Internet and related technology

[Crafty_Dog]

http://www.nytimes.com/2012/05/04/us/politics/study-finds-concerns-on-readiness-for-cyberattacks.html?_r=1&nl=todaysheadlines&emc=edit_th_20120504

[Dog Robertlk808]

Source: http://www.infosecisland.com/blogview/21268-Five-Concerns-Surrounding-Pinterest.html

Thursday, May 10, 2012
Contributed By:
Allan Pratt, MBA


By now, everyone has heard the news that Pinterest has surpassed all other social media sites and has earned the coveted spot of “number three” in terms of users behind Facebook and Twitter.

While LinkedIn and YouTube fell in the standings, Pinterest has adopted a loyal following – and especially amazing – while still in beta phase by invitation only.

According to a comScore study, the number of Pinterest users that visit the site daily has increased by 145% since the beginning of 2012.

But, before you join the Pinterest party, there are some things to keep in mind.

First, here is Pinterest’s mission in the company’s own words: “Our goal is to connect everyone in the world through the things they find interesting. We think that a favorite book, toy, or recipe can reveal a common link between two people.

With millions of new pins added every week, Pinterest is connecting people all over the world based on shared tastes and interests.”

NO PRIVACY SETTINGS

While Pinterest’s appeal is its visual-oriented content comprised of photos, images, illustrations, videos – some with links and some without – don’t get so caught up with creating categories, or in Pinterest speak, boards, that you upload personal photos with family members, personal cars, and your house or apartment with identifying details like numbers and street signs.

At the current time, there are no privacy settings similar to Facebook or Google Plus, and boards cannot be made private, similar to customized Facebook lists or customized Google Plus circles. The bottom line is that anyone with Internet access can view your boards.

COPYRIGHT INFRINGEMENT

Since the site is in beta phase, copyright and trademark police are not swimming around the site, therefore, all users must be on their best behavior about using images. Give credit if an image or link is not yours – be a respectable member of the Pinterest world.

ABOUT YOU

There is a bio section at the top of each page next to your profile photo. Don’t leave this section blank in your haste to set up your account, but don’t be overly-wordy either.

While users will learn about you from your boards and pins, everyone wants to read a quick sentence or two about you. Also, you can share your website URL, your Facebook URL, and/or your Twitter URL.

SHARING CONTENT WITH FACEBOOK AND TWITTER

Currently, you can log in to Pinterest with your Facebook or Twitter passwords. While this allows for shared content on both major sites, you can add details about your pins (in Pinterest speak, an image added on Pinterest) to Facebook and Twitter, this sharing of passwords may not be the best idea.

Consider a safer alternative – although not a quicker option – use a unique password for Pinterest, and if you want to share content on the other sites, enter the details by logging into either Facebook or Twitter separately.

COMMENTS

You can make comments about any pin. You have more than 140 characters (reference to Twitter), and everyone will be able to read your comments. Remember, similar to texts or emails, the comment could be misinterpreted, and your sense of humor may not be understood by all. So be polite, courteous, and friendly. And if you like a pin, you can always click the “like” button.

If you keep these concerns in mind, you can and will have limitless fun with Pinterest. I have become a fan and invite you to check out my Pinterest page at http://pinterest.com/tips4tech. If you'd like an invitation, comment below, and I’ll send you one.

Allan Pratt, an infosec consultant, represents the alignment of marketing, management, and technology. With an MBA Degree and four CompTIA certs in hardware, software, networking, and security, Allan translates tech issues into everyday language that is easily understandable by all business units. Expertise includes installation and maintenance of hardware, software, peripherals, printers, and wireless networking; development and implementation of integration and security plans; project management; and development of technical marketing and web strategies in the IT industry. Follow Allan on Twitter and on Facebook.

Cross-Posted from Tips4Tech

[Dog Robertlk808]

If you follow the link, you can read the article with the links embedded to the free products that are mentioned.

SRC: http://www.entrepreneur.com/article/223572

Many small-business owners fall below what some people call the “security poverty line." Bootstrapping entrepreneurs can be especially vulnerable to hackers because they don’t have the money or personnel to buy, install and maintain the fancy security products large companies take for granted.

On the hunt for easy pickings, hackers are attacking these security-poor businesses, typically with indiscriminate, automated assaults that could be stopped by basic security tools and computer hygiene. Seven in 10 of the cyber break-ins analyzed in Verizon’s 2012 Data Breach Investigations Report occurred at organizations with 100 employees or less.

The good news is that it can be surprisingly easy and inexpensive to mount a quality defense on a budget. We spoke with Grady Summers, a vice president at Mandiant Corp., an Alexandria, Va.-based information-security firm, and former chief information security officer at General Electric Co., to assemble a list of easy-to-use, free tools that any company -- including those without a technology staff -- can use to create a comprehensive security program to protect its network, computers and data.

While no security program is perfect, applying these free tools can defend against the most common attacks. “A small business with a part-time IT person could probably do this in a day," Summers says.


Defend your network.
Most of the threats to company networks come over the Web, Summers says. He recommends using filtering software to block dangerous websites, including “phishing” sites designed to trick unwitting employees into falling for a scam or infect their computers with malware.

San Francisco-based OpenDNS offers a free, cloud-based Web filtering product that can protect a single PC or mobile device, or an entire network, from known phishing sites. OpenDNS’s paid services offer more security features and the ability to block porn and other sites companies may not want people to access while in the office.

Related: How to Avoid One of the Biggest Email Hacking Threats

To find any weak spots on your network, run a scan. Lumension Security of Scottsdale, Ariz., offers a free vulnerability scanner for checking networks of 25 or fewer computers. It can identify software vulnerabilities and misconfigurations that could put you at risk.

Also, scan your website for security vulnerabilities. Hackers often break into customer databases by striking company websites or hack sites to plant malware that will infect visitors. Qualys, a Redwood Shores, Calif., security company, offers FreeScan, a free tool for detecting security vulnerabilities in Web applications and finding malware infections and threats in websites. Users are limited to five free scans.

If you have a capable in-house technology staff, you also may want to consider using Security Onion, a compilation of free tools for intrusion detection and network monitoring.

Related: 7 Tips for Upgrading IT Security

Secure your computers.
Protecting computers on your network starts with firewalls and antivirus software. Free basic firewalls now come with Windows and Mac computers, so make sure they’re turned on. Antivirus protection will require a download.

Among the most popular free antivirus programs is one from AVG. Another is Microsoft's free basic security product Microsoft Security Essentials. It's made for consumers and businesses with 10 PCs or fewer. And firewall giant Check Point Software of Redwood City, Calif., has a free security suite that includes antivirus and a ZoneAlarm firewall that monitors traffic leaving your computer, as well as standard inbound traffic. In addition, U.K.-based Sophos offers free antivirus software for Macs.

Eliminate security vulnerabilities by applying the free fixes software makers regularly issue. To make that easy, use automatic update features for Microsoft, Apple, Adobe and other products you use. Windows users can make sure all their programs are current by using the free tool FileHippo.

Related: Three Low-Cost Ways to Keep Data Safe When Traveling for Business

Protect your data.
Full disk encryption software can make company and customer data on your devices unreadable to unauthorized people. Free open-source software TrueCrypt is available for Windows, Mac and Linux machines and can be used to secure data on thumb drives and other storage devices. For Mac, Apple offers free full disk encryption dubbed FileVault2 to users with the Lion operating system.

If you have particularly sensitive information, Summers recommends creating a special encrypted area for that data with its own password. You can create this sort of encrypted “volume” with TrueCrypt and a similar Apple feature.

Also back up the data on your computers in case of loss, theft or damage. With Mozy, you can backup two gigs of data for free offsite and encrypted in Mozy’s data centers.

[Dog Robertlk808]

http://erratasec.blogspot.com/2012/02/no-anonymous-cant-ddos-root-dns-servers.html

It's easier to read the article at the Blog then cut and paste.

[Dog Robertlk808]

Originally posted - 2/16/2012 @ 8:01AM

http://www.forbes.com/sites/andygreenberg/2012/02/16/anonymous-plans-to-take-down-the-internet-were-being-trolled/


Exactly six weeks from today, Anonymous will pull off its greatest and most destructive stunt of all time: Taking down the 13 servers that act as the core address book for everything from the Web to email, essentially blacking out the Internet in a protest of copyright law and Wall Street greed.

Or far more likely, six weeks and one day from today, the hackers will announce via a very-much-still-working Internet that it was all a highly provocative April Fool’s joke, another example of the dare-you-to-react trolling that Anonymous has refined to an art form.

Earlier this week, the loose movement of hackers announced in an online statement a new collective action it’s calling “Operation Global Blackout.” On March 31, it says it plans to attack the thirteen root Domain Name Service (DNS) servers that act as the Internet’s authority on how domain names (like Google.com) are translated to the IP addresses (like 74.125.157.99) of the computers that host those sites and mail servers. If Anonymous can successfully take those root servers down for long enough, DNS could cease to function, and the Web would become at least temporarily inaccessible for most users.

“To protest [the Stop Online Piracy Act], Wallstreet, our irresponsible leaders and the beloved bankers who are starving the world for their own selfish needs out of sheer sadistic fun, On March 31, anonymous will shut the Internet down,” reads the statement. “Remember, this is a protest, we are not trying to ‘kill’ the Internet, we are only temporarily shutting it down where it hurts the most…It may only lasts one hour, maybe more, maybe even a few days. No matter what, it will be global. It will be known.”

But the security industry’s DNS gurus say it’s not time to start downloading your backup archive of Icanhazcheezburger just yet. Rob Graham, a researcher for the security consultancy Errata Security, lists in a blog post a slew of reasons why Anonymous’ DNS attack plan won’t work. Anonymous plans to use a technique it’s calling Reflective DNS Amplification to flood the root servers with spoofed requests from the lower-level DNS servers that look to the root servers for updates. But the thirteen DNS root servers, which are hosted variously by the Pentagon, Verisign, ICANN, Maryland University, NASA and others, each use different policies and hardware, and would each respond to that technique differently, Graham says.

“A technique that might take out one of them likely won’t affect the other twelve. To have a serious shot at taking out all 13, a hacker would have to test out attacks on each one,” he writes. “But, the owners of the systems would notice the effectiveness of the attacks, and start mitigating them before the coordinate attack against all 13 could be launched.”

Moreover, there are actually many more than 13 physical servers acting as the DNS root system. A load-balancing system called Anycast means that as many as thousands of computers share the load of those servers. Taking them all out will be extremely difficult, says Graham. And since most DNS servers cache the information they receive from the root servers for as long as a day, the root servers would have to be kept offline for many hours to have any effect on users.

By announcing its attack so far in advance, Anonymous has given the administrators of the DNS system plenty of time to prepare for the attack and react as it occurs, adds Dan Kaminsky, a well-known researcher who found and helped fix a major flaw in DNS in 2008.  ”Most denial of service attacks aren’t proceeded by a warning,” he says. “I’ve talked to various network engineers who are responsible for keeping these servers up, and they’re aware of the threat. They have resources already in place. Anyway, [Anonymous'] disclosure is appreciated.”

Anonymous isn’t the first to try to take down DNS–in fact, it seems to happen every five years or so. In 2002, a similar denial of service attack hit the DNS root servers. A portion of the 13 were taken offline, but without visible results for users. In 2007, a pair of attacks on the root servers struck back-to-back, affecting six servers and taking two offline. But the other servers’ load-balancing technology stood up to the attacks.

All of this isn’t to say Anonymous has no chance of taking out DNS for any period of time–only that it’s extremely unlikely. It’s far more probable, says Kaminsky, that the announcement of  ”Operation Global Blackout” is simply the kind of highly provocative, attention-grabbing stunt that often characterizes Anonymous’ actions. “It doesn’t go unnoticed that Anonymous is talking about this the day before April Fool’s,” he says.

He compares the hackers’ announcement to the flurry of attention around the Conficker Worm, which infected 10 million computers in 2009  and was widely reported to be set to launch some sort of attack on the Internet on April 1st of that year. The fact that Anonymous chose nearly the same date may be more than a coincidence. “When you set a deadline, the press gets all ‘doomsday is coming,’ and that’s more disruptive than any actual outage,” says Kaminsky. “Anonymous doesn’t need to do anything on March thirty-first. The mere threat is enough to keep people talking about them and what they represent.”

