Posts tagged ‘canada’

TorrentFreak: BREIN Stops and Settles With Popcorn Time Developers

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

popcorntIn less than two years Popcorn Time has become a piracy icon as well as one of Hollywood’s main nemeses.

Through various enforcement actions around the world the major movie studios hope to eventually contain this threat.

They recently booked a major victory when the MPAA filed a lawsuit against several key developers of the popular fork in Canada. While this suit took down the associated website, there are several efforts to revive the project.

The problem for the movie studios is that Popcorn Time’s code is open source, allowing anyone to help out or distribute forks of their own. With minimal effort, developers can easily have their own improved version up and running.

While this results in a perpetual game of whack-a-mole, Hollywood-backed anti-piracy group BREIN has just announced a win.

The group reports that has tracked down two Dutch developers who helped to keep Popcorn Time alive, and urged them to stop their activities immediately.

“Since the recent action by the MPAA against, which took the website offline, various parties are breathing new life into the software, as were these two Dutch individuals,” the group says.

According to BREIN the pair used GitHub to submit code and Reddit to share news about their accomplishments.

Preventing a possible court case, the developers signed a settlement with the anti-piracy group in which they agreed to stop their Popcorn Time development. The pair face a fine of €2,000 per day if they breach the agreement.

The Dutch developers don’t seem to be part of the core development team of the .io fork, which could explain why they got off with a relatively mild warning.

The lawsuit against three of the main developers in Canada is still ongoing. They face millions in damages due to their involvement with the popular application and the associated service, which generated significant revenues.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

TorrentFreak: Movie Studios Shut Down New Popcorn Time Alternative, But Not For Long

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

popasIn less than two years Popcorn Time has become a piracy icon, offering free access to Hollywood’s latest blockbusters but without obtaining permission.

This popularity has triggered a wave of legal threats including a lawsuit against three developers filed in Canada last month.

Despite being a major target for copyright holders the rise of new Popcorn Time alternatives appears to be never-ending. For example, a few days ago another Popcorn Time-inspired website launched at

While it’s visually similar to the application, the browser version operates more like a traditional streaming site with a Popcorn Time theme. Nevertheless, it was enough to attract the attention of the Motion Picture Association (MPA).

Just hours after the site was first advertised on Reddit its operator received an MPA letter, sent on behalf of several major Hollywood movie studios.

In the email the MPA’s Jan van Voorn puts the site operator on notice, alerting him to European jurisprudence under which he may be held liable for linking to pirated movies and TV-shows.

“Without prejudice to our contention that you are already well aware of the extensive infringements of copyright, this Notice fixes you with actual knowledge of facts and circumstances from which illegal activities […] are apparent,” Van Voorn writes.

The MPA’s email

Among other things the email mentions that Article 14 of the E-Commerce Directive requires sites to stop offering infringing material. In addition, the Hollywood group cites other recent cases supporting their claim.

Without making a specific threat the MPA demands that the site’s operators stop offering infringing material within 24 hours.

“This Notice requires you to immediately (within 24 hours) take effective measures to end and prevent further copyright infringement. All opportunities provided by the Website to download, stream or otherwise obtain access to the Entertainment Content should be disabled permanently,” the email reads.

The site’s operator was worried about the email, but wanted to continue the site nonetheless. However, after a few hours he apparently changed his mind informing us that it wasn’t worth the trouble.

As a result, shut down on Thursday, but not for long.

Instead of vanishing completely the original operator decided to sell the domain and site to someone else, who brought it back to life today. How long it will last remains to be seen but the relaunch only adds to Hollywood’s frustration.

The MPA informed TorrentFreak that the email they sent is part of an ongoing strategy to curb copyright infringement and encourage consumers to use legal sources. This means that’s new owner is likely to receive a similar threat, along with others who start similar sites.

And so the Whack-a-Mole continues.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Krebs on Security: Starwood Hotels Warns of Credit Card Breach

This post was syndicated from: Krebs on Security and was written by: BrianKrebs. Original post: at Krebs on Security

Starwood Hotels & Resorts Worldwide today warned that malware designed to help cyber thieves steal credit and debit card data was found on point-of-sale cash registers at some of the company’s hotels in North America. The disclosure makes Starwood just the latest in a recent string of hotel chains to acknowledge credit card breach investigations, and comes days after the company announced its acquisition by Marriott International.


Starwood published a list (PDF) of more than 50 of its hotel properties — mostly Sheraton and Westin locations across the United States and Canada — that were impacted by the breach. According to that list, the breach started as early as November 2014 in some locations, ending sometime in April or May for all affected hotels.

As with other ongoing hotel breaches, the malware that hit Starwood properties affected certain restaurants, gift shops and other point of sale systems at the relevant Starwood properties.

“We have no indication at this time that our guest reservation or Starwood Preferred Guest membership systems were impacted,” Starwood President Sergio Rivera wrote in a letter to affected customers. “The malware was designed to collect certain payment card information, including cardholder name, payment card number, security code and expiration date. There is no evidence that other customer information, such as contact information, Social Security numbers or PINs, were affected by this issue.”

Starwood joins several other major hotel brands in announcing a malware-driven credit card data breach. In October 2015, The Trump Hotel Collection confirmed a report first published by KrebsOnSecurity in June about a possible card breach at the luxury hotel chain.

On Sept. 25, this author first reported that the Hilton Hotel chain is investigating reports of a pattern of card fraud traced back to some of its properties. Bank sources said the fraud pattern they’re seeing all traces back to restaurants and gift shops at various Hilton locations. The company hasn’t commented further beyond its initial statement in September that it was looking into the matter.

In March, upscale hotel chain Mandarin Oriental acknowledged a similar breach. The following month, hotel franchising firm White Lodging acknowledged that — for the second time in 12 months — card processing systems at several of its locations were breached by hackers. Each time, the breach was traced back to point of sale systems at food and beverage outlets inside the White Lodging properties.

Readers should remember that they are not liable for unauthorized debit or credit card charges, but with one big caveat: the onus is on the cardholder to spot and report any unauthorized charges. Keep a close eye on your monthly statements and report any bogus activity immediately. Many card issuers now let customers receive text alerts for each card purchase and/or for any account changes. Take a moment to review the notification options available to you from your bank or card issuer.

TorrentFreak: Arrests as Police Target Latin America’s Largest Pirate Site

This post was syndicated from: TorrentFreak and was written by: Andy. Original post: at TorrentFreak

megalogoWhen it comes to enforcement of intellectual property rights, Brazil isn’t exactly a world leader. The country has long been criticized for its lack of progress in this area and has regularly found itself targeted by complaining authorities in the United States.

In 2009, former President Lula was even photographed cozying up to none other than The Pirate Bay’s Peter Sunde. But six years later and it appears that the tides have changed.

Yesterday Federal Police in Brazil launched Operation Blackbeard, a coordinated action to take down, Latin America’s most popular pirate site.

Launched in 2010 and mainly serving the Portuguese-speaking market, MegaFilmesHD has grown to become one of Brazil’s most popular sites, with a reported 60 million visits per month.

megafilmesopsFollowing a two month investigation, police executed 14 search warrants targeted at the alleged operators of the popular streaming portal.

A man and a woman believed to be a couple were arrested at their home on suspicion of copyright offenses. Four cars, two of them reportedly luxury (local media showed a $US58,000 Porsche SUV), were seized along with around US$5,300 in cash.

Police also questioned five alleged admins of the site and blocked seven bank accounts believed to be used for money laundering. Along with the site’s owners the admins will be indicted for running a criminal operation. Police say they face between three and eight years in prison on that count plus two to four years for copyright infringement offenses, plus fines.

Like many similar operations of its type, Mega Filmes HD listed thousands of movies and linked to files hosted on third-party cyberlocker-style sites. According to police the site generated around US$18,500 per month from advertising. Tests carried out by TF last evening revealed aggressive techniques, with most clicks resulting in the appearance of some kind of ad.


While it’s clear that the owners of Mega Filmes HD are now in serious trouble, the lawyer for the couple says that their arrest came as a complete surprise. Apparently one of his clients originally ran the business from Asia and expected no problems in Brazil.

“My client came from Japan and there the practice is common. He never imagined he would be arrested,” the lawyer told Globo.

Interestingly (although perhaps not surprisingly) figures reported by Brazilian police concerning Mega Filmes HD largely tie up with ones cited in a report the MPAA filed last month with the United States Representative.

“ is a popular streaming linking site that currently offers more than 150,000 links to more than 6,000 illegally reproduced national and international titles including films, television series, and concerts,” the MPAA reported.

Also of interest is the current status of the site. Although its operators were arrested yesterday morning, until just a few hours ago remained operational. Currently the site is offline but that appears to be due to a massive influx of traffic following news of the raid.

Possibly complicating a shutdown is that MegaFilmesHD was only partially operated from Brazil. According to the MPAA the site had connections in both Poland and Bulgaria. Nevertheless, if it stays down the impact will be felt most locally. Police says that 85% of the site’s visitors were from Brazil, with an impressive 4.5 million followers on social media.

But despite the existence of MegaFilmesHD and a reported 41% of citizens downloading illegally from the Internet, legal services are thriving in Brazil. The country is now the fourth-largest market for Netflix behind the US, Canada and the United Kingdom, with Netflix chief Reed Hastings describing the country as a “rocket ship” for his company.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

TorrentFreak: Popcorn Time’s Alive, Full Comeback In the Works

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

popcorntThe main Popcorn Time fork operating from the domain name shut down its servers late October citing internal problems.

A few days later the MPAA took credit for the fall, announcing that it had filed a lawsuit against several of the developers in Canada. In response some developers backed out.

Faced with an abrupt ending several Popcorn Time users were keen to revive the defunct application. The effort has been a success, with a fully working fix now circulating on Reddit.

The fixed version uses new APIs so movies and TV-shows now show up again. Instead of using YTS as a movie provider the revived application uses TorrentsAPI, and the TV-show feed has been replaced by a custom API.

