Japan: Thorco’s Fourth L-Class Cargo Ship Launched
The vessel, named Thorco Lineage, was launched from Honda Heavy Industries’ yard in Japan. The vessel is a 16500 DWT general cargo ship, and it is going to sail under Panama flag.
Thorco Lineage is the company’s fourth L-class newbuilding. Previously launched L-class vessels for Thorco were Thorco Legend, Thorco Legacy and Thorco Liva.
Source -> http://worldmaritimenews.com/archives/107100/japan-thorco-floats-out-l-class-cargo-ship-thorco-lineage/
Mega ships are the future
Mega ships are the future, but at the price of overcapacity: top MOL man
G6 Alliance members are studying options for buying 18,000-TEU plus box ships, but no decision has yet been made, according to Mitsui OSK Lines (MOL) managing executive officer TK Konishi.
"Perhaps [we will have a] maximum two sets of 18,000 to 19,000-TEU ships by 2020, or by 2022 or 2023. It's a long-term issue," with each member contributing up to four vessels to share equal responsibility.
By comparison the rival P3 Network of Maersk, CMA CGM and MSC is due to operate at least twenty-nine 18,000 to 19,000 TEUers by 2016, provided it gains regulatory approval.
The careful approach is partly due to G6's smaller market share on Asia-Europe routes. Mr Konishi believes the largest ships within the G6 network, at 13,000 to 14,000 TEU, could be just as competitive as P3's bigger vessels, he told Lloyd's List in an interview.
"It's not really the size of ships that matters, but slot costs," Mr Konishi said. "We'll have 48 ships (of 13,000 TEU-14,000 TEU) by 2016, mostly by 2015... only five of them are ordered before the Lehman shock (at high prices)."
G6 deploys on Asia-North Europe and Asia-Mediterranean services 40 vessels larger than 13,000 TEU. "Those ships are very cost competitive."
Said Mr Konishi: "If we order 18,000 to 19,000-TEU ships now, those ships can be much cheaper... then there will be some cost benefits."
MOL is confident that G6 can widen its network to cover transpacific and transatlantic trades from the second quarter as planned.
"We have been operating in accordance with our FMC filings... from that perspective we have antitrust immunity," Mr Konishi said.
"As long as we discuss all sorts of things fully lawful as filed in agreements, I don't really see any reason we have to be in the TSA to operate in the alliance."
On liner alliances upsizing vessels in their networks over the past two years, he said, it is "kind of a vicious circle but one of the simplest, most straightforward ways to lower our slot costs".
With regards to the most viable trade routes of the future given the size of the mammoth breed of vessels, MOL's estimates, a suezmax boxship would be able to carry 200,000 TEU of containers in 24 rows, with a length of 415 metres and 16.3 metre draft. In comparison, a Triple-E class vessel has 23 rows, with a 400 metre length and 16 metre draft.
The Panama Canal's expansion would draw 8,000 TEU-9,000 TEU ships from Asia-Europe to Asia-US east coast trades, squeezing out panamax vessels or smaller.
"Those 8,000 TEU-9,000 TEU ships will have better employment... the surplus of panamax sector is more of a problem for owners, rather than for operators," Mr Konishi said.
G6 Alliance members are studying options for buying 18,000-TEU plus box ships, but no decision has yet been made, according to Mitsui OSK Lines (MOL) managing executive officer TK Konishi.
"Perhaps [we will have a] maximum two sets of 18,000 to 19,000-TEU ships by 2020, or by 2022 or 2023. It's a long-term issue," with each member contributing up to four vessels to share equal responsibility.
By comparison the rival P3 Network of Maersk, CMA CGM and MSC is due to operate at least twenty-nine 18,000 to 19,000 TEUers by 2016, provided it gains regulatory approval.
The careful approach is partly due to G6's smaller market share on Asia-Europe routes. Mr Konishi believes the largest ships within the G6 network, at 13,000 to 14,000 TEU, could be just as competitive as P3's bigger vessels, he told Lloyd's List in an interview.
"It's not really the size of ships that matters, but slot costs," Mr Konishi said. "We'll have 48 ships (of 13,000 TEU-14,000 TEU) by 2016, mostly by 2015... only five of them are ordered before the Lehman shock (at high prices)."
G6 deploys on Asia-North Europe and Asia-Mediterranean services 40 vessels larger than 13,000 TEU. "Those ships are very cost competitive."
Said Mr Konishi: "If we order 18,000 to 19,000-TEU ships now, those ships can be much cheaper... then there will be some cost benefits."
MOL is confident that G6 can widen its network to cover transpacific and transatlantic trades from the second quarter as planned.
"We have been operating in accordance with our FMC filings... from that perspective we have antitrust immunity," Mr Konishi said.
"As long as we discuss all sorts of things fully lawful as filed in agreements, I don't really see any reason we have to be in the TSA to operate in the alliance."
On liner alliances upsizing vessels in their networks over the past two years, he said, it is "kind of a vicious circle but one of the simplest, most straightforward ways to lower our slot costs".
With regards to the most viable trade routes of the future given the size of the mammoth breed of vessels, MOL's estimates, a suezmax boxship would be able to carry 200,000 TEU of containers in 24 rows, with a length of 415 metres and 16.3 metre draft. In comparison, a Triple-E class vessel has 23 rows, with a 400 metre length and 16 metre draft.
The Panama Canal's expansion would draw 8,000 TEU-9,000 TEU ships from Asia-Europe to Asia-US east coast trades, squeezing out panamax vessels or smaller.
"Those 8,000 TEU-9,000 TEU ships will have better employment... the surplus of panamax sector is more of a problem for owners, rather than for operators," Mr Konishi said.
CMA CGM Reveals Its Asia Southern Red Sea Express Service
CMA CGM Reveals Its Asia Southern Red Sea Express Service
This new service is in addition to existing Asia Northern Red Sea Express (REX2) which together will improve port coverage to meet the growing demand and customer requirements in the Red Sea market.
This new setup is developed through a Vessel Sharing Agreement with United Arab Shipping Company (UASC) and China Shipping Container lines (CSCL).
It will also benefit Red Sea exporters in minimizing their transit time through the improved port coverage.
Stéphane Courquin, Vice-President of CMA CGM Asia Med Lines states: “It was strategic to consolidate and build up our presence in the Red Sea markets with improved services from Asia. This new configuration is an additional step of our deployment in the area and confirms the will of the Group to strengthen its presence in these strategic areas”
This new service is in addition to existing Asia Northern Red Sea Express (REX2) which together will improve port coverage to meet the growing demand and customer requirements in the Red Sea market.
This new setup is developed through a Vessel Sharing Agreement with United Arab Shipping Company (UASC) and China Shipping Container lines (CSCL).
It will also benefit Red Sea exporters in minimizing their transit time through the improved port coverage.
Stéphane Courquin, Vice-President of CMA CGM Asia Med Lines states: “It was strategic to consolidate and build up our presence in the Red Sea markets with improved services from Asia. This new configuration is an additional step of our deployment in the area and confirms the will of the Group to strengthen its presence in these strategic areas”
CSAV shareholders, opposing Hapag Lloyd
CSAV shareholders, opposing Hapag Lloyd merger have one month to decide
COMPANIA Sud Americana de Vapores (CSAV) shareholders opposed to merging the Chilean company's container activities with Germany's Hapag-Lloyd have a month to decide whether to block the deal.
This comes after 84.5 per cent of CSAV's shareholders voted for the merger and creating the world's biggest container line at an extraordinary shareholders meeting held in Valparaiso on March 21.
Those opposed to the merger have until April 20 to exercise the appraisal rights, reported Lloyd's List.