[Crafty_Dog]

http://www.dickmorris.com/stop-un-internet-regulation-dick-morris-tv-lunch-alert/

[Dog Robertlk808]

http://www.dickmorris.com/stop-un-internet-regulation-dick-morris-tv-lunch-alert/

That would be ugly and I hope it wouldn't happen.

That's kind of funny stating that Russia and China want it to happen, most of the malware seems to be coming from them...

Malware writers from China and Russia show the greatest interest in malicious programs for Android.
http://bot24.blogspot.com/2012/05/malware-writers-from-china-and-russia.html



US law-makers unite to prevent UN from regulating internet
http://technologyspectator.com.au/industry/internet/us-law-makers-unite-prevent-un-regulating-internet


Pentagon opposes UN regulation of the Internet
http://www.tgdaily.com/security-features/59195-pentagon-opposes-un-regulation-of-the-internet

[Dog Robertlk808]

The Information Assurance Directorate (IAD) at NSA recently released a new technical guide entitled, Best Practices for Securing a Home Network. This is one of many guidance documents IAD freely provides to customers outlining practical tips for improving the security of all kinds of applications, operating systems, routers, databases and more. IAD has been providing unclassified security guidance to customers for over ten years. This guidance could not be timelier in light of the increasing threats to U.S. government networks. This latest guide will go a long way in helping our customers protect both their public and private networks. Click here to view the Guide.

Link to guide:
https://www.nsa.gov/ia/_files/factsheets/Best_Practices_Datasheets.pdf

[bigdog]

http://mashable.com/2012/06/06/fahrenheit-451-dystopia/

The nature of science fiction has always been thus: no matter how far ahead authors try to think, they are always trapped in their own times. Elements of their books will invariably look dated from the moment they are published.

Ray Bradbury, who died in Los Angeles Wednesday at the grand old age of 91, was as susceptible to this as any other grand master of the genre. Read his 1953 classic of future firemen who burn books, Fahrenheit 451, and you’ll run into plenty of quaint details. Firemen smoking tobacco pipes, lit with “chemical matches.” Cheesy ads for “Denham’s Dentrifice.” 1950s lingo such as “swell”.

But brush those quirks aside, and what you’re left with is one of the most shockingly prescient dystopias ever written — a far more accurate portrayal of our present problems than 1984 or anything in the works of Philip K Dick.

The most important thing to know about Fahrenheit 451 is that it is explicitly not about government censorship. (Bradbury was so firm on this point he once walked out of a UCLA class when his students tried to insist it was so.)

The firemen aren’t burning books on the orders of some shadowy Big Brother. They’re doing it, protagonist Guy Montag is told, because society as a whole turned away from the scary cacophony of knowledge, from the terror of differing opinions and the burden of having to choose between them, from deep and troubling thoughts.

We turned away from literature and towards vapid reality television and radio shows, the book says. We spurned any kind of poetry (Montag’s wife Millie slams Matthew Arnold’s classic Dover Beach as depressing and “disgusting”) and preferred to listen to the noise of our cars as they speed across the landscape at 100 mph.

Even when Guy wants to read his stolen books, he can’t, because the ubiquitous ads drown out his thoughts.

Any of this starting to sound familiar?

Guy and Millie Montag are disconnected by technology. They can’t talk in bed at night because Millie is listening to her “audio seashells” (headphones, basically).

She participates in a reality show with an on-screen “family”, begging her husband for more wall-sized TV screens to complete the experience. The “family” bicker and shout, but there’s very little plot to their show.

Millie can’t even remember how she and Guy met, ten years earlier. That’s some pretty advanced ADD — years before ADD was even defined as a condition.

Meanwhile, somewhere in the background, there’s a longstanding war going on with another unnamed nation; a war that hardly any of the population is paying attention to. They’re much more interested in watching a high-tech police force hunt down criminals live on TV.

Add it all up, and it’s a pretty convincing picture of the 21st century’s dark side. No, our firemen don’t burn books. But if you take that as a metaphor for a fast-paced society that increasingly ignores books, that simply doesn’t have the bandwidth for them — it completes a scarily accurate portrait.

So you want to honor Bradbury’s memory? Read a novel. Read poetry. Read something that disagrees with your viewpoint; heck, read something that disagrees with itself.

But whatever you do, don’t get too hung up on the format. On combustible paper or on a tablet, a novel is a novel. Bradbury may hardly have been the world’s biggest tech geek, but he did eventually allow Fahrenheit 451 to be released as an e-book.

On his website, you can watch videos of the writer explaining that technology, that the world of the Internet, is not inherently at fault; it’s how we use them that counts.

So use them wisely. Focus. Take off your audio seashells. Turn off that reality show. Build our desire for knowledge; don’t burn it.

[Crafty_Dog]

Tech tips
http://www.wisebread.com/25-awesome-websites-to-help-you-get-a-job?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wisebread+%28Wise+Bread%29
 STATE OF THE ART
Ins and Outs of Using Gadgetry
By DAVID POGUE
Published: May 18, 2011

Every time a reader asks me a basic question, struggles with a computer or lets a cellphone keep ringing at a performance, I have the same thought: There ought to be a license to use technology.

To reduce blur with an iPhone, frame the shot with your finger already on the button, then snap the photo by lifting off the screen instead of tapping it.
 
Using a special app to scan a QR code — quick response bar codes -- with an iPhone’s or Android phone’s camera will translate it into an ad or take you to a related Web page.


I’m not trying to insult America’s clueless; exactly the opposite, in fact. How is the average person supposed to know the essentials of their phones, cameras and computers? There’s no government leaflet, no mandatory middle-school class, no state agency that teaches you some core curriculum. Instead, we muddle along, picking up scattershot techniques as we go. We wind up with enormous holes in our knowledge.

This week, for example, a reader asked me about those weird, square, pixelated black-and-white bar codes that are cropping up on billboards, movie posters, signs, magazine ads and business cards. Nobody ever bothered to explain them. (They’re QR codes — quick response bar codes. You can scan them with your iPhone’s or Android phone’s camera, using a special app that translates it into an ad or takes you to a related Web page.)

That interaction made me realize that it’s time to publish the first installment of what should be the Big Book of Basic Technology Knowledge — the prerequisite for using electronics in today’s society. Some may seem basic, but you’ll probably find at least a couple of “I didn’t know thats!” among them.

Cellphones

¶ Searching for a signal scarfs up battery juice appallingly quickly. Turn your phone off, or put it into Airplane Mode, before you travel out of cellphone range — for example, on a plane or, for AT&T users, Manhattan and San Francisco.

¶ When you need the phone number, address or directions for any commercial establishment, call 800-BING-411 for an amazingly good voice-activated agent. (Thank you, Microsoft.)

¶ You can skip the inane 15-second voice-mail instructions when leaving a message (“To page this person, press 5”) — if you know your friend’s cellphone carrier. If it’s Verizon, press * to cut directly to the beep. AT&T or Sprint, press 1. T-Mobile, press #. (Better yet: Do the world a favor and add this trick to your own greeting: “To cut to the beep, press 1.”)

¶ If you travel overseas, you may return to a smartphone bill for $5,000 or more, thanks to the staggering international Internet fees. (You might not even know your phone is online — if it checks e-mail every 15 minutes, for example.) Despite many well-publicized horror stories, some people still don’t realize they should call the cellphone company before traveling to buy a special temporary overseas plan.

Cameras

¶ The half-press trick eliminates the frustrating delay when you press a pocket camera’s shutter button. Frame your shot, then half-press the shutter button. The camera beeps when it has locked focus — and that’s the time-consuming part. When pushed the rest of the way down, you snap the picture instantly. No lag.

¶ Your flash is useless if the subject is more than about eight feet away. Turn it off. (This means you, concertgoers and football fans.)

¶ If you erase photos from your memory card accidentally, you can still recover them if you haven’t used the card since. For about $30, you can download memory-card recovery programs; Google “memory card recovery” to find them.

App Phones

¶ On the iPhone, the camera doesn’t snap the photo until you release the on-screen shutter button. That’s good to know if you want a steady, blur-free shot. Frame the shot with your finger on the button, then snap the photo by lifting off the screen instead of tapping it.

¶ On iPhone, Android, BlackBerry and Palm/H.P. phones, tap the Space bar twice at the end of a sentence. You get a period, a space and a capitalized next letter, without hunting for punctuation keys.

¶ Also on those phones, you can type dont, wont, youre, didnt and so on. The phone adds the apostrophe to those automatically. (But you’ll have to learn the difference between it’s and its.)

¶ On a BlackBerry, hold a letter key down to capitalize it.

The Web

¶ You can press Alt+D to highlight the Address bar at the top of your Web browser. Without touching the mouse, type the site name you want.

¶ You don’t have to type “http://www” into your Web browser. Just type “nytimes.com” or “dilbert.com,” for example. In Safari or Firefox, you can even omit the “.com.” In Internet Explorer, you can press Ctrl+Enter to add “.com,” or Ctrl+Shift+Enter for “.org.”

¶ You can tap the Space bar to scroll down by one screenful. Add the Shift key to scroll back up again. (You can also hit the Page Up/Page Down keys, if you have them.)

¶ When you’re filling an order form, you don’t have to slide six miles down the pop-up menu to choose your state. Instead, type the first letter to select it without the mouse. (If you get the wrong state, press the same key again. For example, press C once for California, again for Colorado and a third time for Connecticut.)

¶ When you get an error message — in a program, on your smartphone, on your tablet — search it on Google. You’ll find out what it means instantly.

¶ If you’re trying to paste some ridiculously long Web address where it would be confusing to read (or impossible to fit, as on Twitter), visit a site like Tinyurl.com or Bit.ly. These free sites convert long addresses into very compact ones.

Editing Text

¶ You can double-click a word to highlight it. (You don’t have to drag the mouse across it, in other words.) You can triple-click a word to select the entire paragraph.

¶ When you see highlighted text — in your word processor, for example, or in a Web browser address bar — you don’t have to delete it first. Just start typing.

¶ Sick of how Word automatically creates clickable links, boldface words, indented bulleted or numbered lists and other formatting as you type?
The on/off switches for these features exist, but they’re well hidden. In Word 2010 (Windows), open the File menu; click Options, Proofing, AutoCorrect Options, then AutoFormat Options. On the Mac (Word 2011), open the Tools menu; click AutoCorrect, then AutoFormat As You Type.

Mac Specials

¶ When you buy something online, don’t waste paper by printing the confirmation page. Instead, choose Print, and from the PDF pop-up menu, choose “Save PDF to Web Receipts Folder.” You get a beautiful PDF copy stashed in Documents, in a folder called Web Receipts.

¶ You can view most documents without opening a program to do it. At the desktop, highlight the icon and then tap the Space bar — a fantastic way to preview photos, but also great for Office documents, PDF files, movies, sounds and so on.

¶ Press Command-Delete to put a highlighted icon into the Trash.

Windows Specials

¶ When you want to send a file to someone, right-click its icon; from the shortcut menu, choose Send to Mail Recipient. Windows thoughtfully creates an outgoing e-mail message with the file attached. (If it’s a photo, Windows even offers to let you shrink them down to reasonable e-mailable size.)

¶ Ever wonder about the Windows-logo key? It sets off a host of useful functions: press it with F for Find, with D to see the desktop with all windows hidden, with L to lock the screen while you wander off to get coffee, and so on.

¶ You don’t have to pay for antivirus and anti-spyware software, year after year. Microsoft offers a perfectly good free security program.

All right, there’s a start. There are more waiting for you atnytimes.com/pogue.
Here’s hoping that your tech knowledge is just a little less sketchy.
E-mail: pogue@nytimes.com

[bigdog]

http://www.nytimes.com/2012/06/26/technology/in-a-big-network-of-computers-evidence-of-machine-learning.html?_r=1&hp


Presented with 10 million digital images found in YouTube videos, what did Google’s brain do? What millions of humans do with YouTube: looked for cats.