The Reddit fix is only the start. Users of, the VPN service associated with Popcorn Time, were also alerted about a new update to the movie streaming application recently.

“ Movies API FIX installed,” the message read, prompting users to restart the application.

It turns out that the VPN provider made several changes which allows users to access the Popcorn Time website and client without any issues.

Popcorn Time alert

After the fix is applied Popcorn Time becomes fully operational again, filled with the latest movies as if nothing has happened.

For now the general public can’t use their old Popcorn Time client without manually applying a fix, but this may change in the near future.

Popcorn Time developer Wally, who also founded the service, informs TorrentFreak that he could revive Popcorn Time to its full glory.

“I am still considering a full comeback, I just do not want to release a half working version,” Wally says.

The developer, who controls both the official Twitter account and mailing list, first wants to make sure that all domain names are out of the MPAA’s reach. This is a concern, as the Canadian lawsuit is still ongoing.

Wally is not listed as a defendant in the Canadian lawsuit but his name was mentioned in the complaint. In addition, the company was mentioned in both the claim and injunction.

Instead of fighting Popcorn Time, Wally believes the MPAA should embrace its concept and technology.

“The popularity of Popcorn Time should be an example for the MPAA to a build a future streaming platform that will be open to the entire world,” Wally says.

Lawsuits or not, it’s clear that the technology is hard to stop. Even now that the original sources no longer work, people can still use the application as a basic torrent streaming client, manually loading torrents into it.

The MPAA is not going to be pleased with the plans to relaunch the popular Popcorn Time fork. However, neutral spectators may want to get the popcorn out, as this saga is far from over.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

AWS Official Blog: City on a Cloud Challenge Winners – 2015

This post was syndicated from: AWS Official Blog and was written by: Jeff Barr. Original post: at AWS Official Blog

The Challenge
Our City on a Cloud Innovation Challenge was designed to encourage local governments to use AWS to create innovative solutions to problems faced by local governments in the United States and other countries. Each year, we recognize winners in three categories: Best Practices, Dream Big, and Partners in Innovation.

Over the years that we have been operating this challenge, we have been impressed by the amount of energy and attention that local governments devote to creating tools, apps, and data sources that provide tangible benefits to their citizens, often assisting them with information that will allow them to lead lives that are safer more productive, and better informed.

And the Envelope Please!
I am pleased to be able to reveal the winners of the 2015 City on a Cloud Challenge!

There are three winners in the Best Practices category:

  • Louisville Metro Data Initiatives (Kentucky, US) – With a focus on open data and data-driven performance, the Louisville Metro Government created a series of custom sites hosted on AWS. The sites are designed to provide citizens with meaningful insights into government priorities and actions, along with the opportunity to review, analyze, and comment on government actions and processes.
  • King County (Washington, US) – This county has replaced a costly and expensive tape-powered backup and disaster recovery system with a modern, cloud-powered system that combines physical and virtual cloud-powered storage appliances with Amazon Glacier and S3, with a projected savings of $1 million in the first year, and $200K thereafter.
  • South Central Development and Planning Commission (Louisiana, US) -This county created MyGovernmentOnline. This site provides cloud-powered, location-oriented tracking of assets owned by government agencies of any size.

There are two winners in the Dream Big category:

  • City of Chicago (Illinois, US) – The city created OpenGrid, an open source information system that supports real-time monitoring and retrieval of historical data sources.
  • City of Marquette (Michigan, US) – The proposed CemeteryHost application will allow users to quickly and easy locate graves in Marquette’s historic Park Cemetery.

We would also like to recognize Trouver of Malaysia; their cross-platform collaborative tracking platform merits an honorable mention.

Finally, there are seven winners in the category of Partners in Innovation:

  • Seamless Docs (US) – A quick route to a paperless government, with conversion of existing forms and PDFs to online versions, including support for electronic signatures.
  • Quicket Solutions (US) – Cloud-based solutions for law enforcement to increase officer safety, boost patrol officer productivity, and increase public convenience.
  • Vizalytics Technology (US) -On-the-go insights for local businesses, residents, and government agencies, powered by real-time data sets from cities, states, and local governments.
  • GrupoTX (Colombia) – Improvements to government processes which lead to a better relationship between the citizens and the government.
  • DataCats (Canada) – An open source project that trivializes the creation of open data infrastructure for states, regional, and local governments.
  • ViewScan (Panama) – A web application that integrates GIS and transactional information to help citizens and government track urban changes, local businesses, transportation, public services, traffic, and environmental landmarks.
  • Park Smart (Italy) – A platform that provides real-time visibility into the availability of parking spaces in monitored areas.

Congratulations to all of the winners, and thanks again to everyone who took the time to create and submit an entry!

— Jeff;

TorrentFreak: MPAA Can Access Popcorn Time Services & VPN, Court Rules

This post was syndicated from: TorrentFreak and was written by: Andy. Original post: at TorrentFreak

pop-ytsAfter weeks of rumor and sealed lips, last evening it was made official. Movie torrent site YTS is dead, release group YIFY is no more, and the main Popcorn Time fork,, have all been shut down by the MPAA.

The operation involved legal action in two territories. In New Zealand the operator of YTS and related release group YIFY was hit by a multi-million dolalr lawsuit lodged at the High Court on October 12. Confidentiality agreements are in place so public details are scarce, but its believed that YTS has already settled with the MPAA.

In Canada, however, information is more readily available. On October 9, 2015, Paramount Pictures, Columbia Pictures, Sony Pictures, Twentieth Century Fox, Universal City Studios, Universal Network Television, Warner Bros. and Disney, filed a statement of claim in the Federal Court.

Their targets were people and companies associated with, including key developer David Lemarier and his company Wasabi Technologie plus Limited, the outfit behind Popcorn Time’s VPN.

The demands of the studios were broad but clear – stop infringing their rights, stop developing Popcorn Time, shut down its websites and shut down

“Since April 2014, the individual Defendants David Lemarier, Robert English and Louie
Poole have been developing, operating, distributing and promoting the computer
application ‘Popcorn Time’,” the studios wrote.

“In December, 2014, a paid VPN service provided by the Defendant Limited was integrated in Popcorn Time (PT Add-On). The integration of the PT Add-On acts as an important enticement for users of Popcorn Time to engage in acts of copyright infringement, and is explicitly marketed as such on its website.”

The studios claim that Lemarier is the CEO of and Louie Poole has worked there as a software engineer “at least as early as September, 2015.” Owned by Lemarier, Wasabi Technologie is the company operating’s PayPal account.

“The sale of the PT Add-On service generates important monthly revenues which directly profit the Defendants David Lemarier and Limited, and the Defendant Louie Poole as an employee of Limited. All the individual Defendants as well as Limited derive financial benefits from their participation in Popcorn Time,” the studios add.

Just seven days later on October 16, 2015, Mr Justice Martineau in the Federal Court responded to the studios’ demands by handing down an interim injunction (pdf) against the defendants listed above.

In broad terms it restrains them from infringing the studios’ copyrights, including by continuing to develop, operate, distribute or promote Popcorn Time or “any similar software application” or website. However, it goes further – much, much further.

The injunction includes a huge list of domains and sub-domains which the studios say must be dealt with in order to “fully deactivate” Popcorn Time. and a further 17 are said to relate to the service’s API while 39 relate to the website and four the blog. Dozens of others make up discussion forums, development platforms, mail servers, nameservers, content delivery and sundry others.

The injunction orders the defendants to hand over the login credentials “for the hosting providers and/or registrars accounts” for all of them. They are also required to do the same for the official Popcorn Time Facebook, Twitter and Google+ accounts. This is so that computer forensics experts “acting under the supervision” of the studios can gain access to them.

Also under the microscope is The injunction orders the defendants, including’s operators, to hand over the login credentials for “hosting providers and/or registrars” hosting the domains and sub-domains. They are also required to authorize computer forensics experts under the eye of the MPAA to log into’s infrastructure and deactivate the service.

While this development will be of concern to’s customers, the service itself says that there is currently nothing to worry about.

“ is not a Canadian company, nor has any of its operations located in Canada, this means Canadian laws are not relevant in out case what so ever,” said in a statement.

“We understand that some of you might be worried or intimidated by the idea of the film studios, but we want to remind you that never logs, never shares any information with anyone else and mostly, cares about our clients and their safety. After all this is why we started, to protect the vulnerable.”

The company says it operates a warrant canary to notify users in the event it has been compromised. Currently that alone raises no alarms but it’s highly likely that user confidence will be undermined by the forceful nature of the injunction and the international reach of the MPAA.

To be continued…

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

TorrentFreak: MPAA: We Shut Down YTS/YIFY and Popcorn Time

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

popcorntThe BitTorrent piracy ecosystem lost several key players in recent weeks.

The main Popcorn Time fork operating from the domain name closed its doors on October 23, citing internal issues.

Part of the trouble was started by rumors of legal pressure, which the MPAA confirmed today.

The major movie studios have sued three Popcorn Time developers in Canada, the group announced in an official statement. The MPAA obtained an injunction on October 16 ordering the shutdown of the site.


The legal action in Canada was not an isolated incident, however. Around the same time, movie industry representatives targeted the operator of YTS/YIFY who’s a New Zealand resident.

TF learned that employees of New Zealand’s National Cyber Security Centre (NCSC) contacted the operator of YTS last month. Both NCSC and the movie industry representatives had a warrant. The latter reportedly threatened a multi-million dollar lawsuit, urging the operator to cooperate.

YTS went dark two weeks ago as a result of the legal trouble and is not coming back.

The status of the lawsuits in Canada and New Zealand is currently unclear, but sources told us last week that several of the accused are working on an agreement to minimize their harm, possibly in exchange for information.

The MPAA, meanwhile, is ready to declare the outcome as a clear victory.

“This coordinated legal action is part of a larger comprehensive approach being taken by the MPAA and its international affiliates to combat content theft,” MPAA boss Chris Dodd says.

