P2P-Zone  

Go Back   P2P-Zone > Peer to Peer
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Peer to Peer The 3rd millenium technology!

Reply
 
Thread Tools Search this Thread Display Modes
Old 15-01-14, 09:06 AM   #1
JackSpratts
 
JackSpratts's Avatar
 
Join Date: May 2001
Location: New England
Posts: 10,013
Default Peer-To-Peer News - The Week In Review - January 18th, '14

Since 2002


































"Value = virality." – Matt Mason


"Don’t plug it in if you don’t plan to use it." – David Knight


"What you really want is to be as unsuspicious as possible. We don’t want an interloper to be able to tell that this communication is happening at all." – Bram Cohen






































January 18th, 2014




With 60M Downloads, BitTorrent’s Bundle Experiment is Paying Off
John Koetsier

The Internet has created a world where value is determined by virality.

BitTorrent is contributing to the evolution of how content gets shared. The creator of file-sharing technology revealed today that people have downloaded BitTorrent Bundles 60 million times in less than a year, and nearly 164,400 BitTorrent Bundles are downloaded a day.

“We used to define the value of an artwork by its frame. It’s in a museum. It’s validated by critics. It’s priced by a label or a store. It is owned,” BitTorrent’s VP of Marketing Matt Mason said. “The mainstreaming of Instagram changes the meaning of photography: Beauty is interaction. The mainstreaming of Reddit changes the meaning of the news: Upvotes equal importance. And the ubiquity of Miley changes the meaning of music: Song is self-advertising. We’ve been watching our art objects become social objects. 2013 was the year that it stuck. Content has finally caught up with the Internet: value = virality.”

The entertainment industry despised BitTorrent for many years because it made it easier for consumers to access content without paying for it. Music, television, and film all struggled to adapt their business models to this new world and figure out how to make money off of “virality” if that content was circulating for free.

BitTorrent made a big push for legitimacy last year, attempting to shed its reputation as a vehicle for pirating content.

It released a new file format called BitTorrent Bundles in September, which gives movie makers, recording artists, authors, and any other content creator the ability to embed a mini-store inside their work. This was revolutionary because it turned sharing into currency, meaning the more viral content gets, the more money it makes.

Finally, a content distribution format designed for the Internet era.

Those efforts have paid off. World famous musicians, including Madonna, Lady Gaga, and Moby have created Bundles, as has an Oscar-nominated documentary titled the Act of Killing, and celebrity author Tim Ferriss.

The bundle for Moby’s eleventh studio album “Innocents” was downloaded 8.9 million times. Popular YouTube show Epic Meal Time created a Bundle that was downloaded 8.6 million times and contributed 316,000 new visits to the Epic Meal Time site. (See the full list below.)

BitTorrent published 448 bundles, worked with 8,000 publishers, and attracted 21 million site visits in 2013. Next year, Mason said to expect Bundle pay gates, social gates, and artist analytics tools.
http://venturebeat.com/2014/01/16/wi...is-paying-off/





Demonoid Returns, BitTorrent Tracker is Now Online
Ernesto

After more than a year of downtime the Demonoid tracker came back online today. The tracker is linked to nearly 400,000 torrent files and more than a million peers, which makes it one of the largest working BitTorrent trackers on the Internet. There is no word yet on when the site will make a full comeback, but the people behind it say they are working to revive one of the most famous file-sharing communities.

As the single largest semi-private BitTorrent tracker that ever existed, Demonoid used to offer a home to millions of file-sharers.

This changed abruptly August 2012, after a series of troubled events took the site offline. The unexpected downtime was followed by more than a year of silence, until the Demonoid.com homepage showed signs of life two months ago.

The site owners put up a notice suggesting that they were planning to restore Demonoid to its former glory. This uplifting news was later confirmed in a short statement that was sent to us by the people behind the site.

“I can’t give you any specifics at the moment, but yeah, we are planning to bring the site back,” TorrentFreak was told.

This glimmer of hope got many former Demonoid users excited, and today we can report further progress as the site’s tracker is now back online.

A few hours ago http://inferno.demonoid.com:3396/announce was revived, and at the time of writing the tracker is coordinating the communication of 1.3 million people scattered across 388,321 torrent files. This means that Demonoid has instantly settled itself among the five largest BitTorrent trackers on the Internet.

What appears to be new is that all these torrents are tracked by a single announce URL. Previously, Demonoid used various tracker addresses and ports for its torrents. However, several older announce URLs still work as well.

The hosting location has also changed as Demonoid have traded in their Ukrainian provider for one in Sweden.

While the above is good news for those who hold Demonoid dear, there are still plenty of uncertainties regarding the comeback. For example, it is still unknown whether Demonoid users can still use their old accounts, as the database may have been compromised.

Last year a mysterious replacement surfaced, using a copy of the Demonoid user and torrent database. The operator of the spin-off claimed not to be related to the Demonoid owners, but he did have a copy of the site’s database.

The tracker that was revived today uses Demonoid’s original .com domain, so it’s presumably backed by part of the old crew.

Time will tell whether Demonoid can make a full comeback, and what the site will look like if it does.
https://torrentfreak.com/demonoid-re...online-140109/





After Pirate Bay, Commercial Court Blocks Another File Sharing Website
Alistair Payne

On 2 December 2013, Mr Justice Kelly of the Commercial Court ordered the major Irish Internet service providers (ISPs) to block subscriber access to the KAT website otherwise known as Kickass Torrents. The decision comes only a number of months after Mr Justice McGovern granted the first website blocking order in Ireland in June 2013 in respect of The Pirate Bay. Matheson acted for UPC and Hutchison 3G in both proceedings.

Evidence was presented to the Commercial Court concerning the infringing nature of the KAT website and that infringements were being undertaken by subscribers of the five ISPs subject to the proceedings. The application was brought under the relatively new Section 40(5A) of the Copyright and Related Rights Act 2000, which was introduced into Irish law by a statutory instrument in 2012. This legislative provision provides that injunctions, as envisaged under Article 8(3) of the EU copyright in the information society directive, are available to rights-holders against intermediaries such as ISPs in order to bring copyright infringements to an end.

Mr Justice Kelly was satisfied with the evidence presented to the Court. None of the ISPs opposed the application. The Court was satisfied that it has jurisdiction to grant the relief sought and that it was appropriate to do so. The block will be implemented in the coming weeks.

It is likely that there will be future applications to block websites in this jurisdiction, particularly as the precedent and process is now set, and the recent experience in the UK has shown that such cases are expanding beyond music to film and sports broadcasting. The decision in Ireland also coincides with the recent opinion of the Advocate General in Case C-314/12 UPC Telekabel v Constantin Film. In that opinion delivered on 26 November 2013, the Advocate General stated that the blocking of websites which infringe copyright would be lawful as long as it involves specified measures to block a particular website even if there is a cost involved to the ISP and circumvention is possible by subscribers with relative ease. The Court of Justice is not bound by the opinion but may well follow its reasoning in due course.
http://www.lexology.com/library/deta...1-974003a7d6d9





Kim Dotcom Of Megaupload File-Sharing Site Starting Political Party In New Zealand
Dennis Lynch

Eccentric Internet entrepreneur Kim Dotcom says he will launch a new political party in New Zealand later this month. The working title is “Megaparty,” a reference to Dotcom’s Megaupload and MEGA companies.

Dotcom made millions heading Megaupload, which was known as a hub for illegal file-sharing until it was shut down by the U.S. government in 2012. At the time of the shutdown, Megaupload.com had 150 million registered users and received about 50 million hits daily. It netted Dotcom $42 million in 2011. Soon after, Dotcom opened up MEGA, a data storage service based on complete privacy.

Dotcom, a German born as Kim Schmitz, confirmed he would announce details about his party via Twitter on Jan. 20. He said, “My political party will activate non-voters, the youth, the Internet electorate. We are going to make politics exciting…”

The U.S. government has been trying to extradite Dotcom to face charges that include racketeering, copyright infringement, money laundering and criminal conspiracy. He was arrested shortly after the shutdown of Megaupload, but has remained in New Zealand, where he is suing a New Zealand spy agency for snooping.

Since retiring from his new company, MEGA, Dotcom has turned to political activism. Dotcom cannot run for Parliament himself, as he is not a New Zealand citizen. That doesn’t necessarily stop him from supporting and funding a party, however.

Dotcom lambasted the current state of politics and government in an interview with Vice last week. He said, “Where the government is supposed to serve us the people, we are paying with our taxes that they do a good job for us. But look what they do, they undermine our rights, they destroy our freedoms, they censor our Internet, so we are the ones who have to bring that change.”

Chris Trotter, a reporter at stuff.co.nz, says Dotcom could have a big impact on politics in the remote island country because of his appeal to young, tech savvy-voters, “a generation which, ideologically-speaking, finds little to connect with in either National or Labour," the traditional main parties in New Zealand.

Trotter went on to say “these individuals are young, wired, and mercifully free of the sort of ideological and historical baggage that connects both National and Labour politicians to the ‘failed policies of the past.'”
http://www.ibtimes.com/kim-dotcom-me...ealand-1538282





U.S. Supreme Court Refuses to Hear Internet Shopping Patent Case
Diane Bartz

The U.S. Supreme Court said on Monday it would not take on an Internet technology patent case that pitted a company accused of aggressively enforcing weak patents against another with an equally tough reputation for fighting patent infringement claims.

The closely watched case involved the online shopping site Newegg Inc, which specializes in computer products, and software company Soverain Software LLC, which had accused Newegg of infringing three patents known as the "shopping cart patents," which describe a way to buy products online and pay for them.

Chicago-based Soverain had filed similar lawsuits against a long list of companies, including J. Crew Group, Macy's Inc and Williams-Sonoma.

Against Newegg, Soverain won in the U.S. District Court for the Eastern District of Texas but lost at the U.S. Court of Appeals for the Federal Circuit, which ruled that the three online shopping patents were invalid because they were obvious.

In its filing to the Supreme Court, Newegg argued that the Federal Circuit decision should be upheld. "Petitioner's notorious 'shopping cart' patent merely applies the common sense concept of a shopping cart to the Internet," Newegg said.

Newegg's chief legal officer, Lee Cheng, applauded the decision.

"The witch is dead, hurray," he said. "We are very, very pleased that the Supreme Court has recognized ... these patents should never have been granted in the first place. What we have showed in the Soverain case is the fighting back works."

