Tag Archives: Could
FILE PHOTO: The Huawei logo is pictured outside their research facility in Ottawa, Ontario, Canada, December 6, 2018. REUTERS/Chris Wattie/File Photo
(Reuters) – China’s envoy to the European Union warned that excluding Chinese tech group Huawei could hamper new 5G mobile networks, the Financial Times on Sunday.
Efforts to limit involvement of Chinese technology in upcoming 5G projects in Europe might bring “serious consequences to the global economic and scientific co-operation,” Ambassador Zhang Ming said in an interview with FT.
Some Western governments, led by the United States, have barred the use of the Chinese company’s equipment in new networks over concerns the technology could be used for spying. Huawei has denied the claims, saying network security has always been its priority.
Reporting by Ishita Chigilli Palli in Bengaluru and Paul Sandle in London; Editing by Cynthia Osterman
FILE PHOTO – French Finance Minister Bruno Le Maire leaves following the weekly cabinet meeting at the Elysee Palace in Paris, France, December 19, 2018. REUTERS/Philippe Wojazer
PARIS (Reuters) – A European Union-wide tax on the world’s top digital companies could be reached by the end of March, French Finance Minister Bruno Le Maire said in an interview published on Sunday.
“We made a compromise offer to Germany in December and I am convinced that a deal is within arm’s reach between now and the end of March. With the European elections just a few months away, our citizens would find it incomprehensible if we gave up on this,” Le Maire told the Journal du Dimanche newspaper.
In December, European Union finance ministers failed to agree a tax on digital revenues, despite a last minute Franco-German plan to salvage the proposal by narrowing its focus to companies such as Google (GOOGL.O) and Facebook (FB.O).
Reporting by Sudip Kar-Gupta; Editing by Daniel Wallis
But, as in years past, there’s a good chance things will get away from us as the year goes on. We get busy, our agendas become crowded and the time required to plan and prepare wholesome, healthy meals is condensed into just the few minutes required to grab some fast food.
It’s a scenario any entrepreneur, employee or just about any human can relate to.
Our desire to compromise neither our time nor our health spawned the rise of a few new startups offering solutions like Soylent, Ka’chava and Huel. All three began by offering powdered smoothie mixes that claim to provide all the nutrition needed to substitute for a full meal. Soylent also introduced ready-to-drink meals in a bottle in several flavors for when even mixing water and powder is just too much time or trouble.
You may want to read sarcasm into that last line, but this bottled Soylent subscriber of two-plus years is enthusiastically earnest about the advantages of slamming a proportioned dose of carbs, fat, protein and a whole suite of nutrients before or after a workout or while powering through an all-consuming post for Inc.
Now, after years of being the main name in the bottled meal game, Soylent has some fresh competition from Huel, which just introduced its own ready-to-drink meal in a bottle last week.
The people at Huel were kind enough to ship me one sample each of their two ready-to-drink flavors, Vanilla and Berry, to see how they stack up to Soylent.
Before diving in, I think it’s worth mentioning that I don’t really believe it’s a good idea to base your regular diet around either of these products. With its original powdered product, Huel encourages trying smoothies based on its product for breakfast and lunch followed by a “traditional” dinner.
That’s just way more powdered pea protein and other processed ingredients than I’m comfortable consuming on a regular basis. I still want to strive to include as many whole, healthy foods in my diet as possible. I see the meals in a bottle rather as a preferable alternative to fast food, microwaved meals and other less-than-ideal quick options when life gets in the way of my dietary ambitions.
Over the past few years, on average I drink one bottle of Soylent every two to three days.
So, on to the important question: which is the best to start stocking your fridge with?
I’ve had a box of ready-to-drink Soylent shipped to me each month for nearly two and a half years now and rotated through most of the different flavors over that period, with strawberry being my favorite.
On the face of it, Soylent and Huel ready-to-drink are very similar – it’s kind of a Coke and Pepsi sort of deal where the differences are relatively subtle or in the details. Both are vegan and more palatable than their more grainy powdered mix siblings. Each provide 400 calories per bottle, which is somewhere around 20 to 25 percent of the calories the average person needs per day.
