Skip to main content

Home/ Future of the Web/ Group items matching "begins" in title, tags, annotations or url

Group items matching
in title, tags, annotations or url

Sort By: Relevance | Date Filter: All | Bookmarks | Topics Simple Middle
Paul Merrell

We're Halfway to Encrypting the Entire Web | Electronic Frontier Foundation - 0 views

www.eff.org/...-halfway-encrypting-entire-web

Internet encryption https adoption

shared by Paul Merrell on 25 Feb 17 - No Cached
  • The movement to encrypt the web has reached a milestone. As of earlier this month, approximately half of Internet traffic is now protected by HTTPS. In other words, we are halfway to a web safer from the eavesdropping, content hijacking, cookie stealing, and censorship that HTTPS can protect against. Mozilla recently reported that the average volume of encrypted web traffic on Firefox now surpasses the average unencrypted volume
  • Google Chrome’s figures on HTTPS usage are consistent with that finding, showing that over 50% of of all pages loaded are protected by HTTPS across different operating systems.
  • This milestone is a combination of HTTPS implementation victories: from tech giants and large content providers, from small websites, and from users themselves.
  • ...4 more annotations...
  • Starting in 2010, EFF members have pushed tech companies to follow crypto best practices. We applauded when Facebook and Twitter implemented HTTPS by default, and when Wikipedia and several other popular sites later followed suit. Google has also put pressure on the tech community by using HTTPS as a signal in search ranking algorithms and, starting this year, showing security warnings in Chrome when users load HTTP sites that request passwords or credit card numbers. EFF’s Encrypt the Web Report also played a big role in tracking and encouraging specific practices. Recently other organizations have followed suit with more sophisticated tracking projects. For example, Secure the News and Pulse track HTTPS progress among news media sites and U.S. government sites, respectively.
  • But securing large, popular websites is only one part of a much bigger battle. Encrypting the entire web requires HTTPS implementation to be accessible to independent, smaller websites. Let’s Encrypt and Certbot have changed the game here, making what was once an expensive, technically demanding process into an easy and affordable task for webmasters across a range of resource and skill levels. Let’s Encrypt is a Certificate Authority (CA) run by the Internet Security Research Group (ISRG) and founded by EFF, Mozilla, and the University of Michigan, with Cisco and Akamai as founding sponsors. As a CA, Let’s Encrypt issues and maintains digital certificates that help web users and their browsers know they’re actually talking to the site they intended to. CAs are crucial to secure, HTTPS-encrypted communication, as these certificates verify the association between an HTTPS site and a cryptographic public key. Through EFF’s Certbot tool, webmasters can get a free certificate from Let’s Encrypt and automatically configure their server to use it. Since we announced that Let’s Encrypt was the web’s largest certificate authority last October, it has exploded from 12 million certs to over 28 million. Most of Let’s Encrypt’s growth has come from giving previously unencrypted sites their first-ever certificates. A large share of these leaps in HTTPS adoption are also thanks to major hosting companies and platforms--like WordPress.com, Squarespace, and dozens of others--integrating Let’s Encrypt and providing HTTPS to their users and customers.
  • Unfortunately, you can only use HTTPS on websites that support it--and about half of all web traffic is still with sites that don’t. However, when sites partially support HTTPS, users can step in with the HTTPS Everywhere browser extension. A collaboration between EFF and the Tor Project, HTTPS Everywhere makes your browser use HTTPS wherever possible. Some websites offer inconsistent support for HTTPS, use unencrypted HTTP as a default, or link from secure HTTPS pages to unencrypted HTTP pages. HTTPS Everywhere fixes these problems by rewriting requests to these sites to HTTPS, automatically activating encryption and HTTPS protection that might otherwise slip through the cracks.
  • Our goal is a universally encrypted web that makes a tool like HTTPS Everywhere redundant. Until then, we have more work to do. Protect your own browsing and websites with HTTPS Everywhere and Certbot, and spread the word to your friends, family, and colleagues to do the same. Together, we can encrypt the entire web.
  • Paul Merrell on 25 Feb 17
     
    HTTPS connections don't work for you if you don't use them. If you're not using HTTPS Everywhere in your browser, you should be; it's your privacy that is at stake. And every encrypted communication you make adds to the backlog of encrypted data that NSA and other internet voyeurs must process as encrypted traffic; because cracking encrypted messages is computer resource intensive, the voyeurs do not have the resources to crack more than a tiny fraction. HTTPS is a free extension for Firefox, Chrome, and Opera. You can get it here. https://www.eff.org/HTTPS-everywhere
Paul Merrell

AT&T Ends $39 Billion Bid for T-Mobile - NYTimes.com - 0 views

dealbook.nytimes.com/...-withdraws-39-bid-for-t-mobile

AT&T T-Mobile antitrust mergers spectrum wireless networking

shared by Paul Merrell on 20 Dec 11 - No Cached
  • AT&T said on Monday afternoon that it had withdrawn its $39 billion takeover bid for T-Mobile USA, acknowledging that it could not overcome opposition from the Obama administration to creating the nation’s biggest cellphone service provider.The company said in a statement that it would continue to invest in wireless spectrum, but could not overcome resistance from both the Justice Department and the Federal Communications Commission.
  • Under the terms of the deal, AT&T will pay Deutsche Telekom $4 billion in cash and wireless spectrum as a break-up fee, and the two companies will begin a seven-year roaming agreement that will expand T-Mobile’s national coverage.
Paul Merrell

