Author: Nick Farrell

FBI investigates Gamergate

Posted on December 19, 2014 by - News

untouchablesThe FBI has confirmed that it has opened an investigation related to the #Gamergate campaign, which had rapidly turned from a debate about “journalistic ethics in the gaming software world” to a hate campaign against women.

The bureau stated that, while they have documents related to the loose coalition of Gamergate those files are part of an ongoing investigation, and release “would interfere with law enforcement proceedings.” Who or what is being investigated remains is unknown.

A number of individuals, including Anita Sarkeesian and Brianna Wu, have reported death threats after being targeted by Gamergate.

This will be bad news for the hackers and script kiddies who thought that they would be allowed to cyber stalk women and threaten to kill them without any reaction from the police. It is also a bit embarrassing for those who thought that #Gamergate was not illegal and the negative response was just the ranting of a few women who were trying to stop them playing games and go outside.

Although how it could justify DDOSing a disabled charity  is anyone’s guess.

 

Apple breaks promises on Chinese suppliers

Posted on December 19, 2014 by - News

appleApple products continue to be made by workers in shocking conditions, despite promises from Jobs’ Mob to the contrary, according to an undercover BBC Panorama investigation.

Panorama found standards on workers’ hours, ID cards, dormitories, work meetings and juvenile workers were being breached at the Pegatron factories.

Workers were filmed falling asleep on their 12-hour shifts at the Pegatron factories on the outskirts of Shanghai.

One undercover reporter, working in a factory making parts for Apple computers, had to work 18 days in a row despite repeated requests for a day off.

Another reporter, whose longest shift was 16 hours, said: “Every time I got back to the dormitories, I wouldn’t want to move.

“Even if I was hungry I wouldn’t want to get up to eat. I just wanted to lie down and rest. I was unable to sleep at night because of the stress.”

Rather than fessing up, Apple said it strongly disagreed with the programme’s conclusions, although it declined to be interviewed for the programme.

It insisted that no other company wsa doing as much as Apple to ensure fair and safe working conditions.

Apple said it was a very common practice for workers to nap during breaks, but it would investigate any evidence they were falling asleep while working. We guess it will want to make sure that someone comes along to wake them up.

It said it monitored the working hours of more than a million workers and that staff at Pegatron were averaging 55 hours a week.

Apple published a set of standards spelling out how factory workers should be treated. It also moved some of its production work to Pegatron’s factories on the outskirts of Shanghai.

However, Panorama found these standards were routinely breached on the factory floor. Voluntary overtime was not what it said it was and one reporter had to attend unpaid meetings before and after work. Another reporter was housed in a dormitory where 12 workers shared a cramped room.

Apple insists that the dormitory overcrowding has now been resolved and that it requires suppliers to retroactively pay workers if it finds they have not been paid for work meetings.

Google creates nightmare for business sites

Posted on December 19, 2014 by - News

 nightmareThe search engine Google is about to name and shame any site which does not use the HTTPS security protocol.

For years, it has been enough for site users to build their websites using HTTP with only those who run financial transactions needing the more secure protocol.

Now Google is proposing to warn people their data is at risk every time they visit websites that do not use the “HTTPS” system.

If implemented, the developers wrote, the change would mean that a warning would pop-up when people visited a site that used only HTTP to notify them that such a connection “provides no data security.”

The team said it was odd that browsers currently did nothing to warn people when their data was unprotected.

“The only situation in which web browsers are guaranteed not to warn users is precisely when there is no chance of security,” they wrote.

HTTPS uses well-established cryptographic systems to scramble data as it travels from a user’s computer to a website.

However, website operators might have a few problems when it comes to adopting the HTTPS system, but could see traffic plummet if they do not.

Currently only about 33 per cent of websites use HTTPS, according to statistics gathered by the Trustworthy Internet Movement which monitors the way sites use more secure browsing technologies.

Many large websites and services, including Twitter, Yahoo, Facebook and GMail, already use HTTPS by default. In addition, since September Google has prioritised HTTPS sites in its search rankings.

 

2014 a breakthrough year for the cloud

Posted on December 18, 2014 by - News

29295727Big Blue is telling the world+dog that 2014 was its breakthrough year for its cloud computing business.

IBM said it will expand the number of data centres it offers clients around the world by 25 percent to meet fast-rising demand for internet-based services.

The outfit has quadrupled the number of cloud data facilities it offers around the world to 49 in the past 18 months, responding in part to laws requiring the local retention of data following revelations over US government Web surveillance as well as increased corporate compliance rules.

