P2P-Zone  

Go Back   P2P-Zone > Peer to Peer
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Peer to Peer The 3rd millenium technology!

Reply
 
Thread Tools Search this Thread Display Modes
Old 05-11-14, 08:11 AM   #1
JackSpratts
 
JackSpratts's Avatar
 
Join Date: May 2001
Location: New England
Posts: 10,013
Default Peer-To-Peer News - The Week In Review - November 8th, '14

Since 2002


































"All the blown minds left in its wake." – Paul Mavrides






































November 8th, 2014




Co-Founder of File-Sharing Website The Pirate Bay Arrested in Thailand

A co-founder of the Swedish file-sharing website, The Pirate Bay, has been arrested in Thailand, police said on Tuesday, after he tried to cross into the country from neighbouring Laos.

Hans Fredrik Lennart Neij, who is known in hacking communities as "TiAmo", was detained at a checkpoint in the north-eastern town of Nong Khai, immigration police said.

"Mr. Neij was detained ... while trying to cross into Thailand from Laos where he had been living since 2012," Police Major-General Chartchai Eimsaeng told reporters.

The Swede has travelled to Thailand nearly 30 times since 2012 and has a home on the resort island of Phuket, he added. Neij was the subject of an international arrest warrant.

Neij and Gottfrid Warg founded The Pirate Bay in 2003. It has now grown into one of the world's largest file sharing websites, allowing users to share files through peer-to-peer technology.

Along with other co-founders, Neij was sentenced to prison and multi-million-dollar fines in 2009 for copyright infringement related to The Pirate Bay's activities.

Last week, Warg, also known by his hacker alias "Anakata", was sentenced to 3-1/2 years in prison after being found guilty of hacking into the mainframe of IT provider CSC in Denmark and accessing the Danish Civil Registration System and a police criminal register in 2012.
http://www.straitstimes.com/news/asi...d-thailand-201





The Amazons of the Dark Net

Business is thriving on the anonymous internet, despite the efforts of law enforcers

THE first ever e-commerce transaction, conducted by students from Stanford and MIT in the early 1970s, involved the sale of a small quantity of marijuana. For decades afterwards, the online drugs trade was severely constrained by the ability of law enforcement to track IP addresses and the means of payment. The trickle of transactions threatened to become a flood with the emergence a few years ago of Silk Road, a drug-dealing site on the “dark net”. These e-depths cannot be reached through a normal browser but only with anonymising software called Tor. Buyers and sellers transact there pseudonymously in bitcoin, a crypto-currency.

Silk Road was shut last year with the arrest of Ross Ulbricht, the 29-year-old American whom investigators believe to be Dread Pirate Roberts, the site’s founder. Mr Ulbricht is due to stand trial in New York next January on charges that include computer hacking and money laundering. But law enforcers who predicted that Silk Road’s demise would mark the beginning of the end for online black-market bazaars were wrong. Instead, dozens of dark-net Amazons and eBays (also known as crypto-markets) have sprung up to fill the void. They are not only proving remarkably resilient but expanding their offerings and growing more sophisticated.

The number of for-sale listings in the 18 crypto-markets tracked by the Digital Citizens Alliance (DCA), an advocacy group, grew from 41,000 to 66,000 between January and August. The largest market until August, Silk Road 2.0 (whose logo, like its predecessor’s, features an Arab trader on a camel), has since been overtaken by two upstarts, Agora and Evolution, whose combined listings have grown by 20%, to 36,000 in the past two months. Each of these three has more listings than the original Silk Road ever did (see chart). It is unclear whether listings are a good measure of sales, which the markets do not disclose.

Vendors vary in size: the largest turn over several million dollars a month on a single site, the smallest a few hundred. They pay a fee to register and a commission per transaction, typically 3-6%. Buyers come from all over the world. Their purchases are sent by post—the vast majority appear to arrive undetected. Customer satisfaction is high.

Illegal and prescription drugs are the largest product category. (Some sellers are crooked pharmacists.) Silk Road 2.0, whose operators are avowedly libertarian, focuses almost exclusively on weed, powders and pills. Agora, whose mascot is an armed bandit, sells weapons, too. These are marketed mostly to Europeans, who face strict gun-control laws.

The fastest-growing of the big three, Evolution, is the least principled. Though, like the others, it bans child pornography, it hawks stolen credit-card, debit-card and medical information, guns and fake IDs and university diplomas. One-fifth of its listings are in its “Fraud” section or in “Guides and Tutorials”, which often explain how to commit crimes. Some see Evolution’s rapid growth as a worrying sign that cyber-criminals are looking to fuse their identity-theft operations with the “victimless” online drugs trade. (It is not, however, the most unsavoury corner of the dark net, where some make markets in contract killings.)

For drug buyers, online markets offer several advantages. They are less physically dangerous than street trades. This goes for dealers, too: a recent study found that a third or more of sales on Silk Road were to “a new breed of retail drug dealer”, a transformation of the wholesale market that “should reduce violence, intimidation and territorialism.”

Product quality is higher, largely thanks to an Amazon-like five-star customer-review system. With 29 reviews for the average listing on Silk Road 2.0, a high score provides reassurance. MDMA (or ecstasy) is particularly popular on the site, presumably because the street version can be laced with lethal impurities. The dark net’s hundreds of forums provide further intelligence on dodgy gear and scammers. The FBI made over 100 purchases on Silk Road before closing it down. An agent testified that these showed “high purity levels”.

High ratings are sellers’ lifeblood. Reputation is crucial when clients know they cannot fall back on small-claims courts or arbitration. “It’s the ultimate irony: a den of thieves who don’t know each other but need to trust each other,” says a researcher with the DCA who requested anonymity for reasons of security.

As drug sales move online, power is shifting to buyers. The big markets’ customer service and marketing strategies increasingly resemble those of legitimate retailers. They are quick to apologise for technical glitches. Two-for-one specials, loyalty discounts and promotional campaigns are common (on Smoke Weed Day, say). Other methods borrowed from the corporate world include mission statements, terms and conditions, and money-back guarantees. “It has become so prosaic it could be shoes,” says James Martin, author of “Drugs on the Dark Net”.

Markets are also innovating to cut fraud. In the free-for-all in the months after Silk Road’s closure, thousands of buyers lost bitcoins that were supposedly held in escrow, either because markets were hacked or because their administrators ran off with the money. The emerging solution is “multi-signature” escrow, from where funds can be moved only with the approval of a least two of the three interested parties (buyer, seller and market). Some markets are trying to build a community of trusted buyers and sellers with invitation-only participation. Those whose customers had bitcoins stolen have begun to devise schemes to make them whole.

Sites that specialise in stolen card data display their own brand of customer-friendliness. Some offer a service that allows buyers to verify purchased cards are still active, using compromised merchant accounts. The client’s balance is automatically refunded the value of cards that are declined. (Cards sell for anywhere from $10 to $100 each.) Others batch their cards for sale according to the location of the hacked retailer, says Brian Krebs, a cyber-security blogger. Buyers favour cards stolen from consumers who live nearby because banks often treat transactions as suspicious if they take place far from the legitimate cardholder’s home address. A site that has pioneered this segmentation is McDumpals. Its logo features a gun-toting Ronald McDonald and its motto is “I’m Swipin’ It”.

Several factors make life hard for those looking to crack down on the dark net, including its technical complexity, the physical separation of buyers and sellers, and their mobility (vendors typically post on more than one market, allowing them to keep selling if a site goes offline). Tellingly, the only market forcibly closed since Silk Road was Utopia, which was shut by Dutch authorities soon after it opened in February. Some law enforcers want to target Tor, but even if that were technically possible it would cause “collateral damage”, points out Nicolas Christin of Carnegie Mellon University, because the software has worthy uses, such as to protect whistleblowers.

Moreover, the deep web’s denizens will continue to adapt. Jamie Bartlett, author of “The Dark Net”, predicts: “The future of these markets is not centralised sites like Silk Road 2.0, but sites where…listings, messaging, payment and feedback are all separated, controlled by no central party”—and thus impossible to close.
http://www.economist.com/news/intern...-law-enforcers





How the FBI Just Made the World a More Dangerous Place by Shutting Down Silkroad 2.0 and a Bunch of Online Drug Markets
Christopher Ingraham

The FBI has seized the website of Silk Road 2.0, a major "darknet" marketplace, and arrested its alleged operator, Blake Benthall, in San Francisco. On reddit, the darknet community is reporting that several other marketplaces may be down as well.

The Irish Examiner reports that "an international day of action to disrupt global activity on the Darknet and remove certain websites and forums is to conclude within the next 24 hours under the FBI/Europol operation codenamed 'Onymous'".

In the post below, originally published last month, I outlined the darknet economy and discuss the findings of a computer programmer who scraped Silk Road 2.0's site to determine what types of drugs were for sale.

This story is still developing, but I'll note that there's a strong argument to be made that the darknet economy makes the world a safer place overall. By taking drug transactions off the street and putting them online, you eliminate a significant link in the chain of violence between drug suppliers and end users. Drugs purchased online are typically less adulterated with dangerous contaminants than street drugs are, and a system of reviews rewards sellers who provide high-quality product.

In their statement, federal authorities don't discuss these broad implications but say that, generating $8 million in sales, Silk Road 2.0 was used by " thousands of drug dealers and other unlawful vendors." They pledged to "return as many times as necessary to shut down noxious online criminal bazaars."

Regardless of how many of these sites the FBI has seized today, it's a near certainty that dozens more will spring up to take their place tomorrow.

In October 2013, the FBI shut down Silk Road, a thriving online black market where, with a bit of technical know-how, you could to purchase things like illicit drugs, forged documents and weapons. Think Amazon, but for drugs and other not-so-legal things. The FBI may have hoped that shutting down Silk Road would take a bite out of illicit drug sales online. But if anything, it appears the opposite has happened.

In the past year, dozens of similar sites -- so-called "darknet" markets — have sprung up in Silk Road's place. Just before it was shut down, Silk Road, along with three similar sites, had about 18,000 drug items listed for sale — everything from marijuana to ecstasy to heroin. By April 2014 -— six months later — there were 10 darknet markets listing 32,000 drug items for sale. By August of this year there were 18 darknet marketplaces with 47,000 drug listings, according to data compiled by the Digital Citizens Alliance.

Programmer Daryl Lau wanted to quantify the transactions happening on Silk Road 2.0, currently one of the largest darknet markets. From a purely practical standpoint, he also wanted to know if it was possible to scrape data from these sites, given the complicated security protocols. After "an hour or two of coding" he had a program up and running, and he's written up what he found at his Web site.

Not knowing quite where to start, he limited his queries to nine of the most commonly-used illicit drugs, according to the National Institute on Drug Abuse: cocaine, heroin, opium, amphetamines, MDMA (ecstasy), ketamine, mescaline, LSD and marijuana. Taken together, these drugs account for about 28 percent of all drug items listed on Silk Road 2.0. Prescription drugs likely account for the lion's share of the remainder. A survey of the original Silk Road's users last year found that more esoteric drugs, with names like "2C" and "NBOMe", also accounted for a substantial share of purchases.

Among the nine drugs he queried, MDMA was the most popular item by far with nearly twice as many items listed as marijuana, the second-highest. LSD, cocaine and amphetamines rounded out the top 5.

Why the strong showing for MDMA? One of the appeals of markets like Silk Road 2.0 is that buyers can rate the quality of the purchased items after their transactions have been completed. If darknet markets resemble Amazon in their ease of ordering, they're more like eBay when it comes to the importance sellers place on maintaining a high rating. Over at Hacker News, user tedks succinctly explains why this especially crucial for drug sales:

It's interesting and probably not surprising that the most popular drug on the Silk Road 2.0 (and probably other darknet marketplaces) is MDMA. MDMA is difficult to find in pure forms and impurities can kill you. If you buy MDMA from a vendor with a 4.9/5 rating, you can be reasonably certain you're getting quality product.

By contrast, MDMA purchased on the street is often laced with potentially life-threatening adulterants.

Aside from the simple ease of use, the seller ratings, which serve as a stand-in for drug quality, are one of the most attractive features of these markets for potential drug buyers. In the run-up to its sting on Silk Road last year, the FBI made over 100 purchases from the market and had the drugs analyzed for purity. As FBI agent Christopher Tarbell explained, "Samples of these purchases have been laboratory-tested, and have typically shown high purity levels of the drug the item was advertised to be on Silk Road."

Lau's data shows an average of 29 reviews for each product, meaning that the average drug item comes with a fairly substantial review history to evaluate it by. Beyond that, the reviews potentially allow for a back-of-the-envelope calculation of sales volume overall. Lau suspects that only users who have purchased an item can review it, although this is just an assumption.

"If, indeed every sale can map to a transaction," he writes, "some vendors are doing huge amounts of business through mail order drugs. While the number is small, if we sum up all the product reviews x product prices, we get a huge number of USD $20,668,330.05."

Remember, too, that the items Lau tracked make up only a fraction of the total items listed on Silk Road 2.0, which itself only accounts for about a quarter of all online black market item listings, according to the Digital Citizens Alliance.

The FBI estimates that the first Silk Road did about $1.2 billion in business over the 2½ years it was active, although there's no way to independently verify that number. Based on the current proliferation of darknet sites, it seems reasonable to assume that the majority of this darknet commerce has simply migrated elsewhere.

When it comes to the darknet economy, the general law enforcement impulse seems to be "shut everything down." But as Conor Friedersdorf noted at the Atlantic last year, there's a strong argument to be made that shutting down darknet sites makes the world more dangerous overall. For starters, the emphasis on quality means that darknet purchasers are getting purer, safer product than they would otherwise. This would lead to lower harm and loss of life due to ingesting adulterated drugs.

More to the point, if you're buying drugs online you're not supporting local drug dealers and the crime and violence that typically accompany open air drug markets, particularly in inner cities. By cutting those sellers out of the equation, you're seeing a net reduction in violence overall.

The question, though, is whether the ease of drug access on the darknet will lead to higher rates of use overall, particularly of the more dangerous drugs like heroin and methamphetamines. The overall societal harm from increased use could offset any benefits accrued from the safer online transactions.

In any case, law enforcement agencies and policymakers should think long and hard before deciding to take action against illicit online economies.
http://www.washingtonpost.com/blogs/...-drug-markets/





There's Already A Silk Road 3.0
James Cook

Hours after the FBI seized the Silk Road 2.0, the deep web's infamous illegal drug marketplace, there's already another version of the site on the internet.

Blake Benthall, 26, was arrested in San Francisco on Wednesday, and is accused of running the Silk Road 2.0.

Prosecutors claim that minutes after his arrest, he admitted to running the Silk Road 2.0 marketplace. That was the second version of the site, which came online weeks after the original Silk Road was shut down on Oct. 2, 2013.

But hours after the latest version of the Silk Road was seized by police, another version went online, claiming to be the third incarnation of the site. Of course, with the Silk Road's track record, it doesn't look likely that this one is here to stay.
http://www.businessinsider.com/there...#ixzz3IU3cIH9c





Supreme Court Refuses Appeal, 50 Sherlock Holmes Works Officially in Public Domain
Nate Pedersen

An ongoing copyright case closed on Monday after the US Supreme Court refused to hear an appeal about Sherlock Holmes stories in the public domain. The Court left intact a ruling from the seventh US circuit court of appeals that 50 Sherlock Holmes stories published before 1923 are no longer protected by copyright. An appeal to that ruling had been filed by the Arthur Conan Doyle Estate, but their last-ditch effort to preserve an undoubtedly generous stream of income was denied. The Estate can, however, still collect royalties on the final 10 Holmes stories, which were published between 1923 and 1927 and remain protected by copyright.

All this hoopla began last year when writer and attorney Leslie Klinger put together an anthology of Sherlock Holmes stories from modern writers. Klinger was asked by the Conan Doyle Estate to pay a $5,000 licensing fee, which he refused. Klinger then sued the estate and a legal battle ensued.

In the meantime Klinger's publisher, Pegasus Books, refused to publish the book after threats from the Conan Doyle Estate to stop sales from Amazon and Barnes & Noble. Presumably, the book - entitled "In the Company of Sherlock Holmes" - will now move forward with publication.

The case is Conan Doyle Estate v Klinger, US supreme court, No14-316.
http://www.finebooksmagazine.com/fin...c-domain.phtml





Hollywood Works to Maintain Its World Dominance
Michael Cieply

Twice in the last few months, there was a faint knock on the door of American supremacy in the global film market.

In early September, a Chinese-language fantasy, “The Monkey King,” climbed to No. 21 at the worldwide box office, with $186.1 million in sales. A few weeks later, a Chinese comedy, “Breakup Buddies,” shot to No. 22, with $143.1 million in ticket sales as of last week.

As competitive threats go, that isn’t much. But Hollywood can always find something to fret about.

On Wednesday, when roughly 8,000 foreign and domestic film buyers, sellers and producers converge here at the annual American Film Market, domestic film officials will be worrying mostly about subtle shifts and distant footsteps in an international industry that is still dominated by American studios, talent and tastes.