“Popcorn Time and YTS are illegal platforms that exist for one clear reason: to distribute stolen copies of the latest motion picture and television shows without compensating the people who worked so hard to make them,” he adds.

Breaking story, more info may follow later.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Backblaze Blog | The Life of a Cloud Backup Company: Welcome Chuck: Our Datacenter Expert

This post was syndicated from: Backblaze Blog | The Life of a Cloud Backup Company and was written by: Yev. Original post: at Backblaze Blog | The Life of a Cloud Backup Company

Some say that all things in life are cyclical. Backblaze pioneered DIY server architecture on a large scale with the Backblaze Storage Pods. This in turn spurred Facebook to start their Open Compute Project. This led to them having top-notch Datacenter teams. And now that leads to Chuck Goolsbee joining the Backblaze team after running a datacenter for Facebook in Oregon. What’s Chuck going to be working on? As Backblaze expands we need more places to store your data, and Chuck is tasked with building out our network of future datacenters. It’s not an easy task, but Chuck feels oddly intrigued by it. Lets learn a bit more about the newest addition to our Datacenter team, shall we?

What is your Backblaze Title?
Director of Datacenter Infrastructure

Where are you originally from?
Spent my childhood in Illinois, Montana, and Texas, but have lived most of my life in the Seattle area. Currently living in central Oregon.

What attracted you to Backblaze?
Backblaze needs datacenters. I live and breathe datacenters. Prior to coming here I was at Facebook for almost five years, starting up and managing their Prineville, Oregon datacenter. Prior to that I built and managed a series of colocation datacenters in the Seattle area for a company I helped create named digital.forest.

What do you expect to learn while being at Backblaze?
Move fast and build datacenters.

Where else have you worked?
See above. Most interesting job? I spent about 15 years as a professional, on-ice Hockey Official (Referee & Linesman) in the USA, Canada, and Europe. I was paid to travel and work games ranging from kids through College up to professional Ice Hockey. I started doing it in college for extra money (I played hockey at the time) and kept with it for years afterward. I tell people that no job better prepares you for on-you-feet decision-making, and staying cool in a crisis better than hockey officiating.

Where did you go to school?
I graduated from Texas Tech University with a BFA in Graphic & Package Design. I went there to study with a rather mercurial professor named Frank Cheatham. He was amazing, and brutal at the same time. About 90 of us started his program, and only four of us graduated. About a year after I started my professional design career, my whole world changed when the industry started going digital with the introduction of PostScript, Aldus PageMaker, Adobe Illustrator, et al. That changed everything, and began my journey to here.

What’s your dream job?
The guy whose perpetual subtitle reads “Professional on a closed course. DO NOT ATTEMPT.”

Favorite place you’ve traveled?
Anywhere with fresh powder and no lift lines.

Favorite hobby?
Skiing all winter, playing with cars when there is no snow. I try to ski between 750,000 and 1 million vertical feet every winter (that’s 229km—305km for the more rational, non-Imperial types out there). In the off-season I compete in the 24 Hours of LeMons race series, and try to keep a few old cars running… with very limited success. (OK, mostly outright failure.)

Of what achievement are you most proud?
hard to pick…
Raising two sons to reasonable and responsible adulthood.
Several top-ten finishes in highly competitive endurance auto races and TSD rallies.
Several successful datacenter builds.
Hitting 89.7 MPH/144KPH on skis.

Star Trek or Star Wars?
Why not both? (just no Jar Jar please!)

Coke or Pepsi?
Cabernet Franc.

Favorite food?
Medium rare steak, with sautéed green veggies and a Cabernet Franc.

Why do you like certain things?
I generally like things that require my complete, 100% focus in the moment I am doing them. Skiing, driving, whatever. I learned this while playing hockey. I was a goaltender, so if you lose focus for even a nanosecond, you lose. Maintain focus, and you can do just about anything.

Anything else you’d like you’d like to tell us?
It’s never too late to have a happy childhood.

Driving race cars and inching towards 90 MPH on skis? Never too late to have a happy childhood is right! Thanks for sharing your backstory with us Chuck. If you’re curious about what Chuck will be working on…

The post Welcome Chuck: Our Datacenter Expert appeared first on Backblaze Blog | The Life of a Cloud Backup Company.

Raspberry Pi: Major League Hacking Local Hack Day

This post was syndicated from: Raspberry Pi and was written by: Marc Scott. Original post: at Raspberry Pi

18,000 stickers, 2,000 selfie-sticks and 8,000 slices of pizza hurtled across the planet last week to 14 different countries. It was a day that almost 4000 students had been eagerly awaiting.

Major League Hacking (MLH) have been organising hackathons in the USA and Europe for several years, but Saturday was an event with a difference. Local Hack Day was a 12-hour mini-hackathon on school campuses all over the world, and was billed as “the largest student hackathon ever”. The vast majority of the events were organised and run by the students; bringing together their local hacker community to develop, share and celebrate their skills in building awesome technology.


Of the 87 venues that participated in Local Hack Day, 58 of them, in places as far apart as the US, Canada, UK, Puerto Rico, Bahia, Mexico and Limassol, were able to accept under 18s. This is a huge deal. For your average kid, attending hackathons is not easy. With the exception of tailored events such as YRS Festival of Code, most hackathon venues won’t allow under 18s to attend for child safety and safeguarding reasons. MLH have continuously strived to include the next generations of young hackers, and the Local Hack Day was an extraordinarily inclusive event, letting those children whom identify with the hacker community to participate or even help organise the global event.

At the school where I used to teach, Bourne Grammar School, just such a young lad exists.


To say James is a keen hacker would be an understatement. It’s not just that he enjoys technology and programming, probably more importantly, he recognises the importance of the hacker community and is eager to get involved. It was James who learned about Local Hack Day, and proposed that his school host an event, but that wasn’t enough; he wanted to be the one to organise it all. The head of Digital Strategy at the school, Stephen Brown, was more than happy for James to take centre stage and run the whole day, and what a stunningly successful event it was.

As James’ former Computer Science teacher, I was invited along (although I’m not sure whether I was wanted for my skills as a mentor or my ready access to Raspberry Pis. I suspect the it was the latter). I took my son, Jimi, along with me, who, at eight years old, must have been one of the youngest attendees across all the venues.


There were around 25 attending the Bourne Local Hack Day this year.

Having arrived, grabbed their swag and stickers, the kids soon got down to the important job of hacking on their projects. There were a tonne of amazing ideas, from the basic to the bizarre. We had computer games being made using anything from the Unity 3D games engine to the Raspberry Pi Sense HAT. There was some back-end work being completed on an app that enables people to brag about their latest purchases; a “Nandos cheekiness” measuring tool; a machine-learning algorithm to teach a computer to perform basic arithmetic using neural networks; and a selfie stick that automatically posted pictures to Twitter and tagged them using the Clarifai API. Jimi even got in on the action, combining his love of conkers with his love of physical computing.

kid with breadboard

Jimi tangles with a breadboard

Fuelled by drinks and crisps, kindly donated by the local Tesco, the kids worked solidly throughout the day, only breaking at 6pm when the pizza arrived. There followed a quick diversionary game of Age of Empires, where the teachers showed the kids who the real gaming champs were, and then it was back to hacking on their projects before the 9pm deadline hit.

The winners with their Raspberry PI Selfie-stick

The winners with their Raspberry PI Selfie-stick

The chosen winner at Bourne was the Raspberry Pi/Clarifai Selfie-stick, which was a lovely little hardware hack, but this was definately an event where the taking part was more important. Hackathons are amazing events, where inspiration, teamwork, genius and insanity all seem to combine to produce awesome projects, and it’s important that children get to experience them as well. So thank you MLH, and I look forward to Local Hack Day 3, whenever that may be.

The post Major League Hacking Local Hack Day appeared first on Raspberry Pi.

TorrentFreak: Leaked TPP Chapter Proposes Drastic Copyright Changes

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

copyright-brandedThe Trans-Pacific Partnership (TPP) is a multinational trade agreement aimed at strengthening economic ties between the United States, Canada, New Zealand, Japan and eight other countries.

Earlier this week the participating countries agreed on the final text, and a few days later Wikileaks published a leaked copy of the intellectual property chapter, which has yet to be officially revealed.

The final version removes the uncertainties that were present in previous drafts and raises serious concerns among many copyright experts and activists.

If the agreement is ratified the copyright term will be set to the life of the author plus 70 years. This is already the case in the United States, but Canada will have to extend the current term by 20 years.

This is a step backward according to Canadian law professor Michael Geist, who says that the change might cost the Canadian public more than $100 million per year.

“Hundreds of well known Canadian authors and composers who died years ago will not have their work enter the public domain for decades,” Geist notes.

The TPP chapter also outlines how Internet services should deal with copyright infringement. It includes an ISP liability section which mimics the DMCA, but it leaves room for the Canadian notice-and-notice scheme to stay intact.

A more vague provision suggests that countries should encourage ISPs (including search engines and hosting services) to remove or disable content, if a court deems it to be copyright infringing. This means that foreign court orders could be applied to block content in other countries.

The above is worrisome, but the actual text specifies that countries should “induce” ISPs, not force them.

In a similar vein, the agreement specifies that countries should offer ISPs “legal incentives” to “cooperate with copyright owners to deter the unauthorized storage and transmission of copyrighted materials…”

Again, this doesn’t mean that all ISPs have to monitor for copyright infringements, but it will ‘reward’ those who do.

According to the Electronic Frontier Foundation, who released a detailed analysis, this effectively means that ISPs “are roped in as copyright enforcers.”

Another point of interest are the criminal sanctions for non-commercial copyright infringement TPP proposes, which currently don’t exist in many countries. This means that people may face jail time for copyright infringements without financial gain, as long as those infringements significantly impact copyright holders.

Finally, if TPP is ratified the circumvention of DRM will be banned as well. In addition, manufacturers will not be allowed to sell circumvention tools such as DVD or Blu-Ray rippers.

This means that Canada’s proposal to classify DRM-circumvention as fair use has failed, although the TPP allows countries to pass exceptions to allow non-infringing DRM circumvention.

