P2P-Zone  

Go Back   P2P-Zone > Peer to Peer
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Peer to Peer The 3rd millenium technology!

Reply
 
Thread Tools Search this Thread Display Modes
Old 06-08-14, 07:31 AM   #1
JackSpratts
 
JackSpratts's Avatar
 
Join Date: May 2001
Location: New England
Posts: 10,013
Default Peer-To-Peer News - The Week In Review - August 9th, '14

Since 2002


































"Consider Bleep your personal redaction pen controlled by you and only you." – Jaehee Lee






































August 9th, 2014




Lionsgate Sues Over 'Expendables 3' Leak
Eriq Gardner

Lionsgate is taking legal action against the anonymous individuals who shared online an advance copy of The Expendables 3, starring Sylvester Stallone.

On Thursday, the film company filed a lawsuit (PDF) in California federal court against "John Does 1-10."

Lionsgate reports learning on July 24 that a digital file containing a high-quality reproduction of the film had been stolen and uploaded to the Internet. The Expendables 3 has reportedly crossed more than a million downloads already. All of the copies circulating online are said in the lawsuit to be traced to the original stolen digital file.

The lawsuit targets the operators behind limetorrents.com, billionuploads.com, hulfile.eu, played.to, swantshare.com and dotsemper.com and uses language that's similar to past mass "Doe" complaints against torrent users.

According to the lawsuit, "By downloading one of these 'torrent' files associated with the Stolen Film from <limetorrents.com>, users join a 'swarm' where they download parts of the Stolen Film from many different users and also upload to other users parts of the Stolen Film they have already received, until eventually they have reproduced the entire Stolen Film on their own hard drives and in most cases have also uploaded all or a substantial part of the Stolen Film to others."

Lionsgate sent demand letters to operators of the torrent sites. For instance, the studio contacted hulkfile every day between July 26 and July 31 — an indication of just how seriously concerned the studio is to see its movie leak in advance of a Aug. 15 release. The operators of the sites didn't respond to demand letters, says the lawsuit.

The plaintiff is demanding a temporary restraining order and injunctions that prohibit the anonymous operators of the sites from hosting, linking to, distributing, reproducing, performing, selling or making available copies of Expendables 3. The film company also wants to stop the defendants from taking action that "induces, causes or materially contributes to" direct copyright infringement of its work.

But the demands go much further: The requested injunction also seeks to have the defendants prohibited from "operating any of the websites" and ordered to "take all steps necessary to recall and recover all copies of the Stolen Film or any portion thereof that they have distributed." Additionally, Lionsgate is looking to prevent defendants from transferring their assets and circumventing the court orders. The plaintiff wants registry operators to place the domain names on "locked" status.

Additionally, the ISPs that are providing hosting and cloud storage as well as the banks and financial institutions servicing the torrent sites are also under the eye of the film company. Subpoenas could be issued soon.

Lionsgate is being represented by Dennis Wilson at Kilpatrick Townsend & Stockton.

Expendables 3 is produced by Nu Image, which notably was one of the first companies to go after torrent users. Three years ago, Nu Image targeted 23,322 alleged online pirates of the original The Expendables, but ran into problems when a federal judge in Washington, D.C., questioned jurisdiction. In 2012, the company later brought other copyright infringement lawsuits over the film around the country, but has been fairly quiet on the piracy hunt since then.

The identity, and motivation of, the individual who first uploaded Expendables 3 hasn't been revealed.
http://www.hollywoodreporter.com/thr...-3-leak-722806





Internet Piracy Isn't Killing Hollywood—Hollywood is Killing Hollywood
Matt Saccaro

“Hellboy II has great reviews,” my friend argued. He knew I was loath to spend $12 for a movie ticket to spend two hours watching trash. I checked the Internet, and he was right. Critics lauded the film. On Rotten Tomatoes, 89 percent of the top critics found the movie favorable. The tacit endorsement of an Internet review aggregator was all I needed. My friends and I headed out to the movie theater, bought our tickets and overpriced snack bar fare, and watched the film.

And it sucked.

To borrow from The Simpsons, the film was so formulaic it “could have spewed from the power book of the laziest Hollywood hack.” Hellboy II: The Golden Army had enough lazy tropes and predictable plot twists for the entire 2008 summer season, let alone one movie.

There's a brooding protagonist longing for acceptance he knows he can never truly have. There's an antagonist who makes the high school sophomore-level insight that humans are the true monster (never heard that before). There's a newly pregnant girlfriend acting crazy because hormones. There's truly love ultimately conquering all. And there's a host of other attributes that made the movie not worth the price of admission. Once the credits rolled, I parted ways with Hollywood. I haven't stepped in a movie theater since.

Judging by Hollywood's recent luck—or lack thereof—I was ahead of the curve.

Hollywood is mired in a terrible summer, its worst in eight years. Box office sales are down 20 percent in the United States, and according to the Hollywood Reporter, no movie surpassed the $300 million mark for the first time since 2011. It's estimated that summer 2014 will draw 15-20 percent less money for Hollywood than summer 2013, and such a dramatic decline over the course of 365 days hasn't been seen in over 30 years.

Why didn't those movies sell? Why didn't people go out to see them? Are people just smartening up and realizing mainstream entertainment is trash? Or is there something more at work?

The first explanation is the ever-present bogeyman of Internet piracy. The New Republic recently published an article highlighting piracy's prominence as the sole reason for not only Hollywood's declining numbers, but for the film industry's penchant for peddling generic crap. Each month, more than 300 million users download content off BitTorrent alone—and most of these downloads occur in the United States, a place where it's easy to purchase movies. In January of last year, 25 percent of all Internet users sought to download copyrighted content.

So Hollywood is dead because you're just too cheap to pay for it? Hardly. If the popularity of Netflix is anything to judge by, users are happy to pay for content they deem to be fairly priced and worthwhile. Even though Game of Thrones is the most pirated show ever, it's also HBO's most legitimately viewed show (as in viewed by people with subscriptions to HBO and HBO Go). People will pay if they feel they're getting value for money.

In regards to Hollywood's current summer slate, customers voted with their wallets. They don't want what Hollywood is offering, in part because its continuously catering to a demographic losing interest in the movies.

That brings us to another explanation: Some believe Hollywood's predilection for all things testosterone-laden is causing the downturn. As Kelly Faircloth of Jezebel glibly put it, “If you essentially ignore half the population, you're leaving money on the table.”

The numbers paint a clear picture: “Females made up only 39 percent of Amazing Spider-Man 2's debut audience, compared with 42 percent for 2012's The Amazing Spider-Man and 46 percent for Spider-Man 3. The same trend applies to Transformers. This summer's Age of Extinction skewed 64 percent male during its first weekend, more than the previous two films, and it played the oldest.”

Women are not interested in seeing movies so generically masculine they're tantamount to a two-hour Dr. Pepper Ten commercial. Summer 2014 was so brutal because Hollywood ignored the most protiftable demographic—not because of The Pirate Bay.

Competition with other forms of entertainment is also a considerable factor in Hollywood's downturn. YouTube is soaring in popularity, and one Minecraft-related YouTube channel has more subscribers than Katy Perry or Justin Bieber. There's also the recent prominence of Twitch, the gaming-related video network Google might be purchasing for $1 billion. Furthermore, television is often said to be in a “golden age”—as shows like Game of Thrones, Breaking Bad and Girls garner more artistic clout than many movies. Then, of course, there's Netflix.

Why go to the movies when you can watch your favorite YouTube star or marathon your favorite show? There's no reason to, and people are starting to realize that.

Hollywood is turning to Big Data to mitigate the problem, but this will only enhance what's wrong with movies. As The Atlantic's Derek Thompson noted, thanks to Big Data “Hollywood has become sensational at predicting what its audiences want to see. And, ironically, for that very reason, it's become better at making relentlessly average movies.”

Hollywood does not need piracy's help in tying a noose around its neck. It was already doing that thanks to the insights offered by Big Data: Make everything generic as possible to appeal to as wide an audience as possible, hence an endless parade of superhero movies—hence average, generic, less ambitious films that are OK because OK is all they need.

While the world's hottest video mediums offer the bold, Hollywood offers the bland. If Hollywood dies, the industry has no one to blame but itself.
http://www.dailydot.com/opinion/pira...ing-hollywood/





Hollywood's Best Kept Social File Sharing Secret Goes Public
Press release

SendPals, the world's first social file sharing service, quickly becomes a hub for Hollywood's artists, designers and producers to share large files. Today, in response to the platform’s success, the company announced open membership and a Frequent Sharer Rewards Feature.

Hollywood insiders breathe a sigh of relief having just discovered a new and secure way to send large files online. While in its beta stage, the social file sharing platform SendPals, reports that Hollywood’s videographers, photographers, and other creative talent literally began begging to sign up for the world’s first social file sharing platform. They wanted a spot alongside Emmy award-winning video producers, music bands, designers, engineers, architects and renowned artists. Today with its official launch, the formally beta run platform that spread like wildfire throughout Hollywood’s creative industry is now open to the public.

“If you take look at the list of people who joined SendPals during its beta stage, it appears we’ve been taking Hollywood by storm,” remarked Matt Oberdorfer, Co-Founder and CEO of SendPals. “And it makes sense, since large video, photo and audio files are at the core of the film industry. Those files are exactly what we help transfer for this unique community more efficiently than anyone else. It's a perfect combination.”

SendPals is the world's first social file sharing platform that combines the best aspects of private file sharing with a private social media platform. SendPals allows creators of large files such as hi-res photos, graphic files, videos or other documents to send them both to individuals and to distinct closed groups. This makes creative collaboration personal, easy and fun. Throughout its beta phase, SendPals was offered by invitation only but on July 31st that changes. Now, the social file sharing revolution is open for everyone to explore and enjoy.

Redefining the industry, SendPals is a big break from traditional file sharing companies of the past. It's unique social networking user experience designed for numerous independent project teams completely changes the file sharing paradigm. But unlike any social networking site, SendPals's architecture is designed to share extremely large Tera Byte size files.

Adding to today’s launch, the company also announced their Frequent Sharer Rewards Feature. SendPals rewards more active members with more free storage space. Sign up is free and active users can earn up to 25 GB. Oberdorfer adds, “Initially as a new user you'll unlock 5 GB just by joining SendPals. As you invite more people, start new groups and share more files, you’re rewarded additional chunks of 500 MB, 100 MB or 5MB of space. It's really about putting artists and other creative people back in control of their intellectual property and privacy.”

The SendPals system ensures all data transfers are protected by 2048 bit SSL with a 256 bit encryption along with self-expiring links for confidential file access. This goes a very long way towards guarding that files are only shared securely with the intended recipients, each and every time.

As a testament to SendPals commitment to putting privacy concerns at the forefront, the system has no scan bots digging through images, videos or social connections. Data is not shared with people who “may know you,” “tag you” or who want to “friend you.” These features are a particular hit with users. Oberdorfer reports that positive feedback continues to pour in. He says, “It’s clear this is just going to continue now that the virtual doors are open for more and more people to see the innovative social file sharing site first hand.”

For more information and to sign up, be sure to visit https://www.sendpals.com.
http://www.virtual-strategy.com/2014...et-goes-public





We Actually Like This iPhone App for File Sharing. Thanks, EMC!
Jordan Novet

Storage giant EMC is not a startup known for cutting-edge design. Which is why it’s interesting to watch EMC’s file-sync-and-share business, Syncplicity, push out a new version of its iPhone app as it competes with Dropbox, Box, and other young guns.

The revamped app debuts today, and Jeetu Patel, general manager of Syncplicity, looked pretty proud of it during a demo with VentureBeat. He showed off an easy way to flip through folders inside of folders; an interface for signing documents; a bunch of suggested actions; and pictures of people who have shared files, which can be useful for searching.

