P2P-Zone  

Go Back   P2P-Zone > Peer to Peer
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Peer to Peer The 3rd millenium technology!

Reply
 
Thread Tools Search this Thread Display Modes
Old 22-05-13, 07:38 AM   #1
JackSpratts
 
JackSpratts's Avatar
 
Join Date: May 2001
Location: New England
Posts: 10,013
Default Peer-To-Peer News - The Week In Review - May 25th, '13

Since 2002


































"My mom loves the site!" – Katie


"Russia's leading social network banned by 'mistake.'" – Douglas Busvine






































May 25th , 2013




UK ISPs Block Two More File Sharing Sites

MPA wins court order to block Movie 2K and Download4All
Steve McCaskill

Six of the UK’s largest Internet Service Providers (ISPs) have started blocking access to two sites accused of copyright violations.

BT, Virgin Media, TalkTalk, Sky, EE and O2 are all believed to have complied with a court order won by the Motion Picture Association (MPA) to block Movie 2K and Download4All.

The MPA, the international arm of the Motion Picture Association of America (MPAA) said the two sites, which let users download or stream movies, broke the UK Copyright, Design and Patents Act.

File sharing sites blocked

CD, DVD and Pirate Flag, concept of Piracy © Feng Yu - FotoliaHowever the pro-piracy Pirate Reverse Group has already created a copy of the site that Internet users can access if they are blocked, similar to the number of Pirate Bay proxy sites available on the web.

The Pirate Bay has been unavailable in the UK since April 2012 as a result of a lawsuit brought by the British Phonographic Industry (BPI). In March, the High Court ordered ISPs to block another three popular peer-to-peer file-sharing resources – Kickass-Torrents, Fenopy and H33T.

The BPI is also reportedly circulating a list of 25 websites it says are providing links to pirated music, including Grooveshark, Isohunt, Filestube and Monova. The list is being shared among record labels and recording companies to see if any of the BPI’s members have licensed music to the sites.

Critics have argued that such bans are pointless due to the number of ways to circumnavigate the bans and that the volume of users accessing the sites in question quickly grew to pre-pan levels.

It has been suggested that instead, the media industry should instead focus its resources on finding additional sources of revenue and that legal services such as Spotify did more to combat piracy.
http://www.techweekeurope.co.uk/news...uk-isps-116875





Broadcasters Go After Aereo by Suing Smaller Competitor, Aereokiller

ABC, NBC, and Fox file a new copyright suit against a far less formidable opponent
Greg Sandoval

The nation's largest television broadcasters filed a copyright lawsuit against FilmOn.TV and its Aereokiller service yesterday, alleging that the service retransmits TV programming without authorization or compensating them, according to a story in Variety. Aereokiller is the flippantly-named competitor to Aereo, the company that uses dime-sized antennas to capture over-the-air TV transmissions and then streams them to subscribers by way of the internet.

This is part of an escalating fight for control of the country's TV airwaves. The broadcasters say that if Aereo, or any other company is allowed to distribute their programming without licensing it then nobody will. A big chunk of the broadcasters' revenue comes from the retransmission fees it charges cable companies. Aereo, which is also defending itself against a copyright suit filed by the broadcasters, argues that it only enables subscribers to access freely available over-the-air TV, which they have every right to do.

"This is part of an escalating fight for control of the country's TV airwaves" The broadcasters appear to be suing Aereokiller again because it has proven to be a far less formidable opponent in court than Aereo. Last year, a federal district judge in New York rejected the broadcasters' request to issue a preliminary injunction that would have required Aereo to shut down. A federal appeals court agreed with the lower court's decision and found that the broadcasters were unlikely to win the case based on the evidence.

But out in California, the broadcasters prevailed in another district Court against Aereokiller. They are obviously hoping to win a similar decision in Washington DC, where the most recent suit against Aereokiller was filed. It's interesting to note that the big media companies typically file their copyright suits in New York, a venue that perhaps doesn't look as friendly to them now.

"Media companies typically file their copyright suits in New York, a venue that perhaps doesn't look as friendly to them now" Aereo has accused the broadcasters of venue shopping and using up the public's legal resources while they search for sympathetic courts. But if the broadcasters were to again prevail over Aereokiller, it's unclear what advantage it would have over Aereo, which possesses its own favorable court rulings. It's too early to tell where this case is headed but when there are conflicting court decisions on an issue, the parties will often look for a Supreme Court ruling.

Who knows? Maybe the Aereo conflict becomes the digital era's equivalent of Sony Betamax case, when the high Court ruled that Sony's video recorder wasn't illegal in part because creating video copies of TV shows for personal use was legal. It's important to remember that the Betamax decision eventually led to the creation of the video-rental market, which for decades was one of Hollywood's most lucrative sources of revenue.
http://www.theverge.com/2013/5/24/43...or-aereokiller





WWE 'Entrance-Music' Copyright Suit Stays in Texas, Court Says

World Wrestling Entertainment must face copyright claims in Texas, a federal court ruled.

Composer James D. "Papa" Berg of Irving, Texas, sued the Stamford-based sports-entertainment company in federal court in Dallas in July. He claimed the company was making use of his music without authorization.

Berg composed a series of works used as entrance songs for wrestlers as they come into the arena. He said in his pleadings that he learned that WWE had improperly registered the works under the company's name, which diverted the royalty stream. He claimed that the company was using this music without his permission on a round-the-clock cable channel, and as ring tones fans could buy.

WWE had sought to have the suit moved out of Texas, saying it didn't have enough of a presence in the state to justify trying the case there. U.S. District Judge Jane Boyle disagreed, saying in her May 15 order that WWE failed to show good reason why the case would be better tried in Connecticut.

She said that the company's wrestling-match programs are available in Texas, and that WWE products are offered for sale in the state, with the company knowingly benefited from Texas. She said that Texas "has a definite interest in insuring that one of its citizens be able to prosecute his claims at home."

Boyle did reject some of Berg's claims, saying they were already covered by his copyright-infringement allegations.
http://www.newstimes.com/news/articl...in-4536491.php





With Downloads Dwindling, Music Publishers Throw a Roadblock Into Apple's iRadio Plans

Streaming services, such as Pandora and Spotify, aren't as profitable for music publishers. They want to change that.
Greg Sandoval

For years, when it came to driving negotiations with internet music services over licensing, the top record labels were the locomotive and the publishers were the caboose. If the labels licensed songs, then usually the publishers dutifully followed. But now these publishers are in revolt, refusing to simply follow along, and holding up negotiations on Apple’s iRadio. At the heart of the dispute are shifting economics. The industry is moving from CD sales and digital downloads to streaming services like Spotify and Pandora. In that new model the publishers have been making far less money.

Sony / ATV, the publishing company operated jointly by Sony and the singer Michael Jackson's estate, has refused to license Apple's proposed web radio service, and that's reportedly a big part of why we haven't seen iRadio, the unofficial name given to the proposed webcasting service. Sony isn't alone, however. Music industry sources told The Verge last week that BMG Rights Management, the reinvigorated music division of German conglomerate Bertelsmann, is also holding out for better terms.

The lesson for those in web music is that negotiations could prove to be much more difficult with this group of creators. Music publishers represent songwriters and composers, who make a big chunk of their royalties from CD and download sales. But those formats are in decline, disc sales have been plunging for a decade, and the growth in downloads has slowed to a trickle. Revenue from song downloads — in the double-digit percentages for most of the past decade— increased last year by 6 percent. That's unlucky for the publishers because they don't make as much from streaming music. "Apple should have anticipated that it might run into trouble with the publishers"

Pandora, the internet's top online radio service, was able to obtain recorded music rights via a blanket license that Congress created for online radio services. For publishing rights, the webcaster struck a deal with the performance rights organization (PRO), who once negotiated digital contracts on behalf of the major publishers. The one-stop shopping for publishing rights was a sweet deal for Pandora but the publishers were left unsatisfied with the terms. To prevent similar deals, they recently began to take back their digital rights from PROs, such as BMI and ASCAP. Apple and any other would-be webcasters must now negotiate separately with each of the big publishers.

A part of the problem is that the publishers' compensation is out of whack with the labels. According to Billboard, music publishers negotiated a rate of 12 percent from Amazon, Google, and iTunes for their scan-and-match cloud services, while the labels received 58 percent of revenue, a ratio of about 5-to-1.

"We don't have anything against Pandora's service," said one music industry executive. "We just don't like the economics."

""We don't have anything against Pandora's service. We just don't like the economics."" Apple should have anticipated that it might run into trouble with the publishers. In September 2010, Apple was set to roll out 90-second song samples at one of the company's media events but had to shelve them at the last minute. The National Music Publishers' Association got wind of the deal and sent Apple a nasty note informing managers that if it went live without licenses it would be violating their rights. Apple's longer song samples finally made their debut three months later. If that kind of delay happens again, an iRadio launch next month at Apple's Worldwide Developers Conference seems unlikely.
http://www.theverge.com/2013/5/22/43...ce-cd-download





Music Could Trigger Mobile Malware

Heavy bass beats could lead to ownage.
Shona Ghosh

Pulling out your phone in a cinema or a room with flickering lights could be enough to trigger malicious software on your smartphone, researchers have found.

Mobiles infected with hidden malware could be triggered if their in-built sensors – microphones, cameras or vibration sensors – picked up pre-defined signals hidden in songs, TV programmes or flickering lights.

Researchers at the University of Alabama ran a set of prototype apps on an HTC Evo running on Android 2.2.3 (Gingerbread) which could access the phone’s sensors. Aside from cameras and microphones, smartphones also contain sensors that can detect vibrations or magnetic fields, which the researchers said could be similarly compromised.

The embedded malware was programmed to remain dormant until the sensor picked up the relevant trigger – which could be anything from a song played over the radio to a specific pattern of flickering lights.

Once triggered, the activated malware would then carry out the programmed attack, either by itself or as part of a wider botnet of mobile devices.

Since most antivirus software doesn’t monitor how apps use standard smartphone features like cameras and microphones, the researchers said malware programmed for sensors posed a huge risk.

"When you go to an arena or Starbucks, you don’t expect the music to have a hidden message, so this is a big paradigm shift because the public sees only emails and the internet as vulnerable to malware attacks," lead researcher Dr. Ragib Hasan said in a paper. (pdf)

"We devote a lot of our efforts towards securing traditional communication channels. But when bad guys use such hidden and unexpected methods to communicate, it is difficult if not impossible to detect that."

Possible attacks

Since the trigger needs to be relatively close to the smartphone to active any hidden malware, any threats would be limited to the local environment.

For example, since audio signals can only travel so far without interference, an infected smartphone would need to be somewhere contained, like the cinema, for an audio trigger to work.

But researchers found they only needed a short distance to transmit their triggers, and that they could even overcome background noise.

There was also nothing to stop them activating multiple infected devices in one go, creating a localised botnet to wreak some highly concentrated mayhem.

For example, if there were a number of infected smartphones in an airport, hackers could use the wider botnet to launch a denial-of-service attack and bring down the building’s Wi-Fi or other systems.

The researchers found that cameras and microphones were the most effective way to trigger malware, but also noted that a heavy bass pattern could trigger the vibration sensor.