While the TPP won’t end file-sharing or kill the Internet, as some suggest, it certainly puts the interests of large multinationals before those of the average citizen. As such, we can expect plenty of opposition leading up to the final votes.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

TorrentFreak: Copyright Trolls Announce UK Anti-Piracy Invasion

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

trollsignSo-called copyright trolls were a common occurrence in the UK half a decade ago, when many Internet subscribers received settlement demands for allegedly downloading pirated files.

After one of the key players went bankrupt the focus shifted to other countries, but now they’re back. One of the best known trolling outfits has just announced the largest anti-piracy push in the UK for many years.

The renewed efforts began earlier this year when the makers of “The Company You Keep” began demanding cash from many Sky Broadband customers.

This action was spearheaded by Maverick Eye, a German outfit that tracks and monitors BitTorrent piracy data that forms the basis of these campaigns. Today, the company says that this was just the beginning.

Framed as one of the largest anti-piracy campaigns in history, Maverick Eye says it teamed up with law firm Hatton & Berkeley and other key players to launch a new wave of settlement demands.

“Since July this year, Hatton & Berkeley and Maverick Eye have been busy working with producers, lawyers, key industry figures, investors, partners, and supporters to develop a program to protect the industry and defend the UK cinema against rampant piracy online,” Maverick Eye says.

“The entertainment industry can expect even more from these experts as they continue the fight against piracy in the UK.”

The companies have yet to announce which copyright holders are involved, but Maverick Eye is already working with the makers of the movies Dallas Buyers Club, The Cobbler and Survivor in other countries.

Most recently, they supported a series of lawsuits against several Popcorn Time users in the U.S., and they also targeted BitTorrent users in Canada and Australia.

Hatton & Berkeley commonly offers administrative services and says it will provide “essential infrastructure” for the UK anti-piracy campaign.

“Hatton and Berkeley stands alongside our colleagues in an international operation that has so far yielded drastic reductions in streaming, torrenting and illegal downloads across Europe,” the company announces.

In the UK it is relatively easy for copyright holders to obtain the personal details of thousands of subscribers at once, which means that tens of thousands of people could be at risk of being targeted.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Krebs on Security: Ex-Ashley Madison CTO Threatens Libel Suit

This post was syndicated from: Krebs on Security and was written by: BrianKrebs. Original post: at Krebs on Security

Last month, KrebsOnSecurity posted an exclusive story about emails leaked from AshleyMadison that suggested the company’s former chief technology officer Raja Bhatia hacked into a rival firm in 2012. Now, an attorney for the former executive is threatening a libel lawsuit against this author unless the story is retracted.

According to Bhatia’s attorney, the part of the story they consider defamatory has to do with the headline of the piece, and this bit:

“A review of those missives shows that on at least one occasion, a former company executive hacked another dating website, exfiltrating their entire user database. On Nov. 30, 2012, Raja Bhatia, the founding chief technology officer of, sent a message to Biderman notifying his boss of a security hole discovered in, an American online magazine dedicated to sexual topics, relationships and culture.

At the time, was experimenting with its own adult dating section, and Bhatia said he’d uncovered a way to download and manipulate the user database.

“They did a very lousy job building their platform. I got their entire user base,” Bhatia told Biderman via email, including in the message a link to a Github archive with a sample of the database. “Also, I can turn any non paying user into a paying user, vice versa, compose messages between users, check unread stats, etc.”

Libel lawsuits in the United States are usually quite difficult and expensive for the plaintiff to win. But in Canada — where Bhatia’s attorney and AshleyMadison’s parent company Avid Life Media are headquartered — the libel laws are more complex for defendants. For example, according my consultation with a prominent Canadian digital media attorney, the onus there is on the accused to prove the disputed libelous claims are in fact true.

Nevertheless, I have no intention of posting a retraction or correcting any elements of this story. But I’m publishing a copy of the letter (PDF) from Bhatia’s lawyer in the likely event that other publications have also received libel and defamation threats from AshleyMadison and/or its current and former employees.

A story at from Kim Zetter that ran shortly after my piece aired includes quite a few more colorful quotes from leaked emails Bhatia allegedly sent to AshMad CEO Noel Biderman.

Update, 11:49 a.m. ET: Added reference to Wired piece as the last sentence of this story.

TorrentFreak: Canada’s Mr. Robot Premiere Censored By False DMCA Notice

This post was syndicated from: TorrentFreak and was written by: Andy. Original post: at TorrentFreak

robot-smallNew York resident Elliot Alderson works as a security engineer at cyber-security company Allsafe. Through a window of mental issues, Alderson views the world with paranoia while using his undoubted technical skills to hack his targets.

After being recruited by an anarchist known as “Mr. Robot”, Alderson becomes part of a team known as “fsociety” with a mission to take down one of the largest corporations in the world.

The now-hit TV show Mr Robot enjoyed a somewhat unusual U.S. launch, with the pilot airing late May on a wide range of online platforms including the USANow app, YouTube, iTunes, Amazon Instant Video, Google Play, plus Xbox and Playstation, to name just a few.

Chris McCumber, president, USA Network, said that the strategy provided a “unique opportunity” to get noticed and drive word-of-mouth promotion. It’s the kind of effort piracy has been providing unofficially for many years via leaked pilots (1) (2).

After enjoying huge success in the United States, this Friday evening Mr Robot will finally get its Canadian premiere on Showcase. And, in line with the U.S. strategy, Canadian geeks have already been given the opportunity to have an advance sneak preview of the pilot episode on and

However, those attempting to use Google to find the pilot won’t be able to do so directly. Quite unbelievably, NBCUniversal in the United States have reported Showcase to Google, claiming that the copy of the pilot on the broadcaster’s website is illegal.


With episodes carrying titles such as eps1.1_ones-and-zer0es.mpeg and eps1.7_wh1ter0se.m4v (not to mention a quite fantastic website at, there can be little doubt that Mr Robot’s creators are reaching out to those who spend their lives online. It’s therefore particularly disappointing that the same target audience will be only too aware of how ridiculous these kinds of careless takedowns are.

Also regrettable is that the bogus NBCUniversal takedown has somehow slipped past Google’s systems that often reject erroneous claims. As can be seen from the image below, the pilot episode page has been completely delisted from Google.


The first series of Mr Robot has enjoyed success and great reviews in the U.S. but only now have Canadians been let in on the fun. Those wishing to do so without relying on censored Google search results should follow this link.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Krebs on Security: Who Hacked Ashley Madison?

This post was syndicated from: Krebs on Security and was written by: BrianKrebs. Original post: at Krebs on Security, a site that helps married people cheat and whose slogan is “Life is Short, have an Affair,” recently put up a half million (Canadian) dollar bounty for information leading to the arrest and prosecution of the Impact Team — the name chosen by the hacker(s) who recently leaked data on more than 30 million Ashley Madison users. Here is the first of likely several posts examining individuals who appear to be closely connected to this attack.

zu-launchpad-july-20It was just past midnight on July 20, a few hours after I’d published an exclusive story about hackers breaking into I was getting ready to turn in for the evening when I spotted a re-tweet from a Twitter user named Thadeus Zu (@deuszu) who’d just posted a link to the same cache of data that had been confidentially shared with me by the Impact Team via the contact form on my site just hours earlier: It was a link to the proprietary source code for Ashley Madison’s service.

Initially, that tweet startled me because I couldn’t find any other sites online that were actually linking to that source code cache. I began looking through his past tweets and noticed some interesting messages, but soon enough other news events took precedence and I forgot about the tweet.

I revisited Zu’s tweet stream again this week after watching a press conference held by the Toronto Police (where Avid Life Media, the parent company of Ashley Madison, is based). The Toronto cops mostly recapped the timeline of known events in the hack, but they did add one new wrinkle: They said Avid Life employees first learned about the breach on July 12 (seven days before my initial story) when they came into work, turned on their computers and saw a threatening message from the Impact Team accompanied by the anthem “Thunderstruck” by Australian rock band AC/DC playing in the background.

After writing up a piece on the bounty offer, I went back and downloaded all five years’ worth of tweets from Thadeus Zu, a massively prolific Twitter user who typically tweets hundreds if not thousands of messages per month. Zu’s early years on Twitter are a catalog of simple hacks — commandeering unsecured routers, wireless cameras and printers — as well as many, many Web site defacements.

On the defacement front, Zu focused heavily on government Web sites in Asia, Europe and the United States, and in several cases even taunted his targets. On Aug. 4, 2012, he tweeted to KPN-CERT, a computer security incident response team in the Netherlands, to alert the group that he’d hacked their site. “Next time, it will be Thunderstruck. #ACDC” Zu wrote.

The day before, he’d compromised the Web site for the Australian Parliament, taunting lawmakers there with the tweet: “Parliament of Australia Oi! Oi! Oi!….T.N.T. Dynamite! Listen to ACDC here.”

I began to get very curious about whether there were any signs on or before July 19, 2015 that Zu was tweeting about ACDC in relation to the Ashley Madison hack. Sure enough: At 9:40 a.m., July 19, 2015 — nearly 12 hours before I would first be contacted by the Impact Team — we can see Zu is feverishly tweeting to several people about setting up “replication servers” to “get the show started.” Can you spot what’s interesting in the tabs on his browser in the screenshot he tweeted that morning?

Twitter user ThadeusZu tweets about setting up replication servers. Note which Youtube video is playing on his screen.

Twitter user ThadeusZu tweets about setting up replication servers. Did you spot the Youtube video he’s playing when he took this screenshot?

Ten points if you noticed the tab showing that he’s listening to AC/DC’s “Thunderstruck.”

A week ago, the news media pounced on the Ashley Madison story once again, roughly 24 hours after the hackers made good on their threat to release the Ashley Madison user database. I went back and examined Zu’s tweet stream around that time and found he beat, and every other news media outlet by more than 24 hours with the Aug. 17 tweet, “Times up,” which linked to the Impact Team’s now infamous post listing the sites where anyone could download the stolen Ashley Madison user database.

