P2P-Zone  

Go Back   P2P-Zone > Peer to Peer
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Peer to Peer The 3rd millenium technology!

Reply
 
Thread Tools Search this Thread Display Modes
Old 03-09-14, 07:32 AM   #1
JackSpratts
 
JackSpratts's Avatar
 
Join Date: May 2001
Location: New England
Posts: 10,013
Default Peer-To-Peer News - The Week In Review - September 6th, '14

Since 2002


































"Things like this happen and you wonder, can you trust Apple with other people's data." – Ruben Martinez


"I'm not bringing anything into China that I'm not willing to throw away on my return trip." – Oliver Day






































September 6th, 2014




Pirate Bay Founder Case Starts In Confusion

The largest hacking case in Danish history began in confusion on Tuesday, after lawyers representing Swedish Pirate Bay co-founder Gottfrid Svartholm Warg accused the prosecution of "unreasonable" tactics.

The prosecution submitted a new 27-page document, and a USB-stick containing 92 slides the morning the case began -- documents that the defence complained should have been shown to them in advance, were confusing, and contained factual errors.

Judge Kari Sørensen announced a 30-minute pause just 22 minutes after the proceedings began, and then after the case resumed, and the two sides were still unable to reach an agreement, she put proceedings on hold until after lunch.

The two men are accused of hacking into Danish computer mainframes operated by US IT giant CSC, stealing social security numbers from Denmark's national driving licence database, illegally accessing information in a Schengen Region database and hacking into police email accounts.

Svartholm Warg, 29, arrived in court early dressed in a crumpled white shirt and a grey hooded top, his once straggly hair shaven close.

Despite being held since Denmark in solitary confinement in one of Denmark's highest security prisons since November, he appeared in good spirits, intensely scrutinizing the new documents submitted, and joking with his lawyer Luise Høj.

After the senior prosecutor Maria Cingali read out the charges, Svartholm, speaking through his lawyer Luise Høj, pleaded "not guilty".

Svartholm is expected to argue, as he did in the related Swedish case in 2013, that the Macbook computer seized at his flat in Cambodia in August 2012, which contains much of the incriminating information for both cases, was a server he shared with several other people.

One of those others, he claims, may have accessed the computer remotely and then used it to carry out the intrusion.

Sweden's Appeal Court ruled in 2013 that the prosecution had not provided sufficient evidence to rule out the possibility of remote control, as a result clearing Svartholm Warg of hacking into the Scandinavian bank Nordea.

A key part of the police evidence cited in the remand hearings has been internet chats from February 2012 between a hacker who calls himself 'Advanced Persistent Terrorist Threat', who police believe is the Dane, and another called 'My Evil Twin', who police believe in Svartholm Warg.

Svartholm Warg's role in setting up The Pirate Bay, a website allowing users to share films and music, so bypassing copyright, and advising WikiLeaks on encryption and security, have won him the support of hacktivist circles, in which he goes by the name "anakata".

WikiLeaks founder Julian Assange has credited Svartholm Warg with setting up "a key part of our infrastructure".
http://www.thelocal.se/20140902/pira...-in-confusion/





Comcast Forced Fees by Reducing Netflix to "VHS-Like Quality"

From throttling to CDN fees, Comcast had a counter to every Netflix workaround
Jason Mick

Interesting tidbits continue to emerge from Netflix, Inc.'s (NFLX) petition to deny Comcast Corp.'s (CMCSA) $45.2B USD mega-takeover of Time Warner Cable Inc. (TWC), which sits on the docket of the U.S. Federal Communications Commission (FCC). In the 256-page filing [PDF], Netflix explains finer details of its war with Comcast late last year.

I. Pay to Play -- Level One, the Small CDNs

Many assumed that it was after the collapse of the FCC's net neutrality rules that an emboldened Comcast began to aggressively throttle connections from Netflix. But in reality, Netlix's loss to Comcast earlier this year and agreement to pay it fees came after a hard-fought half-decade-long war against America's largest and most abusive cable company.

Comcast would sell users high speed connections, then effectively deny customers the service they paid for by disallowing high-bandwidth content providers like Netflix from connecting to subscribers at reasonable bitrates.

Netflix describes how it initially outfitted itself to become the nation's largest deliverer of subscription streaming video, writing:

In 2007, Netflix launched its video streaming service. In preparation for its initial launch, Netflix designed and deployed its own CDN, which Netflix hosted in five locations across the country. Netflix purchased transit from Limelight and Qwest to deliver content from the CDNs.

By 2008, however, consumer demand for edge provider content, including Netflix's service, had grown significantly. As a result, it made sense for Netflix to partner with third-party CDNs, which could better manage the relationships with terminating access networks and could host Netflix content in more locations to reduce distances that the content needed to travel to reach the requesting end user-thus enhancing both the consumer experience and network efficiency. In 2008, Netflix entered into agreements for transit with Level 3 and CDN services with Limelight. In 2009, Netflix entered into an agreement for CDN service with Akamai.

Starting in 2009, the CDN providers on which Netflix relied to distribute its content to Comcast's subscribers-Limelight and Akamai-were forced to pay arbitrary terminating access fees for additional capacity into Comcast's network.


The squeeze was on.

By charging terminating fees to third "content delivery network" (CDN) providers like Akamai Technologies, Inc. (AKAM) and Limelight Networks, Inc. (LLNW) Comcast eyed either eliminating this undesirable who dared allow customers to make full use of the bandwidth speeds they were paying for.

II. Comcast Punishes Fee-Free Netflix Content Delivery Partners With Throttling

To be fair, Akamai and Limelight always had to pay Comcast fees of some level for connections. While the increased rates seemed abusively correlated to Netflix's arrival, it could be dismissed as merely historic. So Netflix turned to the natural alternative -- companies who had no-fee agreements with Comcast. But it would soon find that Comcast wasn't afraid of resorting to more flagrant tactics to counter its "workaround".

In 2010 it partnered with Level 3 Communications, Inc. (LVLT) -- one such firm who had long-standing agreements with Comcast the precluded these connection fees. Or so it thought. It recalls:

Approximately one week after Netflix's agreement with Level 3 went into effect, Comcast, citing the traffic ratio in its peering policy, demanded payment from Level 3 for terminating traffic on its network (even though that traffic, like all traffic delivered to Comcast, was requested by Comcast's broadband subscribers, who pay Comcast to deliver it).

According to Level 3, this was "the first time [that Comcast demanded] a recurring fee from Level 3 to transmit Internet online movies and other content to Comcast' s customers who request such content."

After three days of heavy congestion at interconnection points between Comcast and Level 3's networks, Level 3 agreed to pay the requested fee for terminating traffic on Comcast's network.


Cogent Communications Inc. (CCOI) saw a fate similar to Level 3's in 2012. Netflix recalls:

According to Cogent' s CEO, "[ t]or most of Cogent' s history with Comcast ... [as] Comcast's subscribers demanded more content from Cogent's customers, Comcast would add capacity to the interconnection points with Cogent to handle that increased traffic." After Cogent began carrying Netflix traffic, however, "Comcast refused to continue to augment capacity at our interconnection points as it had done for years prior.

In other words, when Cogent and Level 3 -- two of the only CDNs that had contractual fee-free status with Comcast -- developed relationships with Netflix, Comcast skirted its commitments by simply congesting their networks to the point at which they dropped out of their deal with Netflix or agreed to pay "voluntary" fees to reduce the congestion.

III. No Way Out

Netflix tried to develop alternatives to CDNs -- even acting as a CDN itself. It writes:

The threat of new access fees being passed through to Netflix were making third-party CDNs a less certain option for Netflix and in early 2012, Netflix began to transition its traffic off of CDNs and onto transit providers with settlement-free routes into Comcast's network. Netflix also was preparing to launch its own CDN, Open Connect, which would bear most of the burden of delivering traffic to terminating access networks' subscribers. Netflix continues to invest significantly in Open Connect, an effort that has more than 100 million dollars in research, development, and deployment costs.

Netflix met with Comcast and tried to talk through the impasse. It writes:

When Netflix approached Comcast regarding the lack of uncongested settlement-free routes available to its network, Comcast suggested that Netflix return to using CDNs, which Comcast could charge access fees that would then be passed on to Netflix, or use a Tier 1 network like AT&T which charged its own access fees. Comcast made clear that Netflix would have to pay Comcast an access fee if Netflix wanted to directly connect with Comcast or use third-party CDNs. In essence, Comcast sought to meter Netflix traffic requested by Comcast's broadband subscribers.

The streaming video provider tried to simply wait out Comcast, but that plan proved fruitless.

IV. Comcast's Dark Victory

Comcast continued to turn up the heat on Netflix until finally it was ready to break down and pay fees. Netflix recalls:

In December 2013 and January 2014, however, congestion on routes into Comcast's network reached a critical threshold and Comcast's and Netflix's mutual customers were significantly harmed. Comcast subscribers went from viewing Netflix content at 720p on average (i.e., HD quality) to viewing content at nearly VHS quality. For many subscribers, the bitrate was so poor that Netflix's streaming video service became unusable.

The degraded viewing quality for Comcast subscribers also resulted in a sharp increase in calls to Netflix customer support. Those calls made clear that Comcast was well aware of the degradation of Netflix traffic and was directing its subscribers to contact Netflix. The fact that the height of the congestion occurred in December and January is significant. December is one of Netflix's busiest times because members spend more time at home over the holidays and therefore request more streaming video from Netflix and other OVDs. It became clear that Comcast would continue to allow congestion across its network to negatively affect its subscribers' online video streaming experience.


That breaking point came when Comcast managed to reduce the quality of Netflix's service to "near VHS quality". It writes of its decision to pay direct-access fees:

Despite purchasing transit on all available routes into Comcast's network that did not require direct or indirect payment of an access fee to Comcast, the viewing quality of Netflix's service reached near-VHS quality levels.

Faced with such severe degradation of its streaming video service, Netflix began to negotiate for paid access to connect with Comcast. Netflix and Comcast eventually reached a paid agreement. Within a week of that agreement, viewing quality for Netflix streaming video on Comcast's network shot back up to HD-quality levels.


Netflix implicated this successful shakedown for subsequent direct-access fee arrangements forced by Time Warner Cable, Verizon Communications Inc. (VZ), and AT&T, Inc. (T). After watching Comcast's play calling, these rivals had a readymade playbook to squeeze Netflix for fees.

In perhaps its most interesting note, Netflix compares its hard bitrate data between Comcast and a smaller -- but less abusive -- internet service provider (ISP), Cablevision Systems Corp. (CVC).

Netflix says that if Comcast and Time Warner are merged, it will create a single dominant entity that will be capable of not only endangering online video firms with fees, but also other forms of "edge content" such as online gaming services.

In the end the consumers pay for these tactics, as streaming services are forced to charge subscribers higher rates to keep up with the relentless fees levied on the ISP side.
http://www.dailytech.com/Comcast+For...ticle36481.htm





US Telecoms Giants Call on FCC to Block Cities' Expansion of High-Speed Internet

USTelecom wants to block expansion of popular networks in Chattanooga, Tennessee and Wilson, North Carolina
Dominic Rushe

Internet access in the Middle East and North Africa is constrained by the high cost of connectivity. Chattanooga has the largest high-speed internet service in the US, offering customers access to speeds of 1 gigabit per second – about 50 times faster than the US average Photograph: Johann Helgason / Alamy/Alamy

The US telecoms industry called on the Federal Communications Commission on Friday to block two cities’ plans to expand high-speed internet services to their residents.

USTelecom, which represents telecoms giants Verizon, AT&T and others, wants the FCC to block expansion of two popular municipally owned high-speed internet networks, one in Chattanooga, Tennessee, and the other in Wilson, North Carolina.

“The success of public broadband is a mixed record, with numerous examples of failures,” USTelecom said in a blogpost. “With state taxpayers on the financial hook when a municipal broadband network goes under, it is entirely reasonable for state legislatures to be cautious in limiting or even prohibiting that activity.”

Chattanooga has the largest high-speed internet service in the US, offering customers access to speeds of 1 gigabit per second – about 50 times faster than the US average. The service, provided by municipally owned EPB, has sparked a tech boom in the city and attracted international attention. EPB is now petitioning the FCC to expand its territory. Comcast and other companies have previously sued unsuccessfully to stop EPB’s fibre optic roll out.

Wilson, a town of a little more than 49,000 people, launched Greenlight, its own service offering high-speed internet, after complaints about the cost and quality of Time Warner cable’s service. Time Warner lobbied the North Carolina senate to outlaw the service and similar municipal efforts.

USTelecom claims the FCC has no legal standing over the proposed expansions and does not have the power to preempt the North Carolina and Tennessee statutes that would prevent them.

“States have adopted a wide range of legislative approaches on how much authority they give local governments to build, own and operate broadband networks. Some states require an election or public hearings before a public project can move forward. Others ask for competitive bids, and still others put restrictions on the terms of service so the public entities bear the same regulatory burdens as private service providers,” said USTelecom.

“States are well within their rights to impose these restrictions, given the potential impact on taxpayers if public projects are not carefully planned and weighed against existing private investment.”

In January this year, the FCC issued the “Gigabit City Challenge”, calling on providers to offer gigabit service in at least one community in each state by 2015. The challenge has come amid intense lobbying from cable and telecoms firms to stop municipal rivals and new competitors including Google from building and expanding high speed networks.

In a statement EPB said: “Communities should have the right – at the local level – to determine their broadband futures.

“The private sector didn’t want to serve everyone, but public power companies like EPB were established to make sure that everyone had access to this critical infrastructure. ”

• This article was amended on 30 August 2014. Comcast is not a member of USTelecom, as was stated, and has not filed comments in the FCC proceeding to which the article refers.
http://www.theguardian.com/business/...et-chattanooga





Fastest Internet in US? It's Chattanooga, TN, Thanks to Local and Fed $$$ (Ps. Big Cable Very Angry)
Steven D

Yes, you read that right. Internet speeds as fast as 1 gigabit gigabyte per second are the norm in the city of Chattanooga, Tennessee. Not the spot you might have predicted, would you. Certainly not the place I anticipated would have faster, better internet than anywhere else in the United States, and one of the faster internet speeds on the planet. Not only that, but the fast internet is helping to lead Chattanooga out of the economic doldrums.