Soverain President Katharine Wolanyk said, "We're obviously disappointed that the court denied our petition," said Wolanyk. "It's a really tough time to be a patent owner."

There are a variety of bills before Congress aimed at reining in what many tech companies complain is frivolous patent litigation.

Patrick Leahy, chairman of the Senate Judiciary Committee, has sponsored legislation aimed at targeting patent assertion entities (PAEs) - companies often known derisively as "patent trolls" - which buy or license patents and then extract licensing fees or file infringement lawsuits seen as frivolous.

The U.S. House of Representatives passed a bill in December that would encourage judges to award fees to the winner of an infringement lawsuit if the judge deems the lawsuit unfounded.

The White House urged Congress last June to take steps to curb abusive patent lawsuits that have sprung up in recent years, especially in the technology sector.

The case is Soverain Software LLC v. Newegg Inc., 13-477, U.S. Supreme Court.

(Reporting by Diane Bartz; Editing by Ros Krasny and Jonathan Oatis)
http://www.chicagotribune.com/busine...,4266893.story





Supreme Court to Consider Rules on Encouraging Patent Infringement

At issue are companies that encourage customers to infringe patents
Brent Kendall

The U.S. Supreme Court said Friday that it would consider whether to make it easier to hold companies liable for encouraging others to commit patent infringement.

The court agreed to hear an appeal by Internet services company Limelight Networks Inc., LLNW +1.86% which is fighting a patent-infringement lawsuit brought by larger rival Akamai Technologies Inc. AKAM +1.22%

A splintered federal appeals court ruled in 2012 that Akamai could proceed with allegations that Limelight encouraged its customers to infringe an Akamai patent involving a method for helping website owners manage online traffic efficiently.

The U.S. Court of Appeals for the Federal Circuit, in a 6-5 decision, ruled Limelight would be liable if Akamai could prove that Limelight performed some actions outlined in the patent and then directed its customers to perform the remaining steps in the patent.

Limelight, which denied Akamai's allegations, argued that a company shouldn't be held liable for encouraging patent infringement unless some single party performs every step in the patent.

Akamai said the lower court's ruling correctly closed a loophole that allowed companies to induce patent infringement without any penalty.

A host of technology companies, including Google Inc., GOOG -0.01% Cisco Systems Inc.
and Oracle Corp., urged the Supreme Court to hear the case. They warned that the lower court ruling would expand significantly patent-infringement liability for companies whose high-tech products could be used to facilitate patent infringement by others.

The Obama administration also urged the court to hear the case, voicing similar arguments.

The Supreme Court likely will hear oral arguments in April, with a decision expected by the end of June.
http://online.wsj.com/news/article_e...MDEwMDExNDAyWj





Court Rejects Equal Access Rules for Internet Providers
Edward Wyattjan

A federal appeals court on Tuesday threw out Federal Communications Commission rules that require Internet service providers to give all traffic equal access through their networks.

The decision could pave the way for Internet service providers like Verizon and AT&T to charge content companies — say ESPN or Facebook — to deliver their data to consumers at a faster speed.

Verizon and other big players that have spent billions of dollars have building their networks have argued they should be able to manage their pipelines as they see fit. But the F.C.C. and consumer advocates have countered that content providers should have equal access to those networks to encourage competition, otherwise the richest companies will have an unfair advantage.

The court said that the commission overstepped its authority when it imposed anti-discrimination rules on Internet service providers, because it had previously exempted those companies from such regulation. But the court did acknowledge that the F.C.C. has some authority to regulate Internet service.

The decision, by the United States Court of Appeals for the District of Columbia Circuit, marks the second case the F.C.C. has lost before the appeals court over its authority to regulate Internet service providers.

It is unclear how the F.C.C. will respond. The commission could overcome the ruling by reclassifying Internet service as a utility, much like telephone or electric service. Consumer groups have advocated for that solution. But the commission has faced fierce opposition from Congress and heavy lobbying by broadband providers against doing so.

In addition, Tom Wheeler, the new F.C.C. chairman, has shown some signs that he wants to allow freedom for Internet companies to design new products and see how they work, rather than impose regulations that prohibit potentially innovative services before they are tested. Mr. Wheeler said in a statement that the court ruled that the F.C.C. does have authority to enact measures “encouraging the deployment of broadband infrastructure” and said the commission might appeal the ruling.

“I am committed to maintaining our networks as engines for economic growth, test beds for innovative services and products, and channels for all forms of speech protected by the First Amendment,” Mr. Wheeler said. “We will consider all available options, including those for appeal, to ensure that these networks on which the Internet depends continue to provide a free and open platform for innovation and expression, and operate in the interest of all Americans.”

In a decision signed by two judges and joined in part by a third, the appeals court acknowledged that the F.C.C. has the authority “to promulgate rules governing broadband providers’ treatment of Internet traffic.”

But because, several years ago, the F.C.C. classified Internet service as an “information service” rather than as a “telecommunications service” – the designation given to telephone service – the commission’s so-called net neutrality rules were invalid.

“Given that the commission has chosen to classify broadband providers in a manner that exempts them from treatment as common carriers” – that is, telephone companies – “the Communications Act expressly prohibits the commission from nonetheless regulating them as such,” the court wrote.

“Because the commission has failed to establish that the anti-discrimination and anti-blocking rules do not impose per se common carrier obligations,” the decision said, “we vacate those portions of the Open Internet Order.”
http://www.nytimes.com/2014/01/15/te...providers.html





How Netflix Won CES

It’s not the TVs, it’s what you watch on them
Bryan Bishop

Additional reporting by Nathan Ingraham

The television industry has been holding its breath. Just a few years after TV manufacturers banked on 3D to drive another round of TV purchases, they’ve found themselves having to change direction, using 4K as the latest carrot to entice consumers. But there hasn’t been anything to watch, and on the content side, viewing habits are in a state of wild flux as television viewers detach themselves from decades of convention thanks to DVRs, time shifting, and subscription service binge-watching.

Riding like a white knight into CES this year was Netflix CEO Reed Hastings. Having proved itself as a trusted entertainment brand and producer of Emmy-winning original programming, Netflix is now working with a host of TV manufacturers to bring 4K content into the home. The company is uniquely positioned to meet the needs of manufacturers and the consumer market, and 4K may be the disruptive masterstroke that turns Netflix from a company that changes the way we watch TV to the one that changes the TV business itself.

"4K is not going to have a major lifetime on a plastic disc."

Before this week, the state of 4K content was fairly dire. While 4K cameras are slowly trickling into TV production, networks like AMC and Fox aren’t anywhere close to broadcasting in the higher-quality standard. Sony's media player is a high-end device tied to Sony televisions, and a Blu-ray standard won’t be locked down until the end of the year at best. When consumers start buying the first wave of affordable 4K TVs like Vizio’s $999 P-Series this year, the only way they’re going to get content is by streaming it over the internet.

"One of the interesting pieces is that 4K is not going to have a major lifetime on a plastic disc," Netflix’s chief product officer, Neil Hunt, tells us. "It’s not going to fit on a Blu-ray disc, and it’s unlikely that people are going to want to upgrade their DVD players."

It’s a streaming-first view that’s held not just by Netflix, but the industry at large: Vizio CTO Matt McRae and Sharp senior VP of product marketing Jim Sanduski both told us that they’re betting on streaming as the future of 4K. "A lot of it will come from streaming," says McRae. "And I think one of the best things that can happen is have streaming be first with content, be first with UHD [Ultra HD], be first with some of the [new] features."

That plays right into Netflix’s strengths: in addition to having the most popular 4K-capable distribution system in the market, the company also an ace up its sleeve: actual 4K content. The Emmy-winning House of Cards is ready to launch its second season in 4K in the second quarter of this year, and Hunt also told us that "all major original content going forward" will be shot and finished in 4K.

Of course, Netflix won’t be able to make 4K a widely adopted standard with just its own original content, and it’s already working on other partnerships. Sony has been pushing 4K throughout its entire chain, from motion-picture cameras to theatrical projectors, and will provide Netflix with 4K masters of Breaking Bad. Netflix will need a lot more than Frank Underwood and Walter White, but its relationship with Sony should be an asset as it builds out its catalog. "Certainly I’d call out Sony as being very progressive on wanting to deliver 4K and experimenting and exploring with us to make that real," say Hunt.

A potentially devastating series of events for Netflix’s competitors

It sets the stage for a potentially devastating series of events for Netflix’s competitors. Consumers buy new 4K TVs, and while there may be other services available, Netflix draws users in thanks to its brand awareness and original programming — the same strategy that took HBO to cable dominance. As broadcast networks are slow to catch up, consumers rely on Netflix as the main source of 4K content. In conjunction with Netflix’s recent UI revamp — which essentially aims to be a custom-programed channel for each individual user — Netflix becomes the de facto destination for viewers.

And the competition isn’t even close: Hulu Plus isn’t in the conversation, while Technicolor’s M-GO is a relative newcomer with Samsung as its only 4K partner. Amazon did announce a slew of strong partners for its Instant Video service, including Samsung and Warner Bros., but details on what exactly Amazon will offer are thin and the company simply doesn’t have the likes of Arrested Development or Orange Is the New Black. Despite its disadvantages, Amazon does stand as Netflix’s biggest threat. Amazon Instant Video has largely been a hobby designed to spur on Kindle Fire sales, but if there’s anyone with the will and resources to make a full-court content press, it’s Jeff Bezos.

The content problem won’t be solved overnight

Bandwidth, however, remains a big question. 4K streams will require around 15 Mbps for the highest quality, something that’s still relatively rare for many consumers. Hunt believes that in the short term, the customers choosing to jump on the 4K bandwagon will likely have the kinds of robust connections that can mitigate any potential issues, but with Vizio putting such a focus on low-cost 4K, consumers with slower connections may find themselves more frustrated than delighted.

The content problem won’t be solved overnight either. Netflix will need 4K masters from studios before it can expand its catalog, and the company thinks that even by the end of the year the selection will be relatively thin. "Over time we expect to gradually introduce a lot of additional content, other originals we’re working on, other content from other vendors," says Hunt. That transition will give others time to potentially catch up; Sony CEO Kaz Hirai recently stated that he thought it would take a full five to seven years for 4K sets to be widely adopted.

"I think there are huge advancements we can expect in the future."

