YouTube discusses copyright infringement, video identification, clearing rights
Archive for 2010/07/30
The United States should decide on rules for attacking other nations’ networks in advance of an actual cyberwar, which could include an international agreement not to disable banks and electrical grids, the former head of the CIA and National Security Agency said Thursday.
Hayden used the opportunity to challenge attendees of Black Hat–thousands of programmers, analysts, and security researchers–to devise ways to reshape the Internet’s security architecture.
“You guys made the cyberworld look like the north German plain–and then you bitch and moan because you get invaded,” he said. “We made it flat. We gave all advantages to the offense. The inherent geography in this domain plays to the offense. There’s almost nothing inherent in the domain that plays to the defense.”
You can already manage your Comcast DVR from your iPhone, but soon you’ll be able to do the same with BlackBerry and Android as well. No date announced, but it’s coming.
A couple caveats to these. Just because a company is on the list, doesn’t mean that it’s a sanctioned download by the company itself to grab the user information for some purpose. It could easily just be some dude at the company who wanted to download the torrent himself to check it out
First, it’s good to get more people realizing that HTML is already pretty damn good at creating app-style experiences, without having to create special compiled code and, second, it’s a really clever way to totally route around Apple as a gatekeeper (without requiring a jailbreak), and is a reminder that even on “closed” systems, openness will often find a way.
White House proposal would ease FBI access to records of Internet activity without a court order if agents deem the information relevant to a terrorism or intelligence investigation
Four Whitehall departments gave Google and similar search engines more than £6m in two years to encourage web users to do more exercise, emit less CO2 and stop smoking, among other initiatives.
- Department of Health has been the biggest search spender, paying £4.4m to promote websites including on pandemic flu;
- Department for Communities and Local Government spent £758,000 on keywords related to its websites, including information on the scrapped Home Information Pack scheme. It also paid Google to push its “Eco-towns” initiative;
- Department of Energy and Climate Change spent £310,000 in just one year. As The Register reported earlier this year, that included bidding for climate change keywords against one of its own quangos, driving up the price per click;
- Department of Environment Food and Rural Affairs spent £540,000, also partly on CO2 reduction campaigns.
Secure Sockets Layer (define) is a standard mechanism websites use to help secure data and transactions, but according to Qualys security researcher Ivan Ristic, most SSL sites are actually misconfigured.
In the final study, Ristic said he examined 867,000 SSL certificates in which the name on the certificate matched the name of the domain. In his preliminary research, Ristic documented that the vast majority — nearly 97 percent — of SSL certificates do not have the proper name on them and don’t match the underlying domain.
A Defcon contest that invites contestants to trick employees at U.S. corporations into revealing not-so-sensitive data has rattled some nerves.
The purpose of the contest is to (1) raise awareness on the threat of social engineering, and (2) challenge contestants to come up with creative, legal ways of obtaining information from companies. The contest is structured to be good, clean fun. Our goal is to show how much information companies may inadvertently divulge to individuals making regular, legal inquiries using normal channels of communication. The type of information we will be asking for will be things like the number of restrooms in the building, and the sort of candy that sells out from the vending machines first.
We have been working with attorneys at the Electronic Frontier Foundation to ensure that the rules make clear to contestants that their game play must be lawful:
• Contestants may not ask for or obtain financial data, passwords, or personal identifying information such as social security numbers or bank account numbers;
• Contestants may not attempt to falsify or falsify employment records;
• The list of target organizations will not include any financial, government, educational, or health care organizations;
• Contestants must keep it clean, for example, use of any pornography is banned.
Please remember that you are dealing with skilled manipulators. They will be friendly, professional and polished. We strongly suggest you remind your staff NEVER to give any personal or proprietary information to anyone via the telephone. EVER!
In relation to draft legislation described here http://contentprotection.wordpress.com/2010/07/28/handling-stolen-computer-data-to-be-illegal-in-the-netherlands/ several Dutch companies are now coming forward to express their views.
In this Dutch language article: http://webwereld.nl/nieuws/66729/hosters-furieus-over—-censuurplan—-justitie.html the providers say that they are especially concerned about the suggestion to have Public Prosecutors remove content from the internet, when certain conditions are being met.
Criticism has been provided by Arnout Veenman representing trade association ISP Connect, Niels Huijbregts representing XS4ALL, a spokesperson from KPN and Alex de Joode from Leaseweb. Previously, Ot van Daalen representing Bits of Freedom also provided his view.
Why search engine malware? That’s where the money is. Or at least that is where the eyeballs are. Search volumes have reached new highs with 88 billion per month on Google sites, 24 billion per month on Twitter, 9 billion per month on Yahoo sites and 4 billion per month on Microsoft sites. The goals of this work are to analyze trending topics on search engines, understand the scope of the problem and identify the types of topics used by malware.
We created a system that gets the set of popular search terms hourly and searches for those terms. It then pulls the set of search results and retrieves the web sites of the results. The system then analyzes the sites for malicious code.