The merger requires 95 per cent support from shareholders in order to progress.
In January, both companies signed a non-binding memorandum of understanding establishing that, should the merger be completed, CSAV would receive 30 per cent of the combined company.
There will be an initial capital raising of EUR370 million (US$506 million), to which CSAV must subscribe EUR259 million within 100 days of conclusion of the transaction.
A further EUR370 million will be raised within one year as part of a listing of Hapag-Lloyd, a declared aim of TUI, holder of 22 per cent of the company.
The new company would have a combined carrying capacity of one million TEU, transported volume of 7.5 million TEU per year and combined sales of $12 billion annually on cost savings of $300 million a year, according to CSAV.
COMPANIA Sud Americana de Vapores (CSAV) shareholders opposed to merging the Chilean company's container activities with Germany's Hapag-Lloyd have a month to decide whether to block the deal.
This comes after 84.5 per cent of CSAV's shareholders voted for the merger and creating the world's biggest container line at an extraordinary shareholders meeting held in Valparaiso on March 21.
Those opposed to the merger have until April 20 to exercise the appraisal rights, reported Lloyd's List.
The merger requires 95 per cent support from shareholders in order to progress.
In January, both companies signed a non-binding memorandum of understanding establishing that, should the merger be completed, CSAV would receive 30 per cent of the combined company.
There will be an initial capital raising of EUR370 million (US$506 million), to which CSAV must subscribe EUR259 million within 100 days of conclusion of the transaction.
A further EUR370 million will be raised within one year as part of a listing of Hapag-Lloyd, a declared aim of TUI, holder of 22 per cent of the company.
The new company would have a combined carrying capacity of one million TEU, transported volume of 7.5 million TEU per year and combined sales of $12 billion annually on cost savings of $300 million a year, according to CSAV.
First essDOCS Ocean Line Electronic Bill of Lading
First essDOCS Ocean Line Electronic Bill of Lading
The negotiable electronic ocean or master bill of lading was issued by NYK Line to a global essDOCS customer, for a shipment from Singapore to China on the M/V Vancouver Bridge.
The NYK Line eB/L was issued to Elite International Logistics Singapore (the forwarder working on behalf of the customer) on February 7th, who in turn added the necessary supporting eDocs and presented the set of electronic documents (eSet) to the American trade finance bank. After completing its review of the eSet, the American bank presented the eSet to the issuing bank, China CITIC Bank. Following that transaction, China CITIC Bank accepted the eSet under the terms of the eUCP letter of credit and in turn sent the original eDocs to Wuhan XinLianChuang Plastics. Wuhan XinLianChuang then surrendered the eB/L to NYK and received their cargo at Shanghai port.
This shipment marked many firsts for essDOCS:
First operational use of essDOCS eB/L solution in the liner segment
First use of eUCP involving a liner eB/L
First containerised chemical shipment using eB/Ls
First operational use by NYK Lines of essDOCS solution
First operational use by Elite International Logistics
First operational use by leading American trade finance bank (essDOCS’ first American Bank to adopt ePresentation solution)
First operational use by China CITIC Bank (essDOCS’s first Chinese Bank to adopt its ePresentation solution)
First operational use by Wuhan XinLianChuang
The eB/L was created from XML data pushed by NYK Line into the essDOCS eB/L solution using a standard message, resulting in an eB/L comprised purely of data based on NYK Line’s standard B/L template. This approach reuses Lines’ current IT capabilities and transitions the majority of interfacing work to essDOCS.
Most crucially, all documents involved in this transaction were managed electronically, therefore handled as eDocs only. Electronic documents used in addition to electronic bill of lading included:
Notice of Completeness
Insurance Certificate
Commercial Invoice
Packing List
LC Negotiation Form
Covering Letter
This significant live transaction followed several weeks of testing in Q4 2013, involving all the trial participants. essDOCS has been undertaking similar tests with a number of other container lines who have completed successful testing last year and are planning to transition to operational use in coffee and metals trades later this quarter. essDOCS is in advanced talks with a number of other lines, and expects the number of users testing its liner eB/L solution to increase steadily throughout the year.
Lincoln Leung, Global & AOC BPM of NYK Line, said: “The use of our existing XML files and data structure meant we could populate the electronic NYK Bill of Lading draft quickly, and send it with one click to Elite to verify. Once Elite confirmed the eB/L draft, our Export Documentation Team in Singapore signed and issued the eB/L upon vessel departure. Overall we were not asked to change our process much, which is a good thing.”
Yong Liu, General Manager of International Banking Department of China CITIC Bank said: “It’s a pleasure to issue and honour the first Letter of Credit requiring eDocs including eB/L presented through essDOCS in China. China CITIC Bank always focuses on innovation, and will devote to promote the use of electronic documents in trade finance.”
Alexander Goulandris, CEO of essDOCS, said: “Today marks a major milestone in essDOCS history which couldn’t have been accomplished without the vision and collaboration of our customers, who are supported 24/7 by essDOCS’s dedicated eB/L specialists. Our first liner eB/L marks essDOCS entrance into it’s last major shipping segment, and demonstrates the growing interest of eDocs, and in particular, the eUCP in the Asia Pacific market.”
The negotiable electronic ocean or master bill of lading was issued by NYK Line to a global essDOCS customer, for a shipment from Singapore to China on the M/V Vancouver Bridge.
The NYK Line eB/L was issued to Elite International Logistics Singapore (the forwarder working on behalf of the customer) on February 7th, who in turn added the necessary supporting eDocs and presented the set of electronic documents (eSet) to the American trade finance bank. After completing its review of the eSet, the American bank presented the eSet to the issuing bank, China CITIC Bank. Following that transaction, China CITIC Bank accepted the eSet under the terms of the eUCP letter of credit and in turn sent the original eDocs to Wuhan XinLianChuang Plastics. Wuhan XinLianChuang then surrendered the eB/L to NYK and received their cargo at Shanghai port.
This shipment marked many firsts for essDOCS:
First operational use of essDOCS eB/L solution in the liner segment
First use of eUCP involving a liner eB/L
First containerised chemical shipment using eB/Ls
First operational use by NYK Lines of essDOCS solution
First operational use by Elite International Logistics
First operational use by leading American trade finance bank (essDOCS’ first American Bank to adopt ePresentation solution)
First operational use by China CITIC Bank (essDOCS’s first Chinese Bank to adopt its ePresentation solution)
First operational use by Wuhan XinLianChuang
The eB/L was created from XML data pushed by NYK Line into the essDOCS eB/L solution using a standard message, resulting in an eB/L comprised purely of data based on NYK Line’s standard B/L template. This approach reuses Lines’ current IT capabilities and transitions the majority of interfacing work to essDOCS.
Most crucially, all documents involved in this transaction were managed electronically, therefore handled as eDocs only. Electronic documents used in addition to electronic bill of lading included:
Notice of Completeness
Insurance Certificate
Commercial Invoice
Packing List
LC Negotiation Form
Covering Letter
This significant live transaction followed several weeks of testing in Q4 2013, involving all the trial participants. essDOCS has been undertaking similar tests with a number of other container lines who have completed successful testing last year and are planning to transition to operational use in coffee and metals trades later this quarter. essDOCS is in advanced talks with a number of other lines, and expects the number of users testing its liner eB/L solution to increase steadily throughout the year.
Lincoln Leung, Global & AOC BPM of NYK Line, said: “The use of our existing XML files and data structure meant we could populate the electronic NYK Bill of Lading draft quickly, and send it with one click to Elite to verify. Once Elite confirmed the eB/L draft, our Export Documentation Team in Singapore signed and issued the eB/L upon vessel departure. Overall we were not asked to change our process much, which is a good thing.”
