NSA 'targets' Tor dark web servers

4 July 2014 Last updated at 12:32

The NSA has been targeting the Tor anonymising system to spy on its users, suggests a report.

German public broadcaster ARD said two Tor servers in Germany were actively being watched by the US spy agency.

Citing information given by official sources, ARD said almost anyone searching for Tor or installing it could be watched by the NSA.

Tor hides users' location and identity by randomly bouncing data through some of the machines making up the network.

Data is encrypted during the hops to better conceal who is visiting which page.

Information passed to ARD suggests the NSA has tapped into traffic to and from two German directory servers used by Tor to scoop up the IP addresses of people who visited it.

Data passing in and out of these servers was vulnerable because it was unencrypted. Other directory servers might also have been watched.

The addresses the NSA grabbed were monitored via an analysis system it developed called XKeyscore, said ARD. XKeyscore works by snooping on information passing through the few exchanges around the world where data hops from one ISP to another.

Data grabbed from these sources was used to build up a a profile of the web browsing habits associated with those IP addresses.

Sites offering several other anonymising and privacy tools were also watched, said the ARD report.

"XKeyscore is an analytic tool that is used as a part of NSA's lawful foreign signals intelligence collection system," a spokeswoman for the NSA told news site Ars Technica. "Such tools have stringent oversight and compliance mechanisms built in at several levels.

"All of NSA's operations are conducted in strict accordance with the rule of law," she said.

23.22 | 0 komentar | Read More

Boleto hack may lose Brazil $3.75bn

3 July 2014 Last updated at 15:53

Researchers from an American security company have unearthed a substantial malware-based fraud ring.

The operation has infiltrated one of Brazil's most popular payment methods, Boleto, for two years.

An estimated 495,753 Boleto transactions have been compromised, which means the hackers could have stolen up to $3.75bn (£2.18bn).

Researchers say it is not known whether the fraudsters were successful in collecting on all of the transactions.

Boleto Bancario allows an individual to pay an exact amount to a merchant and can be used for almost every kind of transaction, from the weekly shop to phone bills.

Boletos can be used and generated both online for electric transfers and offline with printed paper.

Continue reading the main story

Be cautious about opening unsolicited email attachments or clicking on unknown links"

End Quote Graham Cluley Computer security analyst

The attack has been described by US-based security company RSA, a division of data storage corporation EMC, as "a major fraud operation and a serious cybercrime threat to banks, merchants and banking customers in Brazil".

It is not clear how much has been stolen or whether all the funds were successfully redirected to fraudster-controlled bank accounts.

However, this will have been the largest electronic theft in history if even half of the valued worth turns out to be in the hands of criminals, according to the New York Times.

The number of infected PCs totals 192,227 - an additional 83,506 email user credentials have also been stolen.

Known colloquially as a man-in-the-browser threat, the malware silently injects itself into users' web browsers after hackers have initially tricked individuals into clicking malicious links in seemingly ordinary looking emails. This is similar in principle to phishing scams.

Once the malware is in the browser, fraudsters can begin to intercept and alter Boleto details. This activity is invisible to the user.

"Because of its stealth capabilities, end-users also have little chance of detecting Boleto fraud on their own," said RSA researchers.

Google's Chrome, Mozilla's Firefox and Microsoft's Internet Explorer are all vulnerable to the attack.

'A serious impact'

"Brazil has long been a hotbed of cybercrime, and although we don't know exactly what financial impact may have been caused by this sophisticated attack it's possible that different factors might have helped the hackers get away with it," said computer security analyst Graham Cluley.

"Sadly Brazilian computers aren't always necessarily running the very latest anti-virus software, and because Boletos aren't used outside of Brazil it might have made security companies less vigilant about the threat."

Boletos are the second most popular payment method in Brazil, responsible for an estimated 18% of all purchases during 2012.

"Such attacks will have a serious impact on the confidence we place in increasingly common digital payment methods," warned Dr Andrew Rogoyski, chair of techUK cyber-security group.

Mr Cluley advises users to "be cautious about opening unsolicited email attachments or clicking on unknown links, and keep your computer updated with security patches and the latest anti-virus".

23.22 | 0 komentar | Read More

Why has Google cast me into oblivion?

