P2P-Zone  

Go Back   P2P-Zone > Peer to Peer
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Peer to Peer The 3rd millenium technology!

Reply
 
Thread Tools Search this Thread Display Modes
Old 22-07-15, 06:25 AM   #1
JackSpratts
 
JackSpratts's Avatar
 
Join Date: May 2001
Location: New England
Posts: 10,013
Default Peer-To-Peer News - The Week In Review - July 25th, '15

Since 2002


































"Hackers remotely kill a Jeep on the highway—with me in it." – Andy Greenberg


"There are no assurances that these vehicles are the only ones that are this unprotected from cyberattack." – US Senator Edward Markey, D- Mass






































July 25th, 2015




Australian Digital Users Illegally Download Content Regularly – Survey

Many Australians are unsure about what material they can download for free
BBC

Nearly half of Australia's digital users illegally download movies, TV shows and music on a regular basis, a government survey has found.

Illegal downloads would lessen if content was cheaper and available at the same time as in other countries.

In comparison, the research found, a fifth of British digital users illegal downloaded at least one digital file.

The research comes amid an Australian government crackdown on digital copyright infringement.

It has amended the Copyright Act 1968 to block overseas websites that infringe copyright.

Movies popular

The survey by the Department of Communications was modelled on UK Government research that has been conducted since 2012.

Both countries conducted surveys between March and May this year to measure online copyright infringement across different content types.

At least 43% of online consumers had infringed online copyright, which represents 26% of all Australian internet users.

The survey of 2630 Australians found movies were the most illegally downloaded material, with 48% of those surveyed illegally downloading at least one movie during the three-month period.

The Department of Communications said in a statement the best way to combat online infringements was for content creators to make their material easy to access, timely and affordable to consumers.

The body for the communications industry concurred with this.

"It is interesting that almost three quarters of those internet users who consumed content illegally were also accessing content legally," said Communications Alliance Chief Executive Officer John Stanton.

In April, an Australian court ordered internet service providers to hand over details of customers accused of illegally downloading US movie The Dallas Buyers Club .

Australians are among the world's most regular illegal downloaders of digital content.

The delay in release dates for new films and TV shows, and higher prices in Australia for digital content, have prompted many Australians to find surreptitious ways to watch new shows.
http://www.bbc.com/news/world-australia-33618517





E.U. Opens Antitrust Case Against Major U.S. Studios and Sky UK
James Kanter

The European Union’s top antitrust authority on Thursday charged major American film studios and a television company in Britain with unfairly blocking access to movies and other content.

The European Commission, the executive arm of the European Union, sent the charges, which are known as a statement of objections, to Sky UK and to six Hollywood film studios: Disney, NBCUniversal, Paramount Pictures, Sony, 21st Century Fox and Warner Bros.

The studios license movies to the pay-TV broadcaster under contracts that require Sky UK to block access for consumers outside the United Kingdom and Ireland, the regulator said.

The commission, which opened the investigation in January 2014, said the limits were imposed by blocking access to the satellite pay-TV services from abroad and through a technique called geo-blocking, which prevents consumers from, for example, watching Disney movies on Sky on the iPad of a Londoner who is traveling to Rome.

The practices prevented consumers who buy films, music or articles from Sky UK online from retrieving that content while traveling elsewhere in Europe, the commission said. The practices, in some cases, also stopped rival broadcasters from making their services available in Britain and Ireland, it said.

“European consumers want to watch the pay-TV channels of their choice regardless of where they live or travel in the E.U.,” Margrethe Vestager, the competition commissioner, said in a statement.

“Our investigation shows that they cannot do this today” she continued, “also because licensing agreements between the major film studios and Sky UK do not allow consumers in other E.U. countries to access Sky’s U.K. and Irish pay-TV services, via satellite or online.”

The objections are only a preliminary step in European antitrust cases. But companies that fail to rebut such charges can face fines of up to 10 percent of their most recent global annual sales.
http://www.nytimes.com/2015/07/24/bu...os-sky-uk.html





Online Pirates Could Face 10 Years in Jail
Dave Lee

The film and music industry have been lobbying for tougher penalties for online piracy

Online pirates could face jail terms of up to 10 years under plans being considered by the government.

Online copyright infringement currently carries a maximum penalty of two years' imprisonment.

Ministers have launched a consultation on increasing it to 10 years - bringing it into line with copyright infringement of physical goods.

The government said tougher sentences would act as a "significant deterrent".

Groups that represent the country's creative industry - particularly film and music - have been lobbying hard for this for some time.

They argue that a couple of years in jail just isn't a sufficient deterrent to prevent online piracy, and that the law is well out of date.

The proposed measures are mainly targeted at the distributors of pirated content - the people creating copies of movies, sometimes before release, and uploading them to be downloaded by thousands upon thousands.

It's not, the police are clear to point out, aimed at small-time downloaders - although there are other ways and means to prevent that too.

The consultation phase will likely turn heated. Internet rights groups will question the influence Hollywood and the music industry has over the day-to-day operations of the police - after all, industry bodies, funded by top studios and record labels, have paid for staff to work in police stations with the sole brief of investigating copyright crime.

They'll also say the way to "solve" online piracy is to offer affordable, flexible ways to consume new film and music - not jail terms.

Netflix, Spotify and others are evidence this is happening, the industry groups say. They'll argue that no legal service, however cheap, will ever tempt those who simply don't want to pay for their entertainment.

'Digital world'

Intellectual Property Minister Baroness Neville-Rolfe said: "The government takes copyright crime extremely seriously - it hurts businesses, consumers and the wider economy both on and offline.

"Our creative industries are worth more than £7 billion to the UK economy and it's important to protect them from online criminal enterprises.

"By toughening penalties for commercial-scale online offending we are offering greater protections to businesses and sending a clear message to deter criminals."

Detective Chief Inspector Peter Ratcliffe, head of the Police Intellectual Property Crime Unit, said: "Online or offline, intellectual property theft is a crime.

"With advances in technology and the popularity of the internet, more and more criminals are turning to online criminality and so it is imperative that our prosecution system reflects our moves to a more digital world."

The consultation follows calls from the creative industries for more action over copyright offences.
http://www.bbc.co.uk/news/uk-33578180





File Sharing Solution Considered for Evidence Problem
Andrew Ellison

A new software program could be the answer to an evidence problem in the Nueces County District Attorney's Office.

As we've reported, in some cases, defense attorneys aren't getting key evidence until the middle of trial.

In Texas, any evidence the prosecution gets, the defense gets too. In Nueces County, the transfer of information from police to the D.A.'s Office can be slow, since everything is hand-delivered.

District Attorney Mark Skurka says, "It's a very cumbersome system."

Skurka says software from a company called Document Logistix would allow police to upload every document, video, or picture they get online, giving the D.A.'s Office instant access.

Skurka says it would make the whole evidence process faster, because the faster his office gets the information, the faster they can check it, and share it with the defense attorneys, using the same system.

It could save the county money too.

"I have secretaries out there that spend hours copying videos, copying papers, scanning documents," Skurka says.

Defense attorney, and former district judge, Angelica Hernandez, doesn't think software will solve the evidence problem.

She says it's the prosecutors job to pursue additional evidence after police provide the initial reports.

"That's not happening. So, this isn't a disconnect with law enforcement. This is not law enforcement's fault. Those officers are doing their part of the job," Hernandez says.

The county has never used electronic file sharing with police, but it has been using an online system called Dropbox to share evidence with defense attorneys.

According to Skurka, the problem with Dropbox is the county has trouble sending large files.

Purchasing the software from Document Logistix would cost $68,000, and there would be annual maintenance costs as well.

There is a chance the county could get a service like this for free.

Another tech company it already uses for other services might be able to do file sharing as well.
http://www.kristv.com/story/29610155...idence-problem





BitTorrent Gives Developers A Cloud-Free Alternative

The new Sync API is here—get coding.
Richard Procter

As privacy and security become bigger concerns, developers who want to store users' data securely may be interested in a new API from BitTorrent that offers more options and a lower barrier to entry than its predecessor.

BitTorrent is already familiar to many for its peer-to-peer file transfer technology that enabled websites like The Pirate Bay to exist. But the company has been branching out and finding different, more specialized applications for its core technology.

In 2013, it launched BitTorrent Sync, a file-synchronization service that operates similar to applications like Box and Dropbox. BitTorrent Sync, however, doesn't use the cloud as it's conventionally conceived: None of the data being transferred ends up on a third-party server. Instead, it's shared from device to device as needed—and can even work when devices are connected to each other but aren't on the Internet.

Soon after releasing Sync, BitTorrent also released an API for the product, and let developers play around with it. Since then, they've seen four primary uses for their sync technology: file integration, workflow management, automatic syncing, and custom reporting.

There have also been outlier projects that the team didn't expect at all, according to Erik Pounds, BitTorrent's vice president of product management. The highest profile one of these was a project by Jack Minardi, an electrical engineer, Harvard fellow, and cofounder of Voxel8, a 3D-printing company.

Minardi's project is a decentralized Web page, available only to users with approved machines. Here's how Torrentfreak explains the process:

By self-publishing websites locally, everyone with access to a machine through BitTorrent Sync/SyncNet can view it peer-to-peer without the need to access a traditional server-based website. Any changes to the website are automatically pushed to users and since BitTorrent Sync has a feature to grant users read-only access, there’s no risk of unauthorized modification of content.

The Sync API 2.0, which launches Wednesday, should encourage more creative projects like Minardi's. The API is more flexible—the number of API calls, or allowable operations, has tripled from 14 to 42—but more importantly, it should also be easier to use. That's because this time around, BitTorrent built the API using the REST (representational state transfer) style, which means testing out commands should be faster and smoother for developers.

"It was much easier to develop," said Theron Lewis, one of BitTorrent's senior engineers and lead API developer. "It was much easier to write sample apps than it was for the previous API. [Using REST], there's tons of other toolkits and frameworks and stuff that will make integration much easier. The internal framework we set up makes it easier to incorporate new functionality."

Pounds and Lewis said BitTorrent issued 6,300 developer keys for the previous version of the API, suggesting a substantial level of interest in Sync.

One such developer is Onehub, an enterprise file-sharing service, which will use Sync to allow for faster file transfer.

"They had a challenge where [their product] was all cloud-based, which most file-sync solutions are," Pounds said. "For some of their customers that was just too slow."

Onehub used Sync and its APIs to create a service that transfers files directly between machines while simultaneously creating a backup copy in the cloud.

