of an hour, you can do something that takes two days for people to do now," Brown said.

What exactly makes Matterport's camera that much of a leap? For one, it has the ability to capture geometric and texture data simultaneously, while offloading much of the intensive computing to combine that data to the cloud to be done after the fact. "It's shooting at 30 frames per second, so it's in essence taking a video as it spins," Brown explained.

"In a matter of an hour, you can do something that takes two days for people to do now."
--Bill Brown, Matterport CEO

With three sensors relaying information between 2D and 3D, the camera is able to take in a near-360 degree scope of the room in one motorized sweep that takes less than half a minute to complete. Combine anywhere from as little as four to six sweeps and as many as 15 to 20 of an area and you have a detailed model that can be compressed down to an average file size of 50MB to 75MB. Even then, one can dig into the raw files of the sweeps and swap in stills, so that fuzzier portions of the model containing books on a shelf or a clock on the wall can suddenly have the fidelity of a hi-res photograph.

Even mirrors, which would have to show shifting reflections as someone moves through the 3D model, can be dealt with. "We identity areas that are mirrors and replace those with digital mirrors," Brown said. "A lot of the techniques and technologies we're using on the application side come from the computer gaming world." As in video games, mirrors and differences in lighting can be easily replicated with video effects tools.

But the key to Matterport's efforts lies not just in small file sizes, feature sets, and affordability, but also in ease of use. "We've automated that entire process and got it to the point where anybody can operate the camera and the cloud processing figures out how to do everything," Brown said. "It puts this thing together like a jigsaw puzzle."

And it is true that anyone can operate the camera. It's as simple as pressing a button; I did it myself, on an iPad, while a Matterport camera 3D-mapped a studio room at CNET's San Francisco office. You have to manually move the camera to desired areas for new sweeps, and you also have to walk around it as it's moving -- it pauses after each motorized rotation -- unless there's portion of the room that you can use to conceal yourself.

The result, after sending the data to the cloud service and letting it build the model for roughly 30 to 45 minutes, is a mix of awe and a strange sensation akin to animation's uncanny valley, thanks in part to the video game-styled movement you're employing within an unprecedented level of photorealism. Moving around can be done with directional arrows, including a jumping capability with the space bar. Or if you're on an iPad, which can run Matterport's 3D models via its Web player, you can use specialized touch commands like two fingers to strafe side to side or pinch-to-zoom to go from the top-down view into first-person mode.

The best description of the experience would be this: Google Street View meets the interactive panorama, the multimedia trend of the last few years that uses a series of shots from a singular point to create an immersive, drag-able photograph.

In that vein, Matterport is aware that its tackling more than just the current 3D modeling use cases. "We're trying to establish a new category of media," Brown said.

Next up: Movement modeling and mapping with mobile

Matterport's hardware and software have clear limitations. For one, the camera can't process glass and light-induced reflections, rendering any windows entirely translucent. And certain levels of light and drastic changes in those levels are also tricky, meaning Matterport can't be used outdoors except in select conditions.

Most importantly, though, the camera tech is hampered by movement, a shortcoming that Matterport will have to work out down the line. "It's going to be a specialized set of processing that we're going to need to figure out," Brown said of moving images. "I do think that at a high-level view, we can tell the difference between something that's moving and something that's not moving. We can isolate the things that are moving and handle them appropriately."

That means right now, not only must the camera remain still, but also anyone sitting anywhere within the camera's sight must sit still as well, or else be rendered into a kind of "2D plus," as Brown put it, resembling a paper cut-out.

That's an integral challenge for the 3D modeling field at large, and especially the large players in the 3D sensor industry, nearly all of which are communicating with Matterport, Brown said. Because the goal is not just to move 3D modeling capability to mobile devices, as Google is attempting with Project Tango, but to implement that idea as thoroughly as the integration of cameras was to early feature phones.

"Down the road as you have 3D sensors in these mobile devices, you're not going to take 2D pictures anymore."
--Bill Brown, Matterport CEO

"We kind of say, down the road as you have 3D sensors in these mobile devices, you're not going to take 2D pictures anymore. You're always going to capture the 3D behind because there's a bunch of useful things that you can do with that 3D, even if it's just a still image," Brown said. "If you were going to walk through the space and shoot a video, you could build a 3D environment that in addition to that linear video could give a user the ability to not just pause, but back up on a path and say, 'I'm going to see what was to the sides as you were walking.'"

To achieve that, Matterport won't be focusing on drastic cost-cutting, multiple product tiers, or pushing to make its own mobile device, despite having originally started out attempting to develop a 3D mapping-capable handheld.

"One of the big pushes that we have is to work with the folks on the mobile side to make sure that these devices are going to capture the right data," Brown said. "We'll probably just make our software work on those devices. I'd never say never because there might be a point where a partnership with one of those company that makes one of those devices makes sense. But it's not Matterport's focus," he added.

The company's long-term view then is to build out its software platform to the point where Matterport applications become the primary way to process 3D models, ones captured from mobile all the way up to professional-grade, DSLR-level cameras like the one Matterport is now offering.

"There's a point, whether it's five years down the line or whenever it is, where every time someone captures a 2D image, they're capturing 3D data," Brown said. "We're going to be the company that makes that combination very useful."