Is Nokia Breaking Up ?

Analysts mull Nokia breakup amid debate over shareholder gain
June 3, 2011 — 11:53am ET By Paul Rasmussen

Nokia CEO Stepehen Elop has strongly rebuffed rumors that Microsoft plans to take over Nokia's key devices and services unit. But research conducted by Bloomberg suggests that, having destroyed shareholder value by such a significant amount, the breaking price could be more than 50 per cent of its current worth.
Once valued at $300 billion, Nokia has seen its market value plummet around 77 percent, valuing the company at around $25 billion. Separating Nokia‘s handset, infrastructure, mapping and patents businesses would make the company worth around $39 billion, based upon valuations of comparable companies, according to Bloomberg.

"It's a classic situation where the parts are worth more than the whole," Matt McCormick, a money manager at the US-based financial advisory firm Bahl & Gaynor, told Bloomberg. "The clock is ticking. Nokia is a good brand, but it's a tired brand and they need to come up with something. They are going to be a strong candidate for a takeover."

Other analysts were less positive, believing that Nokia remained unattractive because it lacks a clear path to competing better with Apple's iOS and Google's Android. Other industry watchers have claimed Nokia was unlikely to attract any bidders and that its share price was still spiralling downwards.

In an effort to calm the gossip, Timo Ritakallio, the deputy CEO of the Nordic insurance company Ilmarinen, and the largest Finnish owner of Nokia shares, told the newspaper Helsingin Sanomat, "As the company's situation is very unclear, speculators can make hay." Despite this, Nokia's share price has continued to slide and was down nearly 5 per cent on the Helsinki Stock Exchange as of midday on Friday.

Almost all Android phones vulnerable to authentication attack

By Paul McNamara

Researchers at the University of Ulm in Germany have identified a vulnerability in Android that allows an attacker to steal and use authentication credentials on 99% of the phones that are based on Google's operating system

Google issued a patch to address the issue earlier this month as part of Android 2.3.4 (code name: Gingerbread), but getting that patch widely deployed is challenging because Android phones are made by so many different manufacturers.

From a blog post by the researchers:

We wanted to know if it is really possible to launch an impersonation attack against Google services and started our own analysis. The short answer is: Yes, it is possible, and it is quite easy to do so. Further, the attack is not limited to Google Calendar and Contacts, but is theoretically feasible with all Google services using the ClientLogin authentication protocol for access to its data APIs.

ClientLogin is meant to be used for authentication by installed applications and Android apps. Basically, to use ClientLogin, an application needs to request an authentication token (authToken) from the Google service by passing an account name and password via a https connection. The returned authToken can be used for any subsequent request to the service API and is valid for a maximum duration of 2 weeks. However, if this authToken is used in requests sent over unencrypted http, an adversary can easily sniff the authToken (e.g. with Wireshark). Because the authToken is not bound to any session or device specific information the adversary can subsequently use the captured authToken to access any personal data which is made available through the service API.

News of the vulnerability is rippling through security circles. Sophos senior technology consultant Graham Cluley explains the challenge facing Andoid users looking to avoid this risk:
Unfortunately it's not always possible to easily upgrade the version of Android running on your phone as you are very dependent on your mobile phone manufacturer and carrier providing the update to you over the air.
There is a huge range of Android smartphones out there, and whereas Apple can issue a single iOS update to patch iPhones and iPads, things aren't so simple for Google's users. This fragmentation inevitably leaves Android devices open to security problems.

Google has promised to work with its partners to address this issue.

Forbes writer Kashmir Hill notes that the real answer may come closer to home.

Between this and Firesheep, the moral of the story seems to be to avoid using public Wi-Fi networks. These days, I only link my phone up to my password-protected wireless network at home. Other than that, I rely on my carrier's 3G network, even if I'm in a coffee shop that offers up free Wi-Fi. Using a public Wi-Fi network at Starbucks seems as casual an invitation for information theft as leaving your smartphone on a table unguarded while going to the bathroom is an invitation for the more visceral kind.

It's amazing how many times free can be costly.

(Update, May 19: Google announces fix.)