According to Rentrak’s box-office tracking service, United States companies and their partners backed the top 20 performers at the world box office every year for the last five. A rare standout was “Intouchables” in 2012, from France, ranked 16th, with $432.6 million in global sales, just behind Universal Pictures’ British-created “Les Misérables,” with $442 million.

While the domestic box office has faltered — after a soft summer it is down 3.8 percent for the year, to about $8.5 billion, according to Rentrak — the United States has scored new triumphs abroad. To date, Rentrak’s data shows, the year’s best performer is Paramount Pictures’ “Transformers: Age of Extinction,” with about $1.1 billion in world sales, much of that in China.

In all, markets outside the United States accounted for roughly $25 billion of $35.9 billion in worldwide box-office sales last year, according to the Motion Picture Association of America. Precisely what share of international sales was captured by American-based companies is unclear, but they remained dominant.

Still, Jonathan Wolf, the American Film Market’s managing director, has been watching what he calls “a global shift away from U. S. product over the last 25 years.”

Government subsidies for local film have changed tastes in some regions of the world. That shift, and a new generation of television-trained international filmmakers, Mr. Wolf said, have slowly undermined American-based film in ways that will again be apparent at this year’s market.

Over a decade, he noted, English-language film exporters have dropped to about 63 percent from 73 percent among those at his event, while United States-based exporters now account for roughly 47 percent of the American Film Market’s pool, down from 53 percent 10 years earlier.

“That’s continuing, and it’s probably going to pick up a little speed,” said Mr. Wolf, who, like much of the film world, has a sharp eye on China, where the annual box-office take is second only to that in the United States. Ticket sales there have been growing rapidly and are likely to exceed $5 billion this year.

American companies have looked to China for growth through collaborative ventures. But Chinese viewers, with a nudge from government policies that encourage theater owners to keep domestic films on screen, have shown an increasing tilt toward purely Chinese movies.

According to Rentrak, American studio titles accounted for 39 percent of Chinese ticket sales in 2013, down from 44 percent a year earlier. Speaking in October, Rob Cain, a producer and consultant with considerable experience in China, said the American share was back to almost 44 percent.

Of nine films to take in more than $100 million at the Chinese box office at that point, five were Chinese films. But an expected strong performance by Paramount’s “Interstellar” will probably keep the American share relatively high through the year’s end, Mr. Cain said.

China, aside from a deeply rooted, action-oriented Hong Kong movie culture, has yet to become a powerful exporter of film. To date, it has been more like India, a prolific producer whose wares are mostly viewed within its borders, and among a vibrant diaspora around the world.

But powerful Chinese companies like Dalian Wanda, Fosun International and Le Vision Pictures will again be looking for global inroads as they gather here on Wednesday for the annual U.S.-China Film Summit, concurrently with the American Film Market opening.

American films face a particularly serious challenge in Russia, which ranked seventh among national markets last year and is rapidly growing: As new political tensions rise, some Russian officials and others have discussed quotas or even a ban on American films.

A spokeswoman for the Motion Picture Association of America, a policy group for the major studios, declined to discuss the Russian situation because the potential for changes there remains uncertain.

For major producers like QED International, which financed “Fury” for Sony Pictures, or Red Granite Pictures, whose “Dumb and Dumber To” will be released Nov. 14 in the United States, the loss of Russian sales would knock a hole in a financial model that has tapped foreign buyers for the funds to make some major American films.

“The studios seem to be in a de-risking strategy,” said Riza Aziz, co-owner of Red Granite. He spoke of increasing reluctance by American studios to use their own capital, relying instead on money raised by others, often through foreign sales.

Christopher J. McFarland, Mr. Aziz’s partner in Red Granite, said his prime concern was that a global downturn, as in 2008, would quickly impair international film finance. “You’re always worried about the world economy,” he said.

Sometimes, film executives have more specific concerns.

Victor Loewy, a producer who previously headed Canada’s Alliance Films, said foreign markets, while robust, have had to contend with a rush of American movies targeted at a relatively narrow audience. One example was “Heaven Is for Real,” a faith-based film that posted $90.4 million in sales in the United States, but only about $9.8 million abroad, when Sony released it this year.

“Those films don’t travel well,” Mr. Loewy said.

Another sore spot is a move by the American distributors of smaller films toward tiny theatrical releases, with an almost immediate turnover to video-on-demand. That kind of domestic release pattern builds little momentum for foreign distributors, who may find themselves holding rights to a movie that makes no impression abroad, because it was never a hit in the United States.

That situation and other concerns, said Rena Ronson, who handles film finance and other issues for Hollywood’s United Talent Agency, has contributed to a world market that remains vibrant but increasingly demands that almost everything — genre, star, story, American distribution plan — be perfectly aligned.

“You have to tick all the boxes,” Ms. Ronson said.
http://www.nytimes.com/2014/11/04/bu...dominance.html





Taylor Swift's '1989' Set for Biggest Sales Week Since 2002: 1.3 Million-Plus

'1989' also aiming to beat Britney Spears' record sales week for a woman
Keith Caulfield

As the days tick by, the sales forecast for Taylor Swift's 1989 album continues to grow.

As of Nov. 1, with only one full day left in the album's debut tracking week, industry forecasters now say 1989 could sell over 1.3 million copies through Nov. 2.

Thus, the album is now aiming to surpass the one-week sales record for an album by a woman, set by the debut of Britney Spears' Oops! … I Did It Again in 2000, when it arrived with 1.319 million, according to Nielsen SoundScan.

1989 is also set to earn the largest sales week for any album since 2002, when Eminem's The Eminem Show sold 1.322 million in its first full week on sale.

The album's official debut week sales figure, as tabulated by SoundScan, will be announced on Wednesday, Nov. 5.

1989 is Swift's fifth studio effort and was released on Oct. 27 through Big Machine Records.

A little over two weeks ago, forecasters pegged the new album to sell 750,000 in its debut frame. Then, about a week ago (Oct. 23), it was upgraded to 800,000. By mid-day Oct. 27, the album's release day, its projection grew to over 900,000. The next day: 1 million, followed by upgrades to 1.2 million on Oct. 29 and then 1.25 million on Oct. 31.

1989 will be Swift's third consecutive album to sell more than a million copies in its first week, making her the only act ever to earn three million-selling weeks. (She was already the only woman to do it twice since SoundScan started tracking sales in 1991.)
http://www.billboard.com/articles/co...eek-since-2002





I Just Bought My First CD Since 2006 and You Should Too
Brian Barrett

I Just Bought My First CD Since 2006 and You Should Too

Hello. I'm a 33-year old father of two, and I just bought a Taylor Swift CD on Amazon. Let me explain the CD part.

I realize that for many of you the act of buying an album—instead of streaming subscriptions or torrents—is borderline unfathomable. Much less an album in compact disc form. That's fair! But it's also a whole other conversation. For those that do pay for content—whether in streaming or download form—you might be surprised to learn that you've been doing it wrong this whole time. Especially if you're cheap.

It's tempting to peg my purchase of Taylor Swift's 1989 to the removal of her entire back catalog from Spotify today, but the truth is I clicked Add to Cart late last week. I had my reasons! Here they are, in order of my own personal decision tree at the time.

1. I like Taylor Swift.
2. I hadn't heard her new album, outside of Shake It Off, which my almost-two-year-old daughter can't stop dancing to.
3. Said album was not available on Spotify and probably wouldn't be for a few weeks (or, as we learned this morning, maybe ever?). So might as well suck it up and buy it.

And that's where I learned something totally incongruous that aligned with my interests as a cheapskate: 1989 the MP3 album is 25 percent more expensive than 1989 the CD. That in itself shouldn't come as such a surprise; Kindle ebooks are regularly pricier than their paperback counterparts. The weirdness really sets in, though, when you realize that Amazon's AutoRip feature means that the 1989 CD tosses in that same MP3 album for free. You can download it immediately.

For those keeping score at home, here's how it nets out.

1989 MP3 album download: $12.50

1989 MP3 album download + CD: $10

The economics of this, which basically says here is what you wanted, but less expensive and with a bonus, are inexplicable, but I will try to explicate them here. Digital prices are negotiated separately; there's a set price for them. But Amazon can work around that price if it knows you own a physical copy of the music, in which case it can essentially gift you the MP3 version without paying the artist and label extra money. It's a loophole, a way to offer competitive pricing that its digital contracts don't allow. Or seems to be, anyway. It's hard to think of another explanation that makes any sense.

Yes, there's a downside; if you're just buying a CD to save a couple of bucks on the download, you're being incredibly wasteful. And if you're buying a physical format, vinyl's still the best—albeit way more expensive—option for music purists. But! As obsolete as they've become, CDs still offer some benefits. They offer higher fidelity than a download can. They have resale value, however meager; just try putting your MP3s in a cardboard box at your next yard sale. And to be honest, I likely would have ended up burning 1989 onto a disc anyway to take with me in the car, because again, I have a toddler who can't get enough.

I'm not under any illusion that this is a brand new discovery. It's been going on for years. But I suspect that many of you—whether you actively pay for music or not—blew off CDs even longer ago. And now that it's more clear than ever that a Spotify subscription won't necessarily scratch your every musical itch, it's helpful to know your options. Especially when they don't make any goddamn sense.
http://gizmodo.com/i-just-bought-my-...too-1652864486





In Europe, Spotify Royalties Overtake iTunes Earnings By 13%
Ingrid Lunden

Spotify may be smarting from the removal of Taylor Swift’s music catalogue from its platform, and Taylor Swift may not care, since she is riding a sales blockbuster in the form of her new album 1989, but it turns out that in the bigger picture, Spotify’s streaming service continues to gain an edge over downloads, specifically via iTunes.

Kobalt, a company that helps collect music royalties on behalf of thousands of artists — including “half of this week’s Billboard Top 10″ and musicians like Maroon 5, Lenny Kravitz, Dave Grohl, Max Martin, Bob Dylan, and Macklemore & Ryan Lewis — says that in the last quarter in Europe, revenues from Spotify streams were 13% higher on average than revenues from Apple’s iTunes for its customers.

The numbers support findings reported in the Wall Street Journal last month noting that iTunes music sales are down about 13% this year. iTunes is still a massive business — up $300 million to $4.6 billion in sales in the last quarter — but that doesn’t point to how well music is doing within that.

(We pointed out earlier this year in our profile of Kobalt when it raised $140 million in funding, the company collects earnings from Spotify streams in Europe only, but apparently this has evolved to cover global revenues but the streaming traffic on Spotify is only overtaking iTunes in Euorpe at the moment, hence focusing on revenues from this region.)

Kobalt also notes that streaming services as of Q2 2014 account for 10% of all publishing income for its clients in Europe.

The tip of the balance to streaming services is a relatively recent phenomenon, Kobalt notes.

In Q3 2013, iTunes’ earnings were 32% higher than that of Spotify in Europe. In the last two years, streaming revenues tripled. Kobalt says it counts publishing income as returns from music plays on subscription services, YouTube, Internet radio and royalties from live performances of compositions, radio performance and those from CDs and concert DVDs.

The decline in iTunes sales points to a bigger shift away from downloads in favor of streaming, and it is one more illustration of why Apple may have been interested in buying Beats Music and is now working on integrating some part of that streaming service into the wider iTunes experience. It hopes to provides an attractive streaming service to keep users tied into its device and wider mobile ecosystem.

But although streaming revenues appear to be growing, there is also money being left on the table.

“Spotify overtaking iTunes in Europe is an important new milestone in streaming,” Kobalt CEO Willart Ahdritz says. “The music industry’s infrastructure is failing them, unable to efficiently account for the enormous volumes of data from digital transactions.” That, of course, is slowly but surely getting snapped up, as today’s deal between SoundCloud and Warner Music demonstrates.
http://techcrunch.com/2014/11/04/in-...arnings-by-13/





Raunchy and Revered - Zap Comix, Now in a Coffee Table Boxed Set
Dana Jennings

The cartoonist Gilbert Hernandez still recalls vividly the first time he saw Zap Comix as a boy. It was issue No. 2, and it oozed with druggy phantasmagorias, sex, over-the-top violence, sex, demons and, yes, sex. It was funny, too, 52 pages of, as the cover promised, “Gags, jokes, kozmic trooths” — all for 50 cents.

“I remember thinking, ‘I’m going to go to hell for reading this,’ ” said Mr. Hernandez, who created the much-praised independent comic Love and Rockets with his brothers in the 1980s. “The Zap artists, they’re like these crazy children. The naughtiest kids in the world. But I enjoyed Zap in a weird, lurid way.”

And while it never really went away — the most recent issue came out in 2004 — Zap, born in late 1967 in the fever dreams of R. Crumb, is emphatically back in a big way. Fantagraphics Books of Seattle in November is publishing “The Complete Zap,” a strikingly designed $500 hardcover boxed set of more than 1,100 pages. Not bad for a black-and-white comic book series whose first issue cost a quarter in 1968.

While the early issues stand as rowdy documents of the 1960s counterculture, Zap was also more. In reinventing the comic book, it set off legal battles and conversations over censorship, brought attention to cartoonists as artists, and set an example for generations of alternative comics creators like Charles Burns, Daniel Clowes, Joe Matt and the Hernandez Brothers.

The five volumes in “The Complete Zap” include Issues 0 to 16 — the final issue, No. 16, is being published for the first time — a portfolio of Zap covers, and an oral history as told by Zap’s artists. But as the underground comix historian Patrick Rosenkranz writes in his introduction to the history: “Be warned. These books contain an incendiary collection of radical propositions and unsettling notions. Do not confuse them for a quaint relic from the long-gone Age of Aquarius.”

Countercultural comics had appeared in alternative newspapers, but the arrival of Zap No. 1 in early 1968 — with its “Kozmic Kapers” and “Freak Out Funnies” strips — was the moment comic books got psychedelicized and became comix, aimed at an adult, if stoned, audience.

Within four issues, Zap grew to a collective of seven artists and became the unofficial flagship of the comix movement, inspiring the publication of hundreds of undergrounds. But none approached the quality of Zap and its all-star lineup. As Mr. Crumb says in the oral history, they were “the baddest gang of cartoonists ever to wield their crow quills together.”

Asked why he wanted to publish “The Complete Zap,” Gary Groth, Fantagraphics’ founder and publisher, said: “I consider Zap one of the most important comics ever published. It’s a landmark in comic art. The work is brilliant, and it stands for the underground movement. It stands for the times.

“Zap changed the conception of what comics are capable of.”

Outside R. Crumb’s lonely San Francisco room in 1967, the Vietnam War continued to roil the nation as the Summer of Love gave way to late fall. Inside, Mr. Crumb, burning up with drug-fueled visions, was transforming cultural notions of comics and art.

There’s a sweet Crumb drawing in Volume 5 of the boxed set that shows him with his pregnant first wife, Dana, selling copies of Zap No. 1 from a baby carriage on the Haight. Mr. Crumb looks ill at ease, Dana put-upon, and the San Francisco hippies nonplused by this 25-cent comic book. “We had no distributor,” Mr. Crumb said in a phone interview from his home in the south of France. “We were one step up from running it off on a mimeograph machine. I had to explain to the head shop guys that it was a psychedelic comic book.”

With the simple goal of just wanting to make a modest living doing comics, Mr. Crumb wrote and drew the first two issues of Zap, Nos. 0 and 1, in late 1967 — 48 pages in all. “It was way LSD-inspired,” Mr. Crumb said, “and looking at it brings back that LSD feeling.”

Those black-and-white epiphanies included characters like Mr. Natural, Whiteman, Shuman the Human — and Mr. Crumb’s endlessly pirated “Keep on truckin’ ” images. “A lot of ink has gone under the bridge since back then,” he said. “But I’m grateful that this stuff still has a timely appeal. Sometimes, it looks like a different person did it. I’m not that person anymore. I was crazy. I was depressed. But the depression made me productive.”

And Mr. Crumb soon found out that his comics were speaking to kindred souls, like the popular rock-poster artists Rick Griffin and Victor Moscoso, and the Nebraska wild man S. Clay Wilson, who enlisted for Zap No. 2. “I was amazed they were interested,” Mr. Crumb said. “I worked in total isolation until then.” And by issue No. 4 the Zap lineup — the Seven Samurai of the undergrounds — was complete as Gilbert Shelton, Spain Rodriguez and Robert Williams joined up.

Their influences ranged from Hieronymus Bosch and the Surrealists, to funny animal comics and vintage Fleischer Brothers cartoons, to 1950s EC horror and crime comics and Harvey Kurtzman, who created Mad for EC. “As a kid, I loved Mad magazine, because it regurgitated 1950s America in an incredibly brilliant way,” Mr. Crumb says in the oral history.

And just as Mad mapped out a screwball path for Zap artists, Zap did the same for later cartoonists. “Zap paved several roads to what comics can be,” said Mr. Hernandez, whose latest graphic novels are “Bumperhead” and “Loverboys.” “And indie comics are indebted to that.”

