Posts tagged ‘Facebook’

TorrentFreak: Canadian Government Spies on Millions of File-Sharers

This post was syndicated from: TorrentFreak and was written by: Andy. Original post: at TorrentFreak

spyBeing monitored online is a reality largely acknowledged by millions of file-sharers worldwide. Countless rightsholders, anti-piracy outfits, analytics companies and other interested parties crawl BitTorrent and other P2P networks every day, spying on downloads and gathering data.

While the public nature of these networks is perfect for those looking to eavesdrop, individuals who use file-hosting sites are often under the impression that their transfers cannot be monitored by third parties since transactions take place privately from user to site via HTTP.

That assumption has today been blown completely out of the water amid revelations that Canada’s top electronic surveillance agency has been spying on millions of downloads from more than 100 file-sharing sites.

Led by the Communications Security Establishment (CSE), Canada’s equivalent of the NSA, and codenamed LEVITATION, the project unveils widespread Internet surveillance carried out by Canadian authorities.

A document obtained by U.S. whistleblower Edward Snowden and released to CBC News shows that in an effort to track down extremists the spy agency monitors up to 15 million downloads carried out by users around the world every day.


According to the 2012 document, 102 file-sharing platforms were monitored by CSE. Just three were named – RapidShare, SendSpace, and the now defunct Megaupload. None of the sites were required to cooperate with the Canadian government since CSE had its own special capabilities.

“A separate secret CSE operation codenamed ATOMIC BANJO obtains the data directly from internet cables that it has tapped into, and the agency then sifts out the unique IP address of each computer that downloaded files from the targeted websites,” The Intercept‘s analysis of the document notes.

Once harvested those IP addresses are cross-referenced with vast amounts of additional data already intercepted by the United States’ NSA and its British counterpart GCHQ. Subsequent searches have the ability to show a list of other websites visited by those downloading from file-hosting sites.

Further associations can then be made with Facebook or Google accounts (via Google analytics cookies) which have the potential to link to names, addresses and other personal details. It’s a potent mix but one apparently designed to weed out just a small number of files from millions of daily events.


According to the LEVITATION documents the system has the ability to track downloads in countries across Europe, the Middle East, North Africa and North America.

Under law, CSE isn’t allowed to spy on Canadians, but IP addresses belonging to a web server in Montreal appeared in a list of “suspicious” downloads. Also monitored by CSE were downloads carried out by citizens located in closely allied countries including the U.S., UK, Germany and Spain.

“CSE is clearly mandated to collect foreign signals intelligence to protect Canada and Canadians from a variety of threats to our national security, including terrorism,” CSE spokesman Andrew McLaughlin told CBC.

While it may be of comfort for Canadians to learn that the government is only interested in a small number of files being exchanged outside the country’s borders, mass surveillance of this kind always has the potential to unnerve when mission-creep raises its head.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and anonymous VPN services.

Backblaze Blog | The Life of a Cloud Backup Company: The Great Date Debate

This post was syndicated from: Backblaze Blog | The Life of a Cloud Backup Company and was written by: Yev. Original post: at Backblaze Blog | The Life of a Cloud Backup Company

The Backblaze blog recently went through a lot of changes. We moved our service to the most up-to-date version of WordPress. We changed the design. We changed the layout. We added categories (Cloud Storage, Entrepreneurship, Backing Up, and Backblaze Bits) so that it would be easier to get to the types of articles that you wanted to read. Also, it was time for the blog to look more pretty!

Another big change was the date scheme on our blog. We got rid of it. Why? As the Marketing team started to focus more on generating good content for our followers and fans to read, we decided that it was time to make our blog posts more “evergreen”. Additionally, in our old blog environment the date was included in the URL, which was bad for web search results. Yes, we had delved into the deep, dark arts of SEO (search engine optimization).

The problems started when we would have to go back in time and look for a specific blog post that occurred on a very specific date. For example, if you go to Google and ask it to find you the articles about the Backblaze Storage Pods, it’ll give you a list of 4 blog posts on the topic. Unfortunately though, you wouldn’t know which ones are the most recent, as there are no dates associated with them in Google. We also had problems trying to find other articles, for example the ones about hard drive stats. We would search for them in Google and we’d get a lot of answers, though we wouldn’t know chronologically, which ones were the more timely ones. This led to great internal debates between the practical value and the SEO value of our blog.