[A] group of thirty-something local entrepreneurs have set up Lamp Post, an incubator for a new generation of tech companies, in the building. A dozen startups are currently working out of the glitzy downtown office [that was formally the home of Loveman's department store].

“We’re not Silicon Valley. No one will ever replicate that,” says Allan Davis, one of Lamp Post’s partners. “But we don’t need to be and not everyone wants that. The expense, the hassle. You don’t need to be there to create great technology. You can do it here.”

He’s not alone in thinking so. Lamp Post is one of several tech incubators in this mid-sized Tennessee city. Money is flowing in. Chattanooga has gone from close to zero venture capital in 2009 to more than five organized funds with investable capital over $50m in 2014 – not bad for a city of 171,000 people. [...]

In large part the success is being driven by The Gig. Thanks to an ambitious roll-out by the city’s municipally owned electricity company, EPB, Chattanooga is one of the only places on Earth with internet at speeds as fast as 1 gigabit per second – about 50 times faster than the US average.


Yes, these young groups of local tech entrepenuers are important, but they couldn't have created this turnaround alone. They are receiving help help from the city's Democratic Mayor, Andy Berke, but the real driver of the boom comes from the efforts of the city's municipally owned electrical provider, EFB, which decided to fast track a high speed fiber optics network, rather than settle for slower service from the big cable company internet providers. On September 17, 2013, after construction was completed seven years earlier than originally planned.

[C]ity residents have an unlikely business to thank [for their faster, cheaper internet service]: the publicly owned electric utility. [...]

[T]he effort to bring cheap broadband to the masses began as a simple engineering problem: The city's electric company, EPB, needed a way for its systems to monitor and communicate with new digital equipment being installed on the grid. Meanwhile, city hall was learning that the country's biggest phone and cable companies wouldn't be starting service there for a decade or more.

Chattanooga spent $330 million on its new network, raising $220 million in bond money and winning $111.5 million in federal stimulus dollars. (The money from Washington was like icing on the cake; by the time EPB applied, it had already reached its initial targets and with the additional funds cut a 10-year construction plan down to three years.)


According to Harold DePriest, EFB's CEO, the high speed network referred to as "The Gig" is a big profit center for EFB. However, one major benefit is the savings it generates for one of the network's biggest customers: EFB, itself. He estimates savings of at least $1 Million per year. However, while Chattanooga's high speed internet is proving to be quite the success story, it didn't come without opposition from you know who:

Along the way, EPB fought several court battles with Comcast and the state cable association. Even before all this, Chattanooga had to lobby the state government for permission to let EPB participate in the telecom market.

Across the country, twenty states prohibit or restrict municipalities from doing what Chattanooga has done - create their own high speed broadband networks to compete with the big telecom and cable companies, who have a stranglehold on providing slower, crappier, more expensive internet service to most of us. So, it should come as no surprise that the big telecoms are concerned that other municipalities will see what Chattanooga has accomplished, and are taking legal steps to stop any further expansion of EFB's internet service.

The US cable industry called on the Federal Communications Commission on Friday [August 29, 2014] to block two cities’ plans to expand high-speed internet services to their residents.

USTelecom, which represents cable giants Comcast, Time Warner and others, wants the FCC to block expansion of two popular municipally owned high speed internet networks, one in Chattanooga, Tennessee, and the other in Wilson, North Carolina.

“The success of public broadband is a mixed record, with numerous examples of failures,” USTelecom said in a blog post. “With state taxpayers on the financial hook when a municipal broadband network goes under, it is entirely reasonable for state legislatures to be cautious in limiting or even prohibiting that activity.”

Chattanooga has the largest high-speed internet service in the US, offering customers access to speeds of 1 gigabit per second – about 50 times faster than the US average. The service, provided by municipally owned EPB, has sparked a tech boom in the city and attracted international attention. EPB is now petitioning the FCC to expand its territory. Comcast and others have previously sued unsuccessfully to stop EPB’s fibre optic roll out.

Wilson, a town of a little more than 49,000 people, launched Greenlight, its own service offering high speed internet, after complaints about the cost and quality of Time Warner cable’s service. Time Warner lobbied the North Carolina senate to outlaw the service and similar municipal efforts.


How nice of them to be concerned about taxpayers, especially as most of these companies are doing their darnedest to avoid paying taxes. But, as you can guess, what they are really concerned about is competition from local municipalities, and the loss of their virtual monopoly on providing broadband services in America. Imagine availability to internet services fifty times faster than what Comcast and Time Warner (in the process of seeking approval for a mega-merger, FYI) are willing to provide, and at an equal or even lower price? No wonder they want to block Chattanooga and EFB from expanding service to more residents. EFB has the proper response to the pompous, selfish and greedy actions of the telecom industry.

In a statement EPB said: “Communities should have the right – at the local level – to determine their broadband futures.

“The private sector didn’t want to serve everyone, but public power companies like EPB were established to make sure that everyone had access to this critical infrastructure.


Meanwhile Chattanooga is thriving, and has even bigger plans for the future:

Mayor Berke has dealt with requests for visits from everyone from tiny rural communities to “humungous international cities”. “You don’t see many mid-sized cities that have the kind of activity that we have right now in Chattanooga,” he said. “What the Gig did was change the idea of what our city could be. Mid-sized southern cities are not generally seen as being ahead of the technological curve, the Gig changed that. We now have people coming in looking to us as a leader.” [...]

EPB’s high-speed network came about after it decided to set up a smart electric grid in order to cut power outages. EPB estimated it would take 10 years to build the system and raised a $170m through a municipal bond to pay for it. In 2009 president Barack Obama launched the American Recovery and Reinvestment Act, a stimulus programme aimed at getting the US economy back on track amid the devastation of the recession. EPB was awarded $111m to get its smart grid up and running. Less than three years later the whole service territory was built.

... The University of California at Berkeley estimates that power outages cost the US economy $80bn a year through business disruption with manufacturers stopping their lines and restaurants closing. Chattanooga’s share of that loss was about $100m, EPB estimates. ... Since the system was installed the duration of power outages has been cut in half.


In short, no shutdowns such as the one millions of customers of Time Warmer had to suffer through this last Wednesday.

Internet service went down for millions of Americans on Wednesday morning after cable company Time Warner Cable suffered a major outage. [...]

Affected users besieged the helplines and social media accounts of the firm, which declared an operating income of $1.1bn in the 2nd quarter of 2014.

On Tuesday, Reuters reported that Time Warner Cable paid $1.1m to resolve an investigation from the Federal Communications Commission that found the provider did not properly report multiple network outages.

“TWC (Time Warner Cable) failed to file a substantial number of reports with respect to a series of reportable wireline and Voice Over Internet Protocol network outages,” the FCC’s report read. “TWC admits that its failure to timely file the required network outage reports violated the commission’s rules.”


Hey, what a shocker. Lousy service from a monopoly, including the failure to report multiple "network outages" in violation of FCC regulations. In short, you can understand the big telecom companies acting in their own interest, if not yours, to maintain the status quo. At present, they are practically printing money while we get internet service that is worse than thirty other countries, including, among others, Uruguay.

Yeah, let that sink in. Uraguayans have better internet service than citizens of the "greatest nation on earth." Pretty damn embarrassing, if not a big surprise. Ever since we began to glorify Big Business and denigrate government during the Reagan years, we've seen America go from being a leader in many fields to falling further and further behind even many third world countries, all so our multinational, tax dodging corporations can feed off ordinary Americans like so many parasites, slowly draining the lifeblood out of our nation even as they steal whatever is left in our pocketbooks.

So, to Chattanooga I say good luck and godspeed in your battle with these corporate psychopaths. I only wish my city had done what yours did. And thanks for showing all of us that government investment in infrastructure, whether at the local level or with assistance from the federal government, in this case the electrical grid and fiber optic networks, works better to grow our economy than the current, private, monopolistic practices of the telecom industry. Indeed, their actions are hurting our nation's economic future, even as they rake it massive profits for bad service.
http://www.dailykos.com/story/2014/0...ble-Very-Angry





Cities Scramble to Upgrade “Stingray” Tracking as End of 2G Network Looms

Oakland is latest city confirmed seeking Hailstorm upgrade, targeting 4G LTE.
Cyrus Farivar

Documents released last week by the City of Oakland reveal that it is one of a handful of American jurisdictions attempting to upgrade an existing cellular surveillance system, commonly known as a stingray.

The Oakland Police Department, the nearby Fremont Police Department, and the Alameda County District Attorney jointly applied for a grant from the Department of Homeland Security to "obtain a state-of-the-art cell phone tracking system," the records show.
Stingray is a trademark of its manufacturer, publicly traded defense contractor Harris Corporation, but "stingray" has also come to be used as a generic term for similar devices.

The cellular surveillance system's upgrade, known as Hailstorm, is necessary. Existing stingray devices will no longer work in a few years as older phone networks get turned off.

According to Harris' annual report, which was filed with the Securities and Exchange Commission last week, the company profited over $534 million in its latest fiscal year, the most since 2011.

"We do not comment on solutions we may or may not proivde to classified Department of Defense or law enforcement agencies," Jim Burke, a spokesman for Harris, told Ars.

Other locales known to be in the process of related federally-funded upgrades include Tacoma, Wash.; Baltimore, Md.; Chesterfield, Va.; Sunrise, Fla.; and Oakland County, Mich. There are likely many more, but such purchases are often shrouded in secrecy.

Relatively little is known about how stingrays are precisely used by law enforcement agencies nationwide, although documents have surfaced showing how they have been purchased and used in some limited instances. Last year, Ars reported on leaked documents showing the existence of a body-worn stingray. In 2010, Kristin Paget famously demonstrated a homemade device built for just $1,500.

Worse still, cops have lied to courts about the use of such technology. Not only can stingrays be used to determine a phone’s location, but they can also intercept calls and text messages.

Robert Shipway, of the Alameda County Public Defender’s Office, said he was not aware of their described use during the process of criminal discovery in county prosecutions in recent years. That could mean that local law enforcement and prosecutors are concealing or obscuring their use.

"[The upgrade] has not been fulfilled," Michael O’Connor, an assistant district attorney in Alameda County, told Ars. "It has not been approved and it has not been purchased."

He also noted that the county had applied for a similar grant to conduct an upgrade in 2012, but that application was denied, and he did not know why.

O’Connor also said that his office was currently in the process of gathering more relevant documents and would publicly release them in September. According to the newly released documents, the entire upgrade will cost $460,000—including $205,000 in total Homeland Security grant money, and $50,000 from the Oakland Police Department (OPD). Neither the OPD nor the mayor's office immediately responded to requests for comment.
Not your grandfather's stingray

One of the primary ways that stingrays operate is by taking advantage of a design feature in any phone available today. When 3G or 4G networks are unavailable, the handset will drop down to the older 2G network. While normally that works as a nice last-resort backup to provide service, 2G networks are notoriously insecure. Handsets operating on 2G will readily accept communication from another device purporting to be a valid cell tower, like a stingray. So the stingray takes advantage of this feature by jamming the 3G and 4G signals, forcing the phone to use a 2G signal.

Christopher Soghoian, a technologist with the American Civil Liberties Union and a close observer of stingray technology, told Ars that little is known about the upgrades Hailstorm offers.

"The only difference that we know about is the 4G," he said, citing a purchase order from the Drug Enforcement Agency first unearthed by The News Tribune in Tacoma. That March 2014 document states: "Stingray II to Hailstrom Upgrade, etc. The Hailstorm Upgrade is necessary for the Stingray system to track 4G LTE Phones"

He explained that the new upgrade will continue to provide existing surveillance capability even after major cellular providers turn off support for the legacy 2G network, which is expected to occur in upcoming years. In 2012, AT&T announced that it would be shutting down its 2G network in 2017. Without the forced downgrade to 2G, a 4G phone targeted by a stingray would not be susceptible to the same types of interception at present, but it likely would still be susceptible to location tracking.

"Presumably, at some point after, new phones sold by AT&T will no longer support 2G," Soghoian added. "Once new phones stop working with 2G, Stingrays won't work any more. At that point, the Hailstorm will be the only way."

Thomas Pica, a Verizon spokesman, told Ars that the company's network would be operational "through the end of the decade." T-Mobile nor Sprint did not respond to Ars' request for comment.

"These things aren't cheap," Soghoian added. "My guess is that there are law enforcement agencies around the country who are frantically trying to find the money because at some point in the future, in the next two to five years, their existing stingrays are going to stop working and my guess is that they're really worried about that."

Other firms that make related devices include Martone Radio Technology, located 25 miles from Oakland, in San Ramon, Calif. Martone also did not respond to Ars' request for comment. Martone advertises 4G LTE interception on its site.

For now, 4G LTE stingray-like devices appear relatively rare.

"We haven't seen any 4G LTE IMSI catchers from any of the brochures from companies that we've picked up yet, so this will be the first," Eric King, the deputy director of Privacy International, told Ars, using another name for stingrays.

His London-based organization, in conjunction with WikiLeaks and other groups, released the Spy Files in 2011, which includes many corporate documents illustrating telecom interception and surveillance.
"It isn't actually invasive at all."

Local law enforcement and federal agencies have taken extraordinary steps to conceal their use and have been reticent to disclose detailed information about their use.

"Once that's disclosed then the targets of the technology will know how to avoid it," O’Connor, the assistant district attorney, told Ars. "Once the bad guys understand how to beat it then they will. It's not like people are running around looking through peepholes. If I told you that I have a blue truck that I'm going to park in front of your house and told you I was going to watch you go out of your house then you're not going to come out of your house. It isn't actually invasive at all, but I can't tell you any more than I just told you without compromising the technology."

