Archive for 2011/08/14

Copyright Enforcement Group (CEG) announced plans to launch a comprehensive anti-piracy takedown service to cover Rapidshare, Cyberlockers, User Generated Content (UGC), Direct Download, Tube, Streaming, Auction, and other Unauthorized Distributor and/or Reseller Websites by the end of 2011

Posted: 2011/08/14 in Education / Awareness, Enforcement, Illegal File Sharing, New Business Models

The service, entitled WWW Takedown™, will follow the same in-depth monitoring and validation processes as CEG’s existing P2P Collect™ and WWW Collect™ offerings. Infringements will be tracked and aggregated by CEG’s proprietary systems and global network of servers before passing a strict multi-stage authentication process involving steps such as fingerprinting and visual human authentication to eliminate false positives.

Copyright owners will receive automated daily reports via email and have 24/7/365 access to a web-based client portal intended to provide real-time piracy data, tracking statistics, and information.

Most notably, the service will be offered cost free* to copyright owners who place their entire catalog of titles with CEG exclusively for global monitoring and monetization services including P2P Collect™ and/or WWW Collect™. The WWW Takedown™ service will also be available to copyright owners who don’t provide their entire catalog for monitoring and monetization to CEG for a small monthly fee.

More:
http://www.sfgate.com/cgi-bin/article.cgi?f=/g/a/2011/08/11/prweb8689762.DTL 

Why should internet users be allowed to access sites that clearly – and that last word is important – violate UK law? If the UK simply declines to enforce its laws online, it will leave many of its businesses vulnerable as the internet becomes more important to commerce in the years ahead

Posted: 2011/08/14 in Blocking, Copyright, Education / Awareness, Enforcement, File Sharing, Illegal File Sharing, Legislation, Public Policy

Certainly, copyright laws need to be updated for the digital age. Many reformers say they favour protection, but view any attempt to enforce it as unacceptable. This doesn’t make sense: a market can’t be based on voluntary payments, and laws don’t work if they can’t be enforced.

The truth is that the internet is broken already: it’s simply too chaotic to provide the infrastructure for a 21st-century economy. This has to change, before newspapers and film suffer declines like that of the music industry. Technology companies have long lectured creators on the need to adapt to a changing changing digital world. It would be a shame if they couldn’t heed their own advice.

http://www.guardian.co.uk/media/2011/aug/14/robert-levine-digital-free-ride

Google hacks Adobe Flash using 20TB of data – One of the exciting things about working on security at Google is that you have a lot of compute horsepower available if you need it. This is very useful if you’re looking to fuzz something, and especially if you’re going to use modern fuzzing techniques

Posted: 2011/08/14 in Education / Awareness, Google, Network Security, Privacy / Data Protection

For the purposes of fuzzing Flash, we mainly relied on “corpus distillation”. This is a technique whereby you locate a large number of sample files for the format at hand (SWF in this case). You then see which areas of code are reached by each of the sample files. Finally, you run an algorithm to generate a minimal set of sample files that achieves the code coverage of the full set. This calculated set of files is a great basis for fuzzing: a manageable number of files that exercise lots of unusual code paths.

What does corpus distillation look like at Google scale? Turns out we have a large index of the web, so we cranked through 20 terabytes of SWF file downloads followed by 1 week of run time on 2,000 CPU cores to calculate the minimal set of about 20,000 files. Finally, those same 2,000 cores plus 3 more weeks of runtime were put to good work mutating the files in the minimal set (bitflipping, etc.) and generating crash cases. These crash cases included an interesting range of vulnerability categories, including buffer overflows, integer overflows, use-after-frees and object type confusions.

More:
http://googleonlinesecurity.blogspot.com/2011/08/fuzzing-at-scale.html 

Source, Dutch language news article:
http://security.nl/artikel/38119/1/Google_%27hackt%27_Adobe_met_20TB_aan_Flash-bestanden.html 

Fuzz testing or fuzzing is a software testing technique, often automated or semi-automated, that involves providing invalid, unexpected, or random data to the inputs of a computer program. The program is then monitored for exceptions such as crashes or failing built-in code assertions. Fuzzing is commonly used to test for security problems in software or computer systems.
http://en.wikipedia.org/wiki/Fuzz_testing

See also:

Fuzzing-Breaking software in an automated fashion
http://events.ccc.de/congress/2005/fahrplan/events/537.en.html

Microsoft runs fuzzing botnet, finds 1,800 Office bugs
http://www.computerworld.com/s/article/9174539/Microsoft_runs_fuzzing_botnet_finds_1_800_Office_bugs 

In Madrid, as elsewhere in Europe, an idea has taken hold —individuals should have a “right to be forgotten” on the Web

Posted: 2011/08/14 in Education / Awareness, Google, Privacy / Data Protection

On this issue, experts say, Europe and the United States have largely parted company. “What you really have here is a trans-Atlantic clash,” said Franz Werro, who was born and raised in Switzerland and is now a law professor at Georgetown University. “The two cultures really aren’t going in the same direction when it comes to privacy rights.”

“In Europe you don’t have the right to say anything about anybody, even if it is true.”

Mr. Werro says many Europeans, including himself, are broadly uncomfortable with the way personal information is found by search engines and used for commerce. When ads pop up on his screen, clearly linked to subjects that are of interest to him, he says he finds it Orwellian.

A recent poll conducted by the European Union found that most Europeans agree. Three out of four said they were worried about how Internet companies used their information and wanted the right to delete personal data at any time. Ninety percent wanted the European Union to take action on the right to be forgotten.