2 July 2014 Last updated at 17:25

This morning the BBC received the following notification from Google:

Notice of removal from Google Search: we regret to inform you that we are no longer able to show the following pages from your website in response to certain searches on European versions of Google:

http://www.bbc.co.uk/blogs/legacy/thereporters/ robertpeston/2007/10/merrills_mess.html

What it means is that a blog I wrote in 2007 will no longer be findable when searching on Google in Europe.

Which means that to all intents and purposes the article has been removed from the public record, given that Google is the route to information and stories for most people.

So why has Google killed this example of my journalism?

Please turn on JavaScript. Media requires JavaScript to play.

Robert Peston: Removed article "was in public interest"

Well it has responded to someone exercising his or her new "right to be forgotten", following a ruling in May by the European Court of Justice that Google must delete "inadequate, irrelevant or no longer relevant" data from its results when a member of the public requests it.

Track record

The ruling stemmed from a case brought by Mario Costeja González after he failed to secure the deletion of a 1998 auction notice of his repossessed home that was reported in a Spanish newspaper.

Now in my blog, only one individual is named. He is Stan O'Neal, the former boss of the investment bank Merrill Lynch.

My column describes how O'Neal was forced out of Merrill after the investment bank suffered colossal losses on reckless investments it had made.

Is the data in it "inadequate, irrelevant or no longer relevant"?

Hmmm.

Most people would argue that it is highly relevant for the track record, good or bad, of a business leader to remain on the public record - especially someone widely seen as having played an important role in the worst financial crisis in living memory (Merrill went to the brink of collapse the following year, and was rescued by Bank of America).

Public interest

So there is an argument that in removing the blog, Google is confirming the fears of many in the industry that the "right to be forgotten" will be abused to curb freedom of expression and to suppress legitimate journalism that is in the public interest.

To be fair to Google, it opposed the European court ruling.

But its implementation of it looks odd, perhaps clumsy.

Maybe I am a victim of teething problems. It is only a few days since the ruling has been implemented - and Google tells me that since then it has received a staggering 50,000 requests for articles to be removed from European searches.

It has hired what it calls "an army of para legals" to process these requests.

I asked Google if I can appeal against the casting of my article into the oblivion of unsearchable internet data.

Google is getting back to me.

PS Although the BBC has had the notice from Google that my article will not show up in some searches, it doesn't appear to have implemented this yet.

UPDATE 22:50

My blog remains findable when you search Stan O'Neal. So I am beginning to wonder whether it really was him who requested to be forgotten.

The implication is that oblivion was requested not by anyone who appears in the blog itself (O'Neal is the only person I mention in my column) but by someone named in the comments written by readers underneath the blog.

Google won't tell me, one way or another.

It is all a bit odd.

UPDATE 17:20, 3 July 2014

So there have been some interesting developments in my encounter with the EU's "Right to be Forgotten" rules.

It is now almost certain that the request for oblivion has come from someone who left a comment about the story.

So only Google searches including his or her name are now impossible.

Which means you can still find the article if you put in the name of Merrill's ousted boss, "Stan O'Neal".

In other words, what Google has done is not quite the assault on public-interest journalism that it might have seemed.

Unless, that is, you believe that when someone makes a public comment on a media website, that is something that is voluntarily done and should not be stricken from the record - except when what is at stake is a matter of life and death.

What may be a concern is that this opens the door to a torrent of requests from people who have left comments on blogs and websites now asking Google to, in a sense, strike those comments from the record.

As it happens, the idea that Google has gone a bit over the top in restricting searches to my blog has been made by Ryan Heath, the spokesman for European Commission vice-president Neelie Kroes - who I have just interviewed for Radio 4's PM programme.

Google insists it is simply complying with the relevant articles in the European Court of Justice's ruling.

23.22 | 0 komentar | Read More

Complaint over Facebook emotion test

4 July 2014 Last updated at 11:55

An official complaint has been filed to the US Federal Trade Commission about a Facebook experiment that manipulated the emotional state of users.

The study was carried out for one week in 2012 and targeted almost 700,000 users by varying the personalised content sent to their Facebook pages.

The complaint was filed by digital rights group the Electronic Privacy Information Center (Epic).

Facebook said it had no comment to make about the complaint.

