P2P-Zone  

Go Back   P2P-Zone > Peer to Peer
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Peer to Peer The 3rd millenium technology!

Reply
 
Thread Tools Search this Thread Display Modes
Old 24-07-13, 07:07 AM   #1
JackSpratts
 
JackSpratts's Avatar
 
Join Date: May 2001
Location: New England
Posts: 10,013
Default Peer-To-Peer News - The Week In Review - July 27th, '13

Since 2002


































"We shall not block access to legal content regardless of whether or not it appeases us aesthetically or ethically." – Polish PM Donald Tusk


"We used to joke that we’d have to hire an intern to press all these buttons. It turns out it’s much better to get the intern to help make the robot. Then he also has time to get coffee." – Justin Engler


"Today, the rhetoric of the 'internet freedom agenda' looks as trustworthy as George Bush's 'freedom agenda' after Abu Ghraib." – Evgeny Morozov






































July 27th, 2013




UK Court Orders Block On Two File-Sharing Sites
BBC

British ISPs have been told to block access to two websites accused of aiding piracy on a "mass scale".

The court order to block EZTV and YIFY Torrents was made last week and should take effect soon.

The two are the latest in a growing list of websites to which UK ISPs have been asked to block access.

Action against the sites was started by the Federation Against Copyright Theft (Fact) in conjunction with the Motion Picture Association (MPA).

File-sharing news site TorrentFreak said it the High Court decision followed efforts by Fact and the MPA to contact the owners of both sites. The MPA is the international arm of the Motion Picture Association of America.

A spokesman for Fact said it and the MPA had given both sites a chance to avoid legal action by responding to cease and desist orders, by both industry groups, to remove pirated content issued.

Fact said it had resorted to legal action when no action to remove infringing content was forthcoming.

The process to get the UK courts to issue blocking orders was now well established, he said, and the UK's biggest ISPs typically took a fortnight to impose blocks.

The action against the two sites was just one aspect of a broader policy targeting pirate sites, said the Fact spokesman.

Efforts were also being made to cut off funds to infringing websites by targeting ad networks that some sites relied on to generate cash.

In addition, he said, payment providers were looking at ways to stop donations and other payments getting through to pirate sites.

A growing number of sites accused of aiding piracy are now blocked to UK web users.

The list includes the Pirate Bay, Kickass Torrents, H33T, Fenopy, Movie2K and Download4All. In addition, the Premier League has won a block on football streaming site FirstRow1.eu.
http://www.bbc.co.uk/news/technology-23408107





Welcome to the ‘Sharing Economy’
Thomas L. Friedman

Brian Chesky’s parents wanted just one thing for him when he graduated from the Rhode Island School of Design — that he get a job with health insurance. He tried that for a while with a design firm in Los Angeles, but he got fed up and packed up his Honda Civic and drove up to San Francisco to crash with his pal, Joe Gebbia, who agreed to split the rental of his house with Chesky. “Unfortunately, my share came to $1,150 and I only had $1,000 in the bank, so I had a math problem — and I was unemployed,” said Chesky. But they did have an idea. The week Chesky got to town, in October 2007, San Francisco was hosting the Industrial Designers Society of America, and all the hotel rooms on the conference Web site were sold out. So Chesky and Gebbia decided, why not turn their house into a bed and breakfast for attendees?

The problem was “we had no beds,” but Gebbia did have three air mattresses. “So we inflated them and called ourselves ‘Airbed and Breakfast,’ ” Chesky, 31, recalled for me in an interview. “Three people stayed with us, and we charged them $80 a night. We also made breakfast for them and became their local guides.” In the process, they made enough money to cover the rent. More important, though, it spawned a bigger idea that has since blossomed into a multimillion-dollar company and a whole new way for people to make money. The idea was to create a global network through which anyone anywhere could rent a spare room in their home to earn cash. In homage to its roots, they called the company Airbnb, which has grown so large, so fast that it is now the equivalent of a major global hotel chain — even though, unlike Hilton, it doesn’t own a single bed. And the new trend it set off is the “sharing economy.”

I first heard Chesky describe his company two years ago and thought it was a quaint idea that would find limited traction with niche travelers. I mean, how many people in Paris really want to rent out their kid’s bedroom down the hall to a perfect stranger who comes to them via the Internet? And how many strangers want to be down the hall? Wrong. Turns out there is an innkeeper residing in all of us!

On July 12, Chesky told me, “Tonight we have 140,000 people around the world staying in Airbnb rooms. Hilton has around 600,000 rooms. We will get up to 200,000 people per night by peak this summer.” Airbnb has 23,000 rooms and homes listed in New York City alone, and 24,000 in Paris. Worldwide, “we have listings in 34,000 cities and 192 countries,” added Chesky. “We are the largest short-term rental site of its kind in China today, and we have no office there.”

Chesky then fires up his iPad and shows me on Airbnb.com the rooms and homes being offered for rent: “We have over 600 castles,” he begins. “We have dozens of yurts, caves, tepees with TVs in them, water towers, motor homes, private islands, glass houses, lighthouses, igloos with Wi-Fi; we have a home that Jim Morrison used to live in; we have treehouses — hundreds of treehouses — which are the most profitable listings on our Web site per square footage. The treehouse in Lincoln, Vt., is more valuable than the main house. We have treehouses in Vermont that have had six-month waiting lists. People plan their vacation now around treehouse availability!”

In 2011, Prince Hans-Adam II offered his entire principality of Liechtenstein for rent on Airbnb ($70,000 a night), “complete with customized street signs and temporary currency,” The Guardian reported. You can rent any number of Frank Lloyd Wright homes — and even a one-square-meter house in Berlin that goes for $13 a night.

While it sounds like Chesky is just a global rental agent with more scale, there is something much bigger going on here. Airbnb’s real innovation is not online rentals. It’s “trust.” It created a framework of trust that has made tens of thousands of people comfortable renting rooms in their homes to strangers.

To rent a yurt in Mongolia, you go to the Airbnb Web site, sign up for it and pay Airbnb by credit card. It takes 6 percent to 12 percent of the fee from the guest and 3 percent from the host. The fee is paid to the renter after the first night. Through Airbnb, guests and hosts can verify each other’s driver’s license or passport, e-mail address and phone number, and connect Facebook profiles. No one is anonymous. They work out their own exchange of keys.

Afterward, guests and hosts rate each other online, so there is a huge incentive to deliver a good experience because a series of bad reputational reviews and you’re done. Airbnb also automatically provides $1 million in insurance against damage or theft to nearly all of its hosts (some countries have restrictions) and only rarely gets claims. This framework of trust has unlocked huge value from unused bedrooms. “In the last 12 months in Paris, we’ve generated $240 million in economic activity,” Chesky said.

Airbnb has also spawned its own ecosystem — ordinary people who will now come clean your home, coordinate key exchanges, cook dinner for you and your guests, photograph rooms for rent, and through the ride-sharing business Lyft, turn their cars into taxis to drive you around. “It used to be that corporations and brands had all the trust,” added Chesky, but now a total stranger, “can be trusted like a company and provide the services of a company. And once you unlock that idea, it is so much bigger than homes. ... There is a whole generation of people that don’t want everything mass produced. They want things that are unique and personal.”

There’s more. In a world where, as I’ve argued, average is over — the skills required for any good job keep rising — a lot of people who might not be able to acquire those skills can still earn a good living now by building their own branded reputations, whether it is to rent their kids’ rooms, their cars or their power tools. “There are 80 million power drills in America that are used an average of 13 minutes,” says Chesky. “Does everyone really need their own drill?”

More than 50 percent of Airbnb hosts depend on it to pay their rent or mortgage today, Chesky added: “Ordinary people can now be micro-entrepreneurs.” Jamie Wong, co-founder of Vayable.com, a platform through which locals anywhere can become custom tour guides of their area, told me: “I moved out of my apartment in central San Francisco, rented a cheaper annex in a friend’s home, and ‘airbnb-ed’ my apartment for $200 a night and earned about $20,000 in a year. It enabled me to bootstrap my start-up. Airbnb was our first round of funding!” And just think how much better all this is for the environment — for people to be renting their spare bedrooms rather than building another Holiday Inn and another and another. ... The sharing economy — watch this space. This is powerful.
http://www.nytimes.com/2013/07/21/op...g-economy.html





Textbook Publishers Revamp E-Books to Fight Used Market
Stephanie Simon and Madeline Will

A booming market in recent years for selling and renting used college textbooks has saved students across the United States a ton of cash.

But it has put textbook publishers in a bind. They don't make a cent unless students buy their books new.

So increasingly, publishers like Pearson Plc and McGraw-Hill Education are turning to a new model: Creating online versions of their texts, often loaded with interactive features, and selling students access codes that expire at semester's end.

Publishers save on printing, shipping and process returns. The e-books are good for learning and good for their bottom line. There's just one catch: Persuading students to go digital isn't easy.

Online products accounted for 27 percent of the $12.4 billion spent on textbooks for secondary schools and colleges in the United States last year, according to research firm Outsell Inc.

But the publishers expect that percentage to grow, and are retooling their businesses to compete in what they see as the future of the industry.

Half of Pearson's total revenue last year came from digital products and services (not all of which are digital), and executives expect that to increase. The company recently announced a restructuring to emphasize online content.

Cengage Learning, which creates customized courses, has pledged to emerge from a recent bankruptcy filing more focused on digital. McGraw-Hill Education, which was recently acquired by private equity firm Apollo Global Management, has taken an equity stake in one software company focused on digital learning and purchased another outright.

Still, the transition will not be immediate, executives said. Students have to learn to adapt to a textbook that can almost read their minds.

"How do we get from the Old World to the New World as quickly as possible?" said Andrew Kvaal, a senior vice president for Cengage. "An awful lot of people still resonate with having a physical book in front of them."

Some 77 percent of college students said they preferred print to e-books in a survey conducted last year by the National Association of College Stores. Another survey, by the research firm Student Monitor, found only 14 percent of students enrolled in college this past spring had classes that required online texts and just 2 percent bought most of their books in digital format.

And most students said they did not see much use for the touted special features of digital textbooks, such as embedded quizzes, electronic flash cards, or the ability to share notes online.

Michael Hardison, who is studying political science at the University of North Carolina at Chapel Hill, is among the skeptics. He likes straight-forward e-books, but said textbook software with built-in tutorials made him feel that he was being spoon-fed the information instead of letting him wrestle with the material on his own.

Cost is another concern for many students.

Consider the widely used textbook, "Biology", by Sylvia Mader and Michael Windelspecht, published by McGraw-Hill. The ebook costs $120, a steep discount from the $229 cost for a new print textbook.

But savvy shoppers do better. The same book in printed form can be rented for $36. It can also be bought used for $102, and later resold on the secondhand market for up to $95, according to the website CheapestTextbooks.com.

These alternative markets have transformed the industry. Average student spending on new textbooks per semester dropped from $192 in the fall of 2008 to $138 this spring, according to Student Monitor. That is despite the prices of new textbooks rising about 6 percent a year, according to the U.S. Bureau of Labor Statistics.

Digital textbooks could hurt the secondhand market, analysts said. But they will have to contend with open-source sites - free or almost-free compilations of resources that are only a small threat now - and students sharing files rather than buying their own.

With online books, publishing companies "get a steady stream of revenue," said Will Ethridge, the outgoing chief executive of Pearson's North America division. "It's a better model for students, a better model for the business and a better model for the environment."

The transition "obviously doesn't happen overnight," he said, "but we do think the direction is very clear."

Executives say students might be wary at first, but once they try the new software, they are hooked.

McGraw-Hill's LearnSmart software - which serves almost as a personal tutor, guiding students through e-books - debuted in 2010 with just 150,000 student users. Two years later, more than a million students were paying $25 to $35 per course to access the online tutor, which they purchase separately from the online textbook itself. Executives say sales are expected to rise again this year.

Some digital texts embed links to videos, articles and clips from a professor's lectures, while others will monitor a student's progress and draw up personalized study plans to keep them on track.

"We can even predict what you're most likely to forget...and when you're most likely to forget it," said Jeff Livingston, a senior vice president at McGraw-Hill Education.

Manju Bhat, an assistant professor of physiology at Winston-Salem State University in North Carolina, monitors how much time his students spend reading the digital texts he assigns, how they do on embedded quizzes, and which concepts stump them. Bhat, a paid consultant to McGraw-Hill, uses that data to shape the next day's lesson.

The students' grades improved so much that "My department chairwoman called me into her office and asked me, 'What did you do?'" Bhat said.

There is another advantage of online texts: They can be edited and updated quickly, with new material pushed out to all users around the world.

"Ten years from now, almost 75 percent of students believe that e-textbooks will be used more than print textbooks," said Cindy Clarke, a senior vice president for CourseSmart, an online joint venture of five textbook publishers. "It's happening, and I believe it will start to happen more and more exponentially."

(Reporting by Stephanie Simon in Boston and Madeline Will in New York; Editing by Jilian Mincer and Leslie Gevirtz)
http://www.reuters.com/article/2013/...96M04520130723





Kindle Fired: 75% Want Printed Books, Not Ebooks
Paul Bedard

America is showing signs that it hasn't totally abandoned one low-tech tradition: taking a dog-eared book to the beach.

A stunning 75 percent of adults told Rasmussen Reports that they prefer a printed book on actual paper to an electronic version displayed on devices like the Kindle Fire, Nook or iPad. Just 15 percent prefer ebooks.

And, said Rasmussen, that's an increase of those who prefer books--and a rare slapdown of technology. In his 2011 poll on the same issue, 23 percent said they prefer ebooks.

According to the Rasmussen poll, while 75 percent prefer printed books, 78 percent said they "usually read a book in the traditional printed format."

That might help explain the recent decline in sales of the Barnes & Noble nook.

Another surprising finding in Rasmussen's poll was that readers don't consider the price of books and ebooks much when considering which to buy, even though ebooks are typically less expensive.

"Only 44 percent of Americans view book prices as at least somewhat important to their decision whether to get an electronic reading device. Fifty percent do not consider the price of books important to their decision," said the pollster.

Other findings in the poll:

-- 35 percent say when they buy a book, they are most likely to go to an actual bookstore, while 18% would go to some other retail store.

-- 27 percent are most likely to order a book over the Internet.

-- 14 percent would most likely download it to their electronic reader.

-- 22 percent say they have seen a book title in a traditional bookstore and then instead of buying it have downloaded it to their computer or electronic reader.

-- Women are more likely than men to have bought a book recently, but both overwhelmingly prefer the traditional print format.

The survey of 1,000 Adults was conducted on July 11-12, 2013 by Rasmussen Reports. The margin of sampling error is +/- 3 percentage points with a 95% level of confidence.
http://washingtonexaminer.com/kindle...rticle/2533266





The Thief in the 3D Printing World May Not be Who You Think
Nancy Gohring

The world of 3D printing designers was set abuzz recently, when popular designer Asher Nahmias pulled his work from a well-known online store in protest after Stratasys, one of the biggest 3D printer manufacturers, improperly used one of his designs.

The incident – not the first and surely not the last – represented a curious reversal of sorts. Often, discussions about copyright or patent infringement related to 3D printing revolve around the idea of individuals stealing designs from corporations.

In this scenario, it was the reverse, highlighting just how much confusion there is around rights in 3D printing and how much work needs to be done to figure out how best to protect against improper use.

"With all the things this technology is capable of delivering in terms of improving designs and enhancing sustainability and delivering better personalized medical treatment, there are also a lot of unintended consequences," said Avi Reichental, president and CEO of 3D Systems, a 3D printer maker that itself has also been accused of improperly using Nahmias' designs. "Piracy and patent infringement and copyright infringement are going to be part and parcel of the unintended consequences powered by the same technology that can do so much good."

Form over function

Most of the legal issues around 3D printing aren't that different than those around artwork, photography, manufacturing or digital music, said Michael Weinberg, a vice president at Public Knowledge and an attorney who has written two books about intellectual property and 3D printing. For instance, copyright automatically protects purely decorative objects, like sculptures, whether they are created by hand with clay or with a 3D printer.

"If you're going to use something protected by copyright, you need permission," Weinberg said. This is where the 3D printer manufacturers crossed the line in Nahmias' eyes. Nahmias, who declined to be interviewed for this story, protected his designs with a Creative Commons license that barred downloaders from using them in a commercial manner and required users to attribute the design to him.

But Stratasys printed one of Nahmias' designs and included it in its booth at a trade show.

"Even if you bought any of my paid design files you are NOT allowed to use it for commercial displays to showcase your products as 3D systems & Stratasys did without asking my permission nor placing attribution to designer - as per Creative Commons - Attribution - NON Commercial License," Nahmais, better known as Dizingof online, wrote on a recent discussion about the incident.

He also posted an email exchange he said he had with Dan Yalon, executive vice president for business development and strategic marketing for Stratasys, in which Yalon says the company will be sure to ask for permission and give attribution in the future. In the email Yalon also agreed to donate a sum of money to a charity to make up for it, although Nahmias, via Twitter, said he's not sure if Stratasys has done so. Stratasys did not reply to repeated requests for an interview.

Nahmias also discovered that one of his designs was used in a Toys R Us store in Hong Kong that held an event in collaboration with 3D Systems to promote 3D printing. "It wasn't our event," Reichental said. "It was a third party event, and they downloaded the design, and used it in conjunction with us."

"In this case no damage was done in the sense that nobody benefited of profited from it," he said.

However, that comment demonstrates the current disconnect in the community.

Nahmias appears to believe that the companies do benefit by displaying his designs at events that are ultimately surely organized to help sell their products. "These corporations including Makerbot and let's not play naive here - are in it for the MONEY," he wrote in the comments after a blog post about the Stratasys incident.

Ultimately, Dizingof himself has the potential to profit from the incidents.

Designers that find people are using their work without permission have a couple of options. The designer can first contact the offender and ask them to stop using their work, as Nahmias did, or ask to talk about a deal. "People are often best served by talking before litigating," Weinberg said.

However, a designer could also file a lawsuit. "It's certainly an option," he said. If the designer can prove wilful infringement, the court may award as much as $150,000 per work.

Weinberg hasn't heard of a designer filing suit for infringement of a 3D design. He has seen them taking on another tactic though.

"I've seen more designers publically shaming companies," he said. Designers like Nahmias, who is a well-known figure in the 3D printing world, are taking to Twitter each time a violation occurs. Todd Blatt is another 3D designer who has been tweeting when he sees objects on display at tradeshows without proper attribution.

Because the 3D printing world is relatively small, these incidents might be enough to set the industry on the right track, Weinberg said.