“It’s just they’re small delightful things we’ve done to really go out and kind of grab the imagination,” Patel said in an interview with VentureBeat.

Yes, Syncplicity does already stand out when it comes to security and deployment options, by virtue of its ability to store documents in public clouds and in companies’ on-premises data centers. But Patel has long spoken of user interface being important, and the new version of its iPhone app marks a new high.

“Were competing with consumer-based companies, and if we come across a stodgy enterprise company that still doesn’t care about user experience, I think it’s not going to make sense for the user, and you’re still not going to solve a fundamental problem enterprise software, which is that they haven’t paid attention for the last 20 years to making a delightful experience for the user.”

The iPhone app design draws to some extent on Syncplicity’s iPad app. But the thumb is the dominant finger when using an iPhone, while on the iPad the forefinger is the important one.

“How do you go out and reimagine how you can get more productive on the phone?” Patel said.

The resulting iPhone app, like Tinder and its myriad clones, relies on swipes from left to right and from right to left.

And indeed, it seems to let people do a lot of things while on the go. They can send reminders to people who haven’t opened up certain documents, find documents in several ways, jump easily through folders like you’d switch mobile browser tabs (see picture below), annotate documents, and swipe through pictures quickly.

The big takeaway is the app, with its long taps, blurred backgrounds, and rounded edges, doesn’t look like something from a company that last year brought in $3 billion in net income. And yet, that’s something neither Box nor Dropbox can say.

The challenge for EMC is to get companies big and small to sign up for its service, which can operate exclusively in public clouds, in companies’ own data centers, or both.

EMC bought Syncplicity in 2012. True Ventures backed Syncplicity before the acquisition. Patel first joined EMC in 2010.

Syncplicity customers include ActOn, the Boston Red Sox, and Hearthstone.
http://venturebeat.com/2014/07/31/em...ty-iphone-app/





BitTorrent Unveils NSA-Proof Online Calling and Messaging Software
Jon Healey

BitTorrent Inc., the San Francisco company behind the most popular technology for sharing files online, is branching out into a new arena: snoop-proof calling and texting.

The company announced the availability Wednesday of a preliminary, test version of BitTorrent Bleep software, which will enable people to make calls (voice only) and send messages over the Internet without using a central server to direct traffic. Instead, users will find one another through groups of other users, with no records of the calls or texts stored anywhere along the way.

Once a connection is made for a call or text, the communication travels directly between the two computers involved. That peer-to-peer approach also defies mass surveillance. Granted, it doesn't pay to underestimate the National Security Agency's ability to monitor even well-hidden communications. But Bleep certainly makes the job harder than the most popular online calling and messaging apps do.

Bleep will be available by invitation only for now, the company said, because it still has plenty of rough edges. It's also limited to computers running Windows 7 or 8, although support for more platforms is coming.

The product reflects BitTorrent's effort to find more applications for the distributed-computing technology that underlies its file-sharing software. It launched BitTorrent Sync last year to provide an alternative to cloud-based programs that synchronize files across multiple devices. Shortly before that it unveiled BitTorrent Bundles, a publishing platform for digital content. The company has been working on Bleep at least since September, when it announced its plan to develop a secure online chat service.

Online calling and messaging services typically seek to preserve privacy by scrambling the communications between the sender and the recipient. The problem is that they rely on central servers to handle the electronic signals that establish the connection. The metadata that passes through those servers can be monitored or intercepted, potentially exposing the calls and texts themselves to surveillance, as leaked NSA data has revealed about Skype and other Voice over Internet Protocol services.

Bleep encrypts its traffic too, as well as enabling users to keep their identities secret even from those with whom they're communicating. But the main reason it's more secure, the company says, is because it has no central servers. "We are not even storing data temporarily on servers and then deleting it," Farid Fadaie, head of the Bleep project, wrote in a blog post Wednesday. "We never have the metadata in the first place."

Nor does anyone else. Unlike BitTorrent's file-sharing technology, there are no central, surveillance-susceptible indices helping to connect one user to another. Instead, when User X tries to start a call or send a text to User Y, X's Bleep software asks other BitTorrent users if they know Y's IP address. Their query eventually reaches a computer that Y's Bleep software has made contact with, revealing Y's address. The information is sent back to X, enabling X and Y to connect directly.

"Consider Bleep your personal redaction pen controlled by you and only you," Jaehee Lee, senior product manager at BitTorrent, wrote in a blog post Wednesday. "Anything you say is Bleep-ed out to us and everyone else for that matter."

This seems technologically nifty, but who would go to the trouble of running Bleep when millions of people around the world can easily be reached through Skype, WhatsApp or any number of other VOIP and chat apps? Lee offered four possible use cases: diplomats sharing sensitive dispatches, businesses safeguarding communications from industrial espionage, reporters protecting sources, or friends keeping their conversations private.

I could suggest any number of less noble uses for the software too. But as with the BitTorrent protocol itself, Bleep shouldn't be judged by the things people do with it. Instead, it should be judged by its ability to deliver on its promise of security.

The technology isn't interoperable with other chat or VOIP clients, at least not at this point, so its utility will be limited unless and until it gains a critical mass of users. The tremendous popularity of the BitTorrent protocol gives Bleep a strong global foundation, but not much else. That could change, though, if Bleep were built into updated versions of the apps people use to share torrent files.

One other potential factor is whether Congress changes the 1994 Communications Assistance for Law Enforcement Act to require data communications services to support wiretaps, as the Justice Department and federal security agencies have sought. Today, the wiretap requirement applies only to phone networks (including mobile ones) and online services that are effective substitutes for them (such as Vonage). If CALEA were extended to all online voice and messaging services, BitTorrent might be faced with the choice of withdrawing Bleep somehow from the United States or re-engineering it to remove its distinguishing feature.
http://phys.org/news/2014-08-bittorr...messaging.html





Did Google Go Too Far?
Julie Bort

A Houston man has been arrested after Google sent a tip to the National Center for Missing and Exploited Children saying the man had explicit images of a child in his email, according to Houston police.

The man was a registered sex offender, convicted of sexually assaulting a child in 1994, reports Tim Wetzel at KHOU Channel 11 News in Houston.

"He was keeping it inside of his email. I can't see that information, I can't see that photo, but Google can," Detective David Nettles of the Houston Metro Internet Crimes Against Children Taskforce told Channel 11.

After Google reportedly tipped off the National Center for Missing and Exploited Children, the center alerted police, who used the information to get a warrant.

A search of the man's other devices revealed more suspicious images and text messages. Police arrested him and he's being held on a $200,000 bond.

On one hand, most people would certainly applaud the use of technology to scan email in a case like this.

On the other, debate rages about how much privacy users can expect when using Google's services like email. In a word: none.

A year ago, in a court brief, Google said as much. Then, in April, after a class-action case against Google for email scanning fell apart, Google updated its terms of service to warn people that it was automatically analyzing emails.

Considering Google has been working to fight online child sexual abuse since 2006, it stands to reason the company would scan emails looking for those sorts of images. Google has never come right out and said so, but hinted strongly at it about a year ago when Jacquelline Fuller, director of Google Giving, specifically mentioned the National Center's "CyberTipline" in a blog post. The CyberTipline receives leads and tips regarding suspected crimes.

Fuller explained:

In 2011, the National Center for Missing & Exploited Children’s (NCMEC’s) Cybertipline Child Victim Identification Program reviewed 17.3 million images and videos of suspected child sexual abuse. ...

Since 2008, we’ve used 'hashing' technology to tag known child sexual abuse images, allowing us to identify duplicate images which may exist elsewhere. ...

We’re in the business of making information widely available, but there’s certain 'information' that should never be created or found. We can do a lot to ensure it’s not available online—and that when people try to share this disgusting content they are caught and prosecuted.


Online service providers like Google are required under federal and many states’ laws to report child pornography when they find it, attorney Chris Jay Hoofnagle, director of information privacy programs at the Berkeley Center for Law & Technology tells Business Insider.

However they are under no obligation to go out and look for it, Hoofnagle says. "But if you look and you see it, you have to report."

We reached out to Google for comment and will update the story if we hear back.
http://www.businessinsider.com/polic...-arrest-2014-8





Microsoft Tip Leads to Child Porn Arrest in Pennsylvania
Leo Kelion

A tip-off from Microsoft has led to the arrest of a man in Pennsylvania who has been charged with receiving and sharing child abuse images.

It flagged the matter after discovering that an image involving a young girl had been allegedly saved to the man's OneDrive cloud storage account.

According to court documents, the man was subsequently detected trying to send two illegal pictures via one of Microsoft's live.com email accounts.

Police arrested him on 31 July.

The man, in his twenties, has since been placed in a county correctional facility and has yet to enter a plea. A preliminary court appearance is scheduled for next week.

A copy of the affidavit detailing the case against the defendant has been published online by a news site specialising in leaked law enforcement documents.

It claims that the man acknowledged acquiring the pictures through Kik Messenger, a chat app, as well as "trading and receiving images of child pornography on his mobile cellular device".

The BBC spoke to one of the officers involved, Trooper Christopher Hill from the Pennsylvania State Police, who confirmed the affidavit was genuine and that Microsoft had instigated the investigation.

But he said he could not discuss any of the case's specifics because it was still an "open investigation".

He did, however, add that he was aware of other instances of "internet carriers" passing on similar details in other inquiries.

Automated image scans
The details have emerged a week after it was first reported that Google had handed over the identity of a Texas-based user after detecting suspected child abuse imagery in his Gmail account. The 41-year-old was arrested as a consequence of Google's action.

The cases highlight the fact that commonly-used internet services are not private.

One campaign group said tech firms must be explicit about how they monitor users' accounts.

"Microsoft must do all that it can to inform users about what proactive action it takes to monitor and analyse messages for illegal content, including details of what sorts of illegal activity may be targeted," commented Emma Carr, acting director of the campaign group Big Brother Watch.

"It is also important that all companies who monitor messages in this way are very clear about what procedures and safeguards are in place to ensure that people are not wrongly criminalised, for instance, when potentially illegal content is shared but has been done so legitimately in the context of reporting or research."

Microsoft's terms and conditions for its US users explicitly state that it has the right to deploy "automated technologies to detect child pornography or abusive behaviour that might harm the system, our customers, or others".

Disrupting photo trades
Neither Google nor Microsoft handed over the material directly to the police.

Instead both companies contacted the National Center for Missing and Exploited Children's CyberTipline, which serves as the US's centralised reporting system for suspected child sexual exploitation.

Microsoft has openly discussed its use of image-processing software to detect suspected paedophiles in the past, including an interview with the BBC in 2012.

Following the most recent case, Mark Lamb from the company's Digital Crimes Unit released a statement.

"Child pornography violates the law as well as our terms of service, which makes clear that we use automated technologies to detect abusive behaviour that may harm our customers or others," he wrote.

"In 2009, we helped develop PhotoDNA, a technology to disrupt the spread of exploitative images of children, which we report to the National Center for Missing and Exploited Children as required by law."

PhotoDNA creates a unique signature for each image, similar to a fingerprint, to help pictures be matched.

This is done by converting the picture into black-and-white, resizing it and breaking it into a grid. Each grid cell is then analysed to create a histogram describing how the colours change in intensity within it, and the information obtained becomes its "DNA".

The technique means that if a copy of a flagged photo appears in one of Microsoft's user's accounts, the firm can be alerted to the fact without its staff having to look at the picture involved.

Because the amount of data involved in the "DNA" is small, Microsoft can process and compare images relatively quickly.

