Skip to main content

Home/ Future of the Web/ Group items matching "close" in title, tags, annotations or url

Group items matching
in title, tags, annotations or url

Sort By: Relevance | Date Filter: All | Bookmarks | Topics Simple Middle
Gonzalo San Gil, PhD.

Apple and Other Tech Companies Tangle With U.S. Over Data Access - The New York Times - 0 views

www.nytimes.com/...th-us-over-access-to-data.html

apple microsoft tech companies tangle US data access pantomime

shared by Gonzalo San Gil, PhD. on 11 Sep 15 - No Cached
  • Gonzalo San Gil, PhD. on 11 Sep 15
     
    "...While that prospect has been shelved for now, the Justice Department is engaged in a court dispute with another tech company, Microsoft. The case, which goes before a federal appeals court in New York on Wednesday and is being closely watched by industry officials and civil liberties advocates, began when the company refused to comply with a warrant in December 2013 for emails from a drug trafficking suspect. ..."
Gonzalo San Gil, PhD.

More Closed-Door Meetings, a New Chief Transparency Officer, and Growing International Opposition to the Deal: What's Going on with the TPP | Electronic Frontier Foundation - 0 views

www.eff.org/...new-chief-transparency-officer

TPP transparency chief officer growing international opposition meetings deal

shared by Gonzalo San Gil, PhD. on 20 Sep 15 - No Cached
  • Gonzalo San Gil, PhD. on 20 Sep 15
     
    "Over the past month, trade officials have been frantically working to resolve outstanding disagreements over provisions in the Trans-Pacific Partnership (TPP) in the midst of speculation that the deal is in deep trouble."
Paul Merrell

Popular Security Software Came Under Relentless NSA and GCHQ Attacks - The Intercept - 0 views

firstlook.org/...nsa-gchq-targeted-kaspersky

surveillance state NSA GCHQ anti-virus-software

shared by Paul Merrell on 23 Jun 15 - No Cached
  • The National Security Agency and its British counterpart, Government Communications Headquarters, have worked to subvert anti-virus and other security software in order to track users and infiltrate networks, according to documents from NSA whistleblower Edward Snowden. The spy agencies have reverse engineered software products, sometimes under questionable legal authority, and monitored web and email traffic in order to discreetly thwart anti-virus software and obtain intelligence from companies about security software and users of such software. One security software maker repeatedly singled out in the documents is Moscow-based Kaspersky Lab, which has a holding registered in the U.K., claims more than 270,000 corporate clients, and says it protects more than 400 million people with its products. British spies aimed to thwart Kaspersky software in part through a technique known as software reverse engineering, or SRE, according to a top-secret warrant renewal request. The NSA has also studied Kaspersky Lab’s software for weaknesses, obtaining sensitive customer information by monitoring communications between the software and Kaspersky servers, according to a draft top-secret report. The U.S. spy agency also appears to have examined emails inbound to security software companies flagging new viruses and vulnerabilities.
  • The efforts to compromise security software were of particular importance because such software is relied upon to defend against an array of digital threats and is typically more trusted by the operating system than other applications, running with elevated privileges that allow more vectors for surveillance and attack. Spy agencies seem to be engaged in a digital game of cat and mouse with anti-virus software companies; the U.S. and U.K. have aggressively probed for weaknesses in software deployed by the companies, which have themselves exposed sophisticated state-sponsored malware.
  • The requested warrant, provided under Section 5 of the U.K.’s 1994 Intelligence Services Act, must be renewed by a government minister every six months. The document published today is a renewal request for a warrant valid from July 7, 2008 until January 7, 2009. The request seeks authorization for GCHQ activities that “involve modifying commercially available software to enable interception, decryption and other related tasks, or ‘reverse engineering’ software.”
  • ...9 more annotations...
  • The NSA, like GCHQ, has studied Kaspersky Lab’s software for weaknesses. In 2008, an NSA research team discovered that Kaspersky software was transmitting sensitive user information back to the company’s servers, which could easily be intercepted and employed to track users, according to a draft of a top-secret report. The information was embedded in “User-Agent” strings included in the headers of Hypertext Transfer Protocol, or HTTP, requests. Such headers are typically sent at the beginning of a web request to identify the type of software and computer issuing the request.
  • According to the draft report, NSA researchers found that the strings could be used to uniquely identify the computing devices belonging to Kaspersky customers. They determined that “Kaspersky User-Agent strings contain encoded versions of the Kaspersky serial numbers and that part of the User-Agent string can be used as a machine identifier.” They also noted that the “User-Agent” strings may contain “information about services contracted for or configurations.” Such data could be used to passively track a computer to determine if a target is running Kaspersky software and thus potentially susceptible to a particular attack without risking detection.
  • Another way the NSA targets foreign anti-virus companies appears to be to monitor their email traffic for reports of new vulnerabilities and malware. A 2010 presentation on “Project CAMBERDADA” shows the content of an email flagging a malware file, which was sent to various anti-virus companies by François Picard of the Montréal-based consulting and web hosting company NewRoma. The presentation of the email suggests that the NSA is reading such messages to discover new flaws in anti-virus software. Picard, contacted by The Intercept, was unaware his email had fallen into the hands of the NSA. He said that he regularly sends out notification of new viruses and malware to anti-virus companies, and that he likely sent the email in question to at least two dozen such outfits. He also said he never sends such notifications to government agencies. “It is strange the NSA would show an email like mine in a presentation,” he added.
  • The NSA presentation goes on to state that its signals intelligence yields about 10 new “potentially malicious files per day for malware triage.” This is a tiny fraction of the hostile software that is processed. Kaspersky says it detects 325,000 new malicious files every day, and an internal GCHQ document indicates that its own system “collect[s] around 100,000,000 malware events per day.” After obtaining the files, the NSA analysts “[c]heck Kaspersky AV to see if they continue to let any of these virus files through their Anti-Virus product.” The NSA’s Tailored Access Operations unit “can repurpose the malware,” presumably before the anti-virus software has been updated to defend against the threat.
  • The Project CAMBERDADA presentation lists 23 additional AV companies from all over the world under “More Targets!” Those companies include Check Point software, a pioneering maker of corporate firewalls based Israel, whose government is a U.S. ally. Notably omitted are the American anti-virus brands McAfee and Symantec and the British company Sophos.
  • As government spies have sought to evade anti-virus software, the anti-virus firms themselves have exposed malware created by government spies. Among them, Kaspersky appears to be the sharpest thorn in the side of government hackers. In the past few years, the company has proven to be a prolific hunter of state-sponsored malware, playing a role in the discovery and/or analysis of various pieces of malware reportedly linked to government hackers, including the superviruses Flame, which Kaspersky flagged in 2012; Gauss, also detected in 2012; Stuxnet, discovered by another company in 2010; and Regin, revealed by Symantec. In February, the Russian firm announced its biggest find yet: the “Equation Group,” an organization that has deployed espionage tools widely believed to have been created by the NSA and hidden on hard drives from leading brands, according to Kaspersky. In a report, the company called it “the most advanced threat actor we have seen” and “probably one of the most sophisticated cyber attack groups in the world.”
  • Hacks deployed by the Equation Group operated undetected for as long as 14 to 19 years, burrowing into the hard drive firmware of sensitive computer systems around the world, according to Kaspersky. Governments, militaries, technology companies, nuclear research centers, media outlets and financial institutions in 30 countries were among those reportedly infected. Kaspersky estimates that the Equation Group could have implants in tens of thousands of computers, but documents published last year by The Intercept suggest the NSA was scaling up their implant capabilities to potentially infect millions of computers with malware. Kaspersky’s adversarial relationship with Western intelligence services is sometimes framed in more sinister terms; the firm has been accused of working too closely with the Russian intelligence service FSB. That accusation is partly due to the company’s apparent success in uncovering NSA malware, and partly due to the fact that its founder, Eugene Kaspersky, was educated by a KGB-backed school in the 1980s before working for the Russian military.
  • Kaspersky has repeatedly denied the insinuations and accusations. In a recent blog post, responding to a Bloomberg article, he complained that his company was being subjected to “sensationalist … conspiracy theories,” sarcastically noting that “for some reason they forgot our reports” on an array of malware that trace back to Russian developers. He continued, “It’s very hard for a company with Russian roots to become successful in the U.S., European and other markets. Nobody trusts us — by default.”
  • Documents published with this article: Kaspersky User-Agent Strings — NSA Project CAMBERDADA — NSA NDIST — GCHQ’s Developing Cyber Defence Mission GCHQ Application for Renewal of Warrant GPW/1160 Software Reverse Engineering — GCHQ Reverse Engineering — GCHQ Wiki Malware Analysis & Reverse Engineering — ACNO Skill Levels — GCHQ
Paul Merrell