The emergence of NFC as a payment mechanism also poses a potential danger, since particularly unscrupulous hackers could attach magnets to NFC readers and trigger a phone’s magnet sensors.

Although that means attacks would be limited, the researchers said they could still take place even if phones were kept in phones or bags.

Scouring sensor samples

The researchers focused on Android, namely because apps are allowed to run in the background and access features like the microphone without restriction.

Although they didn’t test iOS for similar weaknesses, they suggested that Apple’s restrictive policies might make it more secure.

As a possible defence, they suggested that anti-malware software should scan sensor data for signs of any hacks – though that isn’t foolproof since that’s a "heavyweight" operation, and many apps make legitimate use of sensors anyway.

Another solution could be to track how much battery sensor-using apps take up, since anything using more than one would need more power.
http://www.scmagazine.com.au/News/34...e-malware.aspx





Pirate Swede in 'Biggest Ever' Hacking Trial

Pirate Bay founder Gottfrid Svartholm Warg is on trial once again in Sweden for his role in committing what prosecutors believe may have been the largest data breach in Swedish history.

Warg, who is currently serving a prison sentence after being convicted of copyright infringement in the infamous Pirate Bay trial, is suspected of having perpetrated a years-long hacker attack against Swedish IT-firm Logica through which he gained unauthorized access to personal data of thousands of people.

"This is, I believe, the largest hacking case ever in Sweden," prosecutor Henrik Olin told the TT news agency on Monday morning as he prepared to enter the Stockholm District Court for the first day of the trial.

"We're talking about customer information, information from the Sweden debt Enforcement Agency (Kronofogden), and a large number of police officers' organizational affiliations."

The data breach at Logica, which supplies public agencies in Sweden with personal data from the country's population registry, was discovered about a year ago.

Prosecutors allege that the 28-year-old Svartholm Warg and a 36-year-old accomplice also on trial, stole information of 20,000 police employees, as well as millions of personal identity numbers (personnummer).

They are also suspected of having copied a registry with nearly 11,000 names of people with protected identities and posting the data online.

In an ironic twist, Warg allegedly carried out the attack from the user account of attorney Monique Wadsted, one of the lawyers who represented US movie studios in the 2009 Pirate Bay trial.

"From what I understand, my Infotorg account was used to hack into the Logica system that had the information," Wadsted told the Metro newspaper, referring to another database containing personal information on Swedes.

Svartholm Warg is also suspected of aggravated fraud for having hacked into the Nordea bank and making several attempts to transfer money from others' accounts, one of which was successful.

The probe into the hacker attack has taken more than a year, with investigators bringing in officials from security service Säpo.

It remains unclear where exactly all the data accessed in the alleged breach may have ended up.

"But I'm convinced that a lot of the stolen material is online, in places we haven't been able to find. There are indications of that in the computers we've confiscated," said Olin.

Two other men from Malmö are also suspected of being accomplices to attempted aggravated fraud for allowing Svartholm Varg to use their accounts to carry about the bank transactions.
http://www.thelocal.se/48010/20130520/





New Android Malware Intercepts Incoming Text Messages, Silently Forwards Them On To Criminals
Emil Protalinski

A new piece of Android malware has been discovered that can intercept your incoming text messages and forward them on to criminals. Once installed, the trojan can be used to steal sensitive messages for blackmailing purposes or more directly, codes which are used to confirm online banking transactions.

The malware in question, detected as “Android.Pincer.2.origin” by Russian security firm Doctor Web, is the second iteration of the Android.Pincer family according to the company. Both threats spread as security certificates, meaning they must be deliberately installed onto an Android device by a careless user.

Upon launching Android.Pincer.2.origin, the user will see a fake notification about the certificate’s successful installation but after that, the trojan will not perform any noticeable activities for a while. Here are a few screenshots:

The malware is loaded at startup via CheckCommandServices, a service that runs silently in the background. It will then connect to a remote server and send over the following information about the mobile device to those behind the attack: handset model, device’s serial number, IMEI, carrier, cell phone number, default system language, operating system, and availability of the root account.

The threat then awaits instructions that contain commands in the following format: command:[command]. Doctor Web has found criminals can send the following instructions to the trojan:

start_sms_forwarding [telephone number]— begin intercepting communications from a specified number
stop_sms_forwarding — stop intercepting messages
send_sms [phone number and text] — send a short message using the specified parameters
simple_execute_ussd — send a USSD message
stop_program—stop working
show_message—display a message on the screen of the mobile device
set_urls – change the address of the control server
ping – send an SMS containing the text ‘pong’ to a previously specified number
set_sms_number—change the number to which messages containing the text string ‘pong’ are sent.

The first one allows attackers to indicate the number from which the trojan should intercept messages, meaning this can be used for targeted attacks to steal specific messages. The third one from the bottom shows the criminals have planned for changing servers in case they believe the current one will be shut down.

Although Doctor Web doesn’t say so, the good news here is that Pincer2 is not likely to be very prevalent. It has not been found on Google Play, where most Android users should be getting their apps, and appears to be meant for precise attacks, as opposed to being aimed at as many users as possible.

In short, this malware threat isn’t one that you will likely be hit with, but it is an interesting example of how Android malware is evolving. Our advice is the same as always: only install apps that you know are safe.
http://thenextweb.com/insider/2013/0...-to-criminals/





Skype Backdoor Confirmation
Adam Back

So when I saw this article

http://www.h-online.com/security/new...e-1862870.html

I was disappointed the rumoured skype backdoor is claimed to be real, and
that they have evidence. The method by which they confirmed is kind of odd
- not only is skype eavesdropping but its doing head requests on SSL sites
that have urls pasted in the skype chat!

Now I've worked with a few of the german security outfits before, though not
Heise, and they are usually top-notch, so if they say its confirmed, you
generally are advised to believe them. And the date on the article is a
couple of days old, but I tried it anyway. Setup an non-indexed
/dev/urandom generated long filename, and saved it as php with a
meta-refresh to a known malware site in case thats a trigger, and a passive
html with no refresh and no args. Passed a username password via
?user=foo&password=bar to the php one and sent the links to Ian Grigg who I
saw was online over skype with strict instructions not to click.

To my surprise I see this two entries in the apache SSL log:

65.52.100.214 - - [16/May/2013:13:14:03 -0400] "HEAD /CuArhuk2veg1owOtiTofAryib7CajVisBeb8.html HTTP/1.1" 200 -
65.52.100.214 - - [16/May/2013:14:08:52 -0400] "HEAD /CuArhuk2veg1owOtiTofAyarrUg5blettOlyurc7.php?user=foo&pass=y eahright HTTP/1.1" 200 -

I was using skype on ubuntu, my Ian on the other end was using MAC OSX. It
took about 45mins until the hit came so they must be batched. (The gap
between the two requests is because I did some work on the web server as the
SSL cert was expired and I didnt want that to prevent it working, nor
something more script like with cgi arguments as in the article).


Now are they just hoovering up the skype IMs via the new microsoft central
server architecture having back doored skype client to no longer have
end2end encrption (and feedind them through echelon or whatever) or is this
the client that is reading your IMs and sending selected things to the
mothership.

btw their HEAD request was completely ineffective per the weak excuse
microsoft offered in the article at top my php contained a meta-refresh
which the head wont see as its in the html body. (Yes I confirmed via my
own localhost HTTP get as web dev environments are automatic in various
ways).


So there is adium4skype which allows you to use OTR with your skype contacts
and using skype as the transport. Or one might be more inclined to drop
skype in protest.

I think the spooks have been watching "Person of Interest" too much to think
such things are cricket. How far does this go? Do people need to worry
about microsoft IIS web servers with SSL, exchange servers?

You do have to wonder if apple backdoored their IM client, below the OTR, or
silent circle, or the OS - I mean how far does this go? Jon Callas said not
apple, that wouldnt be cool, and apple aims for coolness for users; maybe he
should dig a little more. It seems to be getting to you cant trust anything
without compiling it from source, and having a good PGP WoT network with
developers. A distro binary possibly isnt enough in such an environment.

Adam

http://lists.randombit.net/pipermail...ay/004224.html





The Fly-By, Wi-Fi Hacking Machine
Ben Grubb

There's something unusual about the motorcycle Denis Andzakovic likes to ride.

In addition to being able to transport Andzakovic, 22, from A to B, it can also allow him and others to "terrorise their neighbours" by scanning for Wi-Fi access points as it passes them.

Kitted out with a miniature Raspberry Pi computer for a heads-up display (HUD) integrated in an external helmet, two Mikrotik routers, wireless sniffing and attack tools, GPS and a netbook, the motorcycle is able to detect wireless access points and plot them on Google Maps.

It can also wreak havoc by kicking users off Wi-Fi networks on the fly by sending out what's called "deauthentication packets". When Andzakovic gets home he can then attempt to crack the security of protected access points using data collected while passing them.

A New Zealand IT security consultant and motorcycle enthusiast, Andzakovic showed off his custom Suzuki Boulevard M50 on Thursday at the AusCERT security conference on the Gold Coast.

Speaking with Fairfax Media after his talk, Andzakovic said he got into the security industry about a year ago and has been "chopping up and building bikes" since he was about 15.

"My older brother rode a motorcycle so it was something I was always interested in," he said.

"I didn't really have the cash to buy one outright so I ended up building my first bike and that's how I got into the whole mechanics and automotive side of things," he added.

When asked why he built the bike, he said he did it because it "seemed like a good idea".

"I suppose for the day-to-day stuff [at work] we really needed something that was like a Wi-Fi review platform that we could go and use when we're doing wireless network penetration testing and things like that," Andzakovic said. "Part of me just wanted to combine the two things that I do, and really enjoy doing, that have absolutely nothing to do with each other, and find a way to go and make them go and talk to each other," he added.

While riding, recently passed Wi-Fi access points are shown on the top left of the head-mounted display, with the colours yellow, green or red indicating what type of security they are using. The centre of the display shows a constantly updating bar graph that presents information on the amount of packets and data transmitted between the access points and the bike.

"So when you ride through a Wi-Fi-dense area you get all these pretty colours," Andzakovic said.

After AusCERT helped ship his bike to Australia, he rode it around the Gold Coast to see how secure local Wi-Fi was.

He found 26.91 per cent of wireless access points he surveyed on the Gold Coast had no Wi-Fi security at all, which he partly put down to hotel Wi-Fi, which is usually left open for ease of use.

A further 6.13 per cent used a form of WEP encryption, which has been found to be easily cracked. The rest, 66.98 per cent, used a form of WPA security, which is generally considered fairly secure if a complex password is used.
http://www.smh.com.au/it-pro/securit...524-2k5xg.html





'Irrational' Hackers are Growing U.S. Security Fear
Jim Finkle

Cybersecurity researcher HD Moore discovered he could use the Internet to access the controls of some 30 pipeline sensors around the country that were not password protected.

A hacking expert who helps companies uncover network vulnerabilities, Moore said he found the sensors last month while analyzing information in huge, publicly available databases of Internet-connected devices.