"[It] allows us to find the needle in the haystack," says promotional material for the software.

Google also uses PhotoDNA, alongside its own in-house technologies, to detect child abuse images,

In addition, the software is used by Facebook and Twitter, among others.
http://www.bbc.com/news/technology-28682686





There's A Bizarre Reason Why Julia Louis-Dreyfus Has Been Banned From Facebook
Caroline Moss

On Thursday night's "Late Show With David Letterman," hilarious "Veep" star Julia Louis-Dreyfus confessed she had recently been banned from Facebook.

Why? Well, if you recall her April "Rolling Stone" cover featuring a barely covered Louis-Dreyfus with a tattoo of the Constitution, you may notice something not quite right.

"My husband Brad called me," Louis-Dreyfus told Letterman, "and he was like, 'flag on the play — John Hancock didn't sign the Constitution.'"

Hancock signed the Declaration of Independence.

"Who cares what he signed!" Letterman laughed.

As a joke, Louis-Dreyfus gets the idea to put out a baby photo on Facebook that shows baby Julia with a John Hancock signature tattoo "as if I've always had it," she explains to a hysterically laughing audience.

The photo was posted to Twitter and Facebook by Louis-Dreyfus.

"I try to get back on my Facebook and it's like, 'insensitive material! Inappropriate!' They think I'm a pervert. It's [a photo of me!]. I can't get into my account."
http://www.businessinsider.com/julia...acebook-2014-8





The Scourge Of Zero Rating
Fred Wilson

It seems like every week I read another article about a mobile carrier offering some incredible deal to eat the mobile data costs you rack up using certain apps.

The most recent was the news that Sprint will sell at data plan that “only connects to Facebook and Twitter”.

Many on the Internet are up in arms about “net neutrality” amid concerns that the wireline carriers will discriminate between or block applications on their networks. I’m a supporter of net neutrality regulations, but it’s worth pointing out that wireline carriers haven’t done a lot of discriminating and blocking on their networks over the past 20 years of the commercial internet.

And yet in mobile data, there is discrimination and blocking all over the place. The main kind of discrimination is called “zero rating” in which a mobile carrier makes a deal with certain applications to eat the mobile data charges a user racks up when using certain apps. A good example of that is T-Mobile’s deal with a bunch of music apps announced back in June.

The pernicious thing about zero rating is that it is marketed as a consumer friendly offering by the mobile carrier – “we are not charging you for data when you are on Spotify”.

But what all of this zero rating activity is setting up is a mobile internet that looks a lot more like cable TV than our wide open Internet. Soon a startup will have to negotiate a zero rating plan before launching because mobile app customers will be trained to only use apps that are zero rated on their network.

I strongly encourage policy makers, policy wonks, internet activists, and anyone who cares about protecting an open internet for all to take a hard look at zero rating. Like all the best scourges, it’s a wolf in sheep’s clothing.
http://avc.com/2014/07/the-scourge-of-zero-rating/





Verizon Response to FCC's Throttling Concerns: Everyone's Doing It
Chris Welch

Verizon Wireless has officially responded to FCC Chairman Tom Wheeler and his data throttling concerns. The Verge has obtained a copy of the carrier's response, dated August 1st, which was written by Kathleen Grillo, the company's SVP of Federal Regulatory Affairs. In it, Verizon underlines the notion that customers will only experience slowdowns "under very limited circumstances." It will only happen at "particular cell sites experiencing unusually high demand," the letter reads. We've outlined the other factors that could result in reduced data speeds previously.

Verizon notes that any throttling will cease immediately when demand on a strained cell site returns to normal. "Our practice is a measured and fair step to ensure that this small group of customers do not disadvantage all others in the sharing of network resources during times of high demand." The carrier insists only big data users who "have an out-sized effect on the network" will be slowed down.

Verizon claims those same people almost always have unlimited data plans and have "no incentive not to" hog up network resources. The top 5 percent of data users will be subject to LTE throttling beginning in October. It may sound difficult to reach that level of data usage, but keep in mind that right now Verizon says exceeding 4.7GB of data would put you there. "We are providing this notice several months in advance to be open and transparent with our customers about network management practices that could affect their service."

More importantly, Verizon also hammers on the fact that it's by no means la. Every other major wireless provider in the United States — AT&T, Sprint, and T-Mobile — has already implemented some form of data throttling or "network optimization" as it's often called. "This practice has been widely accepted with little or no controversy," writes Grillo. Verizon goes a step further and says its competitors often have "less tailored" policies that can impact customers even when network congestion isn't an issue. Here the company takes a shot at John Legere and T-Mobile, pointing out that the "Uncarrier" gives itself the right to throttle "regardless of whether customers are at a location experiencing congestion."

Comcast should probably pay attention here, since Verizon's letter essentially dismisses the idea of LTE being a viable replacement for home internet. "The network's capacity remains a shared and limited resource that we must manage to provide the best experience for all of our consumers," Verizon says. And yes, that's even with XLTE and other network initiatives factored in. In response to Wheeler's reference to C Block rules and the FCC's Open Internet Order, Verizon seems confident that everything it's doing is perfectly legal and already permitted under current law. "Our customers continue to be free to go where they want on the internet and to use the applications, services, and devices of their choice."
http://www.theverge.com/2014/8/4/596...ottling-letter





FCC Chairman Rejects Verizon's Throttling Defense

The wireless carrier's argument that "all the kids do it" isn't good enough, the official says in a press conference.
Roger Cheng

Verizon's justification that it should be able to slow down its most active unlimited data customers doesn't fly with Federal Communications Commission Chairman Tom Wheeler.

"'All the kids do it' is something that never worked with me when I was growing up, and it didn't work my kids," Wheeler said, a reference to Verizon's argument that its policy was consistent with the other wireless carriers.

The Washington Post previously reported on the comments. CNET confirmed them with the FCC.

Wheeler's response Friday is the latest in a back-and-forth debate sparked by Verizon's decision in late July to extend its policy of slowing down the top 5 percent of unlimited 3G data customers to 4G customers -- a practice some refer to as throttling. Wheeler sent a letter to the carrier saying he was "disturbed" by the policy change, eliciting a written response from Verizon defending the practice.

"We were very surprised to receive that letter," Verizon Wireless CEO Dan Mead said to reporters on Monday. "There were many parts that were incorrect. We have great respect for the FCC, but I'm not sure the chairman understood what we're doing exactly."

Mead emphasized that the FCC seemed fine with how Verizon managed its network when the policy was first put in place for 3G users in 2011. He questioned why the agency would have a problem with the policy now as Verizon expands it to include 4G LTE customers later this year.

Verizon responded to the FCC in a letter that claimed the policy change was consistent other carriers and the 2010 Open Internet Order.

But Wheeler said he didn't buy the argument. The FCC said Wheeler sent similar letters to the other three national carriers -- AT&T, Sprint, and T-Mobile -- asking about their own policies.

Verizon declined to respond to Wheeler's latest comments.

Verizon has argued that it doesn't "throttle" its customers because even if it slows down a connection, it is for a temporary period to help alleviate a specific bandwidth problem. That differs from the policy that a company like T-Mobile has, which will slow down the connection of a customer once they hit their allotted amount of data.

"The difference between our Network Optimization practices and throttling is network intelligence," Verizon said in a blog post.

The change doesn't go into effect until October.

Critics see it as a way to force Verizon's unlimited data customers off of their existing plans and toward a tiered shared data plan that a majority of its subscribers sign up for. Under such a plan, a customer who goes over the allotted data gets charged an overage fee.
http://www.cnet.com/news/fcc-chairma...tling-defense/





FCC Asked Six More ISPs, Content Providers to Reveal Paid Peering Deals

But "this isn't a regulatory exercise"—and the public is still in the dark.
Jon Brodkin

The Federal Communications Commission investigation of how network interconnection problems affect the quality of Internet service began when the FCC obtained the paid peering deals Netflix signed with Comcast and Verizon.

The FCC has asked another six Internet service providers and content providers for copies of similar agreements, a commission official told Ars this week. The FCC will likely announce more details of its probe in the fall, but the public probably won't see any specific details of the contracts. Ars sent the commission a Freedom of Information Act (FOIA) request to obtain Netflix's contracts with Comcast and Verizon, but it was denied due to their confidential nature.

That's no surprise, but it may be tricky for FCC Chairman Tom Wheeler to fulfill his stated goal of explaining to the public how interconnection disagreements affect the quality of streaming video and other Web services.

When Wheeler announced the investigation in June, he said he intends to bring transparency to network interconnection:

Consumers want transparency. They want answers. And so do I.

The bottom line is that consumers need to understand what is occurring when the Internet service they’ve paid for does not adequately deliver the content they desire, especially content they’ve also paid for. In this instance, it is about what happens where the ISP connects to the Internet. It’s important that we know—and that consumers know.


Given that statement, we sent a FOIA to the FCC on June 16 to obtain the Netflix deals as well as any others the commission gets a hold of. FCC Wireline Competition Bureau Chief Kirk Burgee notified us on July 15 that the FCC would not be able to meet the response deadline because it needed to "consult with two or more components of the Commission that have a substantial subject-matter interest in the determination of your request." We got a full response on July 29 and then spoke with an FCC official for further background yesterday.

"Verizon, Netflix, and Comcast filed requests for confidential treatment of the agreements in their entirety," the FCC's response to Ars said. "In support of its request for confidential treatment, Comcast asserts that, if its agreement were disclosed, competitors would gain valuable insight into the parties' business practices, internal business operations, technical processes and procedures, and information regarding highly confidential pricing and sensitive internal business matters to which competitors otherwise would not have access."

Additionally, Verizon and Netflix asserted that their agreement is exempt from FOIA disclosure under an exemption that protects trade secrets and confidential commercial or financial information.

"In this case, Verizon and Netflix assert, the agreement contains highly sensitive, detailed commercial and financial terms including pricing, forecasts, capacities, and network information that the parties do not make available to the public," the FCC's response to our FOIA said.

The FCC agreed with the companies' arguments and denied our request. That's understandable from a legal perspective and a practical one: the FCC isn't likely to get access to much confidential information if it blasts it all out to the public.

"It's important to point out that this is voluntary," the FCC official told Ars. "It's a voluntary request and there is no forcing mechanism."

The FCC official would not say which companies other than Netflix, Comcast, and Verizon got the requests, although Wheeler said in June that he would try to get information from the Google-owned YouTube. Google, Amazon, Facebook, Microsoft, and other companies have direct connections with ISPs, the financial details of which have not been disclosed.

New regulations aren’t likely

The investigation was spurred by months of Netflix problems on ISPs such as Comcast, Verizon, and AT&T. Eventually, Netflix agreed to pay the ISPs for direct connections to their networks in order to avoid congestion that makes streaming video play slowly, in lower quality, or not at all.

So far, it does not appear that the FCC will create any rules governing the interconnection market. "This is not a regulatory exercise. It's strictly information gathering," the FCC official said. When asked if it could turn into a regulatory exercise, the official said the next steps will "depend on what the attorneys and engineers find as a result of this information gathering."

The FCC admits that it knows little about the interconnection market. The commission's 2010 net neutrality rules, which were mostly struck down in court, targeted the "last mile"—the point from which traffic enters an ISP's network and starts traveling toward consumers. The rules did not apply to how ISPs connect their networks to the rest of the Internet. The FCC has proposed a new set of net neutrality rules, but as currently written, these rules would not cover interconnection, either.

"Interconnection is an area that the commission hasn't studied before, and to make sure the public is being served, we need to educate ourselves about how the ecosystem is working," the FCC official said.