Comcast is turning your Xfinity router into a public Wi-Fi hotspot - Dwight Silverman's TechBlog - 0 views

blog.seattlepi.com/...er-into-a-public-wi-fi-hotspot

broadband roll-out wireless-hotspots Comcast

shared by Paul Merrell on 10 Jun 14 - No Cached
  • Some time on Tuesday afternoon, about 50,000 Comcast Internet customers in Houston will become part of a massive public Wi-Fi hotspot network, a number that will swell to 150,000 by the end of June. Comcast will begin activating a feature in its Arris Touchstone Telephony Wireless Gateway Modems that sets up a public Wi-Fi hotspot alongside a residential Internet customer’s private home network. Other Comcast customers will be able to log in to the hotspots for free using a computer, smartphone or other mobile device. And once they log into one, they’ll be automatically logged in to others when their devices “see” them. Comcast says the hotspot – which appears as “xfinitywifi” to those searching for a Wi-Fi connection – is completely separate from the home network. Someone accessing the Net through the hotspot can’t get to the computers, printers, mobile devices, streaming boxes and more sitting on the host network. Comcast officials also say that people using the Internet via the hotspot won’t slow down Internet access on the home network. Additional capacity is allotted to handle the bandwidth. You can read more about Comcast’s reason for doing this in my report on HoustonChronicle.com.
  • What’s interesting about this move is that, by default, the feature is being turned on without its subscribers’ prior consent. It’s an opt-out system – you have to take action to not participate. Comcast spokesman Michael Bybee said on Monday that notices about the hotspot feature were mailed to customers a few weeks ago, and email notifications will go out after it’s turned on. But it’s a good bet that this will take many Comcast customers by surprise. If you have one of these routers and don’t want to host a public Wi-Fi hotspot, here’s how to turn it off.
  • The additional capacity for public hotspot users is provided through a separate channel on the modem called a “service flow,” according to Comcast. But the speed of the connection reflects the tier of the subscriber hosting the hotspot. For example, if you connect to a hotspot hosted by a home user with a 25-Mbps connection, it will be slower than if you connect to a host system on the 50-Mbps tier.
  • Paul Merrell on 10 Jun 14
     
    I didn't see this one coming. I've got a Comcast account and their Arris Gateway modem. In our area, several coffeehouses, etc., that already offered free wireless connections are now broadcasting Comcast Xfinity wireless. So I'm guessing that this is a planned rollout nationwide. 
Paul Merrell

Where Does Facebook Stop and the NSA Begin? | Mother Jones - 0 views

www.motherjones.com/...ata-online-privacy-social-norm

surveillance state spying government-spying corporate-spying

shared by Paul Merrell on 24 Jun 14 - No Cached
  • There will be a lot of talk in coming months about the government surveillance golem assembled in the shadows of the internet. Good. But what about the pervasive claim the private sector has staked to our digital lives, from where we (and our phones) spend the night to how often we text our spouse or swipe our Visa at the liquor store? It's not a stretch to say that there's a corporate spy operation equal to the NSA—indeed, sometimes it's hard to tell the difference.
Paul Merrell

F.C.C. Backs Opening Net Rules for Debate - NYTimes.com - 0 views

www.nytimes.com/...oad-map-to-net-neutrality.html

FCC rules net-neutrality

shared by Paul Merrell on 16 May 14 - No Cached
  • On Thursday, the Federal Communications Commission voted 3-2 to open for public debate new rules meant to guarantee an open Internet. Before the plan becomes final, though, the chairman of the commission, Tom Wheeler, will need to convince his colleagues and an array of powerful lobbying groups that the plan follows the principle of net neutrality, the idea that all content running through the Internet’s pipes is treated equally.While the rules are meant to prevent Internet providers from knowingly slowing data, they would allow content providers to pay for a guaranteed fast lane of service. Some opponents of the plan, those considered net neutrality purists, argue that allowing some content to be sent along a fast lane would essentially discriminate against other content.
  • “We are dedicated to protecting and preserving an open Internet,” Mr. Wheeler said immediately before the commission vote. “What we’re dealing with today is a proposal, not a final rule. We are asking for specific comment on different approaches to accomplish the same goal, an open Internet.”
  • Mr. Wheeler argued on Thursday that the proposal did not allow a fast lane. But the proposed rules do not address the connection between an Internet service provider, which sells a connection to consumers, and the operators of backbone transport networks that connect various parts of the Internet’s central plumbing.That essentially means that as long as an Internet service provider like Comcast or Verizon does not slow the service that a consumer buys, the provider can give faster service to a company that pays to get its content to consumers unimpeded
  • ...2 more annotations...
  • The plan will be open for comment for four months, beginning immediately.
  • The public will have until July 15 to submit initial comments on the proposal to the commission, and until Sept. 10 to file comments replying to the initial discussions.
  • Paul Merrell on 16 May 14
     
    I'll need to read the proposed rule, but this doesn't sound good. the FCC majority tries to spin this as options still being open, but I don't recall ever seeing formal regulations changed substantially from their proposed form. If their were to be substantial change, another proposal and comment period would be likely. The public cannot comment on what has not been proposed, so substantial departure from the proposal, absent a new proposal and comment period, would offend basic principles of public notice and comment rulemaking under the Administrative Procedures Act. The proverbial elephant in the room that the press hasn't picked up on yet is the fight that is going on behind the scenes in the Dept. of Justice. If the Anti-trust Division gets its way, DoJ's public comments on the proposed rule could blow this show out of the water. The ISPs are regulated utility monopolies in vast areas of the U.S. with market consolidation at or near the limits of what the anti-trust folk will tolerate. And leveraging one monopoly (service to subscribers) to impose another (fees for internet-based businesses to gain high speed access) is directly counter to the Sherman Act's section 2.   http://www.law.cornell.edu/uscode/text/15/2
Gonzalo San Gil, PhD.