Damages call

In its complaint, Epic said Facebook had flouted ethical standards that govern experiments on human subjects.

The 2012 experiment involved Facebook collaborating with two US universities to see if changing the emotional content of stories and updates sent to users' Facebook profile pages had any effect on the people that read them.

It found that it was possible to influence people and that those who read fewer messages with negative emotional content were less likely to write a similarly negative personal update on their profile page.

Continue reading the main story

"We never meant to upset you"

End Quote Sheryl Sandberg Facebook

"The company purposefully messed with people's minds," said Epic in its complain, adding that Facebook did not get explicit permission from users to carry out the experiment. The organisation's terms and conditions did not allow Facebook to carry out the test nor hand over data to experimenters.

Epic wants Facebook to pay damages and to hand over the algorithm underlying the work.

The social network's action amounted to a "deceptive practice", said Epic, and as such should be subject to enforcement action by the Federal Trade Commission (FTC).

Facebook's actions also violated a 2012 order imposed on it by the FTC, which required it to safeguard user data, said Epic.

The UK's information commissioner is also investigating whether Facebook broke data-protection laws when it carried out the psychological experiment.

In earlier statements about the experiment Facebook said it had taken "appropriate" steps to protect user data.

In addition on Thursday Facebook chief operating officer Sheryl Sandberg apologised for the way the study was carried out. "We never meant to upset you," said Ms Sandberg while talking to the press during a trip to India.

"It was poorly communicated," she said. "And for that communication we apologise."

23.22 | 0 komentar | Read More

Facebook buys video ad tech start-up

3 July 2014 Last updated at 02:49

Facebook has acquired LiveRail - a tech start-up that helps companies place more relevant ads in the videos that appear on their websites and apps.

LiveRail also provides a real-time bidding platform for marketers looking to place ads on online videos.

The firms did not reveal the financial terms, but some reports indicate that Facebook paid between $400m and $500m (£233m and £291m) to buy the firm.

Online video advertising is forecast to grow robustly in the coming years.

"More relevant ads will be more interesting and engaging to people watching online video, and more effective for marketers too," Brian Boland, vice president of ads product marketing and atlas at Facebook, said in a blog post.

"Publishers will benefit as well, because more relevant ads will help them make the most out of every opportunity they have to show an ad."

According to LiveRail, it delivers more than seven billion video ads per month.

Growing importance

The online and mobile ad sector has been growing rapidly in recent years.

Continue reading the main story

It is no longer about saying, 'My ad was was seen by so many people.' But it is now about knowing who those people are and how they have responded to the information fed to them"

End Quote Sanjana Chappalli LEWIS Pulse

According to a study published in April, more than £1bn was spent on mobile ads in the UK alone in 2013, a rise of 93% on the previous year.

Some other estimates suggest that online video advertising revenues are likely to hit $6bn in the US this year.

As a result, a growing number of firms - especially social networking platforms such as Facebook and Twitter - have been looking at ways to attract more advertisers and tap into the sector's growth.

Earlier this year, Facebook said it would start serving ads to third-party mobile apps via a new advertising network.

Twitter, acquired MoPub mobile advertising exchange last year.

MoPub acts as a mediation service, allowing marketers to manage the placement of ads across several networks, including Facebook's.

Analysts said that given their large user base, social networks were likely to get a big share of this growing market.

"It is no longer about saying, 'My ad was was seen by so many people,'" said Sanjana Chappalli, Asia-Pac head of LEWIS Pulse, a firm specialising in digital marketing.

"But it is now about knowing who those people are and how they have responded to the information fed to them.

"And on that front, social networks enjoy a tremendous advantage over everyone else." she added.

Meanwhile, Google's AdMob and Apple's iAds platforms and several other smaller firms are also competing to provide the adverts shown on mobile phones and tablets.

Millennial Media, Flurry and Nexage are among the firms promoting their own versions of "programmatic buying" - a way for firms to target their ads at a specific type of consumer via a chosen type of app at an appropriate time and geographic location.

23.22 | 0 komentar | Read More

Samsung ready to scrap plasma TVs

3 July 2014 Last updated at 12:07

Samsung is to stop producing plasma televisions (PDP TVs) by 30 November.

It said falling demand meant it would instead focus on producing curved and ultra-high-definition (UHD) TVs.

