Archive for 2012/04/09
On April 12, the Internet Corporation for Assigned Names and Numbers will stop accepting applications for a new round of generic top-level domains, or gTLDs, the part of a web address that appears to the right of the period (“com” and “org” are among 22 current top-level domains). The application process is expected to result in hundreds, if not thousands, of new gTLDs, which will likely start going live sometime next year.
The Freedom 7: Broad Coalition of Journalists and Activists Join in Legal Challenge to National Defense Authorization ActPosted: 2012/04/09 in Education / Awareness, Public Policy, Stats / reports
Seven dedicated plaintiffs have filed a complaint in federal court challenging key provisions of the National Defense Authorization Act. Specifically, the suit avers that the vagueness of several key terms in that law are creating a dangerous environment for reporters and activists to such a degree that the right of free speech is being infringed.
Named defendants in the complaint include President Barack Obama, Secretary of Defense Leon Panetta, Attorney General Eric Holder, Speaker of the House John Boehner, and Arizona Senator John McCain among others.
The Freedom 7, as the plaintiffs have been christened by the media, count many notable journalists and activists in their number: Chris Hedges, Daniel Ellsberg, Noam Chomsky, Birgitta Jónsdóttir, Jennifer “Tangerine” Bolen, Kai Wargalla and Alexa O’Brien.
Flava Works is suing the web host Voxel.net and LeaseWeb.com for failing to remove MyVidster.com from its servers despite dozens of DMCA notices. MPAA Now Files Amicus Brief
For 15 years internet companies have been waging a war against any kind of laws that establish properties and permissions for digital thingsPosted: 2012/04/09 in Copyright, Education / Awareness, Privacy / Data Protection, Stats / reports
Every attempt to do so has been bitterly fought. It’s the one constant in Silicon Valley’s battles against the copyright industries. The fight has crippled the traditional, historical partnership between technology and creators that benefited everyone. But it has also had an awful unintended consequence: it has weakened our ability to establish the clear property rights we need to protect our privacy.
Siemens In No Hurry To Patch Stuxnet Vulnerability? Waits 571 days after a vivid example of the impact of this vulnerability that has been known for 10+ yearsPosted: 2012/04/09 in Education / Awareness, Network Security, Privacy / Data Protection, Stats / reports
Dutch language news article:
Every owner/operator should be asking their vendors how ladder logic upload/download is secured, as well as firmware upload/download and commands that could be used maliciously to affect the availability or integrity of the process. Vendors, you should be able to tell your customers what you are doing to address this, when it will be ready, and what the upgrade process is.
The Internet Society of China released a paper today entitled ‘Written Proposal on Resisting Internet Rumors‘, that details methods to clamp down on online rumours amongst other perceived issues.
The paper urges Internet companies to take “effective measures” to prevent online rumours by “seriously obeying the country’s laws and regulations as well as self-disciplinary rules.”
These outlines seem to be particularly focused towards China’s microblogging services.
“Anonymous” says plans more attacks against China sites, because the world is black and white, just like their masksPosted: 2012/04/09 in Cybercrime, Education / Awareness, Network Security, Privacy / Data Protection, Public Policy, Stats / reports
loosely knit group that has attacked financial and government websites around the world, hacked into Chinese government websites last week, defacing several, media reports said.
The group used the Twitter account “Anonymous China” to publicize the attacks, posting links to data files that contained passwords and other personal information from the hacked websites. (twitter.com/#!/AnonymousChina)
“First we want to alert the Chinese government that we aren’t afraid, and we are going to show the truth and fight for justice,” Anonymous hacker “f0ws3r” told Reuters.
The hacker, who declined to provide any personal details, was contacted through Anonymous China’s Twitter page. F0ws3r said the group planned more serious attacks against Chinese websites.
“Yes, we are planning more attacks, a few at a time,” f0ws3r said, adding that the plan was to take down the “Great Firewall of China”.
A cyber attack on a Utah Department of Technology Services computer server that stores Medicaid claims data now appears to have affected far more recipientsPosted: 2012/04/09 in Cybercrime, Education / Awareness, Network Security, Privacy / Data Protection, Stats / reports
Corporate executives and other high value employees could even have their mobile phone compromised before they even disembark the planePosted: 2012/04/09 in Education / Awareness, Mobile tech, Network Security, Privacy / Data Protection, Public Policy, Stats / reports
A thirst for intellectual property and trade secrets, and a bugeoning market of sophisticated mobile surveillance tools means that executives need to begin thinking and acting like spies in order to avoid being spied upon themselves, according to a presentation at the OWASP AppSec DC 2012 conference in Washington DC on Thursday.
Among the common attacks used against high value targets are SMS messages sent to the phones that contain links to Web pages that compromise the mobile device, Morehouse said. It’s not uncommon for these attack messages to imitate the standard “welcome” text message that arriving visitors get from the local mobile carrier that informs them of the local mobile and data rates. The messages are highly effective because mobile users are familiar with them and, in fact, expecting them as soon as they activate their phone.
The likelihood of having your mobile device hacked overseas varies based on the country you are visiting, who you are, and how interested state- and non-state actors are in your work or your employer. And, while China and Russia are the two countries that are most-often mentioned, Morehouse said surveillance of executives and other VIPs isn’t limited to those two destinations.
Morehouse said countries in the Asia-Pacific region, in general, as well as countries in Africa should have executives on guard.
While a few governments – notably China – are known to work with the cooperation of local carriers, Morehouse said that the rapid growth of the spy tools industry has democratized wireless surveillance, and given state and non-state actors plenty of tools to work with to compromise mobile devices.
Morehouse said firms like the Israeli firm ABILITY have tools that can detect the location of a mobile device to within 30 meters. Others allow sophisticated nation and non-nation state backed attackers to target phones by the phone number, IMEI (International Mobile Equipment Identity) number and intercept all inbound and outbound communications from the device and, in some cases, even decrypt encrypted communications on the fly. ELTA Systems, another Israeli firm, even markets a miniature blimp that can fly over targets of interest and suck up mobile signals, he said.
Morehouse said his interest in mobile defense was borne of his own travels around the Globe.
A former Intel engineer pleads guilty to stealing documents just before he left Intel and took a job at rival AMDPosted: 2012/04/09 in Education / Awareness
The value of the documentation found in his home was between $200 million and $400 million