"We know that systems are exposed and vulnerable. We don't know what the impact would be if somebody actually tried to exploit them," said Moore, chief research officer at the security firm Rapid7.

U.S. national security experts used to take comfort in the belief that "rational" super powers like China or Russia were their main adversaries in cyber space. These countries may have the ability to destroy critical U.S. infrastructure with the click of a mouse, but they are unlikely to do so, in part because they fear Washington would retaliate.

Now, concerns are growing that "irrational" cyber actors - such as extremist groups, rogue nations or hacker activists - are infiltrating U.S. systems to hunt for security gaps like the one uncovered by Moore. These adversaries may not be as resourceful, but like Timothy McVeigh's bombing of an Oklahoma federal building in 1995, it is the element of surprise that is as concerning.

Former U.S. Homeland Security Secretary Michael Chertoff said he was worried the first destructive cyber attack on U.S. soil might resemble the Boston Marathon bombings in the sense that the suspects were not on the government's radar.

"You are going to get relatively modest-scale, impact attacks from all kinds of folks - hactivists, criminals, whatever," Chertoff said at the Reuters Cybersecurity Summit last week. "Are they going to take down critical infrastructure? They might."

Emerging cyber actors that security experts say they are most concerned about include Iran, believed to be behind the ongoing assaults on U.S. banking websites, as well as a devastating attack on some 30,000 PCs at Saudi Arabia's national oil company last year.

North Korea is also quickly gaining cyber skills, experts say, after hackers took down three South Korean broadcasters and two major banks in March.

Another emerging actor is the Syrian Electronic Army, an activist group that has claimed responsibility for hacking the Twitter accounts of major Western media outlets, such as the Associated Press last month, when its hackers sent a fake tweet about explosions at the White House that briefly sent U.S. stocks plunging.

UNRELENTING ATTACKS

The U.S. power grid is the target of daily attempted cyber attacks, according to a report by California Representative Henry Waxman and Massachusetts Representative Ed Markey released at the House Energy and Commerce Committee's cybersecurity hearing on Tuesday.

More than a dozen utilities report daily, constant or frequent attempted attacks, ranging from unfriendly probes to malware infection, according to the report. (To read the report, see r.reuters.com/sej38t)

Gerry Cauley, chief executive of the North American Electric Reliability Corp, told the Reuters Cybersecurity Summit that computer viruses have been found in the power grid that could be used to deliver malicious software to damage plants. NERC is a non-profit agency that oversees and ensures the reliability of bulk power system in the region.

Experts say that with so many unknown hackers trying to infiltrate U.S. industrial control systems, they fear someone somewhere - perhaps even an amateur - will intentionally or unintentionally cause damage to power generators, chemical plants, dams or other critical infrastructure.

"Even if you don't know how things actually work, you can still wreak havoc by crashing a device," said Ruben Santamarta, a senior security consultant with IOActive. "Probably in the near future we may face an incident of this type, where the attackers will not even know what they are doing."

Santamarta has identified hundreds of Internet-facing control systems -- on the grid, at water treatment facilities and heating and ventilation systems for buildings including hospitals. He has also uncovered bugs built into industrial control equipment.

The Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team, known as ICS-CERT, last week warned of a flaw that Santamarta found in equipment from Germany's TURCK, which is used by manufacturers and agriculture firms in the United States, Europe and Asia.

The agency said attackers with "low" hacking skills could exploit the flaw, letting them remotely halt industrial processes. It advised customers to install a patch that would protect them against such attacks.

Director of National Intelligence James Clapper told a Senate committee in March that "less advanced, but highly motivated actors" could access some poorly protected control systems. They might cause "significant" damage, he warned, due to unexpected system configurations, mistakes and spillovers that could occur between nodes in networks.

'A MATTER OF TIME'

ICS-CERT posts dozens of alerts and advisories about vulnerabilities in industrial control systems on its website each year. Companies whose products were named in their alerts include General Electric Co, Honeywell International Inc, Rockwell Automation Inc, Schneider Electric SA and Siemens AG.

Dale Peterson, CEO of industrial controls systems security firm Digital Bond, said infrastructure control systems are highly vulnerable to cyber attacks because designers did not take security into consideration when they developed the technology.

While hackers have yet to launch a destructive attack on U.S. infrastructure, plenty have the skills to do so. "I would say it is only because no one has wanted to do it," said Peterson, who began his career as a code breaker with the National Security Agency.

House Intelligence Committee Chairman Mike Rogers said terrorists are among the groups looking to acquire the capability to launch a cyber attack on U.S. infrastructure, but he believes they do not yet have that ability.

"You get the right person with the right capability committed to this and it's a game changer," Rogers told the Summit. "My concern is it's just a matter of time.'

Eric Cornelius, a former ICS-CERT official, said that operators in critical sectors including power, water, oil and gas sometimes do not implement security fixes recommended by equipment and software manufacturers in a timely manner because they need to take plants off line to do so and cannot afford the downtime.

Some plants lack sufficient security staff and technology to protect networks because they don't have adequate funds, said Cornelius, director of critical infrastructure for Cylance Inc.

A relatively unsophisticated hacker whose goal was to probe a network could unintentionally damage a system because aging networks are fragile and extremely sensitive, he said.

"That leaves these control systems insecure," he said.

(Reporting by Jim Finkle; Editing by Tiffany Wu and Leslie Gevirtz)
http://www.reuters.com/article/2013/...94L13R20130522





Hackers Find China Is Land of Opportunity
Edward Wong

Name a target anywhere in China, an official at a state-owned company boasted recently, and his crack staff will break into that person’s computer, download the contents of the hard drive, record the keystrokes and monitor cellphone communications, too.

Pitches like that, from a salesman for Nanjing Xhunter Software, were not uncommon at a crowded trade show this month that brought together Chinese law enforcement officials and entrepreneurs eager to win government contracts for police equipment and services.

“We can physically locate anyone who spreads a rumor on the Internet,” said the salesman, whose company’s services include monitoring online postings and pinpointing who has been saying what about whom.

The culture of hacking in China is not confined to top-secret military compounds where hackers carry out orders to pilfer data from foreign governments and corporations. Hacking thrives across official, corporate and criminal worlds. Whether it is used to break into private networks, track online dissent back to its source or steal trade secrets, hacking is openly discussed and even promoted at trade shows, inside university classrooms and on Internet forums.

The Ministry of Education and Chinese universities, for instance, join companies in sponsoring hacking competitions that army talent scouts attend, though “the standards can be mediocre,” said a cybersecurity expert who works for a government institute and handed out awards at a 2010 competition.

Corporations employ freelance hackers to spy on competitors. In an interview, a former hacker confirmed recent official news reports that one of China’s largest makers of construction equipment had committed cyberespionage against a rival.

One force behind the spread of hacking is the government’s insistence on maintaining surveillance over anyone deemed suspicious. So local police departments contract with companies like Xhunter to monitor and suppress dissent, industry insiders say.

Ai Weiwei, the dissident artist, said he had received three messages from Google around 2009 saying his e-mail account had been compromised, an increasingly common occurrence in China among people deemed subversive. When the police detained him in 2011, he said, they seized 200 pieces of computer equipment and other electronic hardware.

“They’re so interested in computers,” Mr. Ai said. “Every time anyone is arrested or checked, the first thing they grab is the computer.”

There is criminal hacking, too. Keyboard jockeys break into online gaming programs and credit card databases to collect personal information. As in other countries, the police here have expressed growing concern.

Some hackers see crime as more lucrative than legitimate work, but opportunities for skilled hackers to earn generous salaries abound, given the growing number of cybersecurity companies providing network defense services to the government, state-owned enterprises and private companies.

“I have personally provided services to the People’s Liberation Army, the Ministry of Public Security and the Ministry of State Security,” said a prominent former hacker who used the alias V8 Brother for this interview because he feared scrutiny by foreign governments. He said he had done the work as a contractor and described it as defensive, but declined to give details.

And “if you are a government employee, there could be secret projects or secret missions,” the hacker said.

But government jobs are usually not well paying or prestigious, and most skilled hackers prefer working for security companies that have cyberdefense contracts, as V8 Brother does, he and others in the industry say.

Self-trained, the hacker teamed up with China’s patriotic “red hackers” more than a decade ago. Then he began working for cybersecurity companies and was recently making $100,000 a year, he said.

V8 Brother said this cyberworld was so arcane that senior Chinese officials did not know details about computer work at government agencies. “You can’t even explain to them what you’re doing,” he said. “It’s like explaining computer science to a construction worker.”

In Washington, officials criticize what they consider state-sponsored attacks. The officials say intrusions against foreign governments and businesses are growing, and the Pentagon this month accused the Chinese military of attacking American government computer systems and military contractors. The White House, which has ordered cyberattacks against Iran, has made cybersecurity a priority in talks with China. The Chinese Foreign Ministry says China opposes hacking attacks and is itself a victim.

The furor in Washington intensified in February after The New York Times and other news organizations published details of hacking efforts against their own networks and the findings of a new report by a cybersecurity company, Mandiant. The report said a shadowy group within the People’s Liberation Army, Unit 61398, ran a formidable hacking and espionage operation against foreign entities out of a building on the outskirts of Shanghai.

In China, the unit is just one part of the complex universe of hacking and cybersecurity. And the military units are not a well-kept secret. At least four former employees of Unit 61786, responsible for cryptography and information security, have posted résumés on job-search Web sites listing employment in the unit.

Another job seeker reported employment in Unit 61580; the unit has engineers specializing in “computer network defense and attack,” according to the Project 2049 Institute, a nongovernmental organization in Virginia that studies security and policy issues in Asia.

Members of Unit 61398, the bureau mentioned by Mandiant, have written several papers on hacking and cybersecurity with professors at Shanghai Jiaotong University, which has a prominent information security department. Across China, the universities labeled jiaotong — meaning communications — are taking the lead in building such departments. The military recruits at the universities and runs its own training center, the P.L.A. Information Engineering University, in the city of Zhengzhou.

But cybersecurity experts here say the schools often churn out students who know theory but lack practical skills. That could explain why many Chinese hacking attacks that have been discovered do not appear very sophisticated. American cybersecurity experts say attacks from Chinese groups often occur only from 9 to 5 Beijing time. And unlike, say, the Russians, Chinese hackers do not tend to cloak their movements, said Darien Kindlund, manager of the threat intelligence group for FireEye, a cybersecurity firm in Milpitas, Calif.

“They’re using the least amount of sophistication necessary to accomplish their mission,” Mr. Kindlund said. “They have a lot of manpower available, but not necessarily a lot of intelligent manpower to conduct these operations stealthily.”

The culture of hacking began in China in the late 1990s. The most famous underground group then was Green Army. One sign of how hacking has gone mainstream is the fact that the name of a later incarnation of Green Army — Lumeng — is now used by a top cybersecurity company in China. (Its English name is NSFOCUS.)

These companies are often started by prominent hackers or employ them to do network security. They have polished Web sites that list Chinese government agencies and companies as their clients. They also list foreign clients — at least one company, Knownsec, lists Microsoft — and have offices abroad.

The Web site of another company, Venustech, says its clients include more than 100 government offices, among them almost all the military commands. The company, which declined an interview request, has a hacking and cyberdefense research center.