More:
http://www.nytimes.com/2011/08/10/world/europe/10spain.html?_r=1

Argentina: Judge orders all ISPs to block the sites LeakyMails.com and Leakymails.blogspot.com

Posted: 2011/08/14 in Blocking, Education / Awareness, Filtering, Public Policy

Dr. Esteban José Rosa Alves, General Director of the Argentinean Ministry of National Security, denounced the websites to the judicial authorities arguing that their content was jeopardizing the national security and at the same time was risking the privacy of a number of public functionaries.

The order to preemptively block a Website before a criminal conviction might be against the American Convention on Human Rights , a binding treaty for Argentina, which establishes on its article 13 ‘Freedom of Thought and Expression’, that everyone has the right to freedom of thought and expression. This right includes freedom to seek, receive, and impart information and ideas of all kinds, regardless of frontiers, either orally, in writing, in print, in the form of art, or through any other medium of one’s choice. It also provides that the exercise of the right provided for in the foregoing paragraph shall not be subject to prior censorship but shall be subject to subsequent imposition of liability, which shall be expressly established by law.

More:
http://advocacy.globalvoicesonline.org/2011/08/11/argentina-the-national-communications-commission-ordered-all-isps-to-block-the-sites-leakymails-com-and-leakymails-blogspot-com/

The Uzbek authorities greeted the start of the Internet Festival celebrating the national domain .uz with a block on almost all Russian, western and Central Asian news websites

Posted: 2011/08/14 in Blocking, Education / Awareness, Filtering, Public Policy

The blackout of dozens of websites began on 9 August. Uznews.net’s editorial office checked the reported blocking of 65 Russian news sites and found that 29 had been blocked including the sites of national TV channels First Channel; Rossiya; NTV and the business channel RBK TV. The internet block also extended to the websites of many Russian socio-economic and political institutions including Kommersant; Kommersant Vlast; Kommersant Dengi, Nezavisimaya Gazeta;Parlamentskaya GazetaPravdaIzvestiya; and other publishing houses.

Internet users in Uzbekistan also found that radio stations were blocked including Mayak; Radio Rossii and Echo Moskvy.

The BBC and Deutsche Welle are among the western news outlets which were blocked six years ago after the events in Andijan. Now the Financial Times (London), the New York Times and Reuters news agency are unavailable too.

More:
http://www.uznews.net/news_single.php?lng=en&sub=top&cid=4&nid=17645 

Gay news sites blocked on Ottawa Airport WiFi – Categorizing system maintained in France labels gay news sites as “adult”

Posted: 2011/08/14 in Blocking, Education / Awareness, Filtering

Krista Kealey, the airport’s vice-president of communications, says that users can update the list themselves if they think a site has been blocked in error. But the airport’s block message leaves no information about how to report an erroneously blacklisted site.

http://www.xtra.ca/public/Ottawa/Gay_news_sites_blocked_on_Ottawa_Airport_WiFi-10590.aspx

A Missouri education group will no longer include an “alternate lifestyles” filter barring student access to online content following a letter from the American Civil Liberties Union

Posted: 2011/08/14 in Blocking, Education / Awareness, Filtering

The ACLU’s response is part of its national “Don’t Filter Me” school initiative, which has brought attention to the blocking of websites for LGBT organizations such as the Gay, Lesbian, and Straight Education Network (GLSEN); and Parents, Families, and Friends of Lesbians and Gays (PFLAG). “Filters that needlessly discriminate against LGBT websites do not serve the interest of public schools or the students they serve,” ACLU staff attorney Joshua Block said in a statement.

http://www.advocate.com/News/Daily_News/2011/08/07/Missouri_Schools_Drop_Filtering_of_LGBT_Websites/

BART Officials Admit Blocking Cell Service to Prevent Protest – the “hacktivist” group Anonymous said it would be targeting BART

Posted: 2011/08/14 in Blocking, Education / Awareness, Public Policy

A BART director said the cellphone shutdown was not authorized by higher-ups and was under investigation, according to the Bay Citizen newspaper. “This is a transit agency, and our job is not to censor people,” BART official Lynette Sweet was quoted as saying.

The ACLU also denounced the cellphone shutdown, likening it to the tactics of ousted Egyptian President Hosni Mubarak.

“Shutting down access to mobile phones is the wrong response to political protests, whether it’s halfway around the world or right here at home,” the ACLU of Northern California said on its website.

http://www.kwch.com/news/ktla-san-francisco-police-block-bart-calls,0,5207646.story

Anti-censorship technology Telex is not designed to provide complete anonymity. ISPs that operate Telex stations learn the user’s IP address and the contents of their traffic (just as they do with regular Internet traffic)

Posted: 2011/08/14 in Blocking, Education / Awareness, Filtering

Is Telex ready for real users? No. Our prototype is not intended for real users, and it currently has several technical limitations that could allow a censor to detect use of Telex. Furthermore, Telex has not yet been deployed at any real ISPs.

We believe providing a downloadable Telex client would be sufficient in most cases. While download websites may ultimately be blocked by the censor, users may be able to use intermittent and short-lived proxies to access it. Users could also obtain the Telex software by Sneakernet from friends or others they trust.

There are various characteristics that a censor might try to use to distinguish Telex connections from normal traffic. These include header fields and options at various network protocol layers, as well as the overall size, duration, and pattern of communication. While this is possible, detecting Telex using these methods is more difficult than simply finding and blocking proxies by IP address.

More:
https://telex.cc/qa.html

Previously:

If you can’t trust your ISP, who can you trust?
http://gigaom.com/broadband/if-you-cant-trust-your-isp-who-can-you-trust/