Small ISP stands up to Rightscorp's "piracy fishing expedition" and wins | Ars Technica - 0 views

arstechnica.com/...cy-fishing-expedition-and-wins

small ISP standsup Rightscorp piracy subscribers data requests without proper subpoenas

shared by Gonzalo San Gil, PhD. on 11 May 15 - No Cached
    • Gonzalo San Gil, PhD.
      Gonzalo San Gil, PhD. on 11 May 15
       
      # ! The Beginning of The ISPs #Upheaval... # ! What Media/Entertainment Industry will do # (as '#They' refuse to enter in the Digital Age...)?
  • Gonzalo San Gil, PhD. on 11 May 15
     
    A Rightscorp DMCA subpoena, asking for 71 subscriber identities, is thrown out. by Joe Mullin - May 11, 2015 8:20 pm UTC
Paul Merrell

Google Open Source Blog: Bidding farewell to Google Code - 1 views

google-opensource.blogspot.it/...farewell-to-google-code.html

Google-Code

shared by Paul Merrell on 20 May 15 - No Cached
vassvassvass liked it
  • Beginning today, we have disabled new project creation on Google Code. We will be shutting down the service about 10 months from now on January 25th, 2016. Below, we provide links to migration tools designed to help you move your projects off of Google Code. We will also make ourselves available over the next three months to those projects that need help migrating from Google Code to other hosts. March 12, 2015 - New project creation disabled. August 24, 2015 - The site goes read-only. You can still checkout/view project source, issues, and wikis. January 25, 2016 - The project hosting service is closed. You will be able to download a tarball of project source, issues, and wikis. These tarballs will be available throughout the rest of 2016. Google will continue to provide Git and Gerrit hosting for certain projects like Android and Chrome. We will also continue maintaining our mirrors of projects like Eclipse, kernel.org and others. How To Migrate Your Data Off Google Code
Paul Merrell

First Look Publishes Open Source Code To Advance Privacy, Security, and Journalism - The Intercept - 0 views

firstlook.org/...uments-create-warrant-canaries

surveillance state warrant-canaries First-Look Internet-fights-back

shared by Paul Merrell on 28 May 15 - No Cached
  • today we’re excited to contribute back to the open source community by launching First Look Code, the home for our own open source projects related to privacy, security, data, and journalism. To begin with, First Look Code is the new home for document sanitization software PDF Redact Tools, and we’ve launched a brand new anti-gag order project called AutoCanary.
  • AutoCanary A warrant canary is a regularly published statement that a company hasn’t received any legal orders that it’s not allowed to talk about, such as a national security letter. Canaries can help prevent web publishers from misleading visitors and prevent tech companies from misleading users when they share data with the government and are prevented from talking about it. One such situation arose — without a canary in place — in 2013, when the U.S. government sent Lavabit, a provider of encrypted email services apparently used by Snowden, a legal request to access Snowden’s email, thwarting some of the very privacy protections Lavabit had promised users. This request included a gag order, so the company was legally prohibited from talking about it. Rather than becoming “complicit in crimes against the American people,” in his words, Lavabit founder Ladar Levison, chose to shut down the service.
  • Warrant canaries are designed to help companies in this kind of situation. You can see a list of companies that publish warrant canary statements at Canary Watch. As of today, First Look Media is among the companies that publish canaries. We’re happy to announce the first version of AutoCanary, a desktop program for Windows, Mac OS X, and Linux that makes the process of generating machine-readable, digitally-signed warrant canary statements simpler. Read more about AutoCanary on its new website.
  • Paul Merrell on 28 May 15
     
    The internet continues to fight back against the Dark State. On the unsettled nature of the law in regard to use of warrant canaries in the U.S. see EFF's faq: https://www.eff.org/deeplinks/2014/04/warrant-canary-faq (it needs a test case).
Gary Edwards

