NSA-backed code aided spying efforts

1 April 2014 Last updated at 13:57

The US National Security Agency persuaded web-encryption company RSA to develop a more vulnerable random-number generator to make it easier to spy on businesses, Reuters has reported.

The news agency reported research suggesting the software had made reading companies' encrypted messages about 65,000 times easier.

RSA said it should "have been more sceptical of NSA's intentions".

The NSA declined to comment on any collaboration with RSA.

The research followed the description of a project to undermine commercial encryption systems in papers leaked by former NSA systems administrator Edward Snowden, published in late 2013.

Proving unpopular

RSA chief technology officer Sam Curry told Reuters it had trusted the NSA because of the agency's role in securing communications and critical infrastructure for the US government.

He added the NSA-inspired random-number generator had been removed from its product line after proving unpopular with customers.

In December 2013, Reuters reported the NSA had paid RSA $10m (£6m) to insert a flaw or "backdoor" into another, more widely used, software module that also generated random numbers to help with encryption.

At that time, RSA "categorically denied" that accusation and said it had not signed any secret deal with the NSA.

23.43 | 0 komentar | Read More

Cybersecurity team launched by UK

31 March 2014 Last updated at 16:49 By Chris Vallance BBC News

The UK's Computer Emergency Response Team (CERT-UK), which will co-ordinate the country's cybersecurity defence, has been formally launched.

The body will deal with "cybersecurity incidents" of national significance.

It will also provide advice and alerts on cyber-threats to government, industry and academia.

Speaking at the launch, Cabinet Office Minister Francis Maude said that 93% of large corporations had had "a breach" over the past financial year.

The attacks cost on average between £450,000 and £850,000, he added.

The minister also repeated the claim that one London-based company had suffered a security breach which cost it "£800m worth of revenue".

But, he said, cybersecurity also presented an opportunity. It was "an essential feature of - and a massive opportunity for - the UK's economic recovery".

Many countries around the world now have their own CERT, a crucial component in the sharing of information to prevent cyber-attacks.

'A milestone'

The government says it has allocated £860m to the UK's cybersecurity efforts.

However, figures were not available for the current budget specifically for CERT-UK, which will be based in London and will consist of a team of 55 people.

According to its website, cert.gov.uk, CERT-UK would issue an alert and appropriate guidance in the exceptional event of a critical national cybersecurity incident.

Providing advisory notices of "cybersecurity issues being detected across government, industry or academia" would be another function.

However the organisation has no law enforcement role or powers - its primary role is co-ordination and information-sharing.

Although CERT-UK had its official launch today, director Chris Gibson, formerly the director of e-crime at global bank Citigroup, was appointed in November and work has been in progress for some months.

A particular focus of the organisation will be the protection of companies seen to be part of the critical national infrastructure, such as banks, and power generation and distribution firms.

National Grid spokesman Steve Collins described the launch of CERT-UK as a "milestone".

It will also provide a single point of contact for co-ordinating international responses to computer security incidents - a move welcomed by other countries' cybersecurity teams.

23.43 | 0 komentar | Read More

OKCupid asks users to avoid Firefox

1 April 2014 Last updated at 02:18

Dating website OKCupid has sought to deter users from accessing its site via browser Mozilla Firefox.

The site says the move was in response to new Mozilla chief executive Brendan Eich's previous opposition to gay marriage in the US state of California.

Users are directed to use other internet browsers, such as Chrome.

Mozilla said OKCupid had not contacted it to confirm facts, and that: "Mozilla supports equality for all, including marriage equality for LGBT couples."

Visitors to OKCupid's website using Mozilla's free Firefox browser see a message that reads: "Mozilla's new CEO, Brendan Eich, is an opponent of equal rights for gay couples.

"We would therefore prefer that our users not use Mozilla software to access OKCupid."

However, it is still possible to access OKCupid's site via Firefox, if users click through the message.

Continue reading the main story

It's hard for me to think of a scenario where someone could donate to that campaign without feeling that queer folks are less deserving of basic rights"

End Quote Christie Koehler Mozilla employee

Ok Cupid is owned by media conglomerate IAC/InterActive Corp, which owns 50 brands across 40 countries.