Besides the companies the FCC has requested contracts from, the commission is "meeting with others to understand all the angles of interconnection," the official said. The commission is examining the "competitive dynamics" of the market, and "taking time to hear the different viewpoints about the state of interconnection today from the different actors in the ecosystem."

When the 2010 rules were issued, "interconnection wasn't necessarily as dominant and prevalent as it is now, these peering arrangements," the FCC official said. Streaming video and other bandwidth-heavy applications have also become more popular since then, taking over a larger share of Internet traffic.

"Chairman wheeler decided consumers needed to understand the points of congestion and how traffic is being managed across the network in general, not necessarily limited to the last mile," the official said.

It's still too early to say what types of details the FCC will make public. It's "premature to say how we would explain to consumers what's going on before we have a good handle of what's going on ourselves," the official said.
http://arstechnica.com/business/2014...peering-deals/





Sprint/T-Mobile Plan to Buy Spectrum Together May Be Blocked by FCC

Sprint and T-Mobile are still separate companies, but they're acting like one.
Jon Brodkin

A proposal from FCC Chairman Tom Wheeler would block an attempt by Sprint and T-Mobile US to buy spectrum together in the incentive auction that will transfer airwaves from broadcast TV stations to cellular carriers next year.

Incentive auction will help smaller carriers, free up unlicensed airwaves.
Announced on Friday, Wheeler's proposal seeks to help the smallest wireless companies develop business partnerships with larger ones. But it would not allow partnerships between the biggest carriers, since more than 95 percent of US customers are served by either AT&T, Sprint, T-Mobile, or Verizon Wireless.

"Our goal is to promote the participation of as many parties as possible in the auction," FCC Wireless Telecommunications Bureau Chief Roger Sherman wrote Friday. "If two of the largest companies are able to bid as one combined entity in the auction, their combined resources may have the effect of suppressing meaningful competition. Therefore, the item tentatively concludes that joint bidding arrangements between nationwide providers should not be allowed."

That's bad news for Sprint and T-Mobile. "The two rivals are working with separate teams and outside counsels to form a joint-bidding venture to participate in the Federal Communications Commission’s airwave auction next year," Bloomberg reported last month. "The bidding alliance is part of a push by Masayoshi Son, whose SoftBank Corp. controls Sprint, to sway skeptical regulators as it tries to take over T-Mobile. By pooling their resources in the auction, the companies would be able to pay more to the federal government to acquire wireless spectrum—demonstrating that a full merger would help the companies make bigger investments in their networks, benefiting consumers."

A Sprint/T-Mobile merger would result in the US having three major nationwide carriers instead of the current four. The companies haven't finalized an agreement yet, but if they do it will face scrutiny from antitrust officials who previously blocked an AT&T/T-Mobile merger.

French company Iliad is also bidding on T-Mobile, but T-Mobile owner Deutsche Telekom has reportedly turned down Iliad's offer.

Wheeler's proposal would encourage smaller companies to participate in the broadcast TV auction and other spectrum auctions by letting them "leverage business partnerships with larger companies through more flexible leasing arrangements to gain access to capital and cash flow, not to mention operational experience," Sherman wrote.

"Of course, this policy will have to be policed," he continued. "Some may try to take advantage of this flexibility to gain a discount for large incumbents, which we will not allow. We will be on the lookout for such abuse and enforce our rules vigorously. Protection will come from the proposal’s focus on who is 'calling the shots.' The small business entrepreneur must exercise independent decision-making authority. If the small business is a stalking horse for another party, then the bidding credit will be lost."
http://arstechnica.com/business/2014...locked-by-fcc/





Sprint Drops Bid to Buy T-Mobile after Regulatory Resistance
Soyoung Kim, Marina Lopes and Yoshiyasu Shida

Sprint Corp (S.N) has dropped its bid to acquire No. 4 U.S. carrier T-Mobile U.S. Inc (TMUS.N) after regulatory resistance showed no signs of softening despite months of lobbying, people familiar with the matter told Reuters.

The move is a rare setback for Sprint's Japanese parent SoftBank Corp (9984.T), whose billionaire founder Masayoshi Son had seen the acquisition as key to taking on U.S. market leaders AT&T Inc (T.N) and Verizon Communications Inc (VZ.N).

Sprint, the No. 3 U.S. carrier, and T-Mobile have not ruled out consolidation in the future but concluded that a deal is unlikely to be approved at this time, the sources said. U.S. regulators have insisted that they want to keep the number of major wireless carriers at four.

"We didn't think the opposition would be this strong," a SoftBank executive said, but added: "The environment will definitely change".

The failure to reach a deal could give added impetus to a rival bid for T-Mobile by French telecoms firm Iliad (ILD.PA). Iliad made a lower bid than Sprint but is in talks with U.S. cable and satellite companies to sweeten its offer.

In the wake of the failed talks, Sprint will appoint a new CEO - Marcelo Claure, founder of mobile phone distributor Brightstar Corp which was acquired by SoftBank last year, a separate person with knowledge of the matter said. Claure, who has won a string of awards for entrepreneurship, joined Sprint's board in January.

He will replace Dan Hesse who has been CEO of Sprint since 2007. Hesse led a rip-and-replace overhaul to modernise Sprint's network but it caused cellular sites to go black and the company to hemorrhage subscribers.

Sources declined to be identified as the matter has not been disclosed by the companies publicly. Representatives for Sprint and SoftBank declined a request for comment. T-Mobile did not immediately respond to a request for comment.

Sprint shares were down 16 percent and T-Mobile shares were down 9 percent in after-hours trading.

SoftBank's shares closed down 3.5 percent on Wednesday.

SPRINT SET FOR HARDER RACE

Although Sprint's earnings have improved on the back of cost reductions, without T-Mobile its path to growth is unclear and it is expected to struggle.

"If you add up Sprint's annual capital expenditure and interest payments, it cannot cover them from its annual operating cash flow. If things stay the way they are, they'll be in dire straits," said Norito Shimizu, senior researcher at InfoCom Research Inc.

SoftBank bought 80 percent of Sprint last year for some $20 billion, just one of many aggressive acquisitions by Son who has built SoftBank from a small software publisher into Japan's second-most valuable listed company. He has vowed to make SoftBank the world's largest Internet media company.

The SoftBank executive added that despite the setback, the company had plenty of other irons in the fire in the U.S. market, citing last month's poaching of Google Inc (GOOGL.O) Chief Business Officer Nikesh Arora to head up SoftBank Internet and Media Inc, a planned U.S. subsidiary.

ILIAD'S CHANCE?

Sprint had agreed to pay $40 per share under the broad terms of an agreement worked out with Deutsche Telekom AG (DTEGn.DE) T-Mobile's majority owner, following months of talks.

By contrast, Iliad has so far offered only $33 per share for a 56.6 percent stake in T-Mobile. Possible partners to help it sweeten its bid include Dish Networks (DISH.O), Cox Communications [COXC.UL] and Charter Communications (CHTR.O), sources have said.

T-Mobile has taken the industry by surprise with aggressive pricing plans and no-contract campaigns, boosting its customer numbers and posting its first net profit in a year in the second quarter.

Roger Entner, analyst at Recon Analytics in Boston, said the announcement could signal the tables may have turned on Deutsche Telekom.

"As long as there was a Sprint offer on the table, bargaining power was with Deutsche Telekom. Now the bargaining power is with Iliad," he said.

The failure of the Sprint-T-Mobile talks was first reported by the Wall Street Journal.

The announcement marks the second blockbuster deal to be abandoned on Tuesday after Rupert Murdoch pulled the plug on Twenty-First Century Fox's (FOXA.O) bid for Time Warner (TWX.N).

(Additional reporting by Liana B. Baker in New York and Teppei Kasai in Tokyo; Editing by Edmund Klamann, Lisa Shumaker, Ken Wills and Edwina Gibbs)
http://www.reuters.com/article/2014/...0G52JV20140806





Rupert Murdoch's Fox Abandons Time Warner Takeover Bid
Jennifer Saba and Soyoung Kim

Rupert Murdoch's Twenty-First Century Fox (FOXA.O) decided to pull its $80 billion offer to buy Time Warner Inc (TWX.N) on Tuesday, abandoning plans to create one of the world's largest media conglomerates.

The surprise announcement appeared to cut short what many investors had viewed as an inevitable battle of attrition over a deal that would have joined two of Hollywood's biggest studios and TV networks from TNT to Fox News.

Still, some investors wondered whether the move could be a shrewd effort to drive down the stock, prompting Murdoch to re-enter the fray later on.

"This could easily be part of their negotiating strategy," said Brett Harriss, an analyst with Gabelli & Co, who said Fox could still try again later.

Murdoch, who is Fox's chairman and CEO, cited Time Warner's management and its board's refusal to come to the table to discuss a takeover as one reason for the stunning turnabout.

"Our proposal had significant strategic merit and compelling financial rationale and our approach had always been friendly. However, Time Warner management and its board refused to engage with us to explore an offer which was highly compelling," he said in a statement released after the market closed on Tuesday.

He also cited Fox's share price - down about 11 percent since the offer was unveiled on July 16 - saying it had become undervalued, making the deal "unattractive to Fox shareholders."

The news of the collapse of the Fox-Time Warner deal was followed - about three hours later - by the implosion of another deal: Sprint Corp's (S.N) surprise decision to drop its pursuit of T-Mobile US Inc (TMUS.N). It was unclear whether the two cancelled deals presaged any kind of a wider slowdown in what has been a red-hot M&A market in recent months.

Time Warner, which had fiercely resisted Murdoch's advance, issued a statement saying it was committed to enhancing long-term value. "We look forward to continuing to deliver substantial and sustainable returns for all stockholders," the statement said.

Shares of Fox rose 10.4 percent in after-market trade after closing at $31.30. Shares of Time Warner fell 10.7 percent after closing at $85.19.

A source familiar with the matter said that there were no other likely bidders for Time Warner at this point.

Still, Time Warner shares are trading at a premium to the offer, suggesting that some investors believe another buyer could emerge or Fox may return.

But additional people familiar with the matter said Fox, which split off from News Corp last year, is serious about walking away from Time Warner. They cited its announcement of a $6 billion stock buyback. The people were not authorized to speak to the media about the deal.

'NEGOTIATING STRATEGY'?

Fox's withdrawal may raise pressure on Time Warner to justify its refusal to engage in negotiations.

Both Fox and Time Warner are set to report their quarterly earnings on Wednesday and will face questions from investors and analysts about their future strategies.

The combined companies would have created a media powerhouse with two major studios, cable networks, sports programming and pay-TV channel HBO. A tie-up would have added more muscle to negotiate against media distribution companies that have been going through their own mergers like Comcast's (CMCSA.O) deal to buy Time Warner Cable (TWC.N) and AT&T's (T.N) proposal to takeover DirecTV (DTV.O).

The move to walk away is an uncharacteristic one for Murdoch, the 83-year-old media mogul known for his deal-making prowess.

He pounced on Dow Jones in 2007, the publisher of The Wall Street Journal, after making an offer to the Bancroft family that was too good to refuse.

At $5 billion, representing roughly a 67 percent premium, many thought that Murdoch overpaid. News Corp had to write down half the value a few years later.

Jason Subotky, partner and portfolio manager at Yacktman Asset Management, a large Fox shareholder said, "They showed a willingness to be bold with the proposal and yet were very disciplined. We think this is recognition that buying their own shares back is the most attractive use of capital at this point."

For now, the statement from Murdoch signals that shareholder value trumps desire.

"This significant return of capital underscores the company's ongoing commitment to disciplined capital allocation and returning value to shareholders in a meaningful way," Murdoch said in a statement, referring to the buyback plan.

