NEWS : TECH (NFPC)

Lend me thine ears ye scurvy pirates pillaging the World Wide Web, a vigilant armada will soon be on thy trail. By year's end, the nation's major Internet service providers will launch a six-strikes-an-you're-out initiative that may put a damper on your plundering days of wide-spread downloading.

The "Copyright Alert System" strategy (CAS), backed by the Obama administration, Hollywood and major record labels, aims to disrupt and potentially terminate Internet access for those who continually infringe upon copyright laws.

The program, which monitors peer-to-peer file-sharing services, includes participation by AT&T, Cablevision Systems, Comcast, Time Warner Cable and Verizon.

DNEWS VIDEO: COOL JOBS: HACKER

BLOG: 10 Trickiest Spy Gadgets Ever

First offenders will receive an email alert from their Internet service provider saying their account may have been misused for online piracy. After a second offense, the alert could contain an educational message about online copyright laws.

After the third and fourth strikes, users could receive a pop-up notice "asking the subscriber to acknowledge receipt of the alert."

After four alerts, the warnings stop and the real punishments come to the surface...kind of.

The CAS program calls these "mitigation measures," which could include "temporary reductions of Internet speeds, redirection to a landing page until the subscriber contacts the ISP to discuss the matter or reviews and responds to some educational information about copyright, or other measures (as specified in published policies) that the ISP may deem necessary to help resolve the matter."

BLOG: Why The Web is Sick of SOPA

Gigi Sohn, president of digital rights group Public Knowledge, and an adviser to the Center for Copyright Information, the group behind the program, told Wired that offenders won't be penalized each time an infringement is detected.

"Each strike is not one infringement," Sohn said. "Each strike is dozens or scores or hundreds of infringements."

Considering that, after the first infringement is detected, strikes will only be counted every seven days and that there's a grace period between each alert, this dragnet sounds like it has some pretty big holes for occasional pirates to easily slip through.

Forgive my skepticism, but '600-strikes and you're out' seems like a long leash, not to mention a very passive-aggressive way to project authority.

via Wired

Credit: Images.com/Corbis

---

Email:

---

It’s an enticing premise out of a James Bond film: a device somewhere that, with the flick of a switch or the press of a button (or, somewhat more realistically, a typed code on a computer), can bring the World Wide Web to a sudden halt against an impenetrable wall of 404 Error codes.

No more e-mails. No more websites. No more adorable kitty memes. All of it gone, on the whim of arguably the most powerful person in the world.

BLOG: Internet Costs and Choices Still Stink

Rumors have circulated that governments in Egypt, Iran, and elsewhere have tried to develop just such a "kill switch" to disable the Internet. Sci-fi speculation aside, a recent statement on Yahoo News UK from the man who invented the World Wide Web, Sir Tim Berners-Lee, pours cold water on that theory:

"Berners-Lee, who launched the web on Christmas Day 1990, said the only way the internet could ever be entirely shut down is if governments all over the world coordinated to make it a centralized system....The way the internet is designed is very much as a decentralized system. At the moment, because countries connect to each other in lots of different ways, there is no one off-switch, there is no central place where you can turn it off."

Governments and powerful individuals clearly have a vested interest in keeping some information off the Internet. Witness the concern over Wikileaks releases and even Mitt Romney’s tax records, which may or may not have been recently stolen by a hacker allegedly demanding ransom.

But killing the Internet to prevent dissemination of such secrets would be like killing a fly with a sledgehammer—and likely be ineffective anyway.

 WATCH VIDEO: Blind Surf the Web

Though it would be virtually impossible to switch the Internet as a whole off, there have of course been various countries that have blocked or restricted web access to their citizens for political purposes. China, for example, is notoriously censorious.

BLOG: Internet Makes Us Smarter & Dumber

And it’s not just countries. In March of this year, people claiming to be members of the group Anonymous announced that they planned to gravely harm (albeit temporarily) the web by targeting the world’s domain name servers, thereby making it impossible to perform a domain name look-up, effectively rendering most of the Internet inaccessible (though hardly “dead”). It was supposed to have happened on March 31, though given the nature of the Anonymous organization it’s not clear if the threat was real (and unsuccessful) or a prank.

In response to claims that he was one of the few people who could pull the plug on the Internet, Berners-Lee joked: "I am afraid that now that you know I will have to shoot you."