This internal debate came to a head last week when we were featured as a top story on Hacker News, where we achieved as high as the 4th rank. While we were thrilled to get that much attention from some key individuals and knowledgeable folks, the main question and indeed the highest rated one was not about the hard drive stats that we produced, but was about the dates missing from our blog. A fine example by user mmastrac:

“Always love reading HDD reliability stats from Backblaze — but this demonstrates one of the reasons why post dating is so important, especially when the information in the post is time-sensitive. Nowhere on the page does it say that the post date is today, unless you click the “latest posts” tab by the author below.

I had originally though it was a repost of the many older articles from Backblaze until seeing a reference to Dec 31 2014. While not terribly ambiguous now, the ambiguity will only grow as the year marches on.

If someone from Backblaze happens to see this: you don’t need to put it in your URL, but please date your post near the top or bottom of the text.”

In my initial response I walked the party line:

“Yev from Backblaze here -> it’s an internal debate as to whether we should put dates on everything. It used to be that they were part of the URL (because of the way our blog was designed) but that is no longer the case. We decided to leave them off for a while to see if that made posts more “evergreen”, but we definitely see where it can lead to some confusion. We’ll keep chatting about it internally, there’s likely a good middle-ground.”

The reaction to me jumping in to the stream was lukewarm at best:

“Date of information is one of the most important contexts in IT. I can’t count the times somebody has said “This says this and that about such and such”, and I have to say “Yeah bro, when was that written? Oh, three years ago? What’s the story now?”.”

I waited for my marketing companions to get to the office and then called for an emergency meeting of the minds. While the SEO value of having the blog posts go undated was good, we decided that it was time to overrule our SEO overlords and bring the blog back to the people. We quickly made the change and I made the following announcement:

“BREAKING NEWS -> There are now dates on all of the individual blog posts. The landing page is “date-free” but is in chronological order, if you open a post, the date will be below the title…AS NATURE INTENDED!”

This was met with thunderous applause:

“That’s amazing – I’m reading the post right now (as in, 11:28 AM pacific)- and I switched back to the tab, and it doesn’t show the date. But I opened it less than 10 minutes ago. They couldn’t have changed it that real time could they. Hit Refresh. Lo and behold – there is the date.

Now that’s an agile organization. Thanks very much – I really appreciate the date on these posts as well.”

For a comparison, when I wrote my initial response about having meetings and pondering about the change, that comment got 29 upvotes. However, when we made the change and I announced it, that got a full 41. Now that’s some real-time customer appreciation!

We try to move quickly and make the right decisions, unfortunately, that doesn’t always work out, and we have be willing to rollback especially when we’ve accidently made the user experience worse. Our blogs are written for our fans after all, and if they aren’t happy with them, we’re not happy with them. We hope you enjoy having the dates back, and I personally appreciate everyone in the Hacker News comments for helping me win an argument!

Author information



Chief Smiles Officer at Backblaze

Yev enjoys speed-walking on the beach. Speed-dating. Speed-writing blog posts. The film Speed. Speedy technology. Speedy Gonzales. And Speedos. But mostly technology.

Follow Yev on:

Twitter: @YevP | LinkedIn: Yev Pusin | Google+: Yev Pusin

The post The Great Date Debate appeared first on Backblaze Blog | The Life of a Cloud Backup Company.

Krebs on Security: Spreading the Disease and Selling the Cure

This post was syndicated from: Krebs on Security and was written by: BrianKrebs. Original post: at Krebs on Security

When Karim Rattani isn’t manning the till at the local Subway franchise in his adopted hometown of Cartersville, Ga., he’s usually tinkering with code. The 21-year-old Pakistani native is the lead programmer for two very different yet complementary online services: One lets people launch powerful attacks that can knock Web sites, businesses and other targets offline for hours at a time; the other is a Web hosting service designed to help companies weather such assaults.



Rattani helps run two different “booter” or “stresser” services – grimbooter[dot]com, and restricted-stresser[dot]info. He also works on TheHosted[dot]me, a Web hosting firm marketed to Web sites looking for protection from the very attacks he helps to launch.