While file-sharing is an obvious application for Sync, it's the offline capabilities that have yet to be plumbed. Sync could find a home among developers of wearables and other devices that only have intermittent connections to the Internet, for which Amazon, Box, Dropbox, Google, and Microsoft's Internet-dependent services just won't work.
http://readwrite.com/2015/07/15/bittorrent-sync-new-api





Silicon Valley’s Biggest Companies Take Samsung’s Side in Apple Patent Fight
Giuseppe Macri

A group of Silicon Valley’s biggest companies including Facebook, Google, Dell, HP, eBay and others joined the patent war between Apple and Samsung this month with a petition to a federal appeals court, asking the panel to review its decision ordering Samsung to turn over profits from a handful of Apple patent infringements.

The coalition sided with Samsung in a “friend of the court” briefing filed July 1, warning the U.S. Federal Circuit Court of Appeals that ordering Samsung turn over the full profits of certain devices over select design elements copied from Apple opens the entire industry up to mass patent infringement lawsuits.

Industry giants and company trade groups argue upholding the ruling threatens to stifle innovation and limit consumer choice across the tech sector.

“If allowed to stand, that decision will lead to absurd results and have a devastating impact on companies, including [the briefing draftees], who spend billions of dollars annually on research and development for complex technologies and their components,” the group wrote in its brief to the court earlier this month.

According to the companies, the nature of technology like smartphones and smart TVs, which contain thousands of individual components, working parts and software, is too complex to lump all of a products’ design and functionality elements into one convenient legal definition of patent infringement in cases when only select design elements appear to have been copied.

“Under the panel’s reasoning, the manufacturer of a smart television containing a component that infringed any single design patent could be required to pay in damages its total profit on the entire television, no matter how insignificant the design of the infringing feature was to the manufacturer’s profit or to consumer demand,” the group said.

“Software products and online platforms face similar dangers. A design patent may cover the appearance of a single feature of a graphical user interface, such as the shape of an icon. That feature—a result of a few lines out of millions of code—may appear only during a particular use of the product, on one screen display among hundreds. But the panel’s decision could allow the owner of the design patent to receive all profits generated by the product or platform, even if the infringing element was largely insignificant to the user and it was the thousands of other features, implemented across the remainder of the software, that drove the demand generating those profits.”

In a May appeals ruling the court ordered Samsung to pay Apple more than half-a-billion dollars in damages for infringing on Apple design patents. During the original case tried before the U.S. District Court for Northern California, nine jurors found Samsung guilty of infringing on six out of seven Apple patents, including the rectangular shape and rounded corners of the iPhone, and the shape of its application icons. Samsung was ordered to pay Apple damages of $1.05 billion in that original case.

Though the court threw out $382 million in “trade dress” infringement damages (over aesthetic design elements like rounded corners on smartphones and the shape of apps), it upheld awarding damages based on the value of an entire product — in this case, the entire iPhone — rather than just the value of the infringed patented features, such as the iPhone’s front face, user interface and certain utility features like tapping to zoom.

As a result, Samsung was ordered to pay the “total profit” of its infringing Galaxy products to Apple to make up for profit Apple lost in sales to Samsung Galaxy devices.

Samsung asked to court to review the decision in June, arguing that letting the ruling stand would “invite overprotection and overcompensation for design patents, free from the limitations imposed in other areas of intellectual property law” and “lead to ‘an explosion of design patent assertions and lawsuits.’”

After Facebook, Google and others submitted their opinion, Apple argued earlier this month they should be dismissed, as Google in particular has a direct stake in the battle as the designer behind the Android mobile platform installed on Samsung devices.

“Google has a strong interest in this particular case, is not an impartial ‘friend of the court,’ and should not be permitted to expand Samsung’s word limit under the guise of an amicus brief,” Apple told the court.
http://www.insidesources.com/faceboo...g-patent-case/





How Apple Influenced The Labels To Shut Down My Music Streaming Startup

We had 50M monthly active users and 250M searches every month. Steve Jobs told the labels, including Warner Music, to sue us. So they did and for $40B. How do I know? I know because Steve Jobs gave them a list of music streaming sites that were competitive threats to iTunes, and told them to take care of it.

The iPhone was released in July of 2007 and SeeqPod was one of the first web apps to be available and popularized within that ecosystem. In time, we were known as the “iTunes Killer” — https://goo.gl/iYuvBN SeeqPod was a ‘Playable Search, Discovery & Recommendation Engine’.

Every month, 50 million consumers and hundreds of API ecosystem companies and individuals including Spotify and Grooveshark, would execute a total of 250 million searches on the SeeqPod platform for the purpose of streaming playable content.

Our first contact with Apple was via litigation initiated on their part regarding our company name, SeeqPod. Apple claimed trademark infringement based on the characters ‘p’, ‘o’ and ‘d’, making up ‘pod’ in our name SeeqPod. This lasted for about 6 months after which we both decided to walk away from any further litigation in this area. We then received a DMCA take down request for about 3000 URLs in our index from the RIAA. At the time we had a targeted crawling system bringing in millions per day.

It was January of 2008 and I was in a taxi with one of my co-founders and investors in New York on the way to meet a group of rainmaker attorneys who were interested in discussing a strategic partnership and M&A event worth north of $100 million for a large part of SeeqPod. While on my way, I looked down at my iPhone to scan my custom built news filters, as I often did, and found that the New York Post published a headline which read: “SeeqPod sued by Warner Music”. This happened minutes before our meeting. At that point I realized the context surrounding our company had shifted, the rug had been pulled from under us and was replaced with a different kind of not-so-magic carpet.

We entered the meeting and stood around the table with these deal makers like it was Bill Carson’s grave at the Sad Hill Cemetery in the movie The Good, the Bad and the Ugly.

We did not ask if they heard the news but they immediately brought it up. They said: “You've finally arrived!” This was true. We were a formidable threat to iTunes and now the major record labels. Needless to say, the negotiation of this deal was placed in a completely different light with different measurable outcomes. No one was prepared for this but this brand of uncertain opportunity is what running a startup is all about. There was no time to pivot or adapt. We simply and collectively made a discovery that needed analyzation to determine its value. After some futile banter and greedy disagreements on valuation we headed back to the Bay Area.

A few weeks later the head of Sony M&A called our office and asked to speak with me. He told me Sony had lost the war in the portable music player space with a device called the Walkman. I said I got wind of this. He mentioned they’d like to compete against iTunes using the SeeqPod platform. I said, deal. As the talks progressed, we both knew the current litigation would need to take a direction toward a resolution. So they waited and then in April of 2008, Bear Stearns fell. My mom had spent quite a bit of time in the banking and investment banking industries while at Citi and Montgomery Securities. I also spent time through the years developing algorithms and predictive analytics associated to uncovering patterns in historical stock market data. Even with this knowledge base I failed to pay attention to what I knew was a deep systematic fissure in the financial markets signaled by the fall of Bear Stearns. I was focused on user acquisition, growth and resolving litigation as opposed to revenue, a mistake when the Black Swan appears.

SeeqPod was burning $650k per month, $150k per month on litigation alone. During this time I was back and forth between Silicon Valley and New York 2 or 3 times per month. Most of the travel involved meetings with partners and Warner Music. This is where I learned where the root of our litigation and contention with music labels stemmed. One day I found myself outlining a proposal to Warner Music executives along with their CTO, Howie Singer, that entailed surrounding streaming music with transactions that would generate revenue for artists, labels and technology companies, namely ours. We took few breaks. During one of these breaks I was by myself in the office of the CTO. He came in and we chatted about the state of technology and music. I then thought to ask a question of which the answer would shed light on the real reason behind the litigation and contention technology companies share with old media companies. I asked Howie, why is it that Warner chose to sue SeeqPod? He said that they maintained a short list of companies and we were on top of that list. I then asked how we wound up on the list and at the top. This is when he mentioned that Steve Jobs had held meetings with several labels including Warner and disagreed with streaming music services like SeeqPod and that companies like ours would inhibit a deal between Apple and the labels, so they collectively decided to keep a running list of “problem” companies that need to be “addressed” by Warner. It was at this point I realized we were not in a fight with the labels but in a proxy war waged by Apple against innovative music technology companies.

I came back to the Bay Area a bit more enlightened knowing that with the army of attorneys we had, who were top notch and heroic in the fight, we would likely be spending another $1.8 million on winning a judgement in our favor based on Free Speech and the DMCA. All things considered, it would be a large Pyrrhic victory.

I halted most of our partnership talks with the likes of InfoSpace, Spotify’s early team, the new kid on the block, Grooveshark, Songza, Baidu and host of others as it would not have been a good idea to drag them onto the current battlefield at such an early stage.

We continued our talks with Sony while the economy continued to collapse. Then Lehman Brothers fell. As soon as this happened I knew we had to prepare for the worst. Advertising fell off a cliff by 80–90% and we had to support 50 million monthly active users along with streaming bandwidth costs associated to our targeted crawling systems, content caching techniques, 35 employees and about 20 attorneys. Eventually, being overexposed in the Markets, our lead investment firm had to walk. Private companies around us began suffering downrounds, clawbacks and were being excised from VC portfolios left and right. Banks began to freeze their lending, large funds began to suffer losses, Limited Partners were freezing VC access to capital and the Founders and CEOs had private companies that were turning to dust. Interestingly, although many public companies lost significant value, their exposure to the public markets allowed them to recover. At any rate, there was no way we were going to continue to operate like we were before.

It was then that EMI came forward and attempted to sue me personally as founder and CEO of SeeqPod to the tune of $40 Billion. That is, $120k per search. We had 250 million searches happening per month and they considered a single search by a user as a copyright infringement with the maximum infringement fine being $120k per alleged infringement. They included my co-founders and then included a lone software engineer that built an app powered by our API. This is when we retained additional legal counsel in New York, utilized our grit and wit, and got it thrown out of court.

We decided to wind SeeqPod down at this point and begin negotiations with Sony and a few other suitors. Engaging in M&A discussions like these in the middle of the worst economic downturn in US history since the great depression turned out to be an experience like no other. We had a team which had proven its ability to work and grow together, a team that proved its ability to create a hard-to-duplicate, formidable algorithmic search and discovery technology platform loved by consumers, with the prospect of changing the way transactions associated to streaming content would benefit the artists. Despite all of this, we knew we had to wind it down. This came in the form of Sony introducing us to InterTrust, a former joint venture between Sony and Philips, for the purpose of acquiring the patents and other IP.