"We remain committed to providing consumers with products that meet their need," Samsung told the CNET website.

Panasonic, Sony, Hitachi and Pioneer have also pulled out of the sector in recent years. And, according to the Tech Radar website, LG is expected to follow suit soon.

Plasma screens, which use electrically charged ionised gases, are often applauded for their brightness, deep blacks, and high frame rates, considered ideal for watching sport and films.

But they tend to use more electricity and are considerably bulkier than the now more popular liquid-crystal display (LCD) and light-emitting diode (LED) TVs.

Stylish tellies

TrustedReviews website editor Evan Kypreos said: "It's not at all surprising that Samsung has dumped plasma.

"The main issue is that it's very tricky to make [UHD] plasmas, and [UHD] is the future of big TVs.

"While plasma is a lot better than LED/LCD TVs in terms of image quality, such as contrast ratio, and motion handling, it has a few drawbacks.

"Plasma TVs can't be made a thin as LEDs, for example. People like stylish tellies."

With the introduction of increasingly advanced organic LED TVs, which arguably have better black levels, brightness and colour gamut than plasmas, there was little reason to continue manufacturing plasma screens, Mr Kypreos said.

"Home-cinema connoisseurs will always have a soft spot for plasmas, but they have simply been technologically superseded," he said.

23.22 | 0 komentar | Read More

Google reinstates 'forgotten' links

4 July 2014 Last updated at 11:13 By Dave Lee Technology reporter, BBC News

After widespread criticism, Google has begun reinstating some links it had earlier removed under the controversial "right to be forgotten" ruling.

Articles posted online by the Guardian newspaper were removed earlier this week, but have now returned fully to the search engine.

Google has defended its actions, saying that it was a "difficult" process.

"We are learning as we go," Peter Barron, head of communications for Google in Europe, told the BBC.

Speaking to Radio 4's Today programme, he dismissed claims made on Thursday that the company was simply letting all requests through in an attempt to show its disapproval at the ruling.

"Absolutely not," he said. "We are aiming to deal with it as responsibly as possible.

Continue reading the main story

A few automated messages later, the story is back in the headlines - and Google is likely to be happy about that"

End Quote James Ball The Guardian

"The European Court of Justice [ECJ] ruling was not something that we welcomed, that we wanted - but it is now the law in Europe and we are obliged to comply with that law."

He said Google had to balance the need for transparency with the need to protect people's identity.

'Memory hole'

Mr Barron argued that the search giant was doing its best to comply with the ECJ's ruling, which stated that links to web pages can be removed from search engine if they are deemed to be "outdated, irrelevant or no longer relevant".

The ruling has come under particular scrutiny after BBC economics editor Robert Peston was notified that a blog post he had written in 2007 would be removed from appearing when a specific search was carried out on Google.

Please turn on JavaScript. Media requires JavaScript to play.

Rory Cellan-Jones reports: ''The right to be forgotten imposed on Google... is now swinging into action''

The identity of the person who made the request is not yet known, although Google has confirmed it is not the subject of the article, former Merrill Lynch boss Stan O'Neal.

Instead, the request relates to the reader comments that appear underneath the story.

In addition to Peston's blog, seven other BBC articles were singled out for removal, most of which included comment threads.

Elsewhere, the Guardian's special projects editor James Ball wrote that six of the newspaper's articles had "fallen down the memory hole".

Back in the headlines

A source has confirmed to the BBC that the Guardian articles have now been re-indexed for all relevant search terms.

Mr Ball joined those saying that Google's actions may have been "tactical".

"There are very few news organisations in the world who are happy to hear their output is being stifled," he said.

"A few automated messages later, the story is back in the headlines - and Google is likely to be happy about that."

His thoughts echoed those of Ryan Heath, spokesman for the European Commission's vice-president, who described the decision to remove a link to Peston's blog as "not a good judgement".

"Google clearly has a strong interest in making sure that they're able to work with whatever the legal requirements are, so they position themselves in a particular way over that," he said.

"It doesn't come cheap to deal with all of these requests, so they need to find some way to come up with dealing with them."

He added that the ruling should not allow people to "Photoshop their lives".

Follow Dave Lee on Twitter @DaveLeeBBC

23.22 | 0 komentar | Read More