Despite the industry’s focus on 4K, some manufacturers express doubts that the jump in resolution alone will be enough to spur upgrades. "I actually believe that the color and the high dynamic range has a bigger impact than just straight resolution," says Vizio’s Matt McRae, describing additional enhancements present in Vizio’s high-end televisions. "From a customer impact … the color and the high dynamic range and that contrast that we've got is actually more important to making you feel like you're there."

Netflix is looking ahead there as well. The company is one of four streaming partners for Dolby Vision — a suite of technologies for both creating and displaying high dynamic range video with dramatically enhanced detail and color reproduction. While Amazon and Microsoft are also on board, the push is yet another example of Netflix using every possible technological tool at its disposal to wow customers. "We’ve already exploited a lot of the opportunity out of spatial resolution," Hunt says about Netflix’s partnership, "but with frame rate and color space we’ve done very, very little to make improvements there. So I think there are huge advancements we can expect in the future."

The march of 4K into the mainstream feels like it has a much stronger chance to be successful than 3D did — but that’s really just the beginning of the story. The stakes aren’t limited to the purchase of a single television; it’s the battle for the way people will watch TV in the years ahead. Above all other mediums, television watching is a habit, and as viewers rely on Netflix more and more, it gives the company more leverage in dictating the future of the industry. We’re at a potentially pivotal moment, where the needs of businesses and the wants of consumers are converging to open one gigantic window of opportunity, and Netflix is poised to jump through.

Not bad for an internet startup.
http://www.theverge.com/2014/1/10/52...s-4k-streaming





Confirmed: Winamp and SHOUTcast Acquired by Belgian Online Radio Firm Radionomy; AOL Takes Stake

Belgian Internet radio company Radionomy confirms that it has acquired Winamp and SHOUTcast from media giant AOL, with the latter taking a stake in the business as part of the deal.
Robin Wauters

It’s a done deal: after earlier rumours, Belgian Internet radio startup Radionomy has confirmed that it has acquired once-popular media player Winamp and streaming software platform SHOUTcast from AOL.

AOL originally said it would close down the legacy music services before the end of last year, but there was a lot of acquisition interest after the announcement, and it seems Radionomy won out.

Belgian business newspaper De Tijd has the scoop (in Dutch, paywall), with Ben Serrure reporting that Radionomy plans to breathe new life into Winamp while significantly expanding its core business with the acquisition of SHOUTcast.

Update: and here’s the official press release announcing the deal.

Thanks to the SHOUTcast part of the agreement, Radionomy will instantly be able to grow the number of online radio stations it hosts from roughly 7,000 to about 60,000 stations in total.

Last month, Radionomy merged with TargetSpot, a U.S.-based digital audio advertising network.

As for Winamp, it sounds like the people still using the media player despite the lack of updates in recent times can rest easy for now, as Radionomy says it has ‘big plans’ for the product. The company wants to have solid Winamp iOS and Android apps on the market by April, reports De Tijd.

From the press release:

“Winamp is a top independent player that gives millions of people the best player functionality available,” said Alexandre Saboundjian, CEO, Radionomy Group.

“Its role is clear in the future evolution of online media – we plan to make the player ubiquitous, developing new functionalities dedicated to desktop, mobile, car systems, connected devices and all other platforms.”

Financial terms of the deal were not disclosed, but Radionomy co-founder and CEO Alexandre Saboundjian did disclose to De Tijd that the company has raised a new Series B round of funding and that AOL will become a Radionomy shareholder after the transaction closes.

According to its ‘facts sheet’ (PDF), Radionomy raised approximately $6 million in funding in the past. Shareholders include Musicmatic (which will maintain a majority stake in Radionomy and continue to run Jamendo, a ‘free music’ bazaar of sorts) and French investment firm OTC.

De Tijd reports that new investors include Union Square Ventures (Twitter, Etsy, Kickstarter, Foursquare, SoundCloud, etc.) and Bain Capital (DoubleClick, Lala, Gartner, LinkedIn and Shopping.com). This checks out and it is likely a result of the TargetSpot/Radionomy merger – both Bain Capital and USV were TargetSpot investors.

We’ve reached out to Mr. Saboundjian for more information and will update when we hear back.
http://tech.eu/features/298/radionom...shoutcast-aol/





Motorola Gives Its Droid Zap File Sharing App A UI Makeover With New Cards Interface And Sidebar Navigation
Bertel King, Jr.

Motorola first released the Droid Zap app back in August, and while it consisted largely of blacks and reds, it still provided a relatively integrated experience. But already, things were changing, and they haven't slowed since - Android apps these days are filled with image-heavy cards and convenient sidebars. Now the latest version of Droid Zap has both of these elements.

This app allows DROID users to share files with people within 300 feet of them. All they have to do is swipe up on the file, and people in the vicinity will get alerted to the content, which they can then receive by swiping down within the app. The thing is, only DROID users can send anything. Anyone else will be greeted by this message.

It's sort of a disappointment, only not really. There are plenty of ways to share files out there. But if you have a friend or loved one with a DROID device that can't stop zapping people, downloading this app will at least allow you to play along. And now it will look better in the process.
http://www.androidpolice.com/2014/01...ar-navigation/





Secretive Apple Squirms in Gaze of U.S. Monitor
Matthew Goldstein

Most companies are reluctant to open themselves to outside inspection. Yet Apple is even resisting someone who was appointed by a court to do exactly that, leading to an unusual public feud between the world’s biggest technology company and the Justice Department.

In recent weeks, Apple has been campaigning aggressively against Michael R. Bromwich, a Washington lawyer who was appointed by a federal judge in October. His task was to make sure that Apple complied with antitrust laws after the company was found last summer to have conspired with five publishers to fix prices for e-books.

Apple argues that Mr. Bromwich is intruding with its daily operations by demanding interviews with board members and with senior executives, even the chief executive, Tim Cook. Apple’s court papers compare the monitor with an unchecked “independent prosecutor.”

And it says that Mr. Bromwich, who is charging $1,100 an hour for his services, is using his appointment to embark on an inquisition to generate high fees for himself and his Washington consulting firm.

The monitor, Apple says, will get in the way of the company’s ability to innovate and develop new technologies.

Such resistance is not completely surprising. Silicon Valley technology companies routinely keep a tight wrap on their products and operations. But even among its peers, Apple, whose best-known products are the iPhone and the iPad, stands out for its level of secrecy.

At Apple headquarters, some unreleased products are kept draped in black cloth. And employees are prohibited from sharing details about the products they are working on with anyone outside their own team. Even their own family members can’t know. Those caught leaking information about Apple’s plans have been fired. But the judge who appointed the monitor has now taken issue with Apple’s arguments.

At a hearing Monday afternoon in United States District Court in Lower Manhattan, the judge, Denise Cote, told Apple and its lawyers to stop wasting time and start cooperating with the monitor. She said if there were problems with Mr. Bromwich, the company needed to work them out with the monitor and lawyers from the Justice Department, which sued Apple in 2012, accusing the company of price-fixing in the market for e-books.

The judge said that after several months of delay and objections to Mr. Bromwich’s requests for interviews and documents to review, Apple needed to “restart” its relationship with the monitor.

That is not likely to happen anytime soon, however. The hearing ended with Apple’s lawyer telling Judge Cote that the company intended to continue its fight to unseat Mr. Bromwich with an appellate court.

The appointment of monitors is not uncommon in litigation that results in rulings that are intended to change a company’s behavior. In pleading guilty to securities fraud charges last November, for example, the hedge fund SAC Capital Advisors is being required to hire an outside monitor to oversee some of its operations for a period of time.

In the case of Apple, the very arrangement of a monitor is at issue. The company contends that it should not be forced to open its door to a court-appointed monitor as a way of proving to Judge Cote that it is changing its ways.

On Monday, the judge said she had been reluctant to appoint a monitor but decided it was necessary to make sure the company did not engage in price fixing again. The judge said she was sensitive to not interfering with Apple’s business, which is why she rejected the Justice Department’s request to put a monitor in place for 10 years. But she said the move was already having a positive impact, noting that Apple has retained outside lawyers to put in place procedures for ensuring the company complies with antitrust principles.

Judge Cote reminded Apple and its lawyers that it did not have much bargaining room when it came to the role of the monitor.

“Apple is no position to define the scope of the monitor’s duties,” said Judge Cote, who said she would soon issue a written decision that would amplify on her ruling at the hearing. “I want the monitorship to be a success for Apple.”

It is not clear how Apple will fare at the appellate level. The company is not only appealing the judge’s decision to appoint Mr. Bromwich, it also seeks to stop him or any other monitor from doing any work until the appeal on the legality of Judge Cote’s decision is determined.

Apple contends that given the length of time it can take an appellate court to rule, it is unfair for the company to continue to pay Mr. Bromwich’s salary and make its executives and board members available for interview with him during that time.

In court filings, Apple has made much of the $1,100 hourly fee charged by Mr. Bromwich, who runs his own consulting firm and is also a litigation partner with Goodwin Procter.

The company points to the $138,432 legal bill Mr. Bromwich submitted for his first two weeks of work as evidence he is using his appointment to run an unwieldy and unfair investigation. The company notes that because Mr. Bromwich’s consulting firm is separate from Goodwin Procter, he has to hire lawyers from other firms to work with him and also charge a 15 percent administrative fee for his services.

But Judge Cote observed on Monday that “lawyers get paid a lot of money.”

She also pointed to a recent article in The National Law Journal that said it was not uncommon for top lawyers at a large law firm to bill clients at a rate of $1,000 an hour. Judge Cote noted that one lawyer at Gibson Dunn, one of the firms representing Apple, billed at a rate of $1,800 an hour.

In an attempt to resolve the fee dispute, she directed Apple and lawyers with the Justice Department to mediate the issue with a United States magistrate.

The company especially took issue with Mr. Bromwich, a former federal prosecutor who has served as court appointed monitor on three previous occasions, with moving too quickly to request interviews and meeting with some of Apple’s board members and senior executives. The company pointed to his repeated insistence on interviewing former Vice President Al Gore, an Apple board member. The company argued that board members like Mr. Gore had little involvement with the company’s pricing policies.

Apple’s lawyers argue that Mr. Bromwich continues to press for the meetings even after he was told that some of the people the monitor wanted to meet with had nothing to do with the antitrust procedures.