Yong Liu, General Manager of International Banking Department of China CITIC Bank said: “It’s a pleasure to issue and honour the first Letter of Credit requiring eDocs including eB/L presented through essDOCS in China. China CITIC Bank always focuses on innovation, and will devote to promote the use of electronic documents in trade finance.”
Alexander Goulandris, CEO of essDOCS, said: “Today marks a major milestone in essDOCS history which couldn’t have been accomplished without the vision and collaboration of our customers, who are supported 24/7 by essDOCS’s dedicated eB/L specialists. Our first liner eB/L marks essDOCS entrance into it’s last major shipping segment, and demonstrates the growing interest of eDocs, and in particular, the eUCP in the Asia Pacific market.”
Hapag-Lloyd narrows loss 32.6pc
Hapag-Lloyd narrows loss 32.6pc while increasing operating profit 156pc
GERMANY's Hapag-Lloyd, the world's sixth biggest container line, narrowed its net loss 32.6 per cent to EUR97.4 million (US$134.3 million) from the EUR128.3 million loss suffered the year before.
At the same time it also posted 156 per cent increase in year-on-year operating profit to EUR67.2 million, drawn on revenues of EUR6.57 billion, down 4.1 per cent.
Earnings before insurance, taxes, depreciation and amortisation (EBITDA) also increased 16.1 per cent year on year to EUR389.1 million.
"Hapag-Lloyd improved its result and transport volume despite persistently tough competition. Thanks to its global liner network with almost 100 services, Hapag-Lloyd was able to take full advantage of growth opportunities in a difficult market," said a company statement.
Said Hapag-Lloyd chairman Michael Behrendt: "Both factors, the improvement in results and the higher transport volume, are clear evidence of the strength of Hapag-Lloyd in the global market."
Transport volume increased 4.6 per cent to 5.5 million TEU across all trades in 2013. But freight rates continued to sag, remaining at $99 per TEU below the previous year's $1,482 per TEU. Revenue declined largely due to a weaker dollar.
"Although Hapag-Lloyd continued to perform well compared to other industry players thanks to the positive operating result, this result nevertheless falls well short of our expectations for 2013 and is ultimately disappointing," said Mr Behrendt.
Said the company statement: "It was no longer possible to push through sustainable rate increases in the market from the second quarter, despite good ship utilisation at times. The important peak season in the third quarter failed to occur again as in the previous year."
Cost-cutting measures paid off and contributed to operating profits. Slightly lower bunker prices of $613/tonne helped. Overall, transport expenses were cut by EUR409 million compared with the previous year by means of savings and energy price effects.
Weaker-than-expected economic growth, particularly in the key BRIC states, had a negative impact on global transport volumes in the past year and thus on the course of business, said the company statement.
"The outlook is much better for the liner shipping sector, especially as the addition of new shipping capacities will decline and an increasing number of older ships will disappear from the market and be scrapped," said Mr Behrendt.
GERMANY's Hapag-Lloyd, the world's sixth biggest container line, narrowed its net loss 32.6 per cent to EUR97.4 million (US$134.3 million) from the EUR128.3 million loss suffered the year before.
At the same time it also posted 156 per cent increase in year-on-year operating profit to EUR67.2 million, drawn on revenues of EUR6.57 billion, down 4.1 per cent.
Earnings before insurance, taxes, depreciation and amortisation (EBITDA) also increased 16.1 per cent year on year to EUR389.1 million.
"Hapag-Lloyd improved its result and transport volume despite persistently tough competition. Thanks to its global liner network with almost 100 services, Hapag-Lloyd was able to take full advantage of growth opportunities in a difficult market," said a company statement.
Said Hapag-Lloyd chairman Michael Behrendt: "Both factors, the improvement in results and the higher transport volume, are clear evidence of the strength of Hapag-Lloyd in the global market."
Transport volume increased 4.6 per cent to 5.5 million TEU across all trades in 2013. But freight rates continued to sag, remaining at $99 per TEU below the previous year's $1,482 per TEU. Revenue declined largely due to a weaker dollar.
"Although Hapag-Lloyd continued to perform well compared to other industry players thanks to the positive operating result, this result nevertheless falls well short of our expectations for 2013 and is ultimately disappointing," said Mr Behrendt.
Said the company statement: "It was no longer possible to push through sustainable rate increases in the market from the second quarter, despite good ship utilisation at times. The important peak season in the third quarter failed to occur again as in the previous year."
Cost-cutting measures paid off and contributed to operating profits. Slightly lower bunker prices of $613/tonne helped. Overall, transport expenses were cut by EUR409 million compared with the previous year by means of savings and energy price effects.
Weaker-than-expected economic growth, particularly in the key BRIC states, had a negative impact on global transport volumes in the past year and thus on the course of business, said the company statement.
"The outlook is much better for the liner shipping sector, especially as the addition of new shipping capacities will decline and an increasing number of older ships will disappear from the market and be scrapped," said Mr Behrendt.
Sinotrans structure offers growth potential
Shift in Sinotrans structure offers growth potential
The restructuring within the Sinotrans group will be positive for both listed companies in the group, Sinotrans Ltd and Sinotrans Shipping, say analysts.
Sinotrans Ltd will dispose of its loss-making marine transportation business to its sister company, Sinotrans Shipping, to focus on its logistics services business, Dow Jones reported.
Morgan Stanley said the disposal would help stem losses and deleverage the balance sheet. It raised its target price on the stock by seven percent.
Though Sinotrans Shipping has to absorb the unprofitable shipping business, the dry bulk chartering business injected by the parent group will offer significant growth potential, says Credit Suisse.
It says the profitability of the chartering business is expected to improve with strengthening demand for dry bulk commodities. Credit Suisse says the company still has a large cash pile, equal to over 60 percent of its market value, after the deal.
The restructuring within the Sinotrans group will be positive for both listed companies in the group, Sinotrans Ltd and Sinotrans Shipping, say analysts.
Sinotrans Ltd will dispose of its loss-making marine transportation business to its sister company, Sinotrans Shipping, to focus on its logistics services business, Dow Jones reported.
Morgan Stanley said the disposal would help stem losses and deleverage the balance sheet. It raised its target price on the stock by seven percent.
Though Sinotrans Shipping has to absorb the unprofitable shipping business, the dry bulk chartering business injected by the parent group will offer significant growth potential, says Credit Suisse.
It says the profitability of the chartering business is expected to improve with strengthening demand for dry bulk commodities. Credit Suisse says the company still has a large cash pile, equal to over 60 percent of its market value, after the deal.
APM Terminals Wins Asia Port Operator Award
APM Terminals Wins Asia Port Operator Award
APM Terminals has been named the winner of the 2013 Lloyd’s List Asia Awards annual “Port Operator” Award in recognition of maintaining “the highest standards of operational efficiency and customer service throughout the year” among port and terminal operators in the Far East.
Excluding operations in the Indian Subcontinent (which was not part of the award’s scope) APM Terminals’ current Asian presence includes interests in 10 terminal facilities in China, two in Japan, two in Thailand, one in Vietnam, one in the Russian Pacific port of Vostochny, and the Port of Tanjung Pelepas, in Malaysia.
“We are very gratified to receive this very prestigious award in recognition of the achievements and commitment to excellence demonstrated by our global team, and our partners across Asia” stated APM Terminals Asia Pacific Regional Head, Henrik Lundgaard Pedersen. The award was collected by Rizwan Soomar, APM Terminals Chief Commercial Officer for the APAC region, who attended the awards presentation ceremony at the Raffles City Convention Center in Singapore.