Pondering Zap’s legacy during a phone interview, Paul Mavrides, who joined the crew after Griffin died in a motorcycle crash in 1991, laughed and said, “All the blown minds left in its wake.”

Zap is the House That R. Crumb Built. But S. Clay Wilson is its howling muse.

Mr. Wilson threw down his filthy gauntlet to his fellow Zapsters right away in No. 2 with a one-page exercise in excess called “Head First.” Starring his Pervert Pirates, it revels and rollicks in sex, radical dismemberment and cannibalism. “He showed us we had been censoring ourselves,” Mr. Moscoso said in a phone interview. “He blew the doors off the church. Wilson is one of the major artists of our generation.”

Little wonder the taboo-breaking novelist William S. Burroughs once said, “I have always found Wilson’s art hilarious, relevant and timely.”

Mr. Wilson’s unhinged drawings, which Robert Williams called “vulgarly lyrical,” are a cross between Bosch and Walt Kelly’s “Pogo,” by way of the most gruesome EC comics. But Mr. Wilson, who stopped drawing after a severe brain injury in 2008, embraced his pornographic riffs. “Sex sells,” he says in the history, “and I like drawing dirty pictures.”

But not everyone admired how raw and feral Zap was. As its popularity grew — its first 16 issues are said to have sold more than three million copies over the decades — Zap attracted unwanted attention. It was part of a nationwide crackdown on the sale of undergrounds. The poet Lawrence Ferlinghetti and his City Lights Bookstore in San Francisco were even busted in 1969 for selling Zap. “We got in a lot of trouble,” Mr. Williams said in a phone interview. “We were in the middle of a seditious act.”

Then there was the trouble with women.

As Mr. Crumb, Mr. Wilson, Mr. Williams and their buddies unleashed their raging ids, relishing dark abysses of sex, drugs and violence, some of their female peers accused them of casual sexism and worse. Mr. Crumb nods toward their collective guilt, a bit tongue-in-cheek, in the history. “As Trina [Robbins] says, I ruined comix by encouraging all the younger boy artists to be bad and do comics about their own horrible sex fantasies.”

What Ms. Robbins, a cartoonist contemporary of Team Zap, said, as quoted in Mr. Rosenkranz’s indispensable history of the undergrounds, “Rebel Visions,” is: “I objected from the very beginning to all the sexism, to the incredible misogyny.”

She went on, “We’re talking about representation of rape and mutilation, and murder that involved women, as something funny.”

But Mr. Groth said: “You have to look at it historically. They were liberating themselves from all restraints. They were defiant, breaking taboos.”

Some female cartoonists, like the MacArthur Foundation fellow Alison Bechdel (“Fun Home”) and Lynda Barry (“One Hundred Demons”), who first read Zap as a seventh grader, cite the comic and Mr. Crumb as crucial influences. Ms. Barry devotes three pages in her book “What It Is” to discovering Zap, noting that she once copied the whole of Zap No. 0.

And, in a surprise, Mr. Crumb smuggled his current wife, Aline Kominsky-Crumb — who half-jokingly calls herself the Yoko Ono of the undergrounds — into Zap No. 16. They share the work on the “Aline & Bob” full-page strips, the first time a female cartoonist has appeared in the comic.

An air of elegy hangs over Zap’s 84-page final issue, No. 16. The cover is Mr. Crumb’s, 46 years after his two solo blasts heard round the counterculture. It includes last stories by Mr. Wilson and Mr. Rodriguez, who died in 2012, and Mr. Moscoso’s muted back cover says, “Adiós.” It’s like attending one last high school reunion.

But these venerable iconoclasts say they’re fine with closing up shop on Zap. “After all, we’re dying,” Mr. Moscoso said. “This isn’t Walt Disney Enterprises, where it’s going to go on after we die.”

In the end, let’s give the last word to Mr. Crumb. Asked what he’s most proud of about Zap, which he lovingly called “crude, homemade and artistic,” he didn’t even pause for a half-moment:

“It’s authentic.”
http://www.nytimes.com/2014/11/02/ar...boxed-set.html





One Wi-Fi Hotspot for Every 150 People, Says Study
Jane Wakefield

The UK has one wi-fi hotspot for every 11 people and worldwide there is one for every 150, new research from wi-fi provider iPass indicates.

It suggests there will be 47.7 million public hotspots worldwide by the end of 2014.

France currently has the most hotspots, followed by the US and UK.

Hotspots are designed to fill the gaps in coverage left by mobile networks and are often offered free of charge.

The study is one of the first comprehensive looks at the distribution of global wi-fi. A clickable map of hotspots around the world shows the numbers in each region and where they are located - in homes, on trains, planes, airports and retail outlets.

Homespots

Over the next four years, global hotspot numbers will grow to more than 340 million, the equivalent of one wi-fi hotspot for every 20 people on earth, the research finds.

But this growth will not be evenly distributed. While in North America there will be one hotspot for every four people by 2018, in Africa it will be one for every 408.

While Europe currently has the most dense wi-fi coverage, Asia will overtake it by 2018, according to the report.

The research suggests that the vast majority of hotspots - nearly 34 million - are in homes. These hotspots are part of a growing trend to extend home wi-fi to the local community.

Increasingly firms such as BT are turning home wi-fi routers into public wi-fi hotspots which will provide free net access to other subscribers to the network.

It does so without affecting the bandwidth allowance of the customer whose home it is in.

US provider Comcast caused controversy when it introduced its public home wi-fi service in the summer because customers were not given the option to opt out before receiving it.

Such "homespot" public wi-fi will see explosive growth rising to more than 325 million in 2018 and taking wi-fi "from the cities to the suburbs", according to the research.

"Every second home you walk past will be a public hotspot that you can use if you are part of that provider's network," said June Bower, chief marketing officer at iPass.

There are nearly 7.5 million hotspots in shops, cafes and hotels and and a much smaller number - nearly 11,000, on trains, planes and in airports. But wi-fi on transport is also set to grow massively, the report indicates.

Google wi-fi

Unlike the mobile network, which tends to be run by three or four big players in each country, wi-fi hotspots are controlled by many different providers.

According to the research, more than 50% of all commercial hotspots are controlled by brands whose core business is not telecommunications.

Run by cafes, hoteliers and retailers, it can make the network "somewhat chaotic", according to Ms Bower.

"At the moment you have to have a separate log-in for every hotspot and ultimately the winning providers are those that will offer the easier access experience," she said.

And there is opportunity there for the big technology brands.

"Everyone has a Google log-in. Google could become a hotspot provider as could Facebook or Apple."

In fact Google is already dabbling in the wi-fi market.

In 2013, it made a deal with Starbucks to offer free wi-fi to 7,000 coffee shops in the US and it recently filed a request with the US Federal Communications Commission to test high-speed wireless spectrum at several locations in California.
http://www.bbc.com/news/technology-29726632





Does the FCC Really Not Get It About the Internet?
Brett Frischmann

The key to an open Internet is nondiscrimination and in particular, a prohibition on discrimination or prioritization based on the identity of the user (sender/receiver) or use (application/content). I explain why at length in my book, Infrastructure: The Social Value of Shared Resources (2012). Unfortunately, the rules now being considered by the FCC don’t come close to implementing this simple and important benchmark. There are many reasons for this, but perhaps the most fundamental is a simple misconception, one that persists in the work of the FCC but also of proponents and opponents of network neutrality. It is the false distinction between what they call “edge providers” (YouTube) and “end users” (people who watch videos on YouTube).

The currently proposed FCC rules for an open Internet are based on the following definitions:

Edge Provider. Any individual or entity that provides any content, application, or service over the Internet, and any individual or entity that provides a device used for accessing any content, application, or service over the Internet.

End User. Any individual or entity that uses a broadband Internet access service.


The basic distinction suggested by these definitions is that some distinguishable subset of end users use broadband Internet access to provide content, applications, or services (or devices to access content, applications, or services), and these end users are edge providers.

Who exactly are the end users that are not edge providers? In other words, who uses the Internet but does not provide any content, application, or service? The answer is no one. All end users provide content as they engage in communications with other end users, individually or collectively. YouTube content, for example, comes from end users uploading it. But even passive “consumers” communicate and exchange data. That is the beauty of the Internet architecture; on the Internet all end-points on the network are equally capable of exchanging content/applications/services with all other end-points. Think of all the startups and small businesses run from people’s homes on home Internet connections, using WordPress tools or Amazon hosting services. Are they “end users” when they email their friends but “edge providers” when they switch windows to check their business metrics?

What is the point of the provider/user distinction? It appears to draw a line between (commercial) entities that generate a lot of traffic (and revenue) and those who don’t, but that is confused. In truth, traffic is generated jointly by many actors communicating with each other. Besides, that line ignores the fact that the Internet provides a smooth, scalable path that allows all end users to grow businesses and become future YouTubes, Amazons and Googles.

The provider/user distinction is not only false, but misleading and not a helpful foundation upon which to build a regulatory regime for Internet communications. Everything that occurs on the Internet can be understood as a conversation between end users. When I interact with a website I like, whether Amazon.com, Georgetown.edu, or icann.org, or when I send an email to the firms that own those websites or to a friend, or when I engage in a teleconference using Skype, I am having a conversation with other end-users. The contents of our conversations and nature of our interactions and relationships may vary, but those are all higher-layer considerations that have nothing to do with the infrastructural facilities we use to connect and have our conversations. All of us end users necessarily rely on access networks to have our conversations.

But when you use the Internet, do you have a conversation with your access network? It makes sense to frame my interactions with Amazon.com, Georgetown.edu, or icann.org as conversations, but no one besides the access networks themselves believes the access networks are part of these conversations. The access networks simply provide what the telecommunications act defines as a telecommunications service, which is one good reason why the FCC should reclassify broadband Internet access service as a telecommunications service.

The FCC should cast aside the false distinction between edge providers and end users. There is a better way for the FCC to implement a nondiscrimination principle to keep the Internet open and innovative. Management of the Internet should be based on quantity and timing of traffic and other related cost factors, not on a false distinction. A nondiscrimination rule that precludes discrimination or prioritization based on the identity of the user or use leaves more than sufficient room for traffic management that is based on quantity of traffic generated, timing of traffic generation, and other related cost factors; in other words, usage-based pricing, congestion pricing, and other cost-based management techniques are not precluded, despite persistent misrepresentations by opponents of nondiscrimination rules.

Some people find content delivery networks like Akamai confusing. I don’t understand the confusion, to be honest. Akamai is an end user. Like the rest of us end user / edge providers, Akamai has relationships and conversations with various end users, and to do so, it relies on various access providers. Though we might not describe ourselves as such, many of us who use peer-to-peer file sharing applications also act as content delivery networks, although perhaps on a smaller scale and in a more distributed fashion. Neither Akamai nor those of us who use peer-to-peer applications is thereby transformed into a broadband Internet access service; we are simply end users.

In these confused discussions of “edge providers” and “end users,” some folks at the FCC also point to “two-sided market” theory. This theory, expressed by the FCC Chairman once as involving Netflix and a cable company, oversimplifies the webs of relationships that exist among end users to create the Internet ecosystem and overstates the role of access providers in facilitating those relationships. The idea of “two-sides” does not account for the many (many) sides of the markets and non-markets on the Internet, and it also largely ignores the spillovers from user generated public and social goods that are perhaps the most important reasons that an open Internet is socially valuable (see my book, Infrastructure). When we use WordPress or Wikipedia to have extended conversations with many different end users distributed around the world, the access providers that we rely on (Comcast, Cogent, etc.) are not mediating a two-sided market; nor is WordPress or Wikipedia or Tumblr. To frame our conversations and relationships as though there are two parties in a market-mediated transaction distorts and cheapens them.

Embedding the false distinction between edge providers and end users in law not only distorts the law and the Internet environment we share, but it also, over time, solidifies the distinction and becomes our reality. It shapes the environment, and we tend to fit the mold provided. The danger of accepting the false and misleading distinction between edge providers and end users today is that it will help the distinction to become reality tomorrow.

I realize that my argument is at odds with the 2010 Open Internet Order, the 2014 NPRM, and the proposals of some open Internet advocates (e.g., Mozilla and others who have proposed creative ideas for regulating only the “edge provider” side of things). So be it. Those same advocates admit that their proposals might not be the best path forward. The FCC has a track record of losing unanimously in court with creative legal gymnastics, and should abandon the entire framework of distinguishing between giant companies and the little guys. All of us pay for Internet access and the FCC needs the authority—whether it uses that authority or not—to ensure that access remains open and free.

The wonderful thing about the Internet and its end-to-end architecture is that we all are capable of being providers, having conversations at the edge without having to include access providers in our conversations.
http://www.washingtonpost.com/news/v...-the-internet/





7 Colorado Communities Just Secured the Right to Build Their Own Broadband
Nancy Scola

Boulder County election official Erin Meyers receives sealed ballots from motorists at a ballot drop-off in front of the Boulder County Clerk and Recorder's office, in Boulder, Colo., on Election Day. (AP Photo/Brennan Linsley)

Voters in seven cities and counties in Colorado voted Tuesday to free their local governments to offer Internet service.

The votes marked a defeat for big, traditional Internet service providers such as Comcast that have successfully maneuvered to inject limits on municipal broadband into state regulations over the last decade. Now cities are figuring out ways to push back, including wiggling out from under laws the industry helped put in place.

Nearly two dozen states have laws limiting the ability of local governments or their partners to offer their own broadband services, often passed with the encouragement of big commercial broadband providers who complain about unfair competition. But Colorado's version of the law is unique in that it offers an escape hatch. The 2005 state law allows municipalities to provide high-speed broadband Internet if "an election shall be called" and a majority of voters signs off on the idea.

And that's what these Colorado municipalities did Tuesday.

In Boulder, locals voted on whether the city should be "authorized to provide high-speed Internet services (advanced services), telecommunications services, and/or cable television services to residents, businesses, schools, libraries, nonprofit entities and other users of such services." As of late Tuesday night, the city of 100,000 people, which already owns miles of unused fiber, had approved the measure with 84 percent of the vote.

Similar overrides also passed by large margins in the towns of Yuma, Wray, Cherry Hills Village and Red Cliff and in Rio Blanco and Yuma counties, according to KUNC, a public radio station in northern Colorado.

How were they able to secure such a big victory? There might be some factors at work that are bigger than even Colorado. Comcast, the state's largest cable provider, did not fight the referendum, perhaps because it is focused on getting its proposed merger with Time Warner Cable approved in Washington. (Comcast declined to comment for this report.)

The local popularity of municipal broadband puts traditional Internet service providers in a tough spot. There's a debate taking place on the national level over whether the federal government should step in to overturn laws like Colorado's, which prohibit municipal broadband. Federal Communications Commission Chairman Tom Wheeler recently signaled that he might be willing to do so.

At the time, Rep. Marsha Blackburn (R-Tenn.) shot back that, "We don't need unelected bureaucrats in Washington telling our states what they can and can't do."

That becomes a bit harder argument to make, though, when it's the smallest of small government -- counties, and even cities -- making those decisions for themselves.
http://www.washingtonpost.com/blogs/...own-broadband/





Gigabit Internet Connections Make Property Values Rise
Jason Koebler

When families go to buy a new home, they're most often looking for a couple things: Good schools, a safe neighborhood, maybe something that's near public transportation. And, increasingly and undeniably, access to gigabit internet service.

Cities and towns across the country are beginning to see next generation internet access as a necessity, citing its impact on property values, rents, and overall economic health.

Take Austin, Texas, for instance. Yes, it's been a city on the rise for more than a decade now, and it's got a legendary music scene, a good university, and a hip vibe. But it's also got Google Fiber, which has helped the city solidify itself as a tech hub.

In lots of cases, it's a chicken-and-egg situation: Cities with gigabit internet service are doing well economically (and have the real estate numbers to prove it), but there aren't solid stats to prove causation at the moment.

"Fiber availability may drive real estate prices upwards. An unobserved variable may jointly determine both real estate prices and fiber presence," Gabor Molnar, a telecommunications researcher at the University of Colorado wrote in a paper last year. "Alternatively, both might be correct. Residential properties in markets with high-speed broadband access would be expected to have greater value. However, good quality broadband infrastructure is also expected to be rolled out first in high-income areas with high-valued real estate."

Molnar's study was the first large-scale study done in the United States on the hypothesis, and he ultimately concluded that that the "early results are strong enough to justify further research." It’s also worth noting that Google came under fire for allegations of providing fiber first in neighborhoods that were already rich.

Anecdotally, cities and the people who want to live in them say they need fast internet to be competitive, and they don't necessarily need a study to prove it to them.