Credit: Corbis Images

---

Email:

---

Mitt Romney's tax returns are allegedly no longer secret. An unidentified group claims to have stolen Republican Presidential candidate Mitt Romney's tax returns from PricewaterhouseCoopers' Tennessee offices.

Mashable is reporting a hacker group claims to be in possession of "all available 1040 tax forms for Romney." The group, which is yet unidentified, posted on the text-hosting site PasteBin that they had illegally entered PricewaterhouseCoopers' Nashville office on Aug. 25, 2012, accessed the computers, made copies of the returns and escaped. PasteBin is popular with the hacker group Anonymous.

ANALYSIS: Obama, Romney Family Ties Share Polygamy, More

The unnamed group is threatening to release the returns to the public unless a ransom is met. They're asking for $1 million USD in Bitcoins. The Bitcoin is a peer-to-peer electronic currency with no central banking authority -- thus, it's very difficult to track.

WATCH VIDEO: Darren Kitchen, hacker and host of tech show Hak5, says why hacking isn't the same thing as cyber crime.

If PricewaterhouseCoopers pays by Sept. 28, the information the hackers claim to hold will "remain a secret forever." However, a statement addressed to PricewaterhouseCoopers, again on PasteBin, states that "other interested parties will be allowed to compete," for the release of the tax returns. The second statement also admits that the returns will be sent to "all major media outlets."

As reported by The Tennesseean, the Williamson County Republican Party in Tennessee notified local police when a suspicious package arrived at their offices last Friday. The package allegedly includes, "copies of Republican presidential nominee Mitt Romney’s tax returns hacked from an accounting office." The local Democratic party office admits to receiving a package as well. Both contain a thumb drive and a letter matching the details on PasteBin.

If PricewaterhouseCoopers fail to act before Sept. 28, "the entire world will be allowed to view the documents with a publicly released key to unlock everything," reads the hacker's statement.

NEWS: Obama and Romney Ignoring Climate Change

Romney's tax returns have been to this election what Barack Obama's birth certificate was to the 2008 election. Romney released his 2010 returns and the Washington Post extrapolated his 2011 filings, but his full tax history is still a closely guarded secret. Even after its release and authentication, Obama's birth certificate is a topic of discussion amongst some groups. If the hackers do have Romney's tax information, it would take some time to ensure there was no forgery or tampering.

The Obama campaign and other Democrats have challenged Romney to release the information. According to Politifact, "only two general election candidates have revealed no more than two years of tax returns." One is Sen. John McCain in 2008 and the other is Gov. Romney. In the 2008 Democratic primary, Sen. Barack Obama released seven years of tax returns, and Sen. Hillary Clinton followed suit shortly thereafter.

NEWS: Mit Romney Campaign's Epic Fail

Phone calls to PricewaterhouseCoopers' Nashville and United States central offices by Discovery News were not answered.

As a final statement, the hackers allegedly wrote, "Who-ever is the winner does not matter to us."

UPDATE: USNews is reporting PricewaterhouseCoopers' statement which said, "We are aware of the allegations that have been made regarding improper access to our systems. We are working closely with the United States Secret Service, and at this time there is no evidence that our systems have been compromised or that there was any unauthorized access to the data in question."

Romney's 1040 tax returns were taken from the (PricewaterhouseCoopers) office 8/25/2012 by gaining access to the third floor via a gentleman working on the 3rd floor of the building. Once on the 3rd floor, the team moved down the stairs to the 2nd floor and setup shop in an empty office room. During the night, suite 260 was entered, and all available 1040 tax forms for Romney were copied. A package was sent to the PWC on suite 260 with a flash drive containing a copy of the 1040 files, plus copies were sent to the Democratic office in the county and copies were sent to the GOP office in the county at the beginning of the week also containing flash drives with copies of Romney's tax returns before 2010. A scanned signature image for Mitt Romney from the 1040 forms were scanned and included with the packages, taken from earlier 1040 tax forms gathered and stored on the flash drives.

The other statement explaining the situation and how payment is to be delivered:

Using your Office @ 830 Crescent Centre Drive, Suite 260, Franklin, TN 37067 Telephone: [1] (615) 503-2860 we were able to gain access to your network file servers and copy over the tax documents for one Willard M Romney and Ann D Romney. We are sure that once you figure out where the security breach was, some people will probably get fired but that is not our concern.