Function before form

A different set of laws covers objects that have a useful purpose, as opposed to purely decorative objects. Unlike artwork, which is automatically protected by copyright, useful objects are only covered by patents if the creator files for one and is awarded one. Even then, a patent typically lasts only 20 years.

"What you have is a situation where people are stepping away from their computer screens and looking around the world and realizing that the world is full of things that are not wrapped up in permissions. Although we've been trained that everything has an IP owner, people are waking up to the fact that that's not true for the vast majority of things in the real world," Weinberg said.

Still, there could be some grey areas. If someone creates a digital file, essentially a virtual representation, of a useful object, like a screw, that file could be protected by copyright. "If you conclude that the file is protected in part by copyright, what kind of control would copyright in a file of a screw give you over the reproduction of screws in real life?" he wonders.

These types of questions might get presented to courts as more people try to replicate objects using 3D printing.

Available tools

Technology, awareness and new policies can all help prevent unauthorized duplication in 3D printing.

"DRM techniques can be easily applied to 3D printing files," Reichental said. The idea is that the creator can enable whoever downloads the file to print an authorized number of products and that's it.

3D Systems offers DRM to designers who post their creations on Cubify, 3D Systems' online marketplace. "My sense is you'll see more and more of that happening," he said.

Within Cubify, 3D Systems has a policy that it will remove unauthorized items that are uploaded for sale and block the seller from uploading additional files. The company is also investigating technologies that might be able to recognize unauthorized files so that the company might be able to take a more proactive stance, he said.

Beyond technology, he thinks that education will be key. Starting at the elementary school level, 3D Systems thinks there should be a formal curriculum that keeps pace with developments in 3D printing so that people learn at a young age about intellectual property.

Lauren Bricker, who teaches a 3D printing class at Seattle's Lakeside School (Bill Gates and Paul Allen are among the school's alums), instructs her students to think about intellectual property implications. "It's just like teaching students about how plagiarism is wrong in writing a paper, writing a piece of software, or even in the world of art. This area is no different but it's so 'new' people haven't really had a chance to think about it," she said.

To avoid the situations that Nahmais has faced, it's clear also that corporations need to do a better job of implementing internal rules around using 3D printers.

Weinberg thinks it's unlikely that Stratasys, for instance, overtly decided to infringe Nahmais' copyright. "What's far more likely is the company didn't take the time to think about what they were doing or the person who was doing it either didn't understand what a Creative Commons license was or misinterpreted it," he said.

Still, it is surprising that such a large company would make such an oversight, he said. "It makes it more surprising than if some person on the corner were doing it," he said. Large companies often have policies, for instance, that require workers to have PowerPoint decks approved by corporate communications or legal departments. A similar type of process could easily govern the use of designs displayed at trade shows or other public events.

"But then again, it's a new world for them too. They've been in the business for over 20 years and probably most of those years the world of 3D printing designers was relatively small," Weinberg said. Then MakerBot launched Thingiverse, its online marketplace, and the world of 3D designers expanded. Stratasys acquired MakerBot last month.

For perspective, Weinberg notes that similar incidents of companies inappropriately taking content from individuals aren't uncommon. "Every couple of months an advertising company is taking a picture from Flickr and using it in a campaign," he said. The "irony is rich" in such scenarios where companies have robust IP protection programs themselves, he noted.

Since the 3D printing market is just starting to blossom, related intellectual property issues won't be solved overnight.

"This technology is moving at exponential speed and it's only going to exacerbate the gaps that we have between what the technology can do and what human behavior wants to do and what our social and legislative infrastructure is capable of comprehending today," Reichental said.

UPDATE (July 19, 2013): After this story posted, Nahmias, via Twitter, pointed to an online comment where 3D Systems’ chief strategy officer Ping Fu says that she in fact printed his model that went on display in the Toys R Us store. That seems to contradict 3D Systems’ CEO, who blamed a partner for downloading and using the design.

In addition, also via Twitter, Nahmias said that he called the charity Yad-Sarah that Stratasys offered to contribute to and asked if a donation had been made from Stratasys or Objet, the name of a company Stratasys merged with last year. He said the charity reported it hadn’t received such a donation.
http://www.itworld.com/it-management...-who-you-think





Victory Lap for Ask Patents
Joel Spolsky

There are a lot of people complaining about lousy software patents these days. I say, stop complaining, and start killing them. It took me about fifteen minutes to stop a crappy Microsoft patent from being approved. Got fifteen minutes? You can do it too.

In a minute, I’ll tell you that story. But first, a little background.

Software developers don’t actually invent very much. The number of actually novel, non-obvious inventions in the software industry that maybe, in some universe, deserve a government-granted monopoly is, perhaps, two.

The other 40,000-odd software patents issued every year are mostly garbage that any working programmer could “invent” three times before breakfast. Most issued software patents aren’t “inventions” as most people understand that word. They’re just things that any first-year student learning Java should be able to do as a homework assignment in two hours.

Nevertheless, a lot of companies large and small have figured out that patents are worth money, so they try to file as many as they possibly can. They figure they can generate a big pile of patents as an inexpensive byproduct of the R&D work they’re doing anyway, just by sending some lawyers around the halls to ask programmers what they’re working on, and then attempting to patent everything. Almost everything they find is either obvious or has been done before, so it shouldn’t be patentable, but they use some sneaky tricks to get these things through the patent office.

The first technique is to try to make the language of the patent as confusing and obfuscated as possible. That actually makes it harder for a patent examiner to identify prior art or evaluate if the invention is obvious.

A bonus side effect of writing an incomprehensible patent is that it works better as an infringement trap. Many patent owners, especially the troll types, don’t really want you to avoid their patent. Often they actually want you to infringe their patent, and then build a big business that relies on that infringement, and only then do they want you to find out about the patent, so you are in the worst possible legal position and can be extorted successfully. The harder the patent is to read, the more likely it will be inadvertently infringed.

The second technique to getting bad software patents issued is to use a thesaurus. Often, software patent applicants make up new terms to describe things with perfectly good, existing names. A lot of examiners will search for prior art using, well, search tools. They have to; no single patent examiner can possibly be aware of more than (rounding to nearest whole number) 0% of the prior art which might have invalidated the application.

Since patent examiners rely so much on keyword searches, when you submit your application, if you can change some of the keywords in your patent to be different than the words used everywhere else, you might get your patent through even when there’s blatant prior art, because by using weird, made-up words for things, you’ve made that prior art harder to find.

Now on to the third technique. Have you ever seen a patent application that appears ridiculously broad? (“Good lord, they’re trying to patent CARS!”). Here’s why. The applicant is deliberately overreaching, that is, striving to get the broadest possible patent knowing that the worst thing that can happen is that the patent examiner whittles their claims down to what they were entitled to patent anyway.

Let me illustrate that as simply as I can. At the heart of a patent is a list of claims: the things you allege to have invented that you will get a monopoly on if your patent is accepted.

An example might help. Imagine a simple application with these three claims:

1. A method of transportation
2. The method of transportation in claim 1, wherein there is an engine connected to wheels
3. The method of transportation in claim 2, wherein the engine runs on water

Notice that claim 2 mentions claim 1, and narrows it... in other words, it claims a strict subset of things from claim 1.

Now, suppose you invented the water-powered car. When you submit your patent, you might submit it this way even knowing that there’s prior art for “methods of transportation” and you can’t really claim all of them as your invention. The theory is that (a) hey, you might get lucky! and (b) even if you don’t get lucky and the first claim is rejected, the narrower claims will still stand.

What you’re seeing is just a long shot lottery ticket, and you have to look deep into the narrower claims to see what they really expect to get. And you never know, the patent office might be asleep at the wheel and BOOM you get to extort everyone who makes, sells, buys, or rides transportation.

So anyway, a lot of crappy software patents get issued and the more that get issued, the worse it is for software developers.

The patent office got a little bit of heat about this. The America Invents Act changed the law to allow the public to submit examples of prior art while a patent application is being examined. And that’s why the USPTO asked us to set up Ask Patents, a Stack Exchange site where software developers like you can submit examples of prior art to stop crappy software patents even before they’re issued.

Sounds hard, right?

At first I honestly thought it was going to be hard. Would we even be able to find vulnerable applications? The funny thing is that when I looked at a bunch of software patent applications at random I came to realize that they were all bad, which makes our job much easier.

Take patent application US 20130063492 A1, submitted by Microsoft. An Ask Patent user submitted this call for prior art on March 26th.

I tried to find prior art for this just to see how hard it was. First I read the application. Well, to be honest, I kind of glanced at the application. In fact I skipped the abstract and the description and went straight to the claims. Dan Shapiro has great blog post called How to Read a Patent in 60 Seconds which taught me how to do this.

This patent was, typically, obfuscated, and it used terms like “pixel density” for something that every other programmer in the world would call “resolution,” either accidentally (because Microsoft’s lawyers were not programmers), or, more likely, because the obfuscation makes it that much harder to search.

Without reading too deeply, I realized that this patent is basically trying to say “Sometimes you have a picture that you want to scale to different resolutions. When this happens, you might want to have multiple versions of the image available at different resolutions, so you can pick the one that’s closest and scale that.”

This didn’t seem novel to me. I was pretty sure that the Win32 API already had a feature to do something like that. I remembered that it was common to provide multiple icons at different resolutions and in fact I was pretty sure that the operating system could pick one based on the resolution of the display. So I spent about a minute with Google and eventually (bing!) found this interesting document entitled Writing DPI-Aware Win32 Applications [PDF] written by Ryan Haveson and Ken Sykes at, what a coincidence, Microsoft.

And it was written in 2008, while Microsoft’s new patent application was trying to claim that this “invention” was “invented” in 2011. Boom. Prior art found, and deployed.

Total time elapsed, maybe 10 minutes. One of the participants on Ask Patents pointed out that the patent application referred to something called “scaling sets.” I wasn’t sure what that was supposed to mean but I found a specific part of the older Microsoft document that demonstrated this “invention” without using the same word, so I edited my answer a bit to point it out. Here’s my complete answer on AskPatents.

Mysteriously, whoever it was that posted the request for prior art checked the Accepted button on Stack Exchange. We thought this might be the patent examiner, but it was posted with a generic username.

At that point I promptly forgot about it, until May 21 (two months later), when I got this email from Micah Siegel (Micah is our full-time patent expert):

The USPTO rejected Microsoft's Resizing Imaging Patent!

The examiner referred specifically to Prior Art cited in Joel's answer ("Haveson et al").

Here is the actual document rejecting the patent. It is a clean sweep starting on page 4 and throughout, basically citing rejecting the application as obvious in view of Haveson.


Micah showed me a document from the USPTO confirming that they had rejected the patent application, and the rejection relied very heavily on the document I found. This was, in fact, the first “confirmed kill” of Ask Patents, and it was really surprisingly easy. I didn’t have to do the hard work of studying everything in the patent application and carefully proving that it was all prior art: the examiner did that for me. (It’s a pleasure to read him demolish the patent in question, all twenty claims, if that kind of schadenfreude amuses you).

(If you want to see the rejection, go to Public Pair and search for publication number US 20130063492 A1. Click on Image File Wrapper, and look at the non-final rejection of 4-11-2013. Microsoft is, needless to say, appealing the decision, so this crappy patent may re-surface.)

There is, though, an interesting lesson here. Software patent applications are of uniformly poor quality. They are remarkably easy to find prior art for. Ask Patents can be used to block them with very little work. And this kind of individual destruction of one software patent application at a time might start to make a dent in the mountain of bad patents getting granted.

My dream is that when big companies hear about how friggin’ easy it is to block a patent application, they’ll use Ask Patents to start messing with their competitors. How cool would it be if Apple, Samsung, Oracle and Google got into a Mexican Standoff on Ask Patents? If each of those companies had three or four engineers dedicating a few hours every day to picking off their competitors’ applications, the number of granted patents to those companies would grind to a halt. Wouldn’t that be something!

Got 15 minutes? Go to Ask Patents right now, and see if one of these RFPAs covers a topic you know something about, and post any examples you can find. They’re hidden in plain view; most of the prior art you need for software patents can be found on Google. Happy hunting!
http://www.joelonsoftware.com/items/2013/07/22.html





Local Newscast Uses DMCA to Erase Air Crash Reporting Blunder
David Kravets

Local San Francisco television news station KTVU has embarked on a novel use of copyright law to cover up embarrassing footage. It has been issuing takedown notices to YouTube for videos showing its anchor literally reading fake names of pilots involved in the recent airline crash at San Francisco International Airport.

The wrong names of the pilots for Asiana flight 214 that anchor Tori Campbell read on air were “Captain Sum Ting Wong,” Wi Tu Lo,” “Ho Lee Fuk” and “Bang Ding Ow.”

Some of the YouTube videos, uploaded from last week’s newscast, leave behind a message: “This video is no longer available due to a copyright claim by KTVU.”

While many of the videos of the segment were still live on Google-owned YouTube, the reason why the Fox affiliate has been demanding their removal doesn’t concern copyright.

“The accidental mistake we made was insensitive and offensive. By now, most people have seen it. At this point, continuing to show the video is also insensitive and offensive, especially to the many in our Asian community who were offended. Consistent with our apology, we are carrying through on our responsibility to minimize the thoughtless repetition of the video by others,” the station’s general manager and vice president, Tom Raponi, told Mediabistro today.

More than 180 were injured and three were killed July 6 when the Boeing 777 slammed on the tarmac.

Under the Digital Millennium Copyright Act, owners of websites where the content is user-generated are obligated to remove copyrighted material at the rights holder’s request, or face the same potential penalties as the uploader. A successful copyright lawsuit carries damages as high as $150,000 per violation.
http://www.wired.com/threatlevel/201...social10035694





Content Owners Warn Congress of “Fair Use Creep,” Draw Ridicule
Jeff John Roberts

Groups representing the movie, music and photography industries testified before Congress on Thursday, and called on the government to consider changing laws to do more to address piracy and file-sharing.

The testimony, which took place before the House Judiciary Subcommittee on Intellectual Property, is part of a larger review by Congress of America’s copyright policy. The review is significant because it will help shape the rules for culture and creativity on the internet in coming decades.

The proceedings included a gimmick in which members of Congress a movie clip of various 3D content, followed by a warning that such creativity could be snuffed out without stronger laws: ”If an environment exists that does not provide adequate copyright protection and blockbuster films become unaffordable and unprofitable due to the threat of piracy, this new and thriving 3D industry will be significantly hampered,” studio executive William Sherak told the subcommittee.

The industry groups also repeatedly invoked “fair use creep” to claim that copyright is being undermined by a long-standing legal rule that lets people make free use of creative works for purposes like scholarship or reporting. The phrase, however, drew mockery on Twitter.

Such comments reflect frustrations among librarians and groups like the Electronic Frontier Foundation that the copyright review appears to be entirely tilted toward large industry groups without considering the public interest.

Copyright law has become contentious in recent years, in part because Congress, in response to lobbying from companies like Disney, has dramatically expanded the terms of copyright and removed works like “Peter and the Wolf” from the public domain.

The subcommittee will hear from members of the tech industry next week.
http://gigaom.com/2013/07/26/content...draw-ridicule/





'The Conjuring' Scares Up $41.5M to Top Box Office
Sandy Cohen

Moviegoers were ready for a fright this weekend, sending "The Conjuring" into first place at the box office.

The Warner Bros. haunted-house horror — based on a true story — debuted with $41.5 million in North American ticket sales, according to studio estimates Sunday. Starring Vera Farmiga, Lili Taylor, Patrick Wilson and Ron Livingston, "The Conjuring" unseated three-week box-office champ, "Despicable Me 2," which dropped to second place with $25 million.

"The Conjuring" was among four new releases tempting moviegoers this weekend. The newest animated offering, Fox's "Turbo," opened with $21.5 million, good for third place. Fox's head of domestic distribution, Chris Aronson, characterized the opening as "a very promising start," noting that the film won't open in Europe until the fall.

But Universal's big-budget crime caper "R.I.P.D." opened with a disappointing $12.76 million. The film reportedly cost more than $130 million to make.

The Jeff Bridges-Ryan Reynolds picture joins other big-budget summer flops such as "Pacific Rim," ''White House Down," ''After Earth" and "The Lone Ranger."

Overall box office totals are up, though, said Paul Dergarabedian of box-office tracker Hollywood.com.

"Despite the fact there have been some high-profile, high-budget flops, the summer to date is up 12 percent from last year," he said. "For mid-July, to have a modestly budgeted horror film top the weekend tells you how important it is for audiences to have options."

The Adam Sandler-produced Sony comedy "Grown Ups 2," starring Kevin James, Chris Rock, David Spade and Salma Hayek, held onto fourth place in its second week of release, earning $20 million.

Summit Entertainment's "Red 2," which stars Bruce Willis and Helen Mirren as retired CIA operatives, debuted in fifth with $18.5 million.

"The Conjuring" was originally set for release in the winter, but audience tests proved so positive that the studio moved the film to the heat of summer movie season.

"It was really a bold choice, no question about it," said Jeff Goldstein, Warner Bros. executive vice president of theatrical distribution. "With three other movies against us this week with high price tags and high expectations associated with them, this result is even more impressive."

He said the film cost about $19.5 million to make.

Still, there was no chance for this weekend's movies to match box-office totals for the same weekend last summer, when "The Dark Knight Rises" opened with $161 million domestically.

___

Estimated ticket sales for Friday through Sunday at U.S. and Canadian theaters, according to Hollywood.com. Where available, latest international numbers are also included. Final domestic figures will be released on Monday.

1. "The Conjuring," $41.5 million.

2. "Despicable Me 2," $25 million ($35.4 million international).

3. "Turbo," $21.5 million ($22.6 million international).

4. "Grown Ups 2," $20 million.

5. "Red 2," $18.5 million ($7.6 million international).

6. "Pacific Rim," $15.95 million ($34.8 million international).

7. "R.I.P.D.," $12.76 million ($6.8 million).

8. "The Heat," $9.3 million.

9. "World War Z," $5.2 million ($12 million international).

10. "Monsters University," $5 million ($20.7 million international).

___

Estimated weekend ticket sales at international theaters (excluding the U.S. and Canada) for films distributed overseas by Hollywood studios, according to Rentrak:

1. "Despicable Me 2," $35.4 million.

2. "Pacific Rim," $34.8 million.

3. "Turbo," $22.6 million.

4. "Monsters University," $20.7 million.

5. "The Lone Ranger," $12.3 million.

6. "World War Z," $12 million.

7. "After Earth," $8.3 million.

8. "Now You See Me," $7.9 million.

9. "Red 2," $7.6 million.