"It's getting to the point where, if my neighboring community has a gig and we're still doing satellite, the property value in that town is going to go up," Deb Socia, director of Next Century Cities, a coalition of cities trying to provide gigabit internet speeds to their citizens, told me. "You're going to lose people and you're going to lose revenue without it. I'm hearing it from folks in different chambers of commerce, in real estate, in politics. I wouldn't have necessarily thought of it if I hadn't heard it from them."

Austin has one of the strongest real estate markets in the country, and cities with municipally owned fiber like Wilson, North Carolina and Chattanooga, Tennessee, are doing extremely well as far as small cities go. A recent study by Wichita State University noted that the "Kansas City housing market is clearly on the rebound" and that home values were expected to rise 2.7 percent in 2014, roughly a year after Google Fiber came to the city.

Though not a ton of research has been done on the subject, there are some other initial studies that back up the idea. A study by RVA LLC Market Research and Consulting that was shared with me by Drew Clark, an attorney with the Kirton McConkie law firm who is working with cities to bring gigabit fiber to residents, found that fiber optic internet adds roughly $5,250 to the value of a $300,000 home. A British study (below) found that people in London are willing to pay 8 percent above market prices for homes and apartments that have high speed internet.

Clark says that it's not just the handful of cities who have joined Socia's coalition: More than 1,100 cities asked Google to build fiber in their municipalities, and, regardless of whether or not they eventually get picked, they're looking for ways to either build it themselves or partner with someone who will do it for them.

"They're asking, is there a way for us to be involved or do this on our own?," he told me. "And then they're looking at it and seeing that most municipal fiber projects have been doing quite well in meeting their objectives."

When you think about it, it's quite an obvious thing for a city and a person to want, and it goes well beyond just being able to binge watch TV shows. Patrick Lucey, a municipal fiber researcher at the Open Technology Institute, told me that cities are seeing this as a necessity, period.

"It's not just about broadband internet so you can watch Netflix," he told me. "It's about making sure schools and first responders have the bandwidth capabilities they need, it's about letting businesses take advantage of that speed."

"If we had a choice, we would pick a place to live that has really good service," Socia said. Wouldn't you?
http://motherboard.vice.com/read/gig...ty-values-rise





Internet Speed Closely Linked to Property Values

Home owners in London are willing to pay up to 8 per cent above the market price for properties in areas offering very fast internet speeds, according to a new study.

The capital’s willingness to pay a premium for good internet coverage strengthens the case for rollout of high speed broadband in densely populated areas, argue researchers from LSE and Imperial College Business School.

In the first study of its kind, researchers have analysed the value of broadband to English households, looking at the link between property prices and broadband availability.

Statistics compiled over a 15-year period, from 1995-2010, show that property prices across the UK increase on average by about 3 per cent when internet speed doubles.

While the increase in value is even greater when starting from slow internet connections, an increase from 8 to 24 megabits per second raises the property value by no more than one per cent.

Londoners show a greater willingness than the rest of the country to pay for broadband, reflecting very high usage in the capital city for both work and personal reasons.

Dr Gabriel Ahlfeldt“Speed matters,” says Gabriel Ahlfeldt, Associate Professor of Urban Economics and Land Development at the London School of Economics and Political Science.

“The European Commission has set a target by 2020 that every European citizen will need access to at least 30 megabits per second and at least 50 per cent of households should subscribe to internet connections above 100 megabits per second.

Tommaso Valletti, Professor of Economics at Imperial College Business School, added: “The target is ambitious and suggests that private provision alone may not be able to supply fast enough connections to people across the whole country.”

Currently, internet connections are provided via ISPs such as telecom and cable suppliers but there is growing pressure on governments to intervene and make high speed broadband universal.

However, while urban areas pass the cost benefit test of rolling out fibre broadband infrastructure by a large margin, the opposite is true for rural areas, researchers say.

“In rural areas it would make more sense for governments to adopt less expensive fixed and mobile technologies that deliver decent and reliable speed,” Assoc. Prof. Ahlfeldt adds. “In urban areas a levy on landlords, who ultimately benefit from the improvements, could help saving taxpayers’ money when rolling out fibre”.

The study’s findings are published in a discussion paper released this month. For more details go to: http://www.spatialeconomics.ac.uk/SE...ns/default.asp
http://www.lse.ac.uk/newsAndMedia/ne...rnetSpeed.aspx





Verizon, AT&T Tracking Their Users with ‘Supercookies’
Craig Timberg

Verizon and AT&T have been quietly tracking the Internet activity of more than 100 million cellular customers with what critics have dubbed “supercookies” — markers so powerful that it’s difficult for even savvy users to escape them.

The technology has allowed the companies to monitor which sites their customers visit, cataloging their tastes and interests. Consumers cannot erase these supercookies or evade them by using browser settings, such as the “private” or “incognito” modes that are popular among users wary of corporate or government surveillance.

Verizon and AT&T say they have taken steps to alert their customers to the tracking and to protect customer privacy as the companies develop programs intended to help advertisers hone their pitches based on individual Internet behavior. But as word has spread about the supercookies in recent days, privacy advocates have reacted with alarm, saying the tracking could expose user Internet behavior to a wide range of outsiders — including intelligence services — and may also violate federal telecommunications and wiretapping laws.

One civil liberties group, the Electronic Frontier Foundation, says it has raised its concerns with the Federal Communications Commission and is contemplating formal legal action to block Verizon. AT&T’s program is not as advanced and, according to the company, is still in testing.

The stakes are particularly high, privacy advocates say, because Verizon’s experimentation with supercookies is almost certain to spur copycats eager to compete for a larger share of the multibillion-dollar advertising profits won by Google, Facebook and others.

Those companies track their users and sell targeted advertising based on what they learn. Supercookies could allow cellular carriers and other Internet providers to do the same, potentially encircling ordinary users in a Web of tracking far more extensive than experienced today.

“You’re making it very difficult for people who want privacy to find it on the Internet,” said Paul Ohm, a former Federal Trade Commission official who teaches at the University of Colorado Law School.

Verizon began tracking its 106 million “retail” customers — meaning those who don’t have business or government contracts — in November 2012, the company said. The company excluded all government and some business customers, though it would not say how many. Verizon said it sent notifications to customers and offered a way for them to opt out of the program, but it declined to say how many did.

Privacy advocates, who typically favor systems in which customers must choose to participate by opting in, have long maintained that such company notices are ineffective; the few who read them struggle to express their preferences. Even those who did opt out of the Verizon program still have a unique identifying code attached to all of their Web traffic, the company said, but that information is not used to build behavioral profiles that are sold to advertisers.

A company spokeswoman, Adria Tomaszewski, said the super#cookie — a unique combination of letters and numbers — is changed regularly to prevent others from tracking Verizon customers, but she declined to say how often. Tomaszewski also said that those who are not part of the Verizon advertising program called Precision Market Insights are not able to use the supercookie to track Verizon customers.

“The way it’s built, it wouldn’t be able to be used for that,” Tomaszewski said.

Independent researchers dispute that claim. Unique codes — such as device ID numbers, Internet protocol addresses and cookies — get shared among Web sites, advertisers and data brokers, allowing them all to gather so much information on individual users that it’s easy to derive a name or other identifying data, experts say. The process is called “de-anonymizing” a user.

One security researcher, Stanford’s Jonathan Mayer, said, “I don’t know any computer scientist who takes that ‘It’s anonymous’ argument seriously. It’s been so thoroughly debunked in so many ways.”

Critics also say the supercookies, especially if more widely deployed, will be extremely valuable to intelligence agencies that monitor Internet behavior. The National Security Agency has used cookies — an older and more easily erased tracking code that is stored on a browser — to pinpoint Internet users worldwide for hacking attacks, The Washington Post reported last year.

AT&T declined to say how long it has been tracking its customers’ Internet behavior but said the program remains in testing and has not yet been used to target advertising. “We are considering such a program, and any program we would offer would maintain our fundamental commitment to customer privacy,” spokeswoman Emily J. Edmonds said in an e-mail.

The AT&T supercookie changes every 24 hours in an effort to protect privacy, Edmonds said.

AT&T’s program, unlike Verizon’s, would not attach an identifying code to its customers’ Internet traffic once they opt out.

There was surprise among security researchers and privacy activists in the days after the Electronic Frontier Foundation, based in San Francisco, first tweeted about the practice on Oct. 22, calling it “terrible” and citing an article in Advertising Age from May. Several news organizations have since reported the news.

Jacob Hoffman-Andrews, a senior staff technologist for the foundation, said he was surprised by the intensity of the reaction generated by the tweet, which was sent from his account. “Everybody was like, ‘Wow, that’s really appalling,’ ” he said.

The potential legal issues, experts say, stem in part from the Communications Act, which prohibits carriers from revealing identifying information about their customers or helping others to do so. That is at the heart of complaints by the foundation, which is contemplating a lawsuit or other action to stop Verizon, said one of the group’s lawyers, Nate Cardozo.

Also potentially at issue is the federal Wiretap Act, which prohibits altering personal communications during transmission without consent or a court order. Ohm, the law professor, said the companies could be vulnerable if a court found that the notification efforts by Verizon and AT&T were not adequate. Officials from both companies told a Senate committee in 2008 that they wouldn’t begin tracking their customers without seeking explicit permission first.

Privacy advocates say that without legal action, in court or by a regulatory agency such as the FCC or FTC, the shift toward supercookies will be impossible to stop. Only encryption can keep a supercookie from tracking a user.Other new tracking technologies are probably coming soon, advocates say.

“There’s a stampede by the cable companies and wireless carriers to expand data collection,” said Jeffrey Chester, executive director of the Center for Digital Democracy, a Washington-based advocacy group. “They all want to outdo Google.”
http://www.washingtonpost.com/busine...2d5_story.html





Brazil Builds Internet Cable To Portugal To Avoid NSA Surveillance
Kathleen Caulderwood

Brazil is building a cable across the Atlantic to escape the reach of the U.S. National Security Agency (NSA). The move is one of many ways the Brazilian government is breaking ties with American technology companies -- but it won’t come cheap.

The 3,500-mile fiber-optic cable will stretch from Fortaleza to Portugal, with an estimated cost of $185 million, Bloomberg reported. Of course, none of this will go to American vendors.

Last year, Edward Snowden leaked documents that showed the NSA was accessing personal information of Brazilian citizens, including listening to phone calls of President Dilma Rousseff, its embassies and the state-owned oil company Petrobras.

"As many other Latin Americans, I fought against authoritarianism and censorship and I cannot but defend, in an uncompromising fashion, the right to privacy of individuals and the sovereignty of my country," Rousseff said at the U.N. that year.

“The arguments that the illegal interception of information and data aims at protecting nations against terrorism cannot be sustained. Brazil, Mr. President, knows how to protect itself. We reject, fight and do not harbor terrorist groups," she said.

Brazil has already switched its dominant email system from Microsoft Outlook to a state-developed platform called Expresso, and last November required all government agencies to use state-owned companies for their technology services.

Brazil is the seventh-largest economy in the world. U.S. companies could lose as much as $35 billion in revenue in the next two years, as buyers doubt the security of their connections, according to research group Information Technology & Innovation Foundation.

The cable is set to be constructed in early 2015, overseen by state-owned company Telecomunicacoes Brasileiras SA, known as Telebras.
http://www.ibtimes.com/brazil-builds...llance-1717417





Germany and Brazil Propose UN Resolution Re-Write to Condemn 'Highly Intrusive Act' of NSA Surveillance
Danny Palmer

Germany and Brazil have made alterations to a United Nations draft resolution on the issue of state surveillance, with the two countries calling for protection against government spying on communications and personal data.

It represents a new version of the anti-surveillance resolution which was adopted by the UN last year following in the wake of Edward Snowden's revelations about the extent to which states are collecting metadata for the purposes of spying on citizens.

Metadata includes detailed information about who people are communicating with, where they made the communication and what websites they visit, in essence allowing the government to paint a highly accurate picture about who that person is and how they live their daily lives.

The re-write of the UN draft resolution by its German and Brazilian authors has described this act of collecting metadata for state surveillance as a "highly intrusive act".

The draft resolution, which has been submitted to all 193 UN members, says the practices "violate the right to privacy and can interfere with the freedom of expression and may contradict the tenets of a democratic society, especially when undertaken on a mass scale".

Both Brazil and Germany have had their networks breached by US surveillance systems, so it's no wonder the two countries have taken it upon themselves to move against spying.

The US's National Security Agency tapped into the networks of Brazilian oil firm Petroleo Brasileiro SA, while earlier this year it was revealed that the NSA monitored phone calls of current German Chancellor Angela Merkel and former German leader Gerhard Schroeder.

The co-authored Brazilian and German draft also suggests the United Nations should appoint a special envoy to identify and clarify standards protecting privacy rights. They also call on other states to be required to provide a remedy should an individual's right to privacy be violated by state-operated surveillance.

A vote on the draft will take place in the UN General Assembly's Third Committee - the body within the organisation that deals with human rights - later this month. If successful, it will be put a United Nations resolution in December.

"As the universal guardian of human rights, the United Nations must play a key role in defending the right to privacy, as well as freedom of opinion and expression in our digital world," said Germany's UN Ambassador, Harald Braun.

He added that the draft resolution will "help pave the way towards better protection standards".

Since Snowden first revealed the extent to which governments use web surveillance, the revelations have continued apace. Indeed, just last month it was publicly admitted by the government that GCHQ monitors bulk information collected by foreign surveillance agencies, including the NSA, and does so despite not having any sort of warrant.
http://www.computing.co.uk/ctg/news/...a-surveillance





FBI Demands New Powers to Hack Into Computers and Carry Out Surveillance

Agency requests rule change but civil liberties groups say ‘extremely invasive’ technique amounts to unconstitutional power grab
Ed Pilkington

The FBI is attempting to persuade an obscure regulatory body in Washington to change its rules of engagement in order to seize significant new powers to hack into and carry out surveillance of computers throughout the US and around the world.

Civil liberties groups warn that the proposed rule change amounts to a power grab by the agency that would ride roughshod over strict limits to searches and seizures laid out under the fourth amendment of the US constitution, as well as violate first amendment privacy rights. They have protested that the FBI is seeking to transform its cyber capabilities with minimal public debate and with no congressional oversight.

The regulatory body to which the Department of Justice has applied to make the rule change, the advisory committee on criminal rules, will meet for the first time on November 5 to discuss the issue. The panel will be addressed by a slew of technology experts and privacy advocates concerned about the possible ramifications were the proposals allowed to go into effect next year.

“This is a giant step forward for the FBI’s operational capabilities, without any consideration of the policy implications. To be seeking these powers at a time of heightened international concern about US surveillance is an especially brazen and potentially dangerous move,” said Ahmed Ghappour, an expert in computer law at University of California, Hastings college of the law, who will be addressing next week’s hearing.

The proposed operating changes related to rule 41 of the federal rules of criminal procedure, the terms under which the FBI is allowed to conduct searches under court-approved warrants. Under existing wording, warrants have to be highly focused on specific locations where suspected criminal activity is occurring and approved by judges located in that same district.

But under the proposed amendment, a judge can issue a warrant that would allow the FBI to hack into any computer, no matter where it is located. The change is designed specifically to help federal investigators carry out surveillance on computers that have been “anonymized” – that is, their location has been hidden using tools such as Tor.

The amendment inserts a clause that would allow a judge to issue warrants to gain “remote access” to computers “located within or outside that district” (emphasis added) in cases in which the “district where the media or information is located has been concealed through technological means”. The expanded powers to stray across district boundaries would apply to any criminal investigation, not just to terrorist cases as at present.

Were the amendment to be granted by the regulatory committee, the FBI would have the green light to unleash its capabilities – known as “network investigative techniques” – on computers across America and beyond. The techniques involve clandestinely installing malicious software, or malware, onto a computer that in turn allows federal agents effectively to control the machine, downloading all its digital contents, switching its camera or microphone on or off, and even taking over other computers in its network.

“This is an extremely invasive technique,” said Chris Soghoian, principal technologist of the American Civil Liberties Union, who will also be addressing the hearing. “We are talking here about giving the FBI the green light to hack into any computer in the country or around the world.”

A glimpse into the kinds of operations that could multiply under the new powers was gained this week when Soghoian discovered from documents obtained by the Electronic Frontier Foundation that in 2007 the FBI had faked an Associated Press story as a ruse to insert malware into the computer of a US-based bomb plot suspect. The revelation prompted angry responses from the AP and from the Seattle Times, whose name was also invoked in the documents, though the FBI said it had not in the end imitated the newspaper.

Civil liberties and privacy groups are particularly alarmed that the FBI is seeking such a huge step up in its capabilities through such an apparently backdoor route. Soghoian said of next week’s meeting: “This should not be the first public forum for discussion of an issue of this magnitude.”

Jennifer Granick, director of civil liberties at the Stanford center for internet and society, said that “this is an investigative technique that we haven’t seen before and we haven’t thrashed out the implications. It absolutely should not be done through a rule change – it has to be fully debated publicly, and Congress must be involved.”