Other companies included in this swath of litigation against startups that enabled the streaming of content included imeem, project playlist and eventually Grooveshark near the tail end of the SeeqPod battle.

We called it day and lived to tell about it. As a team, we are taking our experience and working on algorithms, art and technology that is even harder to duplicate and with an even larger impact in terms of advancing innovation and business in the area of Artificial Intelligence, Data Science, Hidden Relationship Engines and Recommendation Systems.

Methodical excision of competition is ok until it begins to stifle innovation made by startups and individuals along with forcing creatives and consumers into a single funnel of high costs, limited returns and limited access to competing products. Being forced to conform to a synthetic garden of ideology controlled by a single organization will never be the way forward.

Our interests will always remain in the area of advancing the art and science of living.

SeeqPod had its beginnings as a genomic search and discovery engine that would help researchers in Lawrence Berkeley National Laboratory’s Life Sciences division find hidden connections between genes, genomic pathways, diseases and therapeutics. We were analyzing data related to genes that would extend the lifespan of nematodes (http://goo.gl/06Ebhn) and genes and pathways associated to breast cancer. Our algorithm sets and technology were rooted in Artificial Intelligence and based on mimicking portions of human cognition. We based a lot of our work on Computational Theory of the Mind (CTM). We were fans of Steven Pinker, Jeff Hawkins and of course those we worked with at Berkeley Lab. It was quite effective and we worked with Berkeley Lab to patent the technology —System and method for generating a relationship network — K Franks, CA Myers, RM Podowski — US Patent 7,987,191, 2011 — http://www.google.com/patents/US7987191 — In 2008 we won the R&D 100 award for this approach — http://newscenter.lbl.gov/2008/07/09...rd-100-awards/ and asked by Dr. Steven Chu, winner of the Nobel Prize in Physics, Director of Berkeley Lab and former US Energy Secretary, to advise on what it takes to move technology from academia to industry.

One day we decided to apply the system to finding hidden connections between public companies. When we had this part of the technology ready we tested it. In September of 2004 Merck dropped by about 21% due to the Vioxx debacle. We asked the system to give us public companies that had hidden connections related to the term “vioxx”. The top result was Pfizer (NYSE:PFE). 8 weeks later Pfizer dropped by about 14% based on hidden connections related to Vioxx such as COX-2 and Coxib inhibitors among many other things in their pharmaceutical pipeline.

At this point we knew we had an interesting and competitive technology that could wrangle vertical search and recommendation markets away from some of the larger players.

After some 80’s-style phracking while in high school, I worked as a DB admin for the Symantec ‘Q & A’ natural language query database system that my mom ran for her startup in 1987 when she took a break from the investment banking industry. Then I began as a systems administrator on SCO UNIX running 4GL Informix in 1991 mentored by Gil Lee. After that I started writing search engines, parsers, language preprocessors, modified code snippets from 2600 and building Linux Slackware and Yggdrasil kernels from the root and boot 1.44”’s in 1992. It was eventually easier to pick up CD’s if I needed extra libs or install packages and if I was up for a drive to Sonoma from Berkeley from time to time. If I could compile and debug kernel issues along with X11 X86Config files with assistance from a good friend at the QNX-based Caprica Internet in LA and the 2-person Slackware “helpdesk” on the East Coast every few days then I’d be able to continue to test NCSA webserver over SLIP and PPP to deliver electronic faxes with a web interface for the Mosaic Browser for a sugar company in Marin County to save them a few thousand a month in fax fees to China. I then began putting webservers online in 1993 when there were only a few thousand webservers in existence. I was doing this while building pattern matchers and preprocessors on the QNX OS at Genentech for data related to the new breast cancer drug HER2 at the time. I worked and was mentored under Joe Seiwert, an extraordinary engineer and scientist who was deeply in love with his NeXT boxes at the time.

I moved to Sun Microsystems within their Menlo Park MPK campus and began working in their SysAdmin and Network Security Group building tools to analyze data among other things. I then moved to Sun Micro-Electronics (SME) and that’s where I learned one of my most valuable lessons. I began to build and ship the first HTTP-based (yes, this was a thing back then) stock ticker and called it DigitalTrader in 1996 (http://goo.gl/dQzPTC) It was built in Tcl/Tk and Java/Tk. It auto-updated itself and crawled Quote.com and Yahoo for data. Six months later a competitor duplicated it and Yahoo bought them and put us out of business overnight. Lesson learned: realize when you are doing something that is easily duplicated. After that, I made the decision to stay in the camp of only doing things that are not easily duplicated, the camp of invention and true algorithmic, scientific or technological innovation. Business innovation is different and it’s good to recognize this as well.

After that I spent some time at Oracle, Cisco, General Instrument, AirTouch/Vodafone, TiVo, mPower(Morningstar), X-Mine (genomics, bioinformatics) and consulted for Life Sciences companies like Astra Zeneca before moving to Berkeley Lab. Most of what I worked on fell under the umbrella of Data Mining and Knowledge Discovery which is what we’re calling Data Science today.

I wanted to apply the approach to something outside of Genomics and publicly traded companies so decided to acquire an exclusive license to the patent. I thought because I was the lead inventor it would just be given to me. Not so. I had to purchase a licensing agreement for what could be up to a few hundred thousand dollars. This is when I knew I needed to start a company to raise funding from angels or VC’s to do so. I also knew that for the first time in my life I would have to apply everything I knew and learned in Silicon Valley as an algorithm, product and software engineer over the years.

It was 2005 and my term at Berkeley Lab was up and I was doing a pitch a week for fundraising. I had an executive summary, a few decks and business plan which seemed to change with the pace of lava flowing out of a volcano in creating a new island.

The Day I found Investors

I had a few firms and angels show interest but most were lukewarm when it came to understanding how we wanted to compete in the Search space based on mimicking the process of human cognition to help form new hypotheses and make discoveries in Life Sciences.

I was then introduced to an angel investor that got it. We met semi-informally and I consider these the best kind of meetings. We met at a friend of a friend’s house. We had 2 degrees of separation. I described the vision and the opportunity. I then described the problem and solution and then the team and our history together. He asked if he could call me tomorrow to discuss further. Early the next morning I got a call and proceeded to answer a few more questions and then the deal was done. He offered to write the first in a series of checks to get us started. We received the first check a few weeks later and then a check every month. We began to seek a large syndicated angel raise after that. This resulted in a year-long pitch a week in which we raised $7.4 million from smart angels to execute on the world’s first playable search, discovery and recommendation engine.

There was one afternoon Mike Muldoon, former SeeqPod CTO, and I were driving to one of our meetings and before we had any kind of office. At that time a large portion of the business plan included using the search technology to relevantly match ads to search results in addition to finding hidden connections between genes and drugs. It was on this day that we first came up with the idea of analyzing audio, including music, using frequency and amplitude data, and on the car ride home, Mike came up with the idea to analyze playlists. Caleb Pate, an old friend of mine and musician, decided to map out our media and art strategy.

That one bit, beyond all the truly awesome engineering we did, really captured a magic moment. It is examining the world for connections and patterns, and finding ways to leverage that information for the purpose of discovery that really turned us on and tuned us in.

Some of our advisory board members were investors. One advisory board member, Daiwa Quantum Capital, run by former Sony CEO Nobuyuki Idei, also on the board of Baidu, was responsible for nixing a deal with what could have kept Napster alive. Ref: http://nypost.com/2000/12/22/sony-ch...-with-napster/ This relationship also led to China inside Baidu’s offices, but that’s another story.

This was a hard-to-duplicate core algorithm and technology platform designed to crawl the Internet for anything that a consumer might want to play including sounds, audio, games, video, animations related to entertainment, Life Sciences or any other category you could think of.

The founding team members had backgrounds in music. Although I had a background in music as an amateur instrumentalist, I also had a background in the drug delivery business. Music and technology were both therapeutics in my mind. I also knew the inner-workings of search, discovery, recommendation and vector space-based hidden relationship algorithms. Combined with the fact that the top searches happening on the Internet were related to music, SeeqPod became a place where you could stream just about any music you wanted, due to the large targeted crawling system effort coupled with vertical search and recommendation algorithms. https://www.youtube.com/watch?v=68HN_CLbzB4

People began to use it to search and stream music more than anything else. We were essentially a drug delivery business that began to disrupt the distribution pipelines of who we thought were Warner and EMI, but turned out to be Apple.

We observed that at the time, MySpace became a successful social network due to its initial focus on music and a place for bands. 30 million email addresses also helped. It’s hard to say if Facebook would even exist today if not for MySpace paving the way there. While Apple was in the dumps, on the verge of bankruptcy and after borrowing $150 million from Bill Gates, the tides really began to shift when Steve Jobs decided to focus on music via the iPod/iTunes model. Moving from RISC to SISC architecture also helped. Interestingly, it was Steve Wozniak that originally held the vision for music and technology via the US Festivals:

“Steve Wozniak, creator of the Apple II, believed that the 1970s were the “Me” generation. He intended the Us Festivals, with Bill Graham’s participation, to encourage the 1980s to be more community-oriented and combine technology with rock music.[1] The first was held Labor Day weekend in September 1982 and the second was Memorial Day weekend in May 1983. Wozniak paid for the bulldozing and construction[2] of a new open-air field venue as well as the construction of an enormous state-of-the-art temporary stage at Glen Helen Regional Park near Devore, San Bernardino, California. (This site was later to become home to Blockbuster Pavilion — now San Manuel Amphitheater — the largest amphitheatre in the United States as of 2007.) The festival stage has resided at Disneyland in Anaheim since 1985, and has operated under various names and functions as the Videopolis dance club, the Videopolis Theatre, and the Fantasyland Theater.” — http://en.wikipedia.org/wiki/US_Festival

While companies were doing quite well using music as a platform to launch new technologies and new revenue models, Google was a company that got left behind in this area. The opportunity for search engine technology combined with music was in clear site. At the time, Google was distracted for good reason and could not understand how to address this opportunity for a few different reasons including the fact that its founders never really listened to music. (The Search, John Battelle 2006 http://goo.gl/5I7Of4) This in hindsight was probably wise as one of the hallmarks of a great product and company is defined by whether or not its founders eat their own dog food or in other words, find their own product supply to be quite useful to them personally and in their everyday lives.