(Additional reporting by Liana Baker, Ross Kerber and Lehar Maan; Editing by Maju Samuel, Andrew Hay, Bernard Orr and Ken Wills)
http://www.reuters.com/article/2014/...0G529X20140806





You Won’t Believe What Happens When Comcast and TWC Face Actual Competition
Brad Reed

For the past couple of years, we’ve been alternately amused and horrified whenever cable company bigwigs have told us that we don’t really “need” fast speeds like those offered by Google Fiber, so why bother significantly investing in infrastructure upgrade? It turns out, however, that both Comcast and Time Warner Cable have quickly changed their tunes now that they’re feeling the actual heat of free market competition for the first time in years.

Consumerist notices that Comcast and TWC both have just happened to significantly boost speeds in the Kansas City metropolitan area, which also happens to be the first area where Google has launched Google Fiber. These speed increases aren’t anything close to what Google is offering with Google Fiber, of course — Comcast customers who subscribe to its 25Mbps service will get a speed boost up to 50Mbps, 50Mbps customers will get a speed boost up to 105Mbps and 105Mbps customers will get bumped up to 150Mbps, all completely free of charge.

We imagine that there have been a lot of very tense, awkward calls in the Kansas City area recently from customers who are informing their cable companies that their slow, overpriced services will no longer be required.
http://bgr.com/2014/08/05/comcast-twc-vs-google-fiber/





The Competition for High-Speed Fiber Optic Internet is Escalating in 13 Cities
Brian Fung

The gigabit fiber war just got a little hotter.

Louisiana-based broadband provider CenturyLink said Tuesday that it's expanding its fiber optic service — with speeds of 1 gigabit per second — to 13 new cities. The speeds will be "symmetrical," meaning that users will get the same upload speeds as their download speeds.

Residential fiber service will cost $79.95 when bundled with other services, CenturyLink spokeswoman Linda Johnson said. (By comparison, the publicly owned fiber optic Internet service in Chattanooga, Tenn. costs $70 a month for gigabit speeds, and $57 a month for speeds of 100 megabits per second.)

Gigabit Internet is roughly 100 times faster than the current national average. While most Internet providers are still providing asymmetrical speeds where the download rate is much faster than the upload rate, that's beginning to change; last month, Verizon announced it was rolling out symmetrical speeds for its FiOS customers.

The list of new cities getting CenturyLink residential fiber includes Seattle, Portland, Denver, Minneapolis-St. Paul, Orlando, and Columbia and Jefferson City, Mo. Businesses will be able to take advantage of gigabit service in all those cities, as well as in Phoenix, Tuscon, Albuquerque, Spokane, Wash., Colorado Springs, and Sioux Falls, S.D.
http://www.washingtonpost.com/blogs/...-in-13-cities/





43Tbps Over a Single Fiber: World’s Fastest Network Would Let You Download a Movie in 0.2 Milliseconds
Sebastian Anthony

A research group at the Technical University of Denmark (DTU), which was the first to break the one-terabit barrier in 2009, has today managed to squeeze 43 terabits per second over a single optical fiber with just one laser transmitter. In a more user-friendly unit, 43Tbps is equivalent to a transfer rate of around 5.4 terabytes per second — or 5,375 gigabytes to be exact. Yes, if you had your hands on DTU’s new fiber-optic network, you could transfer the entire contents of your 1TB hard drive in a fifth of a second — or, to put it another way, a 1GB DVD rip in 0.2 milliseconds.

The previous record over a single optical fiber — 26 terabits per second, set by Karlsruhe Institute of Technology way back in 2011 — had remained unbroken for a surprisingly long period of time. DTU set a series of single-fiber world records in 2009 and 2011, but had since been forced to sit in Karlsruhe’s shadow — until now. This was obviously a pain point for the DTU researchers — the press release [Danish] announcing the new world record actually calls out Karlsruhe by name. I guess a bit of friendly competition never hurt anyone though, right?

Colorful fiber optic

The main thing about this world record is DTU’s use of a single laser over a single fiber. There have been plenty of network demonstrations of hundreds or even thousands of terabits (petabits) per second with multiple lasers over multiple fibers — but those demos are so far removed from the reality of fiber-optic networking that they’re not really worth discussing. When we talk about commercial fiber-optic links, we’re nearly always talking about single-laser-single-fiber, because that’s what the entire internet backbone is built upon. In other words, the techniques used by DTU to hit 43Tbps actually have a chance of making it into real-world networks in the next few years. You might soon be able to download a TV show or movie in quite literally the blink of an eye. [Read: Infinite-capacity wireless vortex beams.]

How did the DTU hit 43Tbps and steal the world record away from Karlsruhe? Well, rather amusingly, they kind of cheated. While the researchers did only use a single laser, it used multi-core fiber. This is still a single filament of glass fiber, but it has multiple individual channels that can each carry their own optical signal. In this case, DTU used multi-core optical fibers with seven cores, produced by Japanese telecom giant NTT. Back in 2011 when Karlsruhe set its 26Tbps record (with a single-core fiber), multi-core fibers were both difficult and expensive to manufacture — now, in 2014, it would seem the bugs have been ironed out and NTT is moving ahead with commercial deployments. The photo at the top of the story, incidentally, is an experimental hollow-multi-core fiber developed by DARPA.

Beyond the DTU’s use of multi-core fiber, there’s sadly very little info on how they actually squeezed 5.4 terabytes of data per second over a single fiber. The usual method of boosting speeds over fiber is either SDM or WDM (spatial and wavelength-division multiplexing) — i.e. using different frequencies of light for each signal, or staggering each signal by a few microseconds, so that the signals don’t collide.

Currently, the fastest commercial single-laser-single-fiber network connections max out at just 100Gbps (100 Gigabit Ethernet). The IEEE is currently investigating the feasibility of either a 400Gbps or 1Tbps Ethernet standard, with ratification not due until 2017 or later. Obviously DTU’s 43Tbps won’t have much in the way of real-world repercussions for now — but it’s a very good sign that we’re not going to run out of internet bandwidth any time soon. (Customers of awful ISPs excepted, of course.)
http://www.extremetech.com/computing...2-milliseconds





Trolls Paid by a Telecom Lobbying Firm Keep Commenting On My Net Neutrality Articles
Lee Fang

Have you ever read the comment section of a blog post or news article and thought, Damn, these trolls must be paid by someone?

On the pages of VICE and an investigative website I help manage called Republic Report, I've covered the net neutrality debate—whether Internet Service Providers (ISPs) should be able to create internet fast and slow lanes, or if, instead, all content should be treated equally. A writer and attorney named Kristal High has been attacking me in the comment section throughout the year.

For a story about how civil rights groups with funding from Comcast and other telecom companies wrote a letter to the Federal Communication Commission (FCC) supporting the agency’s proposal to gut net neutrality, High showed up in the comment section to call me "paternalistic." After I published a story last week about how a Comcast-affiliated African American news outlet decided to delete a story I wrote about net neutrality upon being contacted by an advocacy group tied to the telecom industry, High appeared in the comment section once again to troll me. She claimed that I am wrong to be critical of the FCC's plan and that I have been wasting my time by focusing on the "lobbying dollars" spent in the debate.

Well, speaking of lobbying dollars, High just admitted on-air that she is being paid by the DCI Group, a lobbying firm founded by Republican operatives to defend the tobacco industry. DCI Group now represents many current net neutrality opponents, including Verizon and Broadband for America, a front for major cable companies we previously investigated at VICE.

High's disclosure went down in a fairly unusual way.

On his program yesterday, radio host David Pakman discussed how he has received pitches from the DCI Group to have commenters on the show to discuss telecom policy—and noticed that these commenters have largely regurgitated industry talking points against a free and open internet. Pakman said he became suspicious of the DCI Group and decided to look them up. After receiving the next pitch from the firm, this time to have Kristal High on to discuss the issue, he invited her to the program and asked point blank if she was being paid by DCI.

"Are individuals like you and Everett Ehrlich, are you paid by DCI?" asked Pakman.

"I think you have to really consider what it is you're suggesting, you're asking there" High responded. "If people are working on different issues, there could be, say, a consulting arrangement that's separate and apart from whatever it is people are advocating for."

"So in other words," Pakman said, "DCI may be paying you as a consultant, but they're not paying you for the media appearances or being a spokesperson for the point of view that their clients espouse."

"Right," said High.

The entire interview, which is posted on YouTube, is worth checking out.

High is the editor and co-founder of a website called Politic365, which calls itself the "the premier digital destination for politics and policy related to communities of color." High's colleagues at the website, including writers Jeneba Jalloh Ghatt and Justin Vélez-Hagan, have also shown up in the comment section of my pieces to defend the FCC's plan to end net neutrality. But a closer look at the group reveals deep ties to the telecom industry, well beyond the revelation that its editor is paid by lobbyists.

Politic365 was "incubated" by the Minority Media and Telecommunications Council, a group profiled last year by the Center for Public Integrity. They found that the outfit takes huge checks from telecom giants to mobilize African American and Latino support for industry priorities, like opposing net neutrality or supporting corporate media mergers.

A look at the archives of Politic365 reveals a laundry list of articles that could be charitably described as friendly to industry objectives. This op-ed on the Politic365 website attacks municipal broadband—which cities have used to provide fiber optic broadband for a fraction of the cost of what traditional cable companies offer—as a "false promise." Another news article on the site muses that the proposed Comcast merger with Time Warner Cable could "benefit minorities." When Comcast merged with NBC, Politic365 also celebrated that conglomeration as somehow beneficial to communities of color.

Politic365's content is distributed widely, and High has published a slew of anti-net neutrality op-eds at the Huffington Post. High has not disclosed her financial relationship with the DCI Group in either of her professional biographies.
 But there have been hints about the funding in the past.

"We found that African Americans are overwhelmingly satisfied with their wireless phone service," High says in a video distributed by MyWireless.org, a group controlled by CTIA The Wireless Association, a trade association for companies such as Verizon and AT&T. The latest tax return for the group shows a contribution of $10,000 to Politic365.

As the debate over net neutrality rages on, we've seen a number of unseemly tactics from the telecom lobby, like duping random environmental groups and librarians into joining pro-industry coalitions. During a discussion last week on Bloomberg TV, Columbia University senior fellow Alec Ross wondered out loud if "phone companies and the cable companies flat out own Congress?” Recent events suggest they do. But the policymaking process is much bigger than simply having a few hundred congressmen in your pocket. You also need an army of comment trolls.
http://www.vice.com/read/trolls-paid...y-articles-806





How to Use Your Cat to Hack Your Neighbor’s Wi-Fi
Andy Greenberg

Late last month, a Siamese cat named Coco went wandering in his suburban Washington, DC neighborhood. He spent three hours exploring nearby backyards. He killed a mouse, whose carcass he thoughtfully brought home to his octogenarian owner, Nancy. And while he was out, Coco mapped dozens of his neighbors’ Wi-Fi networks, identifying four routers that used an old, easily-broken form of encryption and another four that were left entirely unprotected.

Unbeknownst to Coco, he’d been fitted with a collar created by Nancy’s granddaughter’s husband, security researcher Gene Bransfield. And Bransfield had built into that collar a Spark Core chip loaded with his custom-coded firmware, a Wi-Fi card, a tiny GPS module and a battery—everything necessary to map all the networks in the neighborhood that would be vulnerable to any intruder or Wi-Fi mooch with, at most, some simple crypto-cracking tools.

In the 1980s, hackers used a technique called “wardialing,” cycling through numbers with their modems to find unprotected computers far across the internet. The advent of Wi-Fi brought “wardriving,” putting an antenna in a car and cruising a city to suss out weak and unprotected Wi-Fi networks. This weekend at the DefCon hacker conference in Las Vegas, Bransfield will debut the next logical step: The “WarKitteh” collar, a device he built for less than $100 that turns any outdoor cat into a Wifi-sniffing hacker accomplice.