Ghappour has also highlighted the potential fall-out internationally were the amendment to be approved. Under current rules, there are no fourth amendment restrictions to US government surveillance activities in other countries as the US constitution only applies to domestic territory.

However, the US government does accept that it should only carry out clandestine searches abroad where the fourth amendment’s “basic requirement of reasonableness” applies. In a letter setting out its case for the rule 41 reform, the department of justice states that new warrants issued to authorise FBI hacking into computers whose location was unknown would “support the reasonableness of the search”.

Ghappour fears that such a statement amounts to “possibly the broadest expansion of extraterritorial surveillance power since the FBI’s inception”. He told the Guardian that “for the first time the courts will be asked to issue warrants allowing searches outside the country”.

He warned that the diplomatic consequences could be serious, with short-term FBI investigations undermining the long-term international relationship building of the US state department. “In the age of cyber attacks, this sort of thing can scale up pretty quickly.”

Another insight into the expansive thrust of US government thinking in terms of its cyber ambitions was gleaned recently in the prosecution of Ross Ulbricht, the alleged founder of the billion-dollar drug site the Silk Road. Experts suspect that the FBI hacked into the Silk Road server, that was located in Reykjavik, Iceland, though the agency denies that.

In recent legal argument, US prosecutors claimed that even if they had hacked into the server without a warrant, it would have been justified as “a search of foreign property known to contain criminal evidence, for which a warrant was not necessary”.
http://www.theguardian.com/us-news/2...s-surveillance





Oz Gov Lets Slip: Telco Metadata Might be Available to Civil Courts

Quite by accident, truth leaks out
Richard Chirgwin

Comment A series of slips by the nation's top cop followed by communications minister Malcolm Turnbull has made Australia's data retention bill even more of a potential horror than it seemed when it was introduced last week.

It started with the Australian Federal Police commissioner Andrew Colvin saying that stored telecommunications metadata could be used to go after people who infringe copyright online. That statement, made on October 30, was unequivocal – he used the word “absolutely”.

It's always a bad idea for police to rashly tell the world what they really think.

The first response came from Senator George Brandis, who said that the data retention bill is all about criminal, not civil matters. Turnbull similarly explained that outfits like the AFP and ASIO aren't interested in copyright infringement (not that Colvin's use-case can't happen, only that two specific agencies aren't going to try to use the data that way).

That became the chorus-sheet, with Colvin toeing the “not interested” line on ABC Radio.

Perhaps feeling the heat, Turnbull then clarified the position further, telling ZDNet's Josh Taylor that if film studios want to use metadata to sue Torrenters, they won't be able to do their dirty work through the police, but would have to ask the courts to give them access to it.

At which point, it looks like each successive explanation has made things just that little bit worse.

It's not only that Turnbull's timing is shocking, since ISPs are right now resisting legal action trying to force them to reveal subscriber information through the courts to a copyright troll.

It's that there's nothing in any of the statements – Turnbull's, Colvin's, or Brandis' – that confines any such court process to copyright. The data is there, and accessible through the courts.

By whom, exactly? How much data could a court open up to a smart and well-funded litigant?

How would the average individual, without access to Philip Street lawyers, resist having their data swept up by someone demanding access to their metadata? Today, the IP address assigned to you or I isn't available to be pettifogged by a lawyer because it doesn't exist. Will it be the same tomorrow?

With injudicious statements, ill-conceived legislation, and its desire to metasplain its way out of trouble, the federal government has told the world: your metadata will be available to the civil courts.

And lawyers are already gathering, telling the ABC's PM program that metadata could be demanded in family law cases and insurance cases. Instead of creating the government-control beloved of conservative states, the government has created a honeypot for the scummiest practitioners of the legal profession. Personally, I fear them more than I fear most hackers.

Two senior cabinet ministers, Brandis and Turnbull, aggregate such outrageous incompetence that they couldn't predict this, and they're both lawyers.

There's also the assertion that copyright infringements aren't of interest to the AFP, which is only half true. As the government's IP Australia Website explains here:

The Copyright Act 1968 similarly provides for criminal sanctions. Under this Act it is an offence to:

• knowingly import, possess, sell, distribute or commercially deal with an infringing copy
• offer for sale infringing copies of computer programs
• transmit a computer program to enable it to be copied when received.

If there were a criminal copyright infringement investigation in hand, rather than a merely civil complaint, a target's metadata would be in the mix. “Absolutely”, as AFP commissioner Colvin honestly put it, before the backpeddaling began.

What's depressing is that Australians probably won't take to the streets about this issue. It's unlikely they'll read even a handful of the stories about the data retention regime. And thus does a country sleepwalk into a Stasi-like regime.
http://www.theregister.co.uk/2014/11...ivil_ courts/





GCHQ Chief Says Social Media Aids Terrorists

The new head of GCHQ has accused social media websites of helping terror groups and called for closer ties with intelligence agencies.

Robert Hannigan, who began his new role at the UK's eavesdropping agency on Monday, said US technology companies must work more closely with intelligence agencies to prevent terrorists from misusing their services to avoid surveillance.

In an article in the Financial Times, he said: "However much they [tech companies] may dislike it, they have become the command and control networks of choice for terrorists and criminals, who find their services as transformational as the rest of us."

He added that GCHQ, MI5 and SIS "cannot tackle these challenges at scale without greater support ... including [from] the largest US tech companies which dominate the web".

Islamic State militants have been using the likes of Twitter and YouTube to post material online, including videos of the murders of British aid workers David Haines and Alan Henning and US journalists James Foley and Steven Sotloff in Syria.

Mr Hannigan said that smartphone and other mobile technologies increased the opportunities for terrorist activity to be concealed in the wake of the exposing of secret cables and documents collected by US and UK authorities by whistleblower Edward Snowden.

He called for better arrangements to allow security and intelligence agencies to police online traffic.

Jamie Bartlett, author of the book The Dark Net: Inside The Digital Underworld, said it was a difficult issue for internet service providers.

He told Sky News: "It is incredibly difficult for them [intelligence agencies] and the police and indeed on the big internet service providers to actually get a handle on just how much propaganda, how much material is being produced and shared by Islamic State and other terrorist groups on these platforms.

"What we've seen with Islamic State and indeed every other terrorist group is quite a sophisticated way of avoiding censorship.

"Islamic State has been really very good at creating hundreds of different accounts on Twitter and Facebook and every time they're closed down, they simply start again."

Emma Carr, director of Big Brother Watch, denied internet companies were failing to assist in investigations.

She said: "The Government and agencies have consistently failed to provide evidence that internet companies are being actively obstructive.

"These companies have consistently proved through their own transparency reports that they help the intelligence agencies when it is appropriate for them to do so, which is in the vast majority of cases."
https://uk.news.yahoo.com/gchq-chief...193940328.html





Secret Manuals Show the Spyware Sold to Despots and Cops Worldwide
Cora Currier and Morgan Marquis-Boire

When Apple and Google unveiled new encryption schemes last month, law enforcement officials complained that they wouldn’t be able to unlock evidence on criminals’ digital devices. What they didn’t say is that there are already methods to bypass encryption, thanks to off-the-shelf digital implants readily available to the smallest national agencies and the largest city police forces — easy-to-use software that takes over and monitors digital devices in real time, according to documents obtained by The Intercept.

We’re publishing in full, for the first time, manuals explaining the prominent commercial implant software “Remote Control System,” manufactured by the Italian company Hacking Team. Despite FBI director James Comey’s dire warnings about the impact of widespread data scrambling — “criminals and terrorists would like nothing more,” he declared — Hacking Team explicitly promises on its website that its software can “defeat encryption.”

The manuals describe Hacking Team’s software for government technicians and analysts, showing how it can activate cameras, exfiltrate emails, record Skype calls, log typing, and collect passwords on targeted devices. They also catalog a range of pre-bottled techniques for infecting those devices using wifi networks, USB sticks, streaming video, and email attachments to deliver viral installers. With a few clicks of a mouse, even a lightly trained technician can build a software agent that can infect and monitor a device, then upload captured data at unobtrusive times using a stealthy network of proxy servers, all without leaving a trace. That, at least, is what Hacking Team’s manuals claim as the company tries to distinguish its offerings in the global marketplace for government hacking software.

Hacking Team’s efforts include a visible push into the U.S. Though Remote Control System is sold around the world — suspected clients include small governments in dozens of countries, from Ethiopia to Kazakhstan to Saudi Arabia to Mexico to Oman — the company keeps one of its three listed worldwide offices in Annapolis, Maryland, on the edge of the federal intelligence and law-enforcement cluster around the nation’s capital; has sent representatives to American homeland security trade shows and conferences, where it has led training seminars like “Cyber Intelligence Solutions to Data Encryption” for police; and has even taken an investment from a firm headed by America’s former ambassador to Italy. The United States is also, according to two separate research teams, far and away Hacking Team’s top nexus for servers, hosting upwards of 100 such systems, roughly a fifth of all its servers globally.

The company has made at least some sales to American entities, according to comments its outspoken co-founder and CEO David Vincenzetti made in l’Espresso in 2011. “We sell Remote Control System to institutions in more than 40 countries on five continents,” he told the Italian newsmagazine. “All of Europe, but also the Middle East, Asia, United States of America.” In the English-language press, where Hacking Team has been more circumspect about its client list, Vincenzetti’s l’Espresso comments about selling implants to U.S. institutions seem to have fallen through the cracks. Asked about them, Hacking Team spokesman Eric Rabe told The Intercept, “we do not identify either our clients or their locations.”

Whatever the extent of its U.S. sales, Hacking Team’s manuals deserve an audience in America and beyond. This summer, researchers at the Citizen Lab at the University of Toronto’s Munk School of Global Affairs, including the co-author of this piece, published excerpts of the manuals and technical descriptions of Hacking Team’s capabilities. Publishing the manuals in their entirety here will give the public a better understanding of the sophistication of these relatively low-cost and increasingly prevalent surveillance tools. That sort of understanding is particularly important at a time when digital monitoring has spread from large federal agencies to local police departments and as more national governments gain the once-rarified ability to deploy digital implants across borders. Turnkey solutions like RCS effectively multiply the online threats faced by activists, dissidents, lawyers, businessmen, journalists, and any number of other computer users.

A Niche for Commercial Spyware

Within the U.S., there’s relatively little information on the prevalence of law enforcement hacking. The FBI only rarely discloses its use in criminal cases. Chris Soghoian, principal technologist with the American Civil Liberties Union’s Project on Speech, Privacy and Technology, who has closely tracked the FBI’s use of malware, says that agents use vague language when getting judges’ permission to hack devices. “This is a really, really, invasive tool,” Soghoian says. “If the courts don’t know what they’re authorizing, they’re not a good check on its use. If we as a society want malware to be used by the state, we ought to have a public debate.”

What is clear is that large nations with well-funded intelligence establishments have long been capable of the kind of surveillance Hacking Team offers. In 2001, it was first reported that the FBI had developed malware known as Magic Lantern, which could take over a computer and log its users’ keystrokes, as a way around encryption. Soghoian says it’s likely that the bureau and American intelligence agencies get more customized spying solutions from contractors other than Hacking Team. Countries such as China and Russia probably develop their spyware in-house.

Hacking Team and the German firm FinFisher have taken over another niche, as the most prominent purveyors of user-friendly, off-the-shelf spyware for less moneyed customers, says Ben Wagner, director of the Center for Internet and Human Rights at the European University Viadrina. A recent leak of FinFisher data showed customer service communications between the company and Bahrain, Pakistan, Estonia, and a regional police department in Australia, among other clients. The cost of a Hacking Team installation package, meanwhile, ranges from 200,000 to 1 million euros, Vincenzetti told l’Espresso in 2011. Pricey, but not out of reach.

“If those countries didn’t have access to Gamma [FinFisher’s former parent company] or Hacking Team, they probably wouldn’t be able to do this kind of surveillance,” says Wagner. “Those are the two that we know about who have really gone for this targeted surveillance market for smaller and midsize countries.”

Soghoian thinks that “to the extent that Hacking Team has sold in the U.S., it would be to less well-resourced federal agencies or bigger local police teams.”

Hacking Team has built up enough of a profile to become something of an icon in its home country. “Elegant and tan” Vincenzetti has been lauded as a poster-boy for modernizing the Italian economy and is touted to stateside investors at events like “Italy Meets the USA.” Among those promoting Hacking Team is Innogest, an Italian venture capital firm headed by the former U.S. ambassador to Italy Ronald Spogli. The company is in Innogest’s own portfolio.

Despite the acclaim, Hacking Team — and its competitor FinFisher — have drawn the ire of human rights and privacy activists. “We have not that many companies doing nasty things for not that much money on a global scale, but with huge human rights effects,” Wagner said.

Companies like Hacking Team refer to their products as “lawful intercept” technology. They need at least the pretense of dealing with legitimate actors because the legality of surveillance software depends on the behavior of its users. That’s all that fundamentally separates their software from tools for crime or repression. But evaluating that legitimacy becomes tougher as prices fall and customers proliferate.

Hacking Team offers the assurance that its users are all government institutions. Spyware is perfectly legal in law enforcement or intelligence investigations “if used with the proper legal authorization in whatever jurisdiction they’re in,” according to Nate Cardozo, staff attorney at the Electronic Frontier Foundation. Hacking Team’s “customer policy” also claims that it will not sell to countries listed on international “blacklists” or that it believes “facilitate gross human rights abuses.” The company won’t disclose what it means by blacklists, how its review process works, or which, if any, customers have been dumped. Hacking Team’s spokesman refused to provide details beyond what is on the company’s website.

There’s evidence the company is not being particularly selective about to whom it sells. Of 21 suspected Hacking Team users tracked down by Citizen Lab, nine had been given the lowest possible ranking, “authoritarian,” in The Economist’s 2012 Democracy Index, and four of those were singled out for particularly egregious abuses — torture, beatings and rapes in detention, lethal violence against protestors — by Human Rights Watch.

Its competitors face similar criticism. Activists in Bahrain and Ethiopia have found FinFisher spyware on their computers. (FinFisher did not respond to an emailed request for comment.)

The U.S. government has shown an interest in policing the improper use of packaged malware. The Justice Department just recently brought its first case against a spyware developer, arresting a Pakistani man who marketed StealthGenie, an app that does some of the same things as Hacking Team’s RCS – monitoring all phone calls, messages, emails, texts and more without the owner’s knowledge — except for individuals rather than governments. Announcing the charges against StealthGenie’s maker, an assistant attorney general called the spyware “reprehensible…expressly designed for use by stalkers and domestic abusers who want to know every detail of a victim’s personal life.”

How It Works

Key to the spread of software like Hacking Team RCS is that it’s designed to be simple for non-experts to use.

In a brochure, Hacking Team boasts, “You cannot stop your targets from moving. How can you keep chasing them? What you need is a way to bypass encryption, collect relevant data out of any device, and keep monitoring your targets wherever they are, even outside your monitoring domain. Remote Control System does exactly that.”

Hacking Team manuals, dated September 2013, provide step-by-step instructions for technicians, administrators, and analysts on how to infect a device and set up spying.

The software can be installed physically, via a USB stick, if the authorities have direct access to the computer (imagine a police stop or an airport search.)

Or, the infection can happen remotely. It could take the familiar form of a phishing attack or email scam – as a group of Moroccan reporters found out in 2012. A document promising them a secret scoop (it was titled “scandale,” in French) turned out to be a decoy for Hacking Team software. An Emirati blogger fell victim to the same trick. The implant can also be melded with legitimate, useful software that the victim is prompted to download.

As The Intercept has previously reported, Hacking Team also installs its bugs via “network injectors” – physical devices housed with internet service providers, that allow them to intercept ordinary web traffic, like streaming video, and replace it with infectious code. (After we reported that YouTube and Microsoft Live were exploitable in this way, both companies moved to fix the vulnerabilities.)

Then there are covert network injections. The spyware installer might lay in wait in a hotel, or a Starbucks, and gain access to your computer by “emulating an access point” – in other words, pretending to be a free wifi hotspot to which the victim connected previously. The manual also describes how the software can deploy password-busting tools to break into closed wifi networks.

The Hacking Team manuals recommend that customers buy a code signing certificate from Verisign (now Symantec), Thawte, or GoDaddy– companies that offer a stamp of assurance that signals to operating systems and anti-virus scanners that the software is legitimate. Getting what Symantec calls its “digital shrinkwrap” added to Hacking Team software makes it less likely to be detected. (Symantec declined to comment on how it handles malware in issuing certificates. GoDaddy and Thawte did not respond.)

Via one of those methods, the “agent” — ie., the bug — is implanted on any of these devices:

And set up to start recording:

The “analyst” can then explore and take virtually anything from the target’s phone or computer, at least according to the manual.

Here our analyst selects an investigation – code-named “Swordfish,” and described as a “Terrorist Attack in Singapore.”

Opening that up, he sees the targets in swordfish – “Alejandro Reade,” “Joey Fargo,” and “Jimmy Page” – “head of the terrorist cell.”

