Security – Page 7 – Digital-Lifestyles

US Scouts Offered Respect Copyright Merit Patch

US Scouts Offered Copyright Merit Patch Coming straight from the you-must-be-having-a-laugh folder, news reaches us that the Los Angeles Scout group is introducing a new merit award — the Respecting Copyright Patch. We kid you not.

The MPAA, the film industry trade body, has been instrumental in the development of the structure of the programme. To be awarded the badge, the young scouts will need to learn the basics of copyright law, five ways of identify copyright material and three ways that copyright material can be ‘stolen’.

I know, I know, it just sounds like one big fun-fest doesn”t it, but the fun doesn’t end there for those lucky kids. There is also a compulsory activity with a choice between either visiting a film studio to witness the number of people that are involved with the production of films (therefore helping them understand how many people would be affected if the whole thing closed down), or to create a public service announcement warning of the risks of ‘copyright theft.’

“We have a real opportunity to educate a new generation about how movies are made, why they are valuable, and hopefully change attitudes about intellectual property theft,” Dan Glickman, chairman of the Motion Picture Association of America told the press.

As veteran copyleft campaigner Cory Doctorow over at BoingBoing asked, how balanced will the tutoring of this patch be? Will the young and clearly impressionable scouts also be told about subjects such as Creative Commons?

There are 52,000 scouts in the LA area, many who have family members involved in some way with the creation of films, which is bound to help in its uptake of the patch. It is understood that the MPAA hope to take this ‘opportunity’ to a wider audience. Their plan? Expansion to the rest of California early next year, then to America as a whole.

The patch that they would earn, which is rather tacky to say the least, shows a (c) copyright symbol in the centre, with the left side displaying a CD and to the right, a film reel.

Just how many other industries are given the opportunity to spread their message through the American Scouts is unclear. To us it sound like a worrying trend.

Hackers Target Home PCs As Browser Bugs Soar

Hackers Target Home PCs As Browser Bugs Soar Hackers racked up attacks on home PC users and financial services companies in the first half of this year, according to the latest Symantec Internet Security Threat Report Trends.

The report tracked Internet threat trends from January to June this year and discovered a new high in the volume of emerging vulnerabilities.

Employing a network of 40,000 sensors spread across 180 countries, Symantec identified 2,249 new vulnerabilities, with the majority of the new threats (69 per cent) being in Web applications.

Vulnerability researchers (now, there’s a job title!) found 47 flaws in the Mozilla Firefox and Mozilla browsers, a hefty increase of 17 flaws from the previous six months.

As expected, Microsoft led the pack with new threats, recording a total of 38 new threats affecting Microsoft’s Internet Explorer, up from 25 in the earlier period, with even Apple’s Safari browser notching up six more flaws to hit a total of 12 flaws.

Opera was the sole browser to see a drop in recorded vulnerabilities over the six months, dropping from nine to seven during the period.

No safe browser
“There is no safe browser,” senior director with Symantec Security Response, Vincent Weafer, finger-wagged. “If you’ve got a browser, make sure you’re configuring it correctly,” he added.

Although more bugs were found lurking in Mozilla than in IE, Symantec commended the open-source project for its prompt bug-fixing, with bugs usually being patched within one day of their public disclosure – the snappiest response of all measured browsers.

Opera came in second with an average two days to fix bugs, with Apple’s Safari recording a rather tardy five-days.

Hackers Target Home PCs As Browser Bugs Soar The notoriously leisurely Microsoft averaged nine days per patch, but that snail-like response was still faster than Sun Microsystems.

The report found that home users were targeted most (86 per cent), with the US being the numero uno source of online attacks (37 percent), thanks to its large number of compromised machines with broadband connections,

“What really surprises is the way that attackers are moving,” says Dean Turner, editor of the bi-annual threat report.

“They’re now starting to target home users quite heavily primarily because home users are the weakest link in the security chain,” says Turner.

Phishing, spamming and badboy bots
Phishing continues to grow in popularity, with Symantec identifying a total of 157,477 distinct phishing messages over the six month period, while spam accounted for 54 per cent of all monitored email traffic, up 50 per cent.

Symantec also detected more than 4.6 million active bot network computers, registering an average of 57,717 active bot network computers per day.

Bot networks are commonly used in denial-of-service (DoS) attacks and their stats revealed an average of 6,110 DoS attacks per day.

The report concluded that polymorphic viruses are likely to grow, with Web 2.0 technologies and Instant Messaging affording new opportunities for pesky hackers to wreak havoc.

The real battleground, however, should come with the release of Microsoft’s Windows Vista operating system, which will see hackers doing their damndest to circumvent its new security features.