We also knew a little something about the way consumers and listeners use search services. Solving for spelling is a very powerful yet underestimated strategy for almost any company. For example, if users misspell something they are searching for, many users would assume, your engine or platform, simply does not have the result or product and, in turn, is inferior to a competitor. We developed our own in-house vector-space based spellchecker and it worked better than anything else out there at the time so we implemented it. Google was not paying attention to music. We were a core algorithmic vertical search and discovery platform being used to discover and stream content including music. We saw this as an opportunity to take a large bite out of Search via vertical search approaches.

Fast forward to today and our current team is collectively made up of a bunch of founding teams. Many of our original team members, equipped with a unique set of skills and experience, went off to start their own companies or are working on their own hard-to-duplicate projects and strategies.

Advancing innovation involves much more than inventing hard-to-duplicate algorithms and technology. Much of it involves the strategy that you wrap around your innovations to protect them and guide them along the way, enabling them to thrive or spawn new ways of thinking about old ways of doing. This takes a bright and clever team, strong and fabulous, a team I’ll never forget.

—Kasian Franks (kasian.franks@gmail.com)
https://medium.com/@492727ZED/steve-...p-9a81c5a21d68





Senator Urges Probe of Apple's Music Streaming Practices
Diane Bartz

A U.S. senator wants two federal agencies to investigate whether Apple Inc is breaking antitrust law in how it treats music services that compete with the streaming service it launched in June.

Democratic Senator Al Franken in a letter on Wednesday said that he was concerned that some Apple practices could limit choices and raise prices for consumers. The letter was sent to Attorney General Loretta Lynch and Federal Trade Commission Chairwoman Edith Ramirez.

The FTC is already looking into complaints about Apple's rules governing app developers but has not opened a formal investigation.

The FTC confirmed receipt of the letter but declined to comment. The Justice Department did not immediately respond to requests for comment.

The complaints focus on the fact that Apple plays two roles in music streaming. First, it provides the App Store platform for competing streaming services including Jango, Spotify, Rhapsody and others, while taking a 30 percent cut of all in-app purchases for digital goods. Secondly, it has its own streaming service.

Franken, who is from Minnesota, noted a complaint often made by streaming companies: that they are barred from putting in their app advertisement that customers can pay less if they download the app from a website instead of the Apple platform. They are also barred from advertising discounts.

"These types of restrictions seem to offer no competitive benefit and may actually undermine the competitive process, to the detriment of consumers, who may end up paying substantially more than the current market price point," Franken wrote in his letter.

In the past, Apple has declined to comment to Reuters and other news organizations on the issue and did not immediately respond to requests on Wednesday.

In a separate letter also sent on Wednesday, the nonprofit Consumer Watchdog accused Apple of pressing the three big music labels to give Apple exclusive rights to artists in an effort to eradicate free ad-supported music services.

"The FTC and Justice Department can ensure that Apple does not dominate the market and eliminate the free music sector by prohibiting it from entering into agreements with clauses that will give it market dominance," the group said in their letter.

(Reporting by Diane Bartz; Editing by Lisa Shumaker)
http://uk.reuters.com/article/2015/0...0PW2J220150722





AT&T Buys DirecTV, Now Biggest Traditional TV Provider in US
Tali Arbel

Even as TV watchers increasingly go online, AT&T has become the country’s biggest traditional TV provider with its $48.5 billion purchase of DirecTV.

It got its regulatory approval Friday from the Federal Communications Commission after more than a year. The Justice Department had already cleared the deal on Tuesday.

AT&T Inc. now has 26.4 million cable and satellite TV subscribers.

That’s more than Comcast as well as a bigger Charter, which is seeking government approval to buy Time Warner Cable.

Suppliers of TV are buying one another as video from Internet competitors like Netflix gets more popular and costs rise for channels.

Adding TV customers gives AT&T more power to negotiate with big media companies over prices for those channels.

The deal also combines a nationwide satellite TV service, the country’s largest, with the No. 2 nationwide wireless network as time spent on mobile devices increases. DirecTV also has 19.5 million customers in Latin America, where AT&T wants to grow.

“We’ll now be able to meet consumers’ future entertainment preferences, whether they want traditional TV service with premier programming, their favorite content on a mobile device, or video streamed over the Internet to any screen,” said AT&T CEO Randall Stephenson in a statement.

What could change for customers? AT&T said that it will launch new TV, Internet and mobile phone bundles in the coming weeks.

AT&T’s purchase of DirecTV was approved even as Comcast’s bid for Time Warner Cable, which would have made the country’s biggest cable company even more massive, was blocked. The AT&T deal did not trigger the same fears from consumer advocates because the company wouldn’t contain an entertainment division like Comcast’s NBCUniversal and wouldn’t gain Internet customers, considered the future of the industry, by buying DirecTV.

The FCC repeated Friday that it had set certain requirements for the merger, which it had disclosed on Tuesday when the head of the agency announced his support for the deal.

Among these are that AT&T has to expand a fiber network that can handle fast Internet speeds to 12.5 million possible customers, which it says compensates for the loss of a video option in markets where AT&T’s U-verse cable service had competed with DirecTV’s satellite TV service. The agency said the fiber network requirement will help Internet video competitors reach customers.

AT&T said Friday that including that 12.5 million requirement, its all-fiber Internet network will reach more than 14 million potential subscribers. Analyst Craig Moffett of MoffettNathanson had said before the deal’s close was announced that AT&T would probably build the fiber in markets where it already operates a slower Internet network.

“In terms of increasing competition, AT&T has been claiming that bundling with DirecTV will help it compete better with cable. I think that is incrementally the case in some limited set of markets,” said John Bergmayer, a senior staff attorney with public-interest group Public Knowledge.

Another way the agency wants to try to promote video competition is by forbidding AT&T to make a potential online video service of its own not eat up data under the cap imposed by the company on its home Internet customers. If AT&T did that, it could make its own service more appealing compared with Netflix, for example, because streaming Netflix would count toward the data cap and potentially could trigger additional fees if a customer went over the cap.

AT&T also has to offer home Internet to low-income customers without making them buy phone or TV service too. AT&T said that it will offer Internet to households that qualify for food stamps for $10 a month or less. The speed available will be 10 megabits per second or slower, less than the 25 Mbps the FCC has set as the benchmark for high-speed Internet.

The FCC said there will be an independent compliance officer to monitor how AT&T abides by these conditions.
https://www.washingtonpost.com/busin...dd3_story.html





Gigabit Internet Access Grows Out of its Niche

Google proved gigabit Internet feasible at a price that appealed to consumers and small businesses. Now, with a critical mass of customers and ISPs, the gigabit Internet community seeks the killer app.
Steven Max Patterson

Google Fiber launched in Kansas City in 2011. It offered gigabit speed at $70 per month and ignited the development of an ultrafast Internet access category that has since spread throughout the U.S. According to Michael Render, principal analyst at market researcher RVA LLC, 83 Internet access providers have joined Google to offer gigabit Internet access service (all priced in the $50-$150 per month range).

Render’s data shows that new subscribers are signing up at an annualized growth rate of 480 percent each year. Between the third quarter of 2014 and the second quarter of 2015 gigabit, subscribers grew from 40,000-174,000.

With download speeds 40 times faster and upload speeds more than 300 times faster than the Federal Communications Commission’s broadband standard, gigabit Internet sounds both revolutionary and – using current ISP pricing models – downright unaffordable. But gigabit Internet quietly evolved and competition drove prices down, such as Comcast’s commitment to deliver 2 Gbps internet access in Atlanta and Time Warner committing to 1 Gbps service in Charlotte, both in response to Google Fiber and other gigabit competitors.

Just a decade ago, fiber to the home (FTTH) was an exclusive realm of big telecom companies. At that time, Verizon proved that a large Internet access network with fiber optic infrastructure serving millions of subscribers was possible. Thanks to the reduction in the cost and complexity of building and operating a gigabit Internet access network, today smaller organizations like municipal power utilities and real estate developers have become gigabit ISPs.

Fiber optic cable passes 25 million American homes, according to Render, with 11.6 million FTTH connected homes as of the second quarter of this year. And hooking up the remainder of the 25 million homes passed doesn’t require a network upgrade because most of this ISP infrastructure equipment connecting the existing FTTH customers was designed as a gigabit-capable passive optical network (GPON).

Living in a material world

The total cost of installed gigabit and faster fiber optic cable infrastructure has dropped 80 percent during the last decade, as manufacturers have redesigned the fiber optic cable products to optimize for low-cost, large scale deployments. Optical cable has become much more flexible, so it can be run inside homes and buildings, joining the customer’s network with much lower-cost optical terminals.

Cable splicing and connection that required specialist a decade ago can now be performed by a craftsperson using inexpensive equipment. Fiber runs further into buildings where lower-speed copper cable was once used for its flexibility. The newest indoor fiber optic cables can be bent around corners and are so small they can be glued into place and are virtually invisible.

The relentless decline of Internet transit costs, as seen in the above charts from Bill Norton’s DrPeering website, has also reduced the cost for ISPs to provide the greater bandwidth demands of gigabit customers without increasing costs.

Gigabit Internet access was constrained by slow Wi-Fi routers that couldn’t keep-up until 802.11ac W-iFi devices shipped in 2012 and became commoditized with Broadcom’s 802.11ac chipset late last year. With more channels, 802.11ac routers can serve more users at a multiple of the previous Wi-Fi standard 802.11n speeds and 20 times faster than 802.11g the standard just two generations ago.

At its current stage, gigabit Internet access isn’t much different than the early iPhone. Both are platforms launched with a few apps to give context to potential use cases. Like the iPhone that debuted before 3G data service was fully built-out – and interaction with others was limited because so few people owned an iPhone at the time – the full context of gigabit Internet applications won’t be fully understood until more homes and businesses are connected to it and more apps are created.

US Ignite – a nonprofit sponsored by both the U.S. government and such industry partners as Juniper, Cisco, Verizon, Google, Comcast, and others – facilitates gigabit platform development by matching developers and researchers with city test beds to demonstrate and promote gigabit application. US Ignite also curates gigabit applications and has plans to open an app store.

John George, director of solutions and professional services at OFC Optics outlines the types of applications that’ll attract consumers and businesses, with, you guessed it, a predilection to video. "Consumers will first see the difference in gigabit Internet with ultra-high definition video streaming and vivid tele-presence applications,” says George. Especially since the low-speed connections to remote and home offices have left most people out of the high-quality video game. “Enterprises will take notice of video tele-presence too. Gigabit Internet will include remote workers with large screen as-if-you-are-there video quality,” George says. He also points to education and remote control as areas rife for important applications, but notes that “it’s too early to predict all the applications that will be catalyzed by gigabit Internet until developers and researchers have had some time to work with it.”