"It can't easily be resolved—the public's right to know, the Fourth Amendment rights of people who might be subject to this kind of analysis and the needs of law enforcement to keep sources confidential especially in a day and age when the bad guys have acquired considerable technology that is turned against good guys."

In nearby San Francisco, the police also refused to provide any stingray-related documents last week to Ars as part of another public records request.

In August, the Federal Communications Commission said it will investigate the "illicit and unauthorized use" of stingrays.

The newly published letter from FCC Chairman Tom Wheeler to Rep. Alan Grayson (D-FL) states that Wheeler has created a task force that recently took "immediate steps to combat the illicit and unauthorized use of IMSI catchers. The mission of this task force is to develop concrete solutions to protect the cellular networks systemically from similar unlawful intrusions and interceptions."

As a result, one state lawmaker has even recently attempted to regulate the device’s use in the wake of the disclosure of the Hailstorm acquisition in Oakland County, Mich.

"The most frustrating part of this whole situation is that the county continually refuses to share information on what the technology does, while telling lawmakers and the public to just trust them," Michigan state representative Tom McMillin said in a statement in June 2014. "Among other things, this technology can mimic cell towers to collect data, and citizens wouldn’t have any way of knowing their privacy, or worse their rights, have been violated. To me, that runs into our constitutional rights."
http://arstechnica.com/tech-policy/2...network-looms/





Mysterious Phony Cell Towers Could Be Intercepting Your Calls

Every smart phone has a secondary OS, which can be hijacked by high-tech hackers
Andrew Rosenblum

Like many of the ultra-secure phones that have come to market in the wake of Edward Snowden's leaks, the CryptoPhone 500, which is marketed in the U.S. by ESD America and built on top of an unassuming Samsung Galaxy SIII body, features high-powered encryption. Les Goldsmith, the CEO of ESD America, says the phone also runs a customized or "hardened" version of Android that removes 468 vulnerabilities that his engineering team team found in the stock installation of the OS.

His mobile security team also found that the version of the Android OS that comes standard on the Samsung Galaxy SIII leaks data to parts unknown 80-90 times every hour. That doesn't necessarily mean that the phone has been hacked, Goldmsith says, but the user can't know whether the data is beaming out from a particular app, the OS, or an illicit piece of spyware. His clients want real security and control over their device, and have the money to pay for it.

To show what the CryptoPhone can do that less expensive competitors cannot, he points me to a map that he and his customers have created, indicating 17 different phony cell towers known as “interceptors,” detected by the CryptoPhone 500 around the United States during the month of July alone. (The map below is from August.) Interceptors look to a typical phone like an ordinary tower. Once the phone connects with the interceptor, a variety of “over-the-air” attacks become possible, from eavesdropping on calls and texts to pushing spyware to the device.

“Interceptor use in the U.S. is much higher than people had anticipated,” Goldsmith says. “One of our customers took a road trip from Florida to North Carolina and he found 8 different interceptors on that trip. We even found one at South Point Casino in Las Vegas.”

Who is running these interceptors and what are they doing with the calls? Goldsmith says we can’t be sure, but he has his suspicions.

“What we find suspicious is that a lot of these interceptors are right on top of U.S. military bases. So we begin to wonder – are some of them U.S. government interceptors? Or are some of them Chinese interceptors?” says Goldsmith. “Whose interceptor is it? Who are they, that's listening to calls around military bases? Is it just the U.S. military, or are they foreign governments doing it? The point is: we don't really know whose they are.”

Interceptors vary widely in expense and sophistication – but in a nutshell, they are radio-equipped computers with software that can use arcane cellular network protocols and defeat the onboard encryption. Whether your phone uses Android or iOS, it also has a second operating system that runs on a part of the phone called a baseband processor. The baseband processor functions as a communications middleman between the phone’s main O.S. and the cell towers. And because chip manufacturers jealously guard details about the baseband O.S., it has been too challenging a target for garden-variety hackers.

“The baseband processor is one of the more difficult things to get into or even communicate with,” says Mathew Rowley, a senior security consultant at Matasano Security. “[That’s] because my computer doesn't speak 4G or GSM, and also all those protocols are encrypted. You have to buy special hardware to get in the air and pull down the waves and try to figure out what they mean. It's just pretty unrealistic for the general community.”

But for governments or other entities able to afford a price tag of “less than $100,000,” says Goldsmith, high-quality interceptors are quite realistic. Some interceptors are limited, only able to passively listen to either outgoing or incoming calls. But full-featured devices like the VME Dominator, available only to government agencies, can not only capture calls and texts, but even actively control the phone, sending out spoof texts, for example. Edward Snowden revealed that the N.S.A. is capable of an over-the-air attack that tells the phone to fake a shut-down while leaving the microphone running, turning the seemingly deactivated phone into a bug. And various ethical hackers have demonstrated DIY interceptor projects, using a software programmable radio and the open-source base station software package OpenBTS – this creates a basic interceptor for less than $3,000. On August 11, the F.C.C. announced an investigation into the use of interceptors against Americans by foreign intelligence services and criminal gangs.

An “Over-the-Air” Attack Feels Like Nothing

Whenever he wants to test out his company’s ultra-secure smart phone against an interceptor, Goldsmith drives past a certain government facility in the Nevada desert. (To avoid the attention of the gun-toting counter-intelligence agents in black SUVs who patrol the surrounding roads, he won't identify the facility to Popular Science). He knows that someone at the facility is running an interceptor, which gives him a good way to test out the exotic “baseband firewall” on his phone. Though the baseband OS is a “black box” on other phones, inaccessible to manufacturers and app developers, patent-pending software allows the GSMK CryptoPhone 500 to monitor the baseband processor for suspicious activity.

So when Goldsmith and his team drove by the government facility in July, he also took a standard Samsung Galaxy S4 and an iPhone to serve as a control group for his own device.

”As we drove by, the iPhone showed no difference whatsoever. The Samsung Galaxy S4, the call went from 4G to 3G and back to 4G. The CryptoPhone lit up like a Christmas tree.”

Though the standard Apple and Android phones showed nothing wrong, the baseband firewall on the Cryptophone set off alerts showing that the phone’s encryption had been turned off, and that the cell tower had no name – a telltale sign of a rogue base station. Standard towers, run by say, Verizon or T-Mobile, will have a name, whereas interceptors often do not.

Some devices can not only capture calls and texts, but even actively control the phone and send spoof texts.

And the interceptor also forced the CryptoPhone from 4G down to 2G, a much older protocol that is easier to de-crypt in real-time. But the standard smart phones didn’t even show they’d experienced the same attack.

“If you've been intercepted, in some cases it might show at the top that you've been forced from 4G down to 2G. But a decent interceptor won't show that,” says Goldsmith. “It'll be set up to show you [falsely] that you're still on 4G. You'll think that you're on 4G, but you're actually being forced back to 2G.”

So Do I Need One?

Though Goldsmith won’t disclose sales figures or even a retail price for the GSMK CryptoPhone 500, he doesn’t dispute an MIT Technology Review article from this past spring reporting that he produces about 400 phones per week for $3,500 each. So should ordinary Americans skip some car payments to be able to afford to follow suit?

It depends on what level of security you expect, and who you might reasonably expect to be trying to listen in, says Oliver Day, who runs Securing Change, an organization that provides security services to non-profits.

“There's this thing in our industry called “threat modeling,” says Day. “One of the things you learn is that you have to have a realistic sense of your adversary. Who is my enemy? What skills does he have? What are my goals in terms of security?”

If you’re not realistically of interest to the U.S. government and you never leave the country, then the CryptoPhone is probably more protection than you need. Goldsmith says he sells a lot of phones to executives who do business in Asia. The aggressive, sophisticated hacking teams working for the People’s Liberation Army have targeted American trade secrets, as well as political dissidents.

Day, who has written a paper about undermining censorship software used by the Chinese government, recommends people in hostile communications environments watch what they say over the phone and buy disposable “burner” phones that can be used briefly and then discarded.

“I'm not bringing anything into China that I'm not willing to throw away on my return trip,” says Day.

Goldsmith warns that a “burner phone” strategy can be dangerous. If Day were to call another person on the Chinese government’s watch list, his burner phone’s number would be added to the watch list, and then the government would watch to see who else he called. The CryptoPhone 500, in addition to alerting the user whenever it’s under attack, can “hide in plain sight” when making phone calls. Though it does not use standard voice-over-IP or virtual private network security tools, the CryptoPhone can make calls using just a WI-FI connection -- it does not need an identifiable SIM card. When calling over the Internet, the phone appears to eavesdroppers as if it is just browsing the Internet.
http://www.popsci.com/article/techno...ing-your-calls





The Police Tool That Pervs Use to Steal Nude Pics From Apple’s iCloud
Andy Greenberg

As nude celebrity photos spilled onto the web over the weekend, blame for the scandal has rotated from the scumbag hackers who stole the images to a researcher who released a tool used to crack victims’ iCloud passwords to Apple, whose security flaws may have made that cracking exploit possible in the first place. But one step in the hackers’ sext-stealing playbook has been ignored—a piece of software designed to let cops and spies siphon data from iPhones, but is instead being used by pervy criminals themselves.

On the web forum Anon-IB, one of the most popular anonymous image boards for posting stolen nude selfies, hackers openly discuss using a piece of software called EPPB or Elcomsoft Phone Password Breaker to download their victims’ data from iCloud backups. That software is sold by Moscow-based forensics firm Elcomsoft and intended for government agency customers. In combination with iCloud credentials obtained with iBrute, the password-cracking software for iCloud released on Github over the weekend, EPPB lets anyone impersonate a victim’s iPhone and download its full backup rather than the more limited data accessible on iCloud.com. And as of Tuesday, it was still being used to steal revealing photos and post them on Anon-IB’s forum.

“Use the script to hack her passwd…use eppb to download the backup,” wrote one anonymous user on Anon-IB explaining the process to a less-experienced hacker. “Post your wins here ;-)”

Apple’s security nightmare began over the weekend, when hackers began leaking nude photos that included shots of Jennifer Lawrence, Kate Upton, and Kirsten Dunst. The security community quickly pointed fingers at the iBrute software, a tool released by security researcher Alexey Troshichev designed to take advantage of a flaw in Apple’s “Find My iPhone” feature to “brute-force” users’ iCloud passwords, cycling through thousands of guesses to crack the account.

If a hacker can obtain a user’s iCloud username and password with iBrute, he or she can log in to the victim’s iCloud.com account to steal photos. But if attackers instead impersonate the user’s device with Elcomsoft’s tool, the desktop application allows them to download the entire iPhone or iPad backup as a single folder, says Jonathan Zdziarski, a forensics consult and security researcher. That gives the intruders access to far more data, he says, including videos, application data, contacts, and text messages.

On Tuesday afternoon, Apple issued a statement calling the security debacle a “very targeted attack on user names, passwords and security questions.” It added that “none of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud® or Find my iPhone.”

But the conversations on Anon-IB make clear the photo-stealing attacks aren’t limited to a few celebrities. And Zdziarski argues that Apple may be defining a “breach” as not including a password-guessing attack like iBrute. Based on his analysis of the metadata from leaked photos of Kate Upton, he says he’s determined that the photos came from a downloaded backup that would be consistent with the use of iBrute and EPPB. If a full device backup was accessed, he believes the rest of the backup’s data may still be possessed by the hacker and could be used for blackmail or finding other targets. “You don’t get the same level of access by logging into someone’s [web] account as you can by emulating a phone that’s doing a restore from an iCloud backup,” says Zdziarski. “If we didn’t have this law enforcement tool, we might not have the leaks we had.”

Elcomsoft is just one of a number of forensics firms like Oxygen and Cellebrite that reverse engineer smartphone software to allow government investigators to dump the devices’ data. But Elcomsoft’s program seems to be the most popular among Anon-IB’s crowd, where it’s been used for months prior to the most current leaks, likely in cases where the hacker was able to obtain the target’s password through means other than iBrute. Many “rippers” on Anon-IB offer to pull nude photos on behalf of any other user who may know the target’s Apple ID and password. “Always free, fast and discreet. Will make it alot easier if you have the password,” writes one hacker with the email address eppbripper@hush.ai. “Willing to rip anything iclouds – gf/bf/mom/sister/classmate/etc!! Pics, texts, notes etc!”

One of Anon-IB’s ripper who uses the handle cloudprivates wrote in an email to WIRED that he or she doesn’t consider downloading files from an iCloud backup “hacking” if it’s done on behalf of another user who supplies a username and password. “Dunno about others but I am too lazy to look for accounts to hack. This way I just provide a service to someone that wants the data off the iCloud. For all I know they own the iCloud,” cloudprivates writes. “I am not hacking anything. I simply copy data from the iCloud using the user name and password that I am given. Software from elcomsoft does this.”

Elcomsoft’s program doesn’t require proof of law enforcement or other government credentials. It costs as much as $399, but bootleg copies are freely available on bittorrent sites. And the software’s marketing language sounds practically tailor-made for Anon-IB’s rippers.

“All that’s needed to access online backups stored in the cloud service are the original user’s credentials including Apple ID…accompanied with the corresponding password,” the company’s website reads. “Data can be accessed without the consent of knowledge of the device owner, making Elcomsoft Phone Password Breaker an ideal solution for law enforcement and intelligence organizations.”

Elcomsoft didn’t respond to a request for comment.

On Monday, iBrute creator Troshichev noted that Apple had released an update for Find My iPhone designed to fix the flaw exploited by iBrute. “The end of fun, Apple have just patched,” he wrote on Github. But Anon-IB users continued to discuss stealing data with iBrute in combination with EPPB on the forum Tuesday, suggesting that the fix has yet to be applied to all users, or that stolen credentials are still being used with Elcomsoft’s program to siphon new data. Apple didn’t immediately respond to WIRED’s request for further comment, though it says it’s still investigating the hack and working with law enforcement.

For Apple, the use of government forensic tools by criminal hackers raises questions about how cooperative it may be with Elcomsoft. The Russian company’s tool, as Zdziarski describes it, doesn’t depend on any “backdoor” agreement with Apple and instead required Elcomsoft to fully reverse engineer Apple’s protocol for communicating between iCloud and its iOS devices. But Zdziarski argues that Apple could still have done more to make that reverse engineering more difficult or impossible.