The company said on Wednesday it has now struck a partnership with data centre provider Equinix for nine more cloud centres in Australia, France, Japan, Singapore, The Netherlands and the United States. It is also opening up three new cloud computer facilities of its own in Germany, Mexico and Japan.

Angel Luiz Diaz, vice president in charge of IBM’s cloud computing business, told Reuters that the company had a good year which was a “breakthrough year in cloud.”

IBM’s cloud revenue amounted to $4.4 billion in 2013 and was up by 50 percent in the first nine months of this year, it reported in October, making it one of IBM’s fastest-growing businesses, although it still accounts for only a fraction of the $94 billion in total revenues which IBM is expected by analysts to generate this year.

It looks like IBM’s multi-year deals of more than $4 billion that are fuelling the company’s expansion in data centres.

IBM also said it had reached a cloud services deal with National Express Group to enable the UK-based bus and trains operator to offer commuters up-to-the-minute train schedules and what it said would be Britain’s first postcode-to-postcode journey planner.

North Korea causes US to surrender

Posted on December 18, 2014 by - News

Kim Jong Un, courtesy of North Korea news agencyWhen it comes to winning a war which does not involve flinging bullets at the enemy, flying high tech-drones, or cruise missiles, it seems that the US is hopeless.

After the FBI identified that the Sony hack was caused by North Korean cyber warriors who were miffed about a comedy film which involved North Korean leader Kim Jong-un, Sony immediately surrendered and pulled the flick “The Interview” from distribution.

This followed the fact that five theatre circuits in North America have decided not to play Sony’s The Interview.

Regal Entertainment, AMC Entertainment, Cinemark, Carmike Cinemas and Cineplex Entertainment have all decided against showing the film.

“Due to the wavering support of the film The Interview by Sony Pictures, as well as the ambiguous nature of any real or perceived security threats, Regal Entertainment Group has decided to delay the opening of the film in our theatres,” Regal said.

Cinemark also confirmed Wednesday that the chain had determined that they would not exhibit the film “at this time.” In addition, Cineplex, which is based in Canada, said it had decided to “postpone” the movie, with a spokesman saying, “Cineplex takes seriously its commitment to the freedom of artistic expression, but we want to reassure our guests and staff that their safety and security is our number one priority.”

It seems that the hackers managed what Kim Jong-un’s rocket threats, and artillery shelling could not – the complete surrender of US forces.

Sony had refused to back down from its plans to release the film, starring Seth Rogen and James Franco, on December 25. Instead, in discussions with exhibitors, it told the exhibitors it was up to them whether or not they played the movie and that Sony would support whatever decision they made.

However, clearly, the distributors were terrified of the North Koreans and any stiff upper lip was above a loose flabby chin.

What this means, of course, is that Kim’s Cyber Warriors will be back. After all, if you have a weapon which can bring the United States to its knees that easily, you will use it. Sony would have been better off running the film and telling everyone it was a matter of patriotic pride to show North Korea who really was boss.  Apparently running screaming like a four year-old girl from a guy in a clown mask is US defence policy now – clearly following the role model given by the French who helped found the country.

 

Canada investigates Apple for antitrust antics

Posted on December 18, 2014 by - News

mountie-maintain-rightThe fruity cargo cult Apple has managed to fall foul of Canada over the way that it used its market power to kill off rivals.

The Federal Court of Canada agreed to order Apple’s Canadian subsidiary to turn over documents to the Competition Bureau to help investigate whether Apple unfairly used its control of suppliers to kill off competition.

The Competition Bureau said agreements Apple negotiated with wireless carriers may have cut into competition by encouraging the companies to maintain or boost the price of rival phones.

Under the order, Apple will have 90 days to turn over the documents, which include agreements it has reached with Canadian mobile carriers.

Competition Bureau lawyer Derek Leschinsky said Apple lawyers have threatened the company might launch a constitutional challenge of the right of Canadian courts to force Apple’s wholly owned Canadian subsidiary to turn over records held by the California-based parent company.

In other words, its lawyers were not going to tackle the problem of its anti-competitive behaviour, just that it has a right to do what it likes because it is a US company and did not have to hand over any incriminating documents.

Leschinsky pointed out that the provision of the Competition Act that gives Canadian courts the power to compel the production of documents held outside Canada has never been found to be unconstitutional.

Chief Justice Crampton agreed there is increasing legal consensus around the world that such provisions are legitimate.

Robots make up half of web traffic

Posted on December 18, 2014 by - News

114More than half of traffic on the World Wide Web is mostly created by robots reporting on the activities of humans.