These include other major dating sites, like Match.com, as well as news website the Daily Beast and web properties like Dictionary.com.

Court rulings

Mr Eich, who is the inventor of JavaScript, was appointed to lead the open-source browser firm on 24 March.

He is listed publicly as having donated to a campaign in support of California's Proposition 8 campaign in 2008, which had sought to ban gay marriage in the western US state.

Although it was initially passed, it was later overturned by the US Supreme Court in 2013.

After his appointment was announced, supporters of same-sex marriage in the US, including many Mozilla employees, expressed unease at the decision.

Mozilla's head of education, Christie Koehler, who is gay, wrote on her blog: "It's hard for me to think of a scenario where someone could donate to that campaign without feeling that queer folks are less deserving of basic rights."

However, she added that while she was personally disappointed, she said she did not think it would affect her work at Mozilla.

Mr Eich responded in a post, saying that he remained committed to openness in the work place and offering assurances that Mozilla would not change certain policies, like health insurance for the partners of gay employees.

"I am committed to ensuring that Mozilla is, and will remain, a place that includes and supports everyone, regardless of sexual orientation, gender identity, age, race, ethnicity, economic status, or religion," he wrote.

23.43 | 0 komentar | Read More

Microsoft scam man is sentenced

31 March 2014 Last updated at 15:59

A man who ran a Microsoft computer scam tricking people into paying for free anti-virus software has received a suspended four-month jail sentence.

Mohammed Khalid Jamil, 34, from Luton, hired people at an Indian call centre to falsely tell victims their computers had a serious problem.

The targets would be charged between £35 and £150 for software Microsoft made available for free.

As well as the suspended sentence, Jamil was ordered to pay a £5,000 fine.

He must also pay £5,665 compensation and £13,929 in prosecution costs.

The decision has been hailed as a "landmark" case by Trading Standards.

"We believe it may be the first ever successful prosecution of someone involved in the Microsoft scam in the UK," said Lord Harris, chairman of the National Trading Standards Board, which oversees the work of the National Trading Standards e-crime team.

"It's an important turning point for UK consumers who have been plagued by this scam, or variants of it, for several years.

"Many have succumbed to it, parting with significant sums of money, their computers have been compromised and their personal details have been put at risk.

"Now that one of the many individuals who've been operating this scam has been brought to justice, it's a stark warning to anyone else still doing it that they can be caught and will be prosecuted."

Remote access

Jamil had set up Luton-based company Smart Support Guys, which employed people based in India to cold-call Britons and claim to be working for Microsoft.

The victims, unaware of the scam, would offer remote access to the fraudsters - meaning their computers could be controlled from a different location.

Once given this access, targets' computers would be made less secure, at which point the scammers would offer, in return for a fee, to install software to fix the problem.

The software installed was available for free on Microsoft's website.

In court, Jamil admitted to unfair trading by allowing his staff to make false claims regarding computer support services.

He claimed he had tried but failed to control call centre staff and not adequately supervised them.

His jail term is suspended for 12 months.

23.43 | 0 komentar | Read More

BT criticised over rural broadband

1 April 2014 Last updated at 00:05 By Leo Kelion Technology reporter

The government and BT are under fresh attack for the way the rollout of the UK's rural broadband is being handled.

A committee of MPs said that many of the maps released lacked sufficient detail about coverage and the speeds that would be provided. It also questioned the costs involved.

It added that it had heard allegations that BT had been able to "kill the competition" by altering its own plans.

Both the company and the government have defended their record.

"It is... frustrating that the committee continues to try and pick holes in the programme," said a spokesman for the firm.

Please turn on JavaScript. Media requires JavaScript to play.

Margaret Hodge said BT was acting in a "secretive" manner

"BT is delivering value for money and the National Audit Office acknowledged there are 'robust' processes in place to ensure that. As for maps, most councils have published coverage maps with our support. More detailed data will be released by them in due course once surveys have been completed and we know for sure that we are going to an area."

Communications minister Ed Vaizey highlighted that the regulator Ofcom had recently ranked the UK's provision of broadband ahead of other countries.

"Britain has the best superfast broadband of all five leading European economies," he said.

"The government's nationwide broadband rollout is ahead of schedule; multiple robust safeguards are already in place to ensure value for money, and thousands of homes and businesses up and down the country are already getting the benefits."