“When you have third parties masquerading as hardware. it really opens up a vulnerability in terms of allowing all of these different companies to continue to interface with your system,” he says. “Apple could take steps to close that off, and I think they should.”

The fact that Apple isn’t complicit in law enforcement’s use of Elcomsoft’s for surveillance doesn’t make the tool any less dangerous, argues Matt Blaze, a computer science professor at the University of Pennsylvania and frequent critic of government spying methods. “What this demonstrates is that even without explicit backdoors, law enforcement has powerful tools that might not always stay inside law enforcement,” he says. “You have to ask if you trust law enforcement. But even if you do trust law enforcement, you have to ask whether other people will get access to these tools, and how they’ll use them.”
http://www.wired.com/2014/09/eppb-icloud/





This Could be the Apple iCloud Flaw that Led to Celebrity Photos Being Leaked
Owen Williams

An alleged breach in Apple’s iCloud service may be to blame for countless leaks of private celebrity photos this week.

On Monday, a Python script emerged on GitHub (which we’re not linking to as there is evidence a fix by Apple is not fully rolled out) that appears to have allowed malicious users to ‘brute force’ a target account’s password on Apple’s iCloud, thanks to a vulnerability in the Find My iPhone service. Brute-force attacks consist of using a malicious script to repeatedly guess passwords in an attempt to discover the correct one.

The vulnerability allegedly discovered in the Find My iPhone service appears to have let attackers use this method to guess passwords repeatedly without any sort of lockout or alert to the target. Once the password has been eventually matched, the attacker can then use it to access other iCloud functions freely.

Users on Twitter were able to use the tool from GitHub — which was published for two days before being shared to Hacker News — to access their own accounts before it seems Apple patched the hole today. The owner of the tool noticed it was patched at 3:20am PT.

When we tested the tool, it locked out our accounts after five attempts, meaning that the Python script certainly tries to attack the service but Apple has patched the hole.

We discussed the tool with its creator, Hackapp, over Twitter, who said “this bug is common for all services which have many authentication interfaces” and that with “basic knowledge of sniffing and reversing techniques” it is “trivial” to uncover them. When asked if the method could have been used in the celebrity hack today, Hackapp said “I’ve not seen any evidence yet, but I admit that someone could use this tool.”

Hackapp also posted a slideshow that details the tool, why it was created and identifies other problems in iCloud keychain’s security. We’re not able to verify all the claims in the slideshow, but the creator points out the flaws we mentioned in the slide below.

It’s unclear how long this hole was open, leaving those with simple, guessable passwords easily attacked once hackers had an email address to target. There is still no concrete evidence that these images were leaked via iCloud and may have instead been obtained via multiple attacks, though the hacker that originally leaked the images claims that they were retrieved from iCloud.

A similar kind of attack has occurred before. Hackers have previously used Find My iPhone to hold victims ransom, locking their phones and demanding money in exchange for giving their phone back.

We’ve contacted Apple for comment but have yet to receive a reply. Meanwhile, The Independent reported that Apple has “refused to comment” on any security flaw in iCloud today.
http://thenextweb.com/apple/2014/09/...-being-leaked/





Apple Says it is “Actively Investigating” Celeb Photo Hack
Arik Hesseldahl

Apple said Monday it was “actively investigating” the violation of several of its iCloud accounts, in which revealing photos and videos of prominent Hollywood actresses were taken and posted all over the Web.

“We take user privacy very seriously and are actively investigating this report,” said Apple spokeswoman Natalie Kerris.

Photos, some real, some said to be fakes, are said to have been taken from the iCloud accounts of several celebrities, such as actress Jennifer Lawrence. They were posted to the Web image-sharing community 4Chan and have since spread across the Web, showing up on social media sites like Twitter, Reddit and elsewhere.

Security experts said the hacking and theft of revealing pictures from the Apple iCloud accounts of a few celebrities might have been prevented if those affected had enabled two-factor authentication on their accounts.

Apple hasn’t yet said anything definitive about how the attacks were carried out, but security researchers at the security firm FireEye, examined the evidence that has emerged so far, and said it appears to have been a fairly straightforward attack. That said, it is also one that could have been thwarted had some additional steps to secure the targeted accounts been taken.

That additional step is known as two-factor authentication. Apple calls it “two-step verification,” although it doesn’t work very hard to tell people about it, said Darien Kindlund, director of threat research at Mandiant FireEye.

“In general Apple has been a little late to the game in offering this kind of protection, and doesn’t advertise it,” he said. “You have to dig through the support articles to find it.”

When enabled, two-factor authentication requires users to enter a numerical code that is sent to their phone or another device, in addition to using their regular password. Since the number constantly changes, it makes it much more difficult for attackers to gain access the account, even if they know the password.

Assuming the compromised accounts were running without the two-step option turned on, it would then have been relatively easy for the attacker to gain access to the accounts.

As The Next Web reported earlier today the attack may be linked to software on GitHub called iBrute that is capable of carrying out automated brute-force attacks against iCloud accounts. In this scenario, an attacker simply guesses a password again and again until they succeed. While tedious and time-consuming for a person, it’s a simple and infinitely faster process for a computer.

The as-yet unknown attacker had one other thing going for him: Apple allows an unlimited number of password guesses. Normally, systems limit the number of times someone can try to log in to a system with an incorrect password before the account is locked down entirely. Apple has since fixed that aspect of the vulnerability.

“The attackers never should have been allowed to make an unlimited number of guesses,” Kindlund said.

And while there’s no direct evidence tying the program to the attack, the timing of the incident appears to coincide with a talk given by security researchers on the subject of security on iCloud. See the slides here.

The iBrute program was created by security researchers in Russia as a proof of concept and demonstrated as part of a talk at a security conference in St. Petersburg earlier this month.

It’s not the first time that this sort of thing has happened, nor will it be the last. Back in 2005, socialite Paris Hilton was the target of a hacking attack in which pictures and text messages from her Sidekick smartphone were pilfered from a cloud storage account. A group of young men were prosecuted over that incident and another attack against the database giant LexisNexis, and most of them served time in federal prison or juvenile detention.
http://recode.net/2014/09/01/apple-s...eb-photo-hack/





Celebrity Hacking Clouds Apple's Upcoming Product Launch
Christina Farr and Edwin Chan

Apple Inc (AAPL.O) has often displayed uncanny timing, with its well-orchestrated end-of-year iPhone releases. But the leak of racy celebrity photos in the past few days put the company in the unusual position of having to mend its image just days before a highly anticipated Sept. 9 product launch.

Nude photos of Hollywood celebrities, including Oscar-winning actress Jennifer Lawrence, posted on Internet forums by unknown hackers has sparked condemnation from stars and their publicists, and prompted an investigation by the Federal Bureau of Investigation.

In the wake of the breach, cybersecurity experts and mobile developers have called out inadequacies in Apple’s and, more generally, cloud-services security. Thousands have taken to Twitter to express their frustrations with the company.

Some security experts faulted Apple for failing to make its devices and software easier to secure through two-factor authentication, which requires a separate verification code after users log in initially. The process requires several steps and more than rudimentary knowledge of a phone's workings.

Apple could also do more to advertise that option, they said. Most people do not bother with security measures because of the extra hassle, experts say, and the leading phone makers are partly to blame.

"Making things more private or secure by default instead of having “security options” would go a long way. Most people won’t take those options and they aren’t necessarily advertised as available," said Matt Johansen, senior manager of the Threat Research Center at WhiteHat Security Inc.

"Most sites with two-factor authentication, you need to go to some very obscure options menu, multiple-clicks deep."

To be sure, the inadequacies identified in Apple's cloud and mobile security ring true of other cloud or Internet-storage services, experts said. Official and celebrity Twitter accounts for instance had been routinely hacked.

Apple said on Tuesday the hacks were the result of targeted attacks on accounts and not a direct breach of its systems. The company referred to such attempts as "all too common on the Internet."

But the highly public affair remains potentially one of Apple's worst public crises in years. Speculation continues to spread on blogs about flaws in the iCloud service, which lets computer and mobile users store photos, documents and other data so they can be accessed from a plethora of devices they own.

Brandwatch, a company that analyzes sentiment on social media, blogs and other sites, found that prior to the hack, Apple received very few negative mentions on Twitter, a testament to its strong brand in the United States.

But in the past three days, 17,000 mentions on Twitter were related to the security breach as of Tuesday afternoon. 7,600 of these tweets specifically mention Apple. Some of the negative words associated with mentions of Apple's iCloud service include “violation,” “disgusting violation,” “criminality,” “failure,” “glitch” and “disappointment."

Brandwatch spokeswoman Dinah Alobeid said Brandwatch differentiates between negative and neutral tweets by analyzing keywords. There were three times as many negative mentions as positive mentions related to the incident.

Apple has dealt with several high-profile public faux-pas in past years, including a maps service criticized for lacking important geographic detail and "Antennagate," when experts exposed how a flaw in the latest iPhone led to dropped calls. Depending on how the hacks went down, this incident could be as damaging to its reputation, if not more.

“This could be a scary time publicly for Apple," JD Sherry, vice president of cybersecurity provider Trend Micro wrote in a Tuesday blogpost. "They haven't had many, Antennagate and Apple Maps come to mind, and this would most likely trump those."

BUILDING TRUST

The celebrity hacks underscore the longer-term risks for mobile users as smartphones increasingly become the repository for far more sensitive education, healthcare and banking data. And that data gets stored increasingly in personal cloud accounts, hosted on the public and private Internet.

"We need to get to a point where security is the standard (and) Apple could make it easier in the set up," said Branden Spikes, founder and CEO of Spikes Security and former chief information officer of Space Exploration Technologies.

At its upcoming event, Apple is expected to announce the launch of a mobile payments service alongside its iPhone 6.

BeyondTrust security expert Marc Maiffret expects the phone will someday replace the wallet, storing sensitive payments information such as credit card accounts - data that would prove increasingly tempting to hackers.

"How long after that does it make sense for your identity beyond your financial information to follow?" he said.

Apple has encouraged developers to use iCloud. But the leaks have left some app developers feeling uncertain.

"Things like this happen and you wonder, can you trust Apple with other people's data," said Ruben Martinez, a developer building Apple software applications. Martinez said he considered using iCloud for an app he is building, but he may now explore other options.

(Editing by Eric Effron and Lisa Shumaker)
http://uk.reuters.com/article/2014/0...0GX29D20140903





Posting of Nude Photos Prompts Regret on Social Media
Mike Isaac

Perez Hilton has made a career of posting anything and everything about celebrities and their lives. On Tuesday, he thought better of it.

Mr. Hilton helped a trove of nude celebrity photos spread like wildfire across the Internet over Labor Day weekend. The photos, which included images of stars like Jennifer Lawrence and Kate Upton, became available after someone — and who did it is unknown — posted the pictures to 4chan and Reddit, two hugely popular anonymous online message boards. There they quickly became trading fodder among the sites’ regulars.

On Sunday, after the photos were posted to these message boards, Google searches for the term “Jennifer Lawrence” shot through the roof, according to data from Google Trends.

The images are hardly the first nude celebrity pictures to make their way online. But their publication has touched off a larger discussion on the state of privacy and civil liberties on the Internet. Some privacy advocates are focusing on the role that big tech companies play in policing — or not policing — users who repeatedly push the boundaries of taste, or those who post controversial content like the videos of the beheadings of the journalists James Foley and Steven Sotloff.

Mr. Hilton and others are even soul-searching whether individuals should be exercising self-restraint in viewing questionable content.

Mr. Hilton published a video on YouTube, in which he expressed remorse that he had publicized the photos. “I view this as a good opportunity to learn from and grow from, and to make some changes going forward,” he said.
Continue reading the main story Mr. Hilton’s video about publicizing the controversial photos.

His regrets were echoed across Twitter, where users like Seth Rogen and Lena Dunham urged others not to share or view the images out of respect for the celebrities’ privacy. Even on Reddit, moderators of the sub-forums featuring the images were questioning whether they should take the pictures down. (Although they are still up.)

For privacy advocates, though, the responsibility lies with the big tech companies that host this kind of content.

The incident “should be treated like a sex crime, a privacy invasion taken to an extreme,” said Jules Polonetsky, executive director of the Future of Privacy Forum, a Washington advocacy group. “Sites allowing the sharing of these pictures can and should be taking proactive action to remove these pictures.”

Recently, Twitter came under fire for its loose stance on what is permissible on its network of 271 million monthly users when Robin Williams’s daughter quit the service after being attacked via Twitter messages about her father’s death.

And after the Islamic State in Iraq and Syria, a terrorist organization, posted to YouTube videos of the beheadings of James Foley and Steven Sotloff, two American journalists, some made calls for more stringent guidelines on the services. Many users urged people to take matters into their own hands, advocating not viewing the video.

“We respect Steven Sotloff and won’t air images of his death, or him in a jumpsuit,” Al Jazeera, the media network based in Doha, Qatar, said in a statement posted to its public relations Twitter account on Tuesday, using the hashtag “#ISISmediaBlackout.” “We suggest all media do the same.”

But Twitter, YouTube and Reddit take a decidedly hands-off approach to censoring content that appears on their networks, relying instead on users to flag objectionable material that may or may not end up being taken down. “YouTube has clear policies that outline what content is acceptable to post on YouTube, and we remove videos violating these policies when flagged by our users,” a YouTube spokeswoman said in a statement.

On Reddit, a site whose users are well known for a libertarian, laissez-faire approach to community censorship, the photos were quickly embraced. At least one subforum was dedicated to discussing and trading them.

Reddit did not respond to a request for comment. In the past, the site’s policy has been to allow its users to police themselves, letting self-appointed community moderators decide what is and is not appropriate to appear on the site.

When the photos began to surface on the web, some news reports suggested that Apple’s online storage service, iCloud, had been breached.