While Soylent uses soy protein, maltodextrin, sugars, sunflower and canola oils for its base along with a mix of vitamins and minerals, Huel relies on pea protein, tapioca starch, gluten-free oat powder, some brown rice flour, canola and coconut-based oils with added flax, chicory root, vitamins and minerals.
I’m no dietitian, but I find myself drawn to Huel’s ingredient list as an “almost vegetarian” with plenty of soy already in my diet. I’m also not crazy about maltodextrin and who doesn’t like added flax and chicory root?
You can easily go down the rabbit hole of comparing myriad studies on the benefits and drawbacks of the different ingredients in each product. But the most substantive, real-life difference I’ve found after trying both Huel’s powdered and ready-to-drink products is that it seems to be more filling than Soylent and actually feels a bit more like a complete meal in my stomach.
While I have no scientific basis to back this up, it feels to me that the oat powder might be the difference here. Or it could be that Huel delivers its 400 calories in a slightly larger volume of liquid (500 mL to Soylent’s 414 mL). What’s interesting, though, is that the consistency of Huel is slightly thicker than Soylent, which is counter-intuitive given the above ratio of calories to mL. Again, I think this has something to do with the oats.
Regardless of the math, Huel feels just a little bit more like a complete meal.
On taste, it’s a bit of push. I prefer Soylent’s strawberry to Huel’s berry flavor, but Huel’s vanilla is preferable to Soylent’s.
As to price, a subscription through Soylent is around 15 percent less per box of 12 bottles than Huel, but Huel’s bottles are bigger as I mentioned so it’s nearly a push again.
Forced to choose between the two, I give a slight edge to Huel because it seems to do a better job of achieving the goal of actually replacing a meal. Plus: Flax!
So Happy New Year and here’s one last piece of advice for 2019 that might be needed right around now: I’ve found a bottle of Huel or Soylent also come in handy for a hangover.
U.S. President Donald Trump sits for an exclusive interview with Reuters journalists in the Oval Office at the White House in Washington, U.S. December 11, 2018. REUTERS/Jonathan Ernst
WASHINGTON (Reuters) – U.S. President Donald Trump said on Tuesday he would intervene in the Justice Department’s case against a top executive at China’s Huawei Technologies [HWT.UL] if it would serve national security interests or help close a trade deal with China.
Huawei’s Chief Financial Officer Meng Wanzhou was arrested in Canada Dec. 1 and has been accused by the United States of misleading multinational banks about Iran-linked transactions, putting the banks at risk of violating U.S. sanctions.
When asked if he would intervene with the Justice Department in her case, Trump said in an interview with Reuters: “Whatever’s good for this country, I would do.”
“If I think it’s good for what will be certainly the largest trade deal ever made – which is a very important thing – what’s good for national security – I would certainly intervene if I thought it was necessary,” Trump said.
A Canadian court on Tuesday granted Meng bail while she awaits a hearing for extradition to the United States, a move that could help placate Chinese officials angered by her arrest.
Trump also said the White House has spoken with the Justice Department about the case, as well as Chinese officials.
“They have not called me yet. They are talking to my people. But they have not called me yet,” he said when asked if he has spoken to Chinese President Xi Jinping about the case.
Reporting by Jeff Mason and Steve Holland; Editing by Bill Rigby
The tiny, portable credit card readers you use to pay at farmer’s markets, bake sales, and smoothie shops are convenient for consumers and merchants alike. But while more and more transactions are passing through them, devices from four of the leading companies in the space—Square, SumUp, iZettle, and PayPal—turn out to have a variety of concerning security flaws.
Leigh-Anne Galloway and Tim Yunusov from the security firm Positive Technologies looked at seven mobile point of sale devices in all. What they found wasn’t pretty: bugs that allowed them to manipulate commands using Bluetooth or mobile apps, modify payment amounts in magstripe swipe transactions, and even gain full remote control of a point of sale device.
“The very simple question that we had was how much security can be embedded in a device that costs less than $ 50?” Galloway says. “With that in mind we started off quite small by looking at two vendors and two card readers, but it quickly grew to become a much bigger project.”
All four manufacturers are addressing the issue, and not all models were vulnerable to all of the bugs. The researchers are presenting their findings Thursday at the Black Hat security conference.