10. "R.I.P.D.," $6.8 million.
http://www.newstimes.com/entertainme...ce-4677821.php





Bombs! Flops! Duds! How the Summer Box Office Could Still Be Biggest Ever
Todd Cunningham

For all the megaflops this year, the sky isn't falling on the box office: Summer is still pacing to be the biggest ever, thanks to more hits than bombs, the biggest of which have already been detonated.

While there's been an unprecedented string of high-priced flops -- five films with budgets well north of $100 million have opened to less than $25 million over the last month -- the season is still running ahead of last year by 10.7 percent.

"This month has brutal, but none of these misfires have been a surprise," BoxOffice.com editor-in-chief Phil Contrino told TheWrap. "With so many huge movies in the marketplace, it was a given that there were going to be some major casualties."

With a few exceptions, the hits have been just as predictable this summer -- and there have been more of them than misses. The total domestic gross for the summer to date is $3.42 billion, better than last summer's $3.09 billion to this point, according to BoxOffice.Mojo.

And the same logjam of tentpole movies that made some disasters all but inevitable has also brought unusual depth to the market: the summer will see at least 20 films with budgets north of $100 million, six more than last year. Even the ones that don't hit add millions to the big picture.

Some of the highest-profile movies in what's left of the season -- Hugh Jackman's "Wolverine" (photo top), the Mark Wahlberg-Denzel Washington action movie "2 Guns," Sony's kiddie film "Smurfs 2" and the Matt Damon-Jodie Foster sci-fi film "Elysium" -- are looking solid, so this summer could still top the $4.32 billion record set in 2011.

With more than $400 million in domestic grosses, Disney's "Iron Man 3" heads a list of six movies that have taken in more than $225 million already this summer. Last year at this time, there were two: "Marvel's The Avengers" and "The Amazing Spider-Man."

Brad Pitt's "World War Z," at one time seen as a likely bomb, is on its way to $200 million. Baz Luhrmann and Leonardo DiCaprio's "The Great Gatsby" has been steady for Warner Bros., and the magic-themed heist thriller "Now You See Me" has been the summer's biggest surprise with $115 million.

It's worth noting that two of the biggest bombs -- Disney's $225 million "Lone Ranger" and Universal's $130 million "R.IP.D" -- are from the studios that have otherwise done very well this summer. Disney has the No. 1 and No. 4 films in "Iron Man 3" and "Monsters University," and Universal has the No. 3 film in "Despicable Me 2" and the No. 5 in "Fast & Furious 6."

Part of the reason things seem more bleak than they really are is perception, according to Wunderlich senior analyst Matthew Harrigan.

"It's human nature. It's a lot more fun to talk about bombs than hits," he said. "You had 'Despicable Me 2' setting a five-day record for animated movies at the box office and 'The Lone Ranger' tanking in the same week, and the 'Lone Ranger' stories outnumbered the 'Despicable Me' stories by about 10 to one."

That said, a $100 million-plus loss of any movie is still a major hit for any studio. But Harrigan doubts that there will be any seismic shifts in the studios' strategy of placing mega-budget bets on franchises that can bring in billions in box office, licensing and theme rides -- for years.

"Obviously you want to avoid flops, especially of that size," Harrigan said, "but there is a need to creatively revitalize and keep priming that pump, and when you play the high-risk, high-reward game that these studios are, some very big misses are the cost of doing business."

The pricey summer movies that missed -- "After Earth," "White House Down," "The Lone Ranger," "Pacific Rim," "R.I.P.D." and "Turbo" -- were all seen as potential franchise launchers. Guillermo del Toro's giant robots may yet justify a sequel if it performs overseas, but the others won't -- and that's a big loss for the studios dreaming of future sequel riches.

However, one need only look at the 2015 release schedule to see that there won't be any serious retrenching, at least anytime soon. There will be at least as many tentpole movies next summer, with the next "Avengers" movie, Fox's "Independence Day 2," Disney's "Pirates of the Caribbean 5," Sony's "The Smurfs 3" and Paramount's "Terminator" already penciled in.

That's not to say this summer's batch of box-office belly flops won't bring more intense scrutiny of huge budgets. The grosses run up by "Star Trek Into Darkness" and "The Great Gatsby" would have been more impressive had they not cost $190 million and at least $105 million, respectively.

"Profit margins still matter, and while you're not going to see a major shift in the studios' strategy, I don't think you're going to see ('Lone Ranger' director) Gore Verbinski laying down railroad tracks in New Mexico again anytime soon," Harrigan said, referencing the rampant cost overruns on the Johnny Depp action Western.
http://www.courant.com/entertainment...,3762048.story





'Arrested' Bump Disappoints Netflix Investors, Shares Drop
Lisa Richwine

Quirky comedy "Arrested Development" lured new subscribers to Netflix Inc's streaming service in the second quarter, but not enough to impress investors who sent its shares tumbling 4 percent in after-hours trading on Monday.

"Arrested Development," which Netflix dusted off seven years after it last ran on Fox, generated "a small but noticeable bump in membership," Netflix CEO Reed Hastings and Chief Financial Officer David Wells said in a letter to shareholders.

Netflix said it added 630,000 streaming customers in the United States, hitting the middle of a forecast the company issued in April.

Wall Street analysts were unimpressed after the market sent the company's share price up 183 percent this year, the biggest gainer on the S&P 500 index, in reaction to buzz about shows such as "Arrested Development" and "House of Cards." On Monday, shares of Netflix fell 4 percent in after-hours trading to $251.50, down from their earlier $261.96 close on the Nasdaq.

"It was a good quarter, but not good enough," said Sterne Agee analyst Arvind Bhatia. "The stock had run up too much, too quickly."

Wall Street analysts on average expected Netflix to add 700,000 new customers to the U.S. streaming service, the largest part of its business, Bhatia said.

Netflix beat analysts' forecasts with $29 million in profit, or 49 cents per share, and up from $6 million a year earlier. Analysts on average expected 40 cents, according to Thomson Reuters I/B/E/S.

Revenue for the quarter was $1.07 billion, up 20 percent from $889 million a year earlier.

The company shook up Hollywood last week with 14 Emmy nominations for original series including "Arrested Development" and political thriller "House of Cards," the first Internet series to nab Emmy nods in major categories. The shows are part of a push into original content that Netflix hopes will bring in new subscribers.

Hastings said the company was pleased with the response to its original programming.

"The strategy is just beginning," he said in an interview. "The payoff is continued rapid membership growth. If we can continue our rapid membership growth, we'll feel very pleased."

The original shows are grabbing "TV-sized audiences," Netflix Chief Content Officer Ted Sarandos said in a video webcast with executives, an unusual format that replaced the traditional quarterly conference call. The company declined to provide viewership figures for the shows.

Netflix, in its shareholder letter, forecast it will add up to 1.5 million U.S. streaming customers in the current quarter. That guidance "looks like a little light," Gabelli & Co analyst Brett Harriss said. "Netflix needs to add a substantial amount of subscribers to justify the current valuation."

The company reported 29.8 million U.S. streaming customers at the end of June, and 7.8 million international streaming customers.

Netflix is working to add subscribers to pay the cost of movies and TV shows from Hollywood studios, its original shows, and a push into foreign territories. At the same time, it is facing competition from online players such as Amazon.com Inc and Hulu, which is getting a cash infusion of $750 million from owners Walt Disney Co, 21st Century Fox and Comcast Corp.

"Now that Hulu has more money to spend, content prices may rise further," Hastings and Wells said in their letter. "But we have many multi-year deals in place to mitigate this."

(Additional reporting by Liana B. Baker; Editing by Ronald Grover, Steve Orlofsky and Bob Burgdorfer)
http://www.reuters.com/article/2013/...96L0UK20130723





Aereo as Bargaining Chip in Broadcast Fees Battle
Brian Stelter

As another television programming blackout looms, this time because of a high-stakes negotiation between the CBS Corporation and Time Warner Cable, there is a new wrinkle, courtesy of Aereo, the start-up that streams broadcast TV via the Internet.

The contract dispute between CBS and Time Warner Cable is the first to unfold in the New York metropolitan area since Aereo came to market there last year. Last week, the companies warned that if the dispute was not resolved by Wednesday, CBS could be taken away from three million of Time Warner Cable’s 12 million subscribers.

Enter Aereo. The service, backed by Barry Diller and a number of other venture capitalists, uses giant arrays of antennas to pick up freely available television signals and stream them to the phones, computers and other screens of paying subscribers. By relying on the antennas, Aereo does not pay the kinds of retransmission fees that distributors like Time Warner Cable pay to broadcasters like CBS — an approach that Aereo says is legal, but that the broadcasters say is not.

Analysts have theorized that distributors could exploit Aereo, or a service like it, to avoid paying increasingly steep retransmission fees. Such fees are at the heart of the current fight with CBS.

While Time Warner Cable does not seem ready or willing to deploy Aereo-like technology, a spokeswoman, Maureen Huff, said Sunday that it would recommend Aereo to its New York subscribers if CBS was blacked out. The distributor may also underline the fact that Aereo, which normally costs $8 a month, offers a 30-day free trial. (Ms. Huff also pointed out that many CBS shows are available online on a delayed basis, and that “all of CBS’s broadcast TV programming is available free over-the-air,” so subscribers can use antennas.)

Time Warner Cable is treading carefully because Aereo is the subject of several lawsuits filed by major media companies. In this case, its invocation of Aereo might be particularly corrosive because CBS has helped lead the charge against Aereo in the courts.

To date, the service has been upheld by the Court of Appeals for the Second Circuit in New York; last week, in its third victory there, the appeals court declined to hear the broadcasters’ appeal.

Emboldened by the rulings, Aereo, which is so small that it has not shared any New York subscriber data, recently expanded to Boston and Atlanta; its next market is Chicago, it says, with many more to come. But it has not announced any plans in the West Coast markets covered by the Ninth Circuit Court, where a service similar to Aereo was rejected in December. Given the uncertain state of play, Aereo is of limited use to Time Warner Cable currently; along with New York, the fight with CBS affects subscribers in Los Angeles, Dallas and several smaller markets.

David Bank, a media analyst for RBC Capital Markets, said he would not be shocked if the distributor somehow used Aereo to skirt the blackout, or encouraged subscribers to do so. But he wrote in an e-mail message: “I think it would be more of ‘negotiating tactic’ than a real business solution.”

A CBS spokesman declined to comment. In a statement last week about the potential blackout, the company, whose broadcast network is the highest-rated network in the United States, said it “remains committed to working towards a mutually agreeable contract.”

“This conflict just further highlights the importance of having alternatives in the marketplace,” Chet Kanojia, the chief of Aereo, said in a statement. “It’s also a great reminder that consumers have the right to watch over-the-air television using an antenna. Whether they use Aereo or some other type of antenna, it’s their choice. That’s the beauty of having alternatives.”
http://www.nytimes.com/2013/07/22/bu...ternative.html





Comcast Launches Supercharged X1 Cable Box In Area; Cox Plans Upgrade
Kevin Hunt

The clunky, noisy, technologically dated cable box is finally getting a makeover. For area Comcast subscribers, it starts Tuesday with the official availability of the X1 video-service platform powered by an Internet-equipped set-top box.

Eligible subscribers to Comcast's Triple Play bundle of television, Internet and phone service who elect the no-cost (except for the standard $90 installation of the new box) upgrade will barely recognize what's on their screen.

"It's like going from 'The Flintstones' to 'The Jetsons,'" says Brian Ferney, Comcast's director of marketing for Western New England.

The Bottom Line, after a sneak preview last week — about 2,000 households who have upgraded to Triple Play service since June have received the new boxes — suspects subscribers will like the 21st-century on-screen look and functions. That's assuming there are minimal bugs, freeze-ups and other new-technology calamities.

Current owners of a gaming console, Apple TV or a satellite receiver — all probably wondering what took so long — will recognize many of the features.

Among them:

>> Send To TV, which displays any Internet material from an iPhone or iPad — including Netflix — on your television, via the X1 box, much like Apple's AirPlay technology.

>> An (Apple-only) app that turns an iPhone or iPad into a remote control, including voice navigation.

Laura Brubaker Crisco, Comcast's Western New England Region director of public relations and an X1 user, demonstrated by clearly enunciating "Brad Pitt" into her iPhone: Pitt's picture and Comcast's available library of his movies quickly displayed on a nearby television.

Users also can use voice commands to search ("Find the Red Sox game") or "record." Shaking the device with the remote app activated pauses On Demand content.

The app also works long range: Users can schedule a recording, even change the channel other family might be watching, from an office cubicle.

>> A 500-gigabyte DVR (the X1 is available only to Triple Play customers with DVR service), up from the 80- to 320-gigabyte storage capacity of previous boxes. Comcast's X2 platform, a firmware update to X1 boxes likely arriving in this area in early 2014, will add cloud storage.

>> Five digital tuners that allow recording up to four programs while watching a fifth. Current two-tuner boxes give users a combination of two programs at once whether it's watching one while recording another or recording two.

>> An app-like interface that's cleaner, faster and more powerful that previous Motorola set-top boxes. Even the box, with a glowing green ring around the power button, looks slicker.

>> Actual apps, however rudimentary, that use the X1's Internet access. For now, they include Facebook, Pandora radio, The Weather Channel, INRIX local traffic and a sports scoreboard. Users also can share what they're watching via Facebook or Twitter.

>> The On Demand menu now looks more like Netflix or other streaming services like Vudu, with a box-cover menu of available titles. A movie or actor search also leads to extensive plot summaries, biographical information and ratings from third-party sites like Rotten Tomatoes.

"It's like going to IMDB," says Crisco.

With the X1 On Demand, viewers can start watching a movie on the television, pause, then resume later on a tablet or computer.

>> An emphasis on what you want to watch instead of which channel. The X1 box recommends programming and movies based on the subscribers search and viewing history. The program guide filters listings in six categories, and also by age for family-appropriate viewing.

"It's less about channels, more about content," says Ferney.

>> Even the remote is different, with fewer keypads (including alphanumeric, like a telephone keypad, to enter keyword searches). This remote, which uses radio-frequency technology, must be paired to a specific box. Unlike earlier remotes that used infrared technology, the new X1 remotes do not require line-of-sight. That means the box could remain out of view, in a cabinet, and it will still receive signals from the remote.

Cox subscribers who might be feeling a little cable-envy can expect a system upgrade later this summer. The project, with a working title of Personal Video Experience, will include an app capable of streaming video to a television via the cable box and a new box with a 2-terrabyte (2,000 gigabytes) DVR that can record up to six programs simultaneously.

Neither box will dethrone Dish's Hopper, with its 2-terrabyte hard drive, an AutoHop feature that skips commercials, auto-record of all prime-time programming and Sling technology that allows viewing of all subscribed channels on a computer, smartphone or tablet.

But X1, which debuted nationally more than a year ago in Boston, and Cox's yet-to-be-named system shows that cable service in Greater Hartford is finally starting to catch up.
http://www.courant.com/business/conn...7418207.column





Verizon FiOS Rolls Out 500-Meg Internet Tier

Offers Range of Bundled Prices, As Well As a Stand-Alone Residential Tier That Runs $299.99 Per Month
Jeff Baumgartner

Verizon Communications new fiber-fed Internet tier isn’t offering Google Fiber-like speeds yet, but it’s getting closer.

The telco on Monday unleashed a FiOS Internet speed service for residential and business customers that maxes out at 500 Mbps downstream by 100 Mbps upstream that is being priced based on service bundles and other factors.

The stand-alone price for the residential version of the 500-Meg tier is $299.99 per month, according to Verizon spokesman Bill Kula.

Here’s how monthly pricing stacks up when the new offering is teamed with Verizon’s variety of FiOS TV packages:

· $310 per month when paired with Select HD, FiOS TV’s sports-free video service;
· $320 per month with FiOS TV Prime;
· $335 per month with FiOS TV Extreme; and,
· $355 per month with FiOS TV Ultimate.

The pricing on the above tiers is reduced by $5 per month when customers agree to a two-year contract.

When the 500-Meg tier is teamed with Verizon FiOS Digital Voice, the combined cost is $315 per month, Kula said.

Verizon has also set bundled triple-play pricing that includes the new speed tier:

· $330 per month with FiOS Select HD and FiOS Digital Voice;
· $340 per month with FiOS TV Prime and FiOS Digital Voice;
· $355 per month with FiOS TV Extreme and FiOS Digital Voice; and,
· $375 per month with FiOS TV Ultimate and FiOS Digital Voice.

The business services version of the 500 Meg tier with a dynamic IP address runs $380 per month, or $10 less per month with a two-year contract. The same tier with a static IP address costs $399.99 without a two-year contract.

Kula said Verizon is not charging an upgrade fee to most customers who select the new, speedier service. The exception, he said, is customers who are currently taking month-to-month plans; those customers must foot a one-time, $100 fee.

All of the FiOS Internet tiers remain uncapped and unmetered.

Verizon’s new tier isn’t currently available to all homes and businesses covered by the FiOS network. Kula declined to offer a current percentage, but did note that Verizon expects to offer the new 500-Meg service to be offered to at least 70% of its FiOS Internet customer base by the end of 2014. The FiOS footprint currently passed about 18 million homes in parts of 12 states, plus Washington, D.C.

The new tier represents a leap above the 300 Mbps down by 65 Mbps upstream service introduced by Verizon on June 18, 2012.

Verizon has not broken down how many of its 5.8 million FiOS Internet take each speed tier, but Kula noted that more than one-third are taking speeds of more than 50 Mbps down by 25 Mbps up, and that the telco expects its 50-Meg/25-Meg tier to continue to serve as Verizon’s “sweet spot.”

Verizon has tested its fiber network running up to 10 Gbps, but the company has not announced plans to launch a 1-Gig service. Google Fiber, for example, offers a symmetrical 1-Gig standalone service for $70 per month in the Kansas City area.

“We’ll continue to watch very closely the reaction from the market and make decisions based on any potential changes in the bandwidth speeds that we offer,” Kula said. Verizon settled on 500-Meg downstream because it believed it represented a “good, appropriate step for our customer base.”

Comcast is using its fiber-based Metro Ethernet platform to power a residential broadband service in the Northeastern U.S. that tops out at 305 Mbit/s down by 65 Mbps upstream. The MSO’s current top-end DOCSIS 3.0 service offers 105 Mbps down and 20 Mbps up.