The cloud is only as good as the network

It’s important to note that vivid video tele-presence isn’t video conferencing. It borders on virtual reality with a continuous connection that uses large screens and high definition 4K low-latency video to create a real sense of participation. Beyond the benefits of improved communication and reduced travel, gigabit Internet complements enterprise trends in virtualization. The cloud is only as good as the network. Gigabit Internet will enable solutions such as virtual desktop infrastructure and cloud storage that enhance reliability and security.

Most of the discussion about gigabit Internet access revolves around applications that use the high definition video and low-latency features of gigabit internet. The example of two musicians performing in harmony half a world apart is an often used to explain how ultrafast symmetric connectivity with ultralow latency is different because at lower speeds harmonizing isn’t possible.

A single gigabit Internet “killer app” may not emerge. It may simply be a large set of applications that are enabled by speed and low latency, just like a new set of applications emerged with the move from dial-up to broadband internet access. Distance learning and distance medicine – perennial staples of legacy video conferencing applications – have gotten a makeover due to these features.

And virtual reality (VR) is experiencing a resurgence. VR creates convincing 3D video imaging that the brain perceives as reality. VR over gigabit Internet could provide a front-row experience at a concert or a Broadway show, or it could give an engineer operating a robot equipped with VR cameras the experience of walking into one of the Fukushima nuclear reactors.

Many factors have coalesced into the perfect gigabit storm. Verizon FiOS proved that FTTH could scale to millions of homes. Google proved that FTTH internet access 40 times faster than the FCC broadband standard could be delivered at a price attractive to consumers. With the latest gigabit technologies that have reduced the cost and complexity of deployment, building out internet access is within the scope of capability of small ISPs that want to compete with large incumbents like Comcast, AT&T and Time Warner by throwing down the gigabit gauntlet.

In the final analysis, if Comcast’s 25 Mbps internet costs $50 per month and Verizon FiOS’ 75 Mbps $65 per month, why wouldn’t the consumer choose Google Fiber gigabit service for $70 per month? The apps that use vivid video, blazing speed and ultralow latency will reset user expectations and drive even more growth.
http://www.cio.com/article/2951966/c...its-niche.html





U.S. vs. Hackers: Still Lopsided Despite Years of Warnings and a Recent Push
Michael D. Shear and Nicole Perlroth

In the month since a devastating computer systems breach at the Office of Personnel Management, digital Swat teams have been racing to plug the most glaring security holes in government computer networks and prevent another embarrassing theft of personal information, financial data and national security secrets.

But senior cybersecurity officials, lawmakers and technology experts said in interviews that the 30-day “cybersprint” ordered by President Obama after the attacks is little more than digital triage on federal computer networks that are cobbled together with out-of-date equipment and defended with the software equivalent of Bubble Wrap.

In an effort to highlight its corrective actions, the White House will announce shortly that teams of federal employees and volunteer hackers have made progress over the last month. At some agencies, 100 percent of users are, for the first time, logging in with two-factor authentication, a basic security feature, officials said. Security holes that have lingered for years despite obvious fixes are being patched. And thousands of low-level employees and contractors with access to the nation’s most sensitive secrets have been cut off.

But officials and experts acknowledge that the computer networks of many federal agencies remain highly vulnerable to sophisticated cybercriminals, who are often sponsored by other countries. Another breach like the one in June, which exposed information on 21 million people, remains a threat — despite repeated alarms over the years that government computer systems were vulnerable to exactly that kind of attack. Asked in congressional testimony this month to grade the federal government’s cybersecurity efforts on a scale of A to F, a senior government auditor gave the government a D.

Even senior White House officials acknowledge how much remains to be done. “It’s safe to say that federal agencies are not where we want them to be across the board,” Michael Daniel, Mr. Obama’s top cybersecurity adviser, said in an interview. He said the bureaucracy needed a “mind-set shift” that would put computer security at the top of a long list of priorities. “We clearly need to be moving faster.”

Despite high-profile incidents, including the theft of secrets by the national security contractor Edward J. Snowden, many government agencies have demonstrated little commitment to making cybersecurity a priority.

After neglect that has been documented in dozens of audits for nearly two decades, the federal government is still far behind its adversaries. And it is still struggling to procure the latest technological defenses or attract the kind of digital security expertise necessary to secure its networks.

As recently as this year, officials showed little urgency in confronting dangers from the bits and bytes flying across their networks.

A January audit of the Federal Aviation Administration cited “significant security control weaknesses” in the agency’s network, “placing the safe and uninterrupted operation of the nation’s air traffic control system at increased and unnecessary risk.” But that agency had been warned for years that its computer networks were wide open to attack. In 2009, hackers stole personal information for 48,000 agency employees, prompting an investigation that found 763 high-risk vulnerabilities — any one of which, auditors said, could give attackers access to the computers that run the air traffic control system.

This glacial pace of change, former Federal Aviation Administration officials said, was not for their lack of trying. Michael Brown, who served as the agency’s chief information security officer for a decade, called the 2009 episode his “scariest moment” and said he had frequently been frustrated by the government’s failure to address the obvious security holes in the most important networks.

“You come up with binders full of documentation, and then at the end of the day, you don’t have any money to go back and ameliorate,” Mr. Brown said. “The system could be hanging out there for a long time with a vulnerability.”

The story has been much the same at other agencies. At the Department of Energy, after other breaches there, a hacker spent a month stealing personnel records from an unencrypted database in the summer of 2013. By the time Robert F. Brese, the department’s top cybersecurity official, was notified, the hacker had drained 104,000 names, addresses and Social Security numbers from its systems.

“It was just this sickening feeling in my stomach,” Mr. Brese, now a consultant, recalled.

In the days that followed, investigators found numerous holes in the Energy Department’s network that contained sensitive information on nuclear propulsion and critical infrastructure. Government auditors slammed the department for lax security controls, lack of encryption and a failure to patch known vulnerabilities.

And while that could have served as an early warning, the breach was met with a shrug at other agencies. At the Internal Revenue Service, auditors identified 69 vulnerabilities in the agency’s networks last year, but when officials there told Government Accountability Office auditors this year that they had fixed 24 of those problems, investigators found only 14 had been resolved.

“That’s been a recurring theme,” said Gregory C. Wilshusen, the Government Accountability Office’s top computer systems investigator. “They believe they’ve taken corrective actions, but when one goes back to check, we find that they haven’t. It just perpetuates the vulnerability and gives I.R.S. a false sense of security.” In May, the agency was forced to concede that hackers had gained access to the tax returns of some 100,000 citizens.

The dangers are accelerating as hackers repeatedly target computer networks used to collect taxes, secure ports and airports, run air traffic control systems, process student loans, oversee the nation’s nuclear stockpile, monitor the Federal Reserve and support the armed services. Last year, officials say, there were more than 67,000 computer-related incidents at federal agencies, up from about 5,000 in 2006.

Officials at all levels may finally be paying attention in the wake of the Office of Personnel Management hacking. Lawmakers are considering legislation to require sharing of information about malicious hacks and to set cybersecurity standards for federal systems.

“This is going to have to be an area of much greater focus,” said Senator Mark R. Warner, Democrat of Virginia, a supporter of the legislation.

Tony Scott, the federal government’s chief information officer, who arrived this year from Microsoft and VMware, vowed to make sure they did.

“I’m not going to let up,” he promised in an interview. “We are going to bring every bit of pressure we can bring.”

Across the government, there is evidence of new anxiety. On the “watch floor” of the Department of Homeland Security’s National Cybersecurity and Communications Integration Center, dozens of specialists monitor potential intrusions on government networks. Large screens flash yellow or red to warn of potential surges in network traffic or attempts to breach systems by known hackers.

But the most advanced defenses have yet to be fully installed. Major agencies will not have them for a year, and smaller ones could take longer, officials said. And legal, political and bureaucratic roadblocks still make it difficult for officials to cajole their colleagues to take action quickly.

Department of Homeland Security officials must continually trek to Capitol Hill for approval of the most mundane organizational shifts. “I thought my head would blow off when I had to get approval from people who had no idea what we were doing,” said Mark Weatherford, the former deputy under secretary for cybersecurity at the Department of Homeland Security.

He noted that such bureaucratic obstacles made it difficult for the department to compete in the cutthroat war for talented security specialists. “It takes far too long,” said Mr. Weatherford, now a principal at the Chertoff Group, an advisory firm in Washington. “I can’t tell you how many good people we lost at D.H.S. because they couldn’t wait four to six months for the hiring process.”

The agency has had a hard time competing with the likes of Google, start-ups and other agencies for top talent. The Office of Personnel Management runs a program that offers grants to students who specialize in cybersecurity in exchange for their help defending government networks. Between 2002 and 2014, 55 of the program’s 1,500 graduates went to work for the Department of Homeland Security, compared with 407 who worked for the National Security Agency.

Eric Cornelius, an graduate of the program who served as Homeland Security’s deputy director and chief technical analyst for its control systems security program, stayed only 18 months before leaving for Cylance, a security start-up. He said hiring was only half the problem. ‘The other half of the problem is the need to address firing reform,” Mr. Cornelius said. “In my experience, complacency is the enemy of competency.”

But Mr. Scott said the sprint was just a prelude to a complete cultural overhaul. “We need to dramatically change how we’re thinking about this,” he said. “Just because there’s a sprint doesn’t mean this is the end.”

Michael D. Shear reported from Washington, and Nicole Perlroth from San Francisco.
http://www.nytimes.com/2015/07/19/us...cent-push.html





Hackers Remotely Kill a Jeep on the Highway—With Me in It
Andy Greenberg

I was driving 70 mph on the edge of downtown St. Louis when the exploit began to take hold.

Though I hadn’t touched the dashboard, the vents in the Jeep Cherokee started blasting cold air at the maximum setting, chilling the sweat on my back through the in-seat climate control system. Next the radio switched to the local hip hop station and began blaring Skee-lo at full volume. I spun the control knob left and hit the power button, to no avail. Then the windshield wipers turned on, and wiper fluid blurred the glass.

As I tried to cope with all this, a picture of the two hackers performing these stunts appeared on the car’s digital display: Charlie Miller and Chris Valasek, wearing their trademark track suits. A nice touch, I thought.