APM Terminals’ 17 Far East Asian facilities handled a combined 10.7 million TEUs in 2012, (weighted by equity share), representing 30% of the company’s total annual container volume, and approximately 3% of the total Far East Asian container market. APM Terminals also maintains regional sales and business development offices in Shanghai, Hong Kong and Singapore.
In addition to the existing operating facilities, APM Terminals has signed an agreement with the Ningbo Port Group to jointly invest in and operate three new berths comprising 1km of quay in Ningbo’s Meishan Container Terminal, with a 33% ownership share. This new facility at mainland China’s 3rd-largest container port is scheduled to be operational by the end of 2014 with an annual container throughput capacity of 2.8 million TEUs. An expansion at the Qingdao New Qianwan Terminal in Qingdao, China’s 5th-busiest container port is also underway.
At the Port of Tanjung Pelepas (PTP), in Malaysia, in which APM Terminals holds a 30% share, an expansion program and crane upgrade will increase capacity by 24% to 10.5 million TEUs. The new facilities are expected to be operational next year and will be able to accommodate 18,000 TEU capacity vessels. PTP handled 7.7 million TEUS in 2012 and is the 3rd-largest container port in Southeast Asia.
APM Terminals’ industry-leading safety performance and Safety Culture have been successfully implemented across the company’s Asian operations, with the overall terminal Lost-Time Injury Frequency rate decreasing to 2.15 per million man-hours worked in 2012 from 3.59 in 2011. During this period productivity measured in crane lifts per hour increased by 8%, while CO2 emissions per TEU declined by 4%.
Last month, APM Terminals was also named “International Terminal Operator of the Year” for 2013 at the annual Containerisation International Awards in London.
APM Terminals has been named the winner of the 2013 Lloyd’s List Asia Awards annual “Port Operator” Award in recognition of maintaining “the highest standards of operational efficiency and customer service throughout the year” among port and terminal operators in the Far East.
Excluding operations in the Indian Subcontinent (which was not part of the award’s scope) APM Terminals’ current Asian presence includes interests in 10 terminal facilities in China, two in Japan, two in Thailand, one in Vietnam, one in the Russian Pacific port of Vostochny, and the Port of Tanjung Pelepas, in Malaysia.
“We are very gratified to receive this very prestigious award in recognition of the achievements and commitment to excellence demonstrated by our global team, and our partners across Asia” stated APM Terminals Asia Pacific Regional Head, Henrik Lundgaard Pedersen. The award was collected by Rizwan Soomar, APM Terminals Chief Commercial Officer for the APAC region, who attended the awards presentation ceremony at the Raffles City Convention Center in Singapore.
APM Terminals’ 17 Far East Asian facilities handled a combined 10.7 million TEUs in 2012, (weighted by equity share), representing 30% of the company’s total annual container volume, and approximately 3% of the total Far East Asian container market. APM Terminals also maintains regional sales and business development offices in Shanghai, Hong Kong and Singapore.
In addition to the existing operating facilities, APM Terminals has signed an agreement with the Ningbo Port Group to jointly invest in and operate three new berths comprising 1km of quay in Ningbo’s Meishan Container Terminal, with a 33% ownership share. This new facility at mainland China’s 3rd-largest container port is scheduled to be operational by the end of 2014 with an annual container throughput capacity of 2.8 million TEUs. An expansion at the Qingdao New Qianwan Terminal in Qingdao, China’s 5th-busiest container port is also underway.
At the Port of Tanjung Pelepas (PTP), in Malaysia, in which APM Terminals holds a 30% share, an expansion program and crane upgrade will increase capacity by 24% to 10.5 million TEUs. The new facilities are expected to be operational next year and will be able to accommodate 18,000 TEU capacity vessels. PTP handled 7.7 million TEUS in 2012 and is the 3rd-largest container port in Southeast Asia.
APM Terminals’ industry-leading safety performance and Safety Culture have been successfully implemented across the company’s Asian operations, with the overall terminal Lost-Time Injury Frequency rate decreasing to 2.15 per million man-hours worked in 2012 from 3.59 in 2011. During this period productivity measured in crane lifts per hour increased by 8%, while CO2 emissions per TEU declined by 4%.
Last month, APM Terminals was also named “International Terminal Operator of the Year” for 2013 at the annual Containerisation International Awards in London.
Amazon.com Inc. Preparing To Release a Smartphone
 |
| Amazon.com |
Amazon.com Inc. is preparing to release a smartphone in the second half of this year 2014 , according to people briefed on the company's plans, part of a broad push into hardware that would pit it against Apple Inc. and Samsung Electronics Co.
The retailer has been demonstrating versions of the handset to developers in San Francisco and its hometown Seattle in recent weeks, these people said. People briefed on the company's plans have been told that Amazon aims to announce the phone by the end of June and begin shipping phones by the end of September, ahead of the holiday shopping season.
The people said Amazon hopes to distinguish its phone in a crowded market with a screen capable of displaying seemingly three-dimensional images without special glasses, these people said. They said the phone would employ retina-tracking technology embedded in four front-facing cameras, or sensors, to make some images appear to be 3-D, similar to a hologram, the people said.
An Amazon spokesman declined to comment.
The phone would thrust Amazon into a competitive market with entrenched players that has nearly felled once high-flying device makers like BlackBerry Ltd. and Motorola. With Apple and Samsung alone commanding 49% of the worldwide smartphone market, according to market researcher IDC, there is little room for upstarts.
News of the phone comes as Amazon moves more deeply into designing and making hardware. Last week, it unveiled its Fire TV set-top box and said it will soon begin distributing a wand customers can use to scan product barcodes at home to re-order groceries and other goods without logging into their computers. It introduced new versions of its Kindle Fire tablets last year.
But Amazon approaches hardware differently than many other companies. Chief Executive Jeff Bezos has said he prefers Amazon to profit from customers buying services through Amazon hardware, rather than profit from the devices themselves.
CEO Jeff Bezos has said he'd rather Amazon profit from the services it sells than from the devices it builds.
The design and pricing of the smartphone are unclear and these people cautioned that Amazon may alter its launch plans due to performance or other concerns.
The 3-D screen technology can sense the movement of a person's eyes and whether the screen is moving closer to a user's face, according to people familiar with the matter. In response, the phone will be able to automatically zoom into images as it moves closer to a user's face and could manipulate text and images as a person moves the phone.
The technology would be ideal for gaming, an area of recent focus for Amazon including on the set-top box. The phone's software is also optimized for very visual games, designed to provide a sense of depth, according to people who have handled the handsets.
It also isn't known what operating system the phone will use or which wireless carriers Amazon is working with. The Kindle Fire tablet and the Fire TV set-top box both rely on Google Inc.'s Android mobile-operating system. But Amazon created its own app store for the Kindle devices and does not offer access to Google's Play Store.
AT&T Inc. provides service for Kindle tablets and e-readers. An AT&T spokesman declined to comment.
Amazon has told one of its suppliers it is anticipating mass production of the device later this month, with an initial order of 600,000 units, according to a person briefed on the plans. The company has lined up two display makers for the smartphone, including Japan Display Inc., 6740.TO -1.67% the maker of displays for Apple's iPhone 5C and 5S, according to another person familiar with the details.
A Japan Display representative declined to comment.
Amazon has been inviting select app and software developers to hotels to demonstrate the handset in suites protected by security guards, two people familiar with the matter said.
Because consumers carry smartphones with them everywhere, Amazon would gain access to data like users' locations and app downloads, which could help generate new sales opportunities for e-books, video downloads and items like household goods.
Article Source from
http://online.wsj.com/news/article_email/SB10001424052702303873604579495940522902678-lMyQjAxMTA0MDEwMTExNDEyWj
Do You Know PI 3D Tablet NEO3DO ?