The latest DOCSIS 3.0 chipset coming from Broadcom will bond up to 32 downstream channels, enough to produce speed bursts of 1.2 Gbps in North American DOCSIS networks. The emerging DOCSIS 3.1 specs are targeting speeds up to 10 Gbps down by 2 Gbps up. At The Cable Show in June, CableLabs demonstrated downstream speeds of 6 Gbps using pre-production hardware from Broadcom that uses technology that will be baked into the new D3.1 platform .
http://www.multichannel.com/distribu...et-tier/144521





We’re Number 9! U.S. Slips in Internet Connection Ranking
Curt Woodward

Here’s something to add to your decline-of-the-empire files: the U.S. is falling further behind in world rankings of average Internet connection speeds.

That’s the verdict from the latest State of the Internet Report by Akamai (NASDAQ: AKAM), the Cambridge, MA-based networking company that handles about a third of global Web traffic.

The latest stats cover the first quarter of this year, and they’re not very comforting for American Internet users.

The U.S. dropped one place from the previous quarter, to ninth overall, at 8.6 megabits per second. Sweden now takes eighth place with an average connection speed of 8.9 megabits per second (mobile networks were not included).

That lackluster performance comes even though the U.S. connection speed improved by some 27 percent over the previous year, according to Akamai’s report.

But it wasn’t enough to overtake Internet-speed titans such as Latvia and the Czech Republic. Seriously.

Asia once again led the list, with South Korea, Japan, and Hong Kong in the top three spots. Scandinavian nations also were well represented.

There are many reasons for the U.S. to perform poorly against these rivals, of course—a larger population in some cases, and a bigger land mass to contend with. But other countries also often enjoy a more competitive market for service providers—and it shows in these rankings, among others.

In fact, U.S. consumers don’t just have slower speeds than some much smaller countries, they also tend to pay more for those laggardly connections.

It’s a perplexing problem that has led some to call for Internet access to be treated as a public utility, and spurred unexpected competitors like Google to bring super-fast gigabit Internet connections to selected communities through its Google Fiber program.

That kind of competition is welcome, but it isn’t making a dent yet.

Within the U.S., East Coast states dominated the average connection speed rankings, with Vermont, New Hampshire and Delaware taking the top three spots. Utah was the only top-10 state beyond the East Coast.
http://www.xconomy.com/national/2013...ction-ranking/




Prime Minister: UK ISPs Will Have To Block Porn

The government has outlined new measures to protect children online, but it’s unclear just how effective they will be
Max Smolaks

Internet Service Providers (ISPs) across the UK will be forced to offer an “opt-out” adult content filter, as part of the government’s efforts to protect children online.

“In the darkest corners of the Internet, there are things going on that are a direct danger to our children, and that must be stamped out,” said Prime Minister David Cameron, announcing the new rules today.

Changes to legislation will also make possession of pornography depicting rape a criminal offence, along with several other measures aimed at “cleaning up” the Internet.

The forced introduction of “opt-out” filters doesn’t come as a surprise – last week, the BBC published a leaked memo in which the Department of Education asked ISPs to align some of the terminology used when talking about filters with that of the government.

“Opt-out” Internet filtering has been criticised as being ineffective, and giving parents a false sense of security.

Here come the filters

Under new rules, adult content filters will be automatically switched on for all new and existing customers, with the option to switch them off by contacting the ISP. Additionally, search engines will have until October to introduce new measures to block illegal content. The government also wants warning pop-ups to appear when users try to access content that might land them in trouble with the law.

As part of the campaign, the Child Exploitation and Online Protection Centre (CEOP) will be tasked with investigating file-sharing networks to establish their role in exchange of child abuse images. The Centre will also be given more powers to investigate.

Finally, the government has authorised the creation of a single database of child abuse images collected by police, which will be used to identify and track such content and the people viewing it.

“Blocking search terms will raise the bar for initial access to this content, but the fact remains that the vast majority of this material is not found on the open, searchable Internet,” commented Christian Berg, CEO at NetClean.

“Stronger laws are a great exercise in demonstrating the strength of will behind this campaign, however the core of the solution is technology, and ensuring that the technology available to track, find and disrupt this crime is used effectively worldwide.”

Some critics of the automatic “opt-out” filters describe them as an outdated technology which is incapable of protecting children, and only serves the interest of politicians.

“The original filtering techniques were developed in the university sector, to stop students and adults accessing material that the provider of the connection didn’t want them to – not to protect them against an accidental encounter,” Chris Puttick, CEO of Internet protection firm TwoTen, told TechWeekEurope last week.

Adult content is something children will actually look for, when they reach a certain age (certainly by the time they are teens), and so-called porn blocks can do little to stop this. “This is stuff that children from a certain age actively seek,” said Puttick. “They are not wandering around and finding it accidentally, that’s not how it happens.”

Last year’s survey by YouGov revealed that just one in four UK adults with children in their household was in favour of having a default porn filter.
http://www.techweekeurope.co.uk/comm...ck-porn-122524





Family Filters Won't Block 'Soft' Porn: David Cameron Retreats in War on Internet Porn, Admitting There Will be 'Problems Down the LINE'

Proposals criticised by anti-censorship groups, who warn that sites about sexual health and sexuality could inadvertently get caught up in the ban
Oliver Wright

David Cameron is facing serious questions over how his plan for automatic internet “porn filters” in every British home would work - after he suggested that topless images such as those used on The Sun’s page three would be still be accessible online.

The Prime Minister used a major speech to set out a raft of reforms to protect children from “poisonous” pornography websites which, he said, were “corroding childhood”. He announced that internet service providers had agreed to introduce family-friendly filters that automatically block pornography unless customers chose to opt out.

But his proposals were criticised by anti-censorship groups, who warned that sites about sexual health and sexuality could inadvertently get caught up in the ban.

Significantly, Mr Cameron admitted there would be “problems down the line” with the system – and appeared to rule out “soft” or written pornography from the scheme entirely.

Separately, the former head of the Child Exploitation and Online Protection centre (CEOP), Jim Gamble, said Mr Cameron’s plan to tackle child abuse images by removing results from search engines like Google would be “laughed at” by paedophiles.

“There are 50,000 predators...downloading abusive images on peer-to-peer, not from Google,” he said. “Yet from CEOP intelligence only 192 were arrested last year. That’s simply not good enough.

“We’ve got to attack the root cause, invest with new money, real investment in child protection teams, victim support and policing on the ground. Let’s create a real deterrent. Not a pop-up that paedophiles will laugh at.”

Mr Cameron laid out a multi-pronged approach to tackle the proliferation of both legal and illegal pornography on the internet, saying that the problem was “too big to ignore”.

Under his proposals, by the end of next year all households will have to “opt out” of automatic porn filters, which would come as standard with internet broadband and cover all devices in a house. Possession of the most extreme forms of adult pornography will become an offence, while online content will have the same restrictions as DVDs sold in sex shops.

To tackle child abuse images, search engines have been told they will have to redact results from specific searches, while anyone accessing websites shut down by the police for containing such images will see a message warning them that what they were doing was illegal.

But in interviews after his speech, Mr Cameron seemed unclear of exactly which legal sites should be banned by the new filters - and accepted that the technology still had weaknesses.

Speaking on the BBC’s Jeremy Vine programme, Mr Cameron said what would be included in the filters would evolve over time. “The companies themselves are going to design what is automatically blocked, but the assumption is they will start with blocking pornographic sites and also perhaps self-harming sites,” he said.

“It will depend on how the companies choose how to do it. It doesn’t mean, for instance, it will block access to a newspaper like The Sun, it wouldn’t block that - but it would block pornography.”

Mr Cameron said he did not “believe” written pornography, such as erotic novel Fifty Shades of Grey, would be blocked under the plans. But he added: “It will depend on how the filters work.”

He also admitted it could lead to some interesting conversations in families. Asked if the “opt in” system meant a husband would have to “fess up” to his partner if he wanted to look at porn, he finally said: “Yes, it does.”

He then added: “I’m not saying we’ve thought of everything and there will be many problems down the line as we deal with this, but we’re trying to crunch through these problems and work out what you can do and can’t do.”

But others were critical of such a “nanny state” intervention. Daniel Foster, founder of web hosting company 34SP, said: “To say that pornography is ‘corroding childhood’ is extreme. Having criticised the previous government for operating a nanny state, this reeks of hypocrisy.

“The fact that there is plenty of widely-adopted filtering software readily available means that internet users are already acting autonomously in policing content in their own homes.”

Mr Cameron was even attacked by one of his former female MPs, Louise Mensch, for attempting to ban video containing rape simulation. She suggested such fantasies were common in more than half of all women. “It is not for our government to police consensual simulation, between adults, of one of women’s most common fantasies,” she wrote on Twitter.

Padraig Reidy, of the Index on Censorship, said people should not have to opt out of the filters. “If we have, as the Prime Minister is suggesting, an opt-out filter we have a kind of default censorship in place,” he said.

“Families should be able to choose if they want to opt in to censorship. If a filter is set up as a default then it can really restrict what people can see legitimately. Sites about sexual health, about sexuality and so on, will get caught up in the same filters as pornography. It will really restrict people’s experience on the web, including children’s.”

Dr Paul Bernal, from the University of East Anglia’s law school, suggested Mr Cameron’s crackdown on child abuse images was also inadequate. “Plans like these, worthy though they may appear, do not, to me, seem likely to be in any way effective,” he said.

“The real ‘bad guys’ will find ways around them, the material will still exist, will keep being created, and we’ll pretend to have solved the problem – and at the same time put in a structure to allow censorship, create a deeply vulnerable database of ‘untrustworthy people’, and potentially alienate many of the most important companies on the internet. I’m not convinced it’s a good idea.”

Filtering porn: problems with the plan

Can the filters work effectively?

Filtering pornography is fiendishly difficult to do accurately. Although the technology is improving, filters set up in hospitals several years ago had to be switched off after doctors were unable to access clinical studies on breast cancer.

Even if they do work, can they be circumvented?

Some schools have used web filters to stop children accessing Facebook when they were meant to be working. But some children reportedly got around them by using “proxy websites” that re-diverted them to Facebook around the filters. Such problems could also exist for pornography – while parents think there are safeguards in place.

What is pornography?

Some women’s groups believe that Page 3 in The Sun is pornography – not a view David Cameron shares. Computer algorithms may not be the best means of deciding what is and what is not pornographic.

Do we want to live in a nanny state?

The basis of Mr Cameron’s argument is that people should have to make a conscious decision to watch pornography. But civil liberties groups take the opposite approach and accuse him of hypocrisy. It was Mr Cameron who used to decry Labour’s nanny state.

And what about marital harmony?

Some men (and women) in happy relationships may secretly watch pornography without their partner’s knowledge. This, as Mr Cameron admits, will force them to fess up or abstain. A husband whose wife finds he has secretly turned off the porn filter could find himself in trouble – possibly straining the institution Mr Cameron cares most about: marriage.
http://www.independent.co.uk/news/uk...-8726991.html#





UK Porn Filter: Censorship Extends Beyond Pornography, But One ISP Is Fighting Back
Ryan W. Neal

U.K. Prime Minister David Cameron announced Monday that British Internet service providers (ISPs) must install porn filters and require customers to opt-in for adult content. Cameron said the policy is aimed at combating child porn and the “corroding influences” of sexual content in the U.K., but several people are unhappy with the plan. Reports have linked the filters to controversial Chinese company Huawei, and others have found that the filters will block much more than just porn. Some ISPs have publicly refused to force the filters on their users.

The Open Rights Group spoke with several ISPs and found that in addition to pornography, users will also be required to opt in for any content tagged as violent, extremist, terrorist, anorexia and eating disorders, suicide, alcohol, smoking, web forums, esoteric material and web-blocking circumvention tools. These will all be filtered by default, and the majority of users never change default settings with online services.

One U.K. ISP, TalkTalk, already has “The HomeSafe System,” which was singled out for praise by David Cameron when announcing the new policy. It gives another good idea of the kind of Internet censorship the British government is looking to implement.

More troubling is the revelation that HomeSafe is actually operated by Huawei, a Chinese company that both the U.K. and the U.S. accused of having close ties with the Chinese government. Huawei’s founder, Ren Zhengfei, is a former officer of China’s People’s Liberation Army, and a recent report by the Intelligence and Security Committee said, “the alleged links between Huawei and the Chinese State are concerning, as they generate suspicion as to whether Huawei’s intentions are strictly commercial or are more political.” The U.S. has branded Huawei a threat to national security.

Huawei denies any connection, and says it is being unfairly scrutinized for being Chinese. The testing center used to operate HomeSafe is based in the U.K., which Huawei says is operated with security and integrity.

ISPs will be able to use whatever filter system they like, so many may not choose to be associated with Huawei. Others are refusing to take place in the filters at all.

“Sorry, for a censored Internet you will have to pick a different ISP or move to North Korea,” Andrews & Arnold, a U.K. ISP, said in a statement. “It is not our role to try and censor what you do with the Internet.”

“It is your responsibility to stick to the laws that apply to you. We have no intention of putting in place any censorship systems or using censored transit feeds.”

The company argued that porn filters will not solve the problem of child pornography and will only create new problems. The ISP said filters will slow down connections and incentivize underground networks and encryptions that make it even harder to track criminals. The company also noted the idea of a slippery slope toward censoring non-pornographic material.

But if HomeSafe and the ORG report are any indication, Cameron censoring non-pornographic material that offends more conservative members of society is already a part of the plan.
http://www.ibtimes.com/uk-porn-filte...g-back-1361379





Chinese Firm Huawei Controls Net Filter Praised by PM
Dave Lee

The pornography filtering system praised by David Cameron is controlled by the controversial Chinese company Huawei, the BBC has learned.

UK-based employees at the firm are able to decide which sites TalkTalk's net filtering service blocks.

Politicians in both the UK and US have raised concerns about alleged close ties between Huawei and the Chinese government.

The company says the worries are without foundation and prejudiced.

On Monday the Prime Minister said TalkTalk had shown "great leadership" in setting up its system, Homesafe, which it has offered to customers since 2011.

TalkTalk told the BBC it was comfortable with its relationship with Huawei, and that the service was very popular.

Homesafe is a voluntary scheme which allows subscribers to select categories - including social media, gambling and pornography - that they want blocked.

Customers who do not want filtering still have their traffic routed through the system, but matches to Huawei's database are dismissed rather than acted upon.
Accountability question

Mr Cameron has demanded similar measures be adopted by all internet service providers (ISPs) in the UK, to "protect our children and their innocence".

He said ISPs would be monitored to ensure filtering was done correctly, but that they should choose their own preferred solution.

However, one expert insisted that private companies should not hold power over blacklists, and that the responsibility should lie with an independent group.

David Cameron: "In the balance between freedom and responsibility we have neglected our responsibility to children"

"It needs to be run by an organisation accountable to a minister so it can be challenged in Parliament," Dr Martyn Thomas, chair of the IT policy panel at the Institution of Engineering and Technology, told the BBC.

"There's certainly a concern about the process of how a web address gets added to a blacklist - who knows about it, and who has an opportunity to appeal against it," he added.

"You could easily imagine a commercial organisation finding itself on that blacklist wrongly, and where they actually lost a lot of web traffic completely silently and suffered commercial damage. The issue is who gets to choose who's on that blocking list, and what accountability do they have?"

'Policing themselves'

For almost a decade, Huawei has been a core part of telecoms infrastructure in the UK - its biggest client, BT, has routinely said it has no concerns about using the firm.

Huawei's founder Ren Zhengfei, a former officer in China's People's Liberation Army, visited Downing Street last year after his company made a £1.3bn investment into its UK operations.

But Huawei's position was recently the subject of an Intelligence and Security Committee (ISC) report. It criticised the lack of ministerial oversight over the firm's rapid expansion in the UK.

The committee said "the alleged links between Huawei and the Chinese State are concerning, as they generate suspicion as to whether Huawei's intentions are strictly commercial or are more political" - but added that it had not found any evidence of wrongdoing.

It said it had worries that a UK-based testing centre set up to examine Huawei products was staffed by experts employed by the Chinese firm.

The ISC said Huawei was "effectively policing themselves".

In the US, intelligence committees have gone further, branding Huawei a threat to national security.

For its part, Huawei strongly denies having close ties with the Chinese government, pointing out it is 98.6% owned by its employees - with the remaining amount held by Mr Ren. It welcomed the ISC's call for a review of the testing centre.

Huawei executive Chen Li Fang said the company should not be treated unfairly just because it was Chinese.

The UK government said it too agreed with the ISC's call to review the testing centre, adding that it works with all major communications providers to ensure security.

"Our work with Huawei and their UK customers gives us confidence that the networks in the UK that use Huawei equipment are operated to a high standard of security and integrity," a spokesman said.

Policy enforcement

Web filtering, which is not considered critical national infrastructure, was not covered in the ISC's report.

But the logistics of how Mr Cameron's plans will be implemented have been the subject of much debate.

Initially, TalkTalk told the BBC that it was US security firm Symantec that was responsible for maintaining its blacklist, and that Huawei only provided the hardware, as previously reported.

However, Symantec said that while it had been in a joint venture with Huawei to run Homesafe in its early stages, it had not been involved for over a year.

TalkTalk later confirmed it is Huawei that monitors activity, checking requests against its blacklist of over 65 million web addresses, and denying access if there is a match.

The contents of this list are largely determined by an automated process, but both Huawei and TalkTalk employees are able to add or remove sites independently.

Illegal websites - including ones showing images of child abuse - are blocked for all customers with the help of a list maintained by the non-profit Internet Watch Foundation.

Mr Cameron said that the actions of ISPs would be monitored to ensure filtering is done correctly.

Communications regulator Ofcom is expected to play some role in this, possibly by auditing the firms and reporting back to ministers regularly.
http://www.bbc.co.uk/news/technology-23452097





UK ISP On Porn Filters: If You Want Internet Censorship 'Move to North Korea'
Liat Clark

UK ISP Andrews & Arnold has publicly lambasted David Cameron's automatic porn filter decision and says it will not be using them, explaining "sorry, for a censored internet you will have to pick a different ISP or move to North Korea".

The statement, pointed out by TechEye, might have a comical-sounding turn to it. But the people behind Andrews & Arnold feel strongly about their role as a service provider.

"It is not our role to try and censor what you do with the internet. We do not try and log or limit what you are accessing. It is your responsibility to stick to the laws that apply to you. We have no intention of putting in place any censorship systems or using censored transit feeds."

"Active choice" it argues, "is not a choice".

It points out bluntly that a censored internet, if it were to be implemented by Andrews & Arnold (which it never will be) would provide "restricted access to unpublished government mandated filter list (plus Daily Mail web site) -- but still cannot guarantee kids don't access porn". Reiterating what many of those opposing the filters have already come out to say, these measures are not going to solve the problem they are aimed at solving, and will probably just create another one along the way.