All major news media outlets are going to be sent an encrypted copy of the most recent tax years that your company had on file since you did not have them all in a convenient electronic form. The years before 2010 will be of great interest to many. If the parties interested do not want the encrypted key released to the public to unlock these documents on September 28 of this year then payment will be necessary.

The deal is quite simple. Convert $1,000,000 USD to Bitcoins (Google if if you need a lesson on what Bitcoin is) using the various markets available out in the world for buying. Transfer the Bitcoins gathered to the Bitcoin address listed below. It does not matter if small amounts or one large amount is transferred, as long as the final value of the Bitcoins is equal to $1,000,000 USD at the time when it is finished. The keys to unlock the data will be purged and what ever is inside the documents will remain a secret forever.

Failure to do this before September 28, the entire world will be allowed to view the documents with a publicly released key to unlock everything.

Bitcoin Address to Stop Release: [redacted]

And the same time, the other interested parties will be allowed to compete with you. For those that DO want the documents released will have an different address to send to. If $1,000,000 USD is sent to this account below first; then the encryption keys will be made available to the world right away. So this is an equal opportunity for the documents to remain locked away forever or to be exposed before the September 28 deadline.

Who-ever is the winner does not matter to us.

Sources: Mashable, The Tennessean, Nashville CityPaper, Politifact

Credit: Paul Cunningham/Corbis

---

Email:

---

You know that case-sensitive password you have? The "unguessable" alphanumeric cipher you think is safeguarding your private accounts? Well, the jig is up.

DNEWS VIDEO: COOL JOBS: HACKER

BLOG: Hack Yourself A Super Secret LCD Monitor

That's because a team of researchers from the University of Oxford in Geneva and the University of California in Berkeley just showed how easy it is to hack a human brain and pluck things such as bank details from your head. Not only that, they did so using an off-the-shelf Emotiv brain-computer interface that only cost a few hundred dollars.

Volunteers for the security experiment were asked to wear an Emotiv BCI head piece and sat in front of a computer screen that showed images of maps, banks and card PINS.

Researchers then tracked the P300 brain signal, which is given off when the brain registers meaningful stimuli. The team found they could consistently reduce the random data in each variable by 15 to 40 percent, a marked advantage over random guessing.

Subjects were essentially leaking valuable information through the BCI units, making it easier to calculate their address or bank account numbers.

"The simplicity of our experiments suggests the possibility of more sophisticated attacks," the team explained in their paper on the experiment. "For example, an uninformed user could be easily engaged into 'mindgames' that camouflage the interrogation of the user and make them more cooperative. Furthermore, with the ever increasing quality of devices, success rates of attacks will likely improve."

BLOG: Hacking Nightmare Comes True

Lesson of the day: Be vigilant of the headwear you're casually asked to try on and think of nothing but kittens chasing butterflies in a land of double rainbows and flying toasters.

via Gizmag

credit: Emotive

---

Email:

---

Hackers can do a lot worse than steal your data and identity. They can wipe your digital life almost entirely so you'll never get it back.

Just ask Mat Honan, a writer for Wired who suffered this attack. Friday evening, the San Francisco-based journalist had his iPhone reboot to a setup screen, its storage erased. By the time he realized his MacBook Air had locked him out as part of a remote wipe, he saw that his iPad had also been nuked. And like too many people, he hadn't backed up the laptop.

BLOG: How Do You Hack Into a Phone?

Honan then noticed that somebody had hijacked his iCloud and Twitter accounts and deleted his Gmail identity, as he wrote in a Tumblr post. Racist, homophobic tweets streamed from his widely followed @mat username -- and the @gizmodo account he'd linked when he wrote for that tech blog.

I know the victim, so the crime seems especially vile. A cheerful early adopter of the Internet and one of the most pleasant users online, Honan creates amusing "single-serving sites" in his spare time. And, for one Wired piece, he spent a month broadcasting his location in real-time on various iPhone apps.

Last week, the Net betrayed his trust.

DNEWS VIDEO: Gadgets and Gizmos

After conversations with one of the hackers and sources at Amazon, Apple, Google and Twitter, Honan explained what happened in a lengthy Wired.com article.