As part of an ongoing series on booter services, I reached out to Rattani via his Facebook account (which was replete with images linking to fake Youtube sites that foist malicious software disguised as Adobe’s Flash Player plugin). It turns out, the same Google Wallet is used to accept payment for all three services, and that wallet traced back to Rattani.

In a Facebook chat, Rattani claimed he doesn’t run the companies, but merely accepts Google Wallet payments for them and then wires the money (minus his cut) to a young man named Danial Rajput — his business partner back in Karachi. Rajput declined to be interviewed for this story.

The work that Rattani does for these booter services brings in roughly $2,500 a month — far more than he could ever hope to make in a month slinging sandwiches. Asked whether he sees a conflict of interest in his work, Rattani was ambivalent.

“It is kind of [a conflict], but if my friend won’t sell [the service], someone else will,” he said.

Rattani and his partner are among an increasing number of young men who sell legally murky DDoS-for-hire services. The proprietors of these services market them as purely for Web site administrators to “stress test” their sites to ensure they can handle high volumes of visitors.

But that argument is about as convincing as a prostitute trying to pass herself off as an escort. The owner of the attack services (the aforementioned Mr. Rajput) advertises them at hackforums[dot]net, an English language forum where tons of low-skilled hackers hang and out and rent such attack services to prove their “skills” and toughness to others. Indeed, in his own first post on Hackforums in 2012, Rajput states that “my aim is to provide the best quality vps [virtual private server] for ddosing :P”.

Damon McCoy, an assistant professor of computer science at George Mason University, said the number of these DDoS-for-hire services has skyrocketed over the past two years. Nearly all of these services allow customers to pay for attacks using PayPal or Google Wallet, even though doing so violates the terms of service spelled out by those payment networks.

“The main reason they are becoming an increasing problem is that they are profitable,” McCoy said. “They are also easy to setup using leaked code for other booters, increasing demand from gamers and other customers, decreasing cost of attack infrastructure that can be amplified using common DDoS attacks. Also, it is relatively low-risk to operate a booter service when using rented attack servers instead of botnets.”

The booter services are proliferating thanks mainly to free services offered by CloudFlare, a content distribution network that offers gratis DDoS protection for virtually all of the booter services currently online. That includes the Lizardstresser, the attack service launched by the same Lizard Squad (a.k.a. Loser Squad) criminals whose assaults knocked the Microsoft Xbox and Sony Playstation networks offline on Christmas Day 2014.

The sad truth is that most booter services probably would not be able to remain in business without CloudFlare’s free service. That’s because outside of CloudFlare, real DDoS protection services are expensive, and just about the only thing booter service customers enjoy attacking more than Minecraft and online gaming sites are, well, other booter services.

For example, looking at the (now leaked) back-end database for the LizardStresser, we can see that TheHosted and its various properties were targeted for attacks repeatedly by one of the Loser Squad’s more prominent members.

The Web site, which tracks abusive sites that hide behind CloudFlare, has cataloged more than 200 DDoS-for-hire sites using CloudFlare. For its part, CloudFlare’s owners have rather vehemently resisted the notion of blocking booter services from using the company’s services, saying that doing so would lead CloudFlare down a “slippery slope of censorship.”

As I observed in a previous story about booters, CloudFlare CEO Matthew Prince has noted that while Cloudflare will respond to legal process and subpoenas from law enforcement to take sites offline, “sometimes we have court orders that order us to not take sites down.” Indeed, one such example was CarderProfit, a Cloudflare-protected carding forum that turned out to be an elaborate sting operation set up by the FBI.

I suppose it’s encouraging that prior to CloudFlare, Prince was co-creators of Project Honey Pot, which bills itself as the largest open-source community dedicated to tracking online fraud and abuse. In hacking and computer terminology, a honeypot is a trap set to detect, deflect or otherwise counteract attempts at unauthorized use or abuse of information systems.

It may well turn out to be the case that federal investigators are allowing these myriad booter services to remain in operation so that they can gather copious evidence for future criminal prosecutions against their owners and users. In the meantime, however, it will continue to be possible to purchase powerful DDoS attacks with little more than a credit card or prepaid debit card.

TorrentFreak: Zombie Pirate Bay Tracker Fuels Chinese DDoS Attacks

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

pirate bayOn November 2009 The Pirate Bay announced that it would shut down its tracker for good.