The neural network taught itself to recognize cats, which is actually no frivolous activity. This week the researchers will present the results of their work at a conference in Edinburgh, Scotland. The Google scientists and programmers will note that while it is hardly news that the Internet is full of cat videos, the simulation nevertheless surprised them. It performed far better than any previous effort by roughly doubling its accuracy in recognizing objects in a challenging list of 20,000 distinct items.

[bigdog]

This is fan-damn-tastic:

[Crafty_Dog]

From a not always reliable source

Yahoo email addresses were hacked.  Gmail, MSN, Hotmail, Comcast and AOL accounts have also been hacked.  Here's the article with the link to check if your email address was one of those posted online with the password.
http://mashable.com/2012/07/12/yahoo-voices-hacked/

[Crafty_Dog]

Some of you might recall George Gilder's notion of "storewidth" - the need for massive storage to house all the data that his glowing efflorescence of globe-circling light would require. The article below asks the consequent question.
D.

Is Big Data the Next Billion-Dollar Technology Industry?
By Doug Hornig and Alex Daley
Casey Extraordinary Technology

It is not news that our capacity to gather and store immense amounts of data has grown by leaps and bounds. A few years ago, it was unthinkable for a free email account to offer more than 10 or 20 megabytes of storage. Today, one stores thousands of times that amount. But that's barely scratching the surface compared to the truly massive data collection projects now under way.

The Large Synoptic Survey Telescope is slated to come online in 2016. When it's operational, estimates are that it will acquire knowledge of our universe at the rate of 140 terabytes of data every five days, or better than 10 petabytes a year - that's 10,000,000,000,000,000 bytes per year, or more data than in every book ever written accruing about every two days. And who knows how much info the Large Hadron Collider will be spewing out by then? In 2010 alone, the LHC gathered 13 petabytes' worth. And then there's Google, processing in the neighborhood of 24 petabytes. Per day.

Only a few years ago, a gigabyte (one billion bytes) was thought to be a lot of data. Now it's nothing. Even home hard drives can store a terabyte (one trillion) these days. The commercial and governmental sectors regularly handle petabytes (quadrillion), while researchers routinely chat about the looming frontiers: exabytes (quintillion), zettabytes (sextillion), and yottabytes (septillion). It has not been necessary to name the next one after that. Yet.

But it's not just the Googles and NASAs of the world that are dealing with that kind of data. Virtually every Fortune 500 company in the world has a massive data warehouse where it's accumulated millions of documents and billions of data records from inventory systems, ecommerce systems, and marketing-analytics software.

You bump up against this kind of massive data collection every time you swipe your credit card at Walmart. The retail giant processes more than a million transactions just like yours every hour and dumps the results into a database that currently contains more than 2.5 petabytes of data. That's equivalent to all the information contained in all the books in the Library of Congress about 170 times over.

These increasingly large mounds of data have begun to befuddle even the geekiest members of those organizations.
Our ability to collect massive amounts of data continues to grow at an exponential rate. But the more we collect, the harder it becomes to derive anything meaningful from it. After all, what on earth do youdo with all this stuff? How do you sort it? How do you search it? How do you analyze it so that something useful comes out the other end? That's the problem facing developers for whom the traditional tools of database management are powerless in the face of such an onslaught. Data stores have far outgrown our ability to keep the data neat, clean, and tidy, and hence easy to analyze. What we have now is a mess of varying types of data - with moving definitions, inconsistent implementations, even the equivalent of digital freeform - that needs to be analyzed at a massive scale. It's a problem both of size and complexity.
Which brings us face to face with the hottest tech buzz words of 2012: Big Data.

Supersized Us

The idea that data can be supersized is, of course, not new. But what is new is a convergence of technologies that deal with it in some efficient, innovative, and highly creative ways. Though Big Data is a market that's still in its infancy, it is consuming increasingly large chunks of the nation's overall IT budget. How much actually is being spent depends on how you define the term; hard numbers are impossible to come by. Conservative estimates claim we're headed to somewhere between $20 and $55 billion by 2015. Out at the high end, Pat Gelsinger, COO of data-storage giant EMC, claims that it is already a $70-billion market - and growing at 15-20% per year.

Take your pick. But regardless, it's small wonder that venture capitalists are falling all over themselves to throw money at this tech. Accel Partners launched a $100 million Big Data fund last November, and IA Ventures initiated its $105-million IAVS Fund II in February. Even American Express has ponied up $100 million to create a fund to invest in the sector.
Down in Washington, DC, the White House has predictably jumped into the fray, with an announcement on March 29 that it was committing $200 million to develop new technologies to manipulate and manage Big Data in the areas of science, national security, health, energy, and education.

John Holdren, director of the White House's Office of Science and Technology Policy, paid lip service to the private sector, saying that while it "will take the lead on big data, we believe that the government can play an important role, funding big data research, launching a big data workforce, and using big data approaches to make progress on key national challenges."
At the same time, The National Institute of Standards and Technology (NIST) will be placing a new focus on big data.

According to IT Lab Director Chuck Romine, NIST will be increasing its work on standards, interoperability, reliability, and usability of big data technologies, and predicts that the agency will "have a lot of impact on the big data question."

CRM = customer resource management

ERP = enterprise resource planning

ETL = extract, transform, and load

HDFS = Hadoop distributed file system for Big Data

SQL = a programming language for managing relational databases

NoSQL = not just SQL

NGDW = next generation data warehouse
    kjlkjlk

No shocker, the Department of Defense is also already hip-deep in the sector, planning to spend about $250 million annually - including $60 million committed to new research projects - on Big Data. And of course you know that DARPA (the Defense Advanced Research Projects Agency) has to have its finger in the pie. It's hard at work on the XDATA program, a $100-million effort over four years to "develop computational techniques and software tools for sifting through large structured and unstructured data sets."

If much of this seems a bit fuzzy, here's an easy way of thinking about it: Suppose you own the mineral rights to a square mile of the earth. In this particular spot, there were gold nuggets lying on the surface and a good deal more accessible gold just below ground, and you've mined all of that. Your operation thus far is analogous to the stripping of chunks of useful information from the available data using traditional methods.

But suppose there is a lot more gold buried deeper down. You can get it out and do so cost-effectively, but in order to accomplish that you have to sink mine shafts deep into the earth and then off at various angles to track the veins of precious-metal-bearing rock (the deepest mine on earth is in South Africa, and it plunges two miles down). That's a much more complex operation, and extracting gold under those conditions is very like pulling one small but exceedingly useful bit of information out of a mountain-sized conglomeration of otherwise-useless Big Data.

So how do you do it?

You do it with an array of new, exciting, and rapidly evolving tools. But in order to understand the process, you'll first have to learn the meaning of some acronyms and terms you may not yet be familiar with. Sorry about that.
With these in mind, we can now interpret this diagram, courtesy of Wikibon, which lays out the traditional flow of information within a commercial enterprise:
 
Here you can see that data generated by three different departments - customer resource management, enterprise resource planning, and finance - are funneled into a processor that extractsthe relevant material, transforms it into a useful format (like a spreadsheet), and loads it into a central storage area, the relational database warehouse. From there, it can be made available to whichever end user wants or needs it, either someone within-house or an external customer.

Enter the Elephant

The old system works fine within certain parameters. But in many ways, it's becoming Stone-Age stuff, because: The raw amount of input must not be too large; it must be structured in a way that is easy to process (traditionally, in rows and columns); and the desired output must not be too complex. Heretofore, as businesses were interested mainly in such things as generating accurate financial statements and tracking customer accounts, this was all that was needed.
However, potential input that could be of value to a company has increased exponentially in volume and variety, as well as in the speed at which it is created. Social media, as we all know, have exploded. 700 million Facebook denizens, a quarter of a billion Twitter users, 150 million public bloggers - all these and more are churning out content that is being captured and stored. Meanwhile, 5 billion mobile-phone owners are having their calls, texts, IMs, and locations logged. Online transactions of all different kinds are conducted by the billions every day. And there are networked devices and sensors all over the place, streaming information.

This amounts to a gargantuan haystack. And what is more, much of this haystack consists of material that is only semi-structured, if not completely unstructured, making it impossible for traditional processing systems to handle. So if you're combing the hay, looking for the golden needle - let's say, two widely separated but marginally related data points that can be combined in a meaningful whole for you - you won't be able to find it without a faster and more practical method of getting to the object of your search. You must be able to maneuver through Big Data.

Some IT pros could see this coming, and so they invented - ta dah - a little elephant:
 
Apache.org

Hadoop was originally created by Doug Cutting at Yahoo! and was inspired by MapReduce, a tool for indexing the Web that was developed by Google. The basic concept was simple: Instead of poking at the haystack with a single, big computer, Hadoop relies on a series of nodes running massively parallel processing (MPP) techniques. In other words, it employs clusters of the smaller, less-expensive machines known as "commodity hardware" - whose components are common and unspecialized - and uses them to break up Big Data into numerous parts that can be analyzed simultaneously.

That takes care of the volume problem and eliminates the data-ingesting choke point caused by reliance on a single, large-box processor. Hadoop clusters can scale up to the petabyte and even exabyte level.

But there's also that other obstacle - namely, that Big Data comes in semi- or unstructured forms that are resistant to traditional analytical tools. Hadoop solves this problem by creating a default file storage known as the Hadoop Distributed File System (HDFS). HDFS is specially tailored to store data that aren't amenable to organization into the neatly structured rows and columns of relational databases.

After the node clusters have been loaded, queries can be written to the system, usually in Java. Instead of returning relevant data to be worked on in some central processor, Hadoop causes the analysis to occur at each node simultaneously. There is also redundancy, so that if one node fails, another preserves the data.

The MapReduce part of Hadoop then goes to work according to its two functions. "Map" divides the query into parts and parallel processes it at the node level. "Reduce" aggregates the results and delivers them to the inquirer.

After processing is completed, the resulting information can be transferred into existing relational databases, data warehouses, or other traditional IT systems, where analysts can further refine them. Queries can be written in SQL - a language with which more programmers are familiar - and converted into MapReduce.

One of the beauties of Hadoop - now a project of the Apache Software Foundation - is that it is open source. Thus, it's always unfinished. It evolves, with hundreds of contributors continuously working to improve the core technology.

Now trust us, the above explanation is pared down to just the barest of bones of this transformational tech. If you're of a seriously geeky bent (want to play in your very own Hadoop sandbox? - you can: the download is free) or are simply masochistic, you can pursue the subject down a labyrinth that'll force you to learn about a bewildering array of Hadoop subtools with such colorful names as Hive, Pig, Flume, Oozie, Avro, Mahout, Sqoop, and Big Top. Help yourself.

Numerous small startups have, well, started up in order to vend their own Hadoop distributions, along with different levels of proprietary customization. Cloudera is the leader at the moment, as its big-name personnel lineup includes Hadoop creator Cutting and data scientist Jeff Hammerbacher from Facebook. Alternatively, there is Hortonworks, which also emerged from Yahoo! and went commercial last November. MapR is another name to watch. Unfortunately, the innovators remain private, and there are no pure-investment plays as yet in this space.

It isn't simply about finding that golden needle in the haystack, either. The rise of Hadoop has enabled users to answer questions no one previously would have thought to ask. Author Jeff Kelly, writing onWikibon, offers this outstanding example (emphasis ours):

"ocial networking data [can be] mined to determine which customers pose the most influence over others inside social networks. This helps enterprises determine which are their 'most important' customers, who are not always those that buy the most products or spend the most but those that tend to influence the buying behavior of others the most."
Brilliant - and now possible.

Hadoop is, as noted, not the be-all and end-all of Big-Data manipulation. Another technology, called the "next generation data warehouse" (NGDW), has emerged. NGDWs are similar to MPP systems that can work at the tera- and sometimes petabyte level. But they also have the ability to provide near-real-time results to complex SQL queries. That's a feature lacking in Hadoop, which achieves its efficiencies by operating in batch-processing mode.