Check it Out Click HERE
Beware Heartbleed Bug | Passwords You Need to Change Right Now
The Passwords You Need to Change Right Now
An encryption flaw called the Heartbleed bug is already being called one of the biggest security threats the Internet has ever seen. The bug has affected many popular websites and services — ones you might use every day, like Gmail and Facebook — and could have quietly exposed your sensitive account information (such as passwords and credit card numbers) over the past two years.
But it hasn't always been clear which sites have been affected. Mashable reached out some of the most popular social, email, banking and commerce sites on the web. We've rounded up their responses below.
Some Internet companies that were vulnerable to the bug have already updated their servers with a security patch to fix the issue. This means you'll need to go in and change your passwords immediately for these sites. Even that is no guarantee that your information wasn't already compromised, but there's also no indication that hackers knew about the exploit before this week. The companies that are advising customers to change their passwords are doing so as a precautionary measure.
Although changing your password regularly is always good practice, if a site or service hasn't yet patched the problem, your information will still be vulnerable.
Also, if you reused the same password on multiple sites, and one of those sites was vulnerable, you'll need to change the password everywhere. It's not a good idea to use the same password across multiple sites, anyway.
We'll keep updating the list as new information comes in. Last update: April 12, 10:30 p.m. ET
Article from http://mashable.com/2014/04/09/heartbleed-bug-websites-affected
How to Protect Yourself From the Heartbleed Bug
An encryption flaw called the Heartbleed bug that has exposed a collection of popular websites — from Airbnb and Yahoo to NASA and OKCupid — could be one of the biggest security threats the Internet has ever seen. If you have logged into any of the affected sites over the past two years, your account information could be compromised, allowing cybercriminals to snap up your credit card information or steal your passwords.
You're likely affected either directly or indirectly by the bug, which was found by a member of Google's security team and a software firm named Codenomicon. The bad news: There's not a lot you can do about it now. It's the responsibility of Internet companies to update their servers to deal with Heartbleed, and once they do, you can take action (see below).
The issue involves network software called OpenSSL, which is an open-source set of libraries for encrypting online services.
Secure websites — with “https” in the URL ("s" stands for secure) — make up 56% of websites, and nearly half of those sites were vulnerable to the bug.
Secure websites — with “https” in the URL ("s" stands for secure) — make up 56% of websites, and nearly half of those sites were vulnerable to the bug. In theory, a cybercriminal could have exploited Heartbleed by making network requests that could piece together your sensitive data. The good news: There isn't any indication that a hacker caught wind of this; it seems the researchers were the first to locate the problem.
But the scary part is that attackers could have infiltrated these websites, extracted the information they wanted and left no trace of their presence. Thus, it's hard to determine whether someone ever exploited the bug, or if your account information was compromised.
What to do
First, check which sites you use are affected. If you don't want to read through the long list of websites with the security flaw, the password security firm LastPass has set up a Heartbleed Checker, which lets you enter the URL of any website to check its vulnerability to the bug and if the site has issued a patch. [Update: We've compiled a list of popular sites and whether they were affected.]
Next, change your passwords for major accounts — email, banking and social media logins — on sites that were affected by Heartbleed but patched the problem. That patch should also include reissuing any digital certificates that might be vulnerable. However, if the site or service hasn't patched the flaw yet, there's no point to changing your password. Instead, ask the company when it expects to push out a fix to deal with Heartbleed.
A big cause for concern is related to sites that have your sensitive information, such as Yahoo and OKCupid (most people aren't logging into NASA.gov with private data). Both companies have since issued a patch to fix the security hole, so users with accounts with those companies — including Yahoo Mail, Flickr and so on — should update their passwords immediately.
It's important to wait to get the "all clear" sign from a company or service before changing, especially now that this bug is out in the open. Changing a password before the bug is fully patched wont' make things any better.
Facebook and Twitter use OpenSSL web servers, though it's still unclear whether or not they were vulnerable to the issue.
Facebook and Twitter use OpenSSL web servers, though it's still unclear whether or not they were vulnerable to the issue. Facebook reportedly issued a security patch, as did Google.
Other websites that have issued an OpenSSL software security update include WordPress, Amazon Web Services and Akamai.
Some websites not considered vulnerable include AOL, Foursquare and Evernote, among others.
"It's a big deal for Internet users, especially when it comes to protecting financial information," Joe Siegrist, CEO and cofounder of LastPass, told Mashable. "Some financial organizations are using more conservative web security choices like Microsoft, which is not vulnerable to the bug, so users should check and see if their bank has been affected."
Make sure to keep an eye on sensitive online accounts, especially banking and email, for suspicious activity for the next week or so.
Article from http://mashable.com/2014/04/09/heartbleed-what-to-do
Check site security before changing your password
It’s not clear exactly which services were impacted, or what passwords may have been compromised. But if you have an account on Yahoo, OKCupid or Github—three popular sites known to have had the vulnerability (and patched it)—you should change your password on them as soon as possible.
Other big Web companies are taking steps to fix the problem. You can check if a service has updated its security by typing in its domain name at https://www.ssllabs.com/ssltest
If everything’s green, it has probably been fixed and you are clear to change your password. If the site is not in the green, hold off. Changing your password on vulnerable sites would either have no impact, or could potentially expose your new password.
Even without Heartbleed, passwords have never been more vulnerable, and you should change them for important accounts every 90 days.
Here’s what else you need to know today:
Turn on two-factor authentication :
Beyond using fresh passwords, it’s now important to adopt an additional defense, available on a growing number of sites, called “two-factor authentication.” (It also goes by “second factor,” “login verification” or by branding such as, in Bank of America’s case, “SafePass.”)
This option, now offered by many email services, banks and social networks, sends you a one-time code (usually via text message) every time you (or anyone else) tries to log into your account. You’ll need to type in that code to access your account.
Use at least five different passwords :
The biggest mistake you could make is choosing the same password for everything. If your password gets compromised on one site, someone might try to use it elsewhere.
Instead of trying to keep track of unique passwords for every site, memorize groups of them. Start with five key categories: banking, email, social networking, shopping and, finally, sites you visit very infrequently. Within those categories, you can make each password more unique by tacking on a character or two at the end specific to a site, like AZ for Amazon.com.
If there’s a breach in, say, one of your retail sites, you should immediately change all of the passwords in that group, though this strategy may have bought you a little time.
Choose strong passwords
What counts as strong? Longer is better; you’ll want passwords at least six to eight characters long that include numbers and characters. If your password appears on lists that hackers have exposed, you’ll need to start over.
Pet and family names are also a bad place to start because criminals might have access to your personal information. They might even be looking at your Facebook posts.
Unfortunately, sites and apps all have different standards. They also have different rules about the number and kinds of characters they’ll allow—some, for example, won’t accept uppercase, while others require it. A friend recently made a project of changing passwords on all 129 accounts in his life, and was ready to pull out his hair when he discovered one site would not accept the ampersand, while another wouldn’t accept a dollar sign.
It’s especially important to have unique passwords for email accounts, because hackers with access to your email can use it to initiate a “forgot my password” recovery process for other sites.
Some people also intentionally give incorrect answers to security-challenge questions on sites—What was your first car? What was the name of your first pet?—so that criminals with information about you still can’t guess the right answer.
There’s help to remember :
Writing down your passwords on something you keep in your wallet could put them at risk. But it is better to choose stronger passwords that you keep written in a safe place than to choose easily cracked ones that you memorize.
There are good ways to remember longer passwords, however.