The researchers found that they could exploit bugs in Bluetooth and mobile app connectivity to the devices to intercept transactions or modify commands. The flaws could allow an attacker to disable chip-based transactions, forcing customers to use a less secure magstrip swipe, and making it easier to steal data and clone customer cards.
Alternatively, a rogue merchant could make the mPOS device appear to decline a transaction to get a user to repeat it multiple times, or to change the total of a magstripe transaction up to the $ 50,000 limit. By intercepting the traffic and clandestinely modifying the value of the payment, an attacker could get a customer to approve a normal-looking transaction that is really worth much more. In these types of frauds, customers rely on their banks and credit card issuers to insure their losses, but magstripe is a deprecated protocol, and businesses who continue to use it now hold the liability.
The researchers also reported issues with firmware validation and downgrading that could allow an attacker to install old or tainted firmware versions, further exposing the devices.
The researchers found that in the Miura M010 Reader, which Square and Paypal formerly sold as a third-party device, they could exploit connectivity flaws to gain full remote code execution and file system access in the reader. Galloway notes that a third-party attacker might particularly want to use this control to change the mode of a PIN pad from encrypted to plaintext, known as “command mode,” to observe and collect customer PIN numbers.
The researchers evaluated accounts and devices used in the US and European regions, since they’re configured differently in each place. And while all of the terminals the researchers tested contained at least some vulnerabilities, the worst of it was limited to just a few of them.
“The Miura M010 Reader is a third-party credit card chip reader that we initially offered as a stopgap and today is used by only a few hundred Square sellers. As soon as we became aware of a vulnerability affecting the Miura Reader, we accelerated existing plans to drop support for the M010 Reader,” a Square spokesperson told WIRED. “Today it is no longer possible to use the Miura Reader on the Square ecosystem.”
“SumUp can confirm that there has never been any fraud attempted through its terminals using the magnetic stripe-based method outlined in this report,” said a SumUp spokesperson. “All the same, as soon as the researchers contacted us, our team successfully removed any possibility of such an attempt at fraud in the future.”
“We recognize the important role that researchers and our user community play in helping to keep PayPal secure,” a spokesperson said in a statement. “PayPal’s systems were not impacted and our teams have remediated the issues.”
iZettle did not return a request from WIRED for comment, but the researchers say that the company is remediating its bugs as well.
Galloway and Yunusov were happy with the proactive response from vendors. They hope, though, that their findings will raise awareness about the broader issue of making security a development priority for low cost embedded devices.
“The kind of issues we see with this market base you can see applying more broadly to IoT,” Galloway says. “With something like a card reader you would have an expectation of a certain level of security as a consumer or a business owner. But many of these companies haven’t been around for that long and the products themselves aren’t very mature. Security isn’t necessarily going to be embedded into the development process.”
More Great WIRED Stories
In an otherwise dour outlook on the world’s chances of recovering from climate change, the International Energy Agency director named one bright prospect that arrived this year bearing President Trump’s signature.
IEA Executive Director Fatih Birol said the world is unlikely to achieve its Paris Agreement obligations without “major, huge technological breakthroughs,” but the 2018 federal budget could spur a breakthrough in carbon capture and sequestration.
“There is one political move recently that I should say, I welcome this strongly,” Birol said, fingering changes to the Section 45Q tax credit for carbon sequestration.
Carbon capture and sequestration was long the object of bipartisan neglect because Democrats didn’t want to extend the life of fossil fuels and Republicans didn’t want t0 admit to anthropogenic climate change. That began to change as the effects of climate change grew more palpable, and the chances dimmed of mitigating it without capturing carbon emissions.
So a bipartisan group of senators led by by Heidi Heitkamp (D-ND), John Barrasso (R-WY), Sheldon Whitehouse (D-RI) and Shelley Moore Capito (R-WV) worked to strengthen a carbon capture tax credit that already existed in U.S. law. The old credit offered a $ 10 per ton credit for CO2 used for enhanced oil recovery and $ 20 for other permanent forms of sequestration.
The oil and gas industry backed efforts to boost the credit because drillers can pump CO2 into wells to force out oil and gas, then seal the wells, leaving the CO2 underground and benefiting from the tax credit.