ThadeusZu tweeted about the downloadable AshleyMadison data more than 24 hours before news outlets picked up on the cache.

ThadeusZu tweeted about the downloadable Ashley Madison data more than 24 hours before news outlets picked up on the cache.


As with the social networking profiles of others who’ve been tied to high-profile cybercrimes, Zu’s online utterings appear to be filled with kernels of truth surrounded by complete malarkey– thus making it challenging to separate fact from fiction. Hence, all of this could be just one big joke by Zu and his buddies. In any case, here are a few key observations about the who, what and where of Thadeus Zu based on information he’s provided (again, take that for what it’s worth).

Zu’s Facebook profile wants visitors to think he lives in Hawaii; indeed, the time zone set on several of his social media counts is the same as Hawaii. There are a few third-party Facebook accounts of people demonstrably living in Hawaii who tag him in their personal photos of events on Hawaii (see this cached photo, for example), but for the most part Zu’s Facebook account consists of pictures taken from stock image collections and do not appear to be personal photos of any kind.

A few tweets from Zu — if truthful and not simply premeditated misdirection — indicate that he lived in Canada for at least a year, although it’s unclear when this visit occurred.

thad-canada Zu’s various Twitter and Facebook pictures all feature hulking, athletic, and apparently black male models (e.g. he’s appropriated two profile photos of male model Rob Evans). But Zu’s real-life identity remains murky at best. The lone exception I found was an image that appears to be a genuine group photo taken of a Facebook user tagged as Thadeus Zu, along with an unnamed man posing in front of a tattoo store with popular Australian (and very inked) model/nightclub DJ Ruby Rose.

That photo is no longer listed in Rose’s Facebook profile, but a cached version of it is available here. Rose’s tour schedule indicates that she was in New York City when that photo was taken, or at least posted, on Feb. 6, 2014. Zu is tagged in another Ruby Rose Facebook post five days later on Valentine’s Day.

Other clues in his tweet stream and social media accounts put Zu in Australia. Zu has a Twitter account under the Twitter nick @ThadeusZu, which has a whopping 11 tweets, but seems rather to have been used as a news feed. In that account Zu is following some 35 Twitter accounts, and the majority of them are various Australian news organizations. That account also is following several Australian lawmakers that govern states in south Australia.

Then again, Twitter auto-suggests popular accounts for new users to follow, and usually does so in part based on the Internet address of the user. As such, @ThadeusZu may have only been using an Australian Web proxy or a Tor node in Australia when he set up that account (several of his self-published screen shots indicate that he regularly uses Tor to obfuscate his Internet address).

Even so, many of Zu’s tweets going back several years place him in Australia as well, although this may also be intentional misdirection. He continuously references his “Oz girl,” (“Oz” is another word for Australia) uses the greeting “cheers” quite a bit, and even talks about people visiting him in Oz.

Interestingly, for someone apparently so caught up in exposing hypocrisy and so close to the Ashley Madison hack, Zu appears to have himself courted a married woman — at least according to his own tweets. On January 5, 2014, Zu ‏tweeted:

“Everything is cool. Getting married this year. I am just waiting for my girl to divorce her husband. #seachange


A month later, on Feb. 7, 2014, Zu offered this tidbit of info:

“My ex. We were supposed to get married 8 years ago but she was taken away from me. Cancer. Hence, my downward spiral into mayhem.”


To say that Zu tweets to others is a bit of a misstatement. I have never seen anyone tweet the way Zu does; He sends hundreds of tweets each day, and while most of them appear to be directed at nobody, it does seem that they are in response to (if not in “reply” to) tweets that others have sent him or made about his work. Consequently, his tweet stream appears to the casual observer to be nothing more than an endless soliloquy.

But there may something else going on here. It is possible that Zu’s approach to tweeting — that is, responding to or addressing other Twitter users without invoking the intended recipient’s Twitter handle — is something of a security precaution. After all, he had to know and even expect that security researchers would try to reconstruct his conversations after the fact. But this is far more difficult to do when the Twitter user in question never actually participates in threaded conversations. People who engage in this way of tweeting also do not readily reveal the Twitter identities of the people with whom they chat most.

Thadeus Zu — whoever and wherever he is in real life — may not have been directly involved in the Ashley Madison hack; he claims in several tweets that he was not part of the hack, but then in countless tweets he uses the royal “We” when discussing the actions and motivations of the Impact Team. I attempted to engage Zu in private conversations without success; he has yet to respond to my invitations.

It is possible that Zu is instead a white hat security researcher or confidential informant who has infiltrated the Impact Team and is merely riding on their coattails or acting as their mouthpiece. But one thing is clear: If Zu wasn’t involved in the hack, he almost certainly knows who was.

KrebsOnSecurity is grateful to several researchers, including Nick Weaver, for their assistance and time spent indexing, mining and making sense of tweets and social media accounts mentioned in this post. Others who helped have asked to remain anonymous.

TorrentFreak: Pirate Music Site Op Pleads Guilty, Faces Five Years in Prison

This post was syndicated from: TorrentFreak and was written by: Andy. Original post: at TorrentFreak

Over the past five years, Operation in Our Sites, the U.S. initiative tackling copyright-infringing websites, has produced several arrests and the seizure of thousands of domains.

In October 2014, ICE Homeland Security Investigations took action against a pair of large U.S.-based websites. and were both involved in large-scale distribution of unauthorized music, with the former presenting itself as a music database and the latter its file-hosting partner.

At the time ICE didn’t respond to requests for comment but it eventually transpired that the sites’ alleged operator, Rocky P. Ouprasith of Charlotte, N.C., had been arrested.

According to papers filed in the United States District Court for the Eastern District of Virginia Friday, Ouprasith operated both sites from around May 2011 through to his arrest last October.


During that period Ouprasith sourced pirated content online and uploaded it to RockDizFile, while encouraging others to do the same. Ouprasith curated the unauthorized content and then presented it for download on RockDizMusic, which in turn acted as a user-friendly front for RockDizFile. ‘Affiliates’ who uploaded music were paid based on the number of times their files were downloaded.

“To operate these websites, OUPRASITH rented and used computer servers in the United States and abroad. OUPRASITH hosted the website on servers originally located in France and later in Canada,” court papers read.

“One of OUPRASITH’s linking websites, at, operated from a computer server in Illinois furnished by the webhosting provider, GigeNET. A second linking website used by OUPRASITH, at, was hosted
from a computer server in Russia.”


According to the prosecution, Ouprasith’s aim was to profit from his websites. He sold premium subscriptions to RockDizFile at a cost of up to $90.00 per year, which offered faster downloads and VIP access. Also generating revenue were several deals he had up with to nine advertising firms.

This resulted in decent traffic, reportedly 1.65m visits from 937,000 unique visitors in January 2014. However, that doesn’t appear to have made Ouprasith a particularly rich man. Skype messages found on a laptop seized by ICE had the 23-year-old stating that in 2013 he made around $80k but spent $60K running the business.


Nevertheless, according to the RIAA, in 2013 RockDizFile emerged “as the second largest online file-sharing site in the reproduction and distribution of infringing copies of copyrighted music in the United States.”

This growth caused both the RIAA and IFPI to target the site with hundreds of DMCA takedown notices but apparently Ouprasith failed to process them in a legally acceptable manner. A Homeland Security investigation found that although files were taken down, the same reappeared elsewhere on the site.

“In other words, OUPRASITH never took down the infringing files pursuant to the DMCA takedown notices. Instead, he simply created a new hyperlink to the same illegal content,” a statement of facts reads.

Arrest and guilty plea

On October 15, 2014, HSI executed a warrant to search Ouprasith’s residence in North Carolina. In Chicago, the RockDizFile server was seized, as were ancillary servers in both the Netherlands and France. Ouprasith appears to have cooperated immediately.

“After being advised of his rights orally and in writing, OUPRASITH waived them and agreed to speak with investigators,” papers read.

What followed was a near complete confession, including that he made between $3,000 and $4000 profit per month and that in response to DMCA notices Ouprasith would “delete the reported links to the content listed in the notices and then re-upload exactly the same content under new hyperlinks.”

In his guilty plea, Ouprasith admits for-profit infringement exceeding $2.5m but less than $7m, plus various other copyright charges including pre-release music piracy. He also agrees to forfeit almost $51,000 and any property used to commit and facilitate the infringement.

When sentenced later this year, Ouprasith faces up to five years in federal prison.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Krebs on Security: Was the Ashley Madison Database Leaked?

This post was syndicated from: Krebs on Security and was written by: BrianKrebs. Original post: at Krebs on Security

Many news sites and blogs are reporting that the data stolen last month from 37 million users of — a site that facilitates cheating and extramarital affairs — has finally been posted online for the world to see. In the past 48 hours, several huge dumps of data claiming to be the actual AshleyMadison database have turned up online. But there are precious few details in them that would allow one to verify these claims, and the company itself says it so far sees no indication that the files are legitimate.

A huge trove of data nearly 10 gigabytes in size was dumped onto the Deep Web and onto various Torrent file-sharing services over the past 48 hours.  According to a story at, included in the files are names, addresses and phone numbers apparently attached to AshleyMadison member profiles, along with credit card data and transaction information. Links to the files were preceded by a text file message titled “Time’s Up” (see screenshot below).

The message left by the hackers claiming to leak the database.

The message left by the latest group of attention-seekers claiming to have leaked the hacked database.

From taking in much of the media coverage of this leak so far — for example, from the aforementioned Wired piece or from the story at security blogger Graham Cluley’s site — readers would most likely conclude that this latest collection of leaked data is legitimate. But after an interview this evening with Raja Bhatia — AshleyMadison’s original founding chief technology officer — I came away with a much different perspective.

Bhatia said he has teamed up with an international team of roughly a dozen investigators working seven days a week, 24-hours a day just to keep up with all of the fake data dumps claiming to be the stolen AshleyMadison database that was referenced by the original hackers on July 19. Bhatia said his team sees no signs that this latest dump is legitimate.