Despite the title of his DefCon talk—”How To Weaponize Your Pets”–Bransfield admits WarKitteh doesn’t represent a substantial security threat. Rather, it’s the sort of goofy hack designed to entertain the con’s hacker audience. Still, he was surprised by just how many networks tracked by his data-collecting cat used WEP, a form of wireless encryption known for more than ten years to be easily broken. “My intent was not to show people where to get free Wi-Fi. I put some technology on a cat and let it roam around because the idea amused me,” says Bransfield, who works for the security consultancy Tenacity. “But the result of this cat research was that there were a lot more open and WEP-encrypted hot spots out there than there should be in 2014.”

In his DefCon talk, Bransfield plans to explain how anyone can replicate the WarKitteh collar to create their own Wifi-spying cat, a feat that’s only become easier in the past months as the collar’s Spark Core chip has become easier to program. Bransfield came up with the idea of feline-powered Wi-Fi reconnaissance when someone attending one of his security briefings showed him a GPS collar designed to let people locate their pets by sending a text message. “All it needed was a Wi-Fi sniffer,” he says. “I thought the idea was hilarious, and I decided to make it.”

His first experiment involved hiding an HTC Wildfire smartphone in the pocket of a dog jacket worn by his coworker’s tabby, Skitzy. Skitzy quickly managed to worm out of the jacket, however, losing Bransfield’s gear. “It was a disaster,” he says. “That cat still owes me a phone.”

Bransfield spent the next months painstakingly creating the WarKitteh, using Spark’s Arduino-compatible open source hardware and enlisting Nancy to sew it into a strip of cloth. When he finally tested it on Skitzy, however, he was disappointed to find the cat spent the device’s entire battery life sitting on his coworker’s front porch.

Coco turned out to be a better spy. Over three hours, he revealed 23 Wi-Fi hotspots, more than a third of which were open to snoops or used crackable WEP instead of the more modern WPA encryption. Bransfield mapped those networks in a program created by an Internet collaborator, using Google Earth’s API. The number of vulnerable access points surprised Bransfield; He says that several of the WEP connections were Verizon FiOS routers left with their default settings unchanged.

Though he admits his cat stunt was mostly intended to entertain himself, he hopes it might make more users aware of privacy lessons those in the security community have long taken for granted. “Cats are more interesting to people than information security,” Bransfield says. “If people realize that a cat can pick up on their open Wi-Fi hotspot, maybe that’s a good thing.”
http://www.wired.com/2014/08/how-to-...mbid=social_fb





Russian Gang Amasses Over a Billion Internet Passwords
Nicole Perlroth and David Gelles

A Russian crime ring has amassed the largest known collection of stolen Internet credentials, including 1.2 billion user name and password combinations and more than 500 million email addresses, security researchers say.

The records, discovered by Hold Security, a firm in Milwaukee, include confidential material gathered from 420,000 websites, including household names, and small Internet sites. Hold Security has a history of uncovering significant hacks, including the theft last year of tens of millions of records from Adobe Systems.

Hold Security would not name the victims, citing nondisclosure agreements and a reluctance to name companies whose sites remained vulnerable. At the request of The New York Times, a security expert not affiliated with Hold Security analyzed the database of stolen credentials and confirmed it was authentic. Another computer crime expert who had reviewed the data, but was not allowed to discuss it publicly, said some big companies were aware that their records were among the stolen information.

“Hackers did not just target U.S. companies, they targeted any website they could get, ranging from Fortune 500 companies to very small websites,” said Alex Holden, the founder and chief information security officer of Hold Security. “And most of these sites are still vulnerable.”

Mr. Holden, who is paid to consult on the security of corporate websites, decided to make details of the attack public this week to coincide with discussions at an industry conference and to let the many small sites he will not be able to contact know that they should look into the problem.

There is worry among some in the security community that keeping personal information out of the hands of thieves is increasingly a losing battle. In December, 40 million credit card numbers and 70 million addresses, phone numbers and additional pieces of personal information were stolen from the retail giant Target by hackers in Eastern Europe.

And in October, federal prosecutors said an identity theft service in Vietnam managed to obtain as many as 200 million personal records, including Social Security numbers, credit card data and bank account information from Court Ventures, a company now owned by the data brokerage firm Experian.

But the discovery by Hold Security dwarfs those incidents, and the size of the latest discovery has prompted security experts to call for improved identity protection on the web.

“Companies that rely on user names and passwords have to develop a sense of urgency about changing this,” said Avivah Litan, a security analyst at the research firm Gartner. “Until they do, criminals will just keep stockpiling people’s credentials.”

Websites inside Russia had been hacked, too, and Mr. Holden said he saw no connection between the hackers and the Russian government. He said he planned to alert law enforcement after making the research public, though the Russian government has not historically pursued accused hackers.

So far, the criminals have not sold many of the records online. Instead, they appear to be using the stolen information to send spam on social networks like Twitter at the behest of other groups, collecting fees for their work.

But selling more of the records on the black market would be lucrative.

While a credit card can be easily canceled, personal credentials like an email address, Social Security number or password can be used for identity theft. Because people tend to use the same passwords for different sites, criminals test stolen credentials on websites where valuable information can be gleaned, like those of banks and brokerage firms.

Like other computer security consulting firms, Hold Security has contacts in the criminal hacking community and has been monitoring and even communicating with this particular group for some time.

How to Keep Data Out of Hackers’ Hands

For people worried about identity theft and privacy, the discovery by Hold Security of a giant database of stolen data is highly personal. But there are steps everyone can take to minimize the hackers’ impact.

The hacking ring is based in a small city in south central Russia, the region flanked by Kazakhstan and Mongolia. The group includes fewer than a dozen men in their 20s who know one another personally — not just virtually. Their computer servers are thought to be in Russia.

“There is a division of labor within the gang,” Mr. Holden said. “Some are writing the programming, some are stealing the data. It’s like you would imagine a small company; everyone is trying to make a living.”

They began as amateur spammers in 2011, buying stolen databases of personal information on the black market. But in April, the group accelerated its activity. Mr. Holden surmised they partnered with another entity, whom he has not identified, that may have shared hacking techniques and tools.

Since then, the Russian hackers have been able to capture credentials on a mass scale using botnets — networks of zombie computers that have been infected with a computer virus — to do their bidding. Any time an infected user visits a website, criminals command the botnet to test that website to see if it is vulnerable to a well-known hacking technique known as an SQL injection, in which a hacker enters commands that cause a database to produce its contents. If the website proves vulnerable, criminals flag the site and return later to extract the full contents of the database.

“They audited the Internet,” Mr. Holden said. It was not clear, however, how computers were infected with the botnet in the first place.

By July, criminals were able to collect 4.5 billion records — each a user name and password — though many overlapped. After sorting through the data, Hold Security found that 1.2 billion of those records were unique. Because people tend to use multiple emails, they filtered further and found that the criminals’ database included about 542 million unique email addresses.

“Most of these sites are still vulnerable,” said Mr. Holden, emphasizing that the hackers continue to exploit the vulnerability and collect data.

Mr. Holden said his team had begun alerting victimized companies to the breaches, but had been unable to reach every website. He said his firm was also trying to come up with an online tool that would allow individuals to securely test for their information in the database.

The disclosure comes as hackers and security companies gathered in Las Vegas for the annual Black Hat security conference this week. The event, which began as a small hacker convention in 1997, now attracts thousands of security vendors peddling the latest and greatest in security technologies. At the conference, security firms often release research — to land new business, discuss with colleagues or simply for bragging rights.

Yet for all the new security mousetraps, data security breaches have only gotten larger, more frequent and more costly. The average total cost of a data breach to a company increased 15 percent this year from last year, to $3.5 million per breach, from $3.1 million, according to a joint study last May, published by the Ponemon Institute, an independent research group, and IBM.

Last February, Mr. Holden also uncovered a database of 360 million records for sale, which were collected from multiple companies.

“The ability to attack is certainly outpacing the ability to defend,” said Lillian Ablon, a security researcher at the RAND Corporation. “We’re constantly playing this cat and mouse game, but ultimately companies just patch and pray.”
http://www.nytimes.com/2014/08/06/te...edentials.html





New Site Recovers Files Locked by Cryptolocker Ransomware
Brian Krebs

Until today, Microsoft Windows users who’ve been unfortunate enough to have the personal files on their computer encrypted and held for ransom by a nasty strain of malware called CryptoLocker have been faced with a tough choice: Pay cybercrooks a ransom of a few hundred to several thousand dollars to unlock the files, or kiss those files goodbye forever. That changed this morning, when two security firms teamed up to launch a free new online service that can help victims unlock and recover files scrambled by the malware.

First spotted in September 2013, CryptoLocker is a prolific and very damaging strain of malware that uses very strong encryption to lock files that are likely to be the most valued by victim users, including Microsoft Office documents, photos, and MP3 files.

Infected machines typically display a warning that the victim’s files have been locked and can only be decrypted by sending a certain fraction or number of Bitcoins to a decryption service run by the perpetrators. Victims are given 72 hours to pay the ransom — typically a few hundred dollars worth of Bitcoins — after which time the ransom demand increases fivefold or more.

But early Wednesday morning, two security firms – Milpitas, Calf. based FireEye and Fox-IT in the Netherlands — launched decryptcryptolocker.com, a site that victims can use to recover their files. Victims need to provide an email address and upload just one of the encrypted files from their computer, and the service will email a link that victims can use to download a recovery program to decrypt all of their scrambled files.

The free decryption service was made possible because Fox-IT was somehow able to recover the private keys that the cybercriminals who were running the CryptoLocker scam used on their own (not free) decryption service. Neither company is disclosing much about how exactly those keys were recovered other than to say that the opportunity arose as the crooks were attempting to recover from Operation Tovar, an international effort in June that sought to dismantle the infrastructure that CryptoLocker used to infect PCs.

That effort culminated in the takeover of the GameOver Zeus botnet, a huge crime machine that infected an estimated 500,000 to 1 million PCs and that was being used as a distribution platform for CryptoLocker.

“After Operation Tovar, a significant blow was dealt to criminals infrastructure and we stopped seeing new Cryptolocker infections being spread”,” said Uttang Dawda, a malware researcher with FireEye. “They tried to recover that infrastructure, but in the process copied over the private encryption keys to a part of Fox-IT’s infrastructure.”

Dawda said it’s important to note that this service only unlocks files encrypted by CryptoLocker. Although there are several copycat strains of malware — including CryptoWall, CryptoDefense and OnionLocker — CryptoLocker has by far the largest “market share” among them.

It’s not clear how many systems are infected with CryptoLocker, but it is likely to be in the six figures. According to Fox-It, when CryptoLocker infections first started in September 2013, the largest number of infections in one month occurred during October 2013, with over 155000 systems affected worldwide. The company said this accounts for nearly 29% of all infections between September and May 2014. After October 2013 the rates dropped, but still steadily pacing at around 50,000 infections per month.

Sadly, most of those victims probably lost all of their most treasured files. Fox-It says that only 1.3% of victims paid a CryptoLocker ransom.

“Therefore, a large amount of victims likely permanently lost files due to this attack,” the company wrote in a blog post about the new service.
http://krebsonsecurity.com/2014/08/n...er-ransomware/





Visit the Wrong Website, and the FBI Could End Up in Your Computer
Kevin Poulsen

Security experts call it a “drive-by download”: a hacker infiltrates a high-traffic website and then subverts it to deliver malware to every single visitor. It’s one of the most powerful tools in the black hat arsenal, capable of delivering thousands of fresh victims into a hackers’ clutches within minutes.