The fault wasn't malware or weak passwords. The bad guys only needed "social engineering" to talk Apple into surrendering access to the iCloud e-mail that Honan had set as a recovery address for his Gmail, which in turn governed his Twitter handle.

WATCH VIDEO: Hackers Vs. Cyber Criminals

First, an attempted Gmail password reset listed an obscured but easily guessed iCloud address as a backup.

Then the hackers tackled Amazon, adding a credit-card number to Honan's account over the phone by producing his street address (listed in his domain-name registration) and e-mail. They called back to say they'd lost access, authenticating themselves with his name, address and the new card; Amazon's password-reset screen showed the last four digits of other saved cards.

Amazon publicist Ty Rogers wrote Tuesday that the company had closed that exploit.

Next, they phoned Apple to request a temporary password and got one after providing only a street address and the last four digits of the saved card (which, remember, could have also come from a stray receipt). Wired was able to duplicate this exploit. Boom.

As of Wednesday morning, Apple PR hadn't answered a query sent Tuesday morning, but Wired reported that the company had stopped resetting passwords over the phone.

Why Honan in particular? The hackers, he wrote, only wanted to play with a three-letter Twitter handle. Everything else, including possibly zapping a year and a half of photos of Honan's baby, was collateral damage.

BLOG: In Case of Cyber Attack...?

Most of us aren't such an attractive target, but our risk is not zero either. Five defensive measures come to mind, which Honan endorsed when I talked with him by phone on Tuesday:

• Keep a local backup of your data. (On a Mac, use Time Machine; in Windows, use Microsoft's built-in utility; CrashPlan can work too.)


• Until Apple fixes a security policy that can be defeated without advanced social engineering, don't store a heavily used credit card at the iTunes Store.


• Disable Find My Mac on your computers, in the System Preferences app's iCloud section. Find My iPhone/iPad remains useful; Honan said it recently helped recover his wife's phone.


• Whatever e-mail you set for password recovery should be obscure, certainly not an iCloud .me or .mac address.


• If you use Gmail for anything vital, enable "two-step verification" to ensure people can't take it over with just a password.

Be careful out there, everyone.

Credit: Rob Pegoraro / Discovery

---

Email:

---

Last month, with the hopes of encouraging Congress to pass the cybersecurity law, President Obama penned an op-ed ed piece for the Wall Street Journal that began with a realistic scenario of what could happen if private sector companies were cyber attacked.

“Across the country trains had derailed, including one carrying industrial chemicals that exploded into a toxic cloud. Water treatment plants in several states had shut down, contaminating drinking water and causing Americans to fall ill,” Obama wrote.

NEWS: In Case of Cyber Attack...?

DNEWS VIDEO: COOL JOBS: HACKER

The piece was pretty much ignored. Last week, the Senate was unable to come to an agreement to pass the law, earning only 52 of the 60 votes needed to pass it and shelving it until after their August recess. Being that it’s an election year, the bill’s outlook looks bleak. It's sponsored by Senator Joe Lieberman (I-CT), and would allow the government and private companies to share information like user data and communications if it pertained to national cybersecurity.

It’s important to point out that this kind of information is already collected by companies, just not shared with the government. The bill originally contained minimum security requirement measures for infrastructure providers like water treatment facilities and electricity plants, based on information collected on their high susceptibility to cyber attacks. The Senate shot this down, claiming too much involvement in private company issues, and made the precautions optional in July.

NEWS: Cybersecurity System Mimics Human Immune System

Opponents of the bill, like the advocacy group Fight For the Future, praised last week’s shelving of the bill because of privacy concerns for everyday citizens. However, staff from Senator Lieberman’s office told the digital political new organization, Talking Points Memo that, “Neither the Cybersecurity Act, nor its failure to gain cloture would have any affect on ordinary Web users,” adding that the focus of the bill is the critical infrastructure networks that supply the nation with basic life services.

 via TPM

Credit: Brendan Hoffman/Getty Images

---

Email:

---

One of Reuters News’ Twitter accounts was hacked Sunday, allegedly by pro-Assad propagandists. Using the handle @ReutersTech, the hackers posted around two dozen tweets claiming victories against pro-democracy forces. The tweets were a follow up to a a phony interview that appeared Friday with Free Syrian Army head Riad al-Asaad, who said his forces were pulling back from the city of Aleppo after clashes with government forces.