Another former hacker said the monolithic notion of insidious, state-sponsored hacking now discussed in the West was absurd. The presence of the state throughout the economy means hackers often end up doing work for the government at some point, even if it is through something as small-scale as a contract with a local government office.

“I don’t think the West understands,” he said. “China’s government is so big. It’s almost impossible to not have any crossover with the government.”

Private corporations in China are employing hackers for industrial espionage, in operations that involve complex tiers of agents who hire the hackers. Sany Group, one of China’s biggest makers of construction equipment, hired hackers to spy on Zoomlion, a rival, according to official news media reports confirmed by the former hacker. Sany declined to comment.

That hacker said he knew the middleman agent who had hired cyberspies for Sany. The agent was a security engineer who owned two apartments in Beijing and had been under pressure to meet mortgage payments. “In China, everyone is struggling to feed themselves, so why should they consider values and those kinds of luxuries?” the former hacker said. “They work for one thing, and that’s for money.”
https://www.nytimes.com/2013/05/23/w...cceptance.html





Google's Wearable Glass Gadget: Cool or Creepy?
Alexei Oreskovic

Google staged four discussions expounding on the finer points of its "Glass" wearable computer during this week's developer conference. Missing from the agenda, however, was a session on etiquette when using the recording-capable gadget, which some attendees faithfully wore everywhere - including to the crowded bathrooms.

Google Glass, a cross between a mobile computer and eyeglasses that can both record video and surf the Internet, is now available to a select few but is already among the year's most buzz-worthy new gadgets. The device has geeks all aflutter but is unnerving everyone from lawmakers to casino operators worried about the potential for hitherto unimagined privacy and policy violations.

"I had a friend and we're sitting at dinner and about 30 minutes into it she said, 'You know those things freak me out,'" said Allen Firstenberg, a technology consultant at the Google developers conference. He has been wearing Glass for about a week but offered to take them off for the comfort of his dinner companion.

On another occasion, Firstenberg admitted to walking into a bathroom wearing his Glass without realizing it.

"Most of the day I totally forget it's there," he said.

Many believe wearable computers represent the next big shift in technology, just as smartphones evolved from personal computers. Apple and Samsung are said to be working on other forms of wearable technology.

The test version of Glass looks like a clear pair of eyeglasses with a hefty slab along the right side. Since it began shipping to a couple thousand carefully selected early adopters who paid about $1,500 for the device, it has inspired a bit of ridicule - from a parody on "Saturday Night Live" to a popular blog poking fun at its users.

Other industry experts take a more serious tack, pointing out the potential for misuse because Glass can record video far less conspicuously than a handheld device.

Glass also has won many fans. Google and some early users maintain that privacy fears are overblown. As with traditional video cameras, a tiny light blinks on to let people know when it is recording.

Several Glass wearers at the developers conference said they whip the device off in inappropriate situations, such as in gym locker rooms or work meetings. Michael Evans, a Web developer from Washington, D.C., attending the Google conference, said he removed his Glass when he went to the movies, even though the device would be ill-suited for recording a feature-length film.

"I just figured I don't want to be the first guy kicked out of the movies," he said.

NO GLASS ALLOWED

A stamp-sized electronic screen mounted on the left side of a pair of eyeglass frames, Glass can record video, access email, provide turn-by-turn driving directions and retrieve info from the Web by connecting wirelessly to a user's cell phone.

Google Executive Chairman Eric Schmidt dismissed concerns about the brave new world of wearable computers during a talk at Harvard University's Kennedy School of Government in April.

"Criticisms are inevitably from people who are afraid of change or who have not figured out that there will be an adaptation of society to it," he said.

Schmidt acknowledged that there are certain places where Glass will not be appropriate but that he believed new rules of social etiquette will coalesce over time. Firstenberg said it will take time for all sides to get comfortable with the new technology.
"I don't think we should go into the conversation assuming that Glass is bad," he said.

Indeed, previous technology innovations such as mobile phones and wireless headsets that initially raised concerns are now subject to tacit rules of etiquette, such as not talking loudly on the bus and turning a ringer off in a meeting.

Still, some have decided to leave nothing to chance.

Casino operator Caesar's Entertainment recently announced that Glass is not permitted while gambling or when in showrooms, though guests can wear it in other areas. In March, Seattle's Five Point Cafe made headlines for becoming the first bar to ban Glass. "Respect our customers privacy as we'd expect them to respect yours," says a statement on the café's website.

The California Highway Patrol says there is no law that explicitly forbids a driver from wearing Glass while driving in the state. But according to Officer Elon Steers, if a driver appears to be distracted as a result of the device, an officer can take enforcement action.

PRIVACY TRACK RECORD

Lawmakers are beginning to consider Glass.

On Thursday, eight members of the U.S. Congress sent a letter to Google Chief Executive Larry Page, asking for details about how Glass handles various privacy issues, including whether it is capable of facial recognition.

According to Google, there are no facial recognition technologies built into the device and it has no plans to do so "unless we have strong privacy protections in place."

During one of this week's conference sessions - an open discussion about Glass - members of the Glass team answered a question about privacy by noting that social implications and etiquette have been a big area of focus during the development of the product, which is still a test version.

Some of the Glass-phobia may stem from Google's own track record on privacy. In 2010, Google revealed that its fleet of Street View cars, which criss-cross the globe taking panoramic photos for the Google Maps product, also had captured personal information such as emails and web pages that were transmitted over unencrypted home wireless networks.

"The fact that it's Google offering the service, as opposed to say Brookstone, raises privacy issues," said Marc Rotenberg, the executive director of the Electronic Privacy Information Center, a non-profit privacy advocacy group, citing Google's history and its scale in Internet advertising.

Rotenberg says his main concern centers on the stream of data collected by the devices - everything from audio and video to a user's location data - going to Google's data centers.

Ryan Calo, a University of Washington law professor who specializes in privacy and technology, said Glass is not very different from other technologies available today, whether it is a smartphone or "spy" pens that secretly record audio. But Glass is on people's faces, so it feels different.

"The face is a really intimate place and to have a piece of technology on it is unsettling," Calo said. "Much as a drone is unsettling because we have some ideas of war."

For all the hand-wringing, some early adopters are sold.

Ryan Warner, who recently graduated from college and who has developed a recipe app for Glass with Evans, said he was surprised by the reaction he got when he went to a bar.

"I was like, ‘I don't know if I should have it on or not.' I was kind of in that phase," he said, "and the bouncer was like, ‘Oh, my god, is that Google Glass?' He was excited."

(Reporting By Alexei Oreskovic, with additional reporting by Susan Zeidler in Los Angeles and Aaron Pressman in Boston; Editing by Bill Trott)
http://www.reuters.com/article/2013/...94H08520130518





Lords Call To Revive Internet Monitoring Bill After Woolwich Killing

Lord Reid and others want Snoopers’ Charter back on the agenda, but are accused of giving a knee-jerk reaction to a horrific murder
Tom Brewster

Following the murder of a man in Woolwich yesterday, a number of Lords have called for the controversial Communications Data Bill that seeks to impose more Internet monitoring on UK citizens to be put back on the table.

The killing in Woolwich, allegedly carried out by two extremists, which the government said appears to be a terrorist attack, has drawn many extreme reactions. Former government ministers, including former Labour home secretary Lord John Reid, have called for more Internet monitoring in response, angering privacy campaigners.

Deputy prime minister Nick Clegg appeared to have stopped the bill, known to critics as Snoopers’ Charter, going through to Parliament. It proposed getting ISPs to record all customers’ communications data, which includes the who, when and where of interactions over the Internet and telephony, but not the content itself.

Internet monitoring ‘back on the agenda’

The bill also sought to store data on citizens’ website visits, all of which was seen by many as a massive intrusion on people’s privacy.

Now supporters of the bill want the government to consider getting it back on the agenda, even though it was not included in the Queen’s Speech earlier this month.

Lord Reid said in the past comms data was massively useful in tracking terrorist threats, but now police did not have enough power to get hold of Internet-based communications quickly.

“You will never find out whether you are right on this one until there is some huge tragedy that might have been averted if they had updated the communication appraisals that can be carried out at GCHQ,” he said, according to the Guardian.

Nick Pickles, director of the Big Brother Watch, said it was inappropriate for Lord Reid to be commenting on Snoopers’ Charter given his record in government.

“Lord Reid was one of those responsible for the knee-jerk decision to try and introduce powers for people to be detained for up to 90 days without trial by the last government, after the 7/7 attack,” Pickles told TechWeekEurope in an emailed statement.

“That should be a clear warning of the dangers of rushing forward policy changes when the nation is in shock and of those who seek to use the politics of fear.

“The current government made clear in the Queen’s Speech it will bring forward proposals to address the important issue of identifying who is using a particular internet address and they are right to do so.

“We face down terrorists by defending our values and traditions and acting proportionately, which is a balance current policy recognises.”

Lord Carlile, former independent reviewer of terror laws, said the Woolwich killing should lead to talk about reviving the communications data bill. “Lone wolves, even though they are always inevitably connected at least with Internet training, are very difficult to catch so we must give the authorities proportionate tools to catch them,” he said.

Lord West, the former security minister, told Sky News: “We need to know this information and I do think that the communications data bill which was due to come through and has been put on pause by the deputy prime minister, I think that’s a terrible mistake.”
http://www.techweekeurope.co.uk/news...ta-bill-117082





One-Time Pad Reinvented to Make Electronic Copying Impossible

The ability to copy electronic code makes one-time pads vulnerable to hackers. Now engineers have found a way round this to create a system of cryptography that is invulnerable to electronic attack.

One-time pads are the holy grail of cryptography—they are impossible to crack, even in principle.

They work by adding a set of random digits to a message thereby creating a ciphertext that looks random to any eavesdropper. The receiver decodes the message by taking away the same set of random digits to reveal the original message.

The security of this process depends on two factors. The first is the randomness of the digits that make up the one-time pad. If this key is truly random, it offers nothing the eavesdropper can use to break the code. Although there are some potential pitfalls, random digits are reasonably straightforward to generate these days.

The second factor is the ability to keep this key secret so that only the transmitter and receiver have access to it. That’s much more difficult to ensure.

Digital communication in the form of 0s and 1s makes copying trivial. Whenever a set of random digits is stored in an electronic memory, there is always a small but finite chance that it can be quickly copied and stolen.

Today, Roarke Horstmeyer at the California Institute of Technology in Pasadena and a few buddies say they’ve solved this problem. Their solution is based on a special kind of one-time pad that generates a random key through the complexity of its physical structure.

Instead of creating and storing the one-time pad as a random sequence of 0s and 1s, Horstmeyer and co generate a random signal by passing light through a slab of diffusing glass that scatters it randomly.

The security of the system depends on the physical complexity of the glass. Horstmeyer and co say that that this complexity means there is no way for an eavesdropper, “Eve,” to copy the glass without anyone noticing.

That cuts out the need to store the key electronically and entirely removes this vulnerability to copying. “We describe an encrypted communication principle that can form a perfectly secure link between two parties without electronically saving either of their keys,” they say

And even if Eve steals the glass, they estimate that it would take her at least 24 hours to extract any relevant information about its structure.