Activists send the Senate 6 million faxes to oppose cyber bill - CBS News - 0 views

www.cbsnews.com/...ion-faxes-to-oppose-cyber-bill

surveillance state CISA legislation faxes Obama

shared by Paul Merrell on 06 Aug 15 - No Cached
  • Activists worried about online privacy are sending Congress a message with some old-school technology: They're sending faxes -- more than 6.2 million, they claim -- to express opposition to the Cybersecurity Information Sharing Act (CISA).Why faxes? "Congress is stuck in 1984 and doesn't understand modern technology," according to the campaign Fax Big Brother. The week-long campaign was organized by the nonpartisan Electronic Frontier Foundation, the group Access and Fight for the Future, the activist group behind the major Internet protests that helped derail a pair of anti-piracy bills in 2012. It also has the backing of a dozen groups like the ACLU, the American Library Association, National Association of Criminal Defense Lawyers and others.
  • CISA aims to facilitate information sharing regarding cyberthreats between the government and the private sector. The bill gained more attention following the massive hack in which the records of nearly 22 million people were stolen from government computers."The ability to easily and quickly share cyber attack information, along with ways to counter attacks, is a key method to stop them from happening in the first place," Sen. Dianne Feinstein, D-California, who helped introduce CISA, said in a statement after the hack. Senate leadership had planned to vote on CISA this week before leaving for its August recess. However, the bill may be sidelined for the time being as the Republican-led Senate puts precedent on a legislative effort to defund Planned Parenthood.Even as the bill was put on the backburner, the grassroots campaign to stop it gained steam. Fight for the Future started sending faxes to all 100 Senate offices on Monday, but the campaign really took off after it garnered attention on the website Reddit and on social media. The faxed messages are generated by Internet users who visit faxbigbrother.com or stopcyberspying.com -- or who simply send a message via Twitter with the hashtag #faxbigbrother. To send all those faxes, Fight for the Future set up a dedicated server and a dozen phone lines and modems they say are capable of sending tens of thousands of faxes a day.
  • Fight for the Future told CBS News that it has so many faxes queued up at this point, that it may take months for Senate offices to receive them all, though the group is working on scaling up its capability to send them faster. They're also limited by the speed at which Senate offices can receive them.
  • Paul Merrell on 06 Aug 15
     