But Apple firmly denied this speculation, saying on Tuesday that while at least some celebrity accounts were individually attacked, the incident was not the result of any widespread attack on Apple’s software products.

“None of the cases we have investigated has resulted from any breach in any of Apple’s systems,” Nat Kerris, an Apple spokeswoman, said in a statement. “We are continuing to work with law enforcement to help identify the criminals involved.”

A spokeswoman for Ms. Lawrence, who verified that the photos of her client were real, said she was in touch with law enforcement and would prosecute those who posted the stolen pictures.

Twitter, YouTube and others may ultimately decide to take a more active approach to policing user-generated content. Twitter has already shown some signs of change. But this is a fine line to tread, as these companies have long trumpeted their democratic approach to unfettered online speech.

If these services were altered significantly, civil liberties advocates fear it could inhibit how people are able to express themselves online.

“While a rule against hate speech might prevent rape threats, it could also stifle political speech,” said Jillian C. York, a director at the Electronic Frontier Foundation, an online civil liberties organization. “Companies have demonstrated that they can’t be trusted as arbiters of speech.”

Instead, Ms. York said, Internet users themselves should be able to do a better job of self-policing. “We should encourage companies like Twitter and Facebook to put tools in place that allow users to more easily filter out content and block abusive individuals,” Ms. York said.

For some, though, the damage has already been done.

“To those of you looking at photos I took with my husband years ago in the privacy of our home, hope you feel great about yourselves,” the actress Mary Elizabeth Winstead, whose nude pictures were leaked on 4chan and Reddit, said in a series of Twitter posts on Sunday.

Ms. Winstead said she was abandoning the Internet for the time being, because of a barrage of personal attacks on Twitter after the photos surfaced online.

“I can only imagine the creepy effort that went into this,” Ms. Winstead said.

Brian X. Chen and Quentin Hardy contributed reporting.
http://www.nytimes.com/2014/09/03/te...-behavior.html





Tehran Unfetters Cellphones, and the Pictures Start Flowing
Thomas Erdbrink

Some days ago, Mahdi Taghizadeh did something he never thought he would — at least, not in Iran. He took a screen shot and shared the image with his followers on Twitter. “They were all excited,” Mr. Taghizadeh, an Internet entrepreneur, said. “Finally.”

Mr. Taghizadeh’s small triumph on the sidewalk of a Tehran street was among the first tangible results of a rare victory for Iran’s president, Hassan Rouhani, over the hard-liners who effectively rule this country. Last week, the government unexpectedly granted 3G and 4G licenses to the Islamic republic’s two principal mobile operators, which are rushing to roll out high-speed connections to their tens of millions of subscribers.

While Iranians willing to flout the law have long used illegal software to gain access to banned Internet sites like YouTube and Twitter, until now, Iran’s main cellphone operators had been ordered to reduce Internet speeds to a sub-snail’s pace, effectively making it impossible to use the sites, make video calls or send images.

Mr. Rouhani has long called for relaxing Iran’s tight grip on the Internet, but has had only limited success in the face of stern opposition from a conservative coalition of clerics, military commanders and lawmakers who have argued that any relaxation of strictures will spread immorality and unwanted ideas.

There is also a political dimension to the conservatives’ resistance. Since antigovernment protests rocked the streets of Tehran in 2009, the Iranian authorities have directed tireless efforts to ensure that activists cannot use the Internet to organize protests or distribute images and videos of demonstrations.

In a speech to clerics on Monday, however, Mr. Rouhani warned that the days of blunt methods of control were fast ending and urged them to be more tolerant of new technologies.

“We cannot shut the gates of the world to our young generation,” he said, according to the state Islamic Republic News Agency. “Once, there was a time that someone would hide his radio at home, if he had one, to use it just for listening to the news. We have passed that era.”

Over the past few months, the government has allowed service providers to increase bandwidth for home connections, offering data traffic up to 10 megabits per second — still slow compared with the West, where users typically choose plans offering 20 to 30 megabits per second.

Nevertheless, while Iran’s Internet access is still slow compared with that in many countries, it does now allow users to watch and send videos, something that previously was possible only for those with nearly infinite patience and determination.

The president’s message is trust, his supporters say. Iranians are wise enough to make their own decisions, says Farshad Ghorbanpour, a political analyst close to Mr. Rouhani’s government. “Our educated people use the Internet in a healthy way,” he said, “and have the right to fast Internet like all other people in the world.”

Throughout his first year in office, Mr. Rouhani has fought the hard-liners on multiple fronts, usually backing down. His adversaries, who control most of Iran’s levers of power, such as the judiciary and several important councils, want the president to fix the economy and cut a nuclear deal with the West on Iran’s terms, but have blocked all social changes.

Since the earliest years of their faith, Shiite clerics have dedicated themselves to preventing believers from committing vice and to promoting virtue. Over the years, they have banned the VCR, declared satellite television illegal and blacked out millions of websites, including Facebook and Twitter, in a not terribly successful effort to protect their flock from modern communications technologies.

But the information age has left them divided. While most clerics agree that the Internet is good for science, they also say there must be oversight and control for almost everything else.

The obsession with control even extended to search terms. Until recently, anyone who typed “women” in Google would be directed to a site saying, “According to computer crime regulations, access to this website is denied.”

Not surprisingly, in that atmosphere, the current changes met with stiff opposition in some quarters. Iran’s Parliament, always eager to strike down the Rouhani government’s plans, called in the minister of communication last week and demanded that he “lower the speed of the Internet.”

A leading ayatollah, Naser Makarem Shirazi, called on the government to revoke the mobile Internet licenses before young minds could be poisoned by “dirty pictures and clips,” a post on his website read.

To some extent, the government’s decision to allow high-speed Internet systems is a recognition of reality. Before now, millions of tech-savvy Iranians lived a forced life of crime, buying illegal software that enabled them to visit blocked sites. Nevertheless, even those who bypassed the state filters were stymied by the excruciatingly slow Internet speeds.

In his speech on Monday, Mr. Rouhani did not address the issue of the filtering and blocking of websites, which will remain in place, analysts said. On Saturday at a news conference, he said he remained committed to a nationwide intranet, like those maintained by companies, with only selected websites allowed.

Iran is notoriously inconsistent in its social policies, and there is no guarantee the new Internet speeds are here to stay. But there was one encouraging sign.

Ayatollah Shirazi on Sunday issued a statement saying his demand to revoke the 3G licenses had been distorted. “We are not against technology,” he said. “But we feel the new technology must be purified before it is given to the people.”

While gratified by the changes, many Iranians remain frustrated with the government’s continuing limits on Internet use.

“We just have to find ways to come to terms with all the restrictions,” said Movarid, 28, who refused to give her family name so she could speak freely. “Once they declared the VCR illegal, and look how ridiculous that sounds now. That shows how we will feel about this period in the future.”
http://www.nytimes.com/2014/09/03/wo...nnections.html





Cellphone Addiction Is ‘an Increasingly Realistic Possibility,’ Baylor Study of College Students Reveals
Terry Goodrich

Women college students spend an average of 10 hours a day on their cellphones and men college students spend nearly eight, with excessive use posing potential risks for academic performance, according to a Baylor University study on cellphone activity published in the Journal of Behavioral Addictions.

“That’s astounding,” said researcher James Roberts, Ph.D., The Ben H. Williams Professor of Marketing in Baylor’s Hankamer School of Business. “As cellphone functions increase, addictions to this seemingly indispensable piece of technology become an increasingly realistic possibility.”

The study notes that approximately 60 percent of college students admit they may be addicted to their cell phone, and some indicated they get agitated when it is not in sight, said Roberts, lead author of the article “The Invisible Addiction: Cellphone Activities and Addiction among Male and Female College Students.”

The study — based on an online survey of 164 college students — examined 24 cellphone activities and found that time spent on 11 of those activities differed significantly across the sexes. Some functions — among them Pinterest and Instagram — are associated significantly with cellphone addiction. But others that might logically seem to be addictive – Internet use and gaming — were not.

General findings of the study showed that:

• Of the top activities, respondents overall reported spending the most time texting (an average of 94.6 minutes a day), followed by sending emails (48.5 minutes), checking Facebook (38.6 minutes), surfing the Internet (34.4 minutes) and listening to their iPods. (26.9 minutes).

• Men send about the same number of emails but spend less time on each. “That may suggest that they’re sending shorter, more utilitarian messages than their female counterparts,” Roberts said.

• Women spend more time on their cellphones. While that finding runs somewhat contrary to the traditional view that men are more invested in technology, “women may be more inclined to use cellphones for social reasons such as texting or emails to build relationships and have deeper conversations.”

• The men in the study, while more occupied with using their cellphones for utilitarian or entertainment purposes, “are not immune to the allure of social media,” Roberts said. They spent time visiting such social networking sites as Facebook, Instagram and Twitter. Among reasons they used Twitter were to follow sports figures, catch up on the news — “or, as one male student explained it, ‘waste time,’” Roberts said.

Excessive use of cellphones poses a number of possible risks for students, he said.

“Cellphones may wind up being an escape mechanism from their classrooms. For some, cellphones in class may provide a way to cheat,” Roberts said.

Excessive or obsessive cellphone use also can cause conflict inside and outside the classroom: with professors, employers and families. And “some people use a cellphone to dodge an awkward situation. They may pretend to take a call, send a text or check their phones,” Roberts said.

Roberts noted that the current survey is more extensive than previous research in measuring the number and types of cellphone activities. It also is the first to investigate which activities are associated significantly with cellphone addictions and which are not.

Study participants were asked to respond to 11 statements such as “I get agitated when my cellphone is not in sight” and “I find that I am spending more and more time on my cellphone” to measure the intensity of their addiction.

The study noted that modern cellphone use is a paradox in that it can be “both freeing and enslaving at the same time.”

“We need to identify the activities that push cellphone use from being a helpful tool to one that undermines our well-being and that of others,” Roberts said.

Cellphone activities examined in the study included calling, texting, emailing, surfing the Internet, banking, taking photos, playing games, reading books, using a calendar, using a clock and a number of applications, among them the Bible, iPod, coupons, Google Maps, eBay, Amazon, Facebook, Twitter, Pinterest, Instagram, YouTube, iTunes, Pandora and “other” (news, weather, sports, lifestyle-related applications and Snapchat.)

Other researchers include Luc Honore Petnji Yaya, professor in the department of economics and business administration at Universitat Internacional de Catalunya in Barcelona, Spain; and the late Chris Manolis, Ph.D., professor of marketing in Williams College of Business at Xavier University in Cincinnati, Ohio.
http://www.baylor.edu/mediacommunica...y&story=145864





Losing Our Touch
Richard Kearney

Are we losing our senses? In our increasingly virtual world, are we losing touch with the sense of touch itself? And if so, so what?

I recently had occasion to pose these questions to students in a college class I teach on eros — “from Plato to today.” Not surprisingly, the topic of physical contact and sex came up, and the conversation turned very much to “today.” A number of the students said that they regularly messaged online before having “real contact” with partners, perhaps using online dating and mating services like Match.com, OkCupid, SpeedDate.com and Tinder. They shared messaging acronyms that signaled their level of willingness to have sex, and under what conditions. They admitted to enjoying the relative anonymity of the one-off “hook up,” whose consummation required no preliminary close-quarters courtship rites or flirtation ceremonies, no culinary seduction, no caress, nothing — apart from the eventual “blind rut,” as James Joyce put it — requiring the presence of a functioning, sensitive body.

We noted the rather obvious paradox: The ostensible immediacy of sexual contact was in fact mediated digitally. And it was also noted that what is often thought of as a “materialist” culture was arguably the most “immaterialist” culture imaginable — vicarious, by proxy, and often voyeuristic.

Is today’s virtual dater and mater something like an updated version of Plato’s Gyges, who could see everything at a distance but was touched by nothing? Are we perhaps entering an age of “excarnation,” where we obsess about the body in increasingly disembodied ways? For if incarnation is the image become flesh, excarnation is flesh become image. Incarnation invests flesh; excarnation divests it.

In perhaps the first great works of human psychology, the “De Anima,” Aristotle pronounced touch the most universal of the senses. Even when we are asleep we are susceptible to changes in temperature and noise. Our bodies are always “on.” And touch is the most intelligent sense, Aristotle explained, because it is the most sensitive. When we touch someone or something we are exposed to what we touch. We are responsive to others because we are constantly in touch with them.

“Touch knows differences,” Aristotle insisted. It is the source of our most basic power to discriminate. The thin-skinned person is sensitive and intelligent; the thick-skinned, coarse and ignorant. Think of Odysseus and the Cyclops, Jacob and Esau. The power of touch. Even the Buddha, when challenged by Mara to reveal his authority, simply touches the ground. Our first intelligence is sensory refinement. And this primal sensibility is also what places us at risk in the world, exposing us to adventure and discovery.

Aristotle was challenging the dominant prejudice of his time, one he himself embraced in earlier works. The Platonic doctrine of the Academy held that sight was the highest sense, because it is the most distant and mediated; hence most theoretical, holding things at bay, mastering meaning from above. Touch, by contrast, was deemed the lowest sense because it is ostensibly immediate and thus subject to intrusions and pressures from the material world. Against this, Aristotle made his radical counterclaim that touch did indeed have a medium, namely “flesh.” And he insisted that flesh was not just some material organ but a complex mediating membrane that accounts for our primary sensings and evaluations.

Tactility is not blind immediacy — not merely sensorial but cognitive, too. Savoring is wisdom; in Latin, wisdom is “sapientia,” from “sapere,” to taste. These carnal senses make us human by keeping us in touch with things, by responding to people’s pain — as when the disguised Odysseus (whose name can be translated as “bearer of pain,”), returning to Ithaca, is recognized by his nursemaid, Eurycleia, at the touch of his childhood scar.