Here’s what he’s looking at on Jimmy’s computer: his desktop, Skype account, Firefox browsing. All of that can be exported from the bugged device to the spy’s computer, undetected.

But before he sends everything off to his higher-ups, he can have a listen, to decide if it’s relevant:

And can even translate it:

Once he’s got all that, he maps out the various people and places tied to his target.

Entities are automatically linked by the software based on their contacts – either as a “know,” a “peer,” or an “identity” (ie., two addresses associated with the same person.)

Here are Jimmy and his friends in an industrial lot in Los Angeles:

And here’s the man himself, with all his vital stats. Web sites and physical locations get similar profiles. That photo, the manual notes, will default to the “first image captured by the webcam.”

For more on how this all works, see Citizen Lab’s report, and explore the full set of documents below.
https://firstlook.org/theintercept/2.../hacking-team/





Informational Wi-Fi Traffic Can be Used as Covert Communication Channel for Malware

Data packets used by wireless access points to advertise their capabilities can be used to control malware running on nearby computers
Lucian Constantin

A security researcher has developed a tool to demonstrate how the unauthenticated data packets in the 802.11 wireless LAN protocol can be used as a covert channel to control malware on an infected computer.

The protocol relies on clients and access points exchanging informational data packets before they authenticate or associate with each other, and this traffic is not typically monitored by network security devices. Tom Neaves, a managing consultant at Trustwave, developed a proof-of-concept tool called Smuggler that leverages these packets, known as wireless management frames, to communicate with malware.

Companies invest a lot of money in intrusion detection systems, firewalls, data loss prevention systems and other security devices to detect and block suspicious Internet traffic in and out of their networks. That's because blocking malware programs from communicating with attackers is just as important as preventing end-point systems from becoming infected in the first place, which is increasingly hard to do these days with all the potential attack vectors and people using the same devices at home and work.

Neaves' proof of concept uses legitimate features of the 802.11 protocol in ways they weren't meant to be used, in particular the information elements found in wireless beacon and probe request frames.

Beacon frames are specially formatted data packets that wireless access points send periodically to announce their presence and relay information about themselves to listening clients. They contain information elements like the SSID (service set identification) which gives a network its public name, the data rates supported by the network and other parameters -- a sort of metadata.

An attacker sitting within a compromised computer's Wi-Fi range -- like in a parking lot outside an office -- could use Smuggler to set up an access point that broadcasts a beacon frame with a blank SSID and a Rates information element that actually contains a command. The computer's wireless card will receive the beacon frame, but the OS won't display the access point in the list of available wireless networks because the SSID is blank.

A malware program running on the computer can be programmed to listen for beacon frames with blank SSIDs, parse their Rates elements and execute the commands found inside. It can then use the wireless card to send probe request frames that have the output of those commands embedded in them.

Probe request frames are used by wireless clients to request information from specific access points or from all nearby access points, like during an active wireless network scan. The SSID information elements in these frames, which is normally used to indicate which access point should respond, can instead be used to relay a command's output back to the attacker, Neaves said in a blog post.

If the output is too large, it can be spread across multiple probe request frames and the program running on the attacker's computer can reconstruct it.

The Smuggler tool has components to automate this two-way communication process on both the attacker and the victim side. Neaves used it to implement an interactive shell that allowed him to remotely execute commands on an infected computer and see their output via a local terminal window.

"I am not going to release Smuggler just yet," he said. "The objective of this post is that I wanted to share my findings of abusing a protocol in a way not intended and use it for bad things, such as creating this covert two-way communications channel without associating or authenticating. I have also created Anti-Smuggler to demonstrate that it is possible to detect such attacks."
http://www.computerworld.com.au/arti...annel-malware/





N.S.A. Director Makes Another Visit to Silicon Valley
Nicole Perlroth

Adm. Michael S. Rogers, director of the National Security Agency, said on Monday that a secure Internet was in the best interest of the United States, following disclosures that the N.S.A. had been exploiting weaknesses in the web for foreign intelligence gathering.

Admiral Rogers took over the post of N.S.A. director in April as the agency faced criticism over its mass-surveillance program, and particularly its efforts to undermine digital encryption and exploit security flaws to spy on foreigners, after the revelations by the former intelligence contractor Edward J. Snowden.

Since then, technology companies like Google and Yahoo have taken significant steps to encrypt their data, both when it is stored and as it flows through their own data centers, because Mr. Snowden’s revelations showed the N.S.A. was gathering it in an unencrypted form as it passed between computers. More recently, Apple and Google have taken steps to encrypt mobile data by introducing fully encrypted cellphones.

Those moves prompted the F.B.I.’s director, James B. Comey, in a speech two weeks ago, to remark that the “post-Snowden pendulum” had “gone too far.”

But Admiral Rogers took a different tack in his speech on Monday, before an audience of students and faculty at Stanford, saying “a fundamentally strong Internet is in the best interest of the U.S.”

Increasingly encrypted products and services are “a challenge,” Admiral Rogers said. “And we’ll deal with it.”

He added that the agency had changed its approach to so-called zero-day vulnerabilities, which are undiscovered software bugs that could be exploited for espionage. In the past, the N.S.A. had actively searched for and bought zero-day bugs from defense contractors as well as hackers.

On Monday, Admiral Rogers said that when the agency discovered software bugs and vulnerabilities, “the default setting is if we become aware of a vulnerability, we share it.”

But he said there would be exceptions.

“There are some instances where we are not going to do that,” he said, declining to clarify what circumstances would warrant disclosure.

Admiral Rogers was making his second visit to Silicon Valley since he joined the N.S.A. last April. He said he would return every six months, both to engage technology executives in a dialogue about “what the N.S.A. is and what it is not” and also because the agency now competes with technology companies and start-ups for the same employees.

The days when the Defense Department drove technical innovation, he said, “are way behind us.”

He also pushed on Monday for better information-sharing between the intelligence community and private technology companies. Legislation that would set up a formal information-sharing system has stalled in Congress, facing objections from the private sector.

“It is unrealistic to expect the private sector to withstand the actions of nation-states,” Admiral Rogers said. “I think it is also unrealistic to expect the government to deal with this all by itself. How do we create the partnerships that allow us to work together as a team.”

A partnership with Silicon Valley corporations is likely to be an uphill battle. At a recent Apple event, Timothy D. Cook, the company’s chief executive, said that the company’s priority was to protect consumer privacy and that it would not loosen security or encryption for intelligence-gathering efforts.

“There’s been some comments from some law enforcement types that said, ‘Hey, this is not good, we don’t have the flexibility we had before,’ ” Mr. Cook said. “If law enforcement wants something they should go to the user and get it. It’s not for me to do that.”
http://bits.blogs.nytimes.com/2014/1...ilicon-valley/





Security Scorecard Finds Messaging Apps Need More Development

EFF experts find only a handful of apps that meet basic security standards.
Robert Lemos

Only six out of 39 messaging applications have the features needed to guarantee the security of communications sent over the Internet, according to an analysis by the Electronic Frontier Foundation (EFF).

The results of the analysis, published as a scorecard on Tuesday, found that popular messaging apps—such as Facebook Chat, Apple’s FaceTime and iMessage, Microsoft’s Skype, and Yahoo Messenger—failed to meet all seven criteria, such as whether the application implements perfect forward secrecy and whether the source code had been audited for security. The group did the analysis as part of its campaign to promote the development of secure and usable cryptography, which is necessary in a world where government surveillance has become more common, Peter Eckersley, EFF’s technology projects director, told Ars.

The study is intended to help direct companies who are actively developing secure-communication software, he said.

“We are seeing an unprecedented level of interest and engineering commitment to solving these problems,” Eckersley said. “We don’t yet completely know what the best solution will look like, and that is why we are trying to set up the scorecards so that everyone knows the rules to play by.”

Following the leak of classified documents outlining government efforts to collect a significant volume of data on people’s phone and Internet communications, more companies have aimed to create encrypted messaging applications. Secure instant messaging firms such as Wickr and Silent Circle have created applications to compete against better-known software, such as the Off the Record chat add-on, and services, such as e-mail provider Hushmail.

The EFF evaluated each application against seven criteria. Almost every application passed the first milestone—encrypting communications in transit—but far fewer allowed for independent review of their source code or had paid to have their code audited by a third party. The four other criteria are whether the messages are encrypted to prevent the provider from reading their contents, whether the identities of contacts can be verified, whether the security design is documented, and whether the encryption process can prevent previous messages from being decrypted with a stolen key, a security feature known as perfect forward secrecy.

Only six applications passed all seven criteria: ChatSecure, CryptoCat, the Signal app for Redphone, Silent Phone, Silent Text, and TextSecure. Apple is the most secure of the messaging apps used by the masses, the EFF said. But passing all seven sections of the security scorecard does not mean that the applications are ready to be used as a way to privately communicate in an authoritarian nation, Eckersley said.

“Getting a perfect score here is more the first step than final victory,” he said. “We still need usability studies, metadata protection, independently commissioned audits, and other measures of security before we try to get the whole network to switch to one of these options.”

In addition, security is not sufficient in a messaging application, he said. The software or service has to be easy to use and not make the effort of exchanging messages onerous. The exchange of keys, and validation of the trust of those keys, required to securely use a distributed message security system like Pretty Good Privacy is an example of encryption done wrong, he said.

“Good cryptographic design should not cause significant inconvenience, and [it] certainly shouldn’t cause extra work as a first step to using the system,” said Eckersley.
http://arstechnica.com/security/2014...e-development/





Peeping Into 73,000 Unsecured Security Cameras Thanks to Default Passwords

A site linked to 73,011 unsecured security camera locations in 256 countries to illustrate the dangers of using default passwords.
Ms. Smith

Yesterday I stumbled onto a site indexing 73,011 locations with unsecured security cameras in 256 countries …unsecured as in “secured” with default usernames and passwords. The site, with an IP address from Russia, is further broken down into insecure security cameras by the manufacturers Foscam, Linksys, Panasonic, some listed only as “IP cameras,” as well as AvTech and Hikvision DVRs. 11,046 of the links were to U.S. locations, more than any other country; one link could have up to 8 or 16 channels, meaning that’s how many different security camera views were displayed on one page.

Truthfully, I was torn about linking to the site, which claims to be “designed in order to show the importance of security settings;” the purpose of the site is supposedly to show how not changing the default password means that the security surveillance system is “available for all Internet users” to view. Change the defaults to secure the camera to make it private and it disappears from the index. According to FAQs, people who choose not to secure their cameras can write the site administrator and ask for the URL to be removed. But that requires knowing the site exists.

There are 40,746 pages of unsecured cameras just in the first 10 country listings: 11,046 in the U.S.; 6,536 in South Korea; 4,770 in China; 3,359 in Mexico; 3,285 in France; 2,870 in Italy; 2,422 in the U.K.; 2,268 in the Netherlands; 2,220 in Columbia; and 1,970 in India. Like the site said, you can see into “bedrooms of all countries of the world.” There are 256 countries listed plus one directory not sorted into country categories.

The last big peeping Tom paradise listing had about 400 links to vulnerable cameras on Pastebin and a Google map of vulnerable TRENDnet cameras; this newest collection of 73,011 total links makes that seem puny in comparison. A year ago, in the first action of its kind, the FTC brought down the hammer on TRENDnet for the company’s “lax security practices that exposed the private lives of hundreds of consumers to public viewing on the Internet.”

Security cameras are supposed to offer security, not provide surveillance footage for anyone to view. Businesses may be fine with that, but cameras that are not truly locked down in homes invite privacy invasions. In this case, it’s not just one manufacturer. Sure, a geek could Google Dork or use Shodan to end up with the same results, but that doesn’t mean the unsecured surveillance footage would be aggregated into one place that’s bound to be popular among voyeurs.

There were lots of businesses, stores, malls, warehouses and parking lots, but I was horrified by the sheer number of baby cribs, bedrooms, living rooms and kitchens; all of those were within homes where people should be safest, but were awaiting some creeper to turn the “security surveillance footage” meant for protection into an invasion of privacy.

Randomly clicking around revealed an elderly woman sitting but a few feet away from a camera in Scotland. In Virginia, a woman sat on the floor playing with a baby; the camera manufacturer was Linksys. There was a baby sleeping in a crib in Canada, courtesy of an unsecured Foscam camera, the brand of camera most commonly listed when pointing down at cribs. So many cameras are setup to look down into cribs that it was sickening; it became like a mission to help people secure them before a baby cam “hacker” yelled at the babies.

I wanted to warn and help people who unwittingly opened a digital window to view into their homes, so I tried to track down some security camera owners with the hopes of helping them change the default username and password. It is their lives and their cameras to do with as they think best, but “best” surely doesn’t include using a default username and password on those cameras so that families provide peep shows to any creep who wants to watch.

The site lists the camera manufacturer, default login and password, time zone, city and state. The results for each camera are also theoretically pinpointed with longitude and latitude on Google Maps. That can be opened in another browser window, zoomed into, converted to Google Earth, then Street View in hopes of seeing an address to take into a reverse phone look-up. It’s slightly easier if it’s a business and you see a name on a building. There may be an easier way, as it was slow and frustrating.

I’m unwilling to say how many calls I made, or else you might think I enjoy banging my head against the wall. It was basically how I spent my day yesterday. Too many times the location couldn’t be determined, led to apartments, or the address wasn’t listed in a reverse phone search. After too many times in a row like that, I’d switch to a business as it is much easier to pinpoint and contact.

One call was to a military installation. Since the view was of beautiful fall foliage, it seemed like a “safe” thing to find out if that camera was left with the default password on purpose. Searching for a contact number led to a site that was potentially under attack and resulted in a "privacy error." Peachy. Then I had two things to relay, but no one answered the phone. After finding another contact number and discussing both issues at length, I was told to call the Pentagon! Holy cow and yikes!

About six hours into trying to help people, I was used to talking to the manager of establishments and explaining the issue. During a call to a pizza chain place, the manager confirmed the distinct views from eight channels of cameras before things got ugly.

Managers, don’t shoot the messenger; a person out to hurt you might dig into a Linux box with root, but no exploit or hacking is needed to view the surveillance footage of your unsecured cameras! It’s exceedingly rude to yell or accuse a Good Samaritan of “hacking” you. If your cameras are AVTech and admin is both username and password, or Hikvision “secured” with the defaults of admin and 12345, then you need to change that. Or don’t and keep live streaming on a Russian site.

After an exasperating day of good intentions not being enough to help folks, hopefully raising awareness will help. It would be great if these manufacturers would start wrapping the boxes in tape that yells, Be sure to change the default password! In some security camera models, no password is even required.

If you don’t recall your username/password combo, then download the manual of your camera model, reset the device like you would a wireless router, and aim for a strong password to truly provide security this time. This might be a good place to start for support or manuals for Foscam, Linksys, AVTech, Hikvision, Panasonic, but some of the unsecure security cams are simply listed as IP cameras.

I don’t know what else to do if the FTC doesn’t again bring the hammer down on companies that don’t do enough to stop people from having their lives invaded. Take the issue and manufacturer names to Craigslist to try and get the attention of people in specific towns? But that would simply point back to the site and open even more people to having their privacy invaded.

Mostly, it falls on us, dear security-conscious readers, to nudge our not-so-techy friends and remind our families how very important it is to set strong passwords on security cameras unless they want to give the whole world a free pass to watch inside their homes.
http://www.networkworld.com/article/...passwords.html





British Spies Are Free to Target Lawyers and Journalists
Ryan Gallagher

British spies have been granted the authority to secretly eavesdrop on legally privileged attorney-client communications, according to newly released documents.

On Thursday, a series of previously classified policies confirmed for the first time that the U.K.’s top surveillance agency Government Communications Headquarters (pictured above) has advised its employees: “You may in principle target the communications of lawyers.”

The U.K.’s other major security and intelligence agencies—MI5 and MI6—have adopted similar policies, the documents show. The guidelines also appear to permit surveillance of journalists and others deemed to work in “sensitive professions” handling confidential information.

The documents were made public as a result of a legal case brought against the British government by Libyan families who allege that they were subjected to extraordinary rendition and torture in a joint British-American operation that took place in 2004. After revelations about mass surveillance from National Security Agency whistleblower Edward Snowden last year, the families launched another case alleging that their communications with lawyers at human rights group Reprieve may have been spied on by the government, hindering their ability to receive a fair trial.

In a statement on Thursday, Reprieve’s legal director Cori Crider said that the new disclosures raised “troubling implications for the whole British justice system” and questioned how frequently the government had used its spy powers for unfair advantage in court.

“It’s now clear the intelligence agencies have been eavesdropping on lawyer-client conversations for years,” Crider said. “Today’s question is not whether, but how much, they have rigged the game in their favor in the ongoing court case over torture.”

Rachel Logan, a legal adviser at rights group Amnesty International, said that spying on lawyers affords the U.K. government an “unfair advantage akin to playing poker in a hall of mirrors.”