Symantec

Microsoft OneCare Hits US Anti-Virus Second Spot

Microsoft OneCare Hits US Anti-Virus Second Spot The study of sales figures after the first month of Microsoft’s Windows Live OneCare will not make pleasant reading for the current PC security software companies.

Research from The NPD Group shows that Microsoft has grabbed the second spot for sales in US shops.

The natural dominance of Microsoft had always made companies such as McAfee and Symantec nervous and it appears to have been well founded. Their position has been assisted by pretty aggressive initial pricing, with its list price of $49.95 slashed to the bone at $19.95 at Amazon.com.

As NPD analyst Chris Swenson told News.com, “Microsoft’s penetration pricing strategy is clearly working and they are capturing significant unit share.”

Microsoft OneCare Hits US Anti-Virus Second Spot NPD’s figures showed that the losses for the previously dominant security companies – Symantec cried the biggest tears with a 10.1% loss; McAfee said bye bye to 3.3% and Trend Micro 1.3%.

We think it’s pretty hilarious that Microsoft get to charge people who have bought their operating system up to $49.95 to secure against, among other things, virus attacks to their own operating system.

NPD

DVD With CSS To Be Burnt In Store, Then Home

DVD With CSS To Be Burnt In Store, Then Home After refusing to entertain the idea for many years, the DVD Copy Control Association (DVD CCA), are ‘actively considering’ letting DVD to be burnt in-shops and by video download services.

The only caveat? ‘Special blank DVD discs’ would be require as they will use the current DVD protection scheme, Content Scrambling System (CSS). It also give the studios to charge consumers extra money for the disc, that they’ll use to burn films that they also be paying for (or are we just getting too cynical?).

It’s anticipated that early uses of this will be kiosks in public places, probably shops when the public will be able to select films, possibly the more obscure ones (see Long Tail), and walk out with a DVD disk that they can play in the DVD player.

DVD With CSS To Be Burnt In Store, Then Home DVD CCA are saying that once they get that up and working, they’ll work on a version that consumer can use at home. They’re talking about letting it record films, TV shows – clearly predicting the time when TV programs will not be freely recorded. Some online services like MoveiLink have been considering this recently.

The DVD CCA is a vehicle for the film industry to control and dictate the technical specification of DVDs.

The film industry really had to do something to counter what lots of people are doing anyway, making copies of their DVDs to use in their holiday homes or in their cars. This has been made possible by CSS being cracked many years ago by Norwegian computer programmer, Jon Lech Johansen, otherwise know as DVD-Jon.

CSS was significantly flawed by its design, as it uses fixed software keys to encrypt the content of the DVD. These keys were kept secret, so when some of those became revealed, the protection was cracked.

DVD CCA

Google Adds New Security Features

Google Adds New Security Features Search engine giants Google have introduced a new feature which alerts punters about search results that could potentially lead them to dodgy sites with malicious code.

Using data from the Stop Badware Coalition – a non-profit organisation who also enjoy support from Sun Microsystems and Chinese PC maker Lenovo – Google will now flag up sites that could be hosting malicious software.

Whenever a suspect link is clicked on from Google’s search engine results, punters will be whisked off to a warning page which says, “Warning – the site you are about to visit may harm your computer!”

If that hasn’t already scared the bejesus out of surfers, the page suggests that users trot along to StopBadware.org in double quick time and, “learn more about malware and how to protect yourself.”

The ‘interrupt page’ also offers options for users to return to the search page and select a different result, try another search, or – if they’re feeling brave/stupid enough – continue on to the potentially dodgy site.

In time, Google says it will replace the generic “DANGER WILL ROBINSON!” alerts with pages containing more specific information about the iffy Web sites.

285 million dodgy clicks a month
It is hoped that this new initiative will go some way to solving the problem that is partly created by the search engines themselves.

Google Adds New Security Features With search engine results routinely displaying links to sites stuffed full of spyware and adware, it is reckoned that US surfers arrive at on malicious sites about 285 million times per month – all from clicking on search results from the five major search engines.

Curtain twitching for surfers
John Palfrey, a professor at the Harvard Law School and one of the main movers behind the scheme, explained the Coalition’s motives: “We’re not going to say don’t do it. What we want to do is basically give people some more information about what might happen to their computer.”

Likening the scheme to a “Neighbourhood Watch” programme, the program is a collaborative effort between Harvard and Oxford University, and invites surfers to report sites that have malicious code on them whenever they find them.

All reported sites are then checked by a human before being flagged as a wrong ‘un.