Trackers were outdated according to the site’s owners. Instead, they encouraged BitTorrent users to rely on DHT, PEX and other trackerless technologies.

Despite the fact that the tracker is no longer functional, many old and some new torrents still include the announce address.

While the tracker hasn’t responded to these calls for five years, for some server admins it has now risen from the dead.

Starting early January hundreds of websites have been plagued by traffic from China. While the exact reason remains unclear, it appears that the Great Firewall of China may be in part causing the problems.

Due to a reconfiguration the Pirate Bay domain is being linked to random IP-addresses. This problem applies to various censored sites, but the thousands of connections per second coming from stand out for most people.

It is no secret that BitTorrent users can easily DDoS websites if the tracker address points to the wrong IP, but we haven’t witnessed something of this magnitude before.

Below is a graph Craig Hockenberry posted of a DDoS on his server where the number of requests peaked at 52 Mbps per second, with torrent announces being the most common source.


The suspicion that Chinese efforts to censor the Internet have something to do with the problems seems plausible. Querying Chinese DNS servers returns many seemingly random IP-addresses that change all the time.

In other words, requests to the dead Pirate Bay trackers are sent to seemingly random servers, and none of these have anything to do with the notorious torrent site.

Johannes Ullrich, CTO of SANS Internet Storm Center, came to a similar conclusion and many of his readers reported problems of the same nature.

“We also get a lot of this type of traffic for the last 2 weeks. At moments it causes a total DoS for our webserver. Most of the traffic has thepiratebay as hostname in the http request, but we also see akamai, edgecdn and some more obscure and explicit sites passing in our logs,” Arjan says.

“I work in the banking sector in the UK. We started to see this traffic hit our web servers just before the new year and it has continued since, but thankfully not on a harmful scale. We’ve seen various sites in the host header, including thepiratebay, facebook, googlevideo – all of which appear to be restricted within China,” Anonymous adds.

And the list goes on and on.

Over the past several days reports have come from all over the place, all describing the same problem. Thus far, most server admins have decided to filter out Chinese traffic, which eases the load. But the underlying problem persists.

For now the true origin of the zombie DDoSes remains unknown, but hopefully those responsible will soon realize the crippling mistake they’ve made, and put Pirate Bay’s tracker back in the ground.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and anonymous VPN services.

TorrentFreak: Pirate MEP Proposes Major Reform of EU Copyright

This post was syndicated from: TorrentFreak and was written by: Andy. Original post: at TorrentFreak

The idea of copyright is certainly not new and most countries worldwide have developed complex systems to ensure that it’s upheld, ostensibly to protect the rights of creators.

But with the unprecedented advancement of communications technology, especially in respect of the Internet, copyright frameworks often appear terribly outdated and unfit for purpose.

In 2015 the EU has its collective eyes on copyright reform and to this end has appointed an individual whose political party has more focus than most on the world of copyright.

Last November, Julia Reda, a politician for the German Pirate Party and member of the European Parliament, was tasked with producing a report on the implementation of the 2001 InfoSoc Directive.

Having already presented her plans during a meeting of the Legal Affairs Committee in December, this morning Reda released a first draft of her report. It will come as no surprise that need for reform has been underlined.

“Although the directive was meant to adapt copyright to the digital age, in reality it is blocking the exchange of knowledge and culture across borders today,” Reda’s core finding reads.

The report draws on responses to a public consultation and lays out a reform agenda for the overhaul of EU copyright. It finds that the EU would benefit from a copyright mechanism that not only protects past works, but also encourages future creation and the unlocking of a pan-European cultural market.

reda-pic“The EU copyright directive was written in 2001, in a time before YouTube or Facebook. Although it was meant to adapt copyright to the digital age, in reality it is blocking the exchange of knowledge and culture across borders today“, Reda explains.

“We need a common European copyright that safeguards fundamental rights and makes it easier to offer innovative online services in the entire European Union.”

The draft (pdf) acknowledges the need for artistic works to be protected under law and calls for improvements in the positions of authors and performers “in relation to other rightholders and intermediaries.”

The document recommends that public sector information should be exempt from copyright protection and calls on the Commission to safeguard public domain works while recognizing rightsholders’ freedom to “voluntarily relinquish their rights and dedicate their works to the public domain.”