“On a daily basis, we’re seeing 30 to 80 different claimed dumps come online, and most of these dumps are entirely fake and being used by other organizations to capture the attention that’s been built up through this release,” Bhatia said. “In total we’ve looked at over 100GB of data that’s been put out there. For example, I just now got a text message from our analysis team in Israel saying that the last dump they saw was 15 gigabytes. We’re still going through that, but for the most part it looks illegitimate and many of the files aren’t even readable.”

The former AshleyMadison CTO, who’s been consulting for the company ever since news of the hack broke last month, said many of the fake data dumps the company has examined to date include some or all of the files from the original July 19 release. But the rest of the information, he said, is always a mix of data taken from other hacked sources — not

“The overwhelming amount of data released in the last three weeks is fake data,” he said. “But we’re taking every release seriously and looking at each piece of data and trying to analyze the source and the veracity of the data.”

Bhatia said the format of the fake leaks has been changing constantly over the last few weeks.

“Originally, it was being posted through and, and now we’re seeing files going out over torrents, the Dark Web, and TOR-based URLs,” he said.

To help locate new troves of data claiming to be the files stolen from AshleyMadison, the company’s forensics team has been using a tool that Netflix released last year called Scumblr, which scours high-profile sites for specific terms and data.

“For the most part, we can quickly verify that it’s not our data or it’s fake data, but we are taking each release seriously,” Bhatia said. “Scumbler helps accelerate the time it takes for us to detect new pieces of data that are being released.  For the most part, we’re finding the majority of it is fake. There are some things that have data from the original release, but other than that, what we’re seeing is other generic files that have been introduced, fake SQL files.”

Bhatia said this most recent leak is especially amusing because it included actual credit card data, even though has never stored credit card information.

“There’s definitely not credit card information, because we don’t store that,” Bhatia said. “We use transaction IDs, just like every other PCI compliant merchant processor. If there is full credit card data in a dump, it’s not from us, because we don’t even have that. When someone completes a payment, what happens is from our payment processor, we get a transaction ID back. That’s the only piece of information linking to a customer or consumer of ours. If someone is releasing credit card data, that’s not from us. We don’t have that in our databases or our own systems.”

A screen shot of the archive released recently that many believe is the leaked AshleyMadison database.

A screen shot of the archive released recently that many believe is the leaked AshleyMadison database.

Nearly every day since I first reported the exclusive story of the Ashley Madison hack on July 19,  I’ve received desperate and sad emails from readers who were or are AshleyMadison users and who wanted to know if the data would ever be leaked, or if I could somehow locate their information in any documents leaked so far. Unfortunately, aside from what I’ve reported here and in my original story last month, I don’t have any special knowledge or insight into this attack.

My first report on this breach quoted AshleyMadison CEO Noel Biderman saying the company suspected the culprit was likely someone who at one time had legitimate access to the company’s internal networks. I’d already come to the same conclusion by that time, and I still believe that’s the case. So I asked Bhatia if the company and/or law enforcement in Canada or the United States had apprehended anyone in relation to this hack.

Bhatia declined to answer, instead referring me to the written statement posted on its site today, which noted that investigation is still ongoing and that the company is simultaneously cooperating fully with law enforcement investigations, including by the Royal Canadian Mounted Police, the Ontario Provincial Police, the Toronto Police Services and the U.S. Federal Bureau of Investigation.

“This event is not an act of hacktivism, it is an act of criminality. It is an illegal action against the individual members of, as well as any freethinking people who choose to engage in fully lawful online activities,” the statement reads. “We know that there are people out there who know one or more of these individuals, and we invite them to come forward. While we are confident that the authorities will identify and prosecute each of them to the fullest extent of the law, we also know there are individuals out there who can help to make this happen faster.”

Raspberry Pi: The TRS-80 model 100 goes online

This post was syndicated from: Raspberry Pi and was written by: Liz Upton. Original post: at Raspberry Pi

Sometimes added functionality isn’t exactly functional. Sometimes, it’s more a sort of demonstration that something can be done, whether or not it’s actually a very good idea.

UK readers may not recognise the machine below, but those of you in the USA (as long as you’re of a certain vintage) will be familiar with it. It’s a TRS-80 model 100: an incredibly early (1983-ish) laptop-type computer, whose market was mostly in the US and Canada, made in partnership by Kyocera and Microsoft. The 8k version would set you back $1099, and the 24k version $1399 – an absolute ton of money in 1983, when we many of us at Pi Towers were either not born yet, or still at the corduroy dungarees and deelyboppers phase.


The TRS-80, rather amazingly, was a connected machine, with a built-in modem. It was a popular tool for journalists; you could save about eleven pages of text if you were out in the field, and send it over that modem to your editor using a program called TELCOM – an incredibly liberating technology at the time. It was pretty power-efficient as well; it took four AA batteries, which lasted for about 20 hours.

So what better for retro-hardware lovers than an internet-connected TRS-80 model 100? That’s exactly what Sean Gallagher from Ars Technica made.


I successfully logged in to Ars’ editorial IRC channel from the Model 100. And seeing as this machine first saw the market in 1983, it took a substantial amount of help: a Raspberry Pi, a little bit of BASIC code, and a hidden file from the website of a certain Eric S. Raymond.

Sean says that the TRS-80 is the last machine Bill Gates ever wrote a significant amount of code for, and that Gates has said it’s his favourite ever machine.

This is a really tricky problem to work your way around when you consider that modern websites don’t really work within a 40 columns by eight lines display; that the TRS-80 keyboard doesn’t have a | or pipe symbol; that you can’t load a TCP/IP stack onto the device; that Sean had to build his own null-modem cable – it’s a labour of love and an absolutely fascinating read. Head over to Ars Technica to read more about dragging 1980s hardware some of the way into the 21st century.


The post The TRS-80 model 100 goes online appeared first on Raspberry Pi.

TorrentFreak: CNN & CBC Sued For Pirating 31 Second YouTube Video

This post was syndicated from: TorrentFreak and was written by: Andy. Original post: at TorrentFreak

youtubefaceWhile millions of users upload videos to YouTube every day without expecting any reward, it’s possible for popular content to generate plenty of revenue through YouTube’s account monetization program.

New York resident Alfonzo Cutaia used the program last year when he sensed he had a hit video on his hands, but allegedly some news organizations didn’t play by the rules and now things have become messy.

Things began in 2014 when winter storm ‘Knife‘ buried parts of New York and surrounding areas under several feet of snow. On November 18, Cutaia was watching the storm coming over Lake Erie from his Buffalo office window when he decided to record events on his mobile phone.

Recognizing the potential for interest in his video, Cutaia uploaded his 32 second clip to YouTube. He gave it the title “Buffalo Lake Effect” and opted to generate revenue via YouTube’s monetization program. Cutaia selected “Standard YouTube License” and watched the hits roll in.

The recording did very well indeed. By the end of day one Cutaia’s video had been viewed more than 513,000 times. On day two things blew up with an additional 2.3 million hits and soon after the New York resident was receiving requests from news outlets – CBS, ABC, CNN, NBC, Reuters and AP – to use his footage.

But according to a lawsuit filed this week by Cutaia in a New York court, around November 18 Canada’s CBC aired the video online without permission, with a CBC logo as an overlay.

After complaining to CBC about continued unauthorized use, last month Cutaia was told by CBC that the company had obtained the video from CNN on a 10-day license. However, Cutaia claims that the video was used by CBC and its partners for many months, having been supplied to them by CNN who also did not have a license.

In his complaint, Cutaia seeks injunctions against both CBC and CNN to stop further unlawful use of his video. He also accuses the news outlets of “intentional and willful” copyright infringement and seeks appropriate damages.

Interestingly, the lawsuit also claims that both CBC and CNN violated the DMCA when the companies ‘liberated’ it from the YouTube system and offered it for viewing elsewhere.

“In order to infringe the Storm Video, CBC [and CNN] circumvented Cutaia’s technological measures limiting access to the Storm Video, without authorization, in violation of 17 U.S.C. § 1201(a)(1)(a),” the lawsuit reads.

“By its reproduction and alteration to the Storm Video, CBC [and CNN] intentionally removed and/or altered the copyright management information of the Storm Video, without authorization, in violation of U.S.C. § 1202(b)(1)”

CBC and CNN are also accused of distributing the video despite knowing that the copyright management information had been removed.

In closing, Cutaia seeks permanent injunctions against CBC and CNN, accuses them of varying degrees of copyright infringement, while demanding a jury trial to determine damages.

In the meantime “Buffalo Lake Effect” continues to perform well on YouTube. By July 2015 the video had been viewed more than 3.68m times.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and the best VPN services.

Krebs on Security: Chinese VPN Service as Attack Platform?

This post was syndicated from: Krebs on Security and was written by: BrianKrebs. Original post: at Krebs on Security

Hardly a week goes by without a news story about state-sponsored Chinese cyberspies breaking into Fortune 500 companies to steal intellectual property, personal data and other invaluable assets. Now, researchers say they’ve unearthed evidence that some of the same Chinese hackers also have been selling access to compromised computers within those companies to help perpetuate future breaches.

The so-called “Great Firewall of China” is an effort by the Chinese government to block citizens from accessing specific content and Web sites that the government has deemed objectionable. Consequently, many Chinese seek to evade such censorship by turning to virtual private network or “VPN” services that allow users to tunnel their Internet connections to locations beyond the control of the Great Firewall.


Security experts at RSA Research say they’ve identified an archipelago of Chinese-language virtual private network (VPN) services marketed to Chinese online gamers and those wishing to evade censorship, but which also appear to be used as an active platform for launching attacks on non-Chinese corporations while obscuring the origins of the attackers.

Dubbed by RSA as “Terracotta VPN” (a reference to the Chinese Terracotta Army), this satellite array of VPN services “may represent the first exposure of a PRC-based VPN operation that maliciously, efficiently and rapidly enlists vulnerable servers around the world,” the company said in a report released today.