BLOG: Hack Yourself A Super-Secret LCD Monitor

The false articles attributed to Reuters reporters claimed that the Syrian rebel movement planned to use chemical weapons smuggled from Libya and that it was retreating to Turkey after suffering a big defeat. Both stories were false.

The company took the stories offline, and changed the @ReutersTech Twitter handle to @ReutersME, according to a spokesman for Reuters. Reuters said it dealt with the problem (and presumably plugged the security hole).

DNEWS VIDEO: COOL JOBS: HACKER

A screen shot of the false interview with Riad al-Assad can be seen here. To anyone reading closely it's pretty clear something is wrong -- it's pretty plain that it wasn't vetted by a Reuters copy editor.

The Syrian Electronic Army, which operates with the tacit support of the Syrian government, has claimed responsibility for several attacks on Web sites that it says support the rebel movement.

The incident shows the increased role that cyber warfare has been playing in conflicts between nations. This attack was in the realm of (rather clumsy) propaganda and psychological warfare. But cyber attacks can be physical, too.

Iran's oil facilities were attacked this year, as were its nuclear facilities.  The Stuxnet worm that damaged the country's centrifuges may still be out there, and recently hackers caused a nuclear plant's workstation speakers to blast AC/DC music. Iran has hit back, hacking into a drone launched by the United States.

NEWS: Energy Grid: Safe From Cyber Attack?

While hackers that engage in political acts -- some would say acts of war -- get the headlines, John Koetsier over at VentureBeat noted that a similar false story could be written that says Apple is acquiring Samsung, for instance. Stories on the Internet spread quickly, and it’s not hard to see that an enterprising hacker might plant one like that and then watch a stock he or she owns and sell just before the story is debunked or denied. The whole process would take only a few hours, and such stock manipulation would be hard to prove.

Credit: Screen grab

---

Email:

---

The Federal Aviation Administration's next-generation air traffic control systems are vulnerable to hackers, who could send fake airplane signals to towers or track private planes carrying famous people.

At the Black Hat conference currently going on in Las Vegas, security researcher Andrei Costin demonstrated a way to "spoof" an airplane's signal to an air traffic controller using about $1,000 worth of radio equipment.

PHOTOS: Top 10 Spy Tactics

The vulnerability comes from the way the new air traffic control system, which is scheduled to be fully on-line by 2020, gets its signals.

DNEWS VIDEO: COOL JOBS: HACKER

Air traffic controllers are good at tracking "rogue" signals from the ground and the current system uses radar to "ping" an airplane, whose transponder sends a signal back. Older radar systems are also hard to fool from a random ground-based transmitter.

The new system, called Automated Dependent Surveillance-Broadcast or ADS-B, works a little differently. The planes will transmit their locations by radio instead of depending on towers to track them, as well as linking to the GPS network.

That is more efficient and safer; every plane will be able to see every other, and the controllers will see the same things as the planes. No more situations where radar shows one thing and the airplane's collision-avoidance system show another.

The down side is that the signals aren't encrypted, so anybody can listen in. On top of that, using a software-defined radio (basically a radio whose characteristics are determined with a small computer rather than the usual hardware), it's possible to transmit the signals that a plane does to the tower, and there would be no way to tell. A good radio can be had for about $1,000 or less.

It's easy to see why this could be a problem. While a hacker can't take a plane from the sky, he or she could certainly cause a lot of chaos at the airport by simply filling the air traffic controller's screen with a lot of fake airplanes. Even though each aircraft could be checked against a flight plan it would still be difficult -– if not impossible -- to do.

They wouldn't be completely helpless, of course, and even if the planes were getting confusing signals from the ground, visual and radar cues would prevent a lot of accidents. (So if you're thinking of the plot to "Die Hard 2" you can relax). But a major airport forced to shut down for even an hour would be a major headache.

 NEWS: AIrliners Fly In Face Of Cyber Attack Scares

Then there's tracking famous people. Since the signal isn't encrypted, a hacker could see which plane was traveling where. Some of this information is available already (there are lots of flight arrival apps, for instance, that have it). But imagine being able to see exactly where Air Force One is, or less ominously, where to track your favorite celebrity.