Two Microsofts: Mulling an alternate reality | ZDNet - 1 views

www.zdnet.com/n-alternate-reality-7000016916

Microsoft microsoft-monopoly Judge-Thomas-Penfield-Jackson

shared by Gary Edwards on 19 Jun 13 - No Cached
  • Judge Jackson had it right. And the Court of Appeals? Not so much
  • Judge Jackson is an American hero and news of his passing thumped me hard. His ruling against Microsoft and the subsequent overturn of that ruling resulted, IMHO, in two extraordinary directions that changed the world. Sure the what-if game is interesting, but the reality itself is stunning enough. Of course, Judge Jackson sought to break the monopoly. The US Court of Appeals overturn resulted in the monopoly remaining intact, but the Internet remaining free and open. Judge Jackson's breakup plan had a good shot at achieving both a breakup of the monopoly and, a free and open Internet. I admit though that at the time I did not favor the Judge's plan. And i actually did submit a proposal based on Microsoft having to both support the WiNE project, and, provide a complete port to WiNE to any software provider requesting a port. I wanted to break the monopolist's hold on the Windows Productivity Environment and the hundreds of millions of investment dollars and time that had been spent on application development forever trapped on that platform. For me, it was the productivity platform that had to be broken.
  • I assume the good Judge thought that separating the Windows OS from Microsoft Office / Applications would force the OS to open up the secret API's even as the OS continued to evolve. Maybe. But a full disclosure of the API's coupled with the community service "port to WiNE" requirement might have sped up the process. Incredibly, the "Undocumented Windows Secrets" industry continues to thrive, and the legendary Andrew Schulman's number is still at the top of Silicon Valley legal profession speed dials. http://goo.gl/0UGe8 Oh well. The Court of Appeals stopped the breakup, leaving the Windows Productivity Platform intact. Microsoft continues to own the "client" in "Client/Server" computing. Although Microsoft was temporarily stopped from leveraging their desktop monopoly to an iron fisted control and dominance of the Internet, I think what were watching today with the Cloud is Judge Jackson's worst nightmare. And mine too. A great transition is now underway, as businesses and enterprises begin the move from legacy client/server business systems and processes to a newly emerging Cloud Productivity Platform. In this great transition, Microsoft holds an inside straight. They have all the aces because they own the legacy desktop productivity platform, and can control the transition to the Cloud. No doubt this transition is going to happen. And it will severely disrupt and change Microsoft's profit formula. But if the Redmond reprobate can provide a "value added" transition of legacy business systems and processes, and direct these new systems to the Microsoft Cloud, the profits will be immense.
  • ...1 more annotation...
  • Judge Jackson sought to break the ability of Microsoft to "leverage" their existing monopoly into the Internet and his plan was overturned and replaced by one based on judicial oversight. Microsoft got a slap on the wrist from the Court of Appeals, but were wailed on with lawsuits from the hundreds of parties injured by their rampant criminality. Some put the price of that criminality as high as $14 Billion in settlements. Plus, the shareholders forced Chairman Bill to resign. At the end of the day though, Chairman Bill was right. Keeping the monopoly intact was worth whatever penalty Microsoft was forced to pay. He knew that even the judicial over-site would end one day. Which it did. And now his company is ready to go for it all by leveraging and controlling the great productivity transition. No business wants to be hostage to a cold heart'd monopolist. But there is huge difference between a non-disruptive and cost effective, process-by-process value-added transition to a Cloud Productivity Platform, and, the very disruptive and costly "rip-out-and-replace" transition offered by Google, ZOHO, Box, SalesForce and other Cloud Productivity contenders. Microsoft, and only Microsoft, can offer the value-added transition path. If they get the Cloud even halfway right, they will own business productivity far into the future. Rest in Peace Judge Jackson. Your efforts were heroic and will be remembered as such. ~ge~
  • Gary Edwards on 19 Jun 13
     
    Comments on the latest SVN article mulling the effects of Judge Thomas Penfield Jackson's anti trust ruling and proposed break up of Microsoft. comment: "Chinese Wall" Ummm, there was a Chinese Wall between Microsoft Os and the MS Applciations layer. At least that's what Chairman Bill promised developers at a 1990 OS/2-Windows Conference I attended. It was a developers luncheon, hosted by Microsoft, with Chairman Bill speaking to about 40 developers with applications designed to run on the then soon to be released Windows 3.0. In his remarks, the Chairman described his vision of commoditizing the personal computer market through an open hardware-reference platform on the one side of the Windows OS, and provisioning an open application developers layer on the other using open and totally transparent API's. Of course the question came up concerning the obvious advantage Microsoft applications would have. Chairman Bill answered the question by describing the Chinese Wall that existed between Microsoft's OS and Apps develop departments. He promised that OS API's would be developed privately and separate from the Apps department, and publicly disclosed to ALL developers at the same time. Oh yeah. There was lots of anti IBM - evil empire stuff too :) Of course we now know this was a line of crap. Microsoft Apps was discovered to have been using undocumented and secret Window API's. http://goo.gl/0UGe8. Microsoft Apps had a distinct advantage over the competition, and eventually the entire Windows Productivity Platform became dependent on the MSOffice core. The company I worked for back then, Pyramid Data, had the first Contact Management application for Windows; PowerLeads. Every Friday night we would release bug fixes and improvements using Wildcat BBS. By Monday morning we would be slammed with calls from users complaining that they had downloaded the Friday night patch, and now some other application would not load or function properly. Eventually we tracked th
Gary Edwards

Chris Dixon Explains Why He Loves Paper - Business Insider - 0 views

www.businessinsider.com/ains-why-he-loves-paper-2013-6

shared by Gary Edwards on 19 Jun 13 - No Cached
  • Steve Jobs predicted that tablet computers would become so dominant that “PCs would become like trucks” – special-purpose industrial devices. Skeptics replied that tablets were only useful for consumption and not creation and therefore couldn’t replace PCs, to which Jobs said:
  • We are just scratching the surface on the kinds of apps for the iPad…I think there are lots of kinds of content that can be created on the iPad. When I am going to write that 35-page analyst report, I am going to want my Bluetooth keyboard. That’s 1 percent of the time. The software will get more powerful. I think your vision would have to be pretty short to think these can’t grow into machines that can do more things, like editing video, graphic arts, productivity. You can imagine all of these content creation possibilities on these kind of things. Time takes care of lots of these things.
  • History supports Jobs’ argument. In the past, new user interfaces led to new categories of creation applications. Back in the 70s and 80s, when computers had text-based interfaces, word processors and spreadsheets were invented. In the 80s and 90s, when computers had graphical interfaces, presentation and image editors proliferated. Jobs was simply predicting that historical patterns would repeat.
  • ...1 more annotation...
  • Today we are announcing that Andreessen Horowitz is leading a $15M Series A investment in FiftyThree, a company whose goal is to build the essential suite of mobile tools for creativity. You might know FiftyThree as the company behind the iPad app Paper. Paper has been embraced by millions of everyday creators, and has won dozens of awards (including Apple’s App of the Year). It is also one of the top grossing iPad productivity apps ever. But this is only the beginning of FiftyThree’s ambitious plans.
Paul Merrell