    From an Fight For the Future mailing: "Here's the deal: yesterday the Senate delayed its expected vote on CISA, the Cybersecurity Information Sharing Act that would let companies share your private information--like emails and medical records--with the government. "The delay is good news; but it's a delay, not a victory. "We just bought some precious extra time to fight CISA, but we need to use it to go big like we did with SOPA or this bill will still pass. Even if we stop it in September, they'll try again after that. "The truth is that right now, things are looking pretty grim. Democrats and Republicans have been holding closed-door meetings to work out a deal to pass CISA quickly when they return from recess. "Right before the expected Senate vote on CISA, the Obama Administration endorsed the bill, which means if Congress passes it, the White House will definitely sign it.  "We've stalled and delayed CISA and bills like it nearly half a dozen times, but this month could be our last chance to stop it for good." See also http://tumblr.fightforthefuture.org/post/125953876003/senate-fails-to-advance-cisa-before-recess-amid (;) http://www.cbsnews.com/news/activists-send-the-senate-6-million-faxes-to-oppose-cyber-bill/ (;) http://www.npr.org/2015/08/04/429386027/privacy-advocates-to-senate-cyber-security-bill (.)
Gonzalo San Gil, PhD.

Make Firefox Look Native in Fedora - Fedora Magazine - 0 views

fedoramagazine.org/ake-firefox-look-native-fedora

make Firefox look native Fedora NU_Linux GNOME users complain biased critics Xfce fits perfectly who triggers this discussion

shared by Gonzalo San Gil, PhD. on 09 Aug 15 - No Cached
  • Gonzalo San Gil, PhD. on 09 Aug 15
     
    "Firefox has been criticized by users for not fitting well in Fedora Workstation. Although it improved with the new interface called Australis, it still doesn't feel as native as GNOME Web (Epiphany). It's not likely it will close the gap any time soon for two reasons:"
Gary Edwards

Cocoa for Windows + Flash RiA Killer = SproutCore JavaScript Framework - RoughlyDrafted Magazine - 0 views

www.roughlydrafted.com/...indows-flash-killer-sproutcore

apple framework javascript ria webkit

shared by Gary Edwards on 18 Jun 08 - Cached
  • SproutCore brings the values of Leopard’s Cocoa to the web, domesticating JavaScript into a functional application platform with lots of free built-in support for desktop features. Being based on open web standards and being open source itself means SproutCore will enable developers to develop cross platform applications without being tied to either a plugin architecture or its vendor. Sitting on top of web standards will also make it easy for Apple and the community to push SproutCore ahead without worrying about incompatible changes to the underlying layers of Windows, a significant problem for the old Yellow Box or some new Cocoa analog. SproutCore also lives in a well known security context, preventing worries about unknown holes being opened up by a new runtime layer.
  • Gary Edwards on 18 Jun 08
     
    The story of Javascript and the browser as a RiA competitor continues to unfold. This lengthy summation from roughlydrafed is perhaps the best discussion 'i've ever seen of technologies that will drive the Future of the Open Web. Roughly believes that Apple and Google are fighting for an Open Web Future, with Adobe and Microsoft RiA jousting for a broken web where they dominate the application development. For usre the web is moving to become an application platform. The question is one of who will own the dominant API, and be in position to impose a global platform tax. This is a great summary demanding a careful read. It also confirms my belief that the WebKit layout and document model is the way forward. It's by far and away the best (X)HTML-CSS-DOM-JavaScript model out there. The W3C alternatives do not include JavaScript, and that pretty much seals their fate. And while there are many JavaScript libraries and frameworks to chose from, i would pay close attention to three initiatives: WebKit SproutCore, Gecko jQuery, and Google GWT. ~ge~
  • anonymous on 28 Sep 13
     
    Live Roulette from Australia, Fun and Free! Now you can play Real "www.funlivecasino.com.au" Live Roulette for Fun in Australia on a brand new website, FunLiveCasino.com.au. Using the latest internet streaming technologies, Fun Live Casino lets you join a real game happening on a real table in a real casino, all broadcast Live! You can see other real players in the casino betting on the same results you do giving you ultimate trust in the results as they are not generated 'just for you', like other casino gaming products such as 'live studios' or computer generated games. Its amazing to think next time your really in the casino that you might be on camera, and people online might be watching! The future is scary! Imagine that one day soon this will be the only way people would gamble online because the internet is full of scams, you have to be super careful, and why would you play Online Roulette any other way except from a Real Casino you can visit, see, hear and trust! Amazingly this site is completely Free and has no registration process, no spam, no clicks and no fuss. Just Instant Fun "www.funlivecasino.com.au" Free Live Roulette! Give it a try, its worth checking out! "www.funlivecasino.com.au" Australia's Online Fun Live Casino! Backlink created from http://fiverr.com/radjaseotea/making-best-156654-backlink-high-pr
Gary Edwards

SXSW: Big Browsers Butt Heads - AppScout - 0 views

www.appscout.com/...sw_big_browsers_butt_heads.php

webkit ria silverlight adobe swsw browsers

shared by Gary Edwards on 21 Mar 09 - Cached
  • Gary Edwards on 21 Mar 09
     
    From AppScout: ... "For the third year in a row, leading minds from the major browsers got together at SXSW Interactive to spar with one another over issues like Web standards and openness. As in years past, Mozilla's Brendan Eich, Microsoft's Chris Wilson, Opera's Charles McCathieNevile, and moderator Arun Ranganathan (also from Mozilla) were present, and this year they were joined by Google's Darin Fisher.

    As always, Apple was absent from the panel. Wilson told me that Apple is active in the standards discussion, but the company's famously closed corporate policy prevents Apple reps from participating in panels like this (almost every laptop I saw in the room was a Mac, so apparently the policy hasn't hurt them much). In any case, Safari's WebKit was represented by Chrome (Fisher), which is also built on WebKit....."