The Jeep’s strange behavior wasn’t entirely unexpected. I’d come to St. Louis to be Miller and Valasek’s digital crash-test dummy, a willing subject on whom they could test the car-hacking research they’d been doing over the past year. The result of their work was a hacking technique—what the security industry calls a zero-day exploit—that can target Jeep Cherokees and give the attacker wireless control, via the Internet, to any of thousands of vehicles. Their code is an automaker’s nightmare: software that lets hackers send commands through the Jeep’s entertainment system to its dashboard functions, steering, brakes, and transmission, all from a laptop that may be across the country.

To better simulate the experience of driving a vehicle while it’s being hijacked by an invisible, virtual force, Miller and Valasek refused to tell me ahead of time what kinds of attacks they planned to launch from Miller’s laptop in his house 10 miles west. Instead, they merely assured me that they wouldn’t do anything life-threatening. Then they told me to drive the Jeep onto the highway. “Remember, Andy,” Miller had said through my iPhone’s speaker just before I pulled onto the I-40 on-ramp, “no matter what happens, don’t panic.”

As the two hackers remotely toyed with the air-conditioning, radio, and windshield wipers, I mentally congratulated myself on my courage under pressure. That’s when they cut the transmission.

Immediately my accelerator stopped working. As I frantically pressed the pedal and watched the RPMs climb, the Jeep lost half its speed, then slowed to a crawl. This occurred just as I reached a long overpass, with no shoulder to offer an escape. The experiment had ceased to be fun.

At that point, the interstate began to slope upward, so the Jeep lost more momentum and barely crept forward. Cars lined up behind my bumper before passing me, honking. I could see an 18-wheeler approaching in my rearview mirror. I hoped its driver saw me, too, and could tell I was paralyzed on the highway.

“You’re doomed!” Valasek shouted, but I couldn’t make out his heckling over the blast of the radio, now pumping Kanye West. The semi loomed in the mirror, bearing down on my immobilized Jeep.

I followed Miller’s advice: I didn’t panic. I did, however, drop any semblance of bravery, grab my iPhone with a clammy fist, and beg the hackers to make it stop.

Wireless Carjackers

This wasn’t the first time Miller and Valasek had put me behind the wheel of a compromised car. In the summer of 2013, I drove a Ford Escape and a Toyota Prius around a South Bend, Indiana, parking lot while they sat in the backseat with their laptops, cackling as they disabled my brakes, honked the horn, jerked the seat belt, and commandeered the steering wheel. “When you lose faith that a car will do what you tell it to do,” Miller observed at the time, “it really changes your whole view of how the thing works.” Back then, however, their hacks had a comforting limitation: The attacker’s PC had been wired into the vehicles’ onboard diagnostic port, a feature that normally gives repair technicians access to information about the car’s electronically controlled systems.

A mere two years later, that carjacking has gone wireless. Miller and Valasek plan to publish a portion of their exploit on the Internet, timed to a talk they’re giving at the Black Hat security conference in Las Vegas next month. It’s the latest in a series of revelations from the two hackers that have spooked the automotive industry and even helped to inspire legislation; WIRED has learned that senators Ed Markey and Richard Blumenthal plan to introduce an automotive security bill today to set new digital security standards for cars and trucks, first sparked when Markey took note of Miller and Valasek’s work in 2013.

As an auto-hacking antidote, the bill couldn’t be timelier. The attack tools Miller and Valasek developed can remotely trigger more than the dashboard and transmission tricks they used against me on the highway. They demonstrated as much on the same day as my traumatic experience on I-40; After narrowly averting death by semi-trailer, I managed to roll the lame Jeep down an exit ramp, re-engaged the transmission by turning the ignition off and on, and found an empty lot where I could safely continue the experiment.

Miller and Valasek’s full arsenal includes functions that at lower speeds fully kill the engine, abruptly engage the brakes, or disable them altogether. The most disturbing maneuver came when they cut the Jeep’s brakes, leaving me frantically pumping the pedal as the 2-ton SUV slid uncontrollably into a ditch. The researchers say they’re working on perfecting their steering control—for now they can only hijack the wheel when the Jeep is in reverse. Their hack enables surveillance too: They can track a targeted Jeep’s GPS coordinates, measure its speed, and even drop pins on a map to trace its route.

All of this is possible only because Chrysler, like practically all carmakers, is doing its best to turn the modern automobile into a smartphone. Uconnect, an Internet-connected computer feature in hundreds of thousands of Fiat Chrysler cars, SUVs, and trucks, controls the vehicle’s entertainment and navigation, enables phone calls, and even offers a Wi-Fi hot spot. And thanks to one vulnerable element, which Miller and Valasek won’t identify until their Black Hat talk, Uconnect’s cellular connection also lets anyone who knows the car’s IP address gain access from anywhere in the country. “From an attacker’s perspective, it’s a super nice vulnerability,” Miller says.

From that entry point, Miller and Valasek’s attack pivots to an adjacent chip in the car’s head unit—the hardware for its entertainment system—silently rewriting the chip’s firmware to plant their code. That rewritten firmware is capable of sending commands through the car’s internal computer network, known as a CAN bus, to its physical components like the engine and wheels. Miller and Valasek say the attack on the entertainment system seems to work on any Chrysler vehicle with Uconnect from late 2013, all of 2014, and early 2015. They’ve only tested their full set of physical hacks, including ones targeting transmission and braking systems, on a Jeep Cherokee, though they believe that most of their attacks could be tweaked to work on any Chrysler vehicle with the vulnerable Uconnect head unit. They have yet to try remotely hacking into other makes and models of cars.

After the researchers reveal the details of their work in Vegas, only two things will prevent their tool from enabling a wave of attacks on Jeeps around the world. First, they plan to leave out the part of the attack that rewrites the chip’s firmware; hackers following in their footsteps will have to reverse-engineer that element, a process that took Miller and Valasek months. But the code they publish will enable many of the dashboard hijinks they demonstrated on me as well as GPS tracking.

Second, Miller and Valasek have been sharing their research with Chrysler for nearly nine months, enabling the company to quietly release a patch ahead of the Black Hat conference. On July 16, owners of vehicles with the Uconnect feature were notified of the patch in a post on Chrysler’s website that didn’t offer any details or acknowledge Miller and Valasek’s research. “[Fiat Chrysler Automobiles] has a program in place to continuously test vehicles systems to identify vulnerabilities and develop solutions,” reads a statement a Chrysler spokesperson sent to WIRED. “FCA is committed to providing customers with the latest software updates to secure vehicles against any potential vulnerability.”

If consumers don't realize this is an issue, they should, and they should start complaining to carmakers. This might be the kind of software bug most likely to kill someone. Charlie Miller

Unfortunately, Chrysler’s patch must be manually implemented via a USB stick or by a dealership mechanic. (Download the update here.) That means many—if not most—of the vulnerable Jeeps will likely stay vulnerable.

Chrysler stated in a response to questions from WIRED that it “appreciates” Miller and Valasek’s work. But the company also seemed leery of their decision to publish part of their exploit. “Under no circumstances does FCA condone or believe it’s appropriate to disclose ‘how-to information’ that would potentially encourage, or help enable hackers to gain unauthorized and unlawful access to vehicle systems,” the company’s statement reads. “We appreciate the contributions of cybersecurity advocates to augment the industry’s understanding of potential vulnerabilities. However, we caution advocates that in the pursuit of improved public safety they not, in fact, compromise public safety.”

The two researchers say that even if their code makes it easier for malicious hackers to attack unpatched Jeeps, the release is nonetheless warranted because it allows their work to be proven through peer review. It also sends a message: Automakers need to be held accountable for their vehicles’ digital security. “If consumers don’t realize this is an issue, they should, and they should start complaining to carmakers,” Miller says. “This might be the kind of software bug most likely to kill someone.”

In fact, Miller and Valasek aren’t the first to hack a car over the Internet. In 2011 a team of researchers from the University of Washington and the University of California at San Diego showed that they could wirelessly disable the locks and brakes on a sedan. But those academics took a more discreet approach, keeping the identity of the hacked car secret and sharing the details of the exploit only with carmakers.

Miller and Valasek represent the second act in a good-cop/bad-cop routine. Carmakers who failed to heed polite warnings in 2011 now face the possibility of a public dump of their vehicles’ security flaws. The result could be product recalls or even civil suits, says UCSD computer science professor Stefan Savage, who worked on the 2011 study. Earlier this month, in fact, Range Rover issued a recall to fix a software security flaw that could be used to unlock vehicles’ doors. “Imagine going up against a class-action lawyer after Anonymous decides it would be fun to brick all the Jeep Cherokees in California,” Savage says.

For the auto industry and its watchdogs, in other words, Miller and Valasek’s release may be the last warning before they see a full-blown zero-day attack. “The regulators and the industry can no longer count on the idea that exploit code won’t be in the wild,” Savage says. “They’ve been thinking it wasn’t an imminent danger you needed to deal with. That implicit assumption is now dead.”

471,000 Hackable Automobiles

Sitting on a leather couch in Miller’s living room as a summer storm thunders outside, the two researchers scan the Internet for victims.

Uconnect computers are linked to the Internet by Sprint’s cellular network, and only other Sprint devices can talk to them. So Miller has a cheap Kyocera Android phone connected to his battered MacBook. He’s using the burner phone as a Wi-Fi hot spot, scouring for targets using its thin 3G bandwidth.

A set of GPS coordinates, along with a vehicle identification number, make, model, and IP address, appears on the laptop screen. It’s a Dodge Ram. Miller plugs its GPS coordinates into Google Maps to reveal that it’s cruising down a highway in Texarkana, Texas. He keeps scanning, and the next vehicle to appear on his screen is a Jeep Cherokee driving around a highway cloverleaf between San Diego and Anaheim, California. Then he locates a Dodge Durango, moving along a rural road somewhere in the Upper Peninsula of Michigan. When I ask him to keep scanning, he hesitates. Seeing the actual, mapped locations of these unwitting strangers’ vehicles—and knowing that each one is vulnerable to their remote attack—unsettles him.

When Miller and Valasek first found the Uconnect flaw, they thought it might only enable attacks over a direct Wi-Fi link, confining its range to a few dozen yards. When they discovered the Uconnect’s cellular vulnerability earlier this summer, they still thought it might work only on vehicles on the same cell tower as their scanning phone, restricting the range of the attack to a few dozen miles. But they quickly found even that wasn’t the limit. “When I saw we could do it anywhere, over the Internet, I freaked out,” Valasek says. “I was frightened. It was like, holy fuck, that’s a vehicle on a highway in the middle of the country. Car hacking got real, right then.”