The statement goes on to pinpoint exactly why the crusade has occurred -- "under the guise of some emotive topic such as stopping child abuse which nobody could argue with" -- and says such a step is more likely to cause the internet to run slower or with breaks, than achieve anything else. If it succeeds, that would only result in driving "the offensive use underground and using encryption so making it harder to find and deal with".

The rant goes on to depict the slippery slope we may all succumb to if the measures are implemented: "If we accept censorship for child abuse, then we have to accept it for terrorism, and then maybe political extremist views, and then maybe not so extreme views, and maybe wrong thinking or pictures of policeman (oh wait, they just tried to make that illegal too!)"

Asking if a reader might have children that access internet at home unsupervised ("is that wise?"), it then suggests those individuals invest in their own controls.

Hilarious rants aside, the release does provide some practical information on how users can protect themselves from intrustion and surveillance, which it sees as a more pressing problem.

You can read the full release here.
http://www.wired.co.uk/news/archive/...p--north-korea





Shortest Internet Censorship Debate Ever
Michał "rysiek" Woźniak

Yesterday I had the pleasure of taking part (via a radio interview) in the shortest Internet censorship debate ever.

In the morning the Minister of Justice has apparently discovered there is porn on the Internet (welcome to the Net, dear Mr Biernacki; wish you'd been here earlier) and has »voiced his support for implementing the »British "solution" in Poland; already in the evening »PM Donald Tusk and »Minister of Administration and Digitization Michał Boni categorically denied any such plans.

In the meantime the NGOs that had been involved in several Internet censorship debates in Poland during the last few years were flooded with media inquiries about the subject — and criticised both the British idea and Minister Biernacki's statement.

Obviously subject matter arguments were used, unchanged as they are for years: censorship can't work; it does not solve the actual proble, just hides it; is a great potential danger to free speech and privacy; and so on, and so forth. However, it was also noted that, sadly, the same cabinet (give or take a few Ministers) keeps floating this idea over and over again, and we have to get back to this debate that has been already had several times during last 4 years in Poland.

This observation is however incorrect — to great joy and surprise of the undersigned.

And yet they learn!

We shall not block access to legal content regardless of whether or not it appeases us aesthetically or ethically
— »PM Donald Tusk, 26.07.2013

I would like to find solutions that are effective and at the same time do not cause concerns regarding surveillance of Internet users or over potential of erroneous limiting our Internet activity. (...) Filtering does not remove the content.
— »Minister Michał Boni, 26.07.2013


Chapeau bas! Turns out that years of subject matter discussion, with concrete evidence and arguments, have not been wasted, at least as long as we're talking about the PM or the Minister of Administration and Digitization. This gives hope.

Next time some Minister discovers with horror that there is pornography on the Internet and that it might have a bad influence on youth (which I can understand might actually be true), before they offer their "revolutionary" idea of censoring the Internet for everybody, maybe — just maybe! — they will simply first ask their colleagues in other departments (Ministry of Health? of Education? of Administration and Digitization?) if there were better and more sane solutions available.

Meanwhile, could the UK and other so-called democracies please »do something with their politicos and their moronic ideas, so that our political class doesn't get ideas of their own?
http://rys.io/en/109





U.N. Warns on Mobile Cybersecurity Bugs in Bid to Prevent Attacks
Jim Finkle

A United Nations group that advises nations on cybersecurity plans to send out an alert about significant vulnerabilities in mobile phone technology that could potentially enable hackers to remotely attack at least half a billion phones.

The bug, discovered by German firm, allows hackers to remotely gain control of and also clone certain mobile SIM cards.

Hackers could use compromised SIMs to commit financial crimes or engage in electronic espionage, according to Berlin's Security Research Labs, which will describe the vulnerabilities at the Black Hat hacking conference that opens in Las Vegas on July 31.

The U.N.'s Geneva-based International Telecommunications Union, which has reviewed the research, described it as "hugely significant."

"These findings show us where we could be heading in terms of cybersecurity risks," ITU Secretary General Hamadoun Touré told Reuters.

He said the agency would notify telecommunications regulators and other government agencies in nearly 200 countries about the potential threat and also reach out to hundreds of mobile companies, academics and other industry experts.

A spokeswoman for the GSMA, which represents nearly 800 mobile operators worldwide, said it also reviewed the research.

"We have been able to consider the implications and provide guidance to those network operators and SIM vendors that may be impacted," said GSMA spokeswoman Claire Cranton.

Nicole Smith, a spokeswoman for Gemalto NV, the world's biggest maker of SIM cards, said her company supported GSMA's response.

"Our policy is to refrain from commenting on details relating to our customers' operations," she said.

BECOMING THE SIM

Cracking SIM cards has long been the Holy Grail of hackers because the tiny devices are located in phones and allow operators to identify and authenticate subscribers as they use networks.

Karsten Nohl, the chief scientist who led the research team and will reveal the details at Black Hat, said the hacking only works on SIMs that use an old encryption technology known as DES. The technology is still used on at least one out of eight SIMs, or a minimum of 500 million phones, according to Nohl.

The ITU estimates some 6 billion mobile phones are in use worldwide. It plans to work with the industry to identify how to protect vulnerable devices from attack, Touré said.

Once a hacker copies a SIM, it can be used to make calls and send text messages impersonating the owner of the phone, said Nohl, who has a doctorate in computer engineering from the University of Virginia.

"We become the SIM card. We can do anything the normal phone users can do," Nohl said in a phone interview. "If you have a MasterCard number or PayPal data on the phone, we get that too."

IPHONE, ANDROID, BLACKBERRY

The mobile industry has spent several decades defining common identification and security standards for SIMs to protect data for mobile payment systems and credit card numbers. SIMs are also capable of running apps.

Nohl said Security Research Labs found mobile operators in many countries whose phones were vulnerable, but declined to identify them. He said mobile phone users in Africa could be among the most vulnerable because banking is widely done via mobile payment systems with credentials stored on SIMs.

All types of phones are vulnerable, including iPhones from Apple Inc, phones that run Google Inc's Android software and BlackBerry Ltd smartphones, he said.

BlackBerry's director of security response and threat analysis, Adrian Stone, said in a statement that his company proposed new SIM card standards last year to protect against the types of attacks described by Nohl, which the GSMA has adopted and advised members to implement.

Apple and Google declined comment.

CTIA, a U.S. mobile industry trade group based in Washington, D.C., said the new research likely posed no immediate threat.

"We understand the vulnerability and are working on it," said CTIA Vice President John Marinho. "This is not what hackers are focused on. This does not seem to be something they are exploiting."

(Reporting by Jim Finkle. Additional reporting by Leila Abboud. Editing by Tiffany Wu and Andre Grenon)
http://www.reuters.com/article/2013/...96K04N20130721





Encryption Flaw Makes Phones Possible Accomplices in Theft
Kevin J. O’Brien

A German mobile security expert says he has found a flaw in the encryption technology used in some SIM cards, the chips in handsets, that could enable cyber criminals to take control of a person’s phone.

Karsten Nohl, founder of Security Research Labs in Berlin, said the encryption hole allowed outsiders to obtain a SIM card’s digital key, a 56-digit sequence that opens the chip up to modification. With that key in hand, Mr. Nohl said, he was able to send a virus to the SIM card through a text message, which let him eavesdrop on a caller, make purchases through mobile payment systems and even impersonate the phone’s owner.

He said he had managed the whole operation in about two minutes, using a simple personal computer. He estimates as many as 750 million phones may be vulnerable to attacks.

“We can remotely install software on a handset that operates completely independently from your phone,” Mr. Nohl said. “We can spy on you. We know your encryption keys for calls. We can read your S.M.S.’s. More than just spying, we can steal data from the SIM card, your mobile identity, and charge to your account.”

Mr. Nohl is well known in security circles. In 2009, he published a software tool that computes the 64-bit key used to encrypt conversations on GSM networks, prompting the industry to adopt better safeguards. His company, Security Research Labs, advises German and U.S. multinational companies on mobile security issues.

Mr. Nohl said the flaw he had discovered was the result of an encryption method developed in the 1970s called data encryption standard, or D.E.S. After uncovering the breach, he researched the pervasiveness of the problem by testing about 1,000 SIM cards on cellphones running on mobile networks in Europe and North America over a two-year period. The phones and SIM cards were owned and used by himself and members of his research team. Mr. Nohl said that about one-quarter of the SIM cards running the older encryption technology exhibited the flaw.

D.E.S. encryption is used on about half of the about six billion cellphones in use daily. Over the past decade, most operators have adopted a stronger encryption method, called Triple D.E.S., but many SIM cards still run the old standard. The encryption is used to disguise the SIM card, and thus a mobile phone’s unique digital signature.

Mr. Nohl has shared the results of his two-year study with the GSM Association, an organization based in London that represents the mobile industry, through a process of “responsible disclosure.” On Aug. 1, he plans to present the full details of his research at the Black Hat conference, a computer hackers’ gathering, in Las Vegas.

In a statement, a GSM Association spokeswoman, Claire Cranton, said Mr. Nohl had sent the association outlines of his study, which the organization had passed along to operators and to makers of SIM cards that still relied on the older encryption standard.

“We have been able to consider the implications and provide guidance to those network operators and SIM vendors that may be impacted,” Ms. Cranton said. She added that it was likely only a minority of phones using the older standard “could be vulnerable.”

Ms. Cranton declined to comment on Mr. Nohl’s estimate that 750 million cellphones might be open to attack, saying the association would not comment until it had reviewed Mr. Nohl’s full research findings in Las Vegas. A large maker of SIM cards, the Dutch company Gemalto, said the GSM Association had told it of Mr. Nohl’s preliminary findings. A second maker of SIM cards, the German company Giesecke & Devrient, said it had “analyzed this attack scenario.”

Gemalto has been working closely with the association and other industry groups “to look into the first outline given by Mr. Nohl,” Gemalto said in a statement. The company said the GSM Association had already disseminated Mr. Nohl’s findings to group members.

Mr. Nohl was able to derive the SIM card’s digital key by sending an SMS disguised as having been sent from the mobile operator. Carriers routinely send specially coded messages to handsets to validate customers’ identities for billing and mobile transactions.

For each message, the network and the phone verify their identities by comparing digital signatures. The message sent by Mr. Nohl deliberately used a false signature for the network. In three-quarters of messages sent to mobile phones using D.E.S. encryption, the handset recognized the false signature and ended communication.

But in a quarter of cases, the phone broke off the communication and sent an error message back to Mr. Nohl that included its own encrypted digital signature. The communication provided Mr. Nohl with enough information to derive the SIM card’s digital key.

Mr. Nohl said he had advised the GSM Association and chip makers to use better filtering technology to block the kind of messages he had sent. He also advised operators to phase out SIM cards using D.E.S. encryption in favor of newer standards. He added that consumers using SIM cards more than three years old should get new cards from their carriers.

Giesecke & Devrient, in a statement, said that it had begun phasing out SIM cards using D.E.S. encryption in 2008. The German company said the unique operating system used in its SIM cards, even those running D.E.S. encryption, would prevent a phone from inadvertently sending the kind of “message authentication code” that Mr. Nohl had used to pierce the encryption.

Mr. Nohl said he was not planning to disclose the identities of the operators whose SIM cards had performed poorly in his study at the Black Hat conference in August. But he said that he planned to publish a comparative list of SIM card security by operator in December at a computer hackers’ conference in Hamburg, Germany, called the Chaos Communication Congress.
http://www.nytimes.com/2013/07/22/te...-in-theft.html





SIM Cards Have Finally Been Hacked, And The Flaw Could Affect Millions Of Phones
Parmy Olson

Security researcher Karsten Nohl says some SIM cards can be compromised because of wrongly configured Java Card software and weak encryption keys; Photo credit Luca Melette

Smartphones are susceptible to malware and carriers have enabled NSA snooping, but the prevailing wisdom has it there’s still one part of your mobile phone that remains safe and un-hackable: your SIM card.

Yet after three years of research, German cryptographer Karsten Nohl claims to have finally found encryption and software flaws that could affect millions of SIM cards, and open up another route on mobile phones for surveillance and fraud.

Nohl, who will be presenting his findings at the Black Hat security conference in Las Vegas on July 31, says his is the first hack of its kind in a decade, and comes after he and his team tested close to 1,000 SIM cards for vulnerabilities, exploited by simply sending a hidden SMS. The two-part flaw, based on an old security standard and badly configured code, could allow hackers to remotely infect a SIM with a virus that sends premium text messages (draining a mobile phone bill), surreptitiously re-direct and record calls, and — with the right combination of bugs — carry out payment system fraud.

Payment fraud could be a particular problem for mobile phone users in Africa, where SIM-card based payments are widespread. The deployment of so-called NFC payment technology, already slow to take off, could also be at risk, Nohl says, as well as the ability for carriers to track charges to each caller’s account.

There’s no obvious pattern to the flaw beyond the premise of an older encryption standard. “Different shipments of SIM cards either have [the bug] or not,” says Nohl, who is chief scientist at risk management firm Security Research Labs. “It’s very random.”

In his study, Nohl says just under a quarter of all the SIM cards he tested could be hacked, but given that encryption standards vary widely between countries, he estimates an eighth of the world’s SIM cards could be vulnerable, or about half a billion mobile devices.

Nohl, who was profiled by Forbes’ Andy Greenberg in 2011 for his work on breaking mobile encryption standards, believes it unlikely that cyber criminals have already found the bug. Now that word of the vulnerability is out, he expects it would take them at least six months to crack it, by which time the wireless industry will have implemented available fixes.

That effort may already be underway. Nohl says at least two large carriers have already tasked their staff with finding a patch for the SIM vulnerability, which they will share with other operators through the wireless trade body GSMA.

“Companies are surprisingly open to the idea of working cooperatively on security topics because the competition is somewhere else,” says Nohl. “The competition is organized crime, not AT&T versus T-Mobile.” (The situation in similarly in finance, where payment services like MasterCard, Visa, and American Express will work together under industry association EMVco to improve security standards for smart cards.)

The market for SIMs is almost entirely fed by mobile carriers, and supplied by two leading global vendors, Gemalto and Oberthur Technologies. Both have profited heavily from the huge growth in mobile handsets: two years ago there were 1 billion SIM cards worldwide, and today there are more than 5 billion, says ABI Research analyst John Devlin, though the market is slowly reaching a plateau. SIMs are thought to be one of the most secure parts of a phone, he added, and as the carrier’s property, are “key to their relationship between you and I, the subscriber.”

Vodafone would not answer questions about the level of encryption its SIM cards used, and referred all media questions to GSMA. Both Verizon and AT&T said they knew of Nohl’s research, but said their SIM profiles were not vulnerable to the flaw. AT&T added that it had used SIMs with triple Data Encryption Standards (3DES) for almost a decade; Verizon did not specify why its SIMs were not vulnerable.

The London-based GSMA said it had looked at Nohl’s analysis and concurred that “a minority of SIMs produced against older standards could be vulnerable.” It said it had already provided guidance to network operators and SIM vendors who could be impacted by the flaw. “There is no evidence to suggest that today’s more secure SIMs, which are used to support a range of advanced services, will be affected,” a spokesperson added.

Nohl says that while AT&T and Verizon may benefit from robust SIM encryption standards, other carriers will use straight Data Encryption Standards (DES), guidelines developed in the 1970s that are fundamental to why he was able to “get root” on dozens of SIMs cards.

“Give me any phone number and there is some chance I will, a few minutes later, be able to remotely control this SIM card and even make a copy of it,” Nohl says.

SIM cards are essentially mini-computers with their own operating system and pre-installed software. To maintain security, many rely on a cryptographic standard called DES (digital encryption standard), which was invented by IBM in the 1970s and improved by the NSA. Some networks, like AT&T and the four major carriers in Germany, have moved away from using the old version of the standard, but others have not. Though Nohl didn’t identify a pattern to vulnerable SIMs in terms of manufacturers, the ones he could hack all used the old encryption standard.

Key to the hack is Java Card, a general purpose programming language used on 6 billion SIM cards. If operators need to update something on your SIM, for instance allowing interoperability with a carrier in another country, it will execute the right Java Card programs on your SIM by sending your mobile a binary SMS. This is a text message you will never see, sent through a method called over-the-air programming (OTA).

In early 2011, Nohl’s team started toying with the OTA protocol and noticed that when they used it to send commands to several SIM cards, some would refuse the command due to an incorrect cryptographic signature, while a few of those would also put a cryptographic signature on this error message.

With that signature and using a well known cryptographic method called rainbow tables, Nohl was able to crack the encryption key on the SIM card in about one minute. Carriers use this key to remotely program a SIM, and it is unique to each card.

“Anybody who learns the key of a particular SIM can load any application on the SIM he wants, including malicious code,” says Jasper Van Woudenberg, CTO North America of smart-card security firm Riscure.

“We had almost given up on the idea of breaking the most widely deployed use of standard cryptography,” says Nohl, but it felt “great” to finally gain control of a SIM after many months of unsuccessful testing.

With the all-important (and till-now elusive) encryption key, Nohl could download a virus onto the SIM card that could send premium text messages, collect location data, make premium calls or re-route calls. A malicious hacker could eavesdrop on calls, albeit with the SIM owner probably noticing some suspiciously-slow connections.

Nohl found a second bug. Unrelated to the weak encryption key, it allows even deeper hacking on SIMs and is caused, Nohl says, by a mistake on the part of SIM card manufacturers. Java Card uses a concept called sandboxing, in which pre-installed programs like a Visa or PayPal app are shielded from one another and the rest of the SIM card. The term comes from the idea of only allowing programs to “play with their own toys, in their own sandbox,” says Nohl. “This sandboxing mechanism is broken in the most widely-used SIM cards.” The researcher says he found a few instances where the protocols on the SIM card allowed the virus he had sent to a SIM, to check the files of a payment app that was also installed on the card.

The way this works is somewhat complex, but Nohl’s virus essentially gave the infected Java software a command it could not understand or complete – eg. asking for the 12th item in a 10-item list, leading the software to forgo basic security checks and granting the virus full memory access, or “root,” in cyber security parlance.

In sum, a malicious hacker who wanted to use this method might start with a list of 100 phones. They could send a binary SMS to all of them, using a programmable cell phone connected to a computer. They might get 25 responses with cryptographic signatures, and dismiss the half that use a stronger security standard. From the rest, Nohl surmises they could crack the encryption key of perhaps 13 SIM cards, and send them a virus that breaks through the Java Card sandbox barriers and reads payment app details, as well as the master key of the SIM card.