For his part, Mr. Bromwich said in a court filing that Apple was providing him with “far less access” and cooperation than he had received in previous monitoring experiences.

Mr. Bromwich, who has a son who is a news assistant with The New York Times, was not available for comment and did not attend Monday’s hearing.

Apple had argued the court filing by Mr. Bromwich should disqualify him from serving as monitor because he displayed a bias by disputing some of Apple’s complaints about his activities. But Judge Cote rejected that line of argument.

Earlier in the proceeding, Lawrence Buterman, a Justice Department lawyer, told Judge Cote that Apple’s attacks on Mr. Bromwich were consistent with the company not wanting to work with any monitor.

“They don’t want anyone checking their work,” Mr. Buterman said.

Brian X. Chen contributed reporting.
http://dealbook.nytimes.com/2014/01/...f-u-s-monitor/





Microsoft to Extend Windows XP Anti-Malware Updates One Year

Summary: Security updates for Windows XP will end this April, but updated anti-malware signatures for the operating system will continue for another year.
Larry Seltzer

Microsoft has announced that they will continue to supply anti-malware signatures for their products on Windows XP until April 15, 2015.

There has been much speculation in about whether they would continue this support. In October Microsoft told ZDNet that they "...will not guarantee updates of our antimalware signature and engine after the XP end of support date of April 8, 2014." Since then some have claimed that the company will end antivirus signatures this April, but Microsoft never actually said this.

[UPDATE: While Microsoft will provide updates for Security Essentials for another year, after this April you will no longer be able to download and install the program.]

Even if Microsoft Security Essentials will continue to be updated after April, moving to a supported operating system which receives security updates is advisable according to Microsoft and experts. Users who continue to run XP also have the option of many third party anti-malware products, virtually all of which will continue to receive updates on XP for at least one year.

As Microsoft's announcement today says, there is much more to keeping a system secure than an updated anti-malware product.
http://www.zdnet.com/microsoft-to-ex...ar-7000025215/





Microsoft's Secret Battle Against the Tor Botnet
Patrick Howell O'Neill

In August 2013, 4 million infected computers woke up and waited instructions from their master.

The pathogen was Sefnit, a nasty bit of malware that makes infected computers mine bitcoins. Once the computers woke up, they worked under the command of Ukranian and Israeli hackers named Scorpion and Dekadent. The malware communicated with the two by downloading Tor, the powerful anonymizing software, and talking over encrypted channels. It was the first time a botnet, as a collection of slave computers is called, used Tor in such a potentially powerful way.

By using an unconventional method to exploit Windows, the hackers unwittingly forced Microsoft to show a hand few knew it had: The ability to remotely remove progams en masse from people’s computers, without them even knowing it.

All of a sudden, the anonymous network grew from about 1 million users to 5.5 million, a jump that frightened even Tor’s developers.

“If this had been a real attacker, if the botnet had been turned against the Tor network, it probably would have been fatal, I think," developer Jacob Appelbaum said in a speech at the Chaos Communication Congress in December.

On one level, Sefnit’s use of Tor was a mistake. That surge in users brought unwanted attention to the botnet at a time of heightened interested in the Tor network. And the malware, which has existed in various versions of Tor since 2009, specifically targeted Windows users, a fact that got Microsoft’s attention quickly.

To fight back, Microsoft remotely removed the program from as many computers as it could, along with the Tor clients it used.

“That’s a lot of power that Microsoft has there,” Applebaum continued, raising his voice and laughing at the implications. “If you’re using Windows trying to be anonymous, word to the wise: Bad idea.”

Why also remove Tor? Microsoft did not respond to our questions directly. But shortly after we reached out, Microsoft's Geoff McDonald wrote a blog post about the issue. McDonald said that leaving the Tor clients installed posed a severe threat to infected machines.

Although Microsoft considers up-to-date Tor software as a “good application,” the old versions that Sefnit downloaded opened the infected machines up to even more problems thanks to Tor’s “history of high-severity vulnerabilities.”

Microsoft’s efforts worked.

By October, the Tor network had dropped two million users thanks to Sefnit clients had been axed. No one, not even the Tor developers themselves, knew how Microsoft had gone on a silent offensive against such a big opponent and won a decisive battle.

During this time, the only communication between Microsoft and Tor came when Microsoft’s security team asked them a question: “Is it possible a normal user using our installer would install Tor in the directory paths and as a service?”

“We said very, very unlikely,” Andrew Lewman, Tor’s executive director, told the Daily Dot.

This exchange was a sign that Microsoft had found at least one unique characteristic of the Sefnit program. Sefnit had a tendency to install Tor into a location that almost no human user would. Microsoft zeroed in on that location, which was enough to start eliminating millions of Tor clients.

Despite the warnings about the privacy of Windows users from Jacob Appelbaum while on stage in Germany, Lewman seems less concerned. He surmises that Microsoft used its Microsoft Security Essentials software to eliminate the programs, a program users must install themselves.

“I don't know if Jacob and Roger [Dingledine, director of the Tor Project] understood what was going on,” he said. “I don't think they've used Microsoft products ever. I keep a few flavors of Windows around for when users ask for help. Microsoft Security Essentials and the like are nothing new.”

It’s no small thing that Microsoft has the ability to reach into certain Windows installations and tear out the parts they deem dangerous, but Lewman says there’s little to worry about in this case.

“It sounds scary,” Lewman concluded, “until you realize users opt-in for the most part and agree to have their OS kept ‘secure’ by Microsoft.”

So, yes, Microsoft has the ability to reach into certain computers and delete programs. But, Lewman says, this is the way it’s always been—as long as the user agrees to it first.
http://www.dailydot.com/technology/t...alware-remove/





The Internet Of Things Has Been Hacked, And It's Turning Nasty

The malware is coming from INSIDE THE HOUSE!
Selena Larson

Don't say we didn't warn you. Bad guys have already hijacked up to 100,000 devices in the Internet of Things and used them to launch malware attacks, Internet security firm Proofpoint said on Thursday.

It's apparently the first recorded large-scale Internet of Things hack. Proofpoint found that the compromised gadgets—which included everything from routers and smart televisions to at least one smart refrigerator—sent more than 750,000 malicious emails to targets between December 26, 2013 and January 6, 2014.

The hack came to light over the relatively quiet holiday period when a security researcher at Proofpoint noticed a spike in thousands of malicious messages sent from a range of IP addresses she didn’t recognize, David Knight, a Proofpoint executive in charge of information security products, told me in an interview.

Curious, she began pinging the devices and soon realized that they weren’t PCs, the usual platform for launching this sort of attack. Instead, many were otherwise unidentified devices running a standard version of Linux. Pinging one device brought up a login screen that said: Welcome To Your Fridge. She typed in a default password—something like “admin” or "adminadmin," Knight said—and suddenly had access to the heart of someone's kitchen.

As the age of Smart Everything dawns, it's also bringing online a host of largely unsecured smart devices like TVs, refrigerators and even toasters. Those devices are often trivial for knowledgeable hackers to compromise, opening new opportunities for malicious actions of various kinds—of which the malware attack Proofpoint identified may be among the mildest.

“Embedded operating systems deployed in firmware tend to be old, not patched very frequently, and there are known vulnerabilities to virtually all of them,” Knight said. Proofpoint’s investigation highlights how vulnerable connected devices are and how easy it is for hackers to take advantage of them.

Hacking The Home

Craig Heffner, a security researcher that teaches a class on exploiting connected devices, told ReadWrite in December that his students are usually surprised by the lack of security in connected home devices.

“If you look at the vulnerabilities being published, they’re not sophisticated,” he said. “Usually, the vendor put a back door in the product and someone took advantage.”

Worse, connected home devices often running on outdated software may be difficult or even impossible to patch. Security expert Bruce Schneier detailed the wild insecurities of the Internet of Things in a recent column for Wired:

[i]t’s often impossible to patch the software or upgrade the components to the latest version. Often, the complete source code isn’t available. Yes, they’ll have the source code to Linux and any other open-source components. But many of the device drivers and other components are just “binary blobs” — no source code at all. That’s the most pernicious part of the problem: No one can possibly patch code that’s just binary.

Malware isn't the only thing people have to worry about. Knight said hackers could use compromised smart devices to launch distributed denial of service (DDoS) attacks aimed at knocking target Websites offline, mine bitcoins, or store stolen or otherwise illicit data.

Knight suggests the first step in protecting your gadgets is to change the default passwords. Beyond that, if you don’t need your device connected to the Internet, then don’t connect it.

“Don’t plug it in if you don’t plan to use it,” he said. “If you do put it on the Internet, try and make sure you put it behind your personal router and firewall in your environment.”
http://readwrite.com/2014/01/16/inte...acking-malware





Surveillance Fallout Hits Startups Hard, Business Executives Say
Hayley Tsukayama

Losing a major client is never easy, but it’s even harder when it happens due to something that’s out of your control.

It’s not that we don’t trust you, your client says one day over the phone. We just don’t trust your government.

That may sound familiar to anyone who followed Huawei’s troubles in the U.S. But this isn’t the case of a Chinese company losing American business. Clients in Europe, Asia and elsewhere are saying “no thank you” to American-made products for fear that they have flaws that government and other hackers can infiltrate, said Brough Turner, founder and chief technology office of netBlazr, a broadband company based in Watertown, Mass.

“It’s hard enough out there,” said Turner. He said that revelations that the National Security Agency can hack into the hardware of Cisco — and the resulting tumble the company saw in overseas demand — have been magnified for smaller companies. And these startups often don’t have the cushion of cash that major companies do to weather this storm, he said.

Hoping that lawmakers could be swayed by their financial concerns, Turner and executives from ThoughtWorks and Reddit hit the Hill this week to lobby lawmakers to support the USA FREEDOM Act, which would take steps to curb government surveillance programs and give companies more say about what kind of surveillance their products are used for.

The bill isn’t perfect but does move in the right direction, said Daniel Goodwin, chief financial officer of Thoughtworks, the software firm where Internet activist Aaron Swartz worked at the time of his death last year. The bill moves to end bulk collection of data under section 215 of the Patriot Act and to install a special citizen’s advocate in the Foreign Intelligence Surveillance Court. The bill would allow companies to report an estimate of how many FISA letters they receive, how many orders they comply with and how many accounts or users are affected by those requests.