    AppScout does a great job of collecting some of the best snippets to come out of this panel discussion. Really though, how can anyone have a browser discussion without edge of the Web WebKit device browsers? And then there's this: the discussions today isn't about "browsers". It's about RiA platforms and how browsers are used to launch rich internet applications. Microsoft has XAML-Silverlight. Adobe has AiR-WebKit-SWF. And the Open Web has WebKit-HTML+. That's the battle!
Gary Edwards

What Oracle Sees in Sun Microsystems | NewsFactor Network - 0 views

www.newsfactor.com/story.xhtml

openoffice java sun oracle ibm da-vinci massachusetts

shared by Gary Edwards on 29 Apr 09 - Cached
  • Citigroup's Thill estimates Oracle could cut between 40 percent and 70 percent of Sun's roughly 33,000 employees. Excluding restructuring costs, Oracle expects Sun to add $1.5 billion in profit during the first year after the acquisition closes this summer, and another $2 billion the following year. Oracle executives declined to say how many jobs would be eliminated.
  • Citigroup's Thill estimates Oracle could cut between 40 percent and 70 percent of Sun's roughly 33,000 employees. Excluding restructuring costs, Oracle expects Sun to add $1.5 billion in profit during the first year after the acquisition closes this summer, and another $2 billion the following year. Oracle executives declined to say how many jobs would be eliminated.
  • Gary Edwards on 29 Apr 09
     
    Good article from Aaron Ricadela. The focus is on Java, Sun's hardware-Server business, and Oracle's business objectives. No mention of OpenOffice or ODf though. There is however an interesting quote from IBM regarding the battle between Java and Microsoft .NET. Also, no mention of a OpenOffice-Java Foundation that would truly open source these technologies.

    When we were involved with the Massachusetts Pilot Study and ODF Plug-in proposals, IBM and Oracle lead the effort to open source the da Vinci plug-in. They put together a group of vendors known as "the benefactors", with the objective of completing work on da Vinci while forming a patent pool - open source foundation for all OpenOffice and da Vinci source. This idea was based on the Eclipse model.

    One of the more interesting ideas coming out of the IBM-Oracle led "benefactors", was the idea of breaking OpenOffice into components that could then be re-purposed by the Eclipse community of developers. The da Vinci plug-in was to be the integration bridge between Eclipse and the Microsoft Office productivity environment. Very cool. And no doubt IBM and Oracle were in synch on this in 2006. The problem was that they couldn't convince Sun to go along with the plan.

    Sun of course owned both Java and OpenOffice, and thought they could build a better ODF plug-in for OpenOffice (and own that too). A year later, Sun actually did produce an ODF plug-in for MSOffice. It was sent to Massachusetts on July 3rd, 2007, and tested against the same set of 150 critical documents da Vinci had to successfully convert without breaking. The next day, July 4th, Massachusetts announced their decision that they would approve the use of both ODF and OOXML! The much hoped for exclusive ODF requirement failed in Massachusetts exactly because Sun insisted on their way or the highway.

    Let's hope Oracle can right the ship and get OpenOffice-ODF-Java back on track.

    "......To gain
Paul Merrell

ExposeFacts - For Whistleblowers, Journalism and Democracy - 0 views

exposefacts.org

transparency whistle-blowers resources Wikileaks Tail

shared by Paul Merrell on 06 Jun 14 - No Cached
  • Launched by the Institute for Public Accuracy in June 2014, ExposeFacts.org represents a new approach for encouraging whistleblowers to disclose information that citizens need to make truly informed decisions in a democracy. From the outset, our message is clear: “Whistleblowers Welcome at ExposeFacts.org.” ExposeFacts aims to shed light on concealed activities that are relevant to human rights, corporate malfeasance, the environment, civil liberties and war. At a time when key provisions of the First, Fourth and Fifth Amendments are under assault, we are standing up for a free press, privacy, transparency and due process as we seek to reveal official information—whether governmental or corporate—that the public has a right to know. While no software can provide an ironclad guarantee of confidentiality, ExposeFacts—assisted by the Freedom of the Press Foundation and its “SecureDrop” whistleblower submission system—is utilizing the latest technology on behalf of anonymity for anyone submitting materials via the ExposeFacts.org website. As journalists we are committed to the goal of protecting the identity of every source who wishes to remain anonymous.
  • The seasoned editorial board of ExposeFacts will be assessing all the submitted material and, when deemed appropriate, will arrange for journalistic release of information. In exercising its judgment, the editorial board is able to call on the expertise of the ExposeFacts advisory board, which includes more than 40 journalists, whistleblowers, former U.S. government officials and others with wide-ranging expertise. We are proud that Pentagon Papers whistleblower Daniel Ellsberg was the first person to become a member of the ExposeFacts advisory board. The icon below links to a SecureDrop implementation for ExposeFacts overseen by the Freedom of the Press Foundation and is only accessible using the Tor browser. As the Freedom of the Press Foundation notes, no one can guarantee 100 percent security, but this provides a “significantly more secure environment for sources to get information than exists through normal digital channels, but there are always risks.” ExposeFacts follows all guidelines as recommended by Freedom of the Press Foundation, and whistleblowers should too; the SecureDrop onion URL should only be accessed with the Tor browser — and, for added security, be running the Tails operating system. Whistleblowers should not log-in to SecureDrop from a home or office Internet connection, but rather from public wifi, preferably one you do not frequent. Whistleblowers should keep to a minimum interacting with whistleblowing-related websites unless they are using such secure software.
  • Paul Merrell on 06 Jun 14
     