Even the Former Director of the NSA Hates the FBI's New Surveillance Push - The Daily Beast - 0 views

www.thedailybeast.com/...r-new-surveillance-powers.html

surveillance state FBI Comey encryption-backdoors

shared by Paul Merrell on 28 Jul 15 - No Cached
  • The head of the FBI has spent the last several months in something of a panic, warning anyone who will listen that terrorists are “going dark”—using encrypted communications to hide from the FBI—and insisting that the bureau needs some kind of electronic back door to get access to those chats.It’s an argument that civil libertarians and technology industry executives have largely rejected. And now, members of the national security establishment—veterans of both the Obama and Bush administrations—are beginning to speak out publicly against FBI Director Jim Comey’s call to give the government a skeleton key to your private talks.
  • The encryption issue was also one of several small, but telling, ways in which Comey seemed out of sync with some of his fellow members of the national security establishment here at the Aspen Security Forum.
  • This isn’t the first intra-government fight over encryption, Chertoff noted. The last time an administration insisted on a technological back door—in the 1990s—Congress shot down the idea. And despite cries of “going dark” back then, the government found all kinds of new ways to spy. “We collected more than ever. We found ways to deal with that issue,” Chertoff told the forum.
Paul Merrell

'UK surveillance is worse than 1984' says UN privacy chief (Wired UK) - 0 views

www.wired.co.uk/...-surveillance-joseph-cannataci

surveillance state privacy U.N.-repporteur Orwell 1984

shared by Paul Merrell on 28 Aug 15 - No Cached
  • The UN's newly appointed special rapporteur on privacy, Joseph Cannataci, has described digital surveillance in the UK as "worse" than anything imagined in George Orwell's totalitarian dystopia 1984.Speaking to the Guardian, Cannataci -- who doesn't own a Facebook account or use Twitter -- lambasted the oversight of British digital surveillance as "a rather bad joke at its citizens' expense".Warning against the steady erosion of privacy and increasing levels of government intrusion, he also drew sinister parallels with Orwell's vision of a mass-surveilled society, adding that today's reality was far worse than the fiction: "At least Winston [a character in Orwell's 1984] was able to go out in the countryside and go under a tree and expect there wouldn't be any screen, as it was called. Whereas today there are many parts of the English countryside where there are more cameras than George Orwell could ever have imagined."
  • Cannataci, who holds posts as a professor of technology of law at the University of Groningen, and as head of the department of Information Policy and Governance at the University of Malta, also called for a "Geneva convention-style law" for the internet. "Some people may not want to buy into it. But you know, if one takes the attitude that some countries will not play ball, then, for example, the chemical weapons agreement would never have come about."
  • As part of his new role -- which elevates digital privacy to the same level of importance as other human rights -- Cannataci has vowed to begin systematically reviewing government policies and the business models of large corporations, which he accuses of "very often taking the data that you never even knew they were taking". Although the privacy chief admits that his mandate is more than likely "impossible to achieve in the next three years", he stressed the importance of a "longer-term view" in an effort to help protect people's data and safeguard their digital rights.
Paul Merrell

Hacking Team Asks Customers to Stop Using Its Software After Hack | Motherboard - 1 views

motherboard.vice.com/...-using-its-software-after-hack

surveillance state Hacking-Team hacked

shared by Paul Merrell on 07 Jul 15 - No Cached
  • But the hack hasn’t just ruined the day for Hacking Team’s employees. The company, which sells surveillance software to government customers all over the world, from Morocco and Ethiopia to the US Drug Enforcement Agency and the FBI, has told all its customers to shut down all operations and suspend all use of the company’s spyware, Motherboard has learned. “They’re in full on emergency mode,” a source who has inside knowledge of Hacking Team’s operations told Motherboard.
  • A source told Motherboard that the hackers appears to have gotten “everything,” likely more than what the hacker has posted online, perhaps more than one terabyte of data. “The hacker seems to have downloaded everything that there was in the company’s servers,” the source, who could only speak on condition of anonymity, told Motherboard. “There’s pretty much everything here.” It’s unclear how the hackers got their hands on the stash, but judging from the leaked files, they broke into the computers of Hacking Team’s two systems administrators, Christian Pozzi and Mauro Romeo, who had access to all the company’s files, according to the source. “I did not expect a breach to be this big, but I’m not surprised they got hacked because they don’t take security seriously,” the source told me. “You can see in the files how much they royally fucked up.”
  • Hacking Team notified all its customers on Monday morning with a “blast email,” requesting them to shut down all deployments of its Remote Control System software, also known as Galileo, according to multiple sources. The company also doesn’t have access to its email system as of Monday afternoon, a source said. On Sunday night, an unnamed hacker, who claimed to be the same person who breached Hacking Team’s competitor FinFisher last year, hijacked its Twitter account and posted links to 400GB of internal data. Hacking Team woke up to a massive breach of its systems.
  • ...2 more annotations...
  • For example, the source noted, none of the sensitive files in the data dump, from employees passports to list of customers, appear to be encrypted. “How can you give all the keys to your infrastructure to a 20-something who just joined the company?” he added, referring to Pozzi, whose LinkedIn shows he’s been at Hacking Team for just over a year. “Nobody noticed that someone stole a terabyte of data? You gotta be a fuckwad,” the source said. “It means nobody was taking care of security.”
  • The future of the company, at this point, it’s uncertain. Employees fear this might be the beginning of the end, according to sources. One current employee, for example, started working on his resume, a source told Motherboard. It’s also unclear how customers will react to this, but a source said that it’s likely that customers from countries such as the US will pull the plug on their contracts. Hacking Team asked its customers to shut down operations, but according to one of the leaked files, as part of Hacking Team’s “crisis procedure,” it could have killed their operations remotely. The company, in fact, has “a backdoor” into every customer’s software, giving it ability to suspend it or shut it down—something that even customers aren’t told about. To make matters worse, every copy of Hacking Team’s Galileo software is watermarked, according to the source, which means Hacking Team, and now everyone with access to this data dump, can find out who operates it and who they’re targeting with it.
Paul Merrell