Executives at major tech companies such as Google, Facebook, Microsoft, Yahoo and Apple have already said they want those changes. Companies that offer cloud services have also been vocal about the hit they’ve taken — 10 percent of foreign companies cancelled projects with U.S. providers as of July, according to the Cloud Security Alliance. But with so much focus on startups as an engine for the U.S. economy, these executives wanted to let lawmakers know how difficult the landscape has become.

“There’s a general erosion of slide of public trust; it affects all U.S. companies,” said Erik Martin, general manager at Reddit.

“Any Internet business is a global business,” said Matthew Simons, director of social and economic justice at ThoughtWorks. “Saying that surveillance isn’t in the U.S. doesn’t really help us. In fact, it makes some of our overseas clients feel insulted,” he said.

And while Turner, Goodwin, Martin and Simons all feel strongly that the current programs violate civil liberties, they said that their more business-focused approach has gotten them a more receptive response on the Hill. On Monday and Tuesday, the men met with staffers from eight offices on both sides of the aisle and in both houses of Congress.

In most cases, they said, lawmakers were open to their concerns, but also said that they wanted to hear what President Obama has to say on Friday, when he is slated to give a speech on NSA reform.

The surveillance, Simons noted, has shattered what little dialogue there had been between the intelligence and hacker communities. And that’s a problem the tech industry will have to deal with for a long time, Goodwin added.

“When companies can’t recruit top tech people, that makes us less secure,” he said.
http://www.washingtonpost.com/busine...723_story.html





The Next Data Privacy Battle May Be Waged Inside Your Car
Jaclyn Tropjan

Cars are becoming smarter than ever, with global positioning systems, Internet connections, data recorders and high-definition cameras. Drivers can barely make a left turn, put on their seatbelts or push 80 miles an hour without their actions somehow, somewhere being tracked or recorded.

Automakers say they are only responding to consumer demand, and besides, they and regulators say, the new technologies help them better understand consumers and make the cars safer. But privacy advocates increasingly see something more unsettling for drivers: that someone is always watching.

Now two senators are trying to give car owners more say over some of that data. Early next week, Senator John Hoeven, Republican of North Dakota, and Senator Amy Klobuchar, Democrat of Minnesota, will introduce a bill stipulating that car owners control the data collected on the device called the event data recorder. The recorder, commonly known as a black box, collects information like direction, speed and seatbelt use in a continuous loop. It is in nearly every car today, and in September, it is set to become mandatory.

“We’ve got real privacy concerns on the part of the public,” Senator Hoeven said in a telephone interview. “People are very concerned about their personal privacy, especially as technology continues to advance,” he said, referring to revelations of spying by the National Security Agency. Fourteen states have already passed similar laws.

The data collected by the black box has already been the center of litigation by law enforcement agencies and insurance companies seeking to use the information against car owners. The bill would limit what the data could be used for and would require a warrant to release the data without the owner’s consent.

But even this legislation covers only part of what is a rapidly evolving technological landscape.

At the International CES in Las Vegas this week, automakers and technology companies announced a stream of new products and services aimed at making cars more connected.

Google announced it had a partnership with G.M., Audi, Honda and Hyundai to bring its Android platform to vehicle infotainment systems by the end of this year. At the same time, G.M. said it would start an app shop, where drivers can use apps like Priceline.com to book a hotel room and CitySeeker, which provides information about attractions and restaurants near the vehicle.

The days of a driver being alerted to a deal at a retailer as he drives nearby are rapidly approaching.

Many consumers, though, are unaware of just how much personal information is collected and used, privacy advocates say.

“Manufacturers do a poor job of informing consumers and explaining the privacy implications of new technology,” said Khaliah Barnes of the Electronic Privacy Information Center, a consumer group based in Washington. “Often, that information is in the owner’s manual, and when’s the last time you thumbed through your owner’s manual?”

It didn’t help the automakers’ reassurances about their handling of data when Jim Farley, Ford Motor Company’s top sales executive, who is known for making off-the-cuff comments, told a panel at the CES: “We know everyone who breaks the law. We know when you’re doing it. We have GPS in your car, so we know what you’re doing.” Although he quickly added, “By the way, we don’t supply that data to anyone,” and later issued a full retraction, the comments, even if overblown and meant to be provocative, fueled the concerns.

Vehicle owners, Ms. Barnes said, should be able to request the information manufacturers record and delete information at their discretion.

“Consumers should decide what level of surveillance they want to be under,” Ms. Barnes said. “None of that should be on default. You should have to opt in.”

Automakers say that consumers are eager for the new products. At the CES, G.M. introduced a new camera in the 2015 Corvette Stingray designed to give track enthusiasts real-time feedback on their driving. The performance data recorder, as it is called, uses a camera mounted on the windshield and a global positioning receiver to record speed, gear selection and brake force.

The Corvette’s system goes further than traditional black boxes.

A camera mounted on the windshield records the driver’s point of view and a microphone in the cabin records any noises made in the car.

Chevrolet said that the consumer owned the data, which is collected in a digital card housed in the glove compartment.

But privacy lawyers say that the information can still be used against a driver, as well as G.M. and its suppliers, in litigation or by an insurance company investigating a driver’s habits.

“The privacy and liability issues associated with the P.D.R. are as real as with any archived data that can be used by or against individuals,” said William Kohler, a lawyer at Clark Hill in Detroit.

The new brainpower in cars puts the industry in new territory with security and data privacy, said Thomas Kowalick, an expert in event data recorders and a former co-chairman of the federal committee that set the standard for black boxes.

“The major concern is not what an E.D.R. gathers now but that future in-vehicle technologies will make it possible to virtually record and track a vehicle’s movement from point A to point B,” Mr. Kowalick said.

Garmin introduced a new windshield-suctioned camera that turns on automatically when the car starts. It records wide-angle footage as well as speed, location and time in the event of a collision, and also has a microphone that can record sound from within the car.

“We hope it takes some of the ‘he said, she said’ out of an incident in your car,” said Ted Gartner, a spokesman.

He said the device’s owner also owned the data and that Garmin could not access it.

“There’s no way that we have access to that data because there’s no way to transfer the data out of the car wirelessly,” Mr. Gartner said.

Despite these and other assurances, the new products are attracting scrutiny in Washington.

On Monday, the Government Accountability Office released a report stating that some automakers were keeping private data collected from onboard navigation systems and mapping apps for varying lengths of time and that car owners could not request that it be erased.

The report, which was requested by Senator Al Franken, Democrat of Minnesota, found that the 10 automakers, navigation device manufacturers and application developers surveyed did not make owners aware of all the risks of the data collection, like allowing third parties to track their location or gather sensitive information such as their religious and political activities and preferences.

“Information about your location is extremely sensitive,” said Senator Franken, who is chairman of a Judiciary subcommittee on privacy and said he planned to introduce a bill that would legislate guidelines on when a vehicle owner’s location could be shared. “If someone has a record of your location, they can figure out where you live, where you work, the doctors you visit and where your kids go to school.”
http://www.nytimes.com/2014/01/11/bu...-your-car.html





N.S.A. Devises Radio Pathway Into Computers
David E. Sanger and Thom Shankerjan

The National Security Agency has implanted software in nearly 100,000 computers around the world that allows the United States to conduct surveillance on those machines and can also create a digital highway for launching cyberattacks.

While most of the software is inserted by gaining access to computer networks, the N.S.A. has increasingly made use of a secret technology that enables it to enter and alter data in computers even if they are not connected to the Internet, according to N.S.A. documents, computer experts and American officials.

The technology, which the agency has used since at least 2008, relies on a covert channel of radio waves that can be transmitted from tiny circuit boards and USB cards inserted surreptitiously into the computers. In some cases, they are sent to a briefcase-size relay station that intelligence agencies can set up miles away from the target.

The radio frequency technology has helped solve one of the biggest problems facing American intelligence agencies for years: getting into computers that adversaries, and some American partners, have tried to make impervious to spying or cyberattack. In most cases, the radio frequency hardware must be physically inserted by a spy, a manufacturer or an unwitting user.

The N.S.A. calls its efforts more an act of “active defense” against foreign cyberattacks than a tool to go on the offensive. But when Chinese attackers place similar software on the computer systems of American companies or government agencies, American officials have protested, often at the presidential level.

Among the most frequent targets of the N.S.A. and its Pentagon partner, United States Cyber Command, have been units of the Chinese Army, which the United States has accused of launching regular digital probes and attacks on American industrial and military targets, usually to steal secrets or intellectual property. But the program, code-named Quantum, has also been successful in inserting software into Russian military networks and systems used by the Mexican police and drug cartels, trade institutions inside the European Union, and sometime partners against terrorism like Saudi Arabia, India and Pakistan, according to officials and an N.S.A. map that indicates sites of what the agency calls “computer network exploitation.”

“What’s new here is the scale and the sophistication of the intelligence agency’s ability to get into computers and networks to which no one has ever had access before,” said James Andrew Lewis, the cybersecurity expert at the Center for Strategic and International Studies in Washington. “Some of these capabilities have been around for a while, but the combination of learning how to penetrate systems to insert software and learning how to do that using radio frequencies has given the U.S. a window it’s never had before.”

No Domestic Use Seen

There is no evidence that the N.S.A. has implanted its software or used its radio frequency technology inside the United States. While refusing to comment on the scope of the Quantum program, the N.S.A. said its actions were not comparable to China’s.

“N.S.A.'s activities are focused and specifically deployed against — and only against — valid foreign intelligence targets in response to intelligence requirements,” Vanee Vines, an agency spokeswoman, said in a statement. “We do not use foreign intelligence capabilities to steal the trade secrets of foreign companies on behalf of — or give intelligence we collect to — U.S. companies to enhance their international competitiveness or increase their bottom line.”

Over the past two months, parts of the program have been disclosed in documents from the trove leaked by Edward J. Snowden, the former N.S.A. contractor. A Dutch newspaper published the map of areas where the United States has inserted spy software, sometimes in cooperation with local authorities, often covertly. Der Spiegel, a German newsmagazine, published the N.S.A.'s catalog of hardware products that can secretly transmit and receive digital signals from computers, a program called ANT. The New York Times withheld some of those details, at the request of American intelligence officials, when it reported, in the summer of 2012, on American cyberattacks on Iran.

President Obama is scheduled to announce on Friday what recommendations he is accepting from an advisory panel on changing N.S.A. practices. The panel agreed with Silicon Valley executives that some of the techniques developed by the agency to find flaws in computer systems undermine global confidence in a range of American-made information products like laptop computers and cloud services.