The two are somewhat more complementary than competitive, and results produced by Hadoop can be ported to NGDWs, where they can be integrated with more structured data for further analysis. Unsurprisingly, some vendors have appeared that offer bundled versions of the different technologies.

For their part, rest assured that the major players aren't idling their engines on the sidelines while all of this races past. Some examples: IBM has entered the space in a big way, offering its own Hadoop platform; Big Blue also recently acquired a leading NGDW, as did HP; Oracle has a Big-Data appliance that joins Hadoop from Cloudera with its own NoSQL programming tools; EMC scooped up Hadoop vendor Greenplum; Amazon employs Hadoop in its Elastic MapReduce cloud; and Microsoft will support Hadoop on its Azure cloud.

And then there's government. In addition to the executive-branch projects mentioned earlier, there is also the rather creepy, new, $2-billion NSA facility being built in Utah. Though its purpose is top secret, what is known is that it's being designed with the capability of storing and analyzing the electronic footprint - voice, email, Web searches, financial transactions, and more - of every citizen in the US. Big Data indeed.

The New Big World

From retail to finance to government to health care - where an estimated $200 billion a year could be saved by the judicious use of Big Data - this technology is game-changing. Not necessarily for the better, as the superspy facility may portend.
And even outside the NSA, there are any number of serious implications to deal with. Issues related to privacy, security, intellectual property, liability, and much more will need to be addressed in a Big-Data world.

We'd better get down to it, because this tech is coming right at us - and it is not stoppable.

In fact, the only thing slowing it at all is a shortage of expertise. It's happened so fast that the data scientists with the proper skill sets are in extremely short supply - a situation that is projected to get worse before it gets better. Management consulting firm McKinsey & Co. predicts that by 2018, "the United States alone could face a shortage of 140,000 to 190,000 people with deep analytical skills, as well as [a further shortage of] 1.5 million managers and analysts with the know-how to use the analysis of big data to make effective decisions."

If you know any bright young kids with the right turn of mind, this is definitely one direction in which to steer them.
The opportunity exists not just for aspiring information-miners. Just as the relational database - which started as a set of theoretical papers by a frustrated IBM engineer fed up with the current status quo in the field - has grown from academic experiments and open-source projects into a multibillion-dollar-per-year industry with players like Microsoft and Oracle and IBM, so too is Big Data in the beginning of a rapid growth curve. From today's small companies and hobby projects will come major enterprises. Stories like MySQL - an open-source project acquired by Sun Microsystems for $1 billion in 2008 - are coming in Big Data.

[Crafty_Dog]

In A First, DOJ Seizes Illegal Phone App Download Websites.
By Chad Bray

iStockPut down the mobile phone app and step away from your computer.

The U.S. Department of Justice, in a first for the agency, said Tuesday it shut three Websites that allegedly catered to customers seeking illegal copies of copyrighted apps for the Android-based mobile devices and seized the domain names: applanet.net, appbucket.net and snappzmarket.com.

The seizures are the latest in an ongoing effort by DOJ to target piracy on the Internet. In recent years, the Justice Department has moved to seize a variety of websites offering illegal copies of big-budget movies and other content.

On Tuesday, Assistant U.S. Attorney General Lanny Breuer said combating piracy of copyrighted works remains a “top priority” for DOJ’s Criminal Division.

As part of the operation, Federal Bureau of Investigation agents downloaded thousands of copies of popular mobile device apps from online markets suspected of distributing copies of those apps without permission from software developers who would normally sell them for a fee, the Justice Department said.

In many cases, the servers storing the apps were hosted overseas, DOJ said. French and Dutch law enforcement were among the international agencies who coordinated with U.S. officials in the operation.

“Criminal copyright laws apply to apps for cell phones and tablets, just as they do to other software, music and writings,” said Sally Quillian Yates, the U.S. attorney in Atlanta, which sought the seizure orders. “These laws protect and encourage the hard work and ingenuity of software developers entering this growing and important part of our economy.”

Representatives for the seized websites couldn’t immediately be located for comment Wednesday.

[Crafty_Dog]

Winning the Internet Arms Race
The threat to cyber freedom is growing, and countering it takes action—not rhetoric..
Article Comments (3) more in Opinion | Find New $LINKTEXTFIND$ ».
smaller Larger facebooktwittergoogle pluslinked ininShare.0EmailPrintSave ↓ More .
.
smaller Larger 
By CRAIG A. NEWMAN
In the days since three feminist punk-rockers in Russia were sentenced to prison terms for protesting against Vladimir Putin, Western leaders have denounced the government's actions. The Pussy Riot trial was a particularly egregious effort to stifle dissent. But democratic leaders are failing to connect the episode to what is clearly a growing, world-wide attack on free speech, particularly on the Internet.

Recognizing the threat that online speech represents to their illegitimate regimes, dictators around the world have intensified their fight against communications technology. Many of these efforts are clandestine, but not always.

Russia, China, North Korea and a host of other countries are seeking to advance their repressive agendas at the United Nations' inaugural World Conference on International Telecommunications, set for December in Dubai.

These countries are pushing for the International Telecommunication Union (ITU), a United Nations treaty organization, to expand its mandate to include "regulation" of the Internet. This expansion would allow dictators to advocate treaty changes that could have the effect of legitimizing their censorship efforts.

One provision that will be considered at the conference would permit a country to limit unrestricted Internet access if international telecommunications services are used to interfere with its "internal affairs." Such language, if adopted, would give repressive regimes a broad, and U.N.-sanctioned, excuse to clamp down on free speech.

Whatever the outcome in Dubai, one thing is clear: The struggle for Internet freedom requires more action—especially to support new technologies and applications—and less rhetoric.

Enlarge Image


Close
AFP/Getty Images
 
Supporters of the Russian punk band 'Pussy Riot' protest in front of the Russian embassy in Warsaw on August 17.
.
The well intended but empty words of democratic leaders and the failed diplomacy of bureaucrats are doing little to curtail Internet suppression. Just weeks ago, for example, the U.N. passed a resolution affirming Internet freedom as a basic human right. But the resolution, signed by China and other nations that routinely censor the Internet, was nonbinding and unlikely to change a thing.

Meanwhile, as the West goes through the diplomatic motions, activists are fighting bare-knuckles on the cyber streets—using technology to open the doors of free dialogue. Their effort deserves the direct support of the U.S. and other democratic countries.

The building blocks to sustain this movement are already in place. Nongovernmental organizations such as Advancing Human Rights now use Internet technology as a primary weapon. These veteran activists have decided that the best way around a dictator's iron fist is the Internet.

One of the activists' new tools: the "Internet in a suitcase." With help from the U.S. State Department and the New America Foundation, a Washington-based think tank, developers built a small unit that can circumvent Internet restrictions. Using everyday materials that can be smuggled into contested regions, the suitcase provides dissidents with independent Internet access. The first field deployment of such technology was reportedly in Afghanistan as early as 2006, when a shadow digital network was created to allow uncensored and unrestricted cellphone and Internet service.

At an even more basic level, activists are being supported by smartphone applications, including a "panic button" that allows users to instantly wipe clean their mobile devices and send alerts to associates. With the critical importance of mobile communications, this technology gives users the confidence they can communicate sensitive information without incriminating themselves or their allies if their equipment is confiscated. With just a keystroke, dissidents can prevent information from falling into the wrong hands, and warn others of pending danger.

But the ultimate impact of these and other tech solutions will depend on how fully they are supported. As Assistant Secretary of State Michael Posner acknowledged in 2011, repressive regimes and democratic dissidents are essentially locked in a technological arms race.

It will take time, money and partnerships to win the race. The public and private sectors have provided modest financial and technical support. But now is the time for peace- and freedom-loving organizations of all kinds to step forward with sustained funding and other assistance for communications technologies that empower citizens.

Every human-rights movement hinges on a moment when the focus shifts away from words toward action. The fight for Internet freedom has reached just such a pivotal moment.

Mr. Newman, an attorney with Richards Kibbe & Orbe LLP, is CEO of the Freedom2Connect Foundation, a Washington-based nonprofit established to promote Internet freedom through the use of technology.

[Crafty_Dog]

Part 1: How Apple and Amazon Security Flaws Led to My Epic Hacking
Mat Honan

In the space of one hour, my entire digital life was destroyed. First my Google account was taken over, then deleted. Next my Twitter account was compromised, and used as a platform to broadcast racist and homophobic messages. And worst of all, my AppleID account was broken into, and my hackers used it to remotely erase all of the data on my iPhone, iPad, and MacBook.

In many ways, this was all my fault. My accounts were daisy-chained together. Getting into Amazon let my hackers get into my Apple ID account, which helped them get into Gmail, which gave them access to Twitter. Had I used two-factor authentication for my Google account, it’s possible that none of this would have happened, because their ultimate goal was always to take over my Twitter account and wreak havoc. Lulz.

Had I been regularly backing up the data on my MacBook, I wouldn’t have had to worry about losing more than a year’s worth of photos, covering the entire lifespan of my daughter, or documents and e-mails that I had stored in no other location.

Those security lapses are my fault, and I deeply, deeply regret them.

But what happened to me exposes vital security flaws in several customer service systems, most notably Apple’s and Amazon’s. Apple tech support gave the hackers access to my iCloud account. Amazon tech support gave them the ability to see a piece of information — a partial credit card number — that Apple used to release information. In short, the very four digits that Amazon considers unimportant enough to display in the clear on the web are precisely the same ones that Apple considers secure enough to perform identity verification. The disconnect exposes flaws in data management policies endemic to the entire technology industry, and points to a looming nightmare as we enter the era of cloud computing and connected devices.

This isn’t just my problem. Since Friday, Aug. 3, when hackers broke into my accounts, I’ve heard from other users who were compromised in the same way, at least one of whom was targeted by the same group.

Moreover, if your computers aren’t already cloud-connected devices, they will be soon. Apple is working hard to get all of its customers to use iCloud. Google’s entire operating system is cloud-based. And Windows 8, the most cloud-centric operating system yet, will hit desktops by the tens of millions in the coming year. My experience leads me to believe that cloud-based systems need fundamentally different security measures. Password-based security mechanisms — which can be cracked, reset, and socially engineered — no longer suffice in the era of cloud computing.

I realized something was wrong at about 5 p.m. on Friday. I was playing with my daughter when my iPhone suddenly powered down. I was expecting a call, so I went to plug it back in.

It then rebooted to the setup screen. This was irritating, but I wasn’t concerned. I assumed it was a software glitch. And, my phone automatically backs up every night. I just assumed it would be a pain in the ass, and nothing more. I entered my iCloud login to restore, and it wasn’t accepted. Again, I was irritated, but not alarmed.
I went to connect the iPhone to my computer and restore from that backup — which I had just happened to do the other day. When I opened my laptop, an iCal message popped up telling me that my Gmail account information was wrong. Then the screen went gray, and asked for a four-digit PIN.

I didn’t have a four-digit PIN.

By now, I knew something was very, very wrong. For the first time it occurred to me that I was being hacked. Unsure of exactly what was happening, I unplugged my router and cable modem, turned off the Mac Mini we use as an entertainment center, grabbed my wife’s phone, and called AppleCare, the company’s tech support service, and spoke with a rep for the next hour and a half.

It wasn’t the first call they had had that day about my account. In fact, I later found out that a call had been placed just a little more than a half an hour before my own. But the Apple rep didn’t bother to tell me about the first call concerning my account, despite the 90 minutes I spent on the phone with tech support. Nor would Apple tech support ever tell me about the first call voluntarily — it only shared this information after I asked about it. And I only knew about the first call because a hacker told me he had made the call himself.

At 4:33 p.m., according to Apple’s tech support records, someone called AppleCare claiming to be me. Apple says the caller reported that he couldn’t get into his Me.com e-mail — which, of course was my Me.com e-mail.

In response, Apple issued a temporary password. It did this despite the caller’s inability to answer security questions I had set up. And it did this after the hacker supplied only two pieces of information that anyone with an internet connection and a phone can discover.

At 4:50 p.m., a password reset confirmation arrived in my inbox. I don’t really use my me.com e-mail, and rarely check it. But even if I did, I might not have noticed the message because the hackers immediately sent it to the trash. They then were able to follow the link in that e-mail to permanently reset my AppleID password.

