Friday, November 14, 2014

OpenStack 11/15/2014 (a.m.)

  • Tags: surveillance state, cyberwar, Stuxnet

    • “Is this related to what we talked about before?” Bencsáth said, referring to a previous discussion they’d had about testing new services the company planned to offer customers.

      “No, something else,” Bartos said. “Can you come now? It’s important. But don’t tell anyone where you’re going.”

      Bencsáth wolfed down the rest of his lunch and told his colleagues in the lab that he had a “red alert” and had to go. “Don’t ask,” he said as he ran out the door.

      A while later, he was at Bartos’ office, where a triage team had been assembled to address the problem they wanted to discuss. “We think we’ve been hacked,” Bartos said.

    • They found a suspicious file on a developer’s machine that had been created late at night when no one was working. The file was encrypted and compressed so they had no idea what was inside, but they suspected it was data the attackers had copied from the machine and planned to retrieve later. A search of the company’s network found a few more machines that had been infected as well. The triage team felt confident they had contained the attack but wanted Bencsáth’s help determining how the intruders had broken in and what they were after. The company had all the right protections in place—firewalls, antivirus, intrusion-detection and -prevention systems—and still the attackers got in.
    • Bencsáth was a teacher, not a malware hunter, and had never done such forensic work before. At the CrySyS Lab, where he was one of four advisers working with a handful of grad students, he did academic research for the European Union and occasional hands-on consulting work for other clients, but the latter was mostly run-of-the-mill cleanup work—mopping up and restoring systems after random virus infections. He’d never investigated a targeted hack before, let alone one that was still live, and was thrilled to have the chance. The only catch was, he couldn’t tell anyone what he was doing. Bartos’ company depended on the trust of customers, and if word got out that the company had been hacked, they could lose clients.

      The triage team had taken mirror images of the infected hard drives, so they and Bencsáth spent the rest of the afternoon poring over the copies in search of anything suspicious. By the end of the day, they’d found what they were looking for—an “infostealer” string of code that was designed to record passwords and other keystrokes on infected machines, as well as steal documents and take screenshots. It also catalogued any devices or systems that were connected to the machines so the attackers could build a blueprint of the company’s network architecture. The malware didn’t immediately siphon the stolen data from infected machines but instead stored it in a temporary file, like the one the triage team had found. The file grew fatter each time the infostealer sucked up data, until at some point the attackers would reach out to the machine to retrieve it from a server in India that served as a command-and-control node for the malware.

    • Bencsáth took the mirror images and the company’s system logs with him, after they had been scrubbed of any sensitive customer data, and over the next few days scoured them for more malicious files, all the while being coy to his colleagues back at the lab about what he was doing. The triage team worked in parallel, and after several more days they had uncovered three additional suspicious files.

      When Bencsáth examined one of them—a kernel-mode driver, a program that helps the computer communicate with devices such as printers—his heart quickened. It was signed with a valid digital certificate from a company in Taiwan (digital certificates are documents ensuring that a piece of software is legitimate). Wait a minute, he thought. Stuxnet—the cyberweapon that was unleashed on Iran’s uranium-enrichment program—also used a driver that was signed with a certificate from a company in Taiwan. That one came from RealTek Semiconductor, but this certificate belonged to a different company, C-Media Electronics. The driver had been signed with the certificate in August 2009, around the same time Stuxnet had been unleashed on machines in Iran.

  • Bookburning in the digital era.

    Tags: open web, Internet, censorship, UK

    • Internet companies have agreed to do more to tackle extremist material online following negotiations led by Downing Street.

      The UK’s major Internet service providers – BT, Virgin, Sky and Talk Talk – have this week committed to host a public reporting button for terrorist material online, similar to the reporting button which allows the public to report child sexual exploitation.

      They have also agreed to ensure that terrorist and extremist material is captured by their filters to prevent children and young people coming across radicalising material.

      The UK is the only country in the world with a Counter Terrorism Internet Referral Unit (CITRU) - a 24/7 law enforcement unit, based in the Met, dedicated to identifying and taking down extreme graphic material as well as material that glorifies, incites and radicalises.


Posted from Diigo. The rest of Open Web group favorite links are here.

Wednesday, November 05, 2014

OpenStack 11/05/2014 (p.m.)


Posted from Diigo. The rest of Open Web group favorite links are here.

Tuesday, November 04, 2014

OpenStack 11/04/2014 (p.m.)

  • Tags: surveillance state, Verizon, X-UIDH, tracker

    • Verizon users might want to start looking for another provider. In an effort to better serve advertisers, Verizon Wireless has been silently modifying its users' web traffic on its network to inject a cookie-like tracker. This tracker, included in an HTTP header called X-UIDH, is sent to every unencrypted website a Verizon customer visits from a mobile device. It allows third-party advertisers and websites to assemble a deep, permanent profile of visitors' web browsing habits without their consent.