Who’s to blame for this and who can fix it? Nohl says broken Java sandboxing is a shortcoming of leading SIM card vendors like Gemalto and Oberthur. Riscure’s Van Woudenberg agrees.

Gemalto which made about half its $2.5 billion revenue in 2012 selling SIM cards, said in an email to Forbes that its SIMs were “consistent with state-of-the-art and applicable security guidelines,” and that it had been working closely with GSMA and other industry bodies to look into Nohl’s research. Gemalto’s CEO Olivier Piou has said publicly that there are no security issues with mobile payments, and his company says on its website that SIM cards are “virtually impossible to crack.”

Despite this, Nohl believes badly-configured Java Card sandboxing “affects every operator who uses cards from two main vendors,” including carriers like AT&T and Verizon who use robust encryption standards. Are SIM cards with these 3DES standards vulnerable? Nohl suggests they might be, and that he’ll expound on the details at Black Hat.

At minimum it seems that carriers should upgrade to newer encryptions quickly, not just for the safety of their subscribers, but future revenue too. Payment providers like MasterCard and Visa will need to use the OTA protocol to fill SIM cards with Java applications, like credit card applets, and enable NFC-based payments on phones in the future — and they’ll pay carriers for the privilege of being on the SIM. “Operators see this as valuable real estate,” says Nohl, referring to this OTA communication channel. Leaving aside what this means for consumer privacy, Nohl’s findings may leave some carriers grappling with new questions over the security (and value) of this real estate.

“Carriers and SIM card manufacturers do need to step up their security game for when payments arrive,” says Van Woudenberg. Banks are slow and cautious with new technology as they wait for it be proven secure, he adds, but “the mobile world moves much faster, as time-to-market is for them more important.”

As mobile payments bring these two worlds together, Nohl’s research has shown the process of proving out security on SIMs could be more challenging than the key players originally thought.
http://www.forbes.com/sites/parmyols...ons-of-phones/





PIN-Punching Robot Can Crack Your Phone's Security Code In Less Than 24 Hours
Andy Greenberg

There’s nothing particularly difficult about cracking a smartphone’s four-digit PIN code. All it takes is a pair of thumbs and enough persistence to try all 10,000 combinations. But hackers hoping to save time and avoid arthritis now have a more efficient option: Let a cheap, 3D-printable robot take care of the manual labor.

At the Def Con hacker conference in Las Vegas early next month, security researchers Justin Engler and Paul Vines plan to show off the R2B2, or Robotic Reconfigurable Button Basher, a piece of hardware they built for around $200 that can automatically punch PIN numbers at a rate of about one four-digit guess per second, fast enough to crack a typical Android phone’s lock screen in 20 hours or less.

“There’s nothing to stop someone from guessing all the possible PINs,” says Engler, a security engineer at San Francisco-based security consultancy iSec Partners. “We often hear ‘no one would ever do that.’ We wanted to eliminate that argument. This was already easy, it had just never been done before.”

Engler and Vines built their bot, shown briefly in the video above, from three $10 servomotors, a plastic stylus, an open-source Arduino microcontroller, a collection of plastic parts 3D-printed on their local hackerspace’s Makerbot 3D printer, and a five dollar webcam that watches the phone’s screen to detect if it’s successfully guessed the password. The device can be controlled via USB, connecting to a Mac or Windows PC that runs a simple code-cracking program. The researchers plan to release both the free software and the blueprints for their 3D-printable parts at the time of their Def Con talk.

In addition to their finger-like R2B2, Engler and Vines are also working on another version of their invention that will instead use electrodes attached to a phone’s touchscreen, simulating capacitative screen taps with faster electrical signals. That bot, which they’re calling the Capacitative Cartesian Coordinate Brute-force Overlay or C3BO, remains a work in progress, Engler says, though he plans to have it ready for Def Con.

Not all PIN-protected devices are susceptible to the R2B2′s brute force attack, Engler admits. Apple’s iOS, for instance, makes the user wait increasing lengths of time after each incorrect PIN guess. After just a handful of wrong answers, the phone can lock out a would-be hacker for hours before granting access to the PIN pad again.

But every Android phone that Engler and Vines tested was set by default to use a much less stringent safeguard, delaying the user just 30 seconds after every five guesses. At that rate, the robot can still guess five PINs every 35 seconds, or all 10,000 possibilities in 19 hours and 24 minutes.

Given that the robot’s software can be programmed to guess PINs in any order the user chooses, it may be able to crack phones far faster than that 20 hour benchmark. One analysis of common PINs showed that more than 26% of users choose one of twenty common PINs. If R2B2 is set to try easily-guessed PINs first, it could crack one in four Android users’ phones in less than five minutes, and half of those phones in less than an hour.

Physically typing thousands of PIN codes, even with a clever robot’s help, isn’t necessarily the easiest way to gain access to a phone’s data. Forensics software firm Micro Systemation released a video last year–since removed from YouTube–showing that it can digitally brute-force an iPhone’s PIN by using the same “jailbreak” hacks that many iPhone owners use to remove installation restrictions on their devices. Google has been known to cooperate with law enforcement to bypass the lockscreens of criminal suspects’ phones, and Apple will in some cases crack a phone’s security and give the user’s data to police if officers mail the phone to the company.

But Engler argues that the R2B2 helps to raise attention to the insecurity of crackable four-digit PINs in ways that software tools don’t. Even a six-digit PIN, an option on many phones, would take R2B2 as much as 80 days longer to crack than the default four-digit passcode. “When you see a robot working like this, you think, ‘maybe I should have a longer PIN,’” says Engler. ” If I’m a CEO, a four digit PIN is a problem, because it’s worth 20 hours to break in and get my confidential emails.”

Engler and Vines aren’t the first to create an automated, physical PIN-cracking tool. Another hacker named JJ Dasher showed off a similar robot earlier in the year that could crack the four-digit PIN of a Garmin Nuvi GPS device, shown in the video below.

But Engler’s and Vine’s invention is meant to be far more versatile. In addition to cracking phones’ lockscreens, Engler says he and Vines plan to keep improving the robot so that it can be adapted to crack the PIN codes used in specific smartphone apps, or even to press the mechanical buttons on non-touchscreen devices like ATMs, hotel safes and combination locks. And in his daily work of auditing clients’ security, breaking into a corporate smartphone represents a far more serious threat than accessing the data of any GPS device.

“We used to joke that we’d have to hire an intern to press all these buttons,” says Engler. “It turns out it’s much better to get the intern to help make the robot. Then he also has time to get coffee.”
http://www.forbes.com/sites/andygree...than-24-hours/





EXCLUSIVE: GPS Flaw Could Let Terrorists Hijack Ships, Planes
John Roberts

The world’s GPS system is vulnerable to hackers or terrorists who could use it to hijack ships -- even commercial airliners, according to a frightening new study that exposes a huge potential hole in national security.

Using a laptop, a small antenna and an electronic GPS “spoofer” built for $3,000, GPS expert Todd Humphreys and his team at the University of Texas took control of the sophisticated navigation system aboard an $80 million, 210-foot super-yacht in the Mediterranean Sea.

“We injected our spoofing signals into its GPS antennas and we’re basically able to control its navigation system with our spoofing signals,” Humphreys told Fox News.

By feeding counterfeit radio signals to the yacht, the UT team was able to drive the ship far off course, steer it left and right, potentially take it into treacherous waters, even put it on a collision course with another ship. All the time, the ship’s GPS system reported the vessel was calmly moving in a straight line, along its intended course. No alarms, no indication that anything was amiss.

Capt. Andrew Schofield, who invited Humphreys and his team aboard to conduct the experiment told Fox News he and his crew were stunned by the results.

“Professor Humphreys and his team did a number of attacks and basically we on the bridge were absolutely unaware of any difference,” Schofield said. “I was gobsmacked -- but my entire deck team was similarly gobsmacked,” he told Fox News.

The possible consequences, according to Humphreys, are both ominous and far-reaching.

“For maritime traffic, there are big implications,” Humphreys told Fox News from the bridge of the White Rose of Drachs. “You’ve got 90 percent of the world’s cargo going across the seas. Imagine shutting down a port. Imagine running a ship aground. These are the kinds of implications we’re worried about.”

As the Costa Concordia tragically proved, a cruise ship off-course can have disastrous results. The Exxon Valdez was only narrowly off its intended track when it ran aground on Bligh Reef, spilling 11 million gallons of oil into Prince William Sound.

Humphreys told Fox News the easiest and most sinister “spoof” is to slowly slide a vessel onto a parallel course. Over time, the compass might read the same heading, but the ship could be far from where the crew thinks it is.

“You’re actually moving about a kilometer off of your intended track in a parallel line and you could be running aground instead of going through the proper channel,” Humphreys said.

And because aircraft have a similar navigation system to that aboard the White Rose of Drachs, Humphreys says a commercial airliner could be “spoofed” as well.

“Going after an expensive vessel on the seas and going after a commercial airliner has a lot of parallels,” he told Fox News.

The government is aware of this critical vulnerability. Last year, Fox News reported exclusively on a more primitive experiment Humphreys conducted using a small, unmanned drone. He was able to feed “spoofing” signals into the drone’s GPS, causing it to nearly fall out of the sky. As a result, Humphreys was called before Congress to testify, and also spoke with officials from the FAA, CIA and Pentagon.

This latest experiment takes Humphreys’ research to a whole new level.

“Before we couldn’t control the UAV. We could only push it off course. This time my students have designed a closed loop controller such that they can dictate the heading of this vessel even when the vessel wants to go a different direction,” Humphreys said.

Yet the Department of Homeland Security has -- according to Humphreys -- been “fumbling around in the dark” on GPS security, doing little to address the threat. Texas Congressman Mike McCaul, chairman of the Homeland Security Committee is incensed.

“It's a very serious homeland security issue that we've asked the secretary to review and look at and she's never responded to my requests,” McCaul told Fox News. “The department seems to be thumbing its nose at it, saying it has no jurisdiction over this issue and not really showing any interest in this issue at all.”

McCaul, along with Senators Coburn and Collins have asked the Government Accountability Office to look into what DHS is and isn’t doing to address this critical threat to national security.

A draft report is due in August, which could, depending on the results, trigger more Congressional hearings.

Meantime, Schofield is sounding a global alarm.

“People need to know this kind of thing is possible with a relatively small budget and they can with a very simple system steer the ship off-course -- without the Captain knowing,” he told Fox News.
http://www.foxnews.com/tech/2013/07/...-ships-planes/





Trillion-Dollar Global Hacking Damages Estimate Called Exaggerated
Joseph Menn

A $1 trillion estimate of the global cost of hacking cited by President Barack Obama and other top officials is a gross exaggeration, according to a new study commissioned by the company responsible for the earlier approximation.

A preliminary report being released Monday by the Center for Strategic and International Studies and underwritten by Intel Corp's (INTC.O) security software arm McAfee implicitly acknowledges that McAfee's previous figure could be triple the real number.

The original estimate first appeared in a 2009 press release extrapolating from surveys whose authors last year sharply criticized the method. As the White House, intelligence officials and members of Congress pressed for legislation to improve protection from cyber-espionage, they cited it as reason to take action.

Asked if the No. 2 security software vendor would remove the trillion-dollar estimate from its website, McAfee Vice President of Government Relations Tom Gann said that was "a good question" but that he didn't know the answer.

"This study here is newer, it's based on extra rigorous work, and once it's made public, this is clearly the one we're going to focus on," Gann said.

The preliminary report by CSIS, a Washington think tank with expertise in cybercrime and cyber espionage, cites a host of problems in reaching a solid estimate of damage to the global economy, including the methodology biases that keep many surveys from being representative and the inability of many companies to know what was been stolen from them.

More subtle issues include the fact that customers who shun one company after a breach might spend just as much elsewhere. The greatest losses might be in abandoned innovation and high-paying jobs after digital technology is stolen and imitated elsewhere. But it can take years to replicate such products, and the receiving companies could actually lose as well if they come to rely on theft and cut back on their own research, CSIS said.

With so many caveats, the group was understandably hesitant to embrace any one new number. In fact, it put out several within the 17-page draft report.

Near the beginning, the authors say that annual U.S. losses "may reach $100 billion." Later on, they say U.S. losses might have a "lower limit" of $20 billion to $25 billion and a high end of $140 billion.

They also say that global losses are "probably" in the "range" of $400 billion, a fraction of a percentage point of global income. Further on, they say global losses are "probably" in the "range" of $300 billion.

Perhaps more surprisingly, an embargoed version of McAfee's press release about the study once again exaggerates the underlying findings, if not as badly as McAfee's 2009 release did.

It says CSIS "posits a $100 billion annual loss to the U.S. economy" when the study actually puts that figure near the top of a wide range.

And the release says "the researchers estimate the range for cybercrime loss to the global economy is between $100 billion and $500 billion."

The $100-to-$500 billion range appears only once in the CSIS report, in this context:

"A very crude extrapolation would be to take this ($20 billion to $140 billion) range for the U.S., which accounts for a little more than a fifth of global economic activity, and come up with a range of $100 billion to $500 billion for global losses.

"This is almost certainly an overestimate," the CSIS team concluded, in part because less developed economies rely less on computer networks and intangible property.

(Editing by Eric Walsh)
http://www.reuters.com/article/2013/...96L0M920130722





U.S. Indicts Hackers in Biggest Cyber Fraud Case in History
David Jones and Jim Finkle

Federal prosecutors said on Thursday they have charged five men responsible for a hacking and credit card fraud spree that cost companies more $300 million and two of the suspects are in custody, in the biggest cyber crime case filed in U.S. history.

They also disclosed a new security breach against Nasdaq, though they provided few details about the attack.

Other companies targeted by the hackers include a Visa Inc licensee, J.C. Penney Co, JetBlue Airways Corp and French retailer Carrefour SA, according to an indictment unveiled in New Jersey.

Authorities have been pursuing the hackers for years. Many of the breaches were previously reported, though it appeared the one involving Nasdaq OMX Group Inc was being disclosed for the first time.

Prosecutors said they conservatively estimate that the group of five men from Russia and Ukraine helped steal at least 160 million payment card numbers, resulting in losses in excess of $300 million.

Authorities in New Jersey charged that each of the defendants had specialized tasks: Russians Vladimir Drinkman, 32, and Alexandr Kalinin, 26, hacked into networks, while Roman Kotov, 32, mined them for data. They allegedly hid their activities using anonymous web-hosting services provided by Mikhail Rytikov, 26, of Ukraine.

Russian Dmitriy Smilianets, 29, is accused of selling the stolen data and distributing the profits. Prosecutors said he charged $10 for U.S. cards, $15 for ones from Canada and $50 for European cards, which are more expensive because they have computer chips that make them more secure.

The five hid their efforts by disabling anti-virus software of their victims and storing data on multiple hacking platforms, prosecutors said. They sold payment card numbers to resellers, who then sold them on online forums or to "cashers" who encode the numbers onto blank plastic cards.

"This type of crime is the cutting edge," said New Jersey U.S. Attorney Paul J. Fishman. "Those who have the expertise and the inclination to break into our computer networks threaten our economic wellbeing, our privacy and our national security."

The indictment cited Albert Gonzalez as a co-conspirator. He is already serving 20 years in prison after pleading guilty to helping mastermind one of the biggest hacking fraud schemes in U.S. history, helping steal millions of credit and debit cards.

Prosecutors say the defendants worked with Gonzalez before his arrest in Miami, then continued on a crime spree after his capture.

Drinkman and Smilianets were arrested in June 2012, while traveling in the Netherlands, at the request of U.S. authorities. Smilianets was extradited last September and is expected to appear in New Jersey Federal court next week. Drinkman is awaiting an extradition hearing in the Netherlands.

Prosecutors declined comment on the whereabouts of the other three defendants.

Tom Kellermann, a vice president with security software maker Trend Micro, said he thinks the prospects are dim that they will be caught because authorities in some countries turn a blind eye to cyber criminals.

"There is an enormous shadow economy that exists in Eastern Europe. In some countries, sophisticated hackers are seen as national assets," he said.

Kalinin and Drinkman were previously charged in New Jersey as "Hacker 1" and "Hacker 2" in a 2009 indictment charging Gonzalez in connection with five breaches.

NASDAQ BREACH

The U.S. Attorney's Office in Manhattan announced two other indictments against Kalinin, one charging he hacked servers used by Nasdaq from November 2008 through October 2010. It said he installed malicious software that enabled him and others to execute commands to delete, change or steal data.

The infected servers did not include the trading platform that allows Nasdaq customers to buy and sell securities, prosecutors said. Officials with Nasdaq said they could not immediately comment.

A source with knowledge of the breach said on Thursday the indictment was not related to a 2010 attack that Nasdaq had previously disclosed, which was targeted against Directors Desk, a service used by corporate boards to share documents and communicate with executives, among other things.

The source, who asked to remain anonymous due to the sensitivity of the matter, said that hackers appear to have used their access to the firm's network to create their own landing page on a Nasdaq website, where users were directed when they wanted to change their passwords.

The second indictment filed against Kalinin in Manhattan, which was unsealed on Thursday, charged that he worked with a sixth hacker, Russian Nikolay Nasenkov, 31, to steal bank account information from thousands of customers at Citibank and PNC Bank from 2005 to 2008, resulting in the theft of millions of dollars.

MAKING PROGRESS

Mark Rasch, a former federal cyber crimes prosecutor, told Reuters that the arrests show that law enforcement is making progress in identifying those responsible for major cyber crimes.

"They involve dozens or even hundreds of people huddled over computer terminals all over the world in a common purpose of stealing of disseminating credit card numbers," said Rasch, who was not involved in bringing the case.

Among the breaches cited in the New Jersey indictment, prosecutors charged that the group was responsible for the theft of more than 130 million credit card numbers from U.S. payment processor Heartland Payment Systems Inc beginning in December 2007, resulting in approximately $200 million of losses. That was the same case for which Gonzalez was convicted and which was the largest case of its kind before the latest indictments.

Heartland released a statement praising authorities for their work: "We hope that this indictment further delivers the message that prolific hacking organizations worldwide will be pursued and charged for crimes such as this one."

The indictment charged that they took approximately 30 million payment card numbers from British payment processor Commidea Ltd in 2008 and 800,000 card numbers from Visa Inc's licensee Visa Jordan in 2011.

An attack on Global Payment Systems that begin in about January 2011 resulted in the theft of more than 950,000 cards and losses of about $93 million, according to the indictment.

It charged the ring with stealing approximately 2 million credit card numbers from French retailer Carrefour SA, beginning as early as October 2007 and said the theft of card numbers from Dexia Bank Belgium resulted in $1.7 million in losses.

