Group items matching

in title, tags, annotations or url

Because of section 1201 of the DMCA, the "anti-circumvention" provision, companies have been abusing copyright law to block all sorts of actions that are totally unrelated to copyright. That's because 1201 makes it illegal to circumvent basically any "technological protection measures." The intent of the copyright maximalists was to use this section to stop people from breaking DRM. However, other companies soon distorted the language to argue that it could be used to block certain actions totally unrelated to copyright law -- such as unlocking garage doors, ink jet cartridges, gaming accessories... and phones

Guardian journalists have been recognised at the Paul Foot award 2013 for their work on the investigation into what files leaked by Edward Snowden revealed about the extent of mass surveillance by British and US intelligence agencies.

The £2,000 special investigation award,

The Exploitation process relied upon a Java vulnerability (CVE-2013-2460) and after getting dropped into the target computer system, the malware detects the Java version installed on the operating system and based upon it requests the suitable exploit.

“The Art of Deception: Training for Online Covert Operations.”

Among the core self-identified purposes of JTRIG are two tactics: (1) to inject all sorts of false material onto the internet in order to destroy the reputation of its targets; and (2) to use social sciences and other techniques to manipulate online discourse and activism to generate outcomes it considers desirable. To see how extremist these programs are, just consider the tactics they boast of using to achieve those ends: “false flag operations” (posting material to the internet and falsely attributing it to someone else), fake victim blog posts (pretending to be a victim of the individual whose reputation they want to destroy), and posting “negative information” on various forums. 

Critically, the “targets” for this deceit and reputation-destruction extend far beyond the customary roster of normal spycraft: hostile nations and their leaders, military agencies, and intelligence services. In fact, the discussion of many of these techniques occurs in the context of using them in lieu of “traditional law enforcement” against people suspected (but not charged or convicted) of ordinary crimes or, more broadly still, “hacktivism”, meaning those who use online protest activity for political ends. The title page of one of these documents reflects the agency’s own awareness that it is “pushing the boundaries” by using “cyber offensive” techniques against people who have nothing to do with terrorism or national security threats, and indeed, centrally involves law enforcement agents who investigate ordinary crimes:

The two main components of Uroburos are - a driver and an encrypted virtual file system, used to disguise its nasty activities and to try to avoid detection. Its driver part is extremely complex and is designed to be very discrete and very difficult to identify.

The virtual file system can’t be decrypted without the presence of drivers, according to the Gdata’s analysis explained in the PDF.

The plan was confirmed by Keurig's CEO who stated on a recent earnings call that the new maker indeed won't work with "unlicensed" pods as part of an effort to deliver "game-changing performance." "Keurig 2.0" is expected to launch this fall. French Press and pour-over manufacturers like Chemex have plenty of time to get their thank you notes to Keurig in the mail ahead of time as users are hopefully nudged toward the realization they could be drinking much better coffee anyway

Now, with OneDrive for Business — the new SkyDrive Pro — Microsoft is selling cloud storage directly to businesses, no other strings attached. If you don’t want to buy into an Office-as-a-service contract, you can still buy cloud storage from Microsoft.

Microsoft is offering a deep discount — 50 percent

Documents leaked by former NSA contractor Edward Snowden show that the NSA created and promulgated a flawed formula for generating random numbers to create a "back door" in encryption products, the New York Times reported in September. Reuters later reported that RSA became the most important distributor of that formula by rolling it into a software tool called Bsafe that is used to enhance security in personal computers and many other products.Undisclosed until now was that RSA received $10 million in a deal that set the NSA formula as the preferred, or default, method for number generation in the BSafe software, according to two sources familiar with the contract. Although that sum might seem paltry, it represented more than a third of the revenue that the relevant division at RSA had taken in during the entire previous year, securities filings show.

RSA, meanwhile, was changing. Bidzos stepped down as CEO in 1999 to concentrate on VeriSign, a security certificate company that had been spun out of RSA. The elite lab Bidzos had founded in Silicon Valley moved east to Massachusetts, and many top engineers left the company, several former employees said.And the BSafe toolkit was becoming a much smaller part of the company. By 2005, BSafe and other tools for developers brought in just $27.5 million of RSA's revenue, less than 9% of the $310 million total."When I joined there were 10 people in the labs, and we were fighting the NSA," said Victor Chan, who rose to lead engineering and the Australian operation before he left in 2005. "It became a very different company later on."By the first half of 2006, RSA was among the many technology companies seeing the U.S. government as a partner against overseas hackers.New RSA Chief Executive Art Coviello and his team still wanted to be seen as part of the technological vanguard, former employees say, and the NSA had just the right pitch. Coviello declined an interview request.An algorithm called Dual Elliptic Curve, developed inside the agency, was on the road to approval by the National Institutes of Standards and Technology as one of four acceptable methods for generating random numbers. NIST's blessing is required for many products sold to the government and often sets a broader de facto standard.RSA adopted the algorithm even before NIST approved it. The NSA then cited the early use of Dual Elliptic Curve inside the government to argue successfully for NIST approval, according to an official familiar with the proceedings.RSA's contract made Dual Elliptic Curve the default option for producing random numbers in the RSA toolkit. No alarms were raised, former employees said, because the deal was handled by business leaders rather than pure technologists.

File-hosting service RapidGator has had nearly all of its search results wiped from Google, including many clearly non-infringing pages. The URLs in question were removed by the search engine after a DMCA notice from several copyright holders. RapidGator is outraged and says the overbroad censorship is hurting its business, warning that the same could happen to others. “If it happens to us, it can happen to MediaFire or Dropbox tomorrow,” they state.

Thus far this has resulted in more than 200 million URLs being removed from Google’s search engine. While many of these takedown claims are legit, some are clearly false, censoring perfectly legitimate webpages from search results. File-hosting service RapidGator.net is one site that has fallen victim to such overbroad takedown requests. The file-hosting service has had nearly all its URLs de-listed, including its homepage, making the site hard to find through Google. Several other clearly non-infringing pages, including the FAQ, the news section, and even the copyright infringement policy, have also been wiped from Google by various takedown requests.

“Our robots.txt forbids search engines bots to index any file/* folder/ URLs. We only allow them to crawl our main page and the pages we have in a footer of the website. So most of the URLs for which Google gets DMCA notices are not listed in index by default,” RapidGator’s Dennis explains.

Wednesday's report exposes serious risks in what banks, mortgage companies, and other financial services call "knowledge-based authentication." Representatives from these services frequently rely on a list of about 100 questions such as "What was your previous address?" or "Which company services your mortgage?" when trying to determine if the person on the phone or filling out an application is the individual he claims to be. Ready access to the data stored by the data aggregators can make the difference between a fraudulent application being approved or rejected. Krebs goes on to recount a story told by Gartner fraud analyst Avivah Litan about a fellow analyst who witnessed an identity thief in action.

"The real danger [from] the publicity about [NSA surveillance] is that other countries will begin to put very serious encryption – we use the term 'Balkanization' in general – to essentially split the internet and that the internet's going to be much more country specific," Google executive chairman Eric Schmidt said at an event in New York this month. "That would be a very bad thing, it would really break the way the internet works, and I think that's what I worry about."