“It could mean, amazingly, that the government uses information they have got from snooping on you, against you, in a case you have brought,” Logan said. “This clearly violates an age-old principle of English law set down in the 16th century—that the correspondence between a person and their lawyer is confidential.”

In the U.S., the NSA has also been caught spying on lawyers. Earlier this year, the agency was forced to reassure attorneys that it “will continue to afford appropriate protection to privileged attorney-client communications acquired during its lawful foreign intelligence mission in accordance with privacy procedures required by Congress, approved by the Attorney General, and, as appropriate, reviewed by the Foreign Intelligence Surveillance Court.”

In the U.K., the oversight of intelligence agencies is undoubtedly far more lax.

According to the documents released Thursday, in at least one case legally privileged material that was covertly intercepted by a British agency may have been used to the government’s advantage in legal cases. One passage notes that security service MI5 identified an instance in which there was potential for “tainting” a legal case after secretly intercepted privileged material apparently ended up in the hands of its lawyers.

The policies state that the targeting of lawyers “must give careful consideration to necessity and proportionality,” but the GCHQ policy document adds that each individual analyst working at the agency is “responsible for the legality” of their targeting, suggesting that a large degree of personal judgement is involved in the process. Notably, there is no judicial oversight of eavesdropping conducted by GCHQ or other British security agencies; their surveillance operations are signed off by a senior politician in government, usually the Foreign or Home Secretary.

The categories that allow the agencies to spy on lawyers or others working with “confidential” material, such as journalists, are extremely broad. One policy document from GCHQ notes:

If you wish the target the communications of a lawyer or other legal professional or other communications that are likely to result in the interception of confidential information you must:

Have reasonable grounds to believe that they are participating in or planning activity that is against the interests of national security, the economic well-being of the UK or which in itself constitutes a serious crime.


In practice, this could mean that any lawyer or an investigative journalist working on a case or story involving state secrets could be targeted on the basis that they are perceived to be working against the vaguely defined national security interests of the government. Any journalists or lawyers working on the Snowden leaks, for instance, are a prime example of potential targets under this rationale. The U.K. government has already accused anyone working to publish stories based on the Snowden documents of being engaged in terrorism—and could feasibly use this as justification to spy on their correspondence.

GCHQ declined to comment for this post, referring a request from The Intercept to the government’s Home Office. A Home Office spokesperson said: “We do not comment on ongoing legal proceedings.”
https://firstlook.org/theintercept/2...rnalists-gchq/





Journalism, Independent and Not
David Carr

Last week, I read an interesting article about how smart hardware can allow users to browse anonymously and thus foil snooping from governments. I found it on what looked like a nifty new technology site called SugarString.

Oddly enough, while the article mentioned the need for privacy for folks like Chinese dissidents, it didn’t address the fact that Americans might want the same kind of protection.

There’s a reason for that, although not a very savory one. At the bottom of the piece, there was a graphic saying “Presented by Verizon” followed by some teeny type that said “This article was written by an author contracted by Verizon.”

As the DailyDot pointed out last Tuesday, Verizon not only backs the site, but also sets its coverage agenda. And that agenda, according to an email recruiting reporters for the site, did not include reporting on domestic spying and net neutrality, two of the most vital issues in technology. Those subjects were off the table.

You can guess why. Thanks to Edward Snowden, we know that Verizon turned over the phone records of millions of people to the American government without their consent. And Verizon is hardly neutral on the issue of net neutrality, having successfully sued to keep the F.C.C. from blocking efforts to charge for a fast lane for data traffic.

After inquiries from various news media outlets, Verizon fed the editor who sent the recruiting email into the wood chipper, saying, “Unlike the characterization by its new editor, SugarString is open to all topics that fit its mission and elevate the conversation around technology.” When I contacted the company on Friday, they would not say if that elevated conversation would include domestic spying and net neutrality, but a spokeswoman sent a note saying, “Verizon believes this was a good, sound concept, but the execution was not what it should have been, and we’ll learn from it.”

Clearly, historical models of funding original content are under duress, and a variety of efforts have emerged to innovate around that new reality: nonprofit news sites, digital news operations with low-cost approaches and yes, brands like Verizon that are also beginning to finance their own media operations.

The brand publishing that has emerged ranges from enlightening to harmless, with much of it arrayed over topics like extreme sports, small business advice or food and health. As my colleague Stuart Elliott pointed out, Pepsi is big into brand publishing, having come up with Green-Label.com, a lifestyle publication sponsored by Mountain Dew and produced by Pepsi along with Complex Media.

Complex is also producing the SugarString site on behalf of Verizon. According to people who were part of the process, Verizon brought the idea to McGarryBowen, an ad agency, and it soon became clear that what the company wanted was not a brand campaign, but a media property with visibility in social platforms.

“It was odd — it just sort of showed up here, fully formed,” said a Complex employee not authorized to speak publicly on the subject.

Coming up with credible consumer sites is complicated enough, but throw news into the mix and the degree of difficulty climbs, especially if your company is a behemoth with a reach into all aspects of technology.

Of the many attempts at new approaches to publishing — native advertising, custom content, sponsored content — SugarString sets a new low. It was a bad idea with a pratfall of a rollout, a transparent attempt to project brand might into a very controversial conversation. The fact that the name of the corporation bringing you the information is at the bottom of every story, not the top, is an attempt to hide the fundamental intent.

“I think they overlooked the first rule of storytelling, which is to not deceive the reader,” said Shane Snow, the co-founder of Contently, which helps brands produce media of their own. “The exposure they were seeking ended up being negative.”

What had been an attempt by Verizon to build engagement and relevance had precisely the opposite effect, coming off as a kind of Astroturfing — grass roots that are anything but — rendered in pixels. The broadly skeptical response to the site serves as a reminder that publishing looks easy, but is filled with peril.

But if brands are less willing to just slap expensive ads onto sites they have no control over, how is smart, good content going to be underwritten? The Center for Public Integrity and ProPublica have both demonstrated sustainable nonprofit approaches to significant national news. But First Look Media, begun a little over a year ago with lots of fanfare and a respected backer — Pierre Omidyar, founder of eBay — seems to be having significant trouble; last week Matt Taibbi resigned amid talk of corporate bureaucracy overwhelming journalism.

If you are thinking there must be some way for corporations to enrich the civic debate through publishing, you’re right. Five years ago this Monday, I met with Evan Smith, who was just starting The Texas Tribune. He suggested that as newspapers retreated, Republicans and Democrats, corporations and foundations, government and the private sector would get behind a nonpartisan news site to cover Texas state politics.

It sounded far-fetched at the time, but it all came true and then some. Five years later, The Texas Tribune has raised $27 million from people, foundations and corporations including Exxon, Walmart and AT&T. It has built the largest newsroom in the country covering any statehouse and created a thriving events business. While other nonprofit news efforts have tumbled, The Texas Tribune has $6 million in annual revenues and $2.5 million in the bank, according to Mr. Smith.

The company will announce Monday that it is opening a Washington bureau backed by the Hewlett Foundation, reversing a trend of regional flight from the capital. The nonprofit site now has 50 full-time staff members doing work that any media outlet would be proud of, including a 15-part series on how the shale boom has affected life in Texas and a huge series on the private conflicts of a part-time legislature, with a companion data project called The Ethics Explorer.

Its live stream of a filibuster by State Senator Wendy Davis became a national sensation, while its events calendar has included statewide conversations with Governor Rick Perry, Senator Ted Cruz and Ms. Davis, among many others.

“It sounds very corny, but we always believed that there was a place where people of unlike minds could put down their weapons, get in a room and hash stuff out,” Mr. Smith said.

It’s not all hunky dory. The Tribune had a twice-a-week distribution agreement with The New York Times in which its work was part of the printed paper in Texas. On Friday, Mr. Smith was notified that The Times, as part of an effort to focus on its core business, would be ending the relationship.

But even that didn’t dent Mr. Smith’s belief that innovation and elbow grease will serve as a corrective to all of the sad-sack talk about news going away. The Tribune serves as proof that a local site can combine news, data and events into a three-legged stool that stands on its own.

“Nonprofits rely on rich people and corporations, and Texas has a lot of both,” Mr. Smith said. “But the people and companies who contribute expect, and get nothing more than, a firm handshake and the knowledge that they helped make Texas a little smarter. They know we don’t put a thumb on the scale, and they don’t try to either.”

Contrast that with Verizon, whose effort to dip a toe into publishing turned out to be all thumbs.
http://www.nytimes.com/2014/11/03/bu...t-and-not.html





AP Exclusive: Ferguson No-Fly Zone Aimed at Media
Jack Gillum and Joan Lowy

The U.S. government agreed to a police request to restrict more than 37 square miles of airspace surrounding Ferguson, Missouri, for 12 days in August for safety, but audio recordings show that local authorities privately acknowledged the purpose was to keep away news helicopters during violent street protests.

On Aug. 12, the morning after the Federal Aviation Administration imposed the first flight restriction, FAA air traffic managers struggled to redefine the flight ban to let commercial flights operate at nearby Lambert-St. Louis International Airport and police helicopters fly through the area — but ban others.

"They finally admitted it really was to keep the media out," said one FAA manager about the St. Louis County Police in a series of recorded telephone conversations obtained by The Associated Press. "But they were a little concerned of, obviously, anything else that could be going on.

At another point, a manager at the FAA's Kansas City center said police "did not care if you ran commercial traffic through this TFR (temporary flight restriction) all day long. They didn't want media in there."

FAA procedures for defining a no-fly area did not have an option that would accommodate that.

"There is really ... no option for a TFR that says, you know, 'OK, everybody but the media is OK,'" he said. The managers then worked out wording they felt would keep news helicopters out of the controlled zone but not impede other air traffic.

The conversations contradict claims by the St. Louis County Police Department, which responded to demonstrations following the shooting death of 18-year-old Michael Brown, that the restriction was solely for safety and had nothing to do with preventing media from witnessing the violence or the police response.

Police said at the time, and again as recently as late Friday to the AP, that they requested the flight restriction in response to shots fired at a police helicopter.

But police officials confirmed there was no damage to their helicopter and were unable to provide an incident report on the shooting. On the tapes, an FAA manager described the helicopter shooting as unconfirmed "rumors."

The AP obtained the recordings under the U.S. Freedom of Information Act. They raise serious questions about whether police were trying to suppress aerial images of the demonstrations and the police response by violating the constitutional rights of journalists with tacit assistance by federal officials.

Such images would have offered an unvarnished view of one of the most serious episodes of civil violence in recent memory.

"Any evidence that a no-fly zone was put in place as a pretext to exclude the media from covering events in Ferguson is extraordinarily troubling and a blatant violation of the press's First Amendment rights," said Lee Rowland, an American Civil Liberties Union staff attorney specializing in First Amendment issues.

FAA Administrator Michael Huerta said in a statement Sunday his agency will always err on the side of safety. "FAA cannot and will never exclusively ban media from covering an event of national significance, and media was never banned from covering the ongoing events in Ferguson in this case."

Huerta also said that, to the best of the FAA's knowledge, "no media outlets objected to any of the restrictions" during the time they were in effect.

In the recordings, an FAA manager urged modifying the flight restriction so that planes landing at Lambert still could enter the airspace around Ferguson.

The less-restrictive change practically served the authorities' intended goal, an FAA official said: "A lot of the time the (lesser restriction) just keeps the press out, anyways. They don't understand the difference."

The Kansas City FAA manager then asked a St. Louis County police official if the restrictions could be lessened so nearby commercial flights wouldn't be affected. The new order allows "aircraft on final (approach) there at St. Louis. It will still keep news people out. ... The only way people will get in there is if they give them permission in there anyway so they, with the (lesser restriction), it still keeps all of them out."

"Yeah," replied the police official. "I have no problem with that whatsoever."

KMOV-TV News Director Brian Thouvenot told the AP that his station was prepared at first to legally challenge the flight restrictions, but was later advised that its pilot could fly over the area as long as the helicopter stayed above 3,000 feet. That kept the helicopter and its mounted camera outside the restricted zone, although filming from such a distance, he said, was "less than ideal."

None of the St. Louis stations was advised that media helicopters could enter the airspace even under the lesser restrictions, which under federal rules should not have applied to aircraft "carrying properly accredited news representatives." The FAA's no-fly notice indicated the area was closed to all aircraft except police and planes coming to and from the airport.

"Only relief aircraft operations under direction of St. Louis County Police Department are authorized in the airspace," it said. "Aircraft landing and departing St. Louis Lambert Airport are exempt."

The same day that notice was issued, a county police spokesman publicly denied the no-fly zone was to prevent news helicopters from covering the events. "We understand that that's the perception that's out there, but it truly is for the safety of pilots," Sgt. Brian Schellman told NBC News.

Ferguson police were widely criticized for their response following the death of Brown, who was shot by a city police officer, Darren Wilson, on Aug. 9. Later, under county police command, several reporters were arrested, a TV news crew was tear gassed and some demonstrators were told they weren't allowed to film officers. In early October, a federal judge said the police violated demonstrators' and news crews' constitutional rights.

"Here in the United States of America, police should not be bullying and arresting reporters who are just doing their jobs," President Barack Obama said Aug. 14, two days after police confided to federal officials the flight ban was secretly intended to keep media helicopters out of the area. "The local authorities, including police, have a responsibility to be transparent and open."

The restricted flight zone initially encompassed airspace in a 3.4-mile radius around Ferguson and up to 5,000 feet in altitude, but police agreed to reduce it to 3,000 feet after the FAA's command center in Warrenton, Virginia, complained to managers in Kansas City that it was impeding traffic into St. Louis.

The flight restrictions remained in place until Aug. 22, FAA records show. A police captain wanted it extended when officials were set to identify Wilson by name as the officer who shot Brown and because Brown's funeral would "bring out the emotions," the recordings show.

"We just don't know what to expect," he told the FAA. "We're monitoring that. So, last night we shot a lot of tear gas, we had a lot of shots fired into the air again. It did quiet down after midnight, but with that ... we don't know when that's going to erupt."

The recordings do not capture early conversations about the initial flight restriction imposed a day earlier, but they nonetheless show the FAA still approved and modified the flight restriction after the FAA was aware that its main intent was to keep the media away.

One FAA official at the agency's command center asked the Kansas City manager in charge whether the restrictions were really about safety. "So are (the police) protecting aircraft from small-arms fire or something?" he asked. "Or do they think they're just going to keep the press out of there, which they can't do."
http://www.sfgate.com/news/politics/...ia-5864999.php





Hungarian Internet Tax Protesters Aim to be New Opposition Force
Marton Dunai

With Hungary’s conservative prime minister enjoying solid support and his opposition in disarray, Hungarians who united against his plan to tax the Internet believe they have created a new platform to voice dissent.

The biggest street protests since he came to power four years ago forced Orban last week to shelve the tax plan - a stunning U-turn by a man whose big parliamentary majority and popular support usually allow him to wield power unopposed.

The loose collective of students, activists and artists who organised last month's protests believe they have tapped into a groundswell of a indignation that could now be channelled against other Orban policies.

"This is a colourful group but it is together and it wants to keep going," said Balazs Gulyas, a 28-year-old student activist who organised the protests via a Facebook page. "We are in the process of finding the way to do this right."

Orban, who declared in July that he wanted to make Hungary an "illiberal state", citing his admiration of the political systems of China and Russia, is viewed with concern by the rest of the European Union and by the United States.

But despite taking a tighter grip over the media and pushing hundreds of judges into retirement - steps criticised in Brussels and Washington as authoritarian - the political opposition has been deserted by voters.

That has left a political void that the protest movement -- which gathered on Gulyas's Facebook page "One Hundred Thousand against the Internet tax" - hopes to fill.

"For now there is no movement, there is no organised political resistance," said Marton Gulyas, 28, an alternative theatre company director who joined the protests.

But, said Gulyas, who is not related to Balazs: "The chance for one is in the air."

After at least 50,000 people attended the tax rallies, and 240,000 joined the Facebook page, the government has not been able to ignore the movement, but it has accused it of being merely a front for the flailing Socialist opposition.

"When political will turns against the government then that is not civil society," government spokesman, Zoltan Kovacs said.

"Hiding behind civil society groups gives a special colour to the Hungarian opposition. If they cannot get anywhere with parties they use civil society groups."

"Election time is the time for political decisions, and voters in Hungary made their will very clear."

RIGHT TO REJECT

The Socialists welcomed the tax protest and embraced its main message. But that sympathy was not mutual: most protest speakers and participants made clear that their disdain was aimed at the entire political elite, not just the ruling party.

"They have a right to reject us," Socialist Chairman Jozsef Tobias told Reuters.

"We still think they organised in a legitimate way and they showed that in a society there must be consequences when the people raise their voices against totalitarian attempts."

With a two-thirds majority in parliament, Orban's power is seen as unassailable through the end of his term in 2018.

But the speed at which the tax protests came together showed the power of informal networks of a few tech-savvy activists.