The most basic trick is mnemonics. For example, choose passwords based around a phrase or random assortment of words you can remember. Or, use the first letter of every word from the phrase as your password. So, “I Left My Heart In San Francisco,” could be “ILMHISF.”
Don’t just stick to phrases and words that are true in your life. You can also remember phrases that are fabrications, like the wrong name for your dog, that criminals are less likely to guess.
Finally, some people invest in password manager services and apps, such as LastPass, PasswordBox and 1Password, which keep track of passwords and suggest especially strong ones.
Some security experts, though, warn against creating a single point of potential failure with all your passwords, especially if the service stores your passwords remotely. Still, they’re safer than just using “1234” or “password.”
Article Source from http://blogs.wsj.com/personal-technology/2014/04/09/how-and-why-to-change-your-passwords-today
How To Know HeartBleed Bug ?
The HeartBleed Bug
HeartBleed Bug
The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).
The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.
What leaks in practice?
We have tested some of our own services from attacker's perspective. We attacked ourselves from outside, without leaving a trace. Without using any privileged information or credentials we were able steal from ourselves the secret keys used for our X.509 certificates, user names and passwords, instant messages, emails and business critical documents and communication.
How to stop the leak?
As long as the vulnerable version of OpenSSL is in use it can be abused. Fixed OpenSSL has been released and now it has to be deployed. Operating system vendors and distribution, appliance vendors, independent software vendors have to adopt the fix and notify their users. Service providers and users have to install the fix as it becomes available for the operating systems, networked appliances and software they use.
Q&A
What is the CVE-2014-0160?
CVE-2014-0160 is the official reference to this bug. CVE (Common Vulnerabilities and Exposures) is the Standard for Information Security Vulnerability Names maintained by MITRE. Due to co-incident discovery a duplicate CVE, CVE-2014-0346, which was assigned to us, should not be used, since others independently went public with the CVE-2014-0160 identifier.
Why it is called the Heartbleed Bug?
Bug is in the OpenSSL's implementation of the TLS/DTLS (transport layer security protocols) heartbeat extension (RFC6520). When it is exploited it leads to the leak of memory contents from the server to the client and from the client to the server.
What makes the Heartbleed Bug unique?
Bugs in single software or library come and go and are fixed by new versions. However this bug has left large amount of private keys and other secrets exposed to the Internet. Considering the long exposure, ease of exploitation and attacks leaving no trace this exposure should be taken seriously.
Is this a design flaw in SSL/TLS protocol specification?
No. This is implementation problem, i.e. programming mistake in popular OpenSSL library that provides cryptographic services such as SSL/TLS to the applications and services.
What is being leaked?
Encryption is used to protect secrets that may harm your privacy or security if they leak. In order to coordinate recovery from this bug we have classified the compromised secrets to four categories: 1) primary key material, 2) secondary key material and 3) protected content and 4) collateral.
What is leaked primary key material and how to recover?
These are the crown jewels, the encryption keys themselves. Leaked secret keys allows the attacker to decrypt any past and future traffic to the protected services and to impersonate the service at will. Any protection given by the encryption and the signatures in the X.509 certificates can be bypassed. Recovery from this leak requires patching the vulnerability, revocation of the compromised keys and reissuing and redistributing new keys. Even doing all this will still leave any traffic intercepted by the attacker in the past still vulnerable to decryption. All this has to be done by the owners of the services.
What is leaked secondary key material and how to recover?
These are for example the user credentials (user names and passwords) used in the vulnerable services. Recovery from this leaks requires owners of the service first to restore trust to the service according to steps described above. After this users can start changing their passwords and possible encryption keys according to the instructions from the owners of the services that have been compromised. All session keys and session cookies should be invalidated and considered compromised.
What is leaked protected content and how to recover?
This is the actual content handled by the vulnerable services. It may be personal or financial details, private communication such as emails or instant messages, documents or anything seen worth protecting by encryption. Only owners of the services will be able to estimate the likelihood what has been leaked and they should notify their users accordingly. Most important thing is to restore trust to the primary and secondary key material as described above. Only this enables safe use of the compromised services in the future.
What is leaked collateral and how to recover?
Leaked collateral are other details that have been exposed to the attacker in the leaked memory content. These may contain technical details such as memory addresses and security measures such as canaries used to protect against overflow attacks. These have only contemporary value and will lose their value to the attacker when OpenSSL has been upgraded to a fixed version.
Recovery sounds laborious, is there a short cut?
After seeing what we saw by "attacking" ourselves, with ease, we decided to take this very seriously. We have gone laboriously through patching our own critical services and are dealing with possible compromise of our primary and secondary key material. All this just in case we were not first ones to discover this and this could have been exploited in the wild already.
How revocation and reissuing of certificates works in practice?
If you are a service provider you have signed your certificates with a Certificate Authority (CA). You need to check your CA how compromised keys can be revoked and new certificate reissued for the new keys. Some CAs do this for free, some may take a fee.
Am I affected by the bug?
You are likely to be affected either directly or indirectly. OpenSSL is the most popular open source cryptographic library and TLS (transport layer security) implementation used to encrypt traffic on the Internet. Your popular social site, your company's site, commerce site, hobby site, site you install software from or even sites run by your government might be using vulnerable OpenSSL. Many of online services use TLS to both to identify themselves to you and to protect your privacy and transactions. You might have networked appliances with logins secured by this buggy implementation of the TLS. Furthermore you might have client side software on your computer that could expose the data from your computer if you connect to compromised services.
How widespread is this?
Most notable software using OpenSSL are the open source web servers like Apache and nginx. The combined market share of just those two out of the active sites on the Internet was over 66% according to Netcraft's April 2014 Web Server Survey. Furthermore OpenSSL is used to protect for example email servers (SMTP, POP and IMAP protocols), chat servers (XMPP protocol), virtual private networks (SSL VPNs), network appliances and wide variety of client side software. Fortunately many large consumer sites are saved by their conservative choice of SSL/TLS termination equipment and software. Ironically smaller and more progressive services or those who have upgraded to latest and best encryption will be affected most. Furthermore OpenSSL is very popular in client software and somewhat popular in networked appliances which have most inertia in getting updates.
What versions of the OpenSSL are affected?
Status of different versions:
OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
OpenSSL 1.0.1g is NOT vulnerable
OpenSSL 1.0.0 branch is NOT vulnerable
OpenSSL 0.9.8 branch is NOT vulnerable
Bug was introduced to OpenSSL in December 2011 and has been out in the wild since OpenSSL release 1.0.1 on 14th of March 2012. OpenSSL 1.0.1g released on 7th of April 2014 fixes the bug.
How common are the vulnerable OpenSSL versions?
The vulnerable versions have been out there for over two years now and they have been rapidly adopted by modern operating systems. A major contributing factor has been that TLS versions 1.1 and 1.2 came available with the first vulnerable OpenSSL version (1.0.1) and security community has been pushing the TLS 1.2 due to earlier attacks against TLS (such as the BEAST).
How about operating systems?
Some operating system distributions that have shipped with potentially vulnerable OpenSSL version:
Debian Wheezy (stable), OpenSSL 1.0.1e-2+deb7u4
Ubuntu 12.04.4 LTS, OpenSSL 1.0.1-4ubuntu5.11
CentOS 6.5, OpenSSL 1.0.1e-15
Fedora 18, OpenSSL 1.0.1e-4
OpenBSD 5.3 (OpenSSL 1.0.1c 10 May 2012) and 5.4 (OpenSSL 1.0.1c 10 May 2012)
FreeBSD 10.0 - OpenSSL 1.0.1e 11 Feb 2013
NetBSD 5.0.2 (OpenSSL 1.0.1e)
OpenSUSE 12.2 (OpenSSL 1.0.1c)
Operating system distribution with versions that are not vulnerable:
Debian Squeeze (oldstable), OpenSSL 0.9.8o-4squeeze14
SUSE Linux Enterprise Server
FreeBSD 8.4 - OpenSSL 0.9.8y 5 Feb 2013
FreeBSD 9.2 - OpenSSL 0.9.8y 5 Feb 2013
FreeBSD 10.0p1 - OpenSSL 1.0.1g (At 8 Apr 18:27:46 2014 UTC)
FreeBSD Ports - OpenSSL 1.0.1g (At 7 Apr 21:46:40 2014 UTC)
How can OpenSSL be fixed?