But Aristotle did not win this battle of ideas. The Platonists prevailed and the Western universe became a system governed by “the soul’s eye.” Sight came to dominate the hierarchy of the senses, and was quickly deemed the appropriate ally of theoretical ideas. Western philosophy thus sprang from a dualism between the intellectual senses, crowned by sight, and the lower “animal” senses, stigmatized by touch. And Western theology — though heralding the Christian message of Incarnation (“word made flesh”) — all too often confirmed the injurious dichotomy with its anti-carnal doctrines; prompting Nietzsche’s verdict that Christianity was “Platonism for the people” and “gave Eros poison to drink.” Thus opto-centrism prevailed for over 2,000 years, culminating in our contemporary culture of digital simulation and spectacle. The eye continues to rule in what Roland Barthes once called our “civilization of the image.” The world is no longer our oyster, but our screen.

For all the fascination with bodies, our current technology is arguably exacerbating our carnal alienation. While offering us enormous freedoms of fantasy and encounter, digital eros may also be removing us further from the flesh.

Pornography, for example, is now an industry worth tens of billions of dollars worldwide. Seen by some as a progressive sign of post-60s sexual liberation, pornography is, paradoxically, a twin of Puritanism. Both display an alienation from flesh — one replacing it with the virtuous, the other with the virtual. Each is out of touch with the body.

THIS movement toward privatization and virtuality is explored in Spike Jonze’s recent movie “Her,” where a man falls in love with his operating system, which names itself Samantha. He can think of nothing else and becomes insanely jealous when he discovers that his virtual lover, Samantha, is also flirting with thousands of other subscribers. Eventually, Samantha feels so bad for him that she decides to supplement her digital persona with a real body by sending a surrogate lover. But the plan fails miserably — while the man touches the embodied lover he hears the virtual signals of Samantha in his ears and cannot bridge the gap. The split between digital absence and carnal presence is unbearable. Something is missing: love in the flesh.

The move toward excarnation is apparent in what is becoming more and more a fleshless society. In medicine, “bedside manner” and hand on pulse has ceded to the anonymous technologies of imaging in diagnosis and treatment. In war, hand-to-hand combat has been replaced by “targeted killing” via remote-controlled drones. If contemporary warfare renders us invulnerable to those who cannot touch us, can we make peace without a hand to shake? (Think of Mandela-de Klerk or Begin-Sadat).

Moreover, certain cyber engineers now envisage implanting transmission codes in brains so that we will not have to move a finger — or come into contact with another human being — to get what we want. The touch screen replaces touch itself. The cosmos shrinks to a private monitor; each viewer a disembodied self unto itself.

Full humanity requires the ability to sense and be sensed in turn: the power, as Shakespeare said, to “feel what wretches feel” — or, one might also add, what artists, cooks, musicians and lovers feel. We need to find our way in a tactile world again. We need to return from head to foot, from brain to fingertip, from iCloud to earth. To close the distance, so that eros is more about proximity than proxy. So that soul becomes flesh, where it belongs. Such a move, I submit, would radically alter our “sense” of sex in our digital civilization. It would enhance the role of empathy, vulnerability and sensitivity in the art of carnal love, and ideally, in all of human relations. Because to love or be loved truly is to be able to say, “I have been touched.”
http://opinionator.blogs.nytimes.com...ing-our-touch/





World First As Message Sent From Brain To Brain
Researchers send messages from India to France - a distance of 5,000 miles - without performing any invasive surgery.

In a world first, a team of researchers has achieved brain-to-brain transmission of information between humans.

The team managed to send messages from India to France - a distance of 5,000 miles - without performing invasive surgery on the test subjects.

There were four participants in the study, aged between 28 and 50.

One was assigned to a brain-computer interface to transmit the thought, while the three others were assigned to receive the thought.

The first participant, located in India, was shown words translated into binary, and had to envision actions for each piece of information.

For example, they could move their hands for a 1 or their legs for a 0.

A technique known as electroencephalogry - which monitors brain signals from the outside - was used to record the thoughts as outgoing messages and send them via the internet.

At the other end, electromagnetic induction was used to stimulate the brain's visual cortex from the outside and pass on the signal successfully to the three other participants in France.

The report's co-author, Alvaro Pascual-Leone, said: "We wanted to find out if one could communicate directly between two people by reading out the brain activity from one person and injecting brain activity into the second person, and do so across great physical distances by leveraging existing communication pathways.

"One such pathway is, of course, the internet, so our question became, 'Could we develop an experiment that would bypass the talking or typing part of internet and establish direct brain-to-brain communication between subjects located far away from each other in India and France?"

The research team was made up of researchers from Harvard University, as well experts from France and Spain.
http://www.reddit.com/r/Futurology/c...rain_to_brain/





Out in the Open: Hackers Build a Skype That’s Not Controlled by Microsoft
Klint Finley

The web forum 4chan is known mostly as a place to share juvenile and, to put it mildly, politically incorrect images. But it’s also the birthplace of one of the latest attempts to subvert the NSA’s mass surveillance program.

When whistleblower Edward Snowden revealed that full extent of the NSA’s activities last year, members of the site’s tech forum started talking about the need for a more secure alternative to Skype. Soon, they’d opened a chat room to discuss the project and created an account on the code hosting and collaboration site GitHub and began uploading code.

Eventually, they settled on the name Tox, and you can already download prototypes of the surprisingly easy-to-use tool. The tool is part of a widespread effort to create secure online communication tools that are controlled not only by any one company, but by the world at large—a continued reaction to the Snowden revelations. This includes everything from instant messaging tools to email services.

It’s too early to count on Tox to protect you from eavesdroppers and spies. Like so many other new tools, it’s still in the early stages of development and has yet to receive the scrutiny that other security tools, such as the instant messaging encryption plugin Off The Record has. But it endeavors to carve a unique niche within the secure communications ecosystem.

‘Up to Your Imagination’

The main thing the Tox team is trying to do, besides provide encryption, is create a tool that requires no central servers whatsoever—not even ones that you would host yourself. It relies on the same technology that BitTorrent uses to provide direct connections between users, so there’s no central hub to snoop on or take down.

There are other developers trying to build a secure, peer-to-peer messaging systems, including Briar and Invisible.im, a project co-created by HD Moore, the creator of the popular security testing framework Metasploit. And there are other secure-centric voice calling apps, including those from Whisper Systems and Silent Circle, which encrypt calls made through the traditional telco infrastructure. But Tox is trying to roll both peer-to-peer and voice calling into one.

Actually, it’s going a bit further than that. Tox is actually just a protocol for encrypted peer-to-peer data transmission. “Tox is just a tunnel to another node that’s encrypted and secure,” says David Lohle, a spokesperson for the project. “What you want to send over that pipe is up to your imagination.” For example, one developer is building an e-mail replacement with the protocol, and Lohle says someone else is building an open source alternative to BitTorrent Sync.

The New Skype

That said, the core Tox team is focused on building the features specifically required for building a Skype replacement. There are at least 10 different Tox messaging and voice clients so far, each supporting a different range of features. Eventually, Lohle says, there will be “official” clients for each major operating system, but for now the team is just recommending a few specific clients. µTox, which is available for Linux and Windows, is a the “bleeding edge” reference design, while qTox is the project’s recommendation for OS X users and Antox is the recommended for Android. There is no iOS version as of yet.

µTox is still rough, but the interface and experience is straightforward. You download the client, and it automatically creates a public encryption key that you can provide to everyone, and a private encryption key that you keep on your computer or phone. From there, it works very much like Skype. You can add a friend to your contact list by pasting in their public key, and then you just click their name to send them a message, or click the big phone icon to call them. If you want to move your identity from one computer to another, you just copy a single file that includes your private key and contact list.

There are still a few features that are missing, though. For example, there’s no way to do a group chat yet. And there’s no way to be logged in as the same person on two different devices — say, both your phone and your computer. But Lohle says those features are coming, and the team already as a proof-of-concept for how group chat will work.

He says the team has no plans to turn it into a company or monetize it in any way. “No one getting paid, but we dedicate as much time as we can,” he says. “If I’m not in class, or I’m not eating, I’m probably working on Tox, and that’s at least the same for probably 10 people.” Besides, the lead developer, known only as irungentoo, is completely anonymous, so it would be hard to issue him a paycheck. “I don’t think any of us know his real name,” Lohle says.

The Link With 4Chan

Today Lohle downplays Tox’s relationship to 4chan. “We were self-sufficient after only a couple weeks,” he says. “We also posted on reddit and hacker news, and people joined from that.” He probably has good reason to distance the project from the site. The racism, homophobia and misogyny on display on the 4chan on a day to day basis would be a big turn off both for users and potential contributors.

The association has also exposed the project to the trolling and drama characteristic of the forum, which often makes it hard for outsiders to evaluate. For example, one Tox developer raised concerns about Tox users exposing their IP addresses to each other. The team responded by masking IP addresses through a technology called onion routing — the same technique that the Tor Project uses to protect user anonymity on the web. But the fix didn’t stop a wave of paranoia from sweeping forums, and it’s hard to tell how much of that is trolling and how much of it is legitimate concern.

Can You Trust It?

Worse, the project let its “warrant canary” page go offline for a week. A warrant canary is usually a website that states that a company or organization has not be served by a secret subpoena from the NSA or any other law enforcement or intelligence agency. It’s meant as a way to bypass laws that prevent companies from warning their customers that they have been served with a national security letter. The Tox team claimed in a blog post that they simply forgot to put the warrant canary back online after moving web hosts. But the incident led to degree of understandable suspicion.

Meanwhile, few security experts outside the project have reviewed the Tox code yet, but the project is based on an existing set of code libraries for working with crypto algorithms called NaCl, which has received considerably more attention. “NaCl is a newish library that is nevertheless very highly regarded in the security community, produced by skilled people,” says the Electronic Freedom Frontier senior staff technologist Jacob Hoffman-Andrews, who hasn’t yet evaluated Tox.

But it’s entirely possible to good crypto libraries in poor ways, so the Tox team is saving money to hire a professional security firm to audit the code once it reaches a more stable state. “Right now we’re relying on the open source community,” Lohle says. “We have about 15 who stare at the code for days or weeks.”
http://www.wired.com/2014/09/tox/





New Temporal Cloaking Method Hides Communication Signals

Cloaking of objects using metamaterials and events in spacetime using novel nonlinear optical effects have been described in research literature. Now in a Nature Communications article, lead author Phd student Pierre-Yves Bony and senior author Research Engineer Dr. Julien Fatome at the Université de Bourgogne describe the creation of a novel temporal cloaking system that hides electromagnetic signals. When the cloak is on, attempts to read a signal being transmitted through a path will show nothing is being transmitted even though tens of gigabits per second of information are passing through the point of reading.

Unlike previously demonstrated systems which cloak data signals for only a brief period or a fraction of the transmission period, the new system, which the authors describe as using “polarization bypass”, is able to hide signals for either a finite time domain or perpetually.

The research team realized a proof of concept device with a fiber-optic set-up, encapsulated by two relatively novel devices called Omnipolarizers. When a transmitted signal with random polarizations passes through the first omnipolarizer, its unique properties allows light to “self-organize” and get pushed into a uniform polarization state. The induced polarization state is then made orthogonal and therefore invisible to a monitoring signal. After it is no longer within the sights of the spying signal, random polarization is added back to the via a second Omnipolarizer.

The set-up described relies upon knowing the polarization of the monitoring signal or a way of detecting the polarization and incorporating it into the scheme quickly. In fact the authors call the monitor an “indiscreet eye”, meaning that the transmitters are aware of the watching. The researchers call the method “polarization bypass”, an apt name given that the signal wave is forced into a polarization that renders it invisible to the monitor.

All electromagnetic (EM) radiation including signal-bearing light in optical fibers have a “polarization”. Consider just the electric field component of the EM radiation. The electric field always has a direction, which is always testable by placing a small test charge near the field to see which way the test charge is being “pushed”. When the electric field is part of a wave, then that direction undulates in strength and time. Two waves with polarizations, or directions, that are orthogonal or at 90 degrees with respect to each other, can be combined and decomposed trivially. This effect is seen in polarized sun glasses which contain lenses that block two kinds of polarizations orthogonal to each other to great effect.

Both Omnipolarizers are composed of entirely optical materials and exploit nonlinear optical effects. The first polarizes the entire transmission signal, regardless of their initial, random polarizations, into a unique polarization state. The second operates in a different, chaotic regime, that is an “efficient polarization scrambler” which brings random polarizations back into the transmission. Employing the second Omnipolarizer is important to maintain transparency of the process to the user of the transmission at either end.

This research was published on Aug 19, 2014 in Nature Communications.
http://www.neomatica.com/2014/08/24/...ation-signals/





Meet the Shadowy Tech Brokers that Deliver Your Data to the NSA

Summary: These so-called "trusted third-parties" may be the most important tech companies you've never heard of. ZDNet reveals how these companies work as middlemen or "brokers" of customer data between ISPs and phone companies, and the U.S. government.

Zack Whittaker

Picture two federal agents knocking at your door, ready to serve you a top secret order from the U.S. government, demanding that you hand over every shred of data you own — from usernames and passwords, phone records, emails, and social networking and credit card data.

You can't tell anyone, and your only viable option is to comply.

For some U.S. Internet service providers (ISP) and phone companies, this scenario happens — and often. Just one ISP hit by a broad-ranging warrant has the potential to affect the privacy of millions of Americans.

But when one Atlanta, Georgia-based Internet provider was served a top-secret data request, there wasn't a suited-and-booted federal agent in sight.

Why? Because the order was served on a so-called "trusted third-party," which handles the request, served fresh from the secretive Washington D.C.-based Foreign Intelligence Surveillance (FISA) Court. With permission from their ISP customers, these third-parties discreetly wiretap their networks at the behest of law enforcement agencies, like the Federal Bureau of Investigation (FBI), and even intelligence agencies like the National Security Agency (NSA).

By implementing these government data requests with precision and accuracy, trusted third-parties — like Neustar, Subsentio, and Yaana — can turn reasonable profits for their services.