The Senators’ effort was incorporated in the Bipartisan Budget Act of 2018, which passed in the early morning of Feb. 9 after a nine-hour government shutdown and was signed by Trump later that day. The new law scales the tax credit as high as $ 35 for enhanced oil recovery and $ 50 for other forms of sequestration.
CCS is crucial to climate efforts, Birol said, because fossil fuels are not going away. Even though renewables have become cheaper and are being deployed at increasing rates, the percentage of energy that comes from fossil fuels is about the same as it was 30 years ago, he said–81 percent.
“There is one technology that can bring this fact together with the climate cause, and that is CCS,” Birol said. Investment into carbon capture has so far languished, representing only 0.1 percent of clean-energy investments.
“This is the reason I think this new tax credit in the U.S. may be the driver for it.”
OSLO (Reuters) – An electrified road in Sweden that is the first in the world to charge vehicles as they drive along is showing promise and could potentially help cut the high cost of electric cars, project backers Vattenfall [VATN.UL] and Elways told Reuters.
The state-funded project, named eRoadArlanda and costing about 50 million crowns ($ 5.82 million), uses a modified electric truck that moves cargo from Stockholm’s Arlanda airport to Postnord’s nearby logistics hub to test the technology.
A electrified rail embedded in the tarmac of the 2-km-long (1.24 miles) road charges the truck automatically as it travels above it. A movable arm attached to the truck detects the rail’s location in the road, and charging stops when the vehicle is overtaking or coming to a halt.
The system also calculates the vehicle’s energy consumption, which enables electricity costs to be debited per vehicle and user.
Elways’ chief executive Gunnar Asplund said the charging while driving would mean electric cars no longer need big batteries — which can be half the cost of an electric car — to ensure they have enough power to travel a useful distance.
“The technology offers infinite range — range anxiety disappears” he said. “Electrified roads will allow smaller batteries and can make electric cars even cheaper than fossil fuel ones.”
Asplund said the Swedish state, which is funding the project, was happy with the results so far, with the only issue — now resolved — having been dirt accumulating on the rail.
Elways has patented the electric rail technology and is part of a Swedish consortium backing the eRoadArlanda project that also includes infrastructure company NCC and utility Vattenfall, which provides power from the national grid to the rail.
“Such roads will allow (electric vehicles) to move long distances without big, costly and heavy batteries,” said Markus Fischer, a Vattenfall spokesman, adding that installing the arm in new cars would be cheaper than retrofitting current models.
Vattenfall said in a statement electrified roads could reduce carbon dioxide emissions from lorries, which account for about 25 percent of total road traffic emissions.
“The investment cost per kilometer is estimated to be less than that of using overhead lines, as is the impact on the landscape,” it added.
Testing at eRoadArlanda started in April and will last at least 12 months so that the electric truck can use it under different weather conditions.
Editing by Catherine Evans
Amazon has increased the price on Prime subscriptions. But that isn’t stopping some folks from finding ways around that price bump.
Over at Gizmodo’s deals site Kinja, writer Shep McAllister has come up with a novel way to sidestep Amazon’s $ 20 Prime subscription increase. He suggested you buy an Amazon Prime gift subscription now for the price of $ 99. When it’s time to renew your Prime subscription, simply redeem the gift card and take advantage of the lower price. That said, you’ll need to cancel your subscription ahead of the renewal so you can take advantage of the deal.
Amazon announced on Thursday that it would increase the price of its Amazon Prime subscription from $ 99 per year to $ 119 per year. The change goes into effect on May 11 for new customers and June 16 for those who already subscribe to Amazon Prime. If your subscription is set to auto-renew before June 16, you’ll be able to take advantage of the $ 99 pricing for one more year. If, however, your auto-renewal date is set to after June 16, you’ll need to drop $ 119.
Get Data Sheet, Fortune’s technology newsletter
The workaround McAllister has pitched was used with success the last time Amazon increased its Prime pricing, he said. But it’s unknown whether the company will allow you to take advantage of this loophole this time around or change policies so you can’t use the gift card trick. If it does work, be aware that next year when it’s time to renew your subscription, you’ll be subject to the $ 119.
Fortune has reached out to Amazon to find out whether the gift card trick will be allowed. We’ll update this story when we learn more.