Popular Security Software Came Under Relentless NSA and GCHQ Attacks - The Intercept - 0 views

firstlook.org/...nsa-gchq-targeted-kaspersky

surveillance state NSA GCHQ anti-virus-software

shared by Paul Merrell on 23 Jun 15 - No Cached
  • The National Security Agency and its British counterpart, Government Communications Headquarters, have worked to subvert anti-virus and other security software in order to track users and infiltrate networks, according to documents from NSA whistleblower Edward Snowden. The spy agencies have reverse engineered software products, sometimes under questionable legal authority, and monitored web and email traffic in order to discreetly thwart anti-virus software and obtain intelligence from companies about security software and users of such software. One security software maker repeatedly singled out in the documents is Moscow-based Kaspersky Lab, which has a holding registered in the U.K., claims more than 270,000 corporate clients, and says it protects more than 400 million people with its products. British spies aimed to thwart Kaspersky software in part through a technique known as software reverse engineering, or SRE, according to a top-secret warrant renewal request. The NSA has also studied Kaspersky Lab’s software for weaknesses, obtaining sensitive customer information by monitoring communications between the software and Kaspersky servers, according to a draft top-secret report. The U.S. spy agency also appears to have examined emails inbound to security software companies flagging new viruses and vulnerabilities.
  • The efforts to compromise security software were of particular importance because such software is relied upon to defend against an array of digital threats and is typically more trusted by the operating system than other applications, running with elevated privileges that allow more vectors for surveillance and attack. Spy agencies seem to be engaged in a digital game of cat and mouse with anti-virus software companies; the U.S. and U.K. have aggressively probed for weaknesses in software deployed by the companies, which have themselves exposed sophisticated state-sponsored malware.
  • The requested warrant, provided under Section 5 of the U.K.’s 1994 Intelligence Services Act, must be renewed by a government minister every six months. The document published today is a renewal request for a warrant valid from July 7, 2008 until January 7, 2009. The request seeks authorization for GCHQ activities that “involve modifying commercially available software to enable interception, decryption and other related tasks, or ‘reverse engineering’ software.”
  • ...9 more annotations...
  • The NSA, like GCHQ, has studied Kaspersky Lab’s software for weaknesses. In 2008, an NSA research team discovered that Kaspersky software was transmitting sensitive user information back to the company’s servers, which could easily be intercepted and employed to track users, according to a draft of a top-secret report. The information was embedded in “User-Agent” strings included in the headers of Hypertext Transfer Protocol, or HTTP, requests. Such headers are typically sent at the beginning of a web request to identify the type of software and computer issuing the request.
  • According to the draft report, NSA researchers found that the strings could be used to uniquely identify the computing devices belonging to Kaspersky customers. They determined that “Kaspersky User-Agent strings contain encoded versions of the Kaspersky serial numbers and that part of the User-Agent string can be used as a machine identifier.” They also noted that the “User-Agent” strings may contain “information about services contracted for or configurations.” Such data could be used to passively track a computer to determine if a target is running Kaspersky software and thus potentially susceptible to a particular attack without risking detection.
  • Another way the NSA targets foreign anti-virus companies appears to be to monitor their email traffic for reports of new vulnerabilities and malware. A 2010 presentation on “Project CAMBERDADA” shows the content of an email flagging a malware file, which was sent to various anti-virus companies by François Picard of the Montréal-based consulting and web hosting company NewRoma. The presentation of the email suggests that the NSA is reading such messages to discover new flaws in anti-virus software. Picard, contacted by The Intercept, was unaware his email had fallen into the hands of the NSA. He said that he regularly sends out notification of new viruses and malware to anti-virus companies, and that he likely sent the email in question to at least two dozen such outfits. He also said he never sends such notifications to government agencies. “It is strange the NSA would show an email like mine in a presentation,” he added.
  • The NSA presentation goes on to state that its signals intelligence yields about 10 new “potentially malicious files per day for malware triage.” This is a tiny fraction of the hostile software that is processed. Kaspersky says it detects 325,000 new malicious files every day, and an internal GCHQ document indicates that its own system “collect[s] around 100,000,000 malware events per day.” After obtaining the files, the NSA analysts “[c]heck Kaspersky AV to see if they continue to let any of these virus files through their Anti-Virus product.” The NSA’s Tailored Access Operations unit “can repurpose the malware,” presumably before the anti-virus software has been updated to defend against the threat.
  • The Project CAMBERDADA presentation lists 23 additional AV companies from all over the world under “More Targets!” Those companies include Check Point software, a pioneering maker of corporate firewalls based Israel, whose government is a U.S. ally. Notably omitted are the American anti-virus brands McAfee and Symantec and the British company Sophos.
  • As government spies have sought to evade anti-virus software, the anti-virus firms themselves have exposed malware created by government spies. Among them, Kaspersky appears to be the sharpest thorn in the side of government hackers. In the past few years, the company has proven to be a prolific hunter of state-sponsored malware, playing a role in the discovery and/or analysis of various pieces of malware reportedly linked to government hackers, including the superviruses Flame, which Kaspersky flagged in 2012; Gauss, also detected in 2012; Stuxnet, discovered by another company in 2010; and Regin, revealed by Symantec. In February, the Russian firm announced its biggest find yet: the “Equation Group,” an organization that has deployed espionage tools widely believed to have been created by the NSA and hidden on hard drives from leading brands, according to Kaspersky. In a report, the company called it “the most advanced threat actor we have seen” and “probably one of the most sophisticated cyber attack groups in the world.”
  • Hacks deployed by the Equation Group operated undetected for as long as 14 to 19 years, burrowing into the hard drive firmware of sensitive computer systems around the world, according to Kaspersky. Governments, militaries, technology companies, nuclear research centers, media outlets and financial institutions in 30 countries were among those reportedly infected. Kaspersky estimates that the Equation Group could have implants in tens of thousands of computers, but documents published last year by The Intercept suggest the NSA was scaling up their implant capabilities to potentially infect millions of computers with malware. Kaspersky’s adversarial relationship with Western intelligence services is sometimes framed in more sinister terms; the firm has been accused of working too closely with the Russian intelligence service FSB. That accusation is partly due to the company’s apparent success in uncovering NSA malware, and partly due to the fact that its founder, Eugene Kaspersky, was educated by a KGB-backed school in the 1980s before working for the Russian military.
  • Kaspersky has repeatedly denied the insinuations and accusations. In a recent blog post, responding to a Bloomberg article, he complained that his company was being subjected to “sensationalist … conspiracy theories,” sarcastically noting that “for some reason they forgot our reports” on an array of malware that trace back to Russian developers. He continued, “It’s very hard for a company with Russian roots to become successful in the U.S., European and other markets. Nobody trusts us — by default.”
  • Documents published with this article: Kaspersky User-Agent Strings — NSA Project CAMBERDADA — NSA NDIST — GCHQ’s Developing Cyber Defence Mission GCHQ Application for Renewal of Warrant GPW/1160 Software Reverse Engineering — GCHQ Reverse Engineering — GCHQ Wiki Malware Analysis & Reverse Engineering — ACNO Skill Levels — GCHQ
Gary Edwards