According to security outfit Incapsula in 2014, bots roaming the internet represented 56 percent of total web traffic. This is a decrease from 2013, when bots represented 61.5 percent of total internet traffic.

The majority of these bots are ‘good’ bots which include ‘crawlers’ that index web pages for search engines, social networking platforms, RSS feeds and translation services.

Incapsula is worried about an increasing number of ‘bad’ bots, which pose a threat to websites. The worst are ‘impersonator’ bots which are malevolent intruders engineered to circumvent common security measures. They have increased by 15 percent in the last two years.

Incapsul’s Igal Zeifman said that more than 90 percent of all cyber attacks that are executed by bots and  the worst case scenario really depends on the attacker’s intentions and the target.

“Bots can spam, scam, spy, execute denial of service attacks and hack – they can do whatever a human hacker ‘teaches’ them to do, only on a much (much) bigger scale – and this arguably delays the internet’s growth, both as a medium and as a place of business.”

The overall decrease in bot traffic is the result of a steady drop in good bot activity. RSS services are dying and Google’s RSS service, Google Reader, shutdown in July 2013.

Zeifman said click-fraud bots that undermine the advertisers’ profitability are also growing in number.

“I think that today most advertisers have accepted the fact that some of their online budget will be lost on bots. However, I also believe that, as these losses continue to grow, the need for bot filtering solutions will become more and more clear,” he said.

 

 

TorrentLocker has trapped 39,000 victims

Posted on December 18, 2014 by - News

mantrap Cybercriminals behind the TorrentLocker malware may have earned as much as $585,000 over several months from 39,000 PC infections.

But apparently more than 9,000 of the victims were from Australia thanks to a poisoned website which claimed to be the Australia Post newspaper.

TorrentLocker is one of several ransomware threats that have emerged in the wake law enforcement action against CryptoLocker earlier this year.

TorrentLocker demands payment of up to $1,500 in Bitcoin to unlock victim’s encrypted files. Whether victims pay depends on how much they value files.

Security vendor ESET said that the hackers behind TorrentLocker put extra effort into defrauding Australian computer users via a several bogus websites for Australia Post and the NSW Office of State Revenue.

The hackers were more successful Turkey which made 11,700 infections, but that country has a bigger population with less crocodiles. Italy, the UK, the Czech Republic, and Netherlands all had infections of between 4,500 and 2,280 each, which was also on the higher side.

Few victims actually paid. According to ESET researcher and author of the report, Marc-Etienne M.Léveillé, only 1.44 percent or 577 of the infections translated in to payment for the hackers. Still, based on the Bitcoin exchange rate of $384.94 on November 29, TorrentLocker’s operators may have earned between anywhere between $292,700 and $585,401, which is not bad money.

The PCs were infected by spam email that encourages the victim to open what appears to be a document but is in fact an executable file that will install the malware and encrypt the files.

Messages included tricking victims into opening files marked unpaid invoices, package tracking and unpaid speeding tickets.

“For example, if a victim is believed to be in Australia, fake package tracking information will be sent spoofed to appear as if it comes from Australia Post. The location of the potential victim can be determined by the top level domain used in the e-mail address of the target or the ISP to which it is referring,” ESET notes in its report.

The fake Australian domains the attackers have bought for the campaign include sites that look like the legitimate Australia Post domain austpost.com.au. These are austpost-tracking.com and austpost-tracking.org. Domains they have acquired to appear like the NSW Office of State Revenue’s real domain osr.nsw.gov.au include the bogus domains nsw-gov.net and osr-nsw-gov.net.

TorrentLocker’s “side task” is to steal the address book from email clients on the infected machine and contains code that enables this feature for Thunderbird, Outlook, Outlook Express and Windows Mail.

Snapchat CEO wanted $40 million behind the scenes

Posted on December 17, 2014 by - News

Evan_Spiegel,_founder_of_Snapchat The Sony hacking has revealed that Snapchat, and its CEO Evan Spiegel might have been involved in trying to get himself some lucrative deals involving secondary shares in the company.

According to Business Insider  the inbox of Sony Entertainment CEO Michael Lynton was exposed by the hackers. Lynton is a Snapchat board member, and the emails from him to another Snapchat board member Mitch Lasky of Benchmark Capital are exposed.

In November of 2013, the pair suggested that Spiegel may have tried to get $40 million flogging secondary shares of his company.  Secondary shares give company insiders some of an investor’s money in exchange for stock.