Little is known about these types of companies, which act as outsourced data brokers between small and major U.S. ISPs and phone companies, and the federal government. Under the 1994 law, the Communications Assistance for Law Enforcement Act (CALEA), any company considered a "communications provider" has to allow government agencies access when a valid court order is served. No matter how big or small, even companies whose legal and financial resources are limited do not escape federal wiretapping laws.

On a typical day, these trusted third-parties can handle anything from subpoenas to search warrants and court orders, demanding the transfer of a person's data to law enforcement. They are also cleared to work with classified and highly secretive FISA warrants. A single FISA order can be wide enough to force a company to turn over its entire store of customer data.

For Cbeyond, a Nasdaq stock exchange-listed ISP based in Atlanta, Georgia, data requests can be put almost entirely out of mind. The company generates more than $450 million in revenue each year and serves more than 50,000 business customers — primarily small to medium-sized companies — in more than a dozen U.S. states.

The ISP's legal resources are razor thin, according to an executive at the company, who did not want to be named for the story. As a result, the company does not always directly handle government data requests.

The company outsources a good portion of its legal and compliance responsibilities to Neustar, which bought its way into the wiretapping business following its 2005 acquisition of compliance firm, Fiducianet.

Cbeyond can receive as many as five to ten subpoenas per week. These data requests are regularly forwarded to Neustar, which acts as the ISP's "custodian of records." They are validated, and — more often than not — data is handed over to the requesting law enforcement agency.

But on the rare occasion Cbeyond receives a top-secret FISA warrant — two per year on average, according to a senior staffer, who has direct knowledge of the matter, Neustar pulls the data from the ISPs networks and hands it to the requesting government agency.

These warrants can allow the FBI or the NSA to collect an unknown but potentially limitless amount of data on millions of Americans and foreigners.

"Hidden, but not visible"

Created by its namesake law, the Foreign Intelligence Surveillance Act in 1978, the FISA Court issues more than a thousand classified warrants a year for Americans' data. One former NSA analyst likened it to a "kangaroo court with a rubber stamp," as it keeps very few records, of which many are kept in the utmost secrecy and away from public scrutiny.

Only documents leaked by former U.S. intelligence contractor Edward Snowden have helped lift the lid on the shadowy world of these secret so-called FISA warrants. Signed off by the court, these warrants give the FBI and the NSA wide-ranging access to American data, in spite of Fourth Amendment protections designed to protect against overreaching domestic government surveillance.

The first classified document leaked by the former U.S. government contractor showed how the Obama administration forced Verizon to turn over its entire store of metadata on a rolling basis to the NSA.

FISA warrants are designed to be issued on individuals, or customers who store data belonging to those people who, according to the Office of the Director of National Intelligence, "are or may be" engaged in espionage, sabotage, terrorism (or aiding a terrorist), or take orders from a foreign government.

When these secretive FISA orders are issued, there is little indication to Cbeyond, or any other local or major ISP or phone company, what the requested data may be used for. It could be for a terrorism case, or it could be a small part of an undisclosed NSA program. That also poses a problem for the companies wanting to fight back — and some companies have found the process notoriously difficult — not least because it requires an attorney with top-secret security clearance.

One of those attorneys, who declined to be named for the story because the person holds top-secret security clearance, explained that although hundreds of lawyers have the same clearance — including those serving terror suspects in Guantanamo Bay — very few have been in front of the FISA Court to defend their clients. These clearance-holding lawyers have been in high demand over the past year representing major Silicon Valley companies implicated in the NSA's surveillance programs.

For the majority of smaller companies (as well as larger ones, who have refused to comment on challenging such warrants), complying with data demands may be their only option. The vast majority, however, do not have the resources to handle such requests.

"If they don't have an internal lawyer [reviewing FISA warrants], they could use a third-party service. That third-party can't provide legal advice, but it can create a system for reviewing the data, pulling, and processing the data," the security clearance-holding attorney said.

Enter the trusted third-party, which facilitates the data request between the two.

Neustar's business is wide-ranging. Many industry insiders know it as a phone number portability company and the owner of top-level domain names. But its dedicated — and widely-unknown — legal and compliance division, dubbed "fiduciary" services, handles subpoenas and warrants on behalf of their customers, provides technical assistance in the lawful interception of data, and the services to carry out the surveillance demanded by the court or law enforcement agency.

"It's not hidden, but not visible," according to a former Neustar executive who worked in the division and who declined to be named, because the customers whose activities the division supports are ones that customers "don't publicize very much." These services are stigmatized particularly in the wake of the Snowden disclosures. The person said that ordinary people do not want to know that their data is up for grabs.

BuzzFeed in 2012 profiled Neustar in some depth, disclosing the scope of its legal intercept unit. The piece led the company to disclose for the first time transparency figures (more on that later).

Neustar works primarily for small to medium-sized businesses. The company said two years ago that it serves about 400 of the "thousands" of U.S. phone companies — including smaller firms like Cbeyond and Grande Communications, but also larger firms like Bright House Networks, and also Cricket, which disclosed its relationship with Neustar to Congress in May 2012 — to handle and respond to the court orders they receive. Neustar does not always act as the first go-to point for its customers.

The fiduciary division can also be held on reserve as an "overflow" in cases where its larger corporate giants may be inundated with more demands for data than usual, the former Neustar executive said.

To the degree that the company performs overflow functions for companies such as Verizon, Neustar chief privacy officer and deputy general counsel Becky Burr explained, it is "only non-criminal information," such as civil subpoenas, often generated in bitter divorce and custody disputes.

Neustar data request figures

Neustar came under fire in 2012 for withholding from the public any details on wiretap or data requests it receives on behalf of its clients.

The company disclosed, for the second time, to ZDNet its latest transparency figures. Burr said the company has seen a spike in lawful intercept requests since the five-year period ending 2011, thanks to the new business of a larger customer in 2011, which is not named as it was divulged off the record.

These lawful requests are authorized by a court, and can mandate a company to hand over the contents of emails and phone calls — including the time, date, and duration of calls, and the phone numbers themselves, though not the contents of the calls made.

Out of the 2,278 data requests Neustar processed in 2012, about 77 percent came from that one unnamed customer, and accounted for about 76 percent of all Neustar's processed requests in 2013.

While the division also processes civil requests, and in rare cases handles emergency responses from law enforcement agencies — such as the immediate threat to property or life — it nonetheless handles a significant portion of its customers' criminal requests.

Neustar's figures show a spike in warrants since its first transparency report. The figures show that civil requests make up the bulk of Neustar's fiduciary business, but criminal requests — including court orders and search warrants — make up about one-third of the overall requests.

As per reporting rules set out by the U.S. Department of Justice on disclosing FISA requests and National Security Letters (NSLs), which can be used to compel an ISP or phone company while gagging them from disclosing the fact, the last six-months worth of data is not available. Any requests prior to the six-month reporting rule are disclosed only a numerical range.

Although the range spans from zero, we know from Cbeyond's case that at least one FISA warrant has been served.

The scope of other existing FISA orders are also shrouded in secrecy, along with the process by which these secret court orders are served on companies. Although U.S. residents are afforded legal protections to limit domestic government surveillance, the Obama administration has come under intense scrutiny for using secret interpretations of surveillance law to acquire Americans' data.

The process by which FISA warrants are served on companies or individuals isn't widely unknown, due to the restrictions on whom recipients can talk to.

In reality, it may not involve federal agents showing up at your door at all. It may be as routine as a phone call from an ISP's third-party provider. That's when the wiretapping can begin.

"Of what worth is our permission?"

Neustar will typically inform the ISP by phone that a warrant has been received. According to the former Neustar executive, the smaller the carrier, the greater chance Neustar's staff will see such orders first — though, not in every case.

Despite their secrecy, what is known is that FISA warrants are generally targeted and individualized, but they can also be broad and wide-ranging. While the contents of the FISA warrant are classified, it will state the legal authority under which a wiretap can be placed.

When it's the latter case, the law says multiple warrants can be served each year on a rolling basis to maintain fresh oversight by judges, or to form a new legal basis to acquire more data.

Companies like Neustar, Subsentio, and Yaana have staff with security clearance, allowing them to see, review, and execute the warrant.

If an order is not valid, or it has deficiencies such as inappropriate language, the third-party's legal experts may outright reject the order — regardless of the type of order issued by the law enforcement agency.

"Every action Neustar took as an outsourced partner was really governed by the carriers' policies and procedures," the former Neustar executive explained. If an ISP or phone company was particularly conscious of its customers' civil liberties, Neustar can adopt strict guidelines to meet those criteria. That said, if a customer is less than willing to uphold the rights — or was unable to pay to have the order challenged in court — Neustar may near-automatically accept each government data request.

The ISP remains informed along the way, and will be the final arbiter on whether or not a data request will be accepted or rejected — regardless of its policies in directing Neustar how to act.

Neustar, like other trusted third-parties, are granted full technical access to the network of its ISP customer, either by way of the company's own wiretap equipment or technology provided by the trusted third-party. Then, Neustar will formally request permission from the ISP's general counsel to execute the warrant. As often is the case, no information about the FISA request is given to the company.

"Of what worth is our permission when we don't even know what we're being asked to give access to?" a senior staffer at Cbeyond admitted.

Neustar can in many cases execute the warrant from anywhere within the U.S., keeping within the bounds of the country's surveillance law. But when a wiretap device is needed, they are not hard to come by. Most networking equipment makers sell devices that can be used to collect data, or used to inspect data — so-called deep-packet inspection devices, which can also be used to prevent piracy, the spread of malware, and website access, all at the Internet provider level.

Once a FISA warrant is issued, so-called "tasking" orders, which contain selectors — like a phone number or an email address — are often sent electronically to the ISP. These tell the ISP or phone company, or third-parties like Neustar, exactly where to wiretap and what data to collect to hand back to the requesting authority.

By acting as middlemen, companies like Neustar, Subsentio, and Yaana often liaise with the targeted ISP or phone company, and the law enforcement agency to act as a channel in which intercepted data can flow.

For Cbeyond, the process is relatively straightforward — it's out of sight and (almost) out of mind. But, that's not the case for every ISP or phone company. Each company's infrastructure has unique requirements.

FISA requests also come at a cost on two fronts for the ISP. Neustar's services are held on retainer, with additional costs for each warrant.

Although financial arrangements were not disclosed between Cbeyond and Neustar, the ISP's limited annual revenue and legal resources are a driving factor behind why it has not so far challenged a FISA warrant. But, Neustar will also work with U.S. law enforcement agencies to recover costs, which they are entitled to do under the law, for data requests.

Other companies work on a case-by-case basis, or charge a little more each year instead of taking on a retainer fee.

"Maybe we should be thinking about civil liberties more"

Data requests can be refused — it's not often that it happens, but it does. For the third-party companies, their obligations are with their client and not the law enforcement agency.

But there are limits. If the ISP or phone company decides to fight a warrant, the third-party can stand back and wash its hands of it.

Burr said Neustar "has and will" reject subpoenas that are inadequate for one reason or another. But should its clients choose to fight a FISA warrant or court order it believes to be overbroad, Neustar will not join the battle in court.

Other trusted third-parties take a similar approach.

"We're out of the picture," said Marcus Thomas, chief technology officer at Subsentio, another trusted third-party company, founded in 2004, and based out of Littleton, Colorado.

The company has "well over 100 customers," and mostly focused on wireless carriers and cloud providers, Thomas said on the phone. Thomas is no stranger to this field. As a former FBI assistant director, he was responsible for the bureau's lawful interception operations. He retired in 2011.

Thomas said that Subsentio, unlike Neustar, is not a formal "custodian of records," but it interacts with both parties to ensure the correct records and the right amount of data is transferred from the company to the law enforcement agency. The company typically handles pen registers for real-time recording of phone numbers made from a particular line, full-content wiretap orders, and FISA warrants.

Subsentio provides more than simply the legal vetting procedures for determining whether a lawful intercept can go ahead. It's not unusual for Subsentio to provide the actual wiretap device itself, should its customer need one.

"If they choose not to implement it, they don't authorize use to implement it," Thomas said.

Yaana operates under a similar regime. Founded in 2007 and based in the heart of Silicon Valley, it has "dozens" of companies out of the thousands of U.S.-based ISP and phone companies. The firm also serves companies operating with a foreign presence, and supports warrants from a number of European states. Yaana's focus is compliance in the cloud, which — according to executive vice president for regulatory affairs and standards Tony Rutkowski — the vast majority of technology companies were "slowly but surely" moving towards.

Like Neustar, Yaana acts as legal agent to its corporate customers, Rutkowski said. Thanks to its in-house "rules-based reasoning engine," law enforcement requests can be triaged and cleared, which are then accepted or rejected by on-call staff. For subpoenas, the system is straightforward and near-autonomous. For court orders under seal — of which many are — these require the direct approval from the ISP or phone provider.

"If they haven't seen it, we won't approve it," Yaana's chief technology officer David Grootwassink explained on the phone.

However, when handling FISA warrants, there "isn't a lot of wiggle room" except to ensure that they are valid, Grootwassink said. The FISA warrant requires the approval of the ISP or phone provider to decide whether it will comply or not. Should a company wish to fight the order, the company will not step in to fight on behalf of or alongside its ISP or phone provider client.

"It's the provider's problem," Rutkowski said. "The nice part about the trusted third-party business is that just from a liability standpoint, we don't want to be left holding the bag here." Grootwassink agreed. "We provide the gears. We don't get involved in fights between the governments and our clients."

Except, according to the numerous people spoken to for this article, many of the customers to these trusted third-party firms may not have the legal expertise or resources in the first place to develop policies that are fitting for the Internet and phone customers they serve.

Because Neustar, Subsentio, and Yaana act on behalf of their clients' best wishes, their clients themselves may be the weakest link in the privacy chain. Many of the companies outsourcing their services to a trusted third-party may not have strong policies designed to first and foremost protect the civil liberties of their customers.

These policies dictate how the trusted third-party will respond to requests ahead of time, without having to face getting dragged into the minutia of each case.