At 4:52 p.m., a Gmail password recovery e-mail arrived in my me.com mailbox. Two minutes later, another e-mail arrived notifying me that my Google account password had changed.

At 5:02 p.m., they reset my Twitter password. At 5:00 they used iCloud’s “Find My” tool to remotely wipe my iPhone. At 5:01 they remotely wiped my iPad. At 5:05 they remotely wiped my MacBook. Around this same time, they deleted my Google account. At 5:10, I placed the call to AppleCare. At 5:12 the attackers posted a message to my account on Twitter taking credit for the hack.

By wiping my MacBook and deleting my Google account, they now not only had the ability to control my account, but were able to prevent me from regaining access. And crazily, in ways that I don’t and never will understand, those deletions were just collateral damage. My MacBook data — including those irreplaceable pictures of my family, of my child’s first year and relatives who have now passed from this life — weren’t the target. Nor were the eight years of messages in my Gmail account. The target was always Twitter. My MacBook data was torched simply to prevent me from getting back in.

Lulz.

I spent an hour and a half talking to AppleCare. One of the reasons it took me so long to get anything resolved with Apple during my initial phone call was because I couldn’t answer the security questions it had on file for me. It turned out there’s a good reason for that. Perhaps an hour or so into the call, the Apple representative on the line said “Mr. Herman, I….”

“Wait. What did you call me?”

“Mr. Herman?”

“My name is Honan.”

Apple had been looking at the wrong account all along. Because of that, I couldn’t answer my security questions. And because of that, it asked me an alternate set of questions that it said would let tech support let me into my me.com account: a billing address and the last four digits of my credit card. (Of course, when I gave them those, it was no use, because tech support had misheard my last name.)

It turns out, a billing address and the last four digits of a credit card number are the only two pieces of information anyone needs to get into your iCloud account. Once supplied, Apple will issue a temporary password, and that password grants access to iCloud.

Apple tech support confirmed to me twice over the weekend that all you need to access someone’s AppleID is the associated e-mail address, a credit card number, the billing address, and the last four digits of a credit card on file. I was very clear about this. During my second tech support call to AppleCare, the representative confirmed this to me. “That’s really all you have to have to verify something with us,” he said.

We talked to Apple directly about its security policy, and company spokesperson Natalie Kerris told Wired, “Apple takes customer privacy seriously and requires multiple forms of verification before resetting an Apple ID password. In this particular case, the customer’s data was compromised by a person who had acquired personal information about the customer. In addition, we found that our own internal policies were not followed completely. We are reviewing all of our processes for resetting account passwords to ensure our customers’ data is protected.”

On Monday, Wired tried to verify the hackers’ access technique by performing it on a different account. We were successful. This means, ultimately, all you need in addition to someone’s e-mail address are those two easily acquired pieces of information: a billing address and the last four digits of a credit card on file. Here’s the story of how the hackers got them.

On the night of the hack, I tried to make sense of the ruin that was my digital life. My Google account was nuked, my Twitter account was suspended, my phone was in a useless state of restore, and (for obvious reasons) I was highly paranoid about using my Apple email account for communication.

I decided to set up a new Twitter account until my old one could be restored, just to let people know what was happening. I logged into Tumblr and posted an account of how I thought the takedown occurred. At this point, I was assuming that my seven-digit alphanumeric AppleID password had been hacked by brute force. In the comments (and, oh, the comments) others guessed that hackers had used some sort of keystroke logger. At the end of the post, I linked to my new Twitter account.

And then, one of my hackers @ messaged me. He would later identify himself as Phobia. I followed him. He followed me back.

We started a dialogue via Twitter direct messaging that later continued via e-mail and AIM. Phobia was able to reveal enough detail about the hack and my compromised accounts that it became clear he was, at the very least, a party to how it went down. I agreed not to press charges, and in return he laid out exactly how the hack worked. But first, he wanted to clear something up:

“didnt guess ur password or use bruteforce. i have my own guide on how to secure emails.”

I asked him why. Was I targeted specifically? Was this just to get to Gizmodo’s Twitter account? No, Phobia said they hadn’t even been aware that my account was linked to Gizmodo’s, that the Gizmodo linkage was just gravy. He said the hack was simply a grab for my three-character Twitter handle. That’s all they wanted. They just wanted to take it, and fuck shit up, and watch it burn. It wasn’t personal.

“I honestly didn’t have any heat towards you before this. i just liked your username like I said before” he told me via Twitter Direct Message.

After coming across my account, the hackers did some background research. My Twitter account linked to my personal website, where they found my Gmail address. Guessing that this was also the e-mail address I used for Twitter, Phobia went to Google’s account recovery page. He didn’t even have to actually attempt a recovery. This was just a recon mission.

Because I didn’t have Google’s two-factor authentication turned on, when Phobia entered my Gmail address, he could view the alternate e-mail I had set up for account recovery. Google partially obscures that information, starring out many characters, but there were enough characters available, m••••n@me.com. Jackpot.

This was how the hack progressed. If I had some other account aside from an Apple e-mail address, or had used two-factor authentication for Gmail, everything would have stopped here. But using that Apple-run me.com e-mail account as a backup meant told the hacker I had an AppleID account, which meant I was vulnerable to being hacked.

“You honestly can get into any email associated with apple,” Phobia claimed in an e-mail. And while it’s work, that seems to be largely true.

Since he already had the e-mail, all he needed was my billing address and the last four digits of my credit card number to have Apple’s tech support issue him the keys to my account.

So how did he get this vital information? He began with the easy one. He got the billing address by doing a whois search on my personal web domain. If someone doesn’t have a domain, you can also look up his or her information on Spokeo, WhitePages, and PeopleSmart.

Getting a credit card number is tricker, but it also relies on taking advantage of a company’s back-end systems. Phobia says that a partner performed this part of the hack, but described the technique to us, which we were able to verify via our own tech support phone calls. It’s remarkably easy — so easy that Wired was able to duplicate the exploit twice in minutes.

First you call Amazon and tell them you are the account holder, and want to add a credit card number to the account. All you need is the name on the account, an associated e-mail address, and the billing address. Amazon then allows you to input a new credit card. (Wired used a bogus credit card number from a website that generates fake card numbers that conform with the industry’s published self-check algorithm.) Then you hang up.

Next you call back, and tell Amazon that you’ve lost access to your account. Upon providing a name, billing address, and the new credit card number you gave the company on the prior call, Amazon will allow you to add a new e-mail address to the account. From here, you go to the Amazon website, and send a password reset to the new e-mail account. This allows you to see all the credit cards on file for the account — not the complete numbers, just the last four digits. But, as we know, Apple only needs those last four digits. We asked Amazon to comment on its security policy, but didn’t have anything to share by press time.

And it’s also worth noting that one wouldn’t have to call Amazon to pull this off. Your pizza guy could do the same thing, for example. If you have an AppleID, every time you call Pizza Hut, you’ve giving the 16-year-old on the other end of the line all he needs to take over your entire digital life.

And so, with my name, address, and the last four digits of my credit card number in hand, Phobia called AppleCare, and my digital life was laid waste. Yet still I was actually quite fortunate.

They could have used my e-mail accounts to gain access to my online banking, or financial services. They could have used them to contact other people, and socially engineer them as well. As Ed Bott pointed out on TWiT.tv, my years as a technology journalist have put some very influential people in my address book. They could have been victimized too.

Instead, the hackers just wanted to embarrass me, have some fun at my expense, and enrage my followers on Twitter by trolling.

I had done some pretty stupid things. Things you shouldn’t do.

I should have been regularly backing up my MacBook. Because I wasn’t doing that, if all the photos from the first year and a half of my daughter’s life are ultimately lost, I will have only myself to blame. I shouldn’t have daisy-chained two such vital accounts — my Google and my iCloud account — together. I shouldn’t have used the same e-mail prefix across multiple accounts — mhonan@gmail.com, mhonan@me.com, and mhonan@wired.com. And I should have had a recovery address that’s only used for recovery without being tied to core services.

But, mostly, I shouldn’t have used Find My Mac. Find My iPhone has been a brilliant Apple service. If you lose your iPhone, or have it stolen, the service lets you see where it is on a map. The New York Times’ David Pogue recovered his lost iPhone just last week thanks to the service. And so, when Apple introduced Find My Mac in the update to its Lion operating system last year, I added that to my iCloud options too.

After all, as a reporter, often on the go, my laptop is my most important tool.

But as a friend pointed out to me, while that service makes sense for phones (which are quite likely to be lost) it makes less sense for computers. You are almost certainly more likely to have your computer accessed remotely than physically. And even worse is the way Find My Mac is implemented.

When you perform a remote hard drive wipe on Find my Mac, the system asks you to create a four-digit PIN so that the process can be reversed. But here’s the thing: If someone else performs that wipe — someone who gained access to your iCloud account through malicious means — there’s no way for you to enter that PIN.

A better way to have this set up would be to require a second method of authentication when Find My Mac is initially set up. If this were the case, someone who was able to get into an iCloud account wouldn’t be able to remotely wipe devices with malicious intent. It would also mean that you could potentially have a way to stop a remote wipe in progress.

But that’s not how it works. And Apple would not comment as to whether stronger authentification is being considered.

As of Monday, both of these exploits used by the hackers were still functioning. Wired was able to duplicate them. Apple says its internal tech support processes weren’t followed, and this is how my account was compromised. However, this contradicts what AppleCare told me twice that weekend. If that is, in fact, the case — that I was the victim of Apple not following its own internal processes — then the problem is widespread.

I asked Phobia why he did this to me. His answer wasn’t satisfying. He says he likes to publicize security exploits, so companies will fix them. He says it’s the same reason he told me how it was done. He claims his partner in the attack was the person who wiped my MacBook. Phobia expressed remorse for this, and says he would have stopped it had he known.

“yea i really am a nice guy idk why i do some of the things i do,” he told me via AIM. “idk my goal is to get it out there to other people so eventually every1 can over come hackers”

I asked specifically about the photos of my little girl, which are, to me, the greatest tragedy in all this. Unless I can recover those photos via data recovery services, they are gone forever. On AIM, I asked him if he was sorry for doing that. Phobia replied, “even though i wasnt the one that did it i feel sorry about that. Thats alot of memories im only 19 but if my parents lost and the footage of me and pics i would be beyond sad and im sure they would be too.”

But let’s say he did know, and failed to stop it. Hell, for the sake of argument, let’s say he did it. Let’s say he pulled the trigger. The weird thing is, I’m not even especially angry at Phobia, or his partner in the attack. I’m mostly mad at myself. I’m mad as hell for not backing up my data. I’m sad, and shocked, and feel that I am ultimately to blame for that loss.

But I’m also upset that this ecosystem that I’ve placed so much of my trust in has let me down so thoroughly. I’m angry that Amazon makes it so remarkably easy to allow someone into your account, which has obvious financial consequences. And then there’s Apple. I bought into the Apple account system originally to buy songs at 99 cents a pop, and over the years that same ID has evolved into a single point of entry that controls my phones, tablets, computers and data-driven life. With this AppleID, someone can make thousands of dollars of purchases in an instant, or do damage at a cost that you can’t put a price on.

Part 2: How I Resurrected My Digital Life After an Epic Hacking

When my data died, it was the cloud that killed it. The triggers hackers used to break into my accounts and delete my files were all cloud-based services — iCloud, Google, and Amazon. Some pundits have latched onto this detail to indict our era of cloud computing. Yet just as the cloud enabled my disaster, so too was it my salvation.
Yes, you can die by the cloud. But you can live by it too. Here’s how I regained my digital life after it was taken away from me.

When hackers broke into my iCloud account and wiped my devices, my first assumption was that someone had broken into my local network. So the first thing I did was shut down the internet and turn off all of my other machines. I wanted those assholes out of my house. But that also meant I had no way to send or receive data.