That moment was the culmination of almost three years of work. In the fall of 2012, Miller, a security researcher for Twitter and a former NSA hacker, and Valasek, the director of vehicle security research at the consultancy IOActive, were inspired by the UCSD and University of Washington study to apply for a car-hacking research grant from Darpa. With the resulting $80,000, they bought a Toyota Prius and a Ford Escape. They spent the next year tearing the vehicles apart digitally and physically, mapping out their electronic control units, or ECUs—the computers that run practically every component of a modern car—and learning to speak the CAN network protocol that controls them.

When they demonstrated a wired-in attack on those vehicles at the DefCon hacker conference in 2013, though, Toyota, Ford, and others in the automotive industry downplayed the significance of their work, pointing out that the hack had required physical access to the vehicles. Toyota, in particular, argued that its systems were “robust and secure” against wireless attacks. “We didn’t have the impact with the manufacturers that we wanted,” Miller says. To get their attention, they’d need to find a way to hack a vehicle remotely.

So the next year, they signed up for mechanic’s accounts on the websites of every major automaker and downloaded dozens of vehicles’ technical manuals and wiring diagrams. Using those specs, they rated 24 cars, SUVs, and trucks on three factors they thought might determine their vulnerability to hackers: How many and what types of radios connected the vehicle’s systems to the Internet; whether the Internet-connected computers were properly isolated from critical driving systems, and whether those critical systems had “cyberphysical” components—whether digital commands could trigger physical actions like turning the wheel or activating brakes.

Based on that study, they rated Jeep Cherokee the most hackable model. Cadillac’s Escalade and Infiniti’s Q50 didn’t fare much better; Miller and Valasek ranked them second- and third-most vulnerable. When WIRED told Infiniti that at least one of Miller and Valasek’s warnings had been borne out, the company responded in a statement that its engineers “look forward to the findings of this [new] study” and will “continue to integrate security features into our vehicles to protect against cyberattacks.” Cadillac emphasized in a written statement that the company has released a new Escalade since Miller and Valasek’s last study, but that cybersecurity is “an emerging area in which we are devoting more resources and tools,” including the recent hire of a chief product cybersecurity officer.

After Miller and Valasek decided to focus on the Jeep Cherokee in 2014, it took them another year of hunting for hackable bugs and reverse-engineering to prove their educated guess. It wasn’t until June that Valasek issued a command from his laptop in Pittsburgh and turned on the windshield wipers of the Jeep in Miller’s St. Louis driveway.

Since then, Miller has scanned Sprint’s network multiple times for vulnerable vehicles and recorded their vehicle identification numbers. Plugging that data into an algorithm sometimes used for tagging and tracking wild animals to estimate their population size, he estimated that there are as many as 471,000 vehicles with vulnerable Uconnect systems on the road.

Pinpointing a vehicle belonging to a specific person isn’t easy. Miller and Valasek’s scans reveal random VINs, IP addresses, and GPS coordinates. Finding a particular victim’s vehicle out of thousands is unlikely through the slow and random probing of one Sprint-enabled phone. But enough phones scanning together, Miller says, could allow an individual to be found and targeted. Worse, he suggests, a skilled hacker could take over a group of Uconnect head units and use them to perform more scans—as with any collection of hijacked computers—worming from one dashboard to the next over Sprint’s network. The result would be a wirelessly controlled automotive botnet encompassing hundreds of thousands of vehicles.

“For all the critics in 2013 who said our work didn’t count because we were plugged into the dashboard,” Valasek says, “well, now what?”

Congress Takes on Car Hacking

Now the auto industry needs to do the unglamorous, ongoing work of actually protecting cars from hackers. And Washington may be about to force the issue.

Later today, senators Markey and Blumenthal intend to reveal new legislation designed to tighten cars’ protections against hackers. The bill (which a Markey spokesperson insists wasn’t timed to this story) will call on the National Highway Traffic Safety Administration and the Federal Trade Commission to set new security standards and create a privacy and security rating system for consumers. “Controlled demonstrations show how frightening it would be to have a hacker take over controls of a car,” Markey wrote in a statement to WIRED. “Drivers shouldn’t have to choose between being connected and being protected…We need clear rules of the road that protect cars from hackers and American families from data trackers.”

Markey has keenly followed Miller and Valasek’s research for years. Citing their 2013 Darpa-funded research and hacking demo, he sent a letter to 20 automakers, asking them to answer a series of questions about their security practices. The answers, released in February, show what Markey describes as “a clear lack of appropriate security measures to protect drivers against hackers who may be able to take control of a vehicle.” Of the 16 automakers who responded, all confirmed that virtually every vehicle they sell has some sort of wireless connection, including Bluetooth, Wi-Fi, cellular service, and radios. (Markey didn’t reveal the automakers’ individual responses.) Only seven of the companies said they hired independent security firms to test their vehicles’ digital security. Only two said their vehicles had monitoring systems that checked their CAN networks for malicious digital commands.

UCSD’s Savage says the lesson of Miller and Valasek’s research isn’t that Jeeps or any other vehicle are particularly vulnerable, but that practically any modern vehicle could be vulnerable. “I don’t think there are qualitative differences in security between vehicles today,” he says. “The Europeans are a little bit ahead. The Japanese are a little bit behind. But broadly writ, this is something everyone’s still getting their hands around.”

Aside from wireless hacks used by thieves to open car doors, only one malicious car-hacking attack has been documented: In 2010 a disgruntled employee in Austin, Texas, used a remote shutdown system meant for enforcing timely car payments to brick more than 100 vehicles. But the opportunities for real-world car hacking have only grown, as automakers add wireless connections to vehicles’ internal networks. Uconnect is just one of a dozen telematics systems, including GM Onstar, Lexus Enform, Toyota Safety Connect, Hyundai Bluelink, and Infiniti Connection.

In fact, automakers are thinking about their digital security more than ever before, says Josh Corman, the cofounder of I Am the Cavalry, a security industry organization devoted to protecting future Internet-of-things targets like automobiles and medical devices. Thanks to Markey’s letter, and another set of questions sent to automakers by the House Energy and Commerce Committee in May, Corman says, Detroit has known for months that car security regulations are coming.

But Corman cautions that the same automakers have been more focused on competing with each other to install new Internet-connected cellular services for entertainment, navigation, and safety. (Payments for those services also provide a nice monthly revenue stream.) The result is that the companies have an incentive to add Internet-enabled features—but not to secure them from digital attacks. “They’re getting worse faster than they’re getting better,” he says. “If it takes a year to introduce a new hackable feature, then it takes them four to five years to protect it.”

Corman’s group has been visiting auto industry events to push five recommendations: safer design to reduce attack points, third-party testing, internal monitoring systems, segmented architecture to limit the damage from any successful penetration, and the same Internet-enabled security software updates that PCs now receive. The last of those in particular is already catching on; Ford announced a switch to over-the-air updates in March, and BMW used wireless updates to patch a hackable security flaw in door locks in January.

Corman says carmakers need to befriend hackers who expose flaws, rather than fear or antagonize them—just as companies like Microsoft have evolved from threatening hackers with lawsuits to inviting them to security conferences and paying them “bug bounties” for disclosing security vulnerabilities. For tech companies, Corman says, “that enlightenment took 15 to 20 years.” The auto industry can’t afford to take that long. “Given that my car can hurt me and my family,” he says, “I want to see that enlightenment happen in three to five years, especially since the consequences for failure are flesh and blood.”

As I drove the Jeep back toward Miller’s house from downtown St. Louis, however, the notion of car hacking hardly seemed like a threat that will wait three to five years to emerge. In fact, it seemed more like a matter of seconds; I felt the vehicle’s vulnerability, the nagging possibility that Miller and Valasek could cut the puppet’s strings again at any time.

The hackers holding the scissors agree. “We shut down your engine—a big rig was honking up on you because of something we did on our couch,” Miller says, as if I needed the reminder. “This is what everyone who thinks about car security has worried about for years. This is a reality.”
http://www.wired.com/2015/07/hackers...-jeep-highway/





Fiat Chrysler Recalls 1.4 Million Vehicles to Defend Against Hacks
Mark Clothier and Jeff Plungis

Fiat Chrysler Automobiles NV is recalling about 1.4 million cars and trucks equipped with radios that are vulnerable to hacking, the first formal safety campaign in response to a cybersecurity threat.

The move marks a milestone for the industry, which last year set a record with 64 million autos called back for fixes in the U.S. The National Highway Traffic Safety Administration, under fire from Congress for not catching defects more quickly, has been considering punitive action against Fiat Chrysler for failing to protect vehicle owners.

Unauthorized remote access to certain vehicle systems was blocked with a network-level improvement on Thursday, the company said in a statement. In addition, affected customers will receive a USB device to upgrade vehicles’ software with internal safety features.

Fiat Chrysler was already distributing software to insulate some connected vehicles from illegal remote manipulation after Wired magazine published a story about software programmers who were able to take over a Jeep Cherokee being driven on a Missouri highway.

The company led by Chief Executive Officer Sergio Marchionne reiterated that it’s not aware of any real-world unauthorized remote hack into any of its vehicles and stressed that no defect was found and that it’s conducting the campaign out of “an abundance of caution.”

NHTSA said it encouraged the action to protect consumers against a vulnerability that could affect a driver’s control.

“Launching a recall is the right step to protect Fiat Chrysler’s customers, and it sets an important precedent for how NHTSA and the industry will respond to cybersecurity vulnerabilities,” NHTSA Administrator Mark Rosekind said in a statement Friday.

Expanded Action

The recall covers about a million more cars and trucks than those initially identified as needing a software patch. The action includes 2015 versions of Ram pickups, Jeep Cherokee and Grand Cherokee SUVs, Dodge Challenger sports coupes and Viper supercars.

“That’s not a small number to go after,” Mark Boyadjis, an analyst with IHS Automotive, said in a telephone interview. “This is a pretty quick response and much of it could be P.R. driven. But I think it will keep consumers comfortable and prevent current ones and future ones from straying away from the brand.”

Fiat Chrysler shares fell 2.5 percent, the most in two weeks, to $15.15 Friday at the close in New York. The drop pared the stock’s gain for the year to 31 percent.

This isn’t the first time automobiles have been shown to be vulnerable to hacking. What elevates this instance is that researchers were able to find and disable vehicles from miles away over the cellular network that connects to the vehicles’ entertainment and navigation systems.

That capability makes the possibility of remote hacking of cars a reality. Earlier hacks have mostly been achieved by jacking the researchers’ laptops into diagnostic ports inside the cars.

Fiat Chrysler’s UConnect infotainment system uses Sprint Corp.’s wireless network.