On October 31 at 2:43, Lasky wrote that Spiegel proposed a new deal today to Tencent that includes $40 million in secondary shares for him. Lasky was cross he was never told about it.

At the time, Snapchat had rejected an acquisition offer from Facebook. New emails confirm the offer was over $3 billion.

Snapchat never raised money from Tencent. It was reportedly in talks to raise $200 million. Tencent was a previous investor. And Spiegel had previously taken $10 million for him and his cofounder off the table.

Snapchat raised $50 million a month later from Coatue, a hedge fund with offices in New York and Silicon Valley. Its Silicon Valley offices are on Sand Hill road, right next to Andreessen Horowitz, and the rest of tech’s elite venture capitalists.

We will never know if Spiegel and his cofounder ever got their $40 million.

Sony sued by former employees

Posted on December 17, 2014 by - News

sony_logo_720Sony has been sued by two former employees for failing to protect their personal data during the recent mega-hack of the company.

The former employees say the movie studio of failed to protect Social Security numbers, healthcare records, salaries and other data from computer hackers.

A proposed class action lawsuit against Sony was filed in Los Angeles. It alleges that the company failed to secure its computer network and protect confidential information.

Sony is already reeling from the disclosures in documents released by the hackers, which have exposed internal discussions to the great unwashed.

The lawsuit seeks class action status on behalf of all former and current employees of Sony in the United States whose personally identifiable information was compromised in the breach.

Sony “knew or should have known that such a security breach was likely” given a 2011 hack of its PlayStation video game network and recent data breaches at retailers, the lawsuit said.

Sony agreed to pay $15 million to  make the PlayStation case go away.  The plaintiffs are asking for compensation for any damages as well as credit monitoring services, identity theft insurance and other assistance.

India bans OnePlus smartphone

Posted on December 17, 2014 by - News

flaggOnePlus is about to see its products banned in India after a ruling by the Delhi High Court that has prohibited the company from importing, marketing and selling its flagship device.

Local manufacturer Micromax that says OnePlus is infringing on the former’s exclusive deal with Cyanogen to make the Yu series of smartphones running on CyanogenMod, with the first device slated to launch tomorrow.

OnePlus ships the One with CyanogenMod on-board, so the Delhi High Court banned the company from importing and marketing any phones with CyanogenMod’s logo on the back.

OnePlus said it was working on its own ROM to power the One but it will take until February to get it ready. Cyanogen had confirmed that it would not be offering updates to the Indian variant of the One, so OnePlus will have its work cut out getting itself ready.

The OnePlus was popular and has already gone out of stock from Amazon India, which is the only retailer for the device.

The Delhi High Court has said that OnePlus can sue Cyanogen as per Californian laws for breaching its contract. It looks like the case will run and run, but it does mean that the product will be locked out of the lucrative Indian market.

Jury clears Apple of antitrust allegation

Posted on December 17, 2014 by - News

Apple's Tim CookFruity cargo cult Apple has managed to convince a jury that deleting rival music from iPods was not really the actions of someone abusing their position in the market to snuff out competition.

The  jury decided Apple did not act improperly when it restricted music purchases for iPod users to Apple’s iTunes digital store.

The plaintiffs, a group of individuals and businesses who bought iPods from 2006 to 2009, sought about $350 million in damages from Apple alleging the company unfairly blocked competing device makers.

Patrick Coughlin, an attorney for the plaintiffs, said “the jury called it like they saw it”.

Of course Apple was over the moon.  “Every time we’ve updated those products — and every Apple product over the years — we’ve done it to make the user experience even better,” the company said.

In fact, the jurors deliberated for only a few hours on the sole question of whether the update had benefited consumers. Under US law, a company cannot be found anticompetitive if a product alteration was an improvement for customers.

However the trail revealed that Apple faced a challenge in the online music market from Real Networks, which developed RealPlayer, its own digital song manager. It included software which allowed music purchased there playable on iPods as well as competing devices.

Apple eventually introduced a software update that restricted the iPod to music bought on iTunes. Plaintiffs say that step discouraged iPod owners from buying a competing device when it came time to upgrade.

Apple argued the software update was meant to improve the consumer experience and contained many desirable features, including movies and auto-synchronisation.

The plaintiffs say that they will appeal the verdict

Verizon’s end-to-end encryption has back door

Posted on December 17, 2014 by - News

back-doorUS carrier Verizon really does not understand why people want end-to-end encryption on their phone lines.

The outfit just announced that it is bringing in an expensive service which guarantees security by providing the sort of encryption on the line which users want following the Edward Snowden revelations.