AppleCare’s phone support was useless. The 90 fruitless minutes I spent on the phone accomplished nothing at all to regain control of my AppleID. Nor did a follow-up help to stop the remote wipe taking over my MacBook Air. I had to get online. So to reconstruct my life, I started off by going next door, where I borrowed my neighbor’s computer to use their internet.

Ultimately, I was able to get back into my iCloud account by resetting the password online. Once I did, I began restoring my iPhone and iPad from iCloud backups. The phone took seven hours to restore. The iPad took even longer. I could use neither during this time.

From my wife’s phone, I called my bank and completely changed my logins. Then I set about checking online to see which other accounts might have been compromised. By now I felt safe turning on our own home internet and using one of my other computers to check these accounts. But I hit an immediate problem: I didn’t know any of my passwords.

I’m a heavy 1Password user. I use it for everything. That means most of my passwords are long, alphanumeric strings of gibberish with random symbols. It’s on my iPhone, iPad and Macbook. It syncs up across all those devices because I store the keychain in the cloud on Dropbox. Update a password on my phone, and the file is saved on Dropbox, where my computer will pull it down later, and vice versa.

But I didn’t have it on any of our other systems. So now I couldn’t get to my keychain. And so I was stuck in a catch-22. My Dropbox password was itself a 1password-generated litany of nonsense. Without access to Dropbox, I couldn’t get my keychain. Without my keychain, I couldn’t get into Dropbox.

And then I remembered that I had also used Dropbox previously on my wife’s machine. Had I stored the password there?

Five hours after the hack started, still locked out of everything, I flipped open the lid of her computer, and nervously powered it up. And there it was: my Dropbox. And in it, my 1Password keychain, the gateway to my digital life.

It was time to get cranking. I set up a new Twitter account. And then, with my now-found password manager, I logged into Tumblr.

Here’s the thing: I probably got my stuff back faster than you would have. I’ve been a technology journalist for more than a dozen years, and in that time I’ve made lots and lots of contacts. Meanwhile, my Tumblr post spread like warm butter across the piping hot English muffin of the internet.

A lot of people saw the post, some of whom were executives or engineers at Google and Twitter. I still had to go through official channels, but they pointed me to the right place to start the recovery process on both of those services. On Friday night, I filled out forms on both sites (Google’s is here, Twitter’s is here) to try to reclaim my accounts.
Someone else saw my posts on that night too: my hacker.

I had posited that the hackers had gotten in via brute forcing my 7-digit password. This caused my hacker, Phobia, to respond to me. No, he bragged, brute force wasn’t involved. They got it right from AppleCare, he said via a Twitter DM. I still didn’t know how that worked, exactly, but this piece of information led me to start digging.
As it turned out, breaking into Apple accounts was ridiculously easy. On Saturday, when I fully understood just how Phobia and his partner had gotten in (and how easily it could happen again), I made a distressed phone call to Apple to ask that the company lock everything down, and issue no more password resets.

It was on this call that I confirmed someone else had called in about my account at 4:33 p.m. the previous day — someone who I now knew to be Phobia. Chandler McDonald, the tech who helped me on that call, was the first person at Apple to take what was happening really seriously, and was one of only two positive experiences I had with Apple that weekend (or since). McDonald reassured me that he was going to get my account locked down, and promised to call me the next day. And he did. I’m still grateful.

Also on Friday night, I began the process of restoring my Google account. Because I couldn’t send a backup to my now non-functioning phone, I had to fill out some forms online that asked me questions about my account usage that, presumably, only I would know. For example, I was asked to name the five people I e-mailed the most.
On Saturday morning, I received an automated e-mail from Google asking me to go online and define even more personal information. This time, I was asked for things like the names of folders in my Gmail account, and the dates on which I had set up various other Google accounts, like Google Docs. It was a little flummoxing, and I wasn’t sure I knew the answers to these questions. But I tried, and I guess I got the answers right.

That same day, while still waiting for access to my Google account, I was having another Google-related problem that was keeping me from being able to use my phone. Although the restore from backup was complete, and I could use over-the-air data to access internet services, it would not send or receive calls. At first I couldn’t understand why, and then realized it was because I had linked my number to Google Voice.

Since Google has integrated sign-ons across all accounts, not only was my Gmail nuked, but so was every other associated Google service as well. That meant my Google Voice number was dead. And because I (obviously) couldn’t log into Google Voice, I couldn’t opt to disconnect it from my phone. I called Sprint and asked the tech support rep there to do it for me. Done.

Almost immediately, my phone lit up with text messages from concerned friends, wanting to let me know I’d been hacked.

Thanks guys, I know. I know.

Just before noon on Saturday, my Google account was restored. Given what I’ve subsequently learned about how long it has taken others to do the same, I think that had my case not been escalated, this process could have taken 48 hours or more. Yes, I went through the normal steps, and had to prove I was who I claimed to be, but the process was likely faster for me than it would be for most.

Once in my inbox, I saw how remarkably little the intruders had done. They had torched the joint just after getting a password reset on Twitter. I went through and checked all my mail filters and settings to make sure new messages wouldn’t be also copied to someone else without my knowledge, and systematically revoked every single app and website I’d authorized to connect to my Google account.

Saturday night, after verifying my Wired e-mail address and exchanging several e-mails with tech support, I got back into my Twitter account too. It was in ruins. There were racist and anti-gay tweets all over the place, as well as taunting remarks aimed at other hackers, and other users. At first I left these up, just as documentation, but then went in and deleted the worst of them.

That night, I stayed up late, direct-messaging Phobia on Twitter.

Sunday afternoon, I found myself at the Apple Store in San Francisco’s worst mall. I was, to say the least, cranky. Although I’d called on a Friday night, the first appointment I could get was at 1 p.m. on Sunday. By 1:20 p.m., I was talking to an Apple genius named Max. He was awesome. He’d heard of my case.

He told me that while Apple couldn’t recover my data, it could probably stop the wipe from progressing further. There was the 4-digit PIN that needed to be entered, as well as a firmware-level password, and I had neither. I told him all I cared about was preserving my data. He scurried away with my machine.

And indeed, Monday afternoon, Max called to let me know that they had been able to reset the firmware password. They couldn’t crack the PIN, but he said I should be able to pull whatever data existed on there off. Good news. I began researching data-recovery firms.

Getting data back from a SSD drive, like the one in my MacBook Air, is considerably trickier than recovering it from a standard HDD for all kinds of reasons — from the way SSDs reallocate data, to the lack of a physical platter, to hardware-level encryption keys. I wasn’t about to attempt to recover it myself. Max, my guy at the Apple Store, had suggested that I call DriveSavers. Several other people I know and respect, like TWiT’s Leo Laporte, whose show I appeared on that weekend, told me the same thing.

And so, on Friday, exactly one week after my system was wiped, I sent my Mac away to Novato to see what could be recovered from the drive hackers had wiped.

In a nutshell, here’s what happens when you take your machine to DriveSavers (and we’ll have a full rundown on this later). First, they remove your drive from the machine and put it in a custom adapter. From there they use a proprietary method to image your system and copy that data to a secure “slicked” disk so there’s no chance of data contamination. This is done extremely rapidly so that the original drive doesn’t have to be powered up for very long.

Next they put the original drive aside to preserve it, and then begin working off the copy to see what’s on there. In some cases, like mine, there are no more files or directory structures to pore over. So they scour the drives looking at raw hex data. When you see this in action, it looks a lot like The Matrix, with rows and rows of random numbers and characters scrolling up a screen, faster than your eyes can focus on.

Except, that’s not what they saw on mine.

When Drivesavers began looking at my machine, the first 6GB of data held a clean install of Mac OS X. And after that, all they saw was row after row after row of zeroes. That data had been zeroed out. Overwritten. No recovery.

And then numbers. That beautiful hex data started rolling across the screen. Yes, 25 percent of my drive was gone and beyond repair. But the remaining 75 percent? Hope for life. DriveSavers called me to come look at what they had found, and my wife and I drove up there on Wednesday morning.

My data came back to me on an external hard drive, organized by file types. The thing I cared most about, above all else, was my photo library. And there, in a folder full of JPGs, was photo after photo after photo that I had feared were gone forever. Subfolders were organized by the year, month and day files were created. I went immediately to the folder that bore the date my daughter was born. They were there. Everything was there. We were floored. I nearly cried.

I am an over-sharer. But the things most intimate in life, I tend to keep private. And so although I have posted picture after picture to Flickr, Facebook and Instagram, the stuff that was really important — the stuff that maybe even was most important — has always been mine alone. It lived nowhere but on my hard drive.

Some of the photos were ancient artifacts that traveled with me from machine to machine with each upgrade cycle. In fact, much of the data was far older than the last device it was stored on. Most of those older images had been backed up to an external hard drive. And some of the newer ones were safe on PhotoStream, one of Apple’s iCloud services. But most of the shots that I had taken with my camera over the past 20 months since I last backed up were lost forever. And here they were again, recovered. Reborn. It was gorgeous.

I didn’t get everything back. DriveSavers was only looking for the things I specifically requested. I’ve lost all my applications, for example, as well as long-established preferences and settings that have been moving from machine to machine with me. But that’s OK. I can live without them. I can buy them again. Whatever. Besides, sometimes it’s nice to start with a clean slate, and I spent yesterday installing a new, clean operating system on my MacBook Air.

The bottom line is that I have all my photos and all the home movies I’ve shot. Every one of them. And seemingly all of my most important documents as well. That felt like a miracle.

The bill for all this? $1,690. Data doesn’t come cheap.

I’ve been asked again and again what I’ve learned, and what I now do differently. I’m still figuring some of that out.

I’m certainly a backup believer now. When you control your data locally, and have it stored redundantly, no one can take it from you. Not permanently, at least. I’ve now got a local and online backup solution, and I’m about to add a second off-site backup into that mix. That means I’ll have four copies of everything important to me. Overkill? Probably. But I’m once bitten.

And then there’s the cloud. I’m a bigger believer in cloud services than ever before. Because I use Rdio, not iTunes, I had all my music right away. Because I use Evernote to take reporting notes, everything that I was currently working on still existed. Dropbox and 1Password re-opened every door for me in a way that would have been impossible if I were just storing passwords locally via my browser.

But I’m also a security convert.

It’s shameful that Apple has asked its users to put so much trust in its cloud services, and not put better security mechanisms in place to protect them. AppleIDs are too easily reset, which effectively makes iCloud a data security nightmare. I’ve had person after person after person report similar instances to me, some providing documentation showing how easily their Apple accounts were compromised.

And due to Apple’s opacity, I have no way of knowing if things have improved. Apple has refused to tell me in what ways its policies weren’t followed “completely” in my case. Despite being an Apple user for nearly 20 years and having generally positive feelings toward the company, I no longer trust it to do the right thing in terms of protecting my data. I’ve turned off its Find My services and won’t turn them back on.

Amazon also had a glaring security flaw, and although it has fixed that exploit, the flaw’s mere existence should serve as a warning to all of us about all of our other accounts. We don’t often know what’s required to issue a password reset, or have someone get into our account through a company’s tech support system.
But hackers do.

I’m working on another story looking at how widespread these practices are, and while there’s much reporting left to be done, it’s already very clear that the vulnerabilities at Amazon aren’t unique. It’s also clear that many of these gaping security holes are common knowledge within certain communities online. Bored teenagers up late on hot summer nights know more about social engineering exploits than I would wager most of the executives at affected companies do. That needs to change.

Previously, when I had the option for ease-of-use versus security, I always went the easy route. I stored my credit cards with the merchants I used for faster transactions. I didn’t enable two-factor authentication on Google or Facebook. I never set up dedicated (and secret) e-mail accounts for password management. I take those steps now. But I also know that no matter what security measures I take, they can all be undone by factors beyond my control.

We don’t own our account security. And as more information about us lives online in ever more locations, we have to make sure that those we entrust it with have taken the necessary steps to keep us safe. That’s not happening now. And until it does, what happened to me could happen to you.