“This is not a Sprint issue but we have been working with Chrysler to help them further secure their vehicles,” said Stephanie Vinge Walsh, a spokeswoman.

NHTSA said it would open an investigation on the remedy “to ensure that the scope of the recall is correct and that the remedy will be effective,” agency spokesman Gordon Trowbridge said in an e-mailed statement. The agency said its electronics and cybersecurity experts will continue to monitor hacking threats and take action when necessary.

Consumer Confidence

There’s a possibility the recall could affect consumer confidence in Fiat Chrysler, even though the company isn’t the only one with cybersecurity challenges, said Thilo Koslowski, vice president and automotive practice leader at technology consultant Gartner Inc.

“It validates that cyber-hacking with cars is a serious issue that the auto industry must pay attention to,” he said. “The auto industry needs to develop new technology to combat these technological problems.”

General Motors Co. has a team working on cybersecurity and has hired Harris Corp.’s Exelis and other firms to develop anti-hacking systems, said Mark Reuss, the Detroit automaker’s executive vice president for global product development. GM seeks to block hackers’ access to its autos, he said, and if they do get in, it tries to prevent them from gaining control.

“It’s probably one of the most important things we spend time on,” Reuss said. “Anyone who wants to do something like that will probably get on, so you have to look at what happens when they do.”

GM has worked with the U.S. military and with Boeing Co. on its anti-hacking systems, he said.

Proposed Legislation

Senators Edward Markey of Massachusetts and Richard Blumenthal of Connecticut, both Democrats, introduced legislation on July 21 that would direct NHTSA and the Federal Trade Commission to establish rules to secure cars and protect consumer privacy.

The senators’ bill would also establish a rating system to inform owners about how secure their vehicles are beyond any minimum federal requirements. The lawmakers released a report last year on gaps in car-security systems, concluding only two of 16 automakers had the ability to detect and respond to a hacking attack.

Markey questioned why it took nine months after learning about the security gap for Fiat Chrysler to order a recall.

“There are no assurances that these vehicles are the only ones that are this unprotected from cyberattack,” he said Friday in an e-mail. “A safe and fully equipped vehicle should be one that is equipped to protect drivers from hackers and thieves.”

Representatives Fred Upton and Frank Pallone, leaders on the House Energy and Commerce Committee, sent letters to 17 manufacturers and NHTSA in May to gather information about how the industry is addressing cybersecurity.

“As the underlying technologies seemingly evolve by the day, so too must our manufacturers and regulators keep pace to protect drivers from these growing threats,” the Michigan Republican and New Jersey Democrat said in a statement Friday.
http://www.bloomberg.com/news/articl...-against-hacks





Car Hack Uses Digital-Radio Broadcasts to Seize Control
Chris Vallance

Car infotainment systems can allow drivers to see vehicle status updates, play music and videos, view maps and in some cases run third-party apps

Several car infotainment systems are vulnerable to a hack attack that could potentially put lives at risk, a leading security company has said.

NCC Group said the exploit could be used to seize control of a vehicle's brakes and other critical systems.

The Manchester-based company told the BBC it had found a way to carry out the attacks by sending data via digital audio broadcasting (DAB) radio signals.

It coincides with news of a similar flaw discovered by two US researchers.

Chris Valasek and Charlie Miller showed Wired magazine that they could take control of a Jeep Cherokee car by sending data to its internet-connected entertainment and navigation system via a mobile-phone network.

Chrysler has released a patch to address the problem.

However, NCC's work - which has been restricted to its labs - points to a wider problem.

The UK's Society of Motor Manufacturers and Traders has responded by saying that car companies "invest billions of pounds to keep vehicles secure as possible".

Breached brakes

NCC demonstrated part of its technique to BBC Radio 4's PM programme at its offices in Cheltenham.

By using relatively cheap off-the-shelf components connected to a laptop, the company's research director, Andy Davis, created a DAB station.

Because infotainment systems processed DAB data to display text and pictures on car dashboard screens, he said, an attacker could send code that would let them take over the system.

Once an infotainment system had been compromised, he said, an attacker could potentially use it as a way to control more critical systems, including steering and braking.

Depending on the power of the transmitter, he said, a DAB broadcast could allow attackers to affect many cars at once.

"As this is a broadcast medium, if you had a vulnerability within a certain infotainment system in a certain manufacturer's vehicle, by sending one stream of data, you could attack many cars simultaneously," he said.

"[An attacker] would probably choose a common radio station to broadcast over the top of to make sure they reached the maximum number of target vehicles."

Mr Davis declined to publicly identify which specific infotainment systems he had hacked, at this point.
Lab simulation

In many ways, modern cars are computer networks on wheels.

Mike Parris, of SBD, another company that specialises in vehicle security, said modern cars typically contained 50 interlinked computers running more than 50 million lines of code.

By contrast, he said, a modern airliner "has around 14 million lines of code".

Such technology allows the latest cars to carry out automatic manoeuvres. For example, a driver can make their vehicle parallel park at the touch of a button.

Mr Davis said he had simulated his DAB-based attack only on equipment in his company's buildings because it would be illegal and unsafe to do so in the outside world.

But he added that he had previously compromised a real vehicle's automatic-braking system - designed to prevent it crashing into the car in front - by modifying an infotainment system, and he believed this could be replicated via a DAB broadcast.

"If someone were able to compromise the infotainment system, because of the architecture of its vehicle network, they would in some cases be able to disable the automatic braking functionality," he said.
Jeep attack

On Tuesday, Wired magazine reported that two US security researchers had managed to remotely take control of a Jeep Cherokee's air-conditioning system, radio and windscreen wipers while its journalist was driving the vehicle.

Mr Valasek - director of vehicle security research at IOActive - said that NCC's attack appeared to have similarities with his own.

"I mean that's essentially what we did over the cell [mobile] network - we took over the infotainment system and from there reprogrammed certain pieces of the vehicle so we could send control commands," he said.

"So, it sounds entirely plausible."

But he added that such exploits were beyond the reach of most criminals.

"It takes a lot of time skill and money," he said.

"That isn't to say that there aren't large organisations interested in it."

More details about both the NCC and the US team's research will be presented to the Black Hat security convention in Las Vegas next month.
http://www.bbc.com/news/technology-33622298





Hacking Drones Close to Being Drawn up by Boeing and Hacking Team
Ali Raza

Leaked emails between Italian spyware vendor Hacking Team and Boeing subsidiary Insitu revealed that drones carrying malware to infect targeted computers via Wi-Fi by flying over their proximity is close to becoming a reality.

Spyware-carrying drones were being discussed by Insitu, a division of Boeing and now-disgraced malware firm Hacking Team, according to leaked emails from the recent breach of the Italian company which have been posted on WikiLeaks, Engadget reported.

It was only the failure to come to terms over a non-disclosure agreement that kept Insitu and Hacking Team ‘teaming up’ together in order to create the malware infesting drone.

Early conversations took place regarding the inception and the possibility of a spy drone created by Boeing’s aircraft expertise, carrying malware that Hacking Team is notorious for. The concept was designing a drone capable of intercepting communications and hacking on-the-fly, via Wi-Fi. Discussions didn’t get far, however, when lawyers representing both companies couldn’t see eye-to-eye on a viable non-disclosure agreement.

Initial discussions kicked off when Giuseppe Venneri, a mechanical engineering graduate from UC and internee at Insitu took notice of Hacking Team’s “Galileo”, a piece of hardware otherwise known as the Tactical Network Injector. This is essentially designed to infiltrate networks and insert the malicious code via Wi-Fi networks to launch man-in-the-middle attacks and other exploits.

Venneri wrote to Emad Shehata, Hacking Team’s key account manager, stating:

We see potential in integrating your Wi-Fi hacking capability into an airborne system and would be interested in starting a conversation with one of your engineers to go over, in more depth, the payload capabilities including the detailed size, weight, and power specs of your Galileo System.

Shehata replied by sending in the standard Hacking Team NDA, to which Venneri responded with Boeing’s own PIA (Proprietary Information Agreement) which the intern noted “must be signed before we engage with potential partners.”

"Signing our PIA (attached) will dramatically shorten the authorization process at our end," Venneri added. "Let me know if you are willing to sign our document to engage in conversations with us."

It was at this point when Hacking Team’s Chief Operating Office Giancarlo Russo stepped into the conversation, taking the authority and stating: "I saw your document and it will require additional legal verification from our side regarding the applicability of ITAR and other U.S. Law," he said. "In my opinion, for a preliminary discussion our non-disclosure agreement should be sufficient to protect both companies and as you will see it is including mutual provision for both parties and it will make things easier and faster for us."

Venneri’s response was short and succinct: "If you are unable to review/sign our form, know it will take some time on our side to seek approval from our Boeing parent. Are you willing to consider our form?"

Communications went quiet for about a month after this exchange and Venneri sent in another email on 11 May 2015: “We corresponded with you about a month ago and were unsure about the progress going forward with preliminary discussions regarding any future collaborations. If you could please reconsider our mutual PIA, know that the questionnaire at the beginning of the document is just for gathering information and has no impact on the PIA itself. We have lots of Non-US companies under our PIA. If you or your legal team have any requested changes to our PIA please don't hesitate to add them in the attached document.”

This was the last known correspondence taken from the leaks which came from the data breach two months later in July 2015. All NDAs are have been rendered obsolete and ineffective due to the Hacking Team hack.
https://hacked.com/hacking-drones-cl...-hacking-team/

















Until next week,

- js.



















Current Week In Review





Recent WiRs -

July 18th, July 11th, July 4th, June 27th

Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.


"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public."
- Hugo Black
JackSpratts is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Peer-To-Peer News - The Week In Review - July 30th, '11 JackSpratts Peer to Peer 0 27-07-11 06:58 AM
Peer-To-Peer News - The Week In Review - July 16th, '11 JackSpratts Peer to Peer 0 13-07-11 06:43 AM
Peer-To-Peer News - The Week In Review - July 9th, '11 JackSpratts Peer to Peer 0 06-07-11 05:36 AM
Peer-To-Peer News - The Week In Review - January 30th, '10 JackSpratts Peer to Peer 0 27-01-10 07:49 AM
Peer-To-Peer News - The Week In Review - December 5th, '09 JackSpratts Peer to Peer 0 02-12-09 08:32 AM






All times are GMT -6. The time now is 07:48 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
© www.p2p-zone.com - Napsterites - 2000 - 2024 (Contact grm1@iinet.net.au for all admin enquiries)