Embracing Silicon Valley’s critique of the N.S.A., the panel has recommended banning, except in extreme cases, the N.S.A. practice of exploiting flaws in common software to aid in American surveillance and cyberattacks. It also called for an end to government efforts to weaken publicly available encryption systems, and said the government should never develop secret ways into computer systems to exploit them, which sometimes include software implants.

Richard A. Clarke, an official in the Clinton and Bush administrations who served as one of the five members of the advisory panel, explained the group’s reasoning in an email last week, saying that “it is more important that we defend ourselves than that we attack others.”

“Holes in encryption software would be more of a risk to us than a benefit,” he said, adding: “If we can find the vulnerability, so can others. It’s more important that we protect our power grid than that we get into China’s.”

From the earliest days of the Internet, the N.S.A. had little trouble monitoring traffic because a vast majority of messages and searches were moved through servers on American soil. As the Internet expanded, so did the N.S.A.'s efforts to understand its geography. A program named Treasure Map tried to identify nearly every node and corner of the web, so that any computer or mobile device that touched it could be located.

A 2008 map, part of the Snowden trove, notes 20 programs to gain access to big fiber-optic cables — it calls them “covert, clandestine or cooperative large accesses” — not only in the United States but also in places like Hong Kong, Indonesia and the Middle East. The same map indicates that the United States had already conducted “more than 50,000 worldwide implants,” and a more recent budget document said that by the end of last year that figure would rise to about 85,000. A senior official, who spoke on the condition of anonymity, said the actual figure was most likely closer to 100,000.

That map suggests how the United States was able to speed ahead with implanting malicious software on the computers around the world that it most wanted to monitor — or disable before they could be used to launch a cyberattack.

A Focus on Defense

In interviews, officials and experts said that a vast majority of such implants are intended only for surveillance and serve as an early warning system for cyberattacks directed at the United States.

“How do you ensure that Cyber Command people” are able to look at “those that are attacking us?” a senior official, who compared it to submarine warfare, asked in an interview several months ago.

“That is what the submarines do all the time,” said the official, speaking on the condition of anonymity to describe policy. “They track the adversary submarines.” In cyberspace, he said, the United States tries “to silently track the adversaries while they’re trying to silently track you.”

If tracking subs was a Cold War cat-and-mouse game with the Soviets, tracking malware is a pursuit played most aggressively with the Chinese.

The United States has targeted Unit 61398, the Shanghai-based Chinese Army unit believed to be responsible for many of the biggest cyberattacks on the United States, in an effort to see attacks being prepared. With Australia’s help, one N.S.A. document suggests, the United States has also focused on another specific Chinese Army unit.

Documents obtained by Mr. Snowden indicate that the United States has set up two data centers in China — perhaps through front companies — from which it can insert malware into computers. When the Chinese place surveillance software on American computer systems — and they have, on systems like those at the Pentagon and at The Times — the United States usually regards it as a potentially hostile act, a possible prelude to an attack. Mr. Obama laid out America’s complaints about those practices to President Xi Jinping of China in a long session at a summit meeting in California last June.

At that session, Mr. Obama tried to differentiate between conducting surveillance for national security — which the United States argues is legitimate — and conducting it to steal intellectual property.

“The argument is not working,” said Peter W. Singer of the Brookings Institution, a co-author of a new book called “Cybersecurity and Cyberwar.” “To the Chinese, gaining economic advantage is part of national security. And the Snowden revelations have taken a lot of the pressure off” the Chinese. Still, the United States has banned the sale of computer servers from a major Chinese manufacturer, Huawei, for fear that they could contain technology to penetrate American networks.

An Old Technology

The N.S.A.'s efforts to reach computers unconnected to a network have relied on a century-old technology updated for modern times: radio transmissions.

In a catalog produced by the agency that was part of the Snowden documents released in Europe, there are page after page of devices using technology that would have brought a smile to Q, James Bond’s technology supplier.

One, called Cottonmouth I, looks like a normal USB plug but has a tiny transceiver buried in it. According to the catalog, it transmits information swept from the computer “through a covert channel” that allows “data infiltration and exfiltration.” Another variant of the technology involves tiny circuit boards that can be inserted in a laptop computer — either in the field or when they are shipped from manufacturers — so that the computer is broadcasting to the N.S.A. even while the computer’s user enjoys the false confidence that being walled off from the Internet constitutes real protection.

The relay station it communicates with, called Nightstand, fits in an oversize briefcase, and the system can attack a computer “from as far away as eight miles under ideal environmental conditions.” It can also insert packets of data in milliseconds, meaning that a false message or piece of programming can outrace a real one to a target computer. Similar stations create a link between the target computers and the N.S.A., even if the machines are isolated from the Internet.

Computers are not the only targets. Dropoutjeep attacks iPhones. Other hardware and software are designed to infect large network servers, including those made by the Chinese.

Most of those code names and products are now at least five years old, and they have been updated, some experts say, to make the United States less dependent on physically getting hardware into adversaries’ computer systems.

The N.S.A. refused to talk about the documents that contained these descriptions, even after they were published in Europe.

“Continuous and selective publication of specific techniques and tools used by N.S.A. to pursue legitimate foreign intelligence targets is detrimental to the security of the United States and our allies,” Ms. Vines, the N.S.A. spokeswoman, said.

But the Iranians and others discovered some of those techniques years ago. The hardware in the N.S.A.'s catalog was crucial in the cyberattacks on Iran’s nuclear facilities, code-named Olympic Games, that began around 2008 and proceeded through the summer of 2010, when a technical error revealed the attack software, later called Stuxnet. That was the first major test of the technology.

One feature of the Stuxnet attack was that the technology the United States slipped into Iran’s nuclear enrichment plant at Natanz was able to map how it operated, then “phone home” the details. Later, that equipment was used to insert malware that blew up nearly 1,000 centrifuges, and temporarily set back Iran’s program.

But the Stuxnet strike does not appear to be the last time the technology was used in Iran. In 2012, a unit of the Islamic Revolutionary Guards Corps moved a rock near the country’s underground Fordo nuclear enrichment plant. The rock exploded and spewed broken circuit boards that the Iranian news media described as “the remains of a device capable of intercepting data from computers at the plant.” The origins of that device have never been determined.

On Sunday, according to the semiofficial Fars news agency, Iran’s Oil Ministry issued another warning about possible cyberattacks, describing a series of defenses it was erecting — and making no mention of what are suspected of being its own attacks on Saudi Arabia’s largest oil producer.
http://www.nytimes.com/2014/01/15/us...-internet.html





NSA Collects Millions of Text Messages Daily in 'Untargeted' Global Sweep

• NSA extracts location, contacts and financial transactions
• 'Dishfire' program sweeps up 'pretty much everything it can'
• GCHQ using database to search metadata from UK numbers
• Dishfire presentation on text message collection – key extracts

James Ball

The NSA has made extensive use of its text message database to extract information on people under no suspicion of illegal activity. Photograph: Dave Thompson/PA

The National Security Agency has collected almost 200 million text messages a day from across the globe, using them to extract data including location, contact networks and credit card details, according to top-secret documents.

The untargeted collection and storage of SMS messages – including their contacts – is revealed in a joint investigation between the Guardian and the UK’s Channel 4 News based on material provided by NSA whistleblower Edward Snowden.

The documents also reveal the UK spy agency GCHQ has made use of the NSA database to search the metadata of “untargeted and unwarranted” communications belonging to people in the UK.

The NSA program, codenamed Dishfire, collects “pretty much everything it can”, according to GCHQ documents, rather than merely storing the communications of existing surveillance targets.

The NSA has made extensive use of its vast text message database to extract information on people’s travel plans, contact books, financial transactions and more – including of individuals under no suspicion of illegal activity.

An agency presentation from 2011 – subtitled “SMS Text Messages: A Goldmine to Exploit” – reveals the program collected an average of 194 million text messages a day in April of that year. In addition to storing the messages themselves, a further program known as “Prefer” conducted automated analysis on the untargeted communications.

The Prefer program uses automated text messages such as missed call alerts or texts sent with international roaming charges to extract information, which the agency describes as “content-derived metadata”, and explains that “such gems are not in current metadata stores and would enhance current analytics”.

On average, each day the NSA was able to extract:

• More than 5 million missed-call alerts, for use in contact-chaining analysis (working out someone’s social network from who they contact and when)

• Details of 1.6 million border crossings a day, from network roaming alerts

• More than 110,000 names, from electronic business cards, which also included the ability to extract and save images.

• Over 800,000 financial transactions, either through text-to-text payments or linking credit cards to phone users

The agency was also able to extract geolocation data from more than 76,000 text messages a day, including from “requests by people for route info” and “setting up meetings”. Other travel information was obtained from itinerary texts sent by travel companies, even including cancellations and delays to travel plans.

Communications from US phone numbers, the documents suggest, were removed (or “minimized”) from the database – but those of other countries, including the UK, were retained.

The revelation the NSA is collecting and extracting personal information from hundreds of millions of global text messages a day is likely to intensify international pressure on US president Barack Obama, who on Friday is set to give his response to the report of his NSA review panel.

While US attention has focused on whether the NSA’s controversial phone metadata program will be discontinued, the panel also suggested US spy agencies should pay more consideration to the privacy rights of foreigners, and reconsider spying efforts against allied heads of state and diplomats.

In a statement to the Guardian, a spokeswoman for the NSA said any implication that the agency’s collection was “arbitrary and unconstrained is false”. The agency’s capabilities were directed only against “valid foreign intelligence targets” and were subject to stringent legal safeguards, she said.

The ways in which the UK spy agency GCHQ has made use of the NSA Dishfire database also seems likely to raise questions on the scope of its powers.

While GCHQ is not allowed to search through the content of messages without a warrant – though the contents are stored rather than deleted or “minimized” from the database – the agency’s lawyers decided analysts were able to see who UK phone numbers had been texting, and search for them in the database.

The GCHQ memo sets out in clear terms what the agency’s access to Dishfire allows it to do, before handling how UK communications should be treated. The unique property of Dishfire, it states, is how much untargeted or unselected information it stores.

“In contrast to [most] GCHQ equivalents, DISHFIRE contains a large volume of unselected SMS traffic,” it states (emphasis original). “This makes it particularly useful for the development of new targets, since it is possible to examine the content of messages sent months or even years before the target was known to be of interest.”