    A new resource site for whistle-blowers. somewhat in the tradition of Wikileaks, but designed for encrypted communications between whistleblowers and journalists.  This one has an impressive board of advisors that includes several names I know and tend to trust, among them former whistle-blowers Daniel Ellsberg, Ray McGovern, Thomas Drake, William Binney, and Ann Wright. Leaked records can only be dropped from a web browser running the Tor anonymizer software and uses the SecureDrop system originally developed by Aaron Schwartz. They strongly recommend using the Tails secure operating system that can be installed to a thumb drive and leaves no tracks on the host machine. https://tails.boum.org/index.en.html Curious, I downloaded Tails and installed it to a virtual machine. It's a heavily customized version of Debian. It has a very nice Gnome desktop and blocks any attempt to connect to an external network by means other than installed software that demands encrypted communications. For example, web sites can only be viewed via the Tor anonymizing proxy network. It does take longer for web pages to load because they are moving over a chain of proxies, but even so it's faster than pages loaded in the dial-up modem days, even for web pages that are loaded with graphics, javascript, and other cruft. E.g., about 2 seconds for New York Times pages. All cookies are treated by default as session cookies so disappear when you close the page or the browser. I love my Linux Mint desktop, but I am thinking hard about switching that box to Tails. I've been looking for methods to send a lot more encrypted stuff down the pipe for NSA to store. Tails looks to make that not only easy, but unavoidable. From what I've gathered so far, if you want to install more software on Tails, it takes about an hour to create a customized version and then update your Tails installation from a new ISO file. Tails has a wonderful odor of having been designed for secure computing. Current
Paul Merrell

Operation Socialist: How GCHQ Spies Hacked Belgium's Largest Telco - 0 views

firstlook.org/...elgacom-hack-gchq-inside-story

surveillance state GCHQ NSA Regin-malware Belgacom

shared by Paul Merrell on 15 Dec 14 - No Cached
  • When the incoming emails stopped arriving, it seemed innocuous at first. But it would eventually become clear that this was no routine technical problem. Inside a row of gray office buildings in Brussels, a major hacking attack was in progress. And the perpetrators were British government spies. It was in the summer of 2012 that the anomalies were initially detected by employees at Belgium’s largest telecommunications provider, Belgacom. But it wasn’t until a year later, in June 2013, that the company’s security experts were able to figure out what was going on. The computer systems of Belgacom had been infected with a highly sophisticated malware, and it was disguising itself as legitimate Microsoft software while quietly stealing data. Last year, documents from National Security Agency whistleblower Edward Snowden confirmed that British surveillance agency Government Communications Headquarters was behind the attack, codenamed Operation Socialist. And in November, The Intercept revealed that the malware found on Belgacom’s systems was one of the most advanced spy tools ever identified by security researchers, who named it “Regin.”
  • The full story about GCHQ’s infiltration of Belgacom, however, has never been told. Key details about the attack have remained shrouded in mystery—and the scope of the attack unclear. Now, in partnership with Dutch and Belgian newspapers NRC Handelsblad and De Standaard, The Intercept has pieced together the first full reconstruction of events that took place before, during, and after the secret GCHQ hacking operation. Based on new documents from the Snowden archive and interviews with sources familiar with the malware investigation at Belgacom, The Intercept and its partners have established that the attack on Belgacom was more aggressive and far-reaching than previously thought. It occurred in stages between 2010 and 2011, each time penetrating deeper into Belgacom’s systems, eventually compromising the very core of the company’s networks.
  • Snowden told The Intercept that the latest revelations amounted to unprecedented “smoking-gun attribution for a governmental cyber attack against critical infrastructure.” The Belgacom hack, he said, is the “first documented example to show one EU member state mounting a cyber attack on another…a breathtaking example of the scale of the state-sponsored hacking problem.”
  • ...7 more annotations...
  • When the incoming emails stopped arriving, it seemed innocuous at first. But it would eventually become clear that this was no routine technical problem. Inside a row of gray office buildings in Brussels, a major hacking attack was in progress. And the perpetrators were British government spies. It was in the summer of 2012 that the anomalies were initially detected by employees at Belgium’s largest telecommunications provider, Belgacom. But it wasn’t until a year later, in June 2013, that the company’s security experts were able to figure out what was going on. The computer systems of Belgacom had been infected with a highly sophisticated malware, and it was disguising itself as legitimate Microsoft software while quietly stealing data. Last year, documents from National Security Agency whistleblower Edward Snowden confirmed that British surveillance agency Government Communications Headquarters was behind the attack, codenamed Operation Socialist. And in November, The Intercept revealed that the malware found on Belgacom’s systems was one of the most advanced spy tools ever identified by security researchers, who named it “Regin.”
  • Publicly, Belgacom has played down the extent of the compromise, insisting that only its internal systems were breached and that customers’ data was never found to have been at risk. But secret GCHQ documents show the agency gained access far beyond Belgacom’s internal employee computers and was able to grab encrypted and unencrypted streams of private communications handled by the company. Belgacom invested several million dollars in its efforts to clean-up its systems and beef-up its security after the attack. However, The Intercept has learned that sources familiar with the malware investigation at the company are uncomfortable with how the clean-up operation was handled—and they believe parts of the GCHQ malware were never fully removed.
  • The revelations about the scope of the hacking operation will likely alarm Belgacom’s customers across the world. The company operates a large number of data links internationally (see interactive map below), and it serves millions of people across Europe as well as officials from top institutions including the European Commission, the European Parliament, and the European Council. The new details will also be closely scrutinized by a federal prosecutor in Belgium, who is currently carrying out a criminal investigation into the attack on the company. Sophia in ’t Veld, a Dutch politician who chaired the European Parliament’s recent inquiry into mass surveillance exposed by Snowden, told The Intercept that she believes the British government should face sanctions if the latest disclosures are proven.
  • What sets the secret British infiltration of Belgacom apart is that it was perpetrated against a close ally—and is backed up by a series of top-secret documents, which The Intercept is now publishing.
  • Between 2009 and 2011, GCHQ worked with its allies to develop sophisticated new tools and technologies it could use to scan global networks for weaknesses and then penetrate them. According to top-secret GCHQ documents, the agency wanted to adopt the aggressive new methods in part to counter the use of privacy-protecting encryption—what it described as the “encryption problem.” When communications are sent across networks in encrypted format, it makes it much harder for the spies to intercept and make sense of emails, phone calls, text messages, internet chats, and browsing sessions. For GCHQ, there was a simple solution. The agency decided that, where possible, it would find ways to hack into communication networks to grab traffic before it’s encrypted.
  • The Snowden documents show that GCHQ wanted to gain access to Belgacom so that it could spy on phones used by surveillance targets travelling in Europe. But the agency also had an ulterior motive. Once it had hacked into Belgacom’s systems, GCHQ planned to break into data links connecting Belgacom and its international partners, monitoring communications transmitted between Europe and the rest of the world. A map in the GCHQ documents, named “Belgacom_connections,” highlights the company’s reach across Europe, the Middle East, and North Africa, illustrating why British spies deemed it of such high value.
  • Documents published with this article: Automated NOC detection Mobile Networks in My NOC World Making network sense of the encryption problem Stargate CNE requirements NAC review – October to December 2011 GCHQ NAC review – January to March 2011 GCHQ NAC review – April to June 2011 GCHQ NAC review – July to September 2011 GCHQ NAC review – January to March 2012 GCHQ Hopscotch Belgacom connections
Paul Merrell