Now the technique is being adopted by a different kind of a hacker—the kind with a badge. For the last two years, the FBI has been quietly experimenting with drive-by hacks as a solution to one of law enforcement’s knottiest Internet problems: how to identify and prosecute users of criminal websites hiding behind the powerful Tor anonymity system.

The approach has borne fruit—over a dozen alleged users of Tor-based child porn sites are now headed for trial as a result. But it’s also engendering controversy, with charges that the Justice Department has glossed over the bulk-hacking technique when describing it to judges, while concealing its use from defendants. Critics also worry about mission creep, the weakening of a technology relied on by human rights workers and activists, and the potential for innocent parties to wind up infected with government malware because they visited the wrong website. “This is such a big leap, there should have been congressional hearings about this,” says ACLU technologist Chris Soghoian, an expert on law enforcement’s use of hacking tools. “If Congress decides this is a technique that’s perfectly appropriate, maybe that’s OK. But let’s have an informed debate about it.”

The FBI’s use of malware is not new. The bureau calls the method an NIT, for “network investigative technique,” and the FBI has been using it since at least 2002 in cases ranging from computer hacking to bomb threats, child porn to extortion. Depending on the deployment, an NIT can be a bulky full-featured backdoor program that gives the government access to your files, location, web history and webcam for a month at a time, or a slim, fleeting wisp of code that sends the FBI your computer’s name and address, and then evaporates.

What’s changed is the way the FBI uses its malware capability, deploying it as a driftnet instead of a fishing line. And the shift is a direct response to Tor, the powerful anonymity system endorsed by Edward Snowden and the State Department alike.

Tor is free, open-source software that lets you surf the web anonymously. It achieves that by accepting connections from the public Internet—the “clearnet”—encrypting the traffic and bouncing it through a winding series of computers before dumping it back on the web through any of over 1,100 “exit nodes.”

The system also supports so-called hidden services—special websites, with addresses ending in .onion, whose physical locations are theoretically untraceable. Reachable only over the Tor network, hidden services are used by organizations that want to evade surveillance or protect users’ privacy to an extraordinary degree. Some users of such service have legitimate and even noble purposes—including human rights groups and journalists. But hidden services are also a mainstay of the nefarious activities carried out on the so-called Dark Net: the home of drug markets, child porn, murder for hire, and a site that does nothing but stream pirated My Little Pony episodes.

Law enforcement and intelligence agencies have a love-hate relationship with Tor. They use it themselves, but when their targets hide behind the system, it poses a serious obstacle. Last month, Russia’s government offered a $111,000 bounty for a method to crack Tor.

The FBI debuted its own solution in 2012, in an investigation dubbed “Operation Torpedo,” whose contours are only now becoming visible through court filings.

Operation Torpedo began with an investigation in the Netherlands in August 2011. Agents at the National High Tech Crime Unit of the Netherlands’ national police force had decided to crack down on online child porn, according to an FBI affidavit. To that end, they wrote a web crawler that scoured the Dark Net, collecting all the Tor onion addresses it could find.

The NHTCU agents systematically visited each of the sites and made a list of those dedicated to child pornography. Then, armed with a search warrant from the Court of Rotterdam, the agents set out to determine where the sites were located.

That, in theory, is a daunting task—Tor hidden services mask their locations behind layers of routing. But when the agents got to a site called “Pedoboard,” they discovered that the owner had foolishly left the administrative account open with no password. They logged in and began poking around, eventually finding the server’s real Internet IP address in Bellevue, Nebraska.

They provided the information to the FBI, who traced the IP address to 31-year-old Aaron McGrath. It turned out McGrath was hosting not one, but two child porn sites at the server farm where he worked, and a third one at home.

Instead of going for the easy bust, the FBI spent a solid year surveilling McGrath, while working with Justice Department lawyers on the legal framework for what would become Operation Torpedo. Finally, on November 2012, the feds swooped in on McGrath, seized his servers and spirited them away to an FBI office in Omaha.

A federal magistrate signed three separate search warrants: one for each of the three hidden services. The warrants authorized the FBI to modify the code on the servers to deliver the NIT to any computers that accessed the sites. The judge also allowed the FBI to delay notification to the targets for 30 days.

This NIT was purpose-built to identify the computer, and do nothing else—it didn’t collect keystrokes or siphon files off to the bureau. And it evidently did its job well. In a two-week period, the FBI collected IP addresses, hardware MAC addresses (a unique hardware identifier for the computer’s network or Wi-Fi card) and Windows hostnames on at least 25 visitors to the sites. Subpoenas to ISPs produced home addresses and subscriber names, and in April 2013, five months after the NIT deployment, the bureau staged coordinated raids around the country.

Today, with 14 of the suspects headed toward trial in Omaha, the FBI is being forced to defend its use of the drive-by download for the first time. Defense attorneys have urged the Nebraska court to throw out the spyware evidence, on the grounds that the bureau concealed its use of the NIT beyond the 30-day blackout period allowed in the search warrant. Some defendants didn’t learn about the hack until a year after the fact. “Normally someone who is subject to a search warrant is told virtually immediately,” says defense lawyer Joseph Gross Jr. “What I think you have here is an egregious violation of the Fourth Amendment.”

But last week U.S. Magistrate Judge Thomas Thalken rejected the defense motion, and any implication that the government acted in bad faith. “The affidavits and warrants were not prepared by some rogue federal agent,” Thalken wrote, “but with the assistance of legal counsel at various levels of the Department of Justice.” The matter will next be considered by U.S. District Judge Joseph Bataillon for a final ruling.

The ACLU’s Soghoian says a child porn sting is probably the best possible use of the FBI’s drive-by download capability. “It’s tough to imagine a legitimate excuse to visit one of those forums: the mere act of looking at child pornography is a crime,” he notes. His primary worry is that Operation Torpedo is the first step to the FBI using the tactic much more broadly, skipping any public debate over the possible unintended consequences. “You could easily imagine them using this same technology on everyone who visits a jihadi forum, for example,” he says. “And there are lots of legitimate reasons for someone to visit a jihadi forum: research, journalism, lawyers defending a case. ACLU attorneys read Inspire Magazine, not because we are particularly interested in the material, but we need to cite stuff in briefs.”

Soghoian is also concerned that the judges who considered NIT applications don’t fully understand that they’re being asked to permit the use of hacking software that takes advantage of software vulnerabilities to breach a machine’s defenses. The Operation Torpedo search warrant application, for example, never uses the words “hack,” “malware,” or “exploit.” Instead, the NIT comes across as something you’d be happy to spend 99 cents for in the App Store. “Under the NIT authorized by this warrant, the website would augment [its] content with some additional computer instructions,” the warrant reads.

From the perspective of experts in computer security and privacy, the NIT is malware, pure and simple. That was demonstrated last August, when, perhaps buoyed by the success of Operation Torpedo, the FBI launched a second deployment of the NIT targeting more Tor hidden services.

This one—still unacknowledged by the bureau—traveled across the servers of Freedom Hosting, an anonymous provider of turnkey Tor hidden service sites that, by some estimates, powered half of the Dark Net.

This attack had its roots in the July 2013 arrest of Freedom Hosting’s alleged operator, one Eric Eoin Marques, in Ireland. Marques faces U.S. charges of facilitating child porn—Freedom Hosting long had a reputation for tolerating child pornography.

Working with French authorities, the FBI got control of Marques’ servers at a hosting company in France, according to testimony in Marques’ case. Then the bureau appears to have relocated them—or cloned them—in Maryland, where the Marques investigation was centered.

On August 1, 2013, some savvy Tor users began noticing that the Freedom Hosting sites were serving a hidden “iframe”—a kind of website within a website. The iframe contained Javascript code that used a Firefox vulnerability to execute instructions on the victim’s computer. The code specifically targeted the version of Firefox used in the Tor Browser Bundle—the easiest way to use Tor.

This was the first Tor browser exploit found in the wild, and it was an alarming development to the Tor community. When security researchers analyzed the code, they found a tiny Windows program hidden in a variable named “Magneto.” The code gathered the target’s MAC address and the Windows hostname, and then sent it to a server in Virginia in a way that exposed the user’s real IP address. In short, the program nullified the anonymity that the Tor browser was designed to enable.

As they dug further, researchers discovered that the security hole the program exploited was already a known vulnerability called CVE-2013-1690—one that had theoretically been patched in Firefox and Tor updates about a month earlier. But there was a problem: Because the Tor browser bundle has no auto-update mechanism, only users who had manually installed the patched version were safe from the attack. “It was really impressive how quickly they took this vulnerability in Firefox and extrapolated it to the Tor browser and planted it on a hidden service,” says Andrew Lewman, executive director of the nonprofit Tor Project, which maintains the code.

The Freedom Hosting drive-by has had a lasting impact on the Tor Project, which is now working to engineer a safe, private way for Tor users to automatically install the latest security patches as soon as they’re available—a move that would make life more difficult for anyone working to subvert the anonymity system, with or without a court order.

Unlike with Operation Torpedo, the details of the Freedom Hosting drive-by operation remain a mystery a year later, and the FBI has repeatedly declined to comment on the attack, including when contacted by WIRED for this story. Only one arrest can be clearly tied to the incident—that of a Vermont man named Grant Klein who, according to court records, was raided in November based on an NIT on a child porn site that was installed on July 31, 2013. Klein pleaded guilty to a single count of possession of child pornography in May and is set for sentencing this October.

But according to reports at the time, the malware was seen, not just on criminal sites, but on legitimate hidden services that happened to be hosted by Freedom Hosting, including the privacy protecting webmail service Tormail. If true, the FBI’s drive-by strategy is already gathering data on innocent victims.

Despite the unanswered questions, it’s clear that the Justice Department wants to scale up its use of the drive-by download. It’s now asking the Judicial Conference of the United States to tweak the rules governing when and how federal judges issue search warrants. The revision would explicitly allow for warrants to “use remote access to search electronic storage media and to seize or copy electronically stored information” regardless of jurisdiction.

The revision, a conference committee concluded last May (.pdf), is the only way to confront the use of anonymization software like Tor, “because the target of the search has deliberately disguised the location of the media or information to be searched.”

Such dragnet searching needs more scrutiny, Soghoian says. “What needs to happen is a public debate about the use of this technology, and the use of these techniques,” he says. “And whether the criminal statutes that the government relies on even permit this kind of searching. It’s one thing to say we’re going to search a particular computer. It’s another thing to say we’re going to search every computer that visits this website, without knowing how many there are going to be, without knowing what city, state or countries they’re coming from.”

“Unfortunately,” he says, “we’ve tiptoed into this area, because the government never gave notice that they were going to start using this technique.”
http://www.wired.com/2014/08/operation_torpedo/





The Man Who Can See the Internet
Nancy Scola

When major world crises erupt these days, a least some members of the media rush to check the blog of Renesys, a small New Hampshire-based firm specializing in what it calls "Internet intelligence." The insights found there into which dictator has kicked his country off the Internet for how long is a byproduct of Renesys's core work of selling information on the flow of Internet traffic to Internet service providers. But by monitoring the Internet's vital signs, the company can see how the ever-evolving global network of networks fits into global events.

That the company's blog takes a mostly dry, dispassionate tone hardly masks that it is offering a juicy peek into how the world works today. When Russia quietly turned on the hastily built 29-mile Kerch Strait Cable connecting it to Crimea, Renesys was able to tell the rest of the world about it right away.