      Verizon apparently created this mechanism to expand their advertising programs, but it has privacy implications far beyond those programs. Indeed, while we're concerned about Verizon's own use of the header, we're even more worried about what it allows others to find out about Verizon users. The X-UIDH header effectively reinvents the cookie, but does so in a way that is shockingly insecure and dangerous to your privacy. Worse still, Verizon doesn't let users turn off this "feature." In fact, it functions even if you use a private browsing mode or clear your cookies. You can test whether the header is injected in your traffic by visiting lessonslearned.org/sniff or amibeingtracked.com over a cell data connection.

      How X-UIDH Works, and Why It's a Problem

    • To compound the problem, the header also affects more than just web browsers. Mobile apps that send HTTP requests will also have the header inserted. This means that users' behavior in apps can be correlated with their behavior on the web, which would be difficult or impossible without the header. Verizon describes this as a key benefit of using their system. But Verizon bypasses the 'Limit Ad Tracking' settings in iOS and Android that are specifically intended to limit abuse of unique identifiers by mobile apps.
    • Because the header is injected at the network level, Verizon can add it to anyone using their towers, even those who aren't Verizon customers.
    • We're also concerned that Verizon's failure to permit its users to opt out of X-UIDH may be a violation of the federal law that requires phone companies to maintain the confidentiality of their customers' data. Only two months ago, the wireline sector of Verizon's business was hit with a $7.4 million fine by the Federal Communications Commission after it was caught using its "customers' personal information for thousands of marketing campaigns without even giving them the choice to opt out." With this header, it looks like Verizon lets its customers opt out of the marketing side of the program, but not from the disclosure of their browsing habits.

Posted from Diigo. The rest of Open Web group favorite links are here.

Monday, November 03, 2014

OpenStack 11/04/2014 (a.m.)

  • Tags: Internet, newspapers, Google-tax, Spain

    • Newspapers in Spain will now be able to demand a monthly fee from the search engine before it can list them on Google News
    • A similar law passed in Germany saw Google removing the affected newspapers from Google news altogether – before the publishers eventually came back and asked to be relisted after seeing their traffic plummet, a step they said they had to take because of the “overwhelming market power of Google”.
  • Get ready to fight TPP fast-tracking in member states. see also ‘Wikileaks’ free trade documents reveal ‘drastic’ Australian concessions.’ Source: The Guardian. http://goo.gl/hicb5h Remember that in the U.S., only Senate ratification is required. The measure will not go before the House before implementation. 

    Tags: globalization, Trans-Pacific Partnership, home-stretch

    • Talks on the TPP, which would create a massive free trade zone encompassing some 40 percent of global output, have long been stalled due partly to bickering between Japan and the United States -- the biggest economies in the TPP framework -- over removal of barriers for agricultural and automotive trade.

      The biggest sticking point has been Tokyo's proposed exceptions to tariff cuts on its five sensitive farm product categories -- rice, wheat, beef and pork, dairy products and sugar -- and safeguard measures it wants to introduce should imports of the products surge under the TPP, which aims for zero tariffs in principle.

      It is uncertain how much closer the two sides can move given that their recent working-level talks saw little progress, negotiation sources said.

    • A summit meeting of the Asia-Pacific Economic Cooperation forum scheduled for November in Beijing that Obama and leaders from other TPP countries are slated to join is seen as an occasion for concluding the TPP talks, which have entered their fifth year.

      But the odds on an agreement depend on whether Japan and the United States can bridge their gaps before that.

    • Hiroshi Oe, Japan's deputy chief TPP negotiator, has admitted that talks with his counterpart Wendy Cutler, Froman's top deputy, earlier this month in Tokyo made very little progress.

      One negotiation source said the hurdle for solving the outstanding bilateral problems is "extremely high," suggesting it is still premature to bring the talks to the ministerial level.

      Amari himself had been reluctant to hold a one-on-one meeting with Froman with the working-level negotiations failing to see enough progress.

      But he apparently decided to ramp up efforts in response to strong calls from Washington for arranging a meeting with Froman, who has said the two sides are "now at a critical juncture in this negotiation."

    • The TPP comprises Australia, Brunei, Canada, Chile, Japan, Malaysia, Mexico, New Zealand, Peru, Singapore, the United States and Vietnam.

Posted from Diigo. The rest of Open Web group favorite links are here.

Saturday, November 01, 2014

OpenStack 11/01/2014 (p.m.)


Posted from Diigo. The rest of Open Web group favorite links are here.

Friday, October 31, 2014

OpenStack 10/31/2014 (p.m.)


Posted from Diigo. The rest of Open Web group favorite links are here.

Monday, October 27, 2014

OpenStack 10/27/2014 (p.m.)

  • Tags: surveillance state, ACLU, video

    • Invasion of the Data Snatchers

      Data snatchers?? They are NOT science fiction. And they’re closer than you think.

      New technologies are making it easier for private companies and the government to learn about everything we do - in our homes, in our cars, in stores, and within our communities. As they collect vast amounts of data about us, things are getting truly spooky!

      Our video might make you laugh, but a future without any privacy is just scary.

      Isn't it time we regained control over our personal information?


Posted from Diigo. The rest of Open Web group favorite links are here.