Obama to propose legislation to protect firms that share cyberthreat data - The Washington Post - 0 views

www.washingtonpost.com/...4-bcfb-059ec7a93ddc_story.html

surveillance state U.S. digital-privacy legislation

shared by Paul Merrell on 19 Jan 15 - No Cached
  • President Obama plans to announce legislation Tuesday that would shield companies from lawsuits for sharing computer threat data with the government in an effort to prevent cyber­attacks. On the heels of a destructive attack at Sony Pictures Entertainment and major breaches at JPMorgan Chase and retail chains, Obama is intent on capitalizing on the heightened sense of urgency to improve the security of the nation’s networks, officials said. “He’s been doing everything he can within his executive authority to move the ball on this,” said a senior administration official who spoke on the condition of anonymity to discuss legislation that has not yet been released. “We’ve got to get something in place that allows both industry and government to work more closely together.”
  • The legislation is part of a broader package, to be sent to Capitol Hill on Tuesday, that includes measures to help protect consumers and students against ­cyberattacks and to give law enforcement greater authority to combat cybercrime. The provision’s goal is to “enshrine in law liability protection for the private sector for them to share specific information — cyberthreat indicators — with the government,” the official said. Some analysts questioned the need for such legislation, saying there are adequate measures in place to enable sharing between companies and the government and among companies.
  • “We think the current information-sharing regime is adequate,” said Mark Jaycox, legislative analyst at the Electronic Frontier Foundation, a privacy group. “More companies need to use it, but the idea of broad legal immunity isn’t needed right now.” The administration official disagreed. The lack of such immunity is what prevents many companies from greater sharing of data with the government, the official said. “We have heard that time and time again,” the official said. The proposal, which builds on a 2011 administration bill, grants liability protection to companies that provide indicators of cyberattacks and threats to the Department of Homeland Security.
  • ...5 more annotations...
  • But in a provision likely to raise concerns from privacy advocates, the administration wants to require DHS to share that information “in as near real time as possible” with other government agencies that have a cybersecurity mission, the official said. Those include the National Security Agency, the Pentagon’s ­Cyber Command, the FBI and the Secret Service. “DHS needs to take an active lead role in ensuring that unnecessary personal information is not shared with intelligence authorities,” Jaycox said. The debates over government surveillance prompted by disclosures from former NSA contractor Edward Snowden have shown that “the agencies already have a tremendous amount of unnecessary information,” he said.
  • It would reaffirm that federal racketeering law applies to cybercrimes and amends the Computer Fraud and Abuse Act by ensuring that “insignificant conduct” does not fall within the scope of the statute. A third element of the package is legislation Obama proposed Monday to help protect consumers and students against cyberattacks. The theft of personal financial information “is a direct threat to the economic security of American families, and we’ve got to stop it,” Obama said. The plan, unveiled in a speech at the Federal Trade Commission, would require companies to notify customers within 30 days after the theft of personal information is discovered. Right now, data breaches are handled under a patchwork of state laws that the president said are confusing and costly to enforce. Obama’s plan would streamline those into one clear federal standard and bolster requirements for companies to notify customers. Obama is proposing closing loopholes to make it easier to track down cybercriminals overseas who steal and sell identities. “The more we do to protect consumer information and privacy, the harder it is for hackers to damage our businesses and hurt our economy,” he said.
  • Efforts to pass information-sharing legislation have stalled in the past five years, blocked primarily by privacy concerns. The package also contains provisions that would allow prosecution for the sale of botnets or access to armies of compromised computers that can be used to spread malware, would criminalize the overseas sale of stolen U.S. credit card and bank account numbers, would expand federal law enforcement authority to deter the sale of spyware used to stalk people or commit identity theft, and would give courts the authority to shut down botnets being used for criminal activity, such as denial-of-service attacks.
  • The administration official stressed that the legislation will require companies to remove unnecessary personal information before furnishing it to the government in order to qualify for liability protection. It also will impose limits on the use of the data for cybersecurity crimes and instances in which there is a threat of death or bodily harm, such as kidnapping, the official said. And it will require DHS and the attorney general to develop guidelines for the federal government’s use and retention of the data. It will not authorize a company to take offensive cyber-measures to defend itself, such as “hacking back” into a server or computer outside its own network to track a breach. The bill also will provide liability protection to companies that share data with private-sector-developed organizations set up specifically for that purpose. Called information sharing and analysis organizations, these groups often are set up by particular industries, such as banking, to facilitate the exchange of data and best practices.
  • In October, Obama signed an order to protect consumers from identity theft by strengthening security features in credit cards and the terminals that process them. Marc Rotenberg, executive director of the Electronic Privacy Information Center, said there is concern that a federal standard would “preempt stronger state laws” about how and when companies have to notify consumers. The Student Digital Privacy Act would ensure that data entered would be used only for educational purposes. It would prohibit companies from selling student data to third-party companies for purposes other than education. Obama also plans to introduce a Consumer Privacy Bill of Rights. And the White House will host a summit on cybersecurity and consumer protection on Feb. 13 at Stanford University.
Gonzalo San Gil, PhD.

