Daily Archives: 2011/09/09
UK government presents policy package on the reform of IP law
The inexorable rise of the actively twittering masses has hit a new high, with 100 million people regularly tweeting their fascinating insights into what they had for breakfast and how happy they are that Beyonce is pregnant
Apple has patented software that will automatically log the visits of iPhone users to restaurants, stores and business and then use the number of visits by Jesus-mobe owners as an indication of how good/popular/worthy-of-a-high-search-ranking that business is
The Canadian Broadcasting Corporation is deploying VoD technology from UK-based YoSpace, enabling targeted adverts to be dropped into the stream like it’s 1999
Dutch Public Prosecutor’s office has identified 40 “money mules” intentionally opening up their ING bank accounts to phishing criminals. They will all be brought before a judge
Phishers themselves have not been caught yet
Dutch language news article:
http://tweakers.net/nieuws/76663/om-pakt-veertig-geldezels-op-in-ing-phishingzaak.html
DigiNotar hacker Ich Sun tries bit of extortion on Dutch security company FOX-IT. “Admit you were unable to find me and I will release all the evidence I have on DigiNotar, its customers and the Dutch State”
FOX-IT has ceased any communication with the hacker. Ich Sun claims he simply started his campaign by checking the list of Certification Authorities in Mozilla’s FireFox. The listed started with a “D”.
Ich Sun criticized the West for how it is treating Iran and Mr. Ahmedinejad. He also critized Dutch politician Geert Wilders. The DigiNotar hacker says he is working alone but allowing others to enjoy the fruit of his labor.
Dutch language news article:
http://tweakers.net/nieuws/76678/diginotar-hacker-daagt-fox-it-uit.html
Anti-piracy organization BREIN attacking payment processors of pirate websites
Dutch language news article:
http://tweakers.net/nieuws/76681/brein-probeert-via-ideal-en-paypal-piratensites-op-te-rollen.html
RIAA Sending DMCA Takedowns On *FREE* Music Being Distributed Directly Off Universal Music Website & Promoted By The Artist
FBI’s Behavioral Sciences Unit at Quantico profiles the six “leaders” of Anonymous
New Epson Projectors Display In 1080P and 3D, Require Dorky Glasses
Two researchers who set up doppelganger domains to mimic legitimate domains belonging to Fortune 500 companies say they managed to vacuum up 20 gigabytes of misaddressed e-mail over six months
Norton put out a study on cybercrime, deducing that people who fall victim to acts of real-world crime, such as burglary or robbery, are also more likely to have their identity stolen or fall victim to a phishing scheme
Xbox Live “Metro” Brings More Bing, Kinect, and Cable TV Integration To the Holidays
German court reduces EU-wide Galaxy Tab ban; Concern for worldwide precedent
Google, Apple and Microsoft take top spots in global brand survey
Obama administration seeking tougher penalties for cybercrimes like hacking
Associate Deputy Attorney General James Baker and Secret Service Deputy Special Agent in Charge Pablo Martinez said the maximum sentences for cyber crimes have failed to keep pace with the severity of the threats.
Martinez said hackers are often members of sophisticated criminal networks.
Mozilla writing to all Certification Authorities. Please confirm completion of the following actions or state when these actions will be completed, and provide the requested information no later than September 16, 2011
1) Audit your PKI and review your systems to check for intrusion or
compromise. This includes all third party CAs and RAs.
2) Send a complete list of CA certificates from other roots in our
program that your roots (including third party CAs and RAs) have
cross-signed. A listing of all root certificates in Mozilla’s products
is here: http://www.mozilla.org/projects/security/certs/included
3) Confirm that multi-factor authentication is required for all accounts
capable of directly causing certificate issuance.
4) Confirm that you have automatic blocks in place for high-profile
domain names (including those targeted in the DigiNotar and Comodo
attacks this year). Please further confirm your process for manually
verifying such requests, when blocked.
5) For each external third party (CAs and RAs) that issues certificates
or can directly cause the issuance of certificates within the hierarchy
of the root certificate(s) that you have included in Mozilla products,
either:
a) Implement technical controls to restrict issuance to a specific set
of domain names which you have confirmed that the third party has
registered or has been authorized to act for (e.g. RFC5280 x509 dNSName
name constraints, marked critical)
OR
b) Send a complete list of all third parties along with links to each of
their corresponding Certificate Policy and/or Certification Practice
Statement and provide public attestation of their conformance to the
stated verification requirements and other operational criteria by a
competent independent party or parties with access to details of the
subordinate CA’s internal operations.