'Monopoly position'

By 2015, the government will have given a total of £490m in grants to English local authorities and administrations in Scotland, Wales and Northern Ireland to subsidise the infrastructure needed to improve rural broadband.

Its goal is that by 2015 all UK premises can experience at least two megabit per second downloads and that 90% of premises can access "superfast" downloads of at least 20Mbps.

The councils and administrations have to match the cash with their own funds and pick a contractor. The firm then adds cash of its own, which it can later recoup through customer fees.

Nine firms initially showed interest, but the House of Commons Public Accounts Committee (Pac) warned last year that taxpayers faced being "ripped off" after BT won the first 26 bids put out to tender.

Since then BT has secured all of the 18 further contracts offered. The committee said that placed the company in a "monopoly position" meaning officials could never be sure if they had got value for money.

Pac also raised concern that the maps published by local bodies showing where broadband would be offered often lacked detail.

It said this made it hard for other organisations to work out where they could pursue their own independent schemes to fill gaps in BT's coverage or offer faster speeds.

Pac said the government should therefore work "urgently" alongside local bodies to make it possible for homes and businesses to carry out searches based on their full postcodes that revealed whether they were covered and the intended speed of service.

The committee noted it had heard allegations that BT had taken advantage of the "inadequate" information it had originally provided; both to expand into areas that rivals had subsequently shown interest in, and to refuse to boost speeds to at least one village that it declared too expensive to cover after winning a contract.

The Independent Networks Co-operative Association (Inca) - which represents smaller internet providers - has highlighted cases in Wiltshire and Lancashire where it said community schemes had been cancelled or put at risk by BT "overbuilding" its projects.

"Government and local authorities must make sure that alternative schemes, pulling in additional private sector and community funding, are supported not stymied," Inca's chief executive Malcolm Corbett told the BBC.

"Allowing BT to use state funding to undermine competitors is not in the interests of rural communities, nor the UK as a whole."

Subject to change

But a spokesman for BT explained any changes in its plans as being the result of the surveys it carried out after being awarded the contracts.

"The fibre broadband programme is constantly evolving, and there is no definitive rollout plan until we complete detailed survey work in each locality," said a spokesman.

"This means that plans will undoubtedly change. For example in Cornwall, we originally said we'd be able to connect 85% of the county, but we now expect to get to around 95-97%.

"That could happen in other areas too, but we can also encounter obstacles in certain locations, like blocked ducts or lack of available power, which makes the cost of deploying fibre prohibitive."

A further £500m of taxpayers' funds has been earmarked to enhance coverage after 2015.

Before that happens Pac has urged the government to analyse and publish details of this round's deployment costs to help local authorities be better informed .

The committee also suggested work be done to address a "lack of competitive tension" in the tendering process.

23.43 | 0 komentar | Read More

Web 'brings freedom and scrutiny'

1 April 2014 Last updated at 01:33 By Nick Higham BBC News

A majority of participants in a global BBC poll believe the internet has brought greater freedom, but more than half of those interviewed also think it is not a safe place to express their opinions.

Many believe that greater freedom goes hand in hand with increased government surveillance, according to the study commissioned for the BBC World Service.

People in countries with a tradition of media freedom are less likely to think their national media free to report truthfully and without bias.

Continue reading the main story

Analysis

Leo Kelion Technology reporter

---

After the cascade of GCHQ and NSA leaks - facilitated by whistle-blower Edward Snowden - it should come as no surprise that so many people believe they could be subject to government surveillance.

The spy agencies' activities are alleged to involve: Tapping the fibre-optic cables that form the internet's backbone to scoop up huge amounts of personal data; compromising encryption software meant to keep messages secret; and intercepting and storing images taken by millions of webcams.

Reports that even German Chancellor Angela Merkel's communications could not be kept private are likely to have contributed to the relatively high percentage of her fellow nationals indicating they feel their own messages are not safe.

That a smaller percentage of Chinese, Indian and Indonesian citizens perceive themselves as subject to government monitoring may reflect the fact that their countries' own cyber spies have been more successful at keeping their activities secret.

The poll was conducted in 17 countries around the world and is being released as part of Freedom Live, a day of broadcasts on the World Service's 27 language services exploring the idea of freedom and what it means**.