The FAA has released a statement saying that it has a plan to deal with security breaches, and Skip Nelson, president of ADS-B Technologies, one of companies making these components told CNN that there are countermeasures in place.

Via Forbes, SecurityWeek

Image: Wikimedia Commons / Mark Brouwer

---

Email:

---

Kids who are bullied over the Internet often feel alone, which is a dangerous place to be. Isolation, fear and depression can drive kids to take extreme measures, even suicide. Karthik Dinakar from the Massachusetts Institute of Technology has been working on a project with her colleagues that could help reduce the feelings of loneliness experienced by victims of cyberbullying. The researchers are also hoping to developing software that can identify cyberbullying at its source.

BLOG: When Adults are the Victims of Tween Bullies

Dinakar's team developed an algorithm that that analyzes words and phrases from the website, A Thin Line, which was developed by MTV as a way to empower young people to anonymously identify, respond to and stop the spread of digital abuse. The site gives teens the opportunity to vent their frustrations and give each other advice on how to deal with them.

The algorithm analyzed the words and phrases from 5,500 posts from the site and placed each one into one or more of 30 themes, such as relationships, sexting or sharing embarrassing photos. New Scientist gives this example: If a post contains the words or fragments “boyfr,” ”trust,” ”cheat,” ”break” or “upset,” then it could go into the relationship category. The software then matched up simliar messages, letting those who posted the problems know that they weren't alone.

HOWSTUFFWORKS: Dealing with Bullying

Dinakar is also working on software that could identify cyberbullies at the source. Drawing from an open-sourced database called ConceptNet, which allows computers to identify words and their relationships with each other (i.e. dress/girl). For example, calling a girl a cow would pop up on the software’s radar as a negative comment, it knows that a cow is an animal, not a human. The software could be used in social networks to deter bullies by identifying phrases that could be offensive and then offer help to the recipient of the bullying.

Eventually, Dinakar wants to combine the algorithm analyzing words from A Thin Line with the ConceptNet database to create a cyberbully-deterring system. While it may not get to the root of the problem, it may be a step in the right direction.

via The New Scientist

Credit: Victor Habbick Visions/Science Photo Library/Corbis

---

Email:

---

While Zooey Deschanel's adorkable quest for rainy-day tomato soup and Samuel L. Jackson's reminder to put the gazpacho on ice might lead you to believe that summoning Siri is just a fancy flight of epicurean whimsy, consider this: What happens to all those verbal requests?

Think again if you believe they just evaporate into the ether. Actually, Apple processes and stores the voice requests and commands on a remote server were they remain. For how long, you ask? Apple won't say.

DNEWS VIDEO: COOL JOBS: HACKER

BLOG: 'Touchy' Shows How Out of Touch We Are

No big whup if you're just asking Siri to find organic mushrooms for your risotto, but what if your tête-à-tête with Siri was a little more sensitive? Say, for example, you were using Siri to organize a subversive political protest or perhaps you work for Apple's rival company. Now, all of a sudden, Siri's secret stash doesn't sound so footloose and fancy-free.

Last month Technology Review reported that IBM asked its employees to give Siri the cold shoulder in fear of sensitive company information being leaked to Apple.

"We found a tremendous lack of awareness as to what constitutes a risk," Jeanette Horan, IBM's chief information officer, told Technology Review. "We're trying to make people aware."

However, Apple said there's no reason for concern.

"This data is only used for Siri's operation and to help Siri improve its understanding and recognition," said Apple spokeswoman, Trudy Muller.

HOWSTUFFWORKS: How the iPhone Works

Benevolent intentions aside, ensuring the protection and privacy of voiceprints will likely increase as more smartphones continue to be equipped with voice recognition applications.

James Glass, a senior research scientist at MIT, says that the best way to keep voiceprints anonymous would be to disconnect voice recordings from a user's phone number.

"It would mean that it would be harder for systems to personalize to your voice and queries, but some people might prefer that option if it gave them more privacy," he said. "This is the position I would advocate for, as it is similar to how some apps ask permission to use your location right now."

As for my stance on Siri, I'm taking a hands-off approach. After all, a wise man once said, "You don't need a weatherman to know which way the wind blows." Seems like I'm not the only one who thinks so.

via Technology Review

Credit: Oli Scarff / Getty Images

---

Email:

---