This extraction can only be done by passing light through the glass at a rate that is limited by the amount of heat this creates (since any heating changes the microstructure of the material). And the time this takes should give the owners enough time to realise what has happened and take the necessary mitigating actions.

The protocol for sending secret messages between “Alice” and “Bob,” say, is straightforward. To start off, both Alice and Bob must have their own slabs of diffusing glass and must physically meet to create a key for encoding a message later.

They create this by sending the same random pattern of light through their diffusing slabs and then adding the results to create a combined key.

They then publish this combined key and the pattern used to create it.

To send a message, Alice sends the pattern through her slab to generate her half of the key and then adds it to her message. She can now send this without fear that Eve can decode it.

It’s important to remember that Alice’s random key is a component of the publicly available one. But Eve cannot use the publicly available key to work out what Alice’s key is.

Bob has to go through a slightly different set of steps to decode this cyphertext. First, having received the cyphertext, he adds it to the publicly available combined key.

Next, he re-creates his own component of the publicly available key by sending the publicly available pattern through his slab. He then adds this to the result of the previous step to reveal the message.

As long as both diffusing slabs are physically held by Alice and Bob, the cyphertext cannot be decoded by Eve.

Of course, this process can be used only once. But Alice and Bob can generate a huge volume of combined keys by passing different random patterns through their slabs when they meet.

Horstmeyer and co have tested their idea using a spatial light modulator to create random patterns that they then pass through opal diffusing glass to generate about 10 gigabits of randomness. They then used this for sending perfectly secure messages, thereby demonstrating the utility of the technique.

Nevertheless, improvements should be possible, they say. For example, the team says that the system generates a small amount of noise caused by the natural drift of scatterers in the glass over time. But that’s something that should be possible to fix with error-correcting codes.

And it ought to be possible to generate a terabit of randomness from a single cubic millimetre of diffusing glass with higher-resolution equipment.

And even thought this can only be used once, the slabs can be easily reset by heating the glass to change its microstructure at which point Alice and Bob must meet again to create a new set of combined keys.

That looks to be a significant improvement over any kind of cryptography that stores keys electronically and is therefore vulnerable to an electronic attack that can copy digital information perfectly.

“Compared with a large, electronically saved one-time pad, [the new system’s] key is extremely challenging to copy or model and can easily scale to provide terabits of repeatable randomness within a small volume,” say Horstmeyer and co.

They have high hopes for this approach: “We hope the convenient properties of optical scattering can solve enough of the one-time pad’s practical shortcomings to rejuvenate interest in its unbreakable security, even in the presence of infinite computing resources.”

What they mean is that this system should be secure even to attack with future quantum computers.

That’s not something that can be said about the codes commonly used to protect messages today. With quantum computers now beginning to perform some serious calculations, anybody still using these codes must be losing a significant amount of sleep.

Ref: arxiv.org/abs/1305.3886: Physical Key-Protected One-Time Pad
http://www.technologyreview.com/view...ng-impossible/





In Defense of Digital Freedom
Marietje Schaake

This is a translation of an article originally published in Dutch in the International Spectator. Please find the Dutch version here.

Cyber everywhere

It is impossible to follow the news without being confronted with ‘cyber’ related issues. Cybercrime, cyber police, cyber-attack, cyber war, cyber terrorism, cyber Monday, cyber punk, cyber party, cybersex and cyberspace are only a few of a long list of words that have joined our vocabulary in recent years. Everything seems to be ‘cyber’.

Though so far, cyber-attacks have not lead to immediate deaths or large-scale destruction, when talking about cyber security, it is important to know what it is we seek to defend: digital freedoms and our open societies. We need to defend democratic principles not only against outside attacks, but also against erosion from within. Too often freedom is compromised for alleged security or by a focus on a misperceived threat.

Digital freedoms and fundamental rights need to be enforced, and not eroded in the face of vulnerabilities, attacks, and repression. In order to do so, essential and difficult questions on the implementation of the rule of law, historically place-bound by jurisdiction rooted in the nation-state, in the context of a globally connected world, need to be addressed. This is a matter for the EU as a global player, and should involve all of society.

The good news is that we don’t need ‘cyber democracy’ to guarantee ‘cyber security’. In most cases the foundations for resilience are already in our existing laws and regulations. Technologies are an essential part of our daily lives, businesses, education, cultural experiences and political engagement. As a result, resilience and defense need to be integrated and mainstreamed to strengthen both freedom and security.

Today people’s digital freedoms and the open internet are under threat. This is a truly global trend, though its manifestations differ. Repression and human rights violations have a growing technological component. We not only face concrete cybercrime/threats, in many countries, governments’ desire to control and repress have moved online. In other places it is rather their inaction and unbridled privatisation of the web and the essential, critical functions or use related to the internet and technologies. There is also the risk that well-intended cyber security measures have disproportionate collateral impact on our digital freedoms.

To prevent fear, hype and incident-driven policies and practices, knowledge, transparency and accountability are needed. Let us not make ‘cyber’ into something completely different, alien or spacy. But rather, let us focus on integrating technological developments in a way that allows us to preserve core (constitutional) principles, democratic oversight, and digital freedoms as essentials in our open societies.

This is not the trend at the moment.

Race to the bottom

Former U.S. Defense Secretary Panetta voiced the danger of a ‘cyber Pearl Harbour’, I have also heard references to a cyber-Cold War. Such metaphors are used to justify on-going efforts in the Pentagon and defense ministries around the globe to tailor existing doctrines on the definition of ‘acts of war’ to cyber-attacks. Such rhetoric may also be used to legitimise the strongest means to respond. A NATO commissioned study, the “Tallinn Manual” suggests dozens of very concrete applications of traditional international- and martial law online.

A cyber arms race is looming. In such a spiral, the means and ends are quickly confused and perspectives are lost. Aggressors and defenders may become the same thing. Online, this is more complicated than in the offline world as questions of attribution remain largely wide open. Even a defense minded organisation like NATO has focused on defending its own infrastructure, rather than burning its fingers on deciding whether article 5 (an attack on one is an attack on all) also applies for cyber-attacks or acts of cyber war.

Stuxnet is informally attributed to American-Israeli sources, and attacked Iran’s nuclear facilities. Retaliation is a risk that should not be underestimated. Many countries now have ‘electronic armies’, acting both domestically against dissidents and as enforcers of surveillance and censorship, as well as internationally, often to advance espionage.

Public-private

Especially as governments rely increasingly on private actors to secure, manage and develop critical ICT infrastructures and services, incentives and responsibilities need to be carefully thought out, from a long term perspective. Though interdependent, governments and private actors each play a different role. Priorities need to be set, and clarity over ultimate responsibility needs to be transparent and unambiguous. Depending on private actors for security and critical infrastructures may well lead to more vulnerability.

Companies have an important role to play in society and in ensuring security. And they are now also confronted with challenges that traditionally were dealt with by diplomats or politicians. The commotion around the ‘The Innocence of Muslims’ clips are a case in point. Companies also face requests by governments to delete content, block access or provide personal user data. This pressure is likely to increase.

The shifting reality between state sovereignty and online ´borderlessness´ can offer both challenges and opportunities:
Seen from our perspective, it offers opportunities to help, for example, Iranian people access information. Seen from an Iranian government’s perspective, the availability of access to the World Wide Web, has been the incentive to build a national internet. Which serves as an intranet: highly censored and centrally monitored.

Clearly, the interests of governments and companies do not always overlap. Companies are accountable to their shareholders, and seek to make profit. This can be in sharp contrast with the public interest which governments need to consider and safeguard.

Security software companies may see sales increase when fears rise. Are the software systems in our cars really at risk? And what methods are used to come to the widely reported figures on threat levels coming from industry players? In the public interest, threat assessments should be evidence based when feeding into policy making.

Some companies have a reputation to lose. Therefore, reporting software vulnerabilities or security breaches may not be attractive. In the public interest notification or reporting obligations make sense. To avoid headlines each time a breach is reported, we should consider allowing reporting in a confidential environment. In a globally interconnected world where privately owned critical ICT infrastructure and software used by millions, companies have the responsibility to report when our societies are at risk. Given the fact that the large majority of vulnerabilities is related to software made in the United States, reporting standards and transparency would be an improvement in US regulation.

Digital arms

Not all companies have a reputation to lose among consumers in our own markets. There are European and American companies selling to third country governments that may have commercial interests going directly against our own political interests. One of the most prominent examples, which need to be addressed for the sake of preserving digital freedoms as well as our strategic interest, is the export of digital arms.

Mass surveillance, mass censorship, tracking and tracing systems, as well as hacking tools and vulnerabilities can be used to harm people as well as our own security in Europe. Though overregulation of the internet should never be a goal in and of itself, regulation of this dark sector is much needed to align our values and interests in a digital and hyper-connected world. There are many European examples. FinFisher software, made by UK’s Gamma Group was used in Egypt while the EU condemned human rights violations by the Mubarak regime. Its spread to 25 countries is a reminder that proliferation of digital arms is inevitable.

Vupen is perhaps best labelled as an anti-security company in France that sells software vulnerabilities to governments, police forces and others who want to use them to build (malicious) software that allows infiltrating in people’s or government’s computers.

It is unclear which governments are operating on this unregulated market, but it is clear that the risk of creating a Pandora’s box is huge if nothing is done to regulate this trade by adopting reporting obligations. US government has stated that American made, lawful intercept technologies, have come back as a boomerang when they were used against US interests by actors in third countries.

Other companies, such as Area Spa from Italy designed a monitoring centre, and had people on the ground in Syria helping the Assad government succeed in anti-democratic or even criminal behaviour by helping the crackdown against peaceful dissidents and demonstrators.

These companies may well be complicit in grave human rights violations. A criminal case against a French company for exactly this business behaviour is now under consideration of a Paris court and could set an important precedent for others. Can we hold companies and their executives accountable for complicity in human rights violations and creating security threats by knowingly selling digital arms to repressive regimes?

European and American companies are among the top sellers of technologies that are used for mass surveillance, monitoring and censoring of people from Iran to Syria, from China to Bahrain. If governments are condemning human rights abuses on a political level while permitting companies to sell repressive technologies to the same regimes, this hurts our credibility and stores up all manner of problems for the future. We need to bring proper scrutiny and international agreement to stop this digital arms trade. That discussion should not only be dealt with in relation to human rights, but also to ensure our strategic interests are not undermined.

Draft legislation by the Dutch Minister of Justice, allowing the police to ‘hack back’, and to develop tools to that end, seems not to have been assessed from an international perspective.

Context

To understand how technologies could impact people, assessing varying contexts is increasingly important. Legal and technical concepts do not necessarily apply equally in a different context: how legitimate is it to sell technologies designed for lawful interception, to countries where the rule of law does not exist? Technological standards do not exist in a vacuum and yet they are almost impossible to contain in one place. EU and US regulations for instance require so-called back doors in telecom infrastructures in order to allow for law enforcement authorities to access information and communications, (ideally) subject to prior approval by an independent court, if necessary to solve crimes. Imagine how these technological abilities play out in countries like Iran or Syria. How lawful can interception be without the rule of law?