Keep an Open Eye » Silverlight Full Court Press - 0 views

www.theopensourcery.com/...index.php

ria silverlight webkit

shared by Gary Edwards on 29 Jun 08 - Cached
  • Remember the crucial test for an RIA is will the app run offline and online on every platform its used on. Like Microsoft’s current support for HTML/CSS/DOM standards, Redmond is the most seriously deficient of RIA providers as well. Beginning to sound like a broken record ? Well lets see exactly what Redmond is promoting. What Developers Should be Demanding of Redmond Steve Apiki has written a piece on Nine Silverlight 2 Features Not to Be Missed. Here is what Web 2.0 developers should be demanding of Microsoft before they even consider Silverlight
  • Gary Edwards on 29 Jun 08
     
    very important discussion on RiA and the standards implementation of HTML-CSS-DOM-JavaScript technologies. Excellent!
  • anonymous on 02 Oct 13
     
    Most quality online stores. Know whether you are a trusted online retailer in the world. Whatever we can buy very good quality. and do not hesitate. Everything is very high quality. Including clothes, accessories, bags, cups. Highly recommended. This is one of the trusted online store in the world. View now www.retrostyler.com
Gary Edwards

The new UI wars: Why there's no Flash on iPhone 2.0 « counternotions - 0 views

counternotions.com/...flash-iphone

adobe apple flash iphone ria webkit

shared by Gary Edwards on 20 Jun 08 - Cached
  • - publishers of Flash apps have to port their apps to native Web apps if they want to run inside a Web browser going forward because the Web has moved off the PC, you can’t accessorize it with PC software anymore, WebKit is so small and light and cross-platform that it is the plug-in now, inside iPhone, iPod, Nokia, Android, iTunes and other Mac and Windows apps - publishers of Flash video have to deploy MPEG-4 H.264/AAC if they want to run inside an audio-video player (on any device) going forward, the decoder chips for this are already in EVERYTHING, from iPod to Blu-Ray to NVIDIA GPU’s Most of the world has already done both of the above, including Google and Apple. This is not the beginning of the end for Flash, it is the end of the end.
  • Notice he doesn’t say at all that Flash is running natively on the ARM CPU inside the iPhone. And once again, as I point out in the article above, technical problems may be solved by Adobe, but cross-platform runtime compatibility and multi-touch UI frameworks remain as serious impediments.
  • the direction Apple is taking in WebKit with canvas, downloadable fonts, SVG, CSS animation, CSS transformations, faster JavaScript, HTML5 audio/video embedding, exposure of multi-touch to JS and so on is precisely to create an open source alternative to the Flash runtime engine, without having to download a proprietary plugin:
  • Gary Edwards on 20 Jun 08
     
    this article takes the RiA discussion to an entirely new level - the battle between Apple, Adobe and Microsoft to control the future user interface (UI). Adobe Flash extends the aging WiMP model, trying to create a "UI Convergence" across many platforms through the Flash RiA. With iPhone, Apple introduces the patented "gestures UI", running off the WebKit RiA. Microsoft presumably is copying the Flash RiA with the XAML rich WPF Silverlight RiA. Unfortunately, counternotions doe snot cover Silverlight. This incredible discussion is limited to Adobe and Apple.
  • anonymous on 02 Oct 13
     
    Most quality online stores. Know whether you are a trusted online retailer in the world. Whatever we can buy very good quality. and do not hesitate. Everything is very high quality. Including clothes, accessories, bags, cups. Highly recommended. This is one of the trusted online store in the world. View now www.retrostyler.com
Gary Edwards