Hollywood's Anti-Piracy Secrets Must Be Revealed, Court Rules | TorrentFreak - 1 views

torrentfreak.com/be-revealed-court-rules-150309

hollywood anti-piracy strategy secrets revealed court rules

shared by Gonzalo San Gil, PhD. on 11 Mar 15 - No Cached
  • Gonzalo San Gil, PhD. on 11 Mar 15
     
    " Ernesto on March 9, 2015 C: 0 News All records that are part of the now-closed case between Hotfile and the MPAA will be unsealed in the interests of the public. "
Gonzalo San Gil, PhD.

EuroDIG Application Form - 0 views

zoomgrants.com/gprop.asp

EuroDIG application form Internet Governance forum Europe

shared by Gonzalo San Gil, PhD. on 17 Mar 15 - No Cached
  • Gonzalo San Gil, PhD. on 17 Mar 15
     
    [Fellowship applications will close on 29 March, 2015. We encourage you to apply or pass this information about this program to individuals involved in your network that have a keen interest in Internet governance and the activities of EuroDIG.]
Gonzalo San Gil, PhD.

Heartbleed Was Bad, but Shellshock Was Worse, Researcher Says - 0 views

www.eweek.com/...was-worse-researcher-says.html

Heartbleed Shellshock open source vulnerability OpenSSL shell bash

shared by Gonzalo San Gil, PhD. on 07 Nov 14 - No Cached
  • Gonzalo San Gil, PhD. on 07 Nov 14
     
    "Both the Heartbleed and Shellshock bugs were open-source flaws found in many Linux distributions, and both had the potential to impact OpenStack cloud users. Heartbleed is a flaw in the OpenSSL crytographic library for secure transport while Shellshock is a vulnerability in the Bash shell." [# ! At least... # ! … #OpenSource #community were #warned# ! and the #flaws were #solved…. among @ll. # ! #imagine how many flaws live in the #proprietary #closed #source# ! #unaware #users' #software…]
  • Gonzalo San Gil, PhD. on 07 Nov 14
     
    "Both the Heartbleed and Shellshock bugs were open-source flaws found in many Linux distributions, and both had the potential to impact OpenStack cloud users. Heartbleed is a flaw in the OpenSSL crytographic library for secure transport while Shellshock is a vulnerability in the Bash shell."
Paul Merrell

Facebook and Corporate "Friends" Threat Exchange? | nsnbc international - 0 views

nsnbc.me/...porate-friends-threat-exchange

cybersecurity alternative-media

shared by Paul Merrell on 12 Feb 15 - No Cached
  • Facebook teamed up with several corporate “friends” to adapt Facebook’s in-house software to identify cyber threats and their source with other corporations. Countering cyber threats sounds positive while there are serious questions about transparency when smaller, independent media fall victim to major corporation’s unwillingness to reveal the source of attacks resulted in websites being closed for hours or days. Transparency, yes, but for whom? Among the companies Facebook is teaming up with are Printerest, Tumblr, Twitter, Yahoo, Drpbox and Bit.ly, reports Susanne Posel at Occupy Corporatism. The stated goal of “Threat Exchange” is to locate malware, the source domains, the IP addresses which are involved as well as the nature of the malware itself.
  • While the platform may be useful for major corporations, who can afford buying the privilege to join the club, the initiative does little to nothing to protect smaller, independent media from being targeted with impunity. The development prompts the question “Cyber security for whom?” The question is especially pertinent because identifying a site as containing malware, whether it is correct or not, will result in the site being added to Google’s so-called “Safe Browsing List”.
  • An article written by nsnbc editor-in-chief Christof Lehmann entitled “Censorship Alert: The Alternative Media are getting harassed by the NSA” provides several examples which raise serious questions about the lack of transparency when independent media demand information about either real or alleged malware content on their media’s websites. An alleged malware content in a java script that had been inserted via the third-party advertising company MadAdsMedia resulted in the nsnbc website being closed down and added to Google’s Safe Browsing list. The response to nsnbc’s request to send detailed information about the alleged malware and most importantly, about the source, was rejected. MadAdsMedia’s response to a renewed request was to stop serving advertisements to nsnbc from one day to the other, stating that nsnbc could contact another company, YieldSelect, which is run by the same company. Shell Games? SiteLock, who partners with most western-based web hosting providers, including BlueHost, Hostgator and many others contacted nsnbc warning about an alleged malware threat. SiteLock refused to provide detailed information.
  • ...1 more annotation...
  • BlueHost refused to help the International Middle East Media Center (IMEMC)  during a Denial of Service DoS attack. Asked for help, BlueHost reportedly said that they should deal with the issue themselves, which was impossible without BlueHost’s cooperation. The news agency’s website was down for days because BlueHost reportedly just shut down IMEMC’s server and told the editor-in-chief, Saed Bannoura to “go somewhere else”. The question is whether “transparency” can be the privilege of major corporations or whether there is need for legislation that forces all corporations to provide detailed information that enables media and other internet users to pursue real or alleged malware threats, cyber attacks and so forth, criminally and legally. That is, also when the alleged or real threat involves major corporations.
Gary Edwards