Assessments of potential damage to human rights and cyber security should be done in the R&D phase. We must work according to human rights and security by design principles to ensure public and strategic interests.

Credibility

In the discussions about ‘cyber’, governments risk losing credibility, either by inadequately protecting the public, or by overreaching in offensive actions.

To avoid a slippery slope, clear distinctions between various crimes and threats are needed. Economic damage as a result of criminal activity should render a different response than a state-led attack posing national security threats. Yet, at the moment, at least in the public debate, the distinction between various cyber threats is very unclear. Uncertainly can make people feel vulnerable, while it is internet users and citizens that need to be informed and empowered. We need to build resilient and educated societies instead of installing fear.

States also need to prioritise in their partnerships, and look for consistency of actions by different government departments. Recently, the United States chose to sign a bilateral agreement with Russia on combatting Intellectual Property Rights infringements. The agreed cooperation seems in direct contradiction with objectives of the State Department in the field of internet freedom. In Russia, a newly adopted law gives the state the authority to use Deep Packet Inspections in internet traffic.

Extraterritorial impact

The implications of the use of technologies in a specific country will be more and more difficult to confine to the territory of that same country. The extraterritorial impact of laws, related to the World Wide Web, will become increasingly sensitive in the next years.

With the growing availability of cloud services, liability and security questions are complex. The Patriot Act, a far reaching and controversial American law adopted after 9/11, would apply to all data in the cloud. There are new, equally controversial proposals on the table constantly, in many places in the world.

For economic reasons, IPR enforcement is pushed across borders, and the configuration of the web and the terms of service of popular online platforms, facilitate global reach for American prosecutors.

Can an ‘internet public’ find ways to hold new power brokers to account? The fights against the Stop Online Piracy Act, the Protect Intellectual Property Act and against the Anti-Counterfeiting Trade Agreement suggest global constituents can successfully rally online. In The Netherlands the parliament pushed to enshrine net neutrality in law, and I am hopeful this will become European law as well.

In the anticipated US-EU free trade agreement, standard setting and cooperation in the field of the digital economy and cyber security will certainly come up again and cause controversy.

Governance in a borderless world

In a globally connected world, traditional borders of land and jurisdiction have lost their exclusive ability to govern and structure international relations.

There is a growing tension between our legal and political structures. While borders play a role of little importance online, our mandates as politicians and lawmakers are enshrined in law and legitimised by democratic elections, creating jurisdictions still inextricably connected to the nation state. Confederations, international organisations or political unions, with their respective bodies of laws and regulations are established by treaties or international agreements. Their founding was a political act. The global borderless digital sphere lacks such foundations and evolves day by day, organically and sometimes in confrontation.

Governments, legal experts and politicians are only at the beginning of the process of redefining their position in relation to the territorially based laws and the borderless internet that is mostly in private hands.

In their response a tendency to re-territorialize can be observed. States pass national laws bringing the internet under their control, or push for international agreements that re-instate top down control. The EU needs to play a strong role in internet governance fora, where arguments of increasing cyber security are used to nationalise the internet, hurting its open character, as well as the rights and freedoms of people using it.

The EU needs to be aware of its own dependence on others, both private actors and private actors coming from 3rd countries. Outsourcing of security, police and law enforcement responsibilities to private companies worryingly bypasses democratic oversight, judicial oversight and protection as well other checks and balances, constitutionally available to citizens and businesses.

Proportionate measures

Instead of looking for a silver bullet we need to work on a case-by-case basis in a constantly dynamic environment, by analysing as it were snapshots or X-rays of aspects of our ICT ecology or global cyberspace. That way the various layers and actors can be identified. Cyber threat assessments and proportionate responses should be assessed in a wider geopolitical context.

Breaches of SSL certificates for example require a different set of actors and solutions than massive DDoS-attacks or addressing the market for zero day exploits or the risks to consumer data in the online cloud. Scenario studies should help us to identify threats and to train adequate responses.

A raster of threats, indexed by importance or their possible impact should be drawn and matched with flexible clusters of companies, scientists and officials to timely ensure maximum security, freedom and effectiveness in our responses. Chains of command as well as accountability need to be clear.

If the range of ballistic missiles or the number of fighter jets traditionally where the standards to measure a country’s power or strength it is the sophistication and distribution of its ICT security policies and the effectiveness of intrusion detection mechanisms that from now on will determine a country’s resilience, security and defense capabilities. While the image of a ‘cyber Pearl Harbour’ successfully created a sense of urgency it wrongly pulled cyber security policies into military headquarters.

Instead of choosing a narrow defense angle, it takes politicians, watchdogs, researchers, activists, citizens and regulators to make sure that security and digital freedoms are properly included in the development and trade of new technologies, to protect citizens and consumers.

The strength of an open society is tested especially when it comes under (perceived) threat.

Given the nature and multiplicity of actors in the cyber-ecosystem a comprehensive and civil approach is necessary. We need an integrated and mainstreamed strategy. Cyber security belongs in parliaments and homes rather than exclusively in military headquarters or specialised units.

Lawmakers should engage in cross-border dialogues to assess the impact of increased divergence between territorial jurisdiction and online services, behaviour and accountability.

They should do so with their roots in democratic principles in mind, without those, what is there to defend? The EU, as a community of values, and as a trading block, should have the ambition to lead in pushing for trust, security and digital freedoms.
http://www.marietjeschaake.eu/2013/0...gital-freedom/





'The Future of Freedom on the Internet is at Stake'

Internet policy experts gather in Stockholm this week to grapple with online data protection and surveillance issues that everyone who surfs the web should care about, reports technologist Stefan Geens.

Here's why the Stockholm Internet Forum is the most important conference you've never heard of.

This week sees 450 policy-oriented technologists from 90 countries meet at the Stockholm Internet Forum, a two-day conference hosted by Sweden's Ministry of Foreign Affairs, its aid agency Sida, and .SE, the foundation responsible for Sweden's internet infrastructure.

Experts from civil society, government and business will tackle "Internet freedom for global development" and its security implications. If this sounds like the typical capacity-building aid summit, it’s not — the stakes are in fact much higher. This forum is not (just) about promoting an inclusive and open internet in the developing world; it is also about ensuring a free and secure internet in Sweden.

That’s because these days, laws in countries from halfway around the world can affect you directly via your browser. Consider:

*Many of the best internet companies are American, subject to US law. When you trust your email correspondence to Gmail or Facebook, it is US law that protects your privacy. Bad laws, like the proposed Cyber Intelligence Sharing and Protection Act (CISPA) currently stalled in the US Senate, would allow law enforcement agencies to access your data without a warrant.

*Some countries, such as Russia, turn a blind eye to cyber criminals as long as they target users outside their jurisdictions, giving these gangs a safe haven from which to attack, scam and spam. Their presence also provides plausible deniability for state-sponsored cyber attacks and espionage, such as the 2007 attack on Estonia's banking system.

*China's government requires backdoor access to the contents of popular Chinese messaging services like QQ, TOM-Skype and WeChat. . Connect via Skype to a user in China and your private conversation will be an open book, no matter where you are.

Still, the primary victims of delinquent internet governance policies are most often local users: China's sophisticated online censorship system has made much of the global internet off-limits to its citizens. South Korea's real name registration policy makes it harder for whistleblowers and sources to stay anonymous online. Internet kill switches allow dictators to single-handedly drag their county back into the eighties.

Sometimes, European and American firms contribute to the problem by selling surveillance tools to authoritarian regimes. One such company, Gamma International, let its tools be used spy on the political opposition in Egypt, Bahrain and Malaysia. In 2012, Belarus was caught spying on dissidents using equipment installed and maintained by Sweden's own Teliasonera.

Growing public intolerance for such practices is having an effect, at least in the West: This year, TeliaSonera signed on to industry-wide guidelines for defending freedom of expression and privacy.

These and many other examples over the past decade have prompted a movement towards global norms for internet governance. It's this process that the organizers of the Stockholm Internet Forum are trying to shape, by keeping human rights concerns at the centre of the debate about internet security.

The core message is that internet governance should ultimately serve the citizen-user, rather than the interests of states or corporations. And yet even liberal democracies sometimes get this wrong, drafting overbearing security laws that gut the internet of the freedoms that make it worthwhile.

There have been some successes on the human rights front. In 2011, a United Nations report by the special rapporteur Frank La Rue delineated how human rights law applies to online notions of freedom and privacy. In 2012, Sweden and other nations sponsored a successful non-binding UN Human Rights Council resolution affirming "that the same rights that people have offline must also be protected online".

Of course, the same countries that prey on the rights of people offline tend to do so online, using the same excuses.

Today, the situation remains precarious. There are two strongly opposed visions for how best to proceed with internet governance at the global level. The incumbent arrangement sees responsibilities shared among many actors — technical foundations, corporations, governments, civil society NGOs — none of which individually control the process.

The main policy-setting forum for this multi-stakeholder model is the annual Internet Governance Forum, championed by civil society organizations for its inclusive nature, even if the internet's core technical policy body, ICANN, remains based in the US.

In the other camp is a slew of countries — predominantly from Africa and Asia — who feel that the current system is too Western and, well, democratic. In their vision, internet policy is the sovereign right of states, with centralized, top-down control within national borders and multilateral treaties governing connectivity globally. Prominent backers of this model are Russia, China, Tajikistan, and Saudi Arabia - they recently began promoting the UN's International Telecommunication Union as a state-centric policymaking body for the internet. As a result, much of Europe and North America refused to sign the latest ITU regulatory agreement in December 2012. Many more countries did sign, however. The internet may yet balkanize.

The ball is now in the court of those attending the Stockholm Internet Forum, most of whom defend the multi-stakeholder model of governance. Ideas on the table include making the distributed governance model even more inclusive of Asian and African stakeholders, since that is where most of the world's internet users now reside.

Another proposal is to recast security concerns as compatible with human rights, by redefining security from the perspective of the user. In this same vein, several NGOs have just proposedprinciples for Internet surveillance that would be compatible with human rights. The hope is to win over the fence-sitters in this emerging global schism by convincing them that a freedom-centric internet is the only path to a mature and developed global information society.

If the internet freedom movement is to prevail, it needs more opportunities to debate strategy, generate ideas and strengthen its networks. The Stockholm Internet Forum may just make the difference.
http://www.thelocal.se/48038/20130521/





What Is It About Porn? An Interview With The Founders Of TheWorstDrug, A NSFW GIF Site
John Biggs

Porn is the new Tumblr. It seems that everyone with a CS degree and a little free time is trying to cash in (or at least dabble) in the world of online sexuality, a happenstance that I’d chalk up to the ubiquitousness of boobies online and the potential for perceived riches. But what inspires a pair of designers and artists to create a site that essentially catalogs every NSFW GIF they can find?

I had to find out.