[bigdog]

http://www.nbcnews.com/technology/technolog/facebook-post-undercover-cops-photo-gets-woman-charged-felony-1C6477731#/technology/technolog/facebook-post-undercover-cops-photo-gets-woman-charged-felony-1C6477731

[bigdog]

http://www.nbcnews.com/technology/technolog/new-propaganda-armies-take-war-twitter-gaza-conflict-1C7094755

[Crafty_Dog]

Bitter struggle over Internet regulation to dominate global summit
 
2:41pm EST
By Joseph Menn
SAN FRANCISCO (Reuters) - An unprecedented debate over how the global Internet is governed is set to dominate a meeting of officials in Dubai next week, with many countries pushing to give a United Nations body broad regulatory powers even as the United States and others contend such a move could mean the end of the open Internet.
The 12-day conference of the International Telecommunications Union, a 147-year-old organization that's now an arm of the United Nations, largely pits revenue-seeking developing countries and authoritarian regimes that want more control over Internet content against U.S. policymakers and private Net companies that prefer the status quo.
Many of the proposals have drawn fury from free-speech and human-rights advocates and have prompted resolutions from the U.S. Congress and the European Parliament, calling for the current decentralized system of governance to remain in place.

While specifics of some of the most contentious proposals remain secret, leaked drafts show that Russia is seeking rules giving individual countries broad permission to shape the content and structure of the Internet within their borders, while a group of Arab countries is advocating universal identification of Internet users. Some developing countries and telecom providers, meanwhile, want to make content providers pay for Internet transmission.

Fundamentally, most of the 193 countries in the ITU seem eager to enshrine the idea that the U.N. agency, rather than today's hodgepodge of private companies and nonprofit groups, should govern the Internet. They say that a new regime is needed to deal with the surge in cybercrime and more recent military attacks.

The ITU meeting, which aims to update a longstanding treaty on how telecom companies interact across borders, will also tackle other topics such as extending wireless coverage into rural areas.

If a majority of the ITU countries approve U.N. dominion over the Internet along with onerous rules, a backlash could lead to battles in Western countries over whether to ratify the treaty, with tech companies rallying ordinary Internet users against it and some telecom carriers supporting it.

In fact, dozens of countries including China, Russia and some Arab states, already restrict Internet access within their own borders. Those governments would have greater leverage over Internet content and service providers if the changes were backed up by international agreement.

Amid the escalating rhetoric, search king Google last week asked users to "pledge your support for the free and open Internet" on social media, raising the specter of a grassroots outpouring of the sort that blocked American copyright legislation and a global anti-piracy treaty earlier this year.

Google's Vint Cerf, the ordinarily diplomatic co-author of the basic protocol for Internet data, denounced the proposed new rules as hopeless efforts by some governments and state-controlled telecom authorities to assert their power.

"These persistent attempts are just evidence that this breed of dinosaurs, with their pea-sized brains, hasn't figured out that they are dead yet, because the signal hasn't traveled up their long necks," Cerf told Reuters.

The ITU's top official, Secretary-General Hamadoun Touré, sought to downplay the concerns in a separate interview, stressing to Reuters that even though updates to the treaty could be approved by a simple majority, in practice nothing will be adopted without near-unanimity.

"Voting means winners and losers. We can't afford that in the ITU," said Touré, a former satellite engineer from Mali who was educated in Russia.
Touré predicted that only "light-touch" regulation on cyber-security will emerge by "consensus", using a deliberately vague term that implies something between a majority and unanimity.

He rejected criticism that the ITU's historic role in coordinating phone carriers leaves it unfit to corral the unruly Internet, comparing the Web to a transportation system.

"Because you own the roads, you don't own the cars and especially not the goods they are transporting. But when you buy a car you don't buy the road," Touré said. "You need to know the number of cars and their size and weight so you can build the bridges and set the right number of lanes. You need light-touch regulation to set down a few traffic lights."

Because the proposals from Russia, China and others are more extreme, Touré has been able to cast mild regulation as a compromise accommodating nearly everyone.

Two leaked Russian proposals say nations should have the sovereign right "to regulate the national Internet segment". An August draft proposal from a group of 17 Arab countries called for transmission recipients to receive "identity information" about the senders, potentially endangering the anonymity of political dissidents, among others.
A U.S. State Department envoy to the gathering and Cerf agreed with Touré that there is unlikely to be any drastic change emerging from Dubai.

"The decisions are going to be by consensus," said U.S. delegation chief Terry Kramer. He said anti-anonymity measures such as mandatory Internet address tracing won't be adopted because of opposition by the United States and others.

"We're a strong voice, given a lot of the heritage," Kramer said, referring to the United States' role in the development of the Internet. "A lot of European markets are very similar, and a lot of Asian counties are supportive, except China."

Despite the reassuring words, a fresh leak over the weekend showed that the ITU's top managers viewed a badly split conference as a realistic prospect less than three months ago.

The leaked program for a "senior management retreat" for the ITU in early September included a summary discussion of the most probable outcomes from Dubai, concluding that the two likeliest scenarios involved major reworkings of the treaty that the United States would then refuse to sign. The only difference between the scenarios lay in how many other developed countries sided with the Americans.

An ITU spokesman said Tuesday that "the management team has never doubted that consensus will be found" and that the scenarios were meant to aid efforts at facilitating the process.

Touré said that because the disagreements are so vast, the conference probably will end up with something resembling the ITU's earlier formula for trying to protect children online — an agreement to cooperate more and share laws and best practices, perhaps with hotlines to head off misunderstandings.

"From Dubai, what I personally expect is to see some kind of principles saying cyberspace is a global phenomenon and it can only have global responses," Touré said. "I just intend to put down some key principles there that will lay the seeds for something in the future."

Even vague terms could be used as a pretext for more oppressive policies in various countries, though, and activists and industry leaders fear those countries might also band together by region to offer very different Internet experiences.

In some ways, the U.N. involvement reflects a reversal that has already begun.

The United States has steadily diminished its official role in Internet governance, and many nations have stepped up their filtering and surveillance. More than 40 countries now filter the Net that their citizens see, said Ronald Deibert, a University of Toronto political science professor and authority on international conflicts in cyberspace.

Google Executive Chairman Eric Schmidt said this month that the Net is already on the road to Balkanization, with people in different countries getting very different experiences from the services provided by Google, Skype and others.

This month, a new law in Russia took effect that allows the federal government to order a Website offline without a court hearing. Iran recently rolled out a version of the Internet that replaced the real thing within its borders. A growing number of countries, including China and India, order sites to censor themselves for political, religious and other content.

China, which has the world's largest number of Internet users, also blocks access to Facebook, YouTube and Twitter among other sites within its borders.

The loose governance of the Net currently depends on the non-profit ICANN, which oversees the Web's address system, along with voluntary standard-setting bodies and a patchwork of national laws and regional agreements. Many countries see it as a U.S.-dominated system.
T
he U.S. isolation within the ITU is exacerbated by it being home to many of the biggest technology companies - and by the fact that it could have military reasons for wanting to preserve online anonymity. The Internet emerged as a critical military domain with the 2010 discovery of Stuxnet, a computer worm developed at least in part by the United States that attacked Iran's nuclear program.

Whatever the outcome in Dubai, the conference stands a good chance of becoming a historic turning point for the Internet.

"I see this as a constitutional moment for global cyberspace, where we can stand back and say, `Who should be in charge?' said Deibert. "What are the rules of the road?"
(Reporting by Joseph Menn; Editing by Jonathan Weber, Martin Howell, Ken Wills and Andrew Hay)

[Crafty_Dog]

http://www.slideshare.net/kleinerperkins/2012-kpcb-internet-trends-yearend-update#btnNext

[Crafty_Dog]

The End Of The Free Internet?
By DICK MORRIS
Published on DickMorris.com on December 7, 2012


Click Here To Sign The Petition To Stop UN Control Of The Internet!

Until now, the work of the UN negotiators who are pondering how to regulate the Internet has been shrouded in secrecy.  But as 1,950 delegates from 193 countries gather this week in Dubai to consider 900 proposals to regulate the Internet, their game is becoming clear.
 
The Russian-educated head of the International Telecommunications Union (ITU), the UN body seeking to control the Internet, Dr. Hamadoun Toure says: "The brutal truth is that the internet remains largely [the] rich world's privilege."  He adds that "the ITU wants to change that."
 
Here's how:
The ITU wants to force companies -- and eventually their users (us) -- to pay for streaming video.  The proposal is called "pay to stream" or "a quality based model."  According to the BBC, "This would see firms face charges if they wanted to ensure streamed video and other quality-critical content download without the risk of problems such as jerky images."  Presumably the revenues from this Internet Tax would go to building up Net infrastructure in the less developed world.  And, undoubtedly, the cost will be passed onto the users throughout the world -- including you!
 
But building up the Net's third world infrastructure is not the real agenda here.  It's a facade.
 
Russia and China want firms like Google to have to pay to send streaming video into other countries, creating a charge that can be passed on to the users.  The idea is to make it so expensive that nobody in their totalitarian countries downloads anything they shouldn't which might open their eyes to the truth Moscow and Beijing want to keep out.

The ITU is now charged with regulating long distance phone services.  But Moscow and Beijing, want to expand its power to dictate to the Internet and they have a willing tool in Toure who was educated in Leningrad and Moscow in the pre-glasnost era.
 
The delegates and would-be regulators have until December 14th to agree on which proposals to adopt.  Russia and China are seeking a declaration that each nation has an "equal right to manage the Internet" to enhance its ability to block politically free sites.
 
Fortunately, the European Union's digital agenda commissioner Neelie Kroes has tweeted that "the internet works, it doesn't need to be regulated by ITR Treaty."  And Vinton Cerf, the computer scientist who co-designed some of the Internet's core underlying protocols, says "a state-controlled system of regulation is not only unnecessary, it would almost invariable raise costs and prices and interfere with the rapid and organic growth of the internet."
 
Cerf notes that "only governments have a voice at the ITU...engineers, companies, and the people that build and use the web have no vote."
 
And so it would be if these talks lead to a new treaty: Only governments will run the Net.  God help us all!
 
(NONE of this is being covered by American media, whether cable, broadcast, or print).  Please send this column around to your family and friends and encourage them to sign the petition protesting Internet regulation!)
Click Here To Sign The Petition To Stop UN Control Of The Internet!

[Crafty_Dog]

In a referendum among the world's two billion Internet users, how many would vote to transfer control of the Internet to the United Nations? Perhaps 100,000, an estimate based on the number of top officials ruling the most authoritarian countries, whose power is threatened by the open Web.
 
Under the one country, one vote rule of the U.N., these 100,000 people trump the rest of the two billion. It only takes a majority of the 193 countries in the U.N. to hijack the Internet.
 
The International Telecommunications Union is hosting a conference in Dubai, where many countries are eager to extend the agency's role beyond telecommunications to regulate the Internet. The two-week conference is half over, with meddlesome proposals from China, Russia and other authoritarian regimes dominating the discussion.
 
A U.S.-Canadian proposal would have limited topics to telecommunications, excluding the Internet. Top U.S. negotiator Terry Kramer said in a call with the media last week that the State Department believes that "fundamentally, the conference should not be dealing with the Internet" and that the U.S. team was working "day and night" to find allies. But State didn't respond to my follow-up question asking for an estimate of how many countries have pledged to keep hands off the Internet. This is likely a low percentage of the 193.
 
Instead, authoritarian governments want to legitimize government censorship, tax Internet traffic that crosses national boundaries and mandate that ITU bureaucrats replace the nongovernmental engineering groups now smoothly running the Internet.







Enlarge Image




European Pressphoto Agency
Secretary General of the (ITU), Hamadoun Toure of Mali, speaks during plenary session at World Conference on International Telecommunications (WCIT), in Dubai.
.
The good news is rare bipartisan opposition in the U.S., where the House last week voted unanimously to "keep the Internet free from government control." In that spirit, this column is happy to report on a speech by Andrew McLaughlin, a former deputy chief technology officer in the Obama administration who also worked at Google GOOG +0.86% . He urged President Obama to "kneecap" the ITU, abolishing it rather than let it put the open Internet at risk.