Even though the actual code fix may appear trivial, OpenSSL team is the expert in fixing it properly so fixed version 1.0.1g or newer should be used. If this is not possible software developers can recompile OpenSSL with the handshake removed from the code by compile time option -DOPENSSL_NO_HEARTBEATS.
Should heartbeat be removed to aid in detection of vulnerable services?
Recovery from this bug might have benefitted if the new version of the OpenSSL would both have fixed the bug and disabled heartbeat temporarily until some future version. Majority, if not almost all, of TLS implementations that responded to the heartbeat request at the time of discovery were vulnerable versions of OpenSSL. If only vulnerable versions of OpenSSL would have continued to respond to the heartbeat for next few months then large scale coordinated response to reach owners of vulnerable services would become more feasible. However, swift response by the Internet community in developing online and standalone detection tools quickly surpassed the need for removing heartbeat altogether.
Can I detect if someone has exploited this against me?
Exploitation of this bug leaves no traces of anything abnormal happening to the logs.
Can IDS/IPS detect or block this attack?
Although the heartbeat can appear in different phases of the connection setup, intrusion detection and prevention systems (IDS/IPS) rules to detect heartbeat have been developed. Due to encryption differentiating between legitimate use and attack can not be based on the content of the request, but the attack may be detected by comparing the size of the request against the size of the reply. This implies that IDS/IPS can be programmed to detect the attack but not to block it unless heartbeat requests are blocked altogether.
Has this been abused in the wild?
We don't know. Security community should deploy TLS/DTLS honeypots that entrap attackers and to alert about exploitation attempts.
Can attacker access only 64k of the memory?
There is no total of 64 kilobytes limitation to the attack, that limit applies only to a single heartbeat. Attacker can either keep reconnecting or during an active TLS connection keep requesting arbitrary number of 64 kilobyte chunks of memory content until enough secrets are revealed.
Is this a MITM bug like Apple's goto fail bug was?
No this doesn't require a man in the middle attack (MITM). Attacker can directly contact the vulnerable service or attack any user connecting to a malicious service. However in addition to direct threat the theft of the key material allows man in the middle attackers to impersonate compromised services.
Does TLS client certificate authentication mitigate this?
No, heartbeat request can be sent and is replied to during the handshake phase of the protocol. This occurs prior to client certificate authentication.
Does OpenSSL's FIPS mode mitigate this?
No, OpenSSL Federal Information Processing Standard (FIPS) mode has no effect on the vulnerable heartbeat functionality.
Does Perfect Forward Secrecy (PFS) mitigate this?
Use of Perfect Forward Secrecy (PFS), which is unfortunately rare but powerful, should protect past communications from retrospective decryption. Please see https://twitter.com/ivanristic/status/453280081897467905 how leaked tickets may affect this.
Can heartbeat extension be disabled during the TLS handshake?
No, vulnerable heartbeat extension code is activated regardless of the results of the handshake phase negotiations. Only way to protect yourself is to upgrade to fixed version of OpenSSL or to recompile OpenSSL with the handshake removed from the code.
Who found the Heartbleed Bug?
This bug was independently discovered by a team of security engineers (Riku, Antti and Matti) at Codenomicon and Neel Mehta of Google Security, who first reported it to the OpenSSL team. Codenomicon team found heartbleed bug while improving the SafeGuard feature in Codenomicon's Defensics security testing tools and reported this bug to the NCSC-FI for vulnerability coordination and reporting to OpenSSL team.
What is the Defensics SafeGuard?
The SafeGuard feature of the Codenomicon's Defensics security testtools automatically tests the target system for weaknesses that compromise the integrity, privacy or safety. The SafeGuard is systematic solution to expose failed cryptographic certificate checks, privacy leaks or authentication bypass weaknesses that have exposed the Internet users to man in the middle attacks and eavesdropping. In addition to the Heartbleed bug the new Defensics TLS Safeguard feature can detect for instance the exploitable security flaw in widely used GnuTLS open source software implementing SSL/TLS functionality and the "goto fail;" bug in Apple's TLS/SSL implementation that was patched in February 2014.
Who coordinates response to this vulnerability?
Immediately after our discovery of the bug on 3rd of April 2014, NCSC-FI took up the task of verifying it, analyzing it further and reaching out to the authors of OpenSSL, software, operating system and appliance vendors, which were potentially affected. However, this vulnerability had been found and details released independently by others before this work was completed. Vendors should be notifying their users and service providers. Internet service providers should be notifying their end users where and when potential action is required.
Is there a bright side to all this?
For those service providers who are affected this is a good opportunity to upgrade security strength of the secret keys used. A lot of software gets updates which otherwise would have not been urgent. Although this is painful for the security community, we can rest assured that infrastructure of the cyber criminals and their secrets have been exposed as well.
What can be done to prevent this from happening in future?
The security community, we included, must learn to find these inevitable human mistakes sooner. Please support the development effort of software you trust your privacy to. Donate money to the OpenSSL project.
Where to find more information?
This Q&A was published as a follow-up to the OpenSSL advisory, since this vulnerability became public on 7th of April 2014. The OpenSSL project has made a statement at https://www.openssl.org/news/secadv_20140407.txt. NCSC-FI published an advisory at https://www.cert.fi/en/reports/2014/vulnerability788210.html. Individual vendors of operating system distributions, affected owners of Internet services, software packages and appliance vendors may issue their own advisories.
References
CVE-2014-0160
NCSC-FI case# 788210
OpenSSL Security Advisory (published 7th of April 2014, ~17:30 UTC)
CloudFlare: Staying ahead of OpenSSL vulnerabilities (published 7th of April 2014, ~18:00 UTC)
heartbleed.com (published 7th of April 2014, ~19:00 UTC)
Ubuntu / Security Notice USN-2165-1
FreshPorts / openssl 1.0.1_10
Tor Project / OpenSSL bug CVE-2014-0160
RedHat / RHSA-2014:0376-1
CentOS / CESA-2014:0376
Fedora / Status on CVE-2014-0160
CERT/CC (USA)
NCSC-FI (Finland)
CERT.at (Austria)
CIRCL (Luxembourg)
CERT-FR (France)
JPCERT/CC (Japan)
CERT-SE (Sweden)
NorCERT (Norway)
NCSC-NL (Netherlands)
CNCERT/CC (People's Republic of China)
Public Safety Canada
LITNET CERT (Lithuania)
MyCERT (Malaysia)
UNAM-CERT (Mexico)
SingCERT (Singapore)
Q-CERT (Qatar)
Article from Heartbleed.com
What A Difference Saving Account and Fixed Deposits Account
There are those who prefer a savings account as it offers easier withdrawals. While others prefer fixed deposits because of higher interest rates. It's a dilemma many may face but are the two really interchangeable? In the end, it all depends on your purpose.
So how much of a difference does it make?
Say you’re one of the luckier people to have RM5,000 as your savings and would love to see it grow further. Which option will help you gain more money, a savings account or a fixed deposit? Whilst the answer is obvious – what isn’t so obvious is by how much.