Verizon Voice Cypher, the product introduced with the encryption company Cellcrypt, offers business and government customers’ end-to-end encryption for voice calls on iOS, Android, or BlackBerry devices equipped with a special app. The encryption software provides secure communications for people speaking on devices with the app, regardless of their wireless carrier, and it can connect to an organization’s secure phone system. All this will cost you $45 per device each month.

All sounds good but then comes the part which Verizon and Cellcrypt fail to understand why people want their product in the first place.

Cellcrypt and Verizon both say that law enforcement agencies will be able to access communications that take place over Voice Cypher, so long as they are able to prove that there is a legitimate law enforcement reason for doing so.

Seth Polansky, Cellcrypt’s vice president for North America, said building technology to allow wiretapping was not a security risk. “It’s only creating a weakness for government agencies,” he says. “Just because a government access option exists, it doesn’t mean other companies can access it.”

While Verizon is required by US law to build networks that can be wiretapped, the Communications Assistance for Law Enforcement Act requires phone carriers to decrypt communications for the government only if they have designed their technology to make it possible to do so. All Verizon and Cellcrypt needed to do is structure their encryption so that neither company had the information necessary to decrypt the calls, they would not have been breaking the law.

Verizon believes major demand for its new encryption service will come from governmental agencies conveying sensitive but unclassified information over the phone. It might have a point – such agencies want encryption and do not have to worry about others snooping on them.

 

BT writes £12.5 billion cheque for EE

Posted on December 16, 2014 by - News

handsetBT has confirmed it will acquire EE in a move that will scare the beejeesus out of the UK mobile market.

Buying EE will give BT the biggest 4G network in the UK which it is says will complement its fibre network.

BT had been using EE’s network for its mobile virtual network operator deal, but hopes the deal will enable it to create a complete network for its customers so they are using its services, whether at home on fixed connections or on the go using the mobile services, or its existing WiFi services.

It also gets 24.5 million customers currently on the EE network.

We expect to see deals involving telephone, mobile phone, broadband and mobile services in one bundle.

BT accountants already think that they will save a pile through network and IT rationalisation as well as in areas of procurement, marketing and sales costs.

Still it is bad news for O2 which was touted to be the other company that BT was thinking of buying. The decision not to go with O2 will be a blow to the Spanish Telefónica which had been keen to flog its business unit in the UK.

If approved the deal will mean Deutsche Telekom as a 12 percent share in BT and a seat on the company’s board. Orange will take just a four percent share and will not have a seat on the board.

It is not all clear sailing though. The deal has to be approved by the Ofcom regulator.  While it is not likely to block the deal, the combined entity could be forced to dispose of some spectrum. BT’s Openreach and Wholesale units might have to be hived off from the main company.

 

Snowden taught companies something

Posted on December 16, 2014 by - News

Edward_SnowdenAfter years of ignoring warnings from experts, companies and individuals started to take security more seriously after the Snowden leaks, according to a new survey.

More than 39 per cent have taken steps to protect their online privacy and security because of spying revelations by one-time NSA employee Edward Snowden, according to the Centre for International Governance Innovation (CIGI).

The survey found that 43 percent of Internet users now avoid certain websites and applications and 39 percent change their passwords regularly.

The survey reached 23,376 internet users in 24 countries and was conducted between October 7 and November  12.

More than 39  percent of those surveyed indicated they are taking steps to safeguard their online data from government prying eyes.

Writing in his blog, Security specialist Bruce Schneier said that Snowden’s whistleblowing on the NSA is having an enormous impact.

“I ran the actual numbers country by country, combining data on Internet penetration with data from this survey. Multiplying everything out, I calculate that 706 million people have changed their behavior on the Internet because of what the NSA and GCHQ [a British intelligence and security organization] are doing.”

This means that two-thirds of users indicated they are more concerned today about online privacy than they were a year ago. When given a choice of various governance sources to effectively run the world-wide Internet, a majority chose the multi-stakeholder option — a “combined body of technology companies, engineers, non-governmental organizations and institutions that represent the interests and will of ordinary citizens, and governments.”

A majority indicated they would also trust an international body of engineers and technical experts to store their online data, while only 36 percent of users would trust the United States to play an important role in running the Internet.

Nearly three-quarters of the Internet users surveyed indicated they want their online data and personal information to be physically stored on a secure server in their own country.

Those surveyed also indicated that 64 percent are concerned about government censorship of the Internet and 62 percent are worried about government agencies from countries other than the US secretly monitoring their online activities

Another notable finding was that 83 percent of people believe that affordable access to the internet should be a basic human right.