Have you used a friend’s laptop to charge your iPhone and gotten a prompt that says, “Trust This Computer?” Say yes, and the computer will be able to access your phone settings and data while they’re connected. And while it doesn’t feel like your answer really matters—your phone will charge either way—researchers from Symantec warn that this seemingly minor decision has much higher stakes than you’d think.
In fact, the Symantec team has found that hacks exploiting that misplaced “Trust” comprise a whole class of iOS attacks they call “trustjacking.” Once a user authorizes a device, they open themselves to serious and persistent attacks while their phone is connected to the same Wi-Fi network as a hacker, or even remote attacks when the devices are separated.
Adi Sharabani, Symantec’s senior vice president of modern operating system security, and Roy Iarchy, the modern operating system research team leader, will make that case Wednesday, in a presentation at the RSA security conference in San Francisco.
“Once this trust is established, everything is possible,” Sharabani told WIRED last week. “It introduces a new vector of attack.”
Sharabani and Iarchy’s presentation focuses largely on a feature known as iTunes Wi-Fi Sync, the tool that lets iOS devices sync with desktop iTunes over Wi-Fi. For this process you physically connect a mobile device to a computer once, indicate that the iOS device can trust the computer going forward, and then enable iTunes Wi-Fi Sync from the PC. After that the two devices can sync and communicate whenever they are on the same Wi-Fi network without any further approval from the iPhone or iPad.
It’s a reasonable and useful feature when used as intended. But an attacker could also plant a malicious computer—perhaps one shaped like a charging station or external battery—and trick people into connecting their devices and granting trust out of confusion or disinterest.
Once a trusted Wi-Fi Sync connection is established, attackers can not only do basic syncing, but also take advantage of controls meant for developers to manipulate the victim iOS device. A hacker could work quickly to install malware on the phone, or initiate a backup to gather data like a victim’s photos, app information, and SMS/iMessage chats. Attackers with trust privileges could also start watching a target device’s screen in real-time by initiating screenshots on the phone and then syncing them to the attack computer. Or they could play a long game, silently retaining their trusted status until it is long forgotten, for a future attack.
“We discovered this by mistake actually,” Sharabani says. “Roy was doing research and he connected his own iPhone to his own computer to access it. But accidentally he realized that he was not actually connected to his own phone. He was connected to one of his team members’ phones who had connected their mobile device to Roy’s desktop a few weeks before. So Roy started to dig into what exactly he could do and find out if he were an attacker.”
You can imagine a number of scenarios where this could work as a targeted attack. Everyone has places they visit regularly: an office, a coffee shop, the local library. Attackers could anticipate that a victim iOS device would regularly connect to the same Wi-Fi network as the trusted attacker computer—enabling clandestine, malicious backups with iTunes Wi-Fi Sync. The researchers point out that an attacker wouldn’t necessarily be geographically limited; after gaining a foothold, they could combine trustjacking with a type of attack called “malicious profiles,” which takes advantage of how iOS manages configuration packages for apps to get around access restrictions, establish continuous remote access. Beginning in iOS 10, though, Apple started making it harder for hackers to carry out malicious profile attacks.
It’s tempting to put the onus on the iPhone owner here; you shouldn’t, after all, connect with sketchy computers an trust them in the first place. And Apple, which declined to comment for this story, seems to agree. When Sharabani and Iarchy disclosed their findings to the company, it did add a second prompt in iOS 11 to require a device’s passcode as part of authorizing a new computer as trusted. This makes it more difficult for anyone other than the device owner to establish trust.
But Sharabani and Iarchy argue that it’s unreasonable to put it entirely on the user to make the correct choice about trusting a device, especially since the authorization persists indefinitely once it’s established. There’s also currently no way to see a list of devices that have outstanding trusted status.
In these transactions, iOS’s wording is also unhelpful. The prompts say, “Trust this computer? Your settings and data will be accessible from this computer when connected,” which might seem to mean that nothing will be exposed when the devices are no longer physically connected. In fact, given that Wi-Fi sync can be enabled in desktop iTunes without any involvement of the mobile device, there’s much more potential for long-term connection than users may realize.
Consider, too, that an attacker who successfully infects a target’s PC with malware can exploit the trust a victim grants his own computer. A user will obviously trust their own computer, and their phone and PC will frequently be on the same Wi-Fi network. So an attacker who has infected a target’s computer can get a two-for-one of also having regular access to the victim’s iOS devices.