Doug Madory is the Renesys senior analyst who writes much of the company's coverage of news events. In his office in Hanover, N.H., Madory sits with a live feed of Internet routing data running on his computer, he says, and a TeleGeography map showing global Internet cable connections on his wall. A 2009 edition, it's a bit dated technologically, but it serves another purpose. "When I forget where Turkmenistan is," says Madory, "I can look at the map."

Madory and his colleagues have the rare ability to see in real time where a nation is situated in the global digital fabric. When unrest began in Ukraine in March, Madory says that his phone started ringing with reporters asking about the odds of Vladimir Putin hijacking Ukraine's Internet connections. Not likely; despite Russia hulking to its east, Ukraine, says Madory, "looks like a European country in terms of the level of domestic connectivity and the international connections they've got." Ukraine's connections to the the rest of the world, says Madory, "run mostly to the west."

But what, exactly, is Madory watching? Mostly, he says, it's a ticker reflecting the Border Gateway Protocol (BGP), the means for routing Internet traffic. Renesys collects that data from more than 400 Internet service providers, many of whom hand it over freely in exchange for getting a better handle on their competitive landscape. Developed, the story goes, in 1980s on the back of a handful of napkins by network engineers in Texas, today those BGP routing tables tell Internet traffic how to make its way through connected networks. Renesys tracks billions of digital "hops" every day to see who is routing traffic where.

To fine-tune their view of things, Renesys will also run diagnostic tests; "Traceroute data," says Madory, "is like throwing dust down a hall and watching where the wind takes it."

And that research gets supplemented with reporting. "It's not just computer science that's happening," says Madory. "The data can only take me so far. At some point I need someone local to try to help me interpret it." Iraq is of particular interest; the Air Force veteran was stationed there once. When something pops up on his radar, Madory will reach out to locals -- small ISPs, consultants on the ground, telecom officials -- to vet what he's seeing. In June, Iraq experienced significant outages, in part, Madory found, because militants destroyed an interconnection point in Mosul. From 5,786 miles away, he told a contact in the Iraqi government what was happening in his country. Says Madory with a laugh, "I made that guy look like a genius."

He's able to know what a country should look like in the data and thus spot anomalies, he says, like when Thailand's government shuts down that country's Internet during protests, when North Korea's miniscule but generally resilient Internet gets hit by a cyber attack or when Bangladesh, long dependent on a single submarine cable, starts routing Internet traffic through India.

Madory, 37, grew up in Hyde Park, N.Y., and attended the University of Virginia on an ROTC scholarship before, he says, joining the military to do communications and computer work. He eventually made his way to computer science grad school at Dartmouth and then fell into the job at Renesys about five years ago.

That was shortly before the Arab Spring, and Renesys realized that the data the company was collecting as a matter of course could help explain what was being hinted about in the Middle East. "Egypt Leaves the Internet," Renesys co-founder Jim Cowie declared in January of 2011.* But at the time, says Madory, "we didn't have our software smart enough just to alert us when these things happen." So they've since built functionality into their tools to automatically detect disturbances.

And, for that matter, new growths. On a whim, Madory set up an e-mail alert letting him know the progress of Cuba's ALBA-1, a long-promised a fiber optic connection to Venezuela that has been surrounded by rumors of government corruption. On the Internet he came across a blogger wrestling with the question of whether the connection actually existed, and if it does, when it might turn on. To "put him out of his misery," says Madory, he passed along data showing that the cable was indeed there under the water but dormant. That got mention in the Miami Herald, convincing him, he says, that there's an audience hungry for the work he's doing.

Renesys was recently purchased by the firm Dyn, and Madory says that the team is supportive of what he's up to, even if it has to take a backseat to paying work on occasion. Still, few governments have come knocking.

It's a remarkable quirk of the modern era that through constantly-churning data one small firm can have far more power to see the world clearly than many countries have. But Madory says that he's going to stick to the approach he's taken thus far. "We don't want to judge these events. We just want to offer some objective analysis of what's occurring."
http://www.washingtonpost.com/blogs/...-the-internet/





UNSEALED: The US Sought Permission To Change The Historical Record Of A Public Court Proceeding
David Greene

A few weeks ago we fought a battle for transparency in our flagship NSA spying case, Jewel v. NSA. But, ironically, we weren't able to tell you anything about it until now.

On June 6, the court held a long hearing in Jewel in a crowded, open courtroom, widely covered by the press. We were even on the local TV news on two stations. At the end, the Judge ordered both sides to request a transcript since he ordered us to do additional briefing. But when it was over, the government secretly, and surprisingly sought permission to “remove” classified information from the transcript, and even indicated that it wanted to do so secretly, so the public could never even know that they had done so.

We rightly considered this an outrageous request and vigorously opposed it. The public has a First Amendment right not only to attend the hearing but to have an accurate transcript of it. Moreover, the federal law governing court reporting requires that “each session of the court” be “recorded verbatim” and that the transcript be certified by the court reporter as “a correct statement of the testimony taken and the proceedings had.” 28 U.S.C. § 753(b).

The Court allowed the government a first look at the transcript and indicated that it was going to hold the government to a very high standard and would not allow the government to manufacture a misleading transcript by hiding the fact of any redactions.Ultimately, the government said that it had *not* revealed classified information at the hearing and removed its request.But the incident speaks volumes about the dangers of allowing the government free rein to claim secrecy in court proceedings and otherwise.

We couldn't tell you anything about that fight because the government's request, our opposition to it, and the court's order regarding it were all sealed. But with today's order by Judge White, the transcript and the arguments over the government's request to revise it are finally public documents.

Here's how the events transpired:

On June 6, 2014, Judge White held a hearing in Jewel and Shubert v. Obama on our emergency motion to enforce the court's previous order that the government preserve evidence of its Internet backbone surveillance, evidence that is directly relevant to the plaintiffs' claims in Jewel that their Internet communications were collected by the government. Although the government's lawyers participated by telephone, the hearing was held in a crowded, open courtroom including TV and written press.The government never requested that the courtroom be closed or that attendance be limited in any way.

One week later, the government wrote a letter to Judge White, submitting it ex parte (which means we didn't get a copy), requesting that it be given the chance to review the written transcript of that hearing before the transcript was provided either to plaintiffs or the public. The government explained that Anthony Coppolino, the lawyer who argued for the government on June 6, “inadvertently made a statement during the hearing that we believe is classified.” The government further explained that “The National Security Agency has asked us to contact the Court to explore ways to determine whether the transcript in fact reveals classified information and, if it does, to attempt to remove it from the public record of the hearing.” The government further asked that neither the plaintiffs, their lawyers nor the public be told of its request.

Judge White correctly decided that there was no reason that plaintiffs' lawyers should not know the government's request. Thus, the day after receiving the government's letter, Judge White issued an order, still under seal but sent to us, alerting us to the government's request and giving us the opportunity to respond to it.

We filed our response on June 20, explaining that the US Supreme Court had repeatedly rejected attempts to prohibit or punish the publication of confidential material when that material was inadvertently disclosed to the public. We asked Judge White to reject the government's request in full arguing that the government could not meet the strong First Amendment test to prove that its revisions to the transcript were “essential to preserve higher values and narrowly tailored to serve that interest.” We also argued that under no circumstances should the government be able to “remove” anything from the transcript without indicating that something has in fact been removed, a process commonly called “redaction,” not “removal,” the term used in the government's request. We also asked the court to unseal all of the papers that had been filed about this dispute.

After receiving our response, Judge White asked the government to reply, which they did on June 30, trying to create a new rule that would allow such outrageous claims when the government accidentally revealed classified information in a public courtroom.

On July 11, Judge White ordered that the transcript be given to the government, and gave the government two-and-a-half weeks to inform it whether there was any classified information in the transcript. If the government believed that the transcript contained classified information, it was required to present to the court “the information that they content was classified and inadvertently disclosed, supported by declarations indicating that the information disclosed had been previously classified and is currently classified.” The court would then perform its own review and determine whether or not to redact anything from the transcript. Judge White further ruled that while this process was going on, these papers would remain sealed.

On July 28, the government informed the court that after reviewing the transcript it determined that there was no inadvertent disclosure of classified information after all.

As a result, Judge White today granted our motion to unseal and as this is being written the various papers are being unsealed. The disputed transcript has already been posted. We will continue to post and index the other documents on our Jewel page as they are unsealed.

The transcript of a court proceeding is the historical record of that event, what will exist and inform the public long after the persons involved are gone. The government's attempt to change this history was unprecedented. We could find no example of where a court had granted such a remedy or even where such a request had been made. This was another example of the government's attempt to shroud in secrecy both its own actions, as well as the challenges to those actions.

We are pleased that the record of this attempt is now public. But should the situation recur, we will fight it as hard as we did this time.
https://www.eff.org/deeplinks/2014/0...urt-proceeding





Windows 9 Could Be Free for Windows XP, Vista, and 7 Users
Bogdan Popa

Windows 9 is the next big project prepared by Microsoft for the OS market, with people close to the matter saying that the company might roll it out in early 2015 on PCs, tablets, and smartphones.

Now a new report published by Microsoft watcher Mary Jo Foley, who has a good track on Windows projects, reveals that Windows 9 work is in progress right now and Redmond might not release any other new pack of improvements for Windows 8.1 until the next full OS comes out.

This means that if Windows 9 is projected to debut in April 2015, Windows 8.1 users might actually get only small packs of updates until then, so Windows 8.1 Update 2, possibly called August Update, and Windows 8.1 Update 3 might only bring minor improvements.

The same report claims that Windows 8.1 Update 3 might even be cancelled completely depending on the way development of Windows 9 advances, so if everything goes according to the plan and work is completed in early 2015, no third update for Windows 8.1 could be released.

On the other hand, if the software giant experiences some delays and it needs to push back the Windows 9 launch for a month or two, the company could also debut Windows 8.1 Update 3 in order to keep users running Windows 8.1 fully up-to-date with the latest improvements prepared by the company.

What’s more exciting is that Microsoft might prepare some unexpected promos for Windows users when Windows 9 is finally released.

Word has it that Windows XP, Vista, and 7 might be allowed to upgrade free of charge to Windows 9 in order to boost adoption of the new operating system and thus convince more users to upgrade. This would clearly help not only Microsoft, but also the PC industry, which is still struggling to boost sales despite the release of the Windows 8 modern operating system.

Windows 9 could bring two different betas before its public launch, one of which might be released later this year, most likely in October or November.

Just like it’s the case with all the other reports coming via unofficial channels, do not take all these details for granted, as Microsoft has remained completely tight-lipped on Windows 9 and everything related to the operating system. More information, however, should surface in the coming months, as work on this particular platform advances and the company completes development of new testing builds.
http://news.softpedia.com/news/Windo...s-453222.shtml














Until next week,

- js.



















Current Week In Review





Recent WiRs -

August 2nd, July 26th, July 19th, July 12th


Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.


"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public."
- Hugo Black
JackSpratts is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Peer-To-Peer News - The Week In Review - July 16th, '11 JackSpratts Peer to Peer 0 13-07-11 06:43 AM
Peer-To-Peer News - The Week In Review - July 9th, '11 JackSpratts Peer to Peer 0 06-07-11 05:36 AM
Peer-To-Peer News - The Week In Review - January 30th, '10 JackSpratts Peer to Peer 0 27-01-10 07:49 AM
Peer-To-Peer News - The Week In Review - January 16th, '10 JackSpratts Peer to Peer 0 13-01-10 09:02 AM
Peer-To-Peer News - The Week In Review - December 5th, '09 JackSpratts Peer to Peer 0 02-12-09 08:32 AM






All times are GMT -6. The time now is 01:45 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
© www.p2p-zone.com - Napsterites - 2000 - 2024 (Contact grm1@iinet.net.au for all admin enquiries)