The results show that freedom, never a simple notion, has become ever more complex in the digital age. The internet and social media mean we can communicate more freely than ever. But we are also under more surveillance than ever before from governments and commercial organisations.

The poll found that more than two-thirds (67%) of those questioned agreed that the internet had brought them greater freedom, with only a quarter disagreeing.

Agreement was lowest in Mexico, Germany and China: in the last two countries barely half of those questioned (51%) agreed.

At over 75%, it was highest in Nigeria and Kenya - countries which until recently were bedevilled by poor communications infrastructure, and where mobiles and the internet have had a transformative impact, especially in business - as well as in the UK and Australia.

Nigeria also topped the poll of countries where people feel they are safe to express their opinions online, closely followed by India, Indonesia, Pakistan, Kenya and Peru.

In all those countries, more than half those questioned said they felt safe speaking their mind.

But in general, a majority of people (52%) feel unsafe online.

The fear is greatest in France and South Korea, closely followed by the other European countries in the poll, as well as the US, Canada and Australia.

In China, opinion is nearly evenly divided: 45% said they felt safe saying what they thought, against 51% who said they felt unsafe.

"There is an increasing sense that everything you do online now is being monitored, or at least can be monitored, by either governments or corporations," says Caroline Baylon, a research associate in the international security department of think-tank Chatham House.

"What if, as a result of a political opinion you express online, a government decides to put you on a terrorism watch list? And corporations are also watching what you do.

Continue reading the main story

"Start Quote

Countries with high internet connectivity feel more exposed to the Snowden era of online surveillance compared to countries with low levels of internet-connected homes"

End Quote Lionel Bellier GlobeScan pollsters

"There are companies out there whose sole business is to gather data on your online activities, create a profile on you, and then sell that information onwards. What if employers purchase that information? Could something you post prevent you from getting a job?"

She says government actions are partly to blame for this climate of suspicion.

"I think Edward Snowden's revelations of widespread spying by the US National Security Agency, including on its own citizens and close allies, have undercut trust in the actions of many governments," Ms Baylon notes.

"Such large-scale surveillance is no longer the prerogative of authoritarian governments like China."

Surveillance anxiety

That no doubt helps to explain another - at first sight surprising - result from the poll.

Respondents were asked whether they felt free from government surveillance online.

More than one in three (36%) said they did not, but the figure was highest in some of the countries which like to think of themselves as bastions of freedom and democracy: In both the US and Germany, more than half those surveyed thought they were not free from government surveillance.

On the other hand, when the pollsters asked the same question in China and Russia, a large majority (76% in China) answered that they did feel free from online surveillance.

Lionel Bellier of the pollsters GlobeScan, who carried out the research, thinks one possible explanation for this apparently counter-intuitive finding may be different levels of internet penetration: Around 80% of American and German households have internet access, but the proportion is less than half that in Russia and China.

"Countries with high internet connectivity feel more exposed to the Snowden era of online surveillance compared to countries with low levels of internet-connected homes," he says.

"In countries with lower connectivity, perceptions of what constitutes government surveillance are felt and lived differently, perhaps with less anxiety.

Media freedom

The pollsters also asked people about the media.

Global news organisations like the BBC like to boast of their freedom from government and other outside influences. In the developed West, media freedom is supposed to be a given.

But according to the survey, only 40% of people around the world believe their own country's media are free to report the news accurately, truthfully and without undue bias, and by no means all of them are in Europe and North America.

Continue reading the main story

Whether it's freedom from surveillance or freedom to be single, the BBC is investigating what freedom means in the modern world.

The figure is highest in Indonesia, where 73% think their country's media are free.

In the UK, the figure is 45%. In the United States, supposedly the land of the free with a First Amendment guarantee of a free press, it lies at 42%. In Mexico, Russia and Pakistan, the figure is 26%, in France 24%, and in South Korea a paltry 14%.

How free you feel, it seems, is not necessarily a reflection of how free the society you live in is nominally supposed to be.