To be clear, the site [THIS IS A NSFW LINK. DO NOT CLICK IT AT WORK OR EVER] is very NSFW. It’s also quite basic – you simply press your mouse button to slide through one image after the other in a cavalcade of protuberances and pneumatic efforts that brings to mind Chaplin’s Modern Times crossed with Skinemax. Seriously. Don’t click the link. It’s porn. Instead, let’s talk to Raj and Katie, founders of the site. They preferred to remain somewhat anonymous.

John Biggs: Why did you guys make this?

Raj: Serendipity. In the beginning, in order to ramp up on some new technologies, I built a webapp to pull the most popular animated gifs from the web and present them one after another. I honestly expected kitties, Batman, and Kermit the frog. Instead, the gifs ended up being 99% porn. The next day, I told 6 friends about this happy accident, and by the end of the week, we were getting 200 unique visitors daily. Chris (the designer) has since transformed my clever hack into a polished user experience, Kevin (the hustler) is exploring innovative business models, and Katie (the ballerina) has helped forge our brand and identity. We use the site ourselves, and we’ve just been kindling the fire – it feels like the project has taken on a life of its own.

These are some of the responses to our site on Reddit.

@TheWorstDrug that is…..AMAZING! Is it just for this particular one or will all of em eventually be like this?—
Mirza-A (@Mirza_A88) May 11, 2013

@TheWorstDrug You're a magician with your site! Had to slap myself in the face to stop being hypnotized by it. Damn youuuu!! ;) —
Rabbit Sweet (@brabbitsweet) May 07, 2013

@TheWorstDrug opened it up @ work and lost all my concentration… This is the worst drug… Luv it—
Texas proud (@tompaul64) May 06, 2013

JB: Who are you guys?

Raj: I’m equal parts hacker and guitarist at heart, Chris is an artist, Kevin is a hustler, and Katie is a choreographer. We’re a group of friends, and we each bring unique talents to the table. We love working together. At the moment, we’re building a porn site. Next time, we might record a rock album.

Quick story: A few months ago, we were trying to figure out where to take our product, so I issued Chris a No Fap Challenge. I asked him to not spank it to any porn site other than The Worst Drug for as long as possible. Chris lasted 3 days. He came back to me and told me that he couldn’t get off without video – so along with animated gifs, HTML5 video became our next major feature.

JB: There seems to be a trend of women working on porn startups. Why?

Katie: As porn becomes more mainstream, disrupting the current tech is fair game for anyone who isn’t afraid of it. This includes the kind of savvy and self-governing women who would abandon their kitchens and venture into the tech world in the first place. That’s my guess anyway. For me it was happenstance that the content was porn. These GIFs reveal the usually obscured popular content of the Internet. Imagine observing the planet from a distance, swiping through what we look at, laugh at, get aroused by, and share with each other. I was initially surprised, even shocked, that what we captured was basically all porn, but then I had to laugh. I love this big world of happy, normal, clever, horny people. We’re sexy.

JB: Why porn? Why now?

Raj: We’re driven by a particular philosophy. Recent studies have shown that there’s little correlation between porn use and deviant/risky sexual behavior. Researchers have also been looking into why porn is addictive. I’ve been trolling on 4chan for years, and I think that watching porn makes you a better person. It’s always my belief that knowledge is more powerful than ignorance, and porn is a particular type of knowledge.

Also, there’s nothing in our algorithms that limits our content to porn. Our site simply pulls in the most popular animated gifs as determined by web users around the world. It just happens to be the case that these GIFs are all porn – we’re reflecting the world back at itself.

JB: How will you make money?

We don’t know – do you have any money?

We’ve bootstrapped ourselves so far, and we’ve been able to cover our operating expenses. For the moment, we’re focused on building the best user experience that we can.

Unrelated: Our name (The Worst Drug) reflects the addictive nature of the site. Chris chose our logo font because it looks like something that you’d see on a bottle of prescription pills – and it feels a little dirty, but still somehow clean. Our ‘u’ is a forward arrow key, as you can hit that key instead of clicking the image.

JB: Do your parents know what you’re doing?

Raj: My parents have no idea what I’m doing. My parents have never had any idea what I’ve been up to. They still don’t know that I once stole a nice pen from K-Mart in 6th grade. (I hope that my parents don’t read TechCrunch.)

Katie: Yes, and my mom loves the site! She’s offered suggestions for the UI, and she’s even Tweeted about us to her 17 followers. Her response is flattering, but I question her taste, because I also showed her Two Girls, One Cup, and she thought it was hilarious and didn’t throw up in her mouth at all.

JB: What’s your favorite kitten picture?

See above.

http://techcrunch.com/2013/05/22/wha...nsfw-gif-site/





Russia's Leading Social Network Banned by "Mistake"
Douglas Busvine

Russia's leading online social network was briefly banned on Friday, in a move dismissed as a "mistake" but which follows intensifying official pressure on the company as President Vladimir Putin consolidates his power.

VKontakte (www.vk.com), Europe's largest homegrown social network with 210 million registered users, was put overnight on a "black list" of sites barred from distributing content inside Russia. Hours later, the ban was lifted.

The company's founder Pavel Durov has clashed with the authorities in the past for providing a forum for opposition activists to organize protests against Putin.

"This happened by mistake," said Vladimir Pikov, a spokesman for Roskomnadzor, the state communications regulator.

"In this case, someone checked a box against the address of the social network. The site has been removed from the list and restrictions on access to it have been lifted."

Durov, 28, founded VKontakte in his native St Petersburg in 2006 and his success in building the network - which attracts 47 million users daily who log on to share news, views and photos - has drawn comparisons to Facebook's Mark Zuckerberg.

Durov refused to comply with an order by the Federal Security Service, a successor to the Soviet-era KGB, to close groups used by activists to organize protests over the December 2011 parliamentary election, which handed victory to Putin's ruling United Russia party.

Last month, he was implicated in a traffic incident in the city of St Petersburg in which a policeman was slightly injured.

Durov has denied being involved in the accident but, instead of agreeing to testify as a witness, he left the country, say sources who know him. He has not been seen in public or posted on his VKontakte page since April 24.

The executive's difficulties coincided with a change of ownership at the company, in which a private equity fund with Kremlin connections bought a 48 percent stake from the founding partners who backed Durov.

The day before the deal closed on April 17, VK's office and Durov's home were searched by investigators.

UNDER CONTROL

The buyer, United Capital Partners, controls assets worth some $3.5 billion and is run by financier Ilya Sherbovich, who sits on the board of three large state firms including Rosneft, the oil major run by Putin's former chief of staff, Igor Sechin.

"It's a meticulous and methodical effort to bring the network under the control of the Kremlin," science fiction writer and blogger Dmitry Glukhovsky, creator of the Metro 2033 video game, told Reuters this week of the pressure on VK.

"It's too important a resource to stand independently from the 'siloviki'," added Glukhovsky, referring to Putin's allies that share the Russian leader's security-service background and are now in the political ascendant.

Sherbovich, in an interview, has denied fronting for the Kremlin and said he wanted Durov to stay on as chief executive of VKontakte.

A source close to the company said it held a board meeting in Switzerland this week which was attended by Durov.

Durov owns 12 percent of VK, but under a shareholder pact he also votes on behalf of the 40 percent holding owned by Mail.ru, the London-listed internet group backed by Uzbek-born tycoon Alisher Usmanov, Russia's richest man.

No comment was immediately available from representatives for VK, United Capital Partners or Usmanov.

At issue, say internet watchers, is control over user-generated content frowned on by the authorities. Friday's ban, despite being quickly lifted, could be a shot across VKontakte's bows to ensure it tightens its monitoring.

The network has also been accused by Russia's ombudsman for children's rights of hosting child pornography. At least one of the Boston Marathon bombing suspects had a page on VKontakte.

After Putin rose to power in 2000, the Kremlin reined in Russia's print and broadcast media, encouraging trusted business "oligarchs" to buy strategic stakes. A similar scenario, in which loyal investors ensure internet content is screened, may now be unfolding, say some commentators.

"All big media have been brought under the control of the Kremlin, and VK is the last medium that is free," journalist Nickolay Kononov, author of biography "The Durov Code", said in a recent interview.

(Additional reporting by Maria Kiselyova; Editing by Elizabeth Piper and David Holmes)
http://www.reuters.com/article/2013/...94N0BD20130524





What Really Happens On A Teen Girl's iPhone
Bianca Bosker

Fourteen-year-old Casey Schwartz has ditched more social networking services than most people her parents’ age have joined. Like many of her friends, Casey has a tendency to embrace social media sites, then suddenly drop them.

Skype, Formspring and WhatsApp have all felt the consequences of these flighty users. Casey still uses Snapchat, but less than she did last year. And in three months, she's joined, quit, and rejoined Twitter. She’s collected banished apps into a folder on her phone labeled “Stuff Nobody Likes.” And she’s thought about deleting her Facebook account because she checks it so frequently.

“I’ll wake up in the morning and go on Facebook just … because,” Casey says. “It's not like I want to or I don’t. I just go on it. I’m, like, forced to. I don’t know why. I need to. Facebook takes up my whole life."

Inseparable from her iPhone, but apt to tire of the sites she uses it to access, Casey at once personifies why much of the technology world has become obsessed with capturing the attention of people her age, and why those efforts risk turning into expensive debacles. That teens' friendships and relationships will play out online is certain. But which site will host that social intrigue is constantly up for grabs.

Earlier this week, Yahoo became the latest tech giant to make a major play for younger users, agreeing to pay $1.1 billion in cash to take ownership of Tumblr, the blogging site that has emerged as a popular and engaging platform with users under the age of 35. Yahoo has in its sights young people with disposable income, still-evolving spending habits and a willingness to devote virtually unlimited amounts of time to staring at a screen.

In short, Yahoo is trying to gain access to people like Casey. As social media experts have already suggested, and as a day with Casey makes clear, winning the attention of teenagers and maintaining it are two very different things. Yet seeking that attention is irresistible.

Casey’s habits underscore a new reality for this networked generation: Social networks -- and the gadgets they run on -- aren’t a distraction from real life, but a crucial extension of it.

Born in 1999, just a few years after the mass adoption of the World Wide Web, Casey belongs to the first true generation of digital natives, who have no memory of life before the Internet. The eighth-grader, who lives in the northern New Jersey town of Millburn, has always been attached to her gadgets. When she was only 18 months old, she received a toy computer that quickly became her favorite plaything. In second grade, she got her first cellphone (“it could hold two numbers, it was stupid,” she says). Now, at 14, she’s the proud owner of a white iPhone 4S, which she takes with her to school, carries as she wanders around her house, uses at the breakfast table, and keeps beside her pillow when she sleeps at night.

“I bring it everywhere. I have to be holding it,” Casey says. “It’s like OCD -- I have to have it with me. And I check it a lot.”

Casey only parts with her phone during the hours she’s at school, when she leaves it in her locker. The rest of the time, she and seven friends keep up a running conversation over text messages.

Not having an iPhone can be social suicide, notes Casey. One of her friends found herself effectively exiled from their circle for six months because her parents dawdled in upgrading her to an iPhone. Without it, she had no access to the iMessage group chat, where it seemed all their shared plans were being made.

"She wasn’t in the group chat, so we stopped being friends with her,” Casey says. “Not because we didn’t like her, but we just weren’t in contact with her.”