It later explains in plain terms how useful this capability can be. Comparing Dishfire favourably to a GCHQ counterpart which only collects against phone numbers that have specifically been targeted, it states “Dishfire collects pretty much everything it can, so you can see SMS from a selector which is not targeted”.

The document also states the database allows for broad, bulk searches of keywords which could result in a high number of hits, rather than just narrow searches against particular phone numbers: “It is also possible to search against the content in bulk (e.g. for a name or home telephone number) if the target’s mobile phone number is not known.”

Analysts are warned to be careful when searching content for terms relating to UK citizens or people currently residing in the UK, as these searches could be successful but would not be legal without a warrant or similar targeting authority.

However, a note from GCHQ’s operational legalities team, dated May 2008, states agents can search Dishfire for “events” data relating to UK numbers – who is contacting who, and when.

“You may run a search of UK numbers in DISHFIRE in order to retrieve only events data,” the note states, before setting out how an analyst can prevent himself seeing the content of messages when he searches – by toggling a single setting on the search tool.

Once this is done, the document continues, “this will now enable you to run a search without displaying the content of the SMS, especially useful for untargeted and unwarranted UK numbers.”

A separate document gives a sense of how large-scale each Dishfire search can be, asking analysts to restrain their searches to no more than 1,800 phone numbers at a time.

The note warns analysts they must be careful to make sure they use the form’s toggle before searching, as otherwise the database will return the content of the UK messages – which would, without a warrant, cause the analyst to “unlawfully be seeing the content of the SMS”.

The note also adds that the NSA automatically removes all “US-related SMS” from the database, so it is not available for searching.

A GCHQ spokesman refused to comment on any particular matters, but said all its intelligence activities were in compliance with UK law and oversight.

But Vodafone, one of the world’s largest mobile phone companies with operations in 25 countries including Britain, greeted the latest revelations with shock.

“It’s the first we’ve heard about it and naturally we’re shocked and surprised,” the group’s privacy officer and head of legal for privacy, security and content standards told Channel 4 News.

“What you’re describing sounds concerning to us because the regime that we are required to comply with is very clear and we will only disclose information to governments where we are legally compelled to do so, won’t go beyond the law and comply with due process.

“But what you’re describing is something that sounds as if that’s been circumvented. And for us as a business this is anathema because our whole business is founded on protecting privacy as a fundamental imperative.”

He said the company would be challenging the UK government over this. “From our perspective, the law is there to protect our customers and it doesn’t sound as if that is what is necessarily happening.”

The NSA’s access to, and storage of, the content of communications of UK citizens may also be contentious in the light of earlier Guardian revelations that the agency was drafting policies to facilitate spying on the citizens of its allies, including the UK and Australia, which would – if enacted – enable the agency to search its databases for UK citizens without informing GCHQ or UK politicians.

The documents seen by the Guardian were from an internal Wikipedia-style guide to the NSA program provided for GCHQ analysts, and noted the Dishfire program was “operational” at the time the site was accessed, in 2012.

The documents do not, however, state whether any rules were subsequently changed, or give estimates of how many UK text messages are collected or stored in the Dishfire system, or from where they are being intercepted.

In the statement, the NSA spokeswoman said: “As we have previously stated, the implication that NSA's collection is arbitrary and unconstrained is false.

“NSA's activities are focused and specifically deployed against – and only against – valid foreign intelligence targets in response to intelligence requirements.

“Dishfire is a system that processes and stores lawfully collected SMS data. Because some SMS data of US persons may at times be incidentally collected in NSA’s lawful foreign intelligence mission, privacy protections for US persons exist across the entire process concerning the use, handling, retention, and dissemination of SMS data in Dishfire.

“In addition, NSA actively works to remove extraneous data, to include that of innocent foreign citizens, as early as possible in the process.”

The agency draws a distinction between the bulk collection of communications and the use of that data to monitor or find specific targets.

A spokesman for GCHQ refused to respond to any specific queries regarding Dishfire, but said the agency complied with UK law and regulators.

“It is a longstanding policy that we do not comment on intelligence matters,” he said. “Furthermore, all of GCHQ's work is carried out in accordance with a strict legal and policy framework which ensures that our activities are authorised, necessary and proportionate, and that there is rigorous oversight, including from the Secretary of State, the Interception and Intelligence Services Commissioners and the Parliamentary Intelligence and Security Committee.”

GCHQ also directed the Guardian towards a statement made to the House of Commons in June 2013 by foreign secretary William Hague, in response to revelations of the agency’s use of the Prism program.

“Any data obtained by us from the US involving UK nationals is subject to proper UK statutory controls and safeguards, including the relevant sections of the Intelligence Services Act, the Human Rights Act and the Regulation of Investigatory Powers Act,” Hague told MPs.
http://www.theguardian.com/world/201...d-global-sweep





Obama Presents NSA Reforms with Plan to End Government Storage of Call Data

• President stops short of ending controversial bulk collection
• Obama assures allied foreign leaders on NSA surveillance
• Reforms also include added Fisa court safeguards

Spencer Ackerman and Dan Roberts

US president Barack Obama forcefully defended the embattled National Security Agency on Friday in a speech that outlined a series of surveillance reforms but stopped well short of demanding an end to the bulk collection of American phone data.

In his widely anticipated address at the Justice Department on the future course of US surveillance policy, Obama said the government should no longer hold databases of every call record made in the United States, citing the “potential for abuse”.

But Obama did not say what should replace the databases and made it clear the intelligence agencies should still be able to access call records information in some unspecified way, signalling a new round in the battle between privacy advocates and the NSA’s allies.

Mounting a forceful defence of the NSA, Obama said: “They’re not abusing authorities in order to listen to your private phone calls, or read your emails.” He did not mention that judges on the secret surveillance court have found NSA has repeatedly and “systematically” overstepped its bounds. Instead, he counselled strongly against any steps that would undermine US national security. “We cannot unilaterally disarm our intelligence agencies,” he said.

Obama’s remarks were bound to give the beleaguered NSA a boost of confidence, while disappointing civil libertarians who wanted to hear the president defend the privacy of American citizens more emphatically.

In the key points of his speech, Obama said:

• The government will no longer store the phone call information of millions of Americans. But he did not say who should maintain the information, instead giving the intelligence community 60 days to come up with options.

• Intelligence agencies must, with immediate effect, apply to the secret Fisa court for judicial approval to access Americans' phone records.

• The secret Fisa court should be reformed to include a panel of independent advocates to provide a voice in "significant cases".

• The NSA will not spy on the heads of state and governments of allies, and said some further protections would be given to foreign citizens whose communications were caught up in the agency's dragnet.

• The US government had to be held to a "higher standard" than private corporations that store user data or foreign governments that undertake their own surveillance.

Obama said a balance had to be struck between competing demands. “We have to make some important decisions about how to protect ourselves and sustain our leadership in the world, while upholding the civil liberties and privacy protections that our ideals and our constitution require,” he said.

More reviews

The president called for further reviews of the thorny questions surrounding the scope of NSA’s power. “The challenge is getting the details right, and that is not simple.”

Obama has directed attorney general Eric Holder, NSA director Keith Alexander and the rest of the intelligence community to present proposals over the next several weeks for what private entity should hold Americans’ telephone metadata, casting it as an issue that requires further deliberation before any decision that could have major implications for both privacy and security.

He made it clear that when he previously reviewed US intelligence gathering operations, he concluded that the NSA needed the capabilities offered by the controversial programs and did not intentionally abuse them.

“What I did not do is stop these programs wholesale, not only because I felt that they made us more secure, but also because nothing in that initial review, and nothing that I have learned since, indicated that our intelligence community has sought to violate the law or is cavalier about the civil liberties of their fellow citizens,” Obama said.

Obama said that ahead of transitioning the database out of government hands, the NSA will now have to receive approval from the secret surveillance court before searching through the data trove for connections to terrorist groups. Those searches would be restricted to two “hops”, meaning that a number “reasonably” suspected can have all the numbers it called and from which it received calls reviewed, and all of those numbers can also have their connections examined.

“I believe it is important that the capability that this program is designed to meet is preserved,” Obama said.

Cautious welcome

That call fell short of expectations from privacy advocates in and outside of Congress, who want the government collection of Americans’ metadata without specific connections to terrorism, approved by a judge, to stop. "We must all remember that the very act of bulk collection of private data undermines Americans’ constitutional rights," said Senator Ron Wyden, a prominent critic, on Twitter after the speech.

But Wyden and another Senate intelligence committee member, Mark Udall, gave the speech as a whole a cautious welcome. “Make no mistake, this is a major milestone in our longstanding efforts to reform the National Security Agency’s bulk collection program,” they said a joint statement.

“The president has listened to some of the advice of his independent panel of experts and endorsed some of the reforms we have long advocated. The fight to protect liberty and increase security is far from over.”

Patrick Leahy, a Democrat on the Senate intelligence committee, welcomed the reforms to the bulk collection, but said Congress had to act to put them into place. "The president has ordered some significant changes, but more are needed," he said in a statement.

In his speech, Obama was more definitive about assuring allied foreign leaders that he would not spy on their communications, an issue that became a diplomatic row straining relations with Germany, Brazil and other countries.

“The leaders of our close friends and allies deserve to know that if I want to learn what they think about an issue, I will pick up the phone and call them, rather than turning to surveillance,” Obama said.

But Obama did not issue new protections for non-Americans abroad, saying instead that he wanted additional privacy protections for foreigners. Nor did he address the NSA’s secret weakening of encryption standards, first reported by the Guardian, which have greatly concerned US businesses.

The Guardian reported on Thursday, based on documents leaked by NSA whistleblower Edward Snowden, that the NSA collects an average of 200m texts messages abroad every day. The collection of “untargeted and unwarranted” communications, through a program codenamed Dishfire, is one of several NSA activities that have drawn global concern since their disclosure.

Similarly, Obama defended a program, now conducted under Section 702 of the Fisa Amendments Act, that allows the NSA to hold the internet communications of foreigners abroad. He directed Holder and James Clapper, the director of national intelligence, to review the program to add protections for Americans whose information has been caught up in the dragnet.

But he stopped he short of ordering NSA not to query that database for Americans’ identifying information, an authority first revealed by the Guardian and which senator Ron Wyden dubbed the “backdoor search loophole”. Any restriction on that authority would apparently follow the review.