** The poll results are drawn from a telephone and in-person survey of 17,589 adult citizens across 17 countries conducted by the international polling firm GlobeScan and its national partners on behalf of the BBC World Service between December 2013 and February 2014. The 17 countries were: Australia, Canada, China, France, Germany, India, Indonesia, Kenya, Mexico, Nigeria, Pakistan, Peru, Russia, South Korea, Spain, the United Kingdom and the USA.

23.43 | 0 komentar | Read More

Zuckerberg reaps $3.3bn through shares

1 April 2014 Last updated at 09:56

Facebook founder Mark Zuckerberg earned $3.3bn (£1.9bn) on the sale of share options in 2013, a new regulatory filing has revealed.

Mr Zuckerberg has now exhausted his supply of stock options as a result of Facebook's public offering.

He was given 60 million shares to help him with his tax bill.

His base salary for 2013 fell to $1, like other tech leaders such as Google's Larry Page and former Apple boss Steve Jobs.

However, his total compensation for the year was $653,165, down from $1.99m in 2012.

Facebook said the majority of that was to pay for flights on private jets, which are seen as necessary for security reasons.

Mr Zuckerberg still owns 426.3 million Facebook shares, which are worth around $25.7bn.

Shares in the social networking giant have more than doubled in value over the past year, as Facebook has reported better than expected earnings due to its strong mobile ad sales.

Selling down

The filing with US regulators also revealed that Sheryl Sandberg, Facebook's chief operating officer, had sold a significant portion of her shares in the firm as well.

According to analysis by the Financial Times she had 41 million shares when Facebook first listed in 2012 and has, since then, sold 26 million of those shares.

Previously Ms Sandberg has said that she used the proceeds from selling shares to pay tax bills.

Her current stake of 17 million shares, which includes compensation earned since the offering and restricted stock, is estimated to be worth about $1bn.

23.43 | 0 komentar | Read More

Tech world embraces April Fool's Day

1 April 2014 Last updated at 12:50

April Fool's Day could not pass without a few technology stories that test the bounds of credibility, although it isn't always easy to separate the jokes from reality.

A "goat simulator" released on 1 April, which promises users the experience of life as a goat via a game that allows them to "wreck stuff", would seem to have all the hallmarks of a classic April Fool - but it is true.

The BBC has rounded up some of the top technology news stories that are not.

DIY Apple repairs

Apple's products have earned a reputation as hard-to-fix so it came as something of a surprise to learn that it had bought iFixit, the company dedicated to DIY repairs.

On iFixit's website, it declared itself proud to have been acquired by Apple and said that it would "become a key player in the future of Apple device development".

"As part of the deal Apple made a commitment to produce the most replaceable electronic devices and personal computers on the market. This is a clear win for the whole iFixit community," it said.

Much of its repair work would centre on upgrades, it went on.

"Visit any of our Apple Store locations and an army of well-groomed young people will happily take your money and congratulate your excellent taste."

Google Pokemon

The search giant traditionally throws itself into the the spirit of April Fool's Day, and this year is no exception.

The company is offering Auto Awesome Photobombs for Google+, which allow users to upload an image of David Hasselhoff, described by the search giant as "everyone's favourite crime-fighting rock star lifeguard" to their photos.

It has also claimed to have added emoji support for the Chrome browser on Android and iOS. The add-on will translate web pages into emoji icons to make them faster to read, it says.

Its most elaborate joke though is an update for Android and iPhone versions of Google Maps that lets users go around the world catching Pokemon.

The game is real but comes with a fictional job ad, offering the position of "Pokemon master" for those who could catch all 150 Pokemon.

Smart gloves

Mobile phone manufacturers HTC and Samsung chose to poke fun at the growing range of smart wearables on the market with both advertising a fake smart glove.

"Imagine the power of complete smartphone creative freedom. Now imagine that freedom in the shape of a glove," said HTC.

Meanwhile rival Samsung announced its first "all-over-hand" wearable device, dubbed Fingers.

The fictional smart glove features a 3in (8cm) LED display, 16 megapixel camera, as well as gyro, barometer, compass, heart rate, proximity, thermometer, voice and gesture recognition sensors. It can be solar charged by raising your hand towards the sun.

"Samsung Fingers reinvents and modernises the classic use of the human hand," it said in a perfectly believable press release.