Copyright lengths are also tackled by Reda, who calls on the Commission to harmonize the term to a duration that does not exceed the current international standards set out in the Berne Convention.

On Internet hyperlinking the report requests that citizens are allowed to freely link from one resource to another and calls on the EU legislator “to clarify that reference to works by means of a hyperlink is not subject to exclusive rights, as it is does not consist in a communication to a new public.”

The document also calls for new copyright exceptions to be granted for research and educational purposes to not only cover educational establishments, but “any kind of educational and research activities,
including non-formal education.”

Also of interest is Reda’s approach to transparency. Since being appointed, Reda says she’s received 86 meeting requests from lobbyists. As can be seen from the chart below, requests increased noticeably after the Pirate was named as rapporteur in November 2014.


“I did my best to balance out the attention paid to various interest groups. Most requests came from publishers, distributors, collective rights organizations, service providers and intermediaries (57% altogether), while it was more difficult to get directly to the group most often referred to in public debate: The authors,” Reda explains.

“The results of the copyright consultation with many authors’ responses demonstrate that the interests of collecting societies and individual authors can differ significantly.”

Reda has published a full list of meetings that took place. It includes companies such as Disney and Google, and ‘user’ groups such as the Free Software Foundation Europe.

“Tomorrow morning around 9 I’m going to publish my report on EU #copyright, discussion in legal affairs committee on Tuesday,” Reda reported a few minutes ago.

The final report will be put to an April vote in the Legal Affairs Committee and then to a vote before the entire Parliament during May.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and anonymous VPN services.

Backblaze Blog | The Life of a Cloud Backup Company: Ode to Macworld

This post was syndicated from: Backblaze Blog | The Life of a Cloud Backup Company and was written by: Yev. Original post: at Backblaze Blog | The Life of a Cloud Backup Company


Macworld Expo San Francisco

It’s January. Normally at this time of the year we would just be getting back from CES and getting in to the swing of lining up our booth to exhibit at Macworld; but this year is different. Macworld is currently on hiatus, with no clear indication of when or if it will return. Macworld the magazine shut down after 30 years in September of 2014, and while it still exists online at, it doesn’t look like the print edition will be back any time in the near future either.

While some of us at Backblaze have been going to Macworld for years, Backblaze the company has only been going to Macworld as an exhibitor for the last two. We started out humbly with a little Appalooza table our first year, then jumped way up to one of the prime slots, with a giant “B” centerpiece. As soon as we tore down our booth last year, we got to thinking about what we could do this year to top our giant B. We’re sad that we won’t have the opportunity to meet with our fans, see what’s new, and soak in all the cool that is Apple.

Memories of Macworld

We asked one of our biggest Apple fans in the office, Adam, what some of his favorite memories are from Macworld over the years, he wrote:

I started going to the Macworld Expo in San Francisco in about 1999 when I was still in high school. I grew up in the Sacramento area, so going to San Francisco for the Expo was a fun journey for a high school student, and as an Apple fan, it was like a pilgrimage.

From what I can recall of the Expos from ’99 to about ’02, they were very heavily influenced by the most popular Apple product at the time: the candy colored iMac G3s. Vendors were showing off translucent, candy colored products of all kinds – mice, keyboards, printers – even non-computer products, like lamps in the same color schemes. Moscone Center was crowded and each year there were more and more vendors or demonstrations of products of all kinds – software, peripherals, and the Apple products themselves.

I attended every other year from 2003 to about 2008 – and two major themes emerged: Mac OS X, and the iPod ecosystem. As OS X gained more and more traction and got increasingly refined with new versions, Macworld attracted a ton of software vendors, far more than previous years during the 9.x era. On the hardware side of things, the resurgence of Apple as a popular personal computer platform meant there were many companies exhibiting Mac items, but what really blew me away was the sheer quantity of exhibitors with products that worked in the iPod ecosystem. The iPod was so amazingly popular as a media player that there were a massive number of gadgets and stuff to use with your iPod.

However during those years, I did notice some steady decline in the “big name” exhibitors and their booths. It seemed like it just got too expensive and hard to judge the return on investment on having a huge presence at Macworld, so they started pulling out. The last Macworld I attended was 2008, and it was clear that Apple was getting ready to pull the plug as well. It seemed like once Apple decided that Macworld wasn’t right for them – everyone else did as well.

Unfortunately that sentiment rang true, and with fewer exhibitors and attendees, the show eventually went away; all while Apple went on to become the world’s most valuable company. We’ll definitely miss the event, and are grateful to have had the opportunity to meet with so many of you last year and create this video:


Where To Now?

Without Macworld, the best places to see all the newness are at WWDC, which is admittedly geared towards developers, and CES – which may not be directly tied to Apple, but a lot of the coolest gadgets and gizmos for Macbooks, and iPhones and iPads make their way there each year.

What are some of your favorite Macworld stories?
What was your favorite item that you saw at a booth or behind closed doors?
What, if anything, do you think will replace the Macworld event?
And where do you go for your Apple fix now?

Author information



Chief Smiles Officer at Backblaze

Yev enjoys speed-walking on the beach. Speed-dating. Speed-writing blog posts. The film Speed. Speedy technology. Speedy Gonzales. And Speedos. But mostly technology.

Follow Yev on:

Twitter: @YevP | LinkedIn: Yev Pusin | Google+: Yev Pusin

The post Ode to Macworld appeared first on Backblaze Blog | The Life of a Cloud Backup Company.

Блогът на Юруков: БГ Мама и антиваксърите

This post was syndicated from: Блогът на Юруков and was written by: Боян Юруков. Original post: at Блогът на Юруков

Заедно с подкрепата за тях се разпространяват и други неща

Ваксините работят толкова добре,
че заедно с болестите са заличили
спомена и мъката от унищожението,
което са сеели преди няколко поколения.

Споменаването за БГ Мама е нещо като табу сред блогърите. За форума може да се дадат много определения, но всички ще се съгласят, че е най-посещаваният и влиятелен единичен сайт. Затова избягваме да говорим за тях – мненията са разнопосочни, страстите се разгорещяват и се стига до неприятни ситуации.

Наруших това неписано правило преди две години, когато отворих темата за ваксините и как родителите от глупост поставят децата си в риск. През декември пуснах още една статия обсъждаща новите шествалентни ваксини в България. Двете статии получиха голямо внимание и неизменно бяха пуснати и в БГ Мама. Имаше положителни коментари, но предимно нападки.

Anti-vax като религия

След няколко стотин коментара тук и спорове на всякакви места стигнах до извода, че има три вида антиваксъри (от anti-vax или отричащи ваксините)мисионери, защитници и немислещи. Първите активно обикалят форуми, блогове и новинарски сайтове и убеждават всички каква лъжа били ваксините. Най-често имат собствен сайт със събрана информация, а се случва да са свързани с интернет магазини за билки и хомеопатия. Втората група за защитниците. Тяхната теза е, че може да нямат идея каква е вредата и ползата, но е тяхно право да решават какво е добре за децата им. Третата група са вайкащите се по форуми и социални мрежи, които прочитайки нещо стряскащо (като това, че ваксините и кемтрейлз причиняват рак и аутизъм), го споделят навсякъде без много мисъл и идея дали е вярно.

Тези три групи работят по свой начин и усмотрение срещу ваксините. Ефектът е поразяващ, но и трудно измерим. В доста държави със силни такива кампании, нивата на ваксиниране спадат и епидемии забравени от десетилетия се завръщат. У нас нивата на ваксиниране поне официално са все още високи, но това може да не е цялата истина. Следя от доста време форуми и групи във Facebook активно пропагандиращи срещу ваксините и в тях често се споменава за лекари подправящи имунизационните картони. „Само трябва да имаш познат лекар“ поучаваха на едно място.

Най-интересният ефект обаче е промяната във възприятието. Темата се е превърнала в чувствителна със силни нападки и от двете страни. Почти като спор за религия. И аз съм виновен отчасти за това залагайки този тон в статиите си. Стига се до там, че когато се роди дъщеря ми, сестра ми много внимателно ме попита дали ще я ваксинираме. Когато стана въпрос за това, други бяха също толкова предпазливи. Сякаш хората ги е страх дали въпросът би обидил родителите. Естествено, че я ваксинирах! Що за въпрос е това? Не живеем в 18 век.

Едно ядро и много последователи

Аргументите и логическите небивалици на това движение са много и не толкова трудно за опровергаване. Четейки форумите обаче имах чувството, че едни и същи хора пишат навсякъде. Реших да открия кои са онези „мисионери“. Затова отворих БГ мама и взех най-голямата тема – „ВАКСИНИ – дискусия САМО за вредата от тях“. Свалих коментарите от всички 32 части и изкарах статистика за тях. Общо става въпрос за 25000 коментара в рамите на последните 6 години, които са прочетени общо 836000 пъти. Систематизирал съм всички данни тук заедно с интерактивни графики и сравнения, а тук може да свалите страниците и скрипта.

Активността по темите срещу ваксини.

От цифрите бързо изплуват няколко извода. Има шепа хора, които са ядрото на дискусията. Това важи за всички форуми, разбира се, но тук се забелязва нещо интересно – всички от топ 5 коментиращите са писали във форума поне 2 пъти седмично в течение на години. Един дори 4 пъти. Няколко души присъстват в коментарите от самото начало до сега и водят дискусията на смени. Изписали са стотици коментари, повечето с голяма дължина и много линкове. Така се отличават stelt77, XVisible, Green-shiny, Мечка-Малинарка и Christian. Същите лица и са започвали новите теми и са наложили да се говори „САМО“ за „вредата“ от ваксините.

Активността на това ядро създава впечатлението, че прекарват по-голямата част от свободно си време там. В това, разбира се, няма нищо лошо – тяхно си е времето. Както с всяка епидемия обаче, първо трябва да разберем как се разпространява заразата. Това се опитах да открия. Статистиката в прикачената таблица разглежда само честотата на коментарите, но не и съдържанието. Прегледах повечето коментари и рядко се срещат такива оборващи тезите на антиваксърите. Ще забележите, че и аз присъствам в статистиката с 6 коментара. Доколкото разбирам повечето такива се трият от администаторите, но един от „ядрото“ помоли да не трият моите, защото били „показателни“.

Активност на коментиращите в темите

Затова въобще не е вярно, че всички в темите са заклети антиваксъри. Дори напротив – забелязва се, че повечето задават въпроси или се вайкат на това, което едно малко ядро от хора коментира. Пускат се различни статии, спекулации, клипове и рецепти за мехлеми и пречистване. Дискусия няма, защото така е зададена темата. Получава се затворена пещера, в която се чува само ехото на говорещите без реални аргументи. Ефектът е, че имаме нищо повече от място, където бъдещи родители да бъдат наплашени достатъчно, за да изложат децата си на риск.

Една тема от многото

Не можем да поставим всички в БГ Мама под един знаменател съдейки по тази тема. Има много други както в полза, така и срещу ваксините. Има много групи във Facebook и сайтове, където „приобщават“ нови родители. Всичко това създава един затворен кръг от сплашване без допълнителна информация. Добрата новина е, че ако съдим по тази тема, има индикации, че интересът към това движение спада. Може да е защото са се пренесли във Facebook, може да са си намерили друго място за обсъждане. Факт е обаче, че коментарите са намалели в пъти спрямо пика от преди няколко години.

Тези писания обаче остават в мрежата и се множат. Дори да оборим една лъжа като онова фалшиво изследване свързващо ваксините и аутизма или твърденията, че в инжекциите има алуминий и живак, пак те ще бъдат повтаряни и препечатвани. Интересен е един случай преди година, в който дете почина след ваксинация в Стара Загора. Чухте го в медиите. Веднага след трагедията майката е обиколила всички теми и е писала на всички да не ваксинират децата си, защото това убива. По-късно се е оказало, че лекарката не е обърнала внимание, че бебето е доста болно и е ваксинирала въпреки това. Настъпили са усложнения и се е стигнало до фатален край.

Това показва един от рисковете от ваксините, но дори тези случаи на лекарска небрежност са изключително редки. Усложненията свързани по какъвто и да е начин с ваксинирането са няколко за десетилетия при стотици хиляди ваксинирани деца. Когато обаче сте млади наплашени родители и получите такова съобщение, то може да има сериозен ефект върху вас. Аналогично търсейки информация за ваксините, ще попаднете лесно точно на темите като обсъжданата горе. Ако не се замислите сериозно, може лесно