Google's ARC Beta runs Android apps on Chrome OS, Windows, Mac, and Linux | Ars Technica - 0 views

arstechnica.com/...roid-apps-on-most-desktop-oses

Google-ARC

shared by Gary Edwards on 02 Apr 15 - No Cached
  • So calling all developers: You can now (probably, maybe) run your Android apps on just about anything—Android, Chrome OS, Windows, Mac, and Linux—provided you fiddle with the ARC Welder and submit your app to the Chrome Web Store.
  • The App Runtime for Chrome and Native Client are hugely important projects because they potentially allow Google to push a "universal binary" strategy on developers. "Write your app for Android, and we'll make it run on almost every popular OS! (other than iOS)" Google Play Services support is a major improvement for ARC and signals just how ambitious this project is. Some day it will be a great sales pitch to convince developers to write for Android first, which gives them apps on all these desktop OSes for free.
  • Gary Edwards on 02 Apr 15
     
    Thanks Marbux. ARC appears to be an extraordinary technology. Funny but Florian has been pushing Native Client (NaCL) since it was first ported from Firefox to Chrome. Looks like he was right. "In September, Google launched ARC-the "App Runtime for Chrome,"-a project that allowed Android apps to run on Chrome OS. A few days later, a hack revealed the project's full potential: it enabled ARC on every "desktop" version of Chrome, meaning you could unofficially run Android apps on Chrome OS, Windows, Mac OS X, and Linux. ARC made Android apps run on nearly every computing platform (save iOS). ARC is an early beta though so Google has kept the project's reach very limited-only a handful of apps have been ported to ARC, which have all been the result of close collaborations between Google and the app developer. Now though, Google is taking two big steps forward with the latest developer preview: it's allowing any developer to run their app on ARC via a new Chrome app packager, and it's allowing ARC to run on any desktop OS with a Chrome browser. ARC runs Windows, Mac, Linux, and Chrome OS thanks to Native Client (abbreviated "NaCL"). NaCL is a Chrome sandboxing technology that allows Chrome apps and plugins to run at "near native" speeds, taking full advantage of the system's CPU and GPU. Native Client turns Chrome into a development platform, write to it, and it'll run on all desktop Chrome browsers. Google ported a full Android stack to Native Client, allowing Android apps to run on most major OSes. With the original ARC release, there was no official process to getting an Android app running on the Chrome platform (other than working with Google). Now Google has released the adorably-named ARC Welder, a Chrome app which will convert any Android app into an ARC-powered Chrome app. It's mainly for developers to package up an APK and submit it to the Chrome Web Store, but anyone can package and launch an APK from the app directly."
Gonzalo San Gil, PhD.

Firefox's adoption of closed-source DRM breaks my heart | Technology | The Guardian - 0 views

www.theguardian.com/...rm-video-browser-cory-doctorow

firefox drm

shared by Gonzalo San Gil, PhD. on 12 Apr 15 - No Cached
  • Gonzalo San Gil, PhD. on 12 Apr 15
     
    "I understand the pressure to support commercial video - but the browser makers can do more to defend free and open software Mozilla foundation Mozilla is a not-for-profit social enterprise with a mission to free its users - so it's not unreasonable to hold it to a higher standard than commercial rivals. Photograph: Mozilla Cory Doctorow Wednesday 14 May 2014 18.00 BST"
  • Gonzalo San Gil, PhD. on 12 Apr 15
     
    "I understand the pressure to support commercial video - but the browser makers can do more to defend free and open software Mozilla foundation Mozilla is a not-for-profit social enterprise with a mission to free its users - so it's not unreasonable to hold it to a higher standard than commercial rivals. Photograph: Mozilla Cory Doctorow Wednesday 14 May 2014 18.00 BST"
Gonzalo San Gil, PhD.

LibreOffice in the browser, revealed in 2011, finally close to reality | Ars Technica - 0 views

arstechnica.com/...-2011-finally-close-to-reality

LibreOffice browser reality open open source free software productivity software

shared by Gonzalo San Gil, PhD. on 27 Mar 15 - No Cached
  • Gonzalo San Gil, PhD. on 27 Mar 15
     
    "Development of LibreOffice Online was first revealed in late 2011, but the software was never released, despite progress improving the desktop versions of the open source competitor to Microsoft Office and Google Docs."
  • Gonzalo San Gil, PhD. on 27 Mar 15
     
    "Development of LibreOffice Online was first revealed in late 2011, but the software was never released, despite progress improving the desktop versions of the open source competitor to Microsoft Office and Google Docs."
Gonzalo San Gil, PhD.

Judge: Mississippi investigation of Google likely violates 1st Amendment | Ars Technica - 0 views

arstechnica.com/...-likely-violates-1st-amendment

Mississipi investigation Google Intellectual Property violation likely violates 1st Ammendment

shared by Gonzalo San Gil, PhD. on 31 Mar 15 - No Cached
  • Gonzalo San Gil, PhD. on 31 Mar 15
     
    " ...Hood's investigation became closely scrutinized last year after press reports revealed that it was encouraged, and partly funded, by the Motion Picture Association of America. MPAA lawyers wrote drafts of subpoenas intended to be used by the AGs."
« First ‹ Previous 41 - 60 of 122 Next › Last »
Showing 20 items per page