The hacker group thought to be using Terracotta to launch and hide attacks is known by a number of code names, including the “Shell_Crew” and “Deep Panda.” Security experts have tied this Chinese espionage gang to some of the largest data breaches in U.S. history, including the recent attack on the U.S. Office of Personnel Management, as well as the breaches at U.S. healthcare insurers Anthem and Premera.

According to RSA, Terracotta VPN has more than 1,500 nodes around the world where users can pop up on the Internet. Many of those locations appear to be little more than servers at Internet service providers in the United States, Korea, Japan and elsewhere that offer cheap virtual private servers.

But RSA researchers said they discovered that many of Terracotta’s exit nodes were compromised Windows servers that were “harvested” without the victims’ knowledge or permission, including systems at a Fortune 500 hotel chain; a hi-tech manufacturer; a law firm; a doctor’s office; and a county government of a U.S. state.

The report steps through a forensics analysis that RSA conducted on one of the compromised VPN systems, tracking each step the intruders took to break into the server and ultimately enlist the system as part of the Terracotta VPN network.

“All of the compromised systems, confirmed through victim-communication by RSA Research, are Windows servers,” the company wrote. “RSA Research suspects that Terracotta is targeting vulnerable Windows servers because this platform includes VPN services that can be configured quickly (in a matter of seconds).”

RSA says suspected nation-state actors have leveraged at least 52 Terracotta VPN nodes to exploit sensitive targets among Western government and commercial organizations. The company said it received a specific report from a large defense contractor concerning 27 different Terracotta VPN node Internet addresses that were used to send phishing emails targeting users in their organization.

“Out of the thirteen different IP addresses used during this campaign against this one (APT) target, eleven (85%) were associated with Terracotta VPN nodes,” RSA wrote of one cyber espionage campaign it investigated. “Perhaps one of the benefits of using Terracotta for Advanced Threat Actors is that their espionage related network traffic can blend-in with ‘otherwise-legitimate’ VPN traffic.”


RSA’s report includes a single screen shot of software used by one of the commercial VPN services marketed on Chinese sites and tied to the Terracotta network, but for me this was just a tease: I wanted a closer look at this network, yet RSA (or more likely, the company’s lawyers) carefully omitted any information in its report that would make it easy to locate the sites selling or offering the Terracotta VPN.

RSA said the Web sites advertising the VPN services are marketed on Chinese-language Web sites that are for the most part linked by common domain name registrant email addresses and are often hosted on the same infrastructure with the same basic Web content. Along those lines, the company did include one very useful tidbit in its report: A section designed to help companies detect servers that may be compromised warned that any Web servers seen phoning home to 8800free[dot]info should be considered hacked.

A lookup at for the historic registration records on 8800free[dot]info show it was originally registered in 2010 to someone using the email address “” Among the nine other domains registered to is 517jiasu[dot]cn, an archived version of which is available here.

Domaintools shows that in 2013 the registration record for 8800free[dot]info was changed to include the email address “” Helpfully, that email was used to register at least 39 other sites, including quite a few that are or were at one time advertising similar-looking VPN services.

Pivoting off the historic registration records for many of those sites turns up a long list of VPN sites registered to other interesting email addresses, including “,” “” and “” (click the email addresses for a list of domains registered to each).

Armed with lists of dozens of VPN sites, it wasn’t hard to find several sites offering different VPN clients for download. I installed each on a carefully isolated virtual machine (don’t try this at home, kids!). Here’s one of those sites:

One of the sites offering the VPN software and service that RSA has dubbed "Terracotta."

A Google-translated version of one of the sites offering the VPN software and service that RSA has dubbed “Terracotta.”

All told, I managed to download, install and use at least three VPN clients from VPN service domains tied to the above-mentioned email addresses. The Chinese-language clients were remarkably similar in overall appearance and function, and listed exit nodes via tabs for several countries, including the Canada, Japan, South Korea and the United States, among others. Here is one of the VPN clients I played with in researching this story:


This one was far more difficult to use, and crashed repeatedly when I first tried to take it for a test drive:


None of the VPN clients I tried would list the Internet addresses of the individual nodes. However, each node in the network can be discovered simply by running some type of network traffic monitoring tool in the background (I used Wireshark), and logging the address that is pinged when one clicks on a new connection.

RSA said it found more than 500 Terracotta servers that were U.S. based, but I must have gotten in on the fun after the company started notifying victim organizations because I found only a few dozen U.S.-based hosts in any of the VPN clients I checked. And most of the ones I did find that were based in the United States appeared to be virtual private servers at a handful of hosting companies.

The one exception I found was a VPN node tied to a dedicated Windows server for the Web site of a company in Michigan that manufactures custom-made chairs for offices, lounges and meeting rooms. That company did not return calls seeking comment.

In addition to the U.S.-based hosts, I managed to step through a huge number of systems based in South Korea. I didn’t have time to look through each record to see whether any of the Korean exit nodes were interesting, but here’s the list I came up with in case anyone is interested. I simply haven’t had time to look at and look up the rest of the clients in what RSA is calling the Terracotta network. Here’s a more simplified list of just the organizational names attached to each record.

Assuming RSA’s research is accurate (and I have no reason to doubt that it is) the idea of hackers selling access to hacked PCs for anonymity and stealth online is hardly a new one. In Sept. 2011, I wrote about how the Russian cybercriminals responsible for building the infamous TDSS botnet were selling access to computers sickened with the malware via a proxy service called AWMProxy, even allowing customers to pay for the access with PayPal, Visa and MasterCard.

It is, after all, incredibly common for malicious hackers to use systems they’ve hacked to help perpetrate future cybercrimes – particularly espionage attacks. A classified map of the United States obtained by NBC last week showing the victims of Chinese cyber espionage over the past five years lights up like so many exit nodes in a VPN network.

Source: NBC

Source: NBC

Krebs on Security: Online Cheating Site AshleyMadison Hacked

This post was syndicated from: Krebs on Security and was written by: BrianKrebs. Original post: at Krebs on Security

Large caches of data stolen from online cheating site have been posted online by an individual or group that claims to have completely compromised the company’s user databases, financial records and other proprietary information. The still-unfolding leak could be quite damaging to some 37 million users of the hookup service, whose slogan is “Life is short. Have an affair.”


The data released by the hacker or hackers — which go by the name The Impact Team — includes sensitive internal data stolen from Avid Life Media (ALM), the Toronto-based firm that owns AshleyMadison as well as related hookup sites Cougar Life and Established Men.

Reached by KrebsOnSecurity late Sunday evening, ALM Chief Executive Noel Biderman confirmed the hack, and said the company was “working diligently and feverishly” to take down ALM’s intellectual property. Indeed, in the short span of 30 minutes between that brief interview and the publication of this story, several of the Impact Team’s Web links were no longer responding.

“We’re not denying this happened,” Biderman said. “Like us or not, this is still a criminal act.”

Besides snippets of account data apparently sampled at random from among some 40 million users across ALM’s trio of properties, the hackers leaked maps of internal company servers, employee network account information, company bank account data and salary information.

The compromise comes less than two months after intruders stole and leaked online user data on millions of online hookup site AdultFriendFinder.

In a long manifesto posted alongside the stolen ALM data, The Impact Team said it decided to publish the information in response to alleged lies ALM told its customers about a service that allows members to completely erase their profile information for a $19 fee.

According to the hackers, although the “full delete” feature that Ashley Madison advertises promises “removal of site usage history and personally identifiable information from the site,” users’ purchase details — including real name and address — aren’t actually scrubbed.

“Full Delete netted ALM $1.7mm in revenue in 2014. It’s also a complete lie,” the hacking group wrote. “Users almost always pay with credit card; their purchase details are not removed as promised, and include real name and address, which is of course the most important information the users want removed.”

Their demands continue:

“Avid Life Media has been instructed to take Ashley Madison and Established Men offline permanently in all forms, or we will release all customer records, including profiles with all the customers’ secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails. The other websites may stay online.”

A snippet of the message left behind by the Impact Team.

A snippet of the message left behind by the Impact Team.

It’s unclear how much of the AshleyMadison user account data has been posted online. For now, it appears the hackers have published a relatively small percentage of AshleyMadison user account data and are planning to publish more for each day the company stays online.

“Too bad for those men, they’re cheating dirtbags and deserve no such discretion,” the hackers continued. “Too bad for ALM, you promised secrecy but didn’t deliver. We’ve got the complete set of profiles in our DB dumps, and we’ll release them soon if Ashley Madison stays online. And with over 37 million members, mostly from the US and Canada, a significant percentage of the population is about to have a very bad day, including many rich and powerful people.”

ALM CEO Biderman declined to discuss specifics of the company’s investigation, which he characterized as ongoing and fast-moving. But he did suggest that the incident may have been the work of someone who at least at one time had legitimate, inside access to the company’s networks — perhaps a former employee or contractor.

“We’re on the doorstep of [confirming] who we believe is the culprit, and unfortunately that may have triggered this mass publication,” Biderman said. “I’ve got their profile right in front of me, all their work credentials. It was definitely a person here that was not an employee but certainly had touched our technical services.”

As if to support this theory, the message left behind by the attackers gives something of a shout out to ALM’s director of security.

“Our one apology is to Mark Steele (Director of Security),” the manifesto reads. “You did everything you could, but nothing you could have done could have stopped this.”

Several of the leaked internal documents indicate ALM was hyper aware of the risks of a data breach. In a Microsoft Excel document that apparently served as a questionnaire for employees about challenges and risks facing the company, employees were asked “In what area would you hate to see something go wrong?”

Trevor Stokes, ALM’s chief technology officer, put his worst fears on the table: “Security,” he wrote. “I would hate to see our systems hacked and/or the leak of personal information.”

In the wake of the AdultFriendFinder breach, many wondered whether AshleyMadison would be next. As the Wall Street Journal noted in a May 2015 brief titled “Risky Business for,” the company had voiced plans for an initial public offering in London later this year with the hope of raising as much as $200 million.