Other victims included Dow Jones, Wet Seal Inc and 7-Eleven Inc, according to prosecutors.

Dow Jones said in a statement that there was "no evidence" that information of Dow Jones or Wall Street Journal customers information was compromised as a result of the breaches.

Officials with Carrefour, Global Payments and JCPenney declined comment.

(Reporting by David Jones and Jim Finkle; Additional reporting by John McCrank, Christian Plumb, Phil Wahba, Beth Pinsker, Varun Aggarwal, Jennifer Saba, Beth Gladstone, Aman Shah and David French; Writing by Jim Finkle; Editing by Scott Malone, Alden Bentley and Claudia Parsons)
http://www.reuters.com/article/2013/...96O0RI20130725





Scientist Banned From Revealing Codes Used to Start Luxury Cars

High court imposes injunction on Flavio Garcia, who has cracked security system of cars including Porsches and Bentleys
Lisa O'Carroll

A British-based computer scientist has been banned from publishing an academic paper revealing the secret codes used to start luxury cars including Porsches, Audis, Bentleys and Lamborghinis as it could lead to the theft of millions of vehicles, a judge has ruled.

The high court imposed an injunction on the University of Birmingham's Flavio Garcia, a lecturer in computer science, who has cracked the security system by discovering the unique algorithm that allows the car to verify the identity of the ignition key.

The UK injunction is an interim step in a case launched by Volkswagen's parent, which owns the four luxury marques, against Garcia and two other cryptography experts from a Dutch university.

It complained that the publication could "allow someone, especially a sophisticated criminal gang with the right tools, to break the security and steal a car". The cars are protected by a system called Megamos Crypto, an algorithm which works out the codes that are sent between the key and the car.

The scientists wanted to publish their paper at the well-respected Usenix Security Symposium in Washington DC in August, but the court has imposed an interim injunction. Volkswagen had asked the scientists to publish a redacted version of their paper – Dismantling Megamos Crypto: Wirelessly Lockpicking a Vehicle Immobiliser – without the codes, but they declined.

Volkswagen told the court that the technology they examined was used in a number of its vehicles and other mass market cars manufactured by itself and others.

Garcia and his colleagues from the Stichting Katholieke Universiteit, Baris Ege and Roel Verdult, said they were "responsible, legitimate academics doing responsible, legitimate academic work" and their aim was to improve security for everyone, not to give criminals a helping hand at hacking into high-end cars that can cost their owners £250,000.

They argued that "the public have a right to see weaknesses in security on which they rely exposed". Otherwise, the "industry and criminals know security is weak but the public do not".

It emerged in court that their complex mathematical investigation examined the software behind the code. It has been available on the internet since 2009.

The scientists said it had probably used a technique called "chip slicing" which involves analysing a chip under a microscope and taking it to pieces and inferring the algorithm from the arrangement of the microscopic transistors on the chip itself – a process that costs around £50,000. The judgment was handed down three weeks ago without attracting any publicity, but has now become part of a wider discussion about car manufacturers' responsibilities relating to car security.

The scientists said they examined security on everything from Oyster cards to cars to enable manufacturers to identify weaknesses and improve on them.

Finding in Volkswagen's favour, Mr Justice Birss said he recognised the importance of the right for academics to publish, but it would mean "that car crime will be facilitated". A Volkswagen spokesman declined to comment on the interim injunction.
http://www.guardian.co.uk/technology...ing-codes-cars





Famed Hacker Barnaby Jack Dies a Week Before Hacking Convention
Jim Finkle

Barnaby Jack, a celebrated computer hacker who forced bank ATMs to spit out cash and sparked safety improvements in medical devices, died in San Francisco, a week before he was due to make a high-profile presentation at a hacking conference.

The New Zealand-born Jack, 35, was found dead on Thursday evening by "a loved one" at an apartment in San Francisco's Nob Hill neighborhood, according to a police spokesman. He would not say what caused Jack's death but said police had ruled out foul play.

The San Francisco Medical Examiner's Office said it was conducting an autopsy, although it could be a month before the cause of death is determined.

Jack was one of the world's most prominent "white hat" hackers - those who use their technical skills to find security holes before criminals can exploit them.

His genius was finding bugs in the tiny computers embedded in equipment, such as medical devices and cash machines. He often received standing ovations at conferences for his creativity and showmanship while his research forced equipment makers to fix bugs in their software.

Jack had planned to demonstrate his techniques to hack into pacemakers and implanted defibrillators at the Black Hat hackers convention in Las Vegas next Thursday. He told Reuters last week that he could kill a man from 30 feet away by attacking an implanted heart device.

"He was passionate about finding security bugs before the bad guys," said longtime security industry executive Stuart McClure, who gave Jack one of his first jobs and also had worked with him at Intel Corp's McAfee, a computer security company.

"He was one of those people who was put on this earth to find vulnerabilities that can be exploited in a malicious way to hurt people," McClure said.

Jack became one of the world's most famous hackers after a 2010 demonstration of "Jackpotting" - getting ATMs to spew out bills. A clip of his presentation has been viewed more than 2.6 million times on YouTube.

Two years ago, Jack turned his attention to medical devices, while working on a team at McAfee that engineered methods for attacking insulin pumps. Their research prompted medical device maker Medtronic Inc to revamp the way it designs its products.

The U.S. government also noticed Jack's work.

"The work that Barnaby Jack and others have done to highlight some of these vulnerabilities has contributed importantly to progress in the field," said William Maisel, deputy director for science at the Food and Drug Administration's Center for Devices and Radiological Health.

Jack's passion for hacking sometimes got him into trouble.

In 2010, he connected his laptop to a gold bullion dispensing machine at a casino in Abu Dhabi, according to fellow hacker Tiffany Strauchs Rad. She said Jack had permission from a hotel manager to hack the machine but security intervened.

It turned out the hotel did not actually own the gold machine and the American Embassy had to be called in to help resolve the misunderstanding, Rad said.

"He would hack everything he touched," she said.

'BELOVED PIRATE'

Jack's most recent employer, the cybersecurity consulting firm IOActive Inc, said on its Twitter account: "Lost but never forgotten our beloved pirate, Barnaby Jack has passed."

Jack, who was known as Barnes to his friends, had been scheduled to present his research on heart devices at Black Hat on August 1. Last week, Jack told Reuters he had devised a way to hack into a wireless communications system that linked implanted pacemakers and defibrillators with bedside monitors that gather information about their operations.

"I'm sure there could be lethal consequences," Jack said in a phone interview.

He declined to name the manufacturer of the device but said he was working with that company to figure out how to prevent malicious attacks on heart patients.

Jack's sudden death drew responses from the hacking community reminiscent of those that followed the suicide of hacker activist Aaron Swartz in January.

Dan Kaminsky, a well-known hacker, described the death as a tragedy. "Barnaby was one of the most creative, energetic, diverse researchers in our field," he said.

"You'll be missed, bro," tweeted another well-known hacker Dino Dai Zovi.

Jack's sister, Amberleigh Jack, who lives in New Zealand, told Reuters her brother was 35 years old. She declined to comment further, saying she needed time to grieve.

Some of his friends pitched in to help the family with expenses. They collected $4,345 from 37 people over 13 hours through a crowdfunding website: here

Black Hat said that it will not replace Jack's session at the conference, saying the hour would be left vacant for conference attendees to commemorate his life and work.

(Reporting by Jim Finkle in Boston; Editing by Tiffany Wu, Vicki Allen, Bill Trott and Lisa Shumaker)
http://www.reuters.com/article/2013/...96P0K120130727





Black Boxes in Cars: A Question of Privacy
Jaclyn Trop

When Timothy P. Murray crashed his government-issued Ford Crown Victoria in 2011, he was fortunate, as car accidents go. Mr. Murray, then the lieutenant governor of Massachusetts, was not seriously hurt, and he told the police he was wearing a seat belt and was not speeding.

But a different story soon emerged. Mr. Murray was driving over 100 miles an hour and was not wearing a seat belt, according to the computer in his car that tracks certain actions. He was given a $555 ticket; he later said he had fallen asleep.

The case put Mr. Murray at the center of a growing debate over a little-known but increasingly important piece of equipment buried deep inside a car: the event data recorder, more commonly known as the black box.

About 96 percent of all new vehicles sold in the United States have the boxes, and in September 2014, if the National Highway Traffic Safety Administration has its way, all will have them.

The boxes have long been used by car companies to assess the performance of their vehicles. But data stored in the devices is increasingly being used to identify safety problems in cars and as evidence in traffic accidents and criminal cases. And the trove of data inside the boxes has raised privacy concerns, including questions about who owns the information, and what it can be used for, even as critics have raised questions about its reliability.

To federal regulators, law enforcement authorities and insurance companies, the data is an indispensable tool to investigate crashes.

The black boxes “provide critical safety information that might not otherwise be available to N.H.T.S.A. to evaluate what happened during a crash — and what future steps could be taken to save lives and prevent injuries,” David L. Strickland, the safety agency’s administrator, said in a statement.

But to consumer advocates, the data is only the latest example of governments and companies having too much access to private information. Once gathered, they say, the data can be used against car owners, to find fault in accidents or in criminal investigations.

“These cars are equipped with computers that collect massive amounts of data,” said Khaliah Barnes of the Electronic Privacy Information Center, a Washington-based consumer group. “Without protections, it can lead to all kinds of abuse.”

What’s more, consumer advocates say, government officials have yet to provide consistent guidelines over how the data should be used.

“There are no clear standards that say, this is a permissible use of the data and this is not,” Ms. Barnes said.

Fourteen states, including New York, have passed laws that say that, even though the data belongs to the vehicle’s owner, law enforcement officials and those involved in civil litigation can gain access to the black boxes with a court order.

In these states, lawyers may subpoena the data for criminal investigations and civil lawsuits, making the information accessible to third parties, including law enforcement or insurance companies that could cancel a driver’s policy or raise a driver’s premium based on the recorder’s data.

In Mr. Murray’s case, a court order was not required to release the data to investigators. Massachusetts is not among the states to pass a law governing access to the data. Asked about the case, Mr. Murray, who did not contest the ticket and who resigned as lieutenant governor in June to become head of the Chamber of Commerce in Worcester, Mass., declined to comment.

Current regulations require that the presence of the black box be disclosed in the owner’s manual. But the vast majority of drivers who do not read the manual thoroughly may not know that their vehicle can capture and record their speed, brake position, seat belt use and other data each time they get behind the wheel.

Unlike the black boxes on airplanes, which continually record data including audio and video, the cars’ recorders capture only the few seconds surrounding a crash or air bag deployment. A separate device extracts the data, which is then analyzed through computer software.

The Alliance of Automobile Manufacturers, a Washington-based trade association that represents 12 automakers including General Motors and Chrysler, said it supported the mandate because the recorders helped to monitor passenger safety.

“Event data recorders help our engineers and researchers understand how cars perform in the real world, and one of our priorities for E.D.R.’s continues to be preserving consumer privacy,” said Wade Newton, a spokesman for the trade association. “Automakers don’t access E.D.R. data without consumer permission, and we believe that any government requirements to install E.D.R.’s on all vehicles must include steps to protect consumer privacy.”

Beyond the privacy concerns, though, critics have questioned the data’s reliability.

In 2009, Anthony Niemeyer died after crashing a rented Ford Focus in Las Vegas. His widow, Kathryn, sued both Ford Motor and Hertz, contending that the air bag system failed to deploy.

The black box, however, derailed Ms. Niemeyer’s assertion that her husband had been traveling fast enough for the air bag to deploy.

Though Ms. Niemeyer lost the suit last year, her lawyer, Daniel T. Ryan of St. Louis, was successful in excluding the black box data as evidence on the grounds that the device is not fully reliable. The judge in the case ruled that because an engineer working on behalf of Ford retrieved the data, the plaintiffs, who maintained there were errors, had no way to independently verify it.

“It’s data that has not been shown to be absolutely reliable,” Mr. Ryan said. “It’s not black and white.”

The origins of black boxes, which are the size of about two decks of cards and are situated under the center console, date to the 1990 model year, when General Motors introduced them to conduct quality studies. Since then, their use and the scope of the data they collect has expanded.

The lack of standardization among manufacturers has made it difficult to extract the data, most notably during the investigations into the crashes caused by sudden, unintended acceleration in some Toyota vehicles.

Until recently, crash investigators needed an automaker’s proprietary reader as well as the expertise to analyze the data. The safety administration’s regulations will help enable universal access to the data by using a commercially available tool. At the same time, police departments are receiving training on the new regulations. In Romulus, N.Y., last week, the Collision Safety Institute, a consultancy in San Diego, helped teach New York State Police investigators how to read the devices.

But privacy advocates have expressed concern that the data collected will only grow to include a wider time frame and other elements like GPS and location-based services.

“The rabbit hole goes very deep when talking about this stuff,” said Thomas Kowalick, an expert in event data recorders and a former co-chairman of the federal committee that set the standard for black boxes.

Today, the boxes have spawned a cottage industry for YouTube videos on how to expunge the data. And Mr. Kowalick, seeing an opportunity, invented a device that safeguards access to in-vehicle electronics networks. It is controlled by the vehicle’s owner with a key and is useful in the event of theft, he said.

“For most of the 100-year history of the car, it used to be ‘he said, she said,’ ” Mr. Kowalick said. “That’s no longer going to be the way.”

Bill Vlasic contributed reporting.
http://www.nytimes.com/2013/07/22/bu...f-privacy.html





GCSB Bill Has Numbers to Pass After Dunne Wins Changes
Audrey Young

The controversial GCSB bill has the numbers to pass in Parliament after United Future leader Peter Dunne secured some significant changes to it for the price of his support.

New Zealand's domestic spy agency, the SIS, and its foreign spy agency, the GCSB, will be the subject of an independent review in 2015 and an automatic review every five to seven years after that.

But Labour and New Zealand First, who wanted a more immediate review, last night remained adamant that they would oppose the bill, and it will pass with a majority of just one.

The Greens called the changes cosmetic and will also oppose it.

Other announced changes yesterday will require the GCSB to be more transparent about the number of warrants and access authorisations it gets each year, with an annual public declaration.

Every time it gets permission to spy on a New Zealander, the Inspector-General of Intelligence and Security will have to be told. And the GCSB will be required to declare the number of times it helps the Police, the SIS or Defence Force with its specialised interception equipment.

If the Government wants to expand the domestic agencies that the GCSB will be able to help, it will have to get the support of Parliament for another amendment bill, rather than Cabinet just ticking it off via regulation.

The annual financial and public hearings for the financial review of the GCSB and SIS will be before the Intelligence and Security Committee.

Difficulties around the term "private communications" which were highlighted by the Legislation Advisory Committee and the Law Society will be reviewed under Mr Dunne's deal in a bid to get consistency across the GCSB law, the SIS law, and other relevant legislation such as the Crimes Act and the Search and Surveillance Act.

Prime Minister John Key said yesterday he believed that the changes addressed many of the concerns raised by submitters on the bill.

Mr Key also declared yesterday that the GCSB did not engage in the mass collection of metadata and that under the bill any collection of metadata of New Zealanders would require a warrant to be approved - by himself and the Commissioner of Security Warrants.

"On the best advice I have had, I believe there has been no mass collection [of metadata]."

He said he would make a fuller statement about it during the bill's second reading.

Mr Key does not anticipate urgency being used to pass the bill through its remaining stages.

"Our view with the GCSB legislation is there's a balancing act here between national security and doing our best to keep New Zealanders safe, and the privacy of New Zealanders," he told reporters.

He understood that events such as Edward Snowden's leaks and Wikileaks changed the political appetite and the political landscape.

The Government Communications Security Bureau and Related Legislation Bill expands the legal power of the GCSB to spy on New Zealanders.

The bureau's empowering legislation prohibits it from spying on New Zealanders but it has done so 88 times since 2003, mainly in helping other domestic agencies.

The amendment bill will explicitly allow it to do so now, and it will also allow it to intercept the communications of New Zealanders in its role as the national cyber security agency.

Act leader John Banks has secured a change to get a set of principles written into the bill including the requirement for the GCSB to have regard to the Bill of Rights Act 1990, which protects New Zealanders against unreasonable search and surveillance.
http://www.nzherald.co.nz/nz/news/ar...ectid=10901674





RFID Hacking: Live Free or RFID Hard
Fran Brown

Have you ever attended an RFID hacking presentation and walked away with more questions than answers? This talk will finally provide practical guidance on how RFID proximity badge systems work. We’ll cover what you’ll need to build out your own RFID physical penetration toolkit, and how to easily use an Arduino microcontroller to weaponize commercial RFID badge readers – turning them into custom, long range RFID hacking tools.

This presentation will NOT weigh you down with theoretical details, discussions of radio frequencies and modulation schemes, or talk of inductive coupling. It WILL serve as a practical guide for penetration testers to understand the attack tools and techniques available to them for stealing and using RFID proximity badge information to gain unauthorized access to buildings and other secure areas. Schematics and Arduino code will be released, and 100 lucky audience members will receive a custom PCB they can insert into almost any commercial RFID reader to steal badge info and conveniently save it to a text file on a microSD card for later use (such as badge cloning). This solution will allow you to read cards from up to 3 feet away, a significant improvement over the few centimeter range of common RFID hacking tools.

Some of the topics we will explore are:

Overview of best RFID hacking tools available to get for your toolkit
Stealing RFID proximity badge info from unsuspecting passers-by
Replaying RFID badge info and creating fake cloned cards
Brute-forcing higher privileged badge numbers to gain data center access
Attacking badge readers and controllers directly
Planting PwnPlugs, Raspberry Pis, and similar devices as physical backdoors to maintain internal network access
Creating custom RFID hacking tools using the Arduino
Defending yourself from RFID hacking threats

This DEMO-rich presentation will benefit both newcomers and seasoned professionals of the physical penetration testing field.
http://www.blackhat.com/us-13/briefings.html#Brown





Feds Put Heat on Web Firms for Master Encryption Keys

Whether the FBI and NSA have the legal authority to obtain the master keys that companies use for Web encryption remains an open question, but it hasn't stopped the U.S. government from trying.
Declan McCullagh

The U.S. government has attempted to obtain the master encryption keys that Internet companies use to shield millions of users' private Web communications from eavesdropping.

These demands for master encryption keys, which have not been disclosed previously, represent a technological escalation in the clandestine methods that the FBI and the National Security Agency employ when conducting electronic surveillance against Internet users.