"What is so bad about the ITU?" Mr. McLaughlin asked in a speech to the New America Foundation in Washington on Nov. 29. "It's just simple things like the nature, structure, culture, values and processes of the ITU. They are all inimical to a free and open Internet, and they are all inconsistent with the nature of the technical infrastructure that now characterizes our communications networks." Voting rules let repressive governments "engage in horse trading that has nothing to do with the technical merits of the decisions under consideration."

Mr. McLaughlin cited the "soft corruption" of the ITU, where regulators and the monopoly telecommunications companies from many countries "get to take nice trips to Geneva on a regular basis, and people build their careers around the ITU as a gravy train." This is "yet another reason it should be killed off in its current form." The ITU could be closed if the U.S. did the hard work to persuade other countries to assign its functions to private groups under the successful nongovernmental model of the Internet.
 
"You need look no further than the fact that the ITU is the chosen vehicle for regimes for whom the free and open Internet is seen as an existential threat—Russia, China, Iran, Uzbekistan, Saudi Arabia, Vietnam, Belarus and Cuba. These are the countries placing their hopes and ambitions in the vessel of the ITU for governance and regulation of the Internet," Mr. McLaughlin said.
 
"I hate to say this in such a stark way, but I will anyway: It strikes me that the Obama administration, coming from the left in the U.S., where I come from, has an opportunity to be the Nixon that goes to the China of trying to kneecap a useless, inimical, bloated, bureaucratic and corrupt international organization like the ITU. I hope they will take this challenge."
 
A kneecapping sounds about right, and Mr. McLaughlin has given his former boss excellent talking points. He concluded: "There's also a symbolic importance to winding down a centralized, government-centric treaty organization in the context of a new communications network that doesn't need it, and in fact is harmed by it."

The U.S. can refuse to join any new ITU treaty arising from this conference, but today's largely open and global Internet would become a paradise lost. Many countries would sign the treaty to put roadblocks along global networks, monitor email and censor and tax foreign websites they find threatening. A global communications utility will be fragmented and made less robust for all.
 
A generation ago, President Ronald Reagan stymied similar efforts by another U.N. agency. Authoritarian governments had used Unesco to suppress free speech under the rubric of a "New Information World Order." The U.S., joined by Britain, delegitimized the effort by leaving Unesco.

President Obama would be a hero if he took Mr. McLaughlin's advice to neutralize the ITU. Failing this, he could follow the Reagan precedent, minimizing the harm done by the ITU by having the U.S. leave.
 
A version of this article appeared December 10, 2012, on page A19 in the U.S. edition of The Wall Street Journal, with the headline: Would-Be Internet Regulators Need Deleting.

[Crafty_Dog]

America's First Big Digital Defeat A majority of the 193 U.N. member countries have approved a treaty giving governments new powers to close off access to the Internet in their countries.
By L. GORDON CROVITZ

The open Internet, available to people around the world without the permission of any government, was a great liberation. It was also too good to last. Authoritarian governments this month won the first battle to close off parts of the Internet.

At the just-concluded conference of the International Telecommunications Union in Dubai, the U.S. and its allies got outmaneuvered. The ITU conference was highly technical, which may be why the media outside of tech blogs paid little attention, but the result is noteworthy: A majority of the 193 United Nations member countries approved a treaty giving governments new powers to close off access to the Internet in their countries.

U.S. diplomats were shocked by the result, but they shouldn't have been surprised. Authoritarian regimes, led by Russia and China, have long schemed to use the U.N. to claim control over today's borderless Internet, whose open, decentralized architecture makes it hard for these countries to close their people off entirely. In the run-up to the conference, dozens of secret proposals by authoritarian governments were leaked online.

ITU head Hamadoun Touré, a Mali native trained in the Soviet Union, had assured that his agency operates by consensus, not by majority vote. He also pledged that the ITU had no interest beyond telecommunications to include the Internet. He kept neither promise.

A vote was called late one night last week in Dubai—at first described as a nonbinding "feel of the room on who will accept"—on a draft giving countries new power over the Internet.

The result was 89 countries in favor, with 55 against. The authoritarian majority included Russia, China, Arab countries, Iran and much of Africa. Under the rules of the ITU, the treaty takes effect in 2015 for these countries. Countries that opposed it are not bound by it, but Internet users in free countries will also suffer as global networks split into two camps—one open, one closed.

The U.S. delegation never understood this conference was fundamentally a battle in what might be called the Digital Cold War. Russia and China had long been lobbying for votes, but U.S. opposition got serious only at the conference itself. Even then, Mr. Touré claimed he thought the U.S. would support the ITU treaty: "I couldn't imagine that at the end they wouldn't sign."

The treaty document extends control over Internet companies, not just telecoms. It declares: "All governments should have an equal role and responsibility for international Internet governance." This is a complete reversal of the privately managed Internet. Authoritarian governments will invoke U.N. authority to take control over access to the Internet, making it harder for their citizens to get around national firewalls. They now have the U.N.'s blessing to censor, monitor traffic, and prosecute troublemakers.

Internet users in still-open countries will be harmed, too. Today's smoothly functioning system includes 40,000 privately managed networks among 425,000 global routes that ignore national boundaries. Expect these networks to be split by a digital Iron Curtain. The Internet will become less resilient. Websites will no longer be global.

Under the perverse U.N. definition of progress, Mr. Touré is delighted with the ITU undermining the open Internet. "History will show that this conference has achieved something extremely important," he said. "It has succeeded in bringing unprecedented public attention to the different and important perspectives that govern global communications." The treaty calls on countries to "elaborate" their views on the Internet at future ITU conferences, so these issues are here to stay.

Robert McDowell, a Republican member of the Federal Communications Commission, summarized the harm. "Consumers everywhere will ultimately pay the price for this power grab as engineers and entrepreneurs try to navigate this new era of an internationally politicized Internet," he said. "Let's never be slow to respond again."

One lesson is that the best defense of the Internet is a good offense against an overreaching U.N. The majority of authoritarian governments in a one-country, one-vote system will keep chipping away at the open Internet. The best way to stop them is to abolish the ITU.

As outlined in last week's column, former Obama administration technology adviser Andrew McLaughlin proposes applying the nongovernmental model now operating the Internet to the telecommunications industry as well. That would make the ITU unnecessary. Both houses of Congress voted unanimously against any ITU treaty endangering the open Internet. One expects lawmakers would happily support the Obama administration if it gathers the resolve to abolish the U.N. agency.

Just as during the last Cold War, the clash over the future of the Internet will have many battles across many fronts. Authoritarian governments are highly motivated to close the Internet off. But just as in the Cold War, these regimes are doomed to lose if free countries resolve to fight. Whatever governments want, people prefer freedom and eventually will get it, including on the Internet.

[Crafty_Dog]

http://www.washingtontimes.com/news/2012/dec/25/glitch-imperils-swath-of-encrypted-records/

[Crafty_Dog]

Summary



The sun can put on quite a show, with violent storms releasing large amounts of electromagnetic energy into the solar system. With increased reliance on satellite-based communication, the vulnerability to disruption from solar storms and flares increases. Because the sun is currently in a period of relatively high activity, expected to peak in 2013, solar storm warnings will likely be more frequent in the coming year. However, despite the increasing frequency of bursts of electromagnetic energy from the sun, the possibility of a direct hit by a truly debilitating storm is still small, and the possibility of any other kind of disruptive electromagnetic pulse is even smaller.
 


Analysis
 
If energy from solar storms comes into contact with Earth's magnetic field, it can increase radiation levels and disturb the ionosphere. These effects have the ability to disrupt satellite operations, radio transmissions, GPS and cellular communications, and damage electrical equipment on the ground. For example, electromagnetic energy from a solar storm in 1989 caused widespread power outages throughout Quebec.
 
On Feb. 19, a very large sunspot appeared and grew to six times the size of Earth within 48 hours. The spot remains unstable and could result in solar storms. These storms, which release the electromagnetic energy that could eventually come into contact with Earth, are not all of the same intensity. Traditionally, solar flares -- a type of solar storm -- are ranked: the strongest flares are labeled X, the weakest flares are labeled C, and those in the middle are labeled M. As technology has become more incorporated into daily life, and satellites have transitioned into a more commercial role, the National Oceanic and Atmospheric Administration has developed a scale that allows the general public to better understand the impacts of these storms. A numbering system of 1-5 indicates severity, with 5 being the most severe, while letters indicate how the storm is interacting with Earth and its surrounding magnetic field. G indicates a geomagnetic storm and corresponding disturbance in Earth's magnetic field, which can cause problems with electrical grids on the ground. S indicates an increase in radiation levels, and R refers to radio blackouts that result from disturbances in the ionosphere, often caused by solar flares.
 
NASA and the National Oceanic and Atmospheric Administration monitor space weather and are somewhat capable of predicting solar storms. Space weather forecasts, while still subject to some level of uncertainty, have improved greatly in recent years, allowing scientists to predict the arrival times of storms fairly accurately. The forecast through Feb. 24 gave a 40 percent chance for an M flare and a 10 percent chance for an X flare. The probability of an R3 or higher blackout, which could cause radio outages for an hour or more on the sun side of Earth, was 5 percent or less through Feb. 24. The possibility of a severe geomagnetic storm was 1 percent. NASA's predictions, put in layman's terms, were for Feb. 22 and Feb. 23 to be "quiet to unsettled" with Feb. 24 "quiet." Such forecasts could become more common in the coming year.
 






.
 Activity on the sun is not constant. Sunspot occurrences have increased since 2010, and the sun currently is near its maximum point in the 11-year cycle. Multiple large storms were reported in 2012, but at worst they led to minor disruptions -- primarily in air travel -- but no major disturbances. However, ongoing levels of increased activity could make sporadic communications interruptions more likely. An increase in activity could also bring the possibility of disruption to electrical grids and satellite activity to the forefront of the mainstream media.
 
The threat of electromagnetic pulses is often brought up in relation to an act of terrorism. However, Stratfor has long held the position that this risk is extremely small. Space is the most likely source of an electromagnetic disturbance.
 
Satellites are able to withstand most solar storms, although some minor problems with computer subsystems are possible. An extremely severe electromagnetic storm, sometimes referred to as a 100-year storm, would have the ability to disrupt the electrical grid on the ground. There is some debate within the United States about whether the cost of completely hardening the electrical grid against such a storm is justified. An EMP Commission report released in 2008 concluded that the United States' electrical grid was vulnerable to electromagnetic energy, and the U.S. Department of Defense has estimated that retrofitting all military electrical equipment could cost as much as 10 percent of the initial cost. However, the electrical grid's vulnerability means that if a severe solar storm hit, widespread power outages could result.
 
However, the likelihood of a solar storm being both strong enough and correctly positioned to do this is very small. Storms this severe only appear a few times during the sun's 11-year cycle. Still, smaller communications disruptions are possible, especially since the world is becoming more and more dependent on technology. In short, communications and navigational systems are the most likely casualties of this year's increased solar activity.
 
This is not to belittle the possible detriment of communications disruptions. Equipment used to direct strategic military activity, among other things, could be affected. Disruptions could also have short-term political and economic consequences for affected nations, given the unknown effects of even a minor disturbance in global communications. Much of modern life revolves around cellular and positioning technology. A strong solar storm could create inconveniences, but a doomsday situation -- especially the use of an electromagnetic pulse in a terrorist attack -- is extremely unlikely.
 

[Crafty_Dog]

I'm too low tech to describe this, but I think folks here will find it interesting.

http://money.cnn.com/2013/04/08/technology/security/shodan/

[G M]

I'm too low tech to describe this, but I think folks here will find it interesting.

http://money.cnn.com/2013/04/08/technology/security/shodan/

Anything with an IP address is vulnerable. It's as bad as the article states, if not worse.

[ccp]

Is this a big deal?   Where's GG.

From Samsung:

http://www.nytimes.com/2013/05/14/technology/samsung-announces-breakthrough-in-mobile-data-speed.html?partner=yahoofinance&_r=0

[ccp]

Well whoever it is, it won't be our own.  It will be who ever has the most money and the most political connections or bribed politicians.

"GM even wants to add popups in your car"

!@#$%^&*()_+!!!

http://t.autos.msn.com/news/who-owns-your-car%e2%80%99s-data