They are still holding meetings, usually in cooperative-run bars with names like Frisco, Aurora, or Back Door dotted around the more bohemian districts of Budapest.

They have a modest fighting fund collected from the protesters - a few thousand euros, according to organiser Karoly Fuzessi, a bearded 30 year-old web designer and philosophy student.

It was to that alternative crowd, rather than the political mainstream where he already had connections, that Balazs Gulyas looked for help after being overwhelmed by the response to his Facebook page.

Gulyas' mother, Zita Gurmai, was a Socialist member of the European Parliament for a decade until this year, and his father, Mihaly Gulyas, once advised Socialist Prime Minister Peter Medgyessy and still maintains ties with the party.

The young Gulyas was himself a member of the Socialist Party, holding various minor positions before quitting, disillusioned, in August.

When 28-year-old alternative theatre director Marton Gulyas agreed to ally his small protest group Human Platform to the anti-Internet tax rallies, he did so on the condition that it break any links with official opposition parties, including the Socialists, protest organisers told Reuters.

Balazs Gulyas agreed, and the protests had no signs of professional politics, such as the party flags that might normally be waved at such events.

Beyond the group that organised the Internet tax protests, several others have formed, aiming to play an active part in the new opposition activity.

They do not resemble anything approaching a coherent group, let alone a political party, but they are gathering support from people opposed to government policies such as plans to cut the number of publicly funded high school places and to replace social security schemes with a public labour programme.

The next protest is on Sunday to demand the removal of the head of Hungary's tax authority who has been banned from entering the United States over accusations of corruption. She denies any wrongdoing.

"The Internet tax was only the trigger of this gathering of people young and old," 65 year-old Tamas Sovalvi told Reuters at the largest protest on Oct. 28.

"It's the straw that broke the camel's back."

(Editing by Robin Pomeroy)
http://uk.reuters.com/article/2014/1...0IR0OV20141107





Malicious Software Campaign Targets Apple Users in China
Nicole Perlroth

Researchers at a Silicon Valley security company said on Wednesday that they had found a new manner in which hackers can infect Apple products.

The company, Palo Alto Networks, reported that it had uncovered a malware campaign called WireLurker targeting Apple mobile and desktop users and said it was “the biggest in scale we have ever seen.”

Though the malware — malicious software designed to cause damage or steal information — is aimed at users in China and can be avoided, the campaign demonstrates new ways that attackers are targeting Apple iOS mobile devices.

The security company, based in Santa Clara, Calif., said that WireLurker had infected more than 400 applications designed for Apple’s Mac OS X operating system through the Maiyadi App Store, a third-party Mac application store in China. In the last six months, Palo Alto Networks said 467 infected applications were downloaded over 356,104 times and “may have impacted hundreds of thousands of users.”

The company said users’ iOS devices could also become infected if they connected their mobile device to their Macs through a USB wire. “WireLurker monitors any iOS device connected via USB with an infected OS X computer and installs downloaded third-party applications or automatically generated malicious applications onto the device, regardless of whether it is jailbroken,” Palo Alto Networks security researchers said. “This is the reason we call it ‘wire lurker.’”

Typically, iOS users can download applications from third parties only if they have “jailbroken” their phones, or altered them to run software Apple has not authorized. With WireLurker, an infected application can reach a non-jailbroken phone from an infected Mac OS X system, which is why Palo Alto Network researchers say WireLurker represents a “new brand of threat to all iOS devices.”

Researchers say that once WireLurker is installed on a Mac, the malware listens for a USB connection to an iOS device and immediately infects it. Once infected, WireLurker’s creators can steal a victim’s address book, read iMessage text messages and regularly request updates from attackers’ command-and-control server. Though the creator’s ultimate goal is not yet clear, researchers say the malware is actively being updated.

“They are still preparing for an eventual attack,” said Ryan Olson, the director of threat intelligence at Palo Alto Networks. “Even though this is the first time this is happening, it demonstrates to a lot of attackers that this is a method that can be used to crack through the hard shell that Apple has built around its iOS devices.”

Mr. Olson said Palo Alto Networks had alerted Apple to its findings, though an Apple spokesman declined to comment on their reports.

The firm’s advice to Mac and iOS users is to avoid downloading Mac applications or games from any third-party app store, download site or untrusted source, or connecting an iOS device to any untrusted accessories or computers. They also advise users to keep iOS software up to date.

Separately, last Friday a researcher in Sweden announced that he had uncovered a serious new vulnerability in Yosemite, Apple’s latest OS X operating system. The researcher, Emil Kvarnhammar, said the vulnerability, which he calls “Rootpipe,” allows attackers to gain “root access,”or full administrative control, of a victim’s Mac, allowing them to steal information or run programs of their own.

To date, there is no evidence that the vulnerability has actually been exploited and here, too, it would be difficult for the average Mac user to stumble upon. For hackers to gain control of a Mac, the victim would need to ignore every OS X pop-up security warning.

Apple is currently patching the Rootpipe vulnerability, but it is not clear when the patch will be completed.
http://bits.blogs.nytimes.com/2014/1...sers-in-china/





Swedish Hacker Finds 'Serious' Vulnerability in OS X Yosemite
Magnus Aschan

A white-hat hacker from Sweden says he's found a serious security hole in Apple's Yosemite OS X that could allow an attacker to take control of your computer.

Emil Kvarnhammar, a hacker at Swedish security firm Truesec, calls the vulnerability "rootpipe" and has explained how he found it and how you can protect against it.

It's a so-called privilege escalation vulnerability, which means that even without a password an attacker could gain the highest level of access on a machine, known as root access. From there, the attacker has full control of the system.

It affects the newest OS X release, version 10.10, known as Yosemite. Apple hasn't fixed the flaw yet, he says, so Truesec won't provide details yet of how it works.

White-hat hacking

"It all started when I was preparing for two security events, one in Stockholm and one in Malmö," Kvarnhammar says. "I wanted to show a flaw in Mac OS X, but relatively few have been published. There are a few 'proof of concepts' online, but the latest I found affected the older 10.8.5 version of OS X. I couldn't find anything similar for 10.9 or 10.10."

Mac users tend to keep their OS more up to date than Windows users, he says, and he wanted to find a vulnerability that would affect current users, so he started digging around in the newer versions of OS X.

"I started looking at the admin operations and found a way to create a shell with root privileges," he says. "It took a few days of binary analysis to find the flaw, and I was pretty surprised when I found it."

He tested the vulnerability on version 10.8.5 of the OS and got it to work, he says. Then he tried on 10.9 but with no luck.

"I was a bit dejected but continued to investigate," Kvarnhammar said. "There were a few small differences [in later releases] but the architecture was the same. With a few modifications I was able to use the vulnerability in the latest Mac OS X, version 10.10."

When he's trying to find vulnerabilities in an OS, he said, he tries to get a feel for how the developer was thinking. In this case, Apple had migrated and moved some functions, but basically the same flaws remained.

"Normally there are 'sudo' password requirements, which work as a barrier, so the admin can't gain root access without entering the correct password. However, rootpipe circumvents this," he says.

He says he reported the vulnerability to Apple the day after he discovered it.

He didn't get much of a response, he said, which didn't surprise him given Apple's policy of not confirming vulnerabilities. But because Apple agreed to a date when he can publish details of the flaw, he believes the company indirectly confirmed it.

"For our part, there was no discussion: we do responsible disclosure," he said. "But we also wanted to announce that we found a serious flaw; there is a big risk here."

"In our dialogue with Apple, we agreed on a date for full disclosure. After this date, we can talk about exactly what we found."

As it stands now, a full disclosure is likely to be published in January.

Apple takes security seriously, he said, though they're sometimes a bit "careful" about the information they publish because they want to give the impression that their software it is as safe as possible. But he said it's naive to think OS X is immune to critical vulnerabilities. Like any complex software, he says, there are inherently numerous flaws.

So how did he come up with the name rootpipe? "I can't get into that too much; I'll get back to you when we can provide more information," he said.

What you can do right now

He says there are ways to protect against rootpipe and enhance the security of your Mac generally. Step one is to make sure you're not running the system on a daily basis with an admin account--that is, one that has admin privileges.

That's tricky since most Macs get set up with only one account on them, and that account has admin privileges. His tip is to create a new account and assign it admin privileges, and call it "admin" or something similar. Then log into the admin account and remove the admin permissions from the other account you'll be using day in and day out.

That means if a hacker takes over the account that's used daily, it won't have the admin permissions, which will limit the harm they can do. For the user, they'll have to enter an admin password when they want to install new software or make some other change, but it might be worth the hassle until the flaw gets fixed.

He also recommends using Apple's FileVault tool, which encrypts the hard drive. The performance hit on the system is minimal, he says, and you probably won't notice it at all.

"This is a great way of protecting your data, especially if your computer gets stolen," he says.
http://www.cso.com.au/article/558684...os-x-yosemite/





Pirate Bay Is Still Online, Even Though All of Its Founders Are in Custody
Patrick McGuire

The men behind the internet's most popular piracy hub, the Pirate Bay, have had a particularly bad week, which is not too out of the ordinary for a group of hackers who are acutely aware of law enforcement troubles, international manhunts, prison time, solitary confinement, and telling Hollywood to go fuck itself.

First there was the Halloween sentencing of one of the Pirate Bay's co-founders, 30 year-old Gottfrid Svartholm-Warg. He was sentenced to three-and-a-half years behind bars in Denmark. He was found guilty of hacking into the Danish wing of a company called the Computer Sciences Corporation. CSC is also in the news right now for allegedly developing billing fraud schemes, alongside the City of New York itself, that may have defrauded New York State's Medicaid system. Across the pond, Svartholm was accused of hacking into CSC's Danish databases, which a court in Copenhagen found to have included "criminal records and drivers' license records."

Svartholm-Warg had been previously hiding out in Cambodia, but was extradited to Sweden, where he was held in solitary confinement before facing trial in Denmark. Svartholm-Warg was running from a one-year prison sentence the Swedes hammered down on him for his role in founding the Pirate Bay. Those original Pirate Bay-related charges sparked a massive protest movement in Sweden.

I spoke to Rickard Falkvinge, the founder of the Pirate Party, about the legal nightmare of the Pirate Bay crew. On the subject of Svartholm-Warg's extradition from Cambodia, he told me, "For some reason [the authorities] were throwing everything they had at a computer repair guy out in the rural parts of Cambodia, and it certainly had nothing to do with an extra 59.4 million US dollars in foreign aid from Sweden to Cambodia that was handed over at the same time."

At the time, his extradition to Sweden caused plenty of undesirable attention for both the Swedes and the Cambodians. Within Wikileaks' extensive documentation pertaining to Svartholm-Warg's case, the Swedish Foreign Ministry's press director is quoted as writing: "We are getting a lot of questions from all four corners of the Earth regarding [Svartholm-Warg]. Many journalists are personally involved, is my impression. I think the pressure on the embassy [in Cambodia] will diminish now that he's coming to Sweden."

In Sweden, Svartholm-Warg faced similar hacking charges to the ones he was recently convicted for in Denmark. He was accused of both hacking into Nordea, a Swedish bank, and Logica, an IT firm. Only the charges pertaining to Logica stuck, but Svartholm-Warg has maintained his innocence throughout, stating that someone nefarious had accessed his computer remotely to carry out the hacks. Svartholm-Warg was then deported to Denmark, despite his best efforts, arguing that he was being tried for the same crimes twice. This is a perplexing argument given that the Danish charges pertained to his alleged hack of CSC, not Logica or Nordea, for which the Swedes went after him.

In Denmark, Svartholm-Warg used the same defense, namely that he was framed and his computer was hacked. The prosecution dismissed this argument, but Svartholm-Warg's legal team called in Jacob Applebaum, noted computer security researcher and Tor developer who testified to the contrary. His lawyers also presented "an antivirus scan of his computer showing that 545 threats had been found on it, some of which were capable of providing a hacker with remote control of the computer."

Svartholm-Warg's argument is plausible, in that he has certainly made plenty of powerful enemies simply from running the Pirate Bay. Wikileaks has also pointed out that he played a role in the infamous "Collateral Murder" project, wherein Wikileaks released previously classified video footage of an American Apache helicopter mistakenly bombing journalists.

As if Svartholm-Warg's multinational, convoluted legal woes weren't enough, one of the other Pirate Bay founders, Fredrik Neij, who had fled to Asia after being charged in Sweden, was arrested in Thailand earlier this week. According to Falkvinge, "Fredrik had been one of the tech guys running the site, and according to clips from the movie TPB AFK, he was basically planning to wait out the statute of limitations in the wonderful climate."

Neij had been living in Laos, and reportedly was a frequent traveler to Thailand. While he has not yet been sent to Sweden to serve time for his copyright infringement charges, it's expected that will be happening sooner than later. Neij was the last remaining Pirate Bay founder to evade incarceration.

The third founder of the Pirate Bay is Peter Sunde, a man Rickard Falkvinge describes as "mediagenic." Sunde expects to be released from prison this month. Falkvinge told me Sunde's role in the Pirate Bay was very minor, in a lengthy statement written for Falkvinge's blog published after his plea, he states his conviction came about after "having sent an invoice for advertising on the Pirate Bay once in April 2006 (almost a year after the events on trial started)."

He also claims he was advised by police to get a cheap lawyer, discusses how Stockholm Police's "lead interrogator" on his case took a job with Warner Brothers during the trial, and how he once felt as if he were "the most hated person in the power corridors of Hollywood."

Sunde is likely to take on new entrepreneurial projects upon his release. I spoke to him in July 2013, about an encrypted message app he was working on before being imprisoned that would combine the security of encryption with the beautiful graphic interface of, say, the iPhone.

The Guardian caught up with Sunde recently, where he discussed his newfound friendship with a cocaine smuggler who bakes vegan muffins, the poor treatment he receives in jail outside of said muffins, and how he was able to encrypt all of his computer systems through a keystroke on his smartphone at the moment of his arrest, which understandably infuriated his arresting officer.

Despite having its three most prominent organizers in custody (along with a fourth man—the supposed financier Carl Lundström, who currently sports an electronic ankle bracelet in Switzerland) the Pirate Bay is alive and well.

Yesterday, according to the Pirate Bay's own statistics—which are published on its homepage—the torrent tracker had over 48 million connected users, sharing nearly 7 million torrents. In his post-plea statement from 2012, Sunde bragged that "The Pirate Bay was back online [immediately after the initial raid]. It's an easy service to copy, and with no advanced functionality. That was one of the major features with the underlying technology, being smart and easily maintained to that level. It was so easy to maintain, nobody had practically touched it for a year at the time of the raid."

According to Falkvinge, the four men's "real crime was talking back at Hollywood monopolists, which embarrassed the Swedish establishment."

In the face of international pressure, the Pirate Bay is infamous for its clever maneuvers that keep it online. At one point, the site's administrators were considering placing its servers onto drones that would float above international waters to curve anti-copyright legislation written in pesky landlocked nations. And, just recently, the site began using its advertising space to promote a free VPN, which allow users in countries like Iceland (which have recently banned access to the Pirate Bay outright) to access the site safely.
http://www.vice.com/read/the-pirate-...in-custody-137

















Until next week,

- js.



















Current Week In Review





Recent WiRs -

November 1st, October 25th, October 18th, October 11th


Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.


"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public."
- Hugo Black
JackSpratts is offline   Reply With Quote
Old 08-11-14, 07:11 AM   #2
Bright Eyes
Global Security Octopus
 
Bright Eyes's Avatar
 
Join Date: Apr 2000
Location: In the 1960s
Posts: 621
Default

My thanks for posting these items every week, Jack. I make a point of reading every weekly post.
__________________
Hippopotomonstrosesquippedaliophobia is the fear of long words.

This is the Century of the Insane.
Bright Eyes is offline   Reply With Quote
Old 08-11-14, 08:41 AM   #3
JackSpratts
 
JackSpratts's Avatar
 
Join Date: May 2001
Location: New England
Posts: 10,013
Default

thanks bright eyes, i'm glad you like it.

- js.
__________________
Thanks For Sharing
JackSpratts is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Peer-To-Peer News - The Week In Review - November 24th, '12 JackSpratts Peer to Peer 0 21-11-12 09:20 AM
Peer-To-Peer News - The Week In Review - July 16th, '11 JackSpratts Peer to Peer 0 13-07-11 06:43 AM
Peer-To-Peer News - The Week In Review - January 30th, '10 JackSpratts Peer to Peer 0 27-01-10 07:49 AM
Peer-To-Peer News - The Week In Review - January 16th, '10 JackSpratts Peer to Peer 0 13-01-10 09:02 AM
Peer-To-Peer News - The Week In Review - December 5th, '09 JackSpratts Peer to Peer 0 02-12-09 08:32 AM






All times are GMT -6. The time now is 01:54 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
© www.p2p-zone.com - Napsterites - 2000 - 2024 (Contact grm1@iinet.net.au for all admin enquiries)