Although some ISPs have wanted to fight tooth and nail, they have not had the money to hire a top-secret cleared attorney to argue their case. Instead, they have invoked their interpretation of the First Amendment — the right to free speech — to disclose that they have received a FISA warrant, despite the secrecy and gagging clauses that come with them.

Others, like Cbeyond, "haven't examined simply saying 'no' and challenging them," said the person with direct knowledge of the warrants served on the ISP.

"What we're doing is what the rest of the American public is doing," the person said. "We're trusting in some way that these [warrants] are being handled in a responsible fashion."

Because of its business clientele, higher management was "not thinking about civil liberties issues," noting that the company near-automatically approved all requests.

"We don't have a department designed to resist unwarranted government intrusions or to even figure out if they're unwarranted or not," the person said.

The onus of responsibility is with business customers it serves, Cbeyond believes — which the people argued that they likely themselves still do not have the resources to deal with such warrants. The ISP is instead focused on fighting "incessant and unrelenting regulatory attacks" from its larger corporate rivals, one of the people said.

For the end customers or ISPs and phone companies, they are not made aware that their data is being collected. In many cases, a company's chief executive is kept out of the loop.

U.S. surveillance law restricts who can be told about classified data requests. Although the law does not preclude a company's chief executive from knowing, Cbeyond's chief executive Jim Geiger said on the phone he would not be informed of the receipt of any FISA warrants, nor would he know about all of the subpoenas the company gets.

"It's a wide burden for a chief executive's involvement of things that would suck time and energy that aren't necessary," he said.

"We are not a regulated industry"

Cbeyond's approach means Neustar will accept almost every government data request it receives on behalf of the ISP — so long as they pass Neustar's own internal legal review.

In the relationship between ISPs and phone companies and these trusted third-parties, there are few — if any — sticking points. The ISPs devolve a portion of their responsibilities to the third-party, which generates a tidy sum for their services, and the law enforcement agencies receive the data they request.

But despite this data handover process, there remains little regulation or oversight of the trusted third-party industry.

Staff members at these companies hold U.S. security clearance and are therefore legally allowed to handle and remotely execute FISA warrants and directives. They fall within the realm of rules, protocols and laws that the U.S. intelligence community abides by.

But the vast majority of their work goes unsupervised by the government.

"Even though its sounds like [trusted third-parties] are regulated or licensed… the [legal] functions weren't fully outsourced," the former Neustar executive said. "You didn't as a carrier turn over your responsibilities to someone who's licensed to do those responsibilities. You hired competent staff on an outsourced basis to do your work, and it's all governed by the policies of the carrier."

"Everything was just an extension of the [carrier's] work center," they said. "Neustar wasn't doing anything other than work for [its] carriers."

Neustar says it reviews, validates, and keeps audit trails for its customers. Subsentio and Yaana also audit their activities for their customers' benefit in order to make sure the companies are not conducting activities beyond their purview.

Thomas said trusted third-parties are "not a regulated industry" and that there is no external party reviewing such work. He said that the company does not undergo any audits that would examine how they do their jobs.

"We sort-of determine our own communication and security requirements," Thomas said. The only exception is classified work, which he said is "reviewed" periodically by the company.

The only oversight, per se, is from the public. In the wake of the Snowden leaks, many companies have bowed to public pressure and released government data request figures. Cbeyond does not currently have a transparency report, and Geiger said the company has no plans to publish one any time soon. But a company's size is no excuse for some. Like one Utah-based ISP XMission, which has a staff just shy of 50 employees and one attorney, the company regularly updates its transparency pages — even on one occasion disclosing it had received and fulfilled an FISA warrant for one individual's data.

Cbeyond's business clientele were a driving reason behind Birch Communications' bid to acquire the ISP for $323 million, which closed on July 21. Birch is now said to comply with subpoenas and warrants in-house, ending the long-standing relationship with Neustar.

In June, one month before the deal closed, not knowing what changes the new regime would bring, the senior staffer at the ISP ended the conversation to go back to work.

"We're not thinking about civil liberties issues. Maybe we should have been thinking about it more."
http://www.zdnet.com/the-most-import...of-7000032573/





NATO Set to Ratify Pledge on Joint Defense in Case of Major Cyberattack
David E. Sanger

When President Obama meets with other NATO leaders later this week, they are expected to ratify what seems, at first glance, a far-reaching change in the organization’s mission of collective defense: For the first time, a cyberattack on any of the 28 NATO nations could be declared an attack on all of them, much like a ground invasion or an airborne bombing.

The most obvious target of the new policy is Russia, which was believed behind computer attacks that disrupted financial and telecommunications systems in Estonia in 2007 and Georgia in 2008, and is believed to have used them in the early days of the Ukraine crisis as well.

But in interviews, NATO officials concede that so far their cyberskills are limited at best.

While NATO has built a gleaming new computer security center, and now routinely runs computer exercises, it possesses no cyberweapons of its own — and, apparently, no strategy for how it might use the weapons of member states to strike back in a computer conflict. In fact, its most powerful members, led by the United States and Britain, have spent billions of dollars on secret computer offensive programs — but they have declined so far to tell NATO leaders what kind of weapons they might contribute in a NATO-led computer conflict.

“Our mandate is pure cyberdefense,” Anders Fogh Rasmussen, the departing NATO secretary general, said during a visit to Washington over the summer. “Our declaration is a start,” he said, “but I cannot tell you it is a complete strategy.”

NATO’s tentative steps into the realm of computer conflict, at a moment when Russian, Chinese and Iranian “patriotic hackers” have run increasingly sophisticated campaigns, show the alliance’s troubles in innovating to keep up with modern warfare, at a moment when it is also facing one of its greatest political challenges since the end of the Cold War.

The change in NATO’s definition of an “armed attack” will leave deliberately unclear what would constitute a cyberattack so large that the alliance might declare that the action against one of its members could lead to response by the entire alliance under Article V of its charter. “The judgment will lay with the impact,” said Douglas E. Lute, the American ambassador to NATO, when he spoke in late July at the Aspen Security Forum. “Does it look like it will rise to the level of an armed attack?”

Deterrence is all about ambiguity, and the implicit threat that NATO would enter a computer conflict in defense of one of its members is full of those ambiguities. “They fail to get to the heart of the quintessential question about NATO’s cybersecurity obligations,” Julianne Smith, a former Pentagon official, now at the Center for a New American Security, wrote earlier this year for Chatham House, the British foreign policy center. “What constitutes an ‘attack’ and what capabilities might be provided to a member experiencing an attack?”

Here at NATO headquarters, where top officials who were focusing on computer issues for the summit meeting are now preoccupied by Russia’s next moves, the mere declaration itself is considered significant progress. It was only after the Estonia attacks that the alliance paid real attention to the threat. Today Estonia, which President Obama will visit starting Tuesday night, has become the crown jewel in NATO’s computer defense efforts, the place where cyberstrategy is developed and the site of annual NATO computer security exercises, called “Locked Shields.”

In interviews, officials said that the declaration that would be ratified this week — it was already embraced by NATO defense ministers in June — marks a long-delayed recognition that a NATO nation could be crippled without a shot being fired. In 2010 the NATO council rejected the proposal that a computer attack on a nation’s electric grid or its financial systems might prove so damaging it should be considered the equivalent of a conventional, armed attack. (NATO has only invoked Article V — the declaration that it would come to the aid of a member state — one time, after the Sept. 11, 2001, attacks on the United States, and the Bush administration largely waved away the offer of help.)

“They just weren’t ready to think about cyberattacks in 2010,” recalled Ivo H. Daalder, the American ambassador to NATO during Mr. Obama’s first term and now president of the Chicago Council on Global Affairs. “It’s a measure of how far we’ve come on this issue that there’s now a consensus that a cyberattack could be as devastating as any other kind of attack, maybe even more so.”

But Mr. Daalder noted that NATO’s own ability to defend against computer attacks is “still pretty basic,” and it has no ability to execute a “forward defense” that involves going into an adversary’s computer systems and shutting down an attack.

“They could leave that to member states,” he said, but would handle it under a NATO chain of command. Yet the NATO members themselves, he noted, may have little understanding of what the United States, Britain or other larger computer powers were able to do.

In fact, NATO officials say they have never been briefed on the abilities of the National Security Agency and United States Cyber Command, or those of The Government Communications Headquarters, or GCHQ, its British equivalent. Both countries have routinely placed sensors into computers, switching centers and undersea cables for years, as the documents released by Edward J. Snowden, the former National Security Agency contractor, make clear.

The idea is to see an attack massing, and, if the president so ordered, to be able to take out a foreign computer server, or network, to halt an attack. But NATO officials ended up reading press accounts and the Snowden documents in search of an understanding of how the United States conducted computer operations against Iran, or how it monitors hacking units of China’s People’s Liberation Army.

“If conventional war or nuclear war were to break out,” one senior NATO official said in an interview here, “there are detailed plans about how we would respond, and what capabilities are at the disposal of the NATO military structure. We don’t have that in the cyberrealm,” he said, in large part because the United States, Britain and Germany do not want many of the other NATO members to understand what kind of abilities they have.
http://www.nytimes.com/2014/09/01/wo...berattack.html





Decryptolocker Saves You From the Popular Cryptolocker Ransomware
Dave Greenbaum

Cryptolocker is a nasty piece of malware that encrypts the files on your computer and holds them ransom. If you don't pay for a code to unlock the files, you don't get them back. FireEye and Fox-IT recently launched a tool to help users get their files back.

If you haven't been infected yet, you should make sure you have the necessary precautions against malware like Cryptolocker:

• Antivirus. We recently covered the best antivirus software and that's your best line of defense. No antivirus is foolproof, but it can go a long way. Over at FoolishIT, they've got Cyrptoprevent—a program designed specifically to block this type of attack.
• Reliable, cloud-based backup. If you can't decrypt the files, the only way to get your data back is from a backup. In this case, your recovery options are better withan online backup service. Online backup services can restore your files to a time before they were encrypted, and Cryptolocker infects external hard drives so they won't help you here.

However, if you're already infected, Decryptolocker allows you to email them an encrypted file, after which they will send you a master decryption key and tool to free your files. The keys they are using are based on the original version of Cryptolocker, so they won't always be able to help with newer variants. If you can, you're better off restoring your files from a backup, but this is a good last line of defense.
http://lifehacker.com/decryptolocker...ker-1628133401





Kate Bush Bombards British Album Chart
Lori Holcomb-Holland

Kate Bush set the bar high for herself when her 1978 debut single, “Wuthering Heights,” topped the British music charts, making her the first woman to have a self-written No. 1 in the United Kingdom. More than three decades later, Ms. Bush, 56, is setting records again.

The British singer-songwriter recently became the first woman to have eight albums simultaneously in the British Top 40 charts, according to Official Charts Company, which monitors British music sales. Two of those albums, “The Whole Story,” a 1986 compilation, and “Hounds of Love” from 1985, are in the top 10. In terms of the most records simultaneously in the top 40, Ms. Bush now sits behind only Elvis (12) and the Beatles (11).

The boost in sales follows the start of her “Before the Dawn” concert series last week in London, which marked her first live performance in 35 years. Tickets to the 22-date series sold out in less than 15 minutes.
http://artsbeat.blogs.nytimes.com/20...h-album-chart/





4chan Adopts DMCA Policy after Nude Celebrity Photo Postings

Site agrees to remove "bona fide" infringing material if asked.
Sean Gallagher

In the wake of the release of stolen, intimate photos from a number of celebrities’ cell phones this past weekend on 4chan’s /b/ Web forum, the site has added something to its rules and policies—a Digital Millennium Copyright Act takedown policy. While 4chan previously relied on its rapid expiration of content to keep 4chan LLC and site founder Chris “moot” Poole out of trouble, the heavy scrutiny that came from the latest round of celebrity exposure has pushed the site to adopt more formal measures to avoid litigation. (Victims of photo theft could use copyright claims to seek damages from publications and websites that publish them.)

Under the policy, 4chan will now remove content when notified of a “bona fide infringement” under the law. The site will also contact the individual posting the content to tell this user it has been removed. “It is the Company’s policy…that repeat offenders will have the infringing material removed from the system and that the Company will terminate such content provider’s, member’s or user’s access to the service,” the policy reads. Those who believe their content has been taken down improperly can file a counter-notice with 4chan.

The DMCA policy post designates a DMCA agent for the company (though not by name) at Corporation Service Company in Wilmington, Delaware. Corporation Service Company is an organization that acts as a corporate office and compliance agent for Delaware-registered companies.

Ars attempted to contact 4chan and Poole for comment but received no reply regarding the new policy. It’s not certain how 4chan would inform members—particularly those on /b/—of infringing material, as they are by default anonymous. Poole has been a staunch defender of online anonymity. In a 2010 TED talk, he described 4chan as a “site with no memory”—because of the volume of traffic, discussions are aggressively rolled off the site into oblivion within several days. When questioned about the negative side of what happens on 4chan, he insisted that “the greater good is being served” by 4chan’s anonymity.
http://arstechnica.com/tech-policy/2...hoto-postings/

















Until next week,

- js.



















Current Week In Review





Recent WiRs -

August 30th, August 23rd, August 16th, August 9th, August 2nd


Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.


"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public."
- Hugo Black
JackSpratts is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Peer-To-Peer News - The Week In Review - November 24th, '12 JackSpratts Peer to Peer 0 21-11-12 09:20 AM
Peer-To-Peer News - The Week In Review - July 16th, '11 JackSpratts Peer to Peer 0 13-07-11 06:43 AM
Peer-To-Peer News - The Week In Review - January 30th, '10 JackSpratts Peer to Peer 0 27-01-10 07:49 AM
Peer-To-Peer News - The Week In Review - January 16th, '10 JackSpratts Peer to Peer 0 13-01-10 09:02 AM
Peer-To-Peer News - The Week In Review - December 5th, '09 JackSpratts Peer to Peer 0 02-12-09 08:32 AM






All times are GMT -6. The time now is 02:42 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
© www.p2p-zone.com - Napsterites - 2000 - 2024 (Contact grm1@iinet.net.au for all admin enquiries)