So far, Google is the only major search engine to sign up to the Stop Badware Coalition, but Palfrey hopes that others will start to use their database of dodgy sites too.

StopBadWare

ISPs Give Mixed Response On BPI Attempt to Clamp Down

The BPI continued its policy of clamping down on illegal file sharing this week, when it contacted UK ISPs Cable and Wireless and Tiscali with requests to suspend 59 accounts.

BPI Chairman Peter Jamieson said, “We have demonstrated in the courts that unauthorised filesharing is against the law. We have said for months that it is unacceptable for ISPs to turn a blind eye to industrial-scale copyright infringement. We are providing Tiscali and Cable & Wireless with unequivocal evidence of copyright infringement via their services. It is now up to them to put their house in order and pull the plug on these people.”

In a statement, Cable and Wireless said “Cable & Wireless and its ISP, Bulldog, have an acceptable use policy that covers illegal file-sharing. This would normally mean that any accounts used for illegal file-sharing are closed. We will take whatever steps are necessary to put the matter right.”

Tiscali questioned the BPI’s approach – which saw the announcement being delivered to the press at the same time as the ISPs – and its evidence. In a letter to the BPI, Tiscali pointed out that “You have sent us a spreadsheet setting out a list of 17 IP addresses you allege belong to Tiscali customers, whom you allege have infringed the copyright of your members, together with the dates and times and with which sound recording you allege that they have done so. You have also sent us extracts of screenshots of the shared drive of one of those customers. You state that such evidence is “overwhelming”. However, you have provided no actual evidence in respect of 16 of the accounts. Further, you have provided no evidence of downloading taking place nor have you provided evidence that the shared drive was connected by the relevant IP address at the relevant time.”

BPI Clamps Down On File Sharing In a statement on 12th July, the BPI stated “Early responses from both companies suggest that they will suspend accounts which have clearly been used for illegal filesharing” and indicated that it could supply detailed evidence on the other 16 Tiscali addresses. In an interview on More Four News Tiscali spokesman Richard Ayres said Tiscali’s message to the record industry is “Come to us, give us the details and we’ll absolutely work with you.” Which would seem to be in contradiction of Tiscali’s own letter, which also stated that “Tiscali does not intend to require its customers to enter into the undertakings proposed by you and, in any event, our initial view is that they are more restrictive than is reasonable or necessary.”

Whatever the outcome, the action represents a new approach to the copyright battle that is focused on service providers instead of individuals. Some feel that copyright infringement is being used as a way to stifle innovation and free speech.

Copyright activist Cory Doctorow, claimed that “The BPI is basically asking to replace the “notice-and-takedown” regime that allows anyone to censor any Web-page by claiming it infringes copyright with an even harsher regime: notice-and-termination, where the ability to communicate over the Internet can be taken away on the say-so of anyone who claims you’re doing something naughty with copyright…If this regime had been in place when VoIP was invented, there would be no VoIP”.

BPI Clamps Down On File Sharing Coincidentally, the BPI action comes at the same time that the (US based) EFF launched its Frequently Awkward Questions for the Entertainment Industry. The FAQ features a number of pointed questions designed to counter the aggressive behavior of US copyright protection agencies such as the RIAA and MPAA. Among them are points such as “The RIAA has sued over 20,000 music fans for file sharing, who have on average paid a $3,750 settlement. That’s over $75,000,000. Has any money collected from your lawsuits gone to pay actual artists? Where’s all that money going?” and “The RIAA has sued more than 20,000 music fans for file sharing, yet file sharing continues to rapidly increase both online and offline. When will you stop suing music fans?” In the UK, the BPI has issued proceedings against 139 uploaders in the last three years. Of those, 111 settled out of court, paying up to £6,500 in settlement.

The BPI was noticeably absent from the group of industry organizations which gathered in London on the 12th of July to discuss new ways of charging for electronic distribution of copyright material. Their proposal, that “unlicensed intermediaries – rather than consumers” should be “the target of copyright enforcement actions”, was described as “ill-conceived and grasping” by Suw Charman, executive director of the Open Rights Group.

This fragmented and seemingly ad-hoc approach to the copyright issue is doing little to help the overall debate and a groundswell of resistance to both copyright and the way it is enforced has given birth to organizations such as the Pirate Party who demand wide-scale reform of the whole concept.

NSA To Harvest Social Networks?

NSA To Harvest Social Networks? Think carefully the next time you edit your Flickr or Myspace profile. New Scientist reported last week that the Pentagon’s National Security Agency (NSA) “is funding research into the mass harvesting of the information that people post about themselves on social networks.” For many the move is hardly surprising given the ongoing erosion of personal privacy as a result of 9/11 and makes George Orwell and Philip K Dick’s dark imaginings about the workings of big government (they gave us the concepts of thought-crime and pre-crime respectively) a depressing reality.