Each action requested above applies both to your root and to these third
parties.
UK government has no time to deal with e-petitions signed by hundreds of thousands of UK citizens
The e-petition to release the papers on Hillsborough, when 96 Liverpool FC fans died in a human crush, was signed by over 135,000 backers. The other petition to have reached the threshold, advocating that convicted London rioters lose all benefits, has been signed more than 222,000 times.
http://www.theregister.co.uk/2011/09/09/committee_cannot_debate_epetitions_without_more_time/
Google dives deep into content-generation business with Zagat purchase
Privacy groups: behavioral opt-out system “insufficient and ineffective”
The new chief executive of MediaNews Group, publisher of the Denver Post and 50 other newspapers, said it was “a dumb idea” for the nation’s second-largest newspaper chain to sign up with copyright troll Righthaven
Security watchers warn that hackers might be able to develop potent attacks that would be extremely hard to foil by combining DNS hacks of the kind that affected The Register and other high-profile websites over the weekend with DigiNotar-style forged digital certificates
An attack on Domain Name System (DNS) service provider NetNames on Sunday affected scores of prominent websites, including those run by the Daily Telegraph, UPS, Acer, National Geographic, BetFair and Vodafone as well as El Reg. Surfers visiting the affected sites were redirected to a hacker holding page set up by Turkish hacker group Turkguvenligi.
Turkguvenligi pulled off the hack not by attacking the affected sites directly but by a SQL injection attack aimed at gaining access to NetNames systems. Once they had achieved access, the hackers placed counterfeit registry re-delegation orders through via NetNames’ provisioning system. This meant that DNS records of affected sites were changed so that they pointed towards Turkguvenligi’s page rather than at the legitimate sites.
http://www.theregister.co.uk/2011/09/08/dns_redirection_hack_analysis/
Oprah Winfrey interviewed at Facebook
Judge: fired for complaining on Facebook? You’re rehired!
Google just announced that its data centers use 260 million watts to power Google searches, YouTube videos, Gmails, ads and so on and so on. That’s about a quarter of the output of a freaking nuclear power plant. Or more power than Salt Lake City uses
Google Music Comes to iOS with a Pretty Decent Web App
Millions in California, Arizona and Mexico Without Power
Back To The Future Nike Air Mag Shoes are being sold on Nikemag.ebay.com, with proceeds going directly to the Michael J. Fox Foundation for Parkinson’s Research
Sergey Brin, co-founder of Google, and his wife Anne Wojcicki, co-founder of personal genetics company 23andMe, are matching up to $50 million in funds raised by the Foundation between now and December 31, 2012.
Judge: Using The Copyright System To Force People To Pay Up Is Unconstitutional
Google Blog: Gmail account security in Iran
Godai Group, a San Francisco based information security firm discovers 30% of Fortune 500 companies are vulnerable to Doppelganger Domains
A Doppelganger Domain is a domain spelled identical to a legitimate fully qualified domain name (FQDN) but missing the dot between host/subdomain and domain, to be used for malicious purposes. Doppelganger Domains have a potent impact via email as attackers could gather information such as trade secrets, user names and passwords, and other employee information.
Belgium worried about GlobalSign hack – Every Belgian government website uses their certificates
Dutch language news article:
http://www.nu.nl/internet/2610589/belgie-bezorgd-mogelijk-hack-globalsign.html
Dutch hacker Brenno de Winter will not be prosecuted in The Netherlands for hacking Public Transportation Cards. He did break the law but was acting as a reporter too. Public Prosecutor’s Office argues that in this case the importance of informing the general public as a journalist is prevailing
Dutch language news article:
http://webwereld.nl/nieuws/107860/om-vervolgt-brenno-de-winter-niet-om-hack-ov-chipkaart.html
Anonymous group releases new Twitter tool
“We have taken note of why Twitter would not do so, they only trend topics which would ‘appeal’ to people and can get people to tweet more,” the statement says. “This was pathetic in our eyes, and we could not stand by and take it anymore.”
http://news.cnet.com/8301-27080_3-20103679-245/anonymous-group-releases-new-twitter-tool/