Flash Wars: Adobe Fights for AIR with the Open Screen Project [Part 3 of 3] | AppleInsider - 0 views

www.appleinsider.com/...creen_project_part_3_of_3.html

adobe air flash java javascript ria svg webkit

shared by Gary Edwards on 18 Jun 08 - Cached
  • Two areas where Flash can offer real value is in displaying and packaging video on the web, and in serving as a Java replacement for developing applets. Here's a look at how Adobe is working to defend its strengths in the face of competition, and how its efforts to open the Flash specification in the Open Screen Project play into these efforts.
  • proprietary FLV video container format
  • more advanced and open H.264 video codec
  • ...3 more annotations...
  • Apple's ability to disrupt the status quo in video playback is evident in its deal with Google to vend YouTube videos to the iPhone, iPod Touch, and Apple TV as straight H.264 rather than Google's existing mix of a Flash-based player and its archaic GVI file format based upon AVI.
  • As Apple's hardware-based H.264 playback in mobile devices begins to define how to reach affluent customers with content, Flash will increasingly lose any allure on the PC desktop as well, as developers won't want to target PCs and mobiles using two different systems.
  • Adobe seems to be hoping that nobody notices these problems and that its vigilant marketing efforts can entrance the public into thinking that a drawing app extended into an animation tool and then retrofitted into a monstrous hack of a development platform is a superior technology basis for building web apps compared to the use of modern open standards created expressly to promote true interoperability by design rather than retroactively.
  • Gary Edwards on 18 Jun 08
     
    Part two of the Prince McClean Adobe-Flash history. Excellent history involves Adobe SVG, Microsoft VmL-XAML-Silverlight, Apple WebKit, Sun (Java) as they battle for dominance over web applications and the future of the Web itself.
  • anonymous on 28 Sep 13
     
    Live Roulette from Australia, Fun and Free! Now you can play Real "www.funlivecasino.com.au" Live Roulette for Fun in Australia on a brand new website, FunLiveCasino.com.au. Using the latest internet streaming technologies, Fun Live Casino lets you join a real game happening on a real table in a real casino, all broadcast Live! You can see other real players in the casino betting on the same results you do giving you ultimate trust in the results as they are not generated 'just for you', like other casino gaming products such as 'live studios' or computer generated games. Its amazing to think next time your really in the casino that you might be on camera, and people online might be watching! The future is scary! Imagine that one day soon this will be the only way people would gamble online because the internet is full of scams, you have to be super careful, and why would you play Online Roulette any other way except from a Real Casino you can visit, see, hear and trust! Amazingly this site is completely Free and has no registration process, no spam, no clicks and no fuss. Just Instant Fun "www.funlivecasino.com.au" Free Live Roulette! Give it a try, its worth checking out! "www.funlivecasino.com.au" Australia's Online Fun Live Casino! Backlink created from http://fiverr.com/radjaseotea/making-best-156654-backlink-high-pr
Paul Merrell

Bloomberg.com: News - 0 views

www.bloomberg.com/...news

antitrust antitrust policy U.S. Google Microsoft

shared by Paul Merrell on 18 Feb 09 - Cached
  • Christine A. Varney, nominated by President Barack Obama to be the U.S.’s next antitrust chief, has described Google Inc. as a monopolist that will dominate online computing services the way Microsoft Corp. ruled software.
  • Varney, 53, lobbied the Clinton administration on behalf of Netscape Communications Corp. to urge antitrust enforcers to sue Microsoft.
  • Still, Google is “quickly gathering market power in what I would call an online computing environment in the clouds,” she said, using a software industry term for software that is based on the Internet rather than in individual personal computers. “When all our enterprises move to computing in the clouds and there is a single firm that is offering a comprehensive solution,” Varney said, “you are going to see the same repeat of Microsoft.”
  • ...1 more annotation...
  • As in the Microsoft case, “there will be companies that will begin to allege that Google is discriminating” against them by “not allowing their products to interoperate with Google’s products,” Varney said.
Paul Merrell

EU considers spending €1 billion for satellite broadband technology - International Herald Tribune - 0 views

www.iht.com/...satellite.php

european union broadband uptake internet politics satellite broadband economic stimulus

shared by Paul Merrell on 22 Dec 08 - Cached
  • The €200 billion economic rescue plan being considered this week by European Union leaders includes a proposal to spend €1 billion on bringing high-speed Internet access to rural areas. The proposal is likely to pit the Continent's telecommunications operators against satellite companies, which say they are uniquely suited to expand the broadband, or high-speed, network to underserved parts of Eastern Europe and the Alps by the end of 2010.
  • But support for the plan by EU government leaders, who begin a two-day meeting to consider the rescue plan Thursday is not assured. The money would come from unspent funds in the current EU budget, which under EU rules normally revert back to member countries. Germany, which contributes the most to the EU budget and stands to get the largest refund if the project is rejected, opposes the expenditure.
  • Across the EU, 21.7 percent of residents had broadband Internet access in July, according to the commission; 107.6 million received service from a telephone DSL line or a cable television connection and 130,592 via satellite. Only 6 percent of EU residents on average received broadband via mobile phones.
  • ...1 more annotation...
  • Until now, Baugh said, satellite broadband had been hindered by the relatively high cost of the hardware consumers needed to gain access to the service. But recent advances have lowered the cost to roughly €400, including installation, from several thousand euros a few years ago. At about €30 a month, service packages are comparable to those of DSL and cable.
  • Paul Merrell on 22 Dec 08
     
    A billion Euros is chicken feed compared to other portions of the E.U. economic stimulus initiatives in the works that respond to the major recession under way. Still, this could be a significant foot in the door for satellite broadband in the E.U., perhaps enough to build out the infrastructure enough for a more serious challenge to cable and telephony broadband. But I wonder if there would be enough redundancy enabled by only a billion Euros to gracefully handle a satellite's death if it has far more broadband users.
« First ‹ Previous 61 - 80 of 114 Next › Last »
Showing 20 items per page