Obama said he wanted additional safeguards for the secret surveillance court, known as the Fisa court, which currently only the government can petition. Obama urged Congress to set up “an independent voice” before the court, along with new technological consultants, who can argue for the privacy interests of US citizens and help the court better navigate the vast, complex and changing technological capabilities of the NSA. Declassified rulings show this has vexed judges on the court for years.

The president also rejected a recommendation from his handpicked surveillance panel to place judicial oversight over the FBI’s practice of issuing a nonjudicial subpoena known as a National Security Letter for the records of US businesses. But Obama proposed allowing businesses greater, but as yet unspecified, ability to discuss those letters, which are currently under a gag order.

Much of the substance of Obama’s proposals remain undefined. The telephone companies have resisted having to store customer data for additional periods of time on behalf of the NSA, and any new third-party private storehouse of metadata would have to be created from scratch.

The lack of clarity places increasing pressure on Congress to ultimately resolve many of the complexities of surveillance – creating effectively a new round of jockeying on Capitol Hill between privacy advocates and the NSA’s allies, who fear losing what Obama described as a valuable tool for determining domestic connections to terrorism.

Obama gave less attention to the man whose disclosures prompted his speech: Edward Snowden. “I’m not going to dwell on Mr Snowden’s actions or motivations,” Obama said. “I will say that our nation’s defence depends in part on the fidelity of those entrusted with our nation’s secrets.”
http://www.theguardian.com/world/201...cans-call-data





Protect Yourself From The NSA With WireOver’s Encrypted File Sharing
Josh Constine

Nothing is truly NSA-proof or hacker-proof, but WireOver wants to offer you more security than Dropbox, Google Drive, or Skydrive. The Y Combinator startup just emerged from stealth with a desktop app that lets you send files of any size for free. And for $10 a month, your transfers get end-to-end encryption so only the recipient can open them. WireOver can’t even look at what you’re sending.

If you just want to send huge video files or photo collections to friends and aren’t worried about encryption, WireOver is totally free for unlimited file-size sharing. But its premium level of privacy could be a big draw for anyone with sensitive files to send.

WireOver founder Trent Ashburn tells me there are security holes in the way big file storage and sharing providers transfer your stuff. “In the industry it’s called encryption in transit and encryption at rest. But the files arrive on the servers decrypted. Their servers will re-encrypt them and store them, but the encryption keys used are controlled by and accessed by the provider.”

Ashburn tells me there’s a risk of the same company having both a copy of your encrypted files and the key to open them. But with WireOver’s end-to-end encryption, files are never stored on its servers, and it doesn’t have the decryption key. “The approach we’re going for is ‘Trust No One’”.

Ashburn spent several years building computational models for quantitative hedge funds before becoming a semi-pro cyclist. He wanted to start a company he could relate to, and he found he was having some trouble with file transfers.

“With Dropbox, Google Drive, and Skydrive, sending small and medium-size files is pretty much solved but it’s a pain to send big files securely. There’a bunch of things that Dropbox works great for [like syncing]. And they do their best within their goals to have security, but they’re not trying to be the most secure tool. They’re trying to be your files everywhere.”

So Ashburn entered WireOver into Y Combinator. They built a bunch of failed prototypes before settling on a Python-based desktop client. Along with the YC funding it got from Andreessen Horowitz, SV Angel, and Yuri Milner, the four-person startup has raised an additional seed round from Bessemer Venture Partners, Boston’s .406 Ventures, and angels like BrandCast’s Hayes Metzger.

How To Use WireOver

Once you’ve installed WireOver, you just dump files into its little window, and type in the email address of the recipient[s]. Once they have WireOver installed and running, the file is transferred completely peer-to-peer, or routed by WireOver’s servers but isn’t stored there.

If you select “Secure” transfer and both you and receiver have paid the $10 a month fee, your file gets end-to-end encryption. For even more security again man-in-the-middle attacks, you can request to verify the recipient’s machine’s crytopgraphic fingerprint.

The big downside to WireOver using a transfer system rather than cloud storage is that both the sender and recipient have to be online at the same time. You can just upload a file, email someone a link, and shut off your computer.

But since WireOver doesn’t store files, it doesn’t have to charge for unencrypted transfers. That means you could send 200 gigabyte or even terrabyte-sized files for free, which could cost hundreds or thousands of dollars a year on Dropbox, Drive, or SkyDrive. If you’re looking for security and privacy, WireOver might be worth the $10 a month.

Ashburn says some clients have switched to WireOver from sending physical hard drives and USB drives through the mail or with FedEx. While there are other encrypted file sharing services, we haven’t found any popular ones that offer unlimited file sizes for free, or encryption of those files for as cheap.

Companies large and small are seeing their data fall into the hands of hackers, and we’re realizing our governments are engaging in widespread surveillance. Meanwhile, as our cameras get better and our screens get bigger, file sizes just keep going up. So whether you’re paranoid or just want to send all your photos to mom, WireOver understands.
http://techcrunch.com/2014/01/17/wireover/





BitTorrent Creator's New Software DissidentX Hides Secrets In Plain Sight
Andy Greenberg

Encryption tools help people keep secrets. Bram Cohen has a more subtle ambition: he wants to help people keep secret the act of keeping secrets.

For the last year Cohen, who created the breakthrough file-sharing protocol BitTorrent a decade ago, has been working on a new piece of software he calls DissidentX. The program, which he released over the summer in a barebones prototype and is now working to develop with the help of a group of researchers at Stanford, goes beyond encryption to offer users what cryptographers call “steganography,” the ability to conceal a message inside another message. Instead of merely enciphering users’ communications in a scramble of nonsensical characters, DissidentX can camouflage their secrets in an inconspicuous website, a corporate document, or any other, pre-existing file from a Rick Astley video to a digital copy of Crime and Punishment.

“What you really want is to be as unsuspicious as possible,” says Cohen, who spoke with me about DissidentX at the Real World Crypto conference in New York Tuesday. “We don’t want an interloper to be able to tell that this communication is happening at all.”

Cohen has programmed DissidentX to serve as a customizable framework for steganography that can use any method of tweaking a file from adding spaces at the end of a text file’s lines to adding pixels to a video. But unlike older steganographic tools, those alterations to the camouflage file known as the “cover text” don’t serve as a set of on-or-off bits to encode the secret message. Instead, DissidentX makes the changes such that when the recipient puts the entire file through a cryptographic function known as a “hash”–a transformation that coverts it into a unique string of characters–it produces an encrypted version of the sender’s message, ready to be decrypted with the recipient’s key.

“There’s no particular place in the cover text where the bits of the encoded message are hidden. It’s distributed holistically across the entire thing,” says Cohen. “It’s taking the entirety of the cover text and mashing it all together as a complete unit to create a hash carefully constructed so that it has the properties you want,”–namely, that the results serve as an encrypted secret message.

That hashing technique means that the recipient of a message doesn’t even need to know what sorts of tweaks were made to the cover text to find the encoded secrets. It also means DissidentX’s alterations to the cover text can also include subtracting elements from a file, such as deleting paragraphs from a block of text–a method that’s far harder for a snoop to detect than older tricks like adding commas or spaces. “Right now, most steganography techniques are detectable,” says Cohen. “I hope this will change the balance of power somewhat, and make it so these things really aren’t detectable in practice.”

Cohen’s sleights of hand go a step further, too. He’s designed DissidentX to allow multiple secret messages to be encoded in an altered file, each of which can only be read with different decryption keys. That means a single text file or video could hold messages intended for multiple recipients, or additional false messages can also be encoded into the file as red herrings.

That last trick, pioneered by Julian Assange and a couple of friends in a 1997 program called Rubberhose, is meant as a last line of defense for a user who may be imprisoned and forced to cough up a decryption key to trick his or her captors into thinking the message is fully decoded, while still protecting certain secrets. (The scheme’s name came from cryptographers’ half-joking term Rubberhose Cryptanalysis, the threat of beating a decryption key out of someone with a length of rubber tubing.) “The idea of this is that even if you get rubber-hosed, you can say ‘here’s my key,’ and they only get a message that’s not the real message,” Cohen says.

Even with Cohen’s clever hashing trick, the cover text for a secret message must be much larger than that message itself. Cohen suggests a file five hundred times as large as the secret message to encode communications without raising suspicions. But he and a group of Stanford cryptographers are working to improve DissidentX with an algorithm known as Lenstra–Lenstra–Lovász to minimize the proportion of the cover text that must be changed.

Cohen says he began thinking about steganography after scandal erupted around the now-defunct anonymity tool Haystack in 2010. That software, intended to help dissidents in countries like Iran evade surveillance, was found to be deeply insecure and the project was shuttered by its creator Austin Heap. “Haystack was claiming to be using steganography, and it got me thinking about stego,” he says. “I ended up coming up with some neat intuitions about how to do this.”

As DissidentX evolves, Cohen says he imagines human rights groups like the Tor anonymity project might hide messages to political dissidents in web pages, which could be detected with a browser plug-in that checks every page for hidden messages. Thanks to his hashing trick, those secrets should be visible in their encrypted form–not to mention readable–to a DissidentX user with the right decryption key.

“Hopefully this kind of approach will become how modern stego is done,” he says.
http://www.forbes.com/sites/andygree...n-plain-sight/
















Until next week,

- js.



















Current Week In Review





Recent WiRs -

January 11th, January 4th, December 28th, December 21st

Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.


"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public."
- Hugo Black
JackSpratts is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Peer-To-Peer News - The Week In Review - July 16th, '11 JackSpratts Peer to Peer 0 13-07-11 06:43 AM
Peer-To-Peer News - The Week In Review - July 9th, '11 JackSpratts Peer to Peer 0 06-07-11 05:36 AM
Peer-To-Peer News - The Week In Review - January 30th, '10 JackSpratts Peer to Peer 0 27-01-10 07:49 AM
Peer-To-Peer News - The Week In Review - January 16th, '10 JackSpratts Peer to Peer 0 13-01-10 09:02 AM
Peer-To-Peer News - The Week In Review - December 5th, '09 JackSpratts Peer to Peer 0 02-12-09 08:32 AM






All times are GMT -6. The time now is 09:57 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
© www.p2p-zone.com - Napsterites - 2000 - 2024 (Contact grm1@iinet.net.au for all admin enquiries)