Savings account
Before you dismiss the idea of savings accounts giving you more savings, it’s worth noting that there are savings accounts with an interest rate of 3% p.a. Although these accounts require that you have a significant amount of savings in your account to be eligible for it. Bank Rakyat offers an interest rate of 3% for those who save RM100,000 in their account. One savings account by Affin Bank has the same rate as their fixed deposit, which is 3.38%, but you will need about RM1,000,000 to be eligible for that and well, not all of us are millionaires.
If all you have is RM5,000, on average most banks give a rate of 0%-0.7% p.a., with the highest rate giving you RM35 per year with that amount. There are those like the Alliance Buddy savings account that give you up to 1% with RM5,000. The highest available you can get for your RM5,000 in a savings account is the Hong Leong Junior Savings account with an interest rate of 2.9% for the first RM50,000 although this is reserved for children below the age of 18. Not too sure if your child can have RM5,000 in their account, but if they manage to gather all their allowance savings, presents and ang pows up to RM5,000, they’d be getting an extra RM145 in their account.
So you will get something for your RM5,000 – just not much.
Let’s see what fixed deposits can do for you instead.
Fixed deposits
Fixed deposits have a higher interest rate with anywhere between 2%-3.5%, with some being more. You may find the idea of saving in a Fixed Deposit account a little tougher as you have to keep a certain amount in your account at all time, or else lose out on the higher interest rate. But if you really want to put that RM5,000 away for your future instead, it’s a good option. You can always choose 1 month – 3 month FD’s for a little more flexibility but rates for these are usually lower than those for 6 and 12 months.
The average fixed deposit rate would be about 3% p.a., especially within the first year. So if you go with this, you would get RM150 for your RM5,000 savings although you can’t use that money straight off when you get it. The Mach Fixed Deposit by Hong Leong Bank gives a high interest rate of 3.7% p.a. and the flexibility to make partial withdrawals. This means you get RM185 a year and that’s definitely a higher amount than what any savings account can give you.
Should you get an FD?
There's no doubt that with a higher interest rate, the Fixed Deposit gives you more for your money. But if you need to constantly access your money, getting it may not be a good idea. It's still important to note that fixed deposits can be opened with as little as RM1,000 and at 3%, you earn RM30 per year just by saving it. In your regular savings account at 0.7%; you earn RM7, which in the end will be used to off-set the numerous ATM fees you’re charged.
If you really want to make your savings work for you, rather than just let it lie in the bank, why don't you use a fixed deposit that gives you that little extra instead? A savings account also makes it easier to spend due to its easy access, but if you really want to save for your future; look into saving in a fixed deposit.
Article from RinggitPlus.com. RinggitPlus compares credit cards, personal loans and home loans to help Malaysians get more for their money.
So how much of a difference does it make?
Say you’re one of the luckier people to have RM5,000 as your savings and would love to see it grow further. Which option will help you gain more money, a savings account or a fixed deposit? Whilst the answer is obvious – what isn’t so obvious is by how much.
Savings account
Before you dismiss the idea of savings accounts giving you more savings, it’s worth noting that there are savings accounts with an interest rate of 3% p.a. Although these accounts require that you have a significant amount of savings in your account to be eligible for it. Bank Rakyat offers an interest rate of 3% for those who save RM100,000 in their account. One savings account by Affin Bank has the same rate as their fixed deposit, which is 3.38%, but you will need about RM1,000,000 to be eligible for that and well, not all of us are millionaires.
If all you have is RM5,000, on average most banks give a rate of 0%-0.7% p.a., with the highest rate giving you RM35 per year with that amount. There are those like the Alliance Buddy savings account that give you up to 1% with RM5,000. The highest available you can get for your RM5,000 in a savings account is the Hong Leong Junior Savings account with an interest rate of 2.9% for the first RM50,000 although this is reserved for children below the age of 18. Not too sure if your child can have RM5,000 in their account, but if they manage to gather all their allowance savings, presents and ang pows up to RM5,000, they’d be getting an extra RM145 in their account.
So you will get something for your RM5,000 – just not much.
Let’s see what fixed deposits can do for you instead.
Fixed deposits
Fixed deposits have a higher interest rate with anywhere between 2%-3.5%, with some being more. You may find the idea of saving in a Fixed Deposit account a little tougher as you have to keep a certain amount in your account at all time, or else lose out on the higher interest rate. But if you really want to put that RM5,000 away for your future instead, it’s a good option. You can always choose 1 month – 3 month FD’s for a little more flexibility but rates for these are usually lower than those for 6 and 12 months.
The average fixed deposit rate would be about 3% p.a., especially within the first year. So if you go with this, you would get RM150 for your RM5,000 savings although you can’t use that money straight off when you get it. The Mach Fixed Deposit by Hong Leong Bank gives a high interest rate of 3.7% p.a. and the flexibility to make partial withdrawals. This means you get RM185 a year and that’s definitely a higher amount than what any savings account can give you.
Should you get an FD?
There's no doubt that with a higher interest rate, the Fixed Deposit gives you more for your money. But if you need to constantly access your money, getting it may not be a good idea. It's still important to note that fixed deposits can be opened with as little as RM1,000 and at 3%, you earn RM30 per year just by saving it. In your regular savings account at 0.7%; you earn RM7, which in the end will be used to off-set the numerous ATM fees you’re charged.
If you really want to make your savings work for you, rather than just let it lie in the bank, why don't you use a fixed deposit that gives you that little extra instead? A savings account also makes it easier to spend due to its easy access, but if you really want to save for your future; look into saving in a fixed deposit.
Article from RinggitPlus.com. RinggitPlus compares credit cards, personal loans and home loans to help Malaysians get more for their money.
Sell Jewelry Online
How To Successfully Sell Jewelry Online
If you are looking to sell jewelry online, there are some things you should consider. You have some options depending on your goals and the type of jewelry you want to sell. It is possible to have your own small business selling jewelry over the Internet.
First, determine what type of jewelry you want to sell. One of the primary decisions should be if you are making it yourself or selling pre-made pieces. This will determine your marketing strategy as well as different options for venues. Think about your target customers. Selling bracelets intended for teens will be very different than selling bracelets for adult women. It is helpful to put these ideas down on paper in order to formulate a precise and goal oriented business plan.
The next step is to figure out what kind of website you want. There are options, and they partially depend on how the jewelry is made. If you intend to make the pieces yourself, there are specialty sites that only sell handmade goods. These are great because they provide a marketplace full of potential customers looking for hand crafted items. However, most ask for some sort of fee for posting these items. If your plan is to sell pre-made items, there are also retail sites that will provide this service. Again, most of these will ask for a fee, usually a small percentage from each sale. Finally, you can also sell jewelry on your own website. Commerce sites require a little more technical skill to create and design. However, hiring someone to do this for you is always an option.
A key component to success is prompt and courteous service. Customers will often base part of their decision to buy something online off of feedback left by previous customers. Make sure everyone who purchases something from you is happy. Manage your orders and ship them out as soon as possible. Also take the time to package the item carefully. This is especially true for delicate or intricate pieces. Check your email daily and answer any questions or concerns from customers right away. You want people to leave you positive and outstanding feedback.
Market your jewelry by having business cards, pamphlets, and other promotional materials handy. Your website, email, and services should be easily read. Include related services like jewelry repair or custom designs if you are willing to do so. Do not be afraid to pass out your business cards or to hang fliers on community bulletin boards!
Starting your own small jewelry business can bring you some extra money. To sell jewelry online you need to have a clear business plan, a website, excellent customer service, and marketing skills. Start selling today!
Subscribe to:
Posts (Atom)