“Given the breach at AdultFriendFinder, investors will have to think of hack attacks as a risk factor,” the WSJ wrote. “And given its business’s reliance on confidentiality, prospective AshleyMadison investors should hope it has sufficiently, er, girded its loins.”

Krebs on Security: CVS Probes Card Breach at Online Photo Unit

This post was syndicated from: Krebs on Security and was written by: BrianKrebs. Original post: at Krebs on Security

Nationwide pharmacy chain CVS has taken down its online photo center, replacing it with a message warning that customer credit card data may have been compromised. The incident comes just days after Walmart Canada said it was investigating a potential breach of customer card data at its online photo processing store.


“We have been made aware that customer credit card information collected by the independent vendor who manages and hosts may have been compromised,” CVS said in a statement that replaced the photo Web site’s normal homepage content. “As a precaution, as our investigation is underway we are temporarily shutting down access to online and related mobile photo services. We apologize for the inconvenience. Customer registrations related to online photo processing and are completely separate from and our pharmacies. Financial transactions on and in-store are not affected.”

Last week, Walmart Canada warned it was investigating a similar breach of its online photo Web site, which the company said was operated by a third party. The Globe and Mail reported that the third-party in the Walmart Canada breach is a company called PNI Digital Media. 

According to PNI’s investor relations page, PNI provides a “provides a proprietary transactional software platform” that is used by retailers such as Costco, Walmart Canada, and CVS/pharmacy to sell millions of personalized products every year.”

“Our digital logistics connect your website, in-store kiosks, and mobile presences with neighbourhood storefronts, maximizing style, price, and convenience. Last year the PNI Digital Media platform worked with over 19,000 retail locations and 8,000 kiosks to generate more than 18M transactions for personalized products.”

Neither CVS nor PNI could be immediately reached for comment. Costco’s online photo store —, does not appear to include any messaging about a possible breach.

Interestingly, PNI Digital Media was acquired a year ago by office supply chain Staples. As first reported by this site in October 2014, Staples suffered its own card breach, a six-month intrusion that allowed thieves to steal more than a million customer card accounts.

TorrentFreak: TPP: U.S. May Accept Partners’ Own ISP Liability Frameworks

This post was syndicated from: TorrentFreak and was written by: Andy. Original post: at TorrentFreak

The Trans-Pacific Partnership (TPP) is a multinational trade agreement aimed at strengthening economic ties between the United States, Canada, New Zealand, Japan and eight other countries. The aim is to ease trade in goods and services, encourage investment, and forge understandings across a wide range of policy issues.

The TPP contains a chapter on intellectual property issues such as copyright, trademarks and patents. However, the developing agreement is highly secretive with drafts never being released to the public – officially at least. That all changed in 2013 when Wikileaks breached the agreement’s security cordon with the publishing of a draft relating to IP issues.

Since then there have been several leaks, including a notable one in October 2014, again courtesy of Wikileaks. Last month Politico obtained a more recent draft dated May 2015 but did not publish the full document. However, the Electronic Frontier Foundation now says it has been briefed on its contents.

The EFF reports that while the text on DRM circumvention and copyright term remain largely unchanged, progress appears to have been made in the area of intermediary liability. This relates to the immunity afforded to service providers in respect of copyright infringement claims, provided they adhere to a set of requirements establishing their ‘safe harbor’.

In this area the most famous framework is that outlined by the United States’ Digital Millennium Copyright Act (DMCA), whereby Internet companies such as ISPs and platform providers such as Google and YouTube respond to takedown requests from third parties to avoid being held liable for the infringements of others.

As outlined in last year’s leak, the TPP’s ISP liability section mimics the DMCA, which prompted concern that partners could be forced to impose tougher regimes than those already in place. However, according to the EFF there appears to be a softening of position which could allow countries to stick to existing frameworks.

“The latest leak suggests that the U.S. is now likely to accommodate at least some of these existing intermediary liability regimes, rather than forcing a carbon-copy of the failed DMCA on its TPP partners,” EFF Senior Global Policy Analyst Jeremy Malcolm writes.

“The text does enforce a more generalized model of limitation of liability for intermediaries for third party content, and imposes a range of conditions before they qualify for that protection.

“But those conditions are now broad enough to accommodate a Japanese-style system in which a self-regulatory authority, formed by intermediaries and rightsholders with government involvement, is required to verify notices of claimed infringement before they are acted on.”

Also of interest is the approach taken towards Canada, a country placed as one of the leading opponents of many of the U.S. proposals. As concern mounts that the TPP agreement could challenge the country’s recently revamped copyright law and its notice-and-notice (as opposed to notice-and-takedown) system, the EFF reports leeway in negotiations.

“Interestingly, Canada’s system is not accommodated within the main text, but in a separate annex. The annex would exempt a country (such as Canada, implicitly) from the requirement to have a notice-and-takedown system provided that it already has a system in place requiring intermediaries to pass on notices of alleged infringement to their users,” the EFF explains.

However, the wiggle room does come at a cost. Countries in this position would be expected to impose secondary liability on intermediaries of services that are “primarily” used to enable copyright infringement. Search engines would also be required to remove cached copies of infringing items after their removal.

While the EFF raises concerns over the above, other proposals in the draft are given a cautious welcome.

TPP partners are now required to provide penalties against parties who knowingly file false takedown notices, equally those who file false counter-notices. Content taken down by a takedown notice must also be restored if a valid counter-notice is received.

Intermediaries will also be relieved that a failure to satisfy safe harbor conditions won’t automatically make them liable for infringement. Neither will safe harbor be reliant on intermediaries proactively monitoring uploads.

In conclusion, however, the EFF sees few reasons for optimism, noting that other threats in the IP chapter mean that the case for the group to fight the TPP “has never been more compelling.”

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and the best VPN services.

TorrentFreak: Cloudflare Reveals Pirate Site Locations in an Instant

This post was syndicated from: TorrentFreak and was written by: Andy. Original post: at TorrentFreak

cloudflareFive years ago, discovering the physical location of almost any ‘pirate’ site was achievable in a matter of seconds using widely available online tools. All one needed was an IP address and a simple lookup.

As sites became more aware of the need for security, cloaking efforts became more commonplace. Smaller sites, private trackers in particular, began using tunnels and proxies to hide their true locations, hampering anti-piracy efforts in the process. Later these kinds of techniques were used on even the largest sites, The Pirate Bay for example.

In the meantime the services of a rising company called Cloudflare had begun to pique the interest of security-minded site owners. Designed to optimize the performance of sites while blocking various kinds of abuse, Cloudflare-enabled sites get to exchange their regular IP address for one operated by Cloudflare, a neat side-effect for a site wishing to remain in the shadows.


Today, Cloudflare ‘protects’ dozens – perhaps hundreds – of ‘pirate’ sites. Some use Cloudflare for its anti-DDoS capabilities but all get to hide their real IP addresses from copyright holders. This has the potential to reduce the amount of DMCA notices and other complaints filtering through to their real hosts.

Surprisingly, however, belief persists in some quarters that Cloudflare is an impenetrable shield that allows ‘pirate’ sites to operate completely unhindered. In fact, nothing could be further from the truth.

In recent days a perfect example appeared in the shape of Sparvar (Sparrows), a Swedish torrent site that has been regularly hounded by anti-piracy outfit Rights Alliance. Sometime after moving to Canada in 2014, Sparvar began using the services of Cloudflare, which effectively cloaked the site’s true location from the world. Well, that was the theory.

According to an announcement from the site, Rights Alliance lawyer Henrik Pontén recently approached Cloudflare in an effort to uncover Sparvar’s email address and the true location of its servers. The discussions between Rights Alliance and Cloudflare were seen by Sparvar, which set alarm bells ringing.

“After seeing the conversations between Rights Alliance and server providers / CloudFlare we urge staff of other Swedish trackers to consider whether the risk they’re taking is really worth it,” site staff said.

“All that is required is an email to CloudFlare and then [anti-piracy companies] will have your IP address.”

As a result of this reveal, Sparvar is now offline. No site or user data has been compromised but it appears that the site felt it best to close down, at least for now.


This obviously upset users of the site, some of whom emailed TorrentFreak to express disappointment at the way the situation was handled by Cloudflare. However, Cloudflare’s terms and conditions should leave no doubt as to how the company handles these kinds of complaints.

One clause in which Cloudflare reserves the right to investigate not only sites but also their operators, it’s made crystal clear what information may be given up to third parties.

“You acknowledge that CloudFlare may, at its own discretion, reveal the information about your web server to alleged copyright holders or other complainants who have filed complaints with us,” the company writes.

The situation is further underlined when Cloudflare receives DMCA notices from copyright holders and forwards an alert to a site using its services.

“We have provided the name of your hosting provider to the reporter. Additionally, we have forwarded this complaint to your hosting provider as well,” the site’s abuse team regular advises.

While Cloudflare itself tends not to take direct action against sites it receives complaints about, problems can mount if a copyright holder is persistent enough. Just recently Cloudflare was ordered by a U.S. court to discontinue services to a Grooveshark replacement. That site is yet to reappear.

Finally, Sparvar staff have some parting advice for other site operators hoping to use Cloudflare services without being uncovered.

“We hope that you do not have your servers directly behind CloudFlare which means a big security risk. We hope and believe that you are also running some kind of reverse proxy,” the site concludes.

At the time of publication, Henrik Pontén of Rights Alliance had not responded to our requests for comment.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and the best VPN services. [$] A report from PGCon 2015

This post was syndicated from: and was written by: jake. Original post: at

PGCon 2015, the PostgreSQL
international developer conference, took place in Ottawa, Canada from June
16 to 20. This PGCon involved a change in format from prior editions, with
a “developer unconference” in the two days before the main conference
program. Both the conference and the unconference covered a wide range of
topics, many of them related to horizontal or vertical scaling, or to new
PostgreSQL features.

Subscribers can click below for a report from the conference from guest author Josh Berkus.