Adult-free internet

Meanwhile a UK-based broadband news site decided to use the day to take a swipe at what it sees as increased internet censorship, following the blocking of adult content by leading UK ISPs.

ISPReview reported that now ISPs were going a step further and had unanimously agreed to support a government initiative aiming to make the internet friendlier to "those under the age of five, and Justin Bieber".

It would involve, it reported, the removal of "all content depicting or involving adults".

ISPs would use real-time advanced Deep Packet Inspection technology to "allow them, for example, to replace images of women's underwear on the Marks and Spencer's website with a crayon drawn alternative created by local children", it added.

3D tower

The Register decided to poke fun at the increasing press interest in the wonders of 3D printing.

It reported that BT's iconic central London tower would be replaced by a 3D-printed version.

Due its lightweight plastic construction the tower would be "unable to carry today's payload of telecommunications equipment and hospitality suites at the top", it reported.

But the design would have some advantages.

"In the event of a terrorist bomb attack the lightweight 3D printed BT Tower will fall harmlessly onto the 3D printed version of Euston Station below," it said.

23.43 | 0 komentar | Read More

LinkedIn email addresses exposed

1 April 2014 Last updated at 14:07

The email addresses of LinkedIn users can easily be exposed via a web browser add-on tool, it has been revealed.

Sell Hack is available as a free extension to the Chrome browser that, once installed, will pop up a "hack in" button on LinkedIn profiles.

Users can then find the email address associated with the account even if they are not connected.

LinkedIn said it was taking legal action over the plug-in and advised users to uninstall it.

Sell Hack insisted that the the tool was created for marketing professionals and that all data is publicly available.

On its website it said: "We just do the heavy lifting and complicated computing to save you time, We aren't doing anything malicious to LinkedIn."

But the social network for professionals did not agree.

"We are doing everything we can to shut Sell Hack down. On 31 March LinkedIn's legal team delivered Sell Hack a cease-and-desist letter as a result of several violations," a spokesman told the BBC.

"LinkedIn members who downloaded Sell Hack should uninstall it immediately and contact Sell Hack requesting that their data be deleted."

He said that members should "use caution" before downloading any third-party extension or app.

"Often times, as with the Sell Hack case, extensions can upload your private LinkedIn information without your explicit consent," he said.

23.43 | 0 komentar | Read More

University wins $1.5bn patent suit

1 April 2014 Last updated at 17:02

A federal judge has ordered US chip maker Marvell Technology Group to pay $1.5bn (£900m) to Carnegie Mellon University for infringing two hard-disk patents.

The university had been seeking damages of up to $3.7bn, and a jury had previously awarded it $1.1bn.

Marvell said it planned to appeal.

In her summing up, the judge said the "enhanced damages" were justified because it had deliberately copied the university's patents.

"This award is sufficient to penalise Marvell for its egregious behaviour and to deter future infringement activities," wrote Nora Barry Fischer.

She rejected the university's request to triple damages, saying that would "severely prejudice" Marvell and perhaps threaten its survival.

K&L Gates, the law firm representing Carnegie Mellon University told the BBC: "We are reviewing Judge Fischer's latest opinion and are pleased that the court addressed both Marvell's continuing and wilful infringement.

"We understand that Marvell intends to appeal, and we look forward to the federal circuit vindicating Carnegie Mellon University's intellectual property rights just as Judge Fischer did."

Real-world chips

The case concerned patents issued in 2001 and 2002 that relate to how accurately hard-disk drives detect data stored on the drives.

Carnegie Mellon said at least nine Marvell chip boards incorporated the patents, amounting to billions of chips worldwide.

In 2009 it sued the chip maker and it later emerged the company had been aware it had been infringing the patents for at least seven years prior to the legal action.

Marvell had said the technology described in Carnegie Mellon's patent was "so complex that it cannot be implemented in real-world silicon chips".

The initial award of $1.17bn in December 2012 was the third largest ever in a patent case at the time.

Patent lawyer Andrew Alton said: "Lots of very significant technology has come out of universities and it is not unusual for them to enforce them.

"Neither are massive pay-outs unusual." he said.

The appeal will, according to Mr Alton, be heard by a more specialised patent court, which should be able to rule on both whether the patents were infringed and whether the awarded damages were proportionate.

23.43 | 0 komentar | Read More