On a recent Thursday, Casey and her friends are up texting on iMessage until midnight, then they pick up again around 7 a.m., when they wake for school. By 4 p.m. that day, the group has exchanged more than 56 messages, not including those sent in the private, one-on-one chats Casey also kept going during the day.

“That’s not even a lot. That’s small. And we were in school the whole day also,” Casey says.

Early that morning, they kicked off their conversation polling each other on what they’d wear to school.

“Shorts?” someone wrote, followed by, “Should I?”

“I’m not.”

“What are you wearing?”

“Leggings.”

“Would it be weird if I wore my Hunters [rainboots]?"

“Is the bus there?”

Later, the girls cast votes on which picture each should share for "TBT" (short for Throwback Thursday), a weekly Instagram tradition, where people post childhood photos. The typical teen girl will send and receive 165 text messages in a day, according to a 2012 report by the Pew Research Center. Casey's texting continues even when she and her friends are together.

“We’ll be sitting on a couch next to each other, texting each other,” she notes. “We text in the same room. It’s weird, I don’t know why.”

As we chat in her lime-and-lavender painted room, surrounded by soccer trophies and a framed collage of Justin Bieber photos, Casey alternates between checking her phone, which buzzes incessantly with a steady stream of texts, replying to messages, and refreshing her Instagram and Facebook feeds, where she “likes” people’s posts. Occasionally, she plays a few rounds on Dots, her new favorite iPhone game, or scrolls through fashion accessories on Wanelo, a social shopping site heavy on photos. Later, Casey uses Facebook to get homework help and posts a question in a private group chat set up by her classmates.

Casey’s social networking faces scrutiny from her mother, who has her own Instagram and Facebook accounts from which to monitor what Casey and her friends are doing online. Occasionally, Casey's mother will insist that a picture her daughter has shared needs to come down -- usually because Casey has been "exclusive," posting a photo of that could offend friends who weren't included in that day's activity. Via Apple's Find My iPhone app, the Schwartz family can also keep constant tabs on each other's location.

Thanks to Silicon Valley, there's no off-switch for one’s social life, and popularity has become instantly quantifiable.

Here are just a few of the things Casey regularly tracks: the number of contacts stored on her iPhone (187); the number of people following her on Instagram (around 580); the number of people who’ve asked to follow her on Instagram, but she’s refused to accept (more than 100); the number of people following her Tumblr blog (more than 100); her high score on Dots (almost 400); the number of photos she stores on her phone (363, fewer than before because she's maxed out her phone’s memory); the number of photos her friends store on their phones (around 800); the number of people she’s friends with on Facebook (1,110) and the number of acquaintances who’ve quit Facebook (three or four). She also uses the app InstaFollow to keeps tabs on who's unfollowed her on Instagram (she quickly unfollows those who defect).

Casey is a novice programmer and has customized the code on her Tumblr blog so it displays how many people are viewing it at one time. She and her friends aspire to becoming “Tumblr famous,” or attracting thousands of followers to their sites. She's wary of what will become of Tumblr under Yahoo's watchful, corporate eye.

"I don’t like that they bought it," she explains, echoing sentiments shared by others who use the media network. "I'd rather it was how it was before because I'm afraid they're going to change it and make it worse."

The most important and stress-inducing statistic of all is the number of “likes” she gets when she posts a new Facebook profile picture -- followed closely by how many “likes” her friends’ photos receive. Casey's most recent profile photo received 117 "likes" and 56 comments from her friends, 19 of which they posted within a minute of Casey switching her photo, and all of which Casey “liked” personally.

“If you don’t get 100 ‘likes,’ you make other people share it so you get 100,” she explains. “Or else you just get upset. Everyone wants to get the most ‘likes.’ It’s like a popularity contest.”

Still, she notes with a twinge of regret that a friend received more.

“I changed my profile picture and then [my friend] changed it right after and she got so many more 'likes' than I did,” Casey says. “And I didn’t get mad at her, but I was like, 'You got so many 'likes!'’ She just gets so many 'likes' on everything. She has more followers on Instagram. I have more friends than her.”

For all the time Casey spends online, she predicts that soon she won’t be using her smartphone or social networks as much as she has been. It’s distracting, she says, as her iPhone chimes for perhaps the 12th time that hour. Her phone, be it Facebook, Instagram or iMessage, is constantly pulling her away from her homework, or her sleep, or her conversations with her family.

“If I’m not watching TV, I’m on my phone. If I’m not on my phone, I’m on my computer. If I’m not doing any of those things, what am I supposed to do?” Casey says. “I think that in a few years, technology is going to go back and people won’t use it anymore because it’s getting to be a lot. I mean, I don’t put down my phone. And it makes me wish that I did. It's addicting.”

But at least for now, her iPhone remains the center of her existence. The friend who was the last to buy an iPhone has recently purchased one, regaining her place among the circle.

“Now we start hanging out with her every week because she knows the plans,” says Casey. “She has a smartphone now, so that’s what gets her in. We always loved her and she was always our good friend, but she was excluded -- and she knew it, too -- because she didn’t have an iPhone.”
http://www.huffingtonpost.com/2013/0...n_3322095.html





How the Smartphone Killed the Three-Day Weekend

The concept of a three-day weekend has gone the way of the dodo. Are companies to blame, or are we?
Bob Sullivan

Memorial Day weekend marks the beginning of summer and all it evokes: vacations, slower workweeks, casual dress codes, getting the pool ready and pulling out the outdoor furniture.

It would seem an ideal time to take a break, but our ability to unplug and relax is under assault. A three-day weekend? We can barely get through three waking hours without working, new research shows. The average smartphone user checks his or her device 150 times per day, or about once every six minutes. Meanwhile, government data from 2011 says 35 percent of us work on weekends, and those who do average five hours of labor, often without compensation -- or even a thank you. The other 65 percent were probably too busy to answer surveyors’ questions.

There's plenty of debate among economists and psychologists over whether the economy is to blame, or whether we did this to ourselves. There's little arguing that the concept of a Sabbath is in serious danger.

“It's like an arms race…everything is an emergency," said Tanya Schevitz, spokeswoman for Reboot, an organization trying help people unplug more often. "We have created an expectation in society that people will respond immediately to everything with no delay. It's unhealthy, and it's unproductive, and we can't keep going on like this."

There's a long list of horribles associated with our new, always-on-digital lives: You are dumber. You are more stressed. You are losing sleep, and more depressed.

People seem to know they need tech breaks, which have plenty of cute names now, like "Digital Detox" or "Tech Sabbath." Consumers pay for software like "Freedom," which cuts their computers off the Net for a pre-set amount of time (really, you could just unplug yours). Reboot even sponsors a National Day of Unplugging, which will occur in March next year. But no one seems to think the problem is getting any better.

It’s easy to blame the economy. Workers competing for too few jobs feel like they can't say no to their boss, even if it's a trivial request during a long weekend. It’s equally easy to blame gadgets, particularly smartphones, which have virtually tethered employees to their desks. It took labor unions 100 years to fight for nights and weekends off, some say, while smartphones took them away in about three years.

But those explanations are, at a minimum, incomplete. Some experts think these wounds are self-inflicted. Laura Vanderkam, who recently published the eBook, "What the Most Successful People Do on the Weekends," says that many executives she's worked with have learned they can unplug for a weekend without dire consequences.

"Many of us have an exaggerated sense of our own importance," she said, speaking on the eve Memorial Day weekend. "I can tell you that come Tuesday morning, the Earth will still be revolving, whether you have checked your email or not."

Besides driving each other crazy, we are also robbing our brains of critical downtime that encourages creative thinking when we skip weekends and vacations. At extreme levels of exhaustion, rest-deprived brains experience memory loss and hallucinations. But without regular rest, brains fail at more basic tasks. A study at the University of California, San Francisco, found that new experiences fail to become long-term memories unless brains have downtime for review.

Vanderkam also argues that taking breaks makes you more focused when you work. People who work 50 or 60 hours rarely get more done than people who work 40 hours, she argues.

Reboot's vision is a digital-age Sabbath, Schevitz said, but as she explained it on the phone, she was interrupted by a text message. ("Even I struggle with this," she confessed.)

“We need a modern day-rest that brings balance back to life,” she said.

Memorial Day weekend is a good time to start. She urged people to start small. Don't try to go 72 hours without e-mail; begin by promising your family one tech-free meal every day this weekend.

“I think that a three-day weekend provides a unique opportunity for people to unplug and decompress because there is a tradition of people going away. So the expectation by the boss that you will be reachable at a moment's notice is likely to be less," she said. "I do think there's hope. When people are given achievable steps, they start seeing that there's a difference.”
http://redtape.nbcnews.com/_news/201...ee-day-weekend





Pirate Cinema Converts File-Sharing Into Art
Philippa Warr

The Pirate Cinema transforms peer-to-peer file sharing into an artform.

The project by artists Nicolas Maigret and Brendan Howell is currently playing as part of Canada's Sight + Sound festival and takes the form of a control room connected to three oversized screens which reflect P2P exchanges occurring globally.

One mode constantly downloads the most popular torrents on sites like The Pirate Bay and shows fragments of the material onscreen. "The installation produces an improvised and syncopated arrangement of files currently in exchange," explains the festival blurb.

In addition to the snippets of content, the installation offers fragmented information about source files and their destinations. Essentially it's a demonstration of how the data you can glean from file sharing services provides a kind of global data mapping opportunity which is being co-opted -- by artists in this particular scenario but by governments and rights holders in other iterations.

Another mode allows an operator to manually select downloaded files in order to curate a performance more along the lines of a musical composition.

Speaking with TorrentFreak, Maigret explained the choice of source: "BitTorrent is not only about mainstream medias, but theoretically open to all kinds of files and content. In a way, the Pirate Cinema reveals some potentials of this peer-based technical architecture."

An artwork which might be downloading copyrighted content at any given time could prove to be legally problematic. However, the artists explain that fragments of downloaded files are encoded and kept on the machines temporarily. "We saw it as a kind of game," said Maigret.
http://www.wired.co.uk/news/archive/.../pirate-cinema
















Until next week,

- js.



















Current Week In Review





Recent WiRs -

May18th, May 11th, May 4th, April 27th

Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.


"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public."
- Hugo Black
JackSpratts is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Peer-To-Peer News - The Week In Review - July 16th, '11 JackSpratts Peer to Peer 0 13-07-11 06:43 AM
Peer-To-Peer News - The Week In Review - July 9th, '11 JackSpratts Peer to Peer 0 06-07-11 05:36 AM
Peer-To-Peer News - The Week In Review - January 30th, '10 JackSpratts Peer to Peer 0 27-01-10 07:49 AM
Peer-To-Peer News - The Week In Review - January 16th, '10 JackSpratts Peer to Peer 0 13-01-10 09:02 AM
Peer-To-Peer News - The Week In Review - December 5th, '09 JackSpratts Peer to Peer 0 02-12-09 08:32 AM






All times are GMT -6. The time now is 01:36 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
© www.p2p-zone.com - Napsterites - 2000 - 2024 (Contact grm1@iinet.net.au for all admin enquiries)