“Apple took the very quick act of adding the passcode,” Sharabani notes. “With that said, this is a design problem. They could better design the future behavior of the features, but it will take them time to implement. That’s why it’s so important to alert users and raise awareness. Users need to understand the implications.”
Sharabani and Iarchy say they haven’t seen trustjacking attacks in the wild so far, but that doesn’t mean they aren’t out there or coming. And though Apple doesn’t offer a list of the computers an iOS device trusts, it is possible to scrub the trusted computers list entirely. In iOS 11 users can go to Settings > General > Reset > Reset Location & Privacy to get a clean slate, after which people can start to be more cognizant of which computers they authorize. (Note that doing this reset also revokes all specially granted app permissions.) Another helpful defense for users is to encrypt iOS device backups with a strong password. With this turned on, an attacker abusing Wi-Fi Sync can still make their own backups of a victim device, but they will be encrypted with whatever password the target chose.
The researchers see iOS’s authorization prompts as a single point of failure, where the operating system could provide a few more prompts in exchange for more layers of defense against trustjacking. No one wants one seemingly insignificant mistake to blow up in their face weeks or months later. But while users wait for Apple to architect long-term solutions, their best defense is to become discerning and extremely selective about doling out trust.
The race to become the first public U.S. company valued at $ 1 trillion has largely been seen as Apple versus Google, with a recent surge by Amazon putting the e-commerce giant in the conversation as well. But on Monday, analysts at Morgan Stanley made the case that Microsoft has a good chance of reaching the $ 1 trillion mark.
With the company’s shares trading around $ 87 at Friday’s close, Microsoft had a stock market value of $ 680 billion. To reach $ 1 trillion, with some stock buybacks in the mix, its shares would have to hit almost $ 130. That’s plausible within the next three years, Morgan Stanley analysts Keith Weiss and Melissa Franchi wrote on Monday in a detailed report on Microsoft’s various lines of business called “Plotting the Path to $ 1 Trillion.”
“With Public Cloud adoption expected to grow from 21% of workloads today to 44% in the next three years, Microsoft looks poised to maintain a dominant position in a public cloud market we expect to more than double in size to (more than) $ 250 billion dollars,” the analysts wrote.
Microsoft shares jumped 5% to $ 91.90 in midday trading on Monday after the report came out. With a midday market cap of $ 707 billion, Microsoft almost exactly tied Google (goog) and trailed only Apple (aapl) at almost $ 849 billion and Amazon (amzn) at $ 733 billion.
Get Data Sheet, Fortune’s technology newsletter.
The software company run by Satya Nadella could impress investors enough to reach a $ 1 trillion value within three years by increasing revenue to $ 136 billion in its fiscal year 2020, up 41% from $ 97 billion last year, and operating income to $ 46 billion, up 58% from $ 29 billion, the Morgan Stanley analysts forecast. Nadella took over for CEO Steve Ballmer in 2014 and immediately prioritized the company’s cloud businesses, while getting out of distracting sidelines like making phones. It has worked so far, with Microsoft’s stock price nearly tripling since Nadella assumed the top job.
The key to reaching the needed level of additional growth would be Microsoft’s booming cloud business, both via its Office 365 subscription software and its Azure cloud platform for businesses, analysts Weiss and Franchi wrote. At the same time, shrinking sales of traditional Windows PCs and servers would need to stabilize.
That could happen as the number of corporate users of Office 365 could almost double from 105 million at the end of 2017 to 204 million at the end of 2020, the analysts said, with revenue from the popular software subscription package increasing from $ 10.7 billion to $ 25.6 billion. Revenue will compound even more quickly at Azure, growing from $ 3.9 billion last year to $ 21.6 billion in 2020. Altogether, total cloud revenue at Microsoft—which includes Office 365, Azure, search ad revenue and a few other items—should grow from $ 22.3 billion last year to $ 58.5 billion in 2020.
The analysts warned that they could also be underestimating Microsoft’s (msft) growth if its Xbox gaming business expands faster than expected, the company’s tax rate drops more than Microsoft forecast, or the company increases purchases of its own stock.