If the government obtains a company's master encryption key, agents could decrypt the contents of communications intercepted through a wiretap or by invoking the potent surveillance authorities of the Foreign Intelligence Surveillance Act. Web encryption -- which often appears in a browser with a HTTPS lock icon when enabled -- uses a technique called SSL, or Secure Sockets Layer.

"The government is definitely demanding SSL keys from providers," said one person who has responded to government attempts to obtain encryption keys. The source spoke with CNET on condition of anonymity.

The person said that large Internet companies have resisted the requests on the grounds that they go beyond what the law permits, but voiced concern that smaller companies without well-staffed legal departments might be less willing to put up a fight. "I believe the government is beating up on the little guys," the person said. "The government's view is that anything we can think of, we can compel you to do."

A Microsoft spokesperson would not say whether the company has received such requests from the government. But when asked whether Microsoft would turn over a master key used for Web encryption or server-to-server e-mail encryption, the spokesperson replied: "No, we don't, and we can't see a circumstance in which we would provide it."

Google also declined to disclose whether it had received requests for encryption keys. But a spokesperson said the company has "never handed over keys" to the government, and that it carefully reviews each and every request. "We're sticklers for details -- frequently pushing back when the requests appear to be fishing expeditions or don't follow the correct process," the spokesperson said.

Sarah Feinberg, a spokeswoman for Facebook, also declined to answer whether her employer has received encryption key requests. In response to a question about divulging encryption keys, Feinberg said: "We have not, and we would fight aggressively against any request for such information."

Apple, Yahoo, AOL, Verizon, AT&T, Opera Software's Fastmail.fm, Time Warner Cable, and Comcast declined to respond to queries about whether they would divulge encryption keys to government agencies.

Encryption used to armor Web communications was largely adopted not because of fears of NSA surveillance -- but because of the popularity of open, insecure Wi-Fi networks. The "Wall of Sheep," which highlights passwords transmitted over networks through unencrypted links, has become a fixture of computer security conventions, and Internet companies began adopting SSL in earnest about three years ago.

"The requests are coming because the Internet is very rapidly changing to an encrypted model," a former Justice Department official said. "SSL has really impacted the capability of U.S. law enforcement. They're now going to the ultimate application layer provider."

An FBI spokesman declined to comment, saying the bureau does not "discuss specific strategies, techniques and tools that we may use."

Top secret NSA documents leaked by former government contractor Edward Snowden suggest an additional reason to ask for master encryption keys: they can aid bulk surveillance conducted through the spy agency's fiber taps.

One of the leaked PRISM slides recommends that NSA analysts collect communications "upstream" of data centers operated by Apple, Microsoft, Google, Yahoo, and other Internet companies. That procedure relies on a FISA order requiring backbone providers to aid in "collection of communications on fiber cables and infrastructure as data flows past."

Mark Klein, who worked as an AT&T technician for over 22 years, disclosed in 2006 (PDF) that he met with NSA officials and witnessed domestic Internet traffic being "diverted" through a "splitter cabinet" to secure room 641A in one of the company's San Francisco facilities. Only NSA-cleared technicians were allowed to work on equipment in the SG3 secure room, Klein said, adding that he was told similar fiber taps existed in other major cities.

But an increasing amount of Internet traffic flowing through those fiber cables is now armored against surveillance using SSL encryption. Google enabled HTTPS by default for Gmail in 2010, followed soon after by Microsoft's Hotmail. Facebook enabled encryption by default in 2012. Yahoo now offers it as an option.

"Strongly encrypted data are virtually unreadable," NSA director Keith Alexander told (PDF) the Senate earlier this year.

Unless, of course, the NSA can obtain an Internet company's private SSL key. With a copy of that key, a government agency that intercepts the contents of encrypted communications has the technical ability to decrypt and peruse everything it acquires in transit, although actual policies may be more restrictive.

One exception to that rule relies on a clever bit of mathematics called perfect forward secrecy. PFS uses temporary individual keys, a different one for each encrypted Web session, instead of relying on a single master key. That means even a government agency with the master SSL key and the ability to passively eavesdrop on the network can't decode private communications.

Google is the only major Internet company to offer PFS, though Facebook is preparing to enable it by default.

Even PFS isn't complete proof against surveillance. It's possible to mount a more advanced attack, sometimes called a man-in-the-middle or active attack, and decode the contents of the communications.

A Wired article in 2010 disclosed that a company called Packet Forensics was marketing to government agencies a box that would do precisely that. (There is no evidence that the NSA performs active attacks as part of routine surveillance, and even those could be detected in some circumstances.)

The Packet Forensics brochure said that government agencies would "have the ability to import a copy of any legitimate key they obtain (potentially by court order)." It predicted that agents or analysts will collect their "best evidence while users are lulled into a false sense of security afforded by Web, e-mail or VOIP encryption."

With a few exceptions, even if communications in transit are encrypted, Internet companies typically do not encrypt e-mail or files stored in their data centers. Those remain accessible to law enforcement or the NSA through legal processes.

Leaked NSA surveillance procedures, authorized by Attorney General Eric Holder, suggest that intercepted domestic communications are typically destroyed -- unless they're encrypted. If that's the case, the procedures say, "retention of all communications that are enciphered" is permissible.

It's not entirely clear whether federal surveillance law gives the U.S. government the authority to demand master encryption keys from Internet companies.

"That's an unanswered question," said Jennifer Granick, director of civil liberties at Stanford University's Center for Internet and Society. "We don't know whether you can be compelled to do that or not."

The government has attempted to use subpoenas to request copies of encryption keys in some cases, according to one person familiar with the requests. Justice Department guidelines say subpoenas may be used to obtain information "relevant" to an investigation, unless the request is "unreasonably burdensome."

"I don't know anyone who would turn it over for a subpoena," said an attorney who represents Internet companies but has not fielded requests for encryption keys. Even a wiretap order in a criminal case would be insufficient, but a FISA order might be a different story, the attorney said. "I'm sure there's some logic in collecting the haystack."

Kurt Opsahl, a senior staff attorney at the Electronic Frontier Foundation, challenged the notion that current law hands the government the power to demand master encryption keys. Even with a FISA order for the private key, Opsahl said, the amount of technical assistance that a company must provide to the NSA or other federal agencies "has a limit."

Federal and state law enforcement officials have previously said encrypted communications were beginning to pose an obstacle to lawful surveillance. Valerie Caproni, the FBI's general counsel at the time, told a congressional hearing in 2011, according to a transcript:

Encryption is a problem, and it is a problem that we see for certain providers... For individuals who put encryption on their traffic, we understand that there would need to be some individualized solutions if we get a wiretap order for such persons... We are suggesting that if the provider has the communications in the clear and we have a wiretap order, that the provider should give us those communications in the clear.

"One of the biggest problems with compelling the [private key] is it gives you access to not just the target's communications, but all communications flowing through the system, which is exceedingly dangerous," said Stanford's Granick.
http://news.cnet.com/8301-13578_3-57...cryption-keys/





Senator: Weak Oversight of NSA May Lead to Massive Location Tracking

"Most of us have a computer in our pocket that can be used to track us 24/7."
Rob Pegoraro

The National Security Agency (NSA) needs no new court rulings or eavesdropping tools to see how angry Sen. Ron Wyden (D-OR) is about its conduct and oversight.

In a 45-minute speech at the Center for American Progress, the senator denounced the combination of an "always expanding, omnipresent surveillance state" and a covert corpus of law that hardly restraints it.

"That's not the way we do it in America!" he said, his voice rising. "We don't keep laws secret!"

"You simply cannot have an informed debate," he continued. "And when the American people are in the dark, they cannot make fully informed decisions about who should represent them."

Most tellingly, Wyden repeatedly invoked the possibility of the NSA doing location-tracking. In its first report on the leaks, The Guardian said that the location data is part of what the NSA gets in its dragnet collection of telephone data; but the secret Verizon court order it published didn't specifically mention location data.

"Most of us here have a computer in our pocket that can potentially be used to track and monitor us 24/7," Wyden remarked early on, before vaguely warning of the prospect of "a surveillance state that cannot be reversed." Later he added: "Without additional protections in the law, every single one of us... may be and can be tracked and monitored anywhere we are at any time." And again: "Today, government officials openly tell the press that they have the authority to effectively turn America's cell phones and smartphones into location-enabled homing beacons."

The Oregonian senator blamed this on Congress's lenient post-9/11 lawmaking (in which he has lately been a vocal dissenting minority) and the Foreign Intelligence Surveillance Court's subsequent sweeping expansion of the NSA's reach.

"I know of no other court in America that strays so far from the adversarial process," Wyden said. Of 1,789 electronic-surveillance requests submitted in 2012, the court denied none and modified 40, while the government withdrew one.

And no other court in America keeps its own opinions so secret. Wyden said the Obama administration had assured him in writing in 2009 "that a process would begin to be created to start redacting and declassifying FISA Court opinions."

But nothing changed: "In the last four years, exactly zero opinions have been released."

What's the NSA doing with its inflated authority? Wyden probably knows, courtesy of his seat on the Senate Select Committee on Intelligence, but he cannot say.

He can, however, repeatedly evoke a disturbing possibility of the Patriot Act's Section 215 authority to collect business records gathered by third parties with which citizens interact: building a database of people's locations as recorded by their phones.

Wyden has been one of a few members of Congress with a long-lasting concern about overbroad surveillance. When he asked the administration about location tracking almost two years ago, he didn't get a satisfying answer. "I want to deliver a warning this afternoon," Wyden said during a 2011 debate. "When the American people find out how their government has secretly interpreted the Patriot Act, they will be stunned and they will be angry."

Former NSA contractor Edward Snowden's leaks, however, left Wyden at liberty to discuss and dismiss the utility of the NSA's phone-metadata collection while allowing that its PRISM surveillance of probably-foreign-linked Internet traffic delivered real value. "I haven't seen any indication that the bulk phone records yielded any unique intelligence that wasn't also available to the government through less intrusive means."

The senior senator from Oregon expressed cautious optimism for reform, citing a recent swing in public opinion and hitherto-hidden reversals such as his 2011 push with Sen. Mark Udall (D-CO) to end an NSA e-mail-metadata harvesting program.

Wyden said he's working to get FISA court opinions "declassified in a responsible manner" and bring "an adversarial process" to that body. He didn't mention another questionable aspect of it—the Chief Justice of the Supreme Court's unchecked power to pick its judges.

Wyden closed by invoking the warning of James Madison from Federalist No. 47 ("The accumulation of all powers, legislative, executive, and judiciary, in the same hands […] may justly be pronounced the very definition of tyranny"). He asked, "By allowing the executive to secretly follow a secret interpretation of the law under the supervision of a secret, non-adversarial court and occasional secret Congressional hearings, how close are we to James Madison's definition of tyranny?"
http://arstechnica.com/tech-policy/2...tion-tracking/





House Rejects Bid to Curb U.S. Spy Agency's Data-Gathering Program

A U.S. spy program that sweeps up vast amounts of electronic communications survived a legislative challenge in the House of Representatives on Wednesday, the first move to curb the surveillance effort since a worker leaked details of its scope.

The House of Representatives voted 217-205 to defeat an amendment to the defense appropriations bill that would have limited the National Security Agency's ability to collect electronic information, including phone call records.

The measure, which has been opposed by the White House and intelligence chiefs, was the first attempt to curb NSA spying since former NSA contractor Edward Snowden leaked details about the extent of the agency's data collecting.

(Reporting by David Alexander; Editing by Eric Walsh)
http://www.reuters.com/article/2013/...96N16I20130724





NSA Says It Can’t Search Its Own Emails
Justin Elliott

The NSA is a "supercomputing powerhouse" with machines so powerful their speed is measured in thousands of trillions of operations per second. The agency turns its giant machine brains to the task of sifting through unimaginably large troves of data its surveillance programs capture.

But ask the NSA, as part of a freedom of information request, to do a seemingly simple search of its own employees' email? The agency says it doesn’t have the technology.

"There's no central method to search an email at this time with the way our records are set up, unfortunately," NSA Freedom of Information Act officer Cindy Blacker told me last week.

The system is “a little antiquated and archaic," she added.

I filed a request last week for emails between NSA employees and employees of the National Geographic Channel over a specific time period. The TV station had aired a friendly documentary on the NSA and I want to better understand the agency's public-relations efforts.

A few days after filing the request, Blacker called, asking me to narrow my request since the FOIA office can search emails only “person by person," rather than in bulk. The NSA has more than 30,000 employees.

I reached out to the NSA press office seeking more information but got no response.

It’s actually common for large corporations to do bulk searches of their employees email as part of internal investigations or legal discovery.

“It’s just baffling,” says Mark Caramanica of the Reporters Committee for Freedom of the Press. “This is an agency that’s charged with monitoring millions of communications globally and they can’t even track their own internal communications in response to a FOIA request.”

Federal agencies’ public records offices are often underfunded, according to Lucy Dalglish, dean of the journalism school at University of Maryland and a longtime observer of FOIA issues.

But, Daglish says, “If anybody is going to have the money to engage in evaluation of digital information, it’s the NSA for heaven’s sake.”
http://www.propublica.org/article/ns...rch-own-emails





Kremlin Says Russian, U.S. Security Agencies in Talks on Snowden

Russia's FSB federal security agency and its U.S. counterpart, the FBI, are in talks over the fate of former U.S. spy agency contractor Edward Snowden, who is stuck at a Moscow airport, Russian President Vladimir Putin's spokesman said on Friday.

Dmitry Peskov said the Kremlin was not involved in talks over the 30-year-old American, who is wanted by the United States on espionage charges.

(Reporting by Daria Korsunskaya, writing by Gabriela Baczynska; Editing by Kevin Liffey)
http://www.reuters.com/article/2013/...96P0GZ20130726





Edward Snowden's Not the Story. The Fate of the Internet Is

The press has lost the plot over the Snowden revelations. The fact is that the net is finished as a global network and that US firms' cloud services cannot be trusted
John Naughton

Repeat after me: Edward Snowden is not the story. The story is what he has revealed about the hidden wiring of our networked world. This insight seems to have escaped most of the world's mainstream media, for reasons that escape me but would not have surprised Evelyn Waugh, whose contempt for journalists was one of his few endearing characteristics. The obvious explanations are: incorrigible ignorance; the imperative to personalise stories; or gullibility in swallowing US government spin, which brands Snowden as a spy rather than a whistleblower.

In a way, it doesn't matter why the media lost the scent. What matters is that they did. So as a public service, let us summarise what Snowden has achieved thus far.

Without him, we would not know how the National Security Agency (NSA) had been able to access the emails, Facebook accounts and videos of citizens across the world; or how it had secretly acquired the phone records of millions of Americans; or how, through a secret court, it has been able to bend nine US internet companies to its demands for access to their users' data.

Similarly, without Snowden, we would not be debating whether the US government should have turned surveillance into a huge, privatised business, offering data-mining contracts to private contractors such as Booz Allen Hamilton and, in the process, high-level security clearance to thousands of people who shouldn't have it. Nor would there be – finally – a serious debate between Europe (excluding the UK, which in these matters is just an overseas franchise of the US) and the United States about where the proper balance between freedom and security lies.

These are pretty significant outcomes and they're just the first-order consequences of Snowden's activities. As far as most of our mass media are concerned, though, they have gone largely unremarked. Instead, we have been fed a constant stream of journalistic pap – speculation about Snowden's travel plans, asylum requests, state of mind, physical appearance, etc. The "human interest" angle has trumped the real story, which is what the NSA revelations tell us about how our networked world actually works and the direction in which it is heading.

As an antidote, here are some of the things we should be thinking about as a result of what we have learned so far.

The first is that the days of the internet as a truly global network are numbered. It was always a possibility that the system would eventually be Balkanised, ie divided into a number of geographical or jurisdiction-determined subnets as societies such as China, Russia, Iran and other Islamic states decided that they needed to control how their citizens communicated. Now, Balkanisation is a certainty.

Second, the issue of internet governance is about to become very contentious. Given what we now know about how the US and its satraps have been abusing their privileged position in the global infrastructure, the idea that the western powers can be allowed to continue to control it has become untenable.

Third, as Evgeny Morozov has pointed out, the Obama administration's "internet freedom agenda" has been exposed as patronising cant. "Today," he writes, "the rhetoric of the 'internet freedom agenda' looks as trustworthy as George Bush's 'freedom agenda' after Abu Ghraib."

That's all at nation-state level. But the Snowden revelations also have implications for you and me.

They tell us, for example, that no US-based internet company can be trusted to protect our privacy or data. The fact is that Google, Facebook, Yahoo, Amazon, Apple and Microsoft are all integral components of the US cyber-surveillance system. Nothing, but nothing, that is stored in their "cloud" services can be guaranteed to be safe from surveillance or from illicit downloading by employees of the consultancies employed by the NSA. That means that if you're thinking of outsourcing your troublesome IT operations to, say, Google or Microsoft, then think again.

And if you think that that sounds like the paranoid fantasising of a newspaper columnist, then consider what Neelie Kroes, vice-president of the European Commission, had to say on the matter recently. "If businesses or governments think they might be spied on," she said, "they will have less reason to trust the cloud, and it will be cloud providers who ultimately miss out. Why would you pay someone else to hold your commercial or other secrets, if you suspect or know they are being shared against your wishes? Front or back door – it doesn't matter – any smart person doesn't want the information shared at all. Customers will act rationally and providers will miss out on a great opportunity."

Spot on. So when your chief information officer proposes to use the Amazon or Google cloud as a data-store for your company's confidential documents, tell him where to file the proposal. In the shredder.
http://m.guardiannews.com/technology...th-of-internet



















Until next week,

- js.




















Current Week In Review





Recent WiRs -

July 20th, July 13th, July 6th, June 29th

Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.


"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public."
- Hugo Black
JackSpratts is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Peer-To-Peer News - The Week In Review - July 30th, '11 JackSpratts Peer to Peer 0 27-07-11 06:58 AM
Peer-To-Peer News - The Week In Review - July 16th, '11 JackSpratts Peer to Peer 0 13-07-11 06:43 AM
Peer-To-Peer News - The Week In Review - July 9th, '11 JackSpratts Peer to Peer 0 06-07-11 05:36 AM
Peer-To-Peer News - The Week In Review - January 30th, '10 JackSpratts Peer to Peer 0 27-01-10 07:49 AM
Peer-To-Peer News - The Week In Review - December 5th, '09 JackSpratts Peer to Peer 0 02-12-09 08:32 AM






All times are GMT -6. The time now is 04:55 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
© www.p2p-zone.com - Napsterites - 2000 - 2024 (Contact grm1@iinet.net.au for all admin enquiries)