Many are saying that it bears all the hallmarks of the Pentagon’s Total Information Awareness program or the “blueprint for the total surveillance society” as it was dubbed by Lee Tien of the EFF. The program aimed to gather digital information from a variety of sources to aid in the tracking and capture of terrorists but was suspended in 2002 after a public outcry over privacy.

The New Scientist report speculates that the NSA plans to use semantic-web tools to plot connections between individuals. A paper promoting just such a process was delivered at the WWW2006 in Edinburgh last month. The paper, titled Semantic Analytics on Social Networks, described how conflict of interest in the scientific peer review process could be avoided by plotting the relationships between individuals, by analyzing the RDF tags of data from the Friend of a Friend (FOAF) social software service and the computer science bibliography website DBLP. New Scientist noted that the research was part-funded by Advanced Research Development Activity who spend the NSA’s research cash.

This news follows the report by USA Today on June 1st that the FBI had asked companies including Google, Microsoft and AOL (amongst others) to store Web usage histories for up to two years to assist with the investigations into child pornography and terrorism. Lee Tien observed that the Justice Department was “asking ISP’s to really become an arm of the government”.

In Europe, the adoption of similar approaches has been attempted with less success. In 2003 the UK All Party Internet Group (APIG) recommended that the government abandon plans to get ISP’s to store usage data for six years but should still ask the companies to keep data as and when law enforcers required.

The APIG report (PDF), which was delivered ahead of the consultation process for the controversial Regulation of Investigatory Powers Act (RIPA) Part 2, made the specific recommendation that

“a specific prohibition should be put into RIPA to prevent access to communications traffic data for ‘predictive use’. If particular patterns of behaviour were highly correlated to criminal behaviour then it might become possible for ‘fishing expeditions’ to detect these patterns to be seen a proportionate action. We agree that this type of access to traffic data raises considerable concern and do not believe it should be permitted under an ‘internal authorisation’ regime.

NSA To Harvest Social Networks? In September 2005 the European Commission adopted a proposal that would see telecommunications data held for one year and Internet data for six months and, last month, the European Court annulled the agreement which compelled airlines to submit private data on passengers flying to the US.

It’s not just us that thinks that the Global War on Terror has been used by governments on both sides of the Atlantic to infringe personal liberty with precious little evidence of positive results. Privacy groups have warned about the dangers of “automated intelligence profiling” citing the potential for inaccuracies, misuse and abuse.

Governments have hardly proven themselves capable custodians so far. In the UK recent blunders at the Home Office have seen thousands of individuals wrongly branded as criminals due to inefficient manual administration systems. Add government fecklessness to the huge quantity of incomplete, exaggerated and plain wrong data entered by ourselves about ourselves on social software sites and you could have the ingredients for a totalitarian, bureaucratic hell, worthy of Kafka.

Verisign Want To Help You Trust The Internet

Interesting to see Verisgn’s Chief Security Officer, Ken Silva, spreading himself over the news warning of a new type of Denial of Service (DoS) attack.

The new twist with the DoS attacks? Requests are initially made to a DNS with a faked return address for the DNS to reply to. This false address is the site being attacked, with the effect that the DNS is sending lots of responses to the target-server, bring it down. hence the Service being Denied.

Why would Verisign be interesting in telling people about this? Well they own Network Solutions, the largest domain register, so clearly they’ve got a vested interest in DNS working well.

More interestingly, their main business is selling security certificates. These certificates are used to ‘prove’ who you are and are, in turn, verified by VeriSign (See how they came up with the name now?).

To date, certificates have generally only really been used by sites to provide potential purchasers with a level of confidence in translating with them.

I think Verisign has a vision far beyond this. I imagine they’re getting very excited about the semantic web, where machines will be forever talking to each other, swapping little nuggets of data. I imagine that when the verisign CxO’s are lying around fantasising about how life could be, a world where everyone of these machine need to have a certificate (one of theirs naturally) would pretty much be the highest state of excitement.

Look at their spate of purchases towards the end of last year; weblogs.com and moreover and see how this strengthens the argument. They want to be in a position to prove that your blog post is created by you, or that the news source that says it the Digital-Lifestyles is Digital-Lifestyles.info and not some wanna-be imitation. Positioning yourself as an owner of frequently used ping server can only help you.

So keep your eye on VeriSign, we think they think they’re going to become a large part of your online life.

NTL And BitTorrent Announce P2P File-Sharing Trial

NTL And BitTorrent Announce P2P File-Sharing Trial Major UK consumer broadband providers NTL are teaming up with BitTorrent, the developers of the world’s most popular peer-to-peer (P2P) application.

The download service will offer a large variety of licensed video content for purchase in the UK, including popular films, music videos and TV programmes.

BitTorrent’s enormous bandwidth-hogging qualities has proved expensive for some Internet providers, but NTL are looking to speed delivery and reduce network costs by using CacheLogic’s caching technology which stores frequently downloaded files within the NTL network.

NTL believes that this combination will provide ultra-fast download speeds of broadcast quality content – or, as Kevin Baughan, their director of network strategy liked to call it, a “transformational video downloading experience.”

BitTorrent is already firmly established as the de facto tool of choice for connoisseurs of pirated TV and movie files, with BitTorrent traffic estimated to hog around a third of all internet bandwidth, and an even higher ratio on NTL’s network.

NTL And BitTorrent Announce P2P File-Sharing Trial Naturally, rights holders and movie heavyweights weren’t too chuffed to see their content whizzing around the Internet for gratis, and quickly hired in squadrons of lawyers to apply pressure on BitTorrent.

Late last year, a deal was struck with the Motion Picture Association of America to remove copyrighted material from the BitTorrent.com search engine, and the company has since been in talks with movie moguls and Internet service providers to find ways to use the software for the distribution of legal, paid-for downloads.

“NTL has seen a huge percentage of their traffic in the BitTorrent protocol,” said BitTorrent President Ashwin Navin. “But in the past, neither rights holders, ISPs nor BitTorrent derived any economic benefit from it.”

NTL’s trial is expected to start next month and run through the summer, with a small initial sample group of around 100 homes.

BitTorrent
ntl

BitTorrent Signs Anti-Piracy Agreement With MPAA

BitTorrent Signs Anti-Piracy Agreement With MPAA P2P network, BitTorrent has signed an agreement with the Motion Picture Association of America to collaborate on stopping Internet piracy.

After a press conference, a joint release was released by BitTorrent founder and CEO Bram Cohen and MPAA chairman and CEO Dan Glickman announcing that BitTorrent have agreed to remove all links directing users to pirated content owned by the seven MPAA member companies.

The agreement will effectively prevent bittorrent.com from locating unlicensed versions of popular movies, making it harder for freeloaders to find online illegal copies of films.

“BitTorrent is an extremely efficient publishing tool and search engine that allows creators and rights holders to make their content available on the Internet securely,” Cohen said.

BitTorrent Signs Anti-Piracy Agreement With MPAA “BitTorrent Inc. discourages the use of its technology for distributing films without a license to do so. As such, we are pleased to work with the film industry to remove unauthorised content from BitTorrent.com’s search engine,” he added.

Thousand of BitTorrent fans the world over will be clenching their fists and shouting “Traitor! You’re doing deals with the Devil,” while other more balanced, less angry-types will be saying “Smart move Bram, you’ve built a technology that they cannot stop and the fact they’ve done a deal with you proves that. Hey and you’re not getting your shirt sued off your back.”

In September, Cohen revealed that his company had raked in $8.75 million in venture funding to develop commercial distribution tools for media companies, and the MPAA deal looks to be part of a strategy to make the technology more attractive to Hollywood moguls – no doubt with an eye to future lucrative movie download deals.

With an estimated 45 million users, the BitTorrent technology pioneered by Cohen does its clever stuff by assembling digital files from separate bits of data downloaded from computer users all across the Internet.

The decentralised nature of technology makes it the easiest, most convenient way to fill your hard drive with dodgy movies galore, while making it harder for Hollywood to find and identify the movie swappers.

In an attempt to stop the piracy, the MPAA has been slapping lawsuits around like confetti during the last year, successfully closing down 90% of targeted sites using the BitTorrent protocol for illegal distribution of movies.

BitTorrent Signs Anti-Piracy Agreement With MPAA The MPAA claims that the film industry lost $3.5 billion to movie piracy last year, with a recent study predicting the figure to jump to $5.4 billion this year. The MPAA claim these losses are excluding revenue lost through online file-swapping, so the true figure could be even higher (although other will say the figures are already gloriously exaggerated).

With tears welling up in their eyes, the MPAA said that film copying hurts hundreds of thousands of employees dependent on the movie industry, including sound and lighting techies, carpenters, cinema staff, video store employees and quite probably the popcorn sales assistant too.

But not, we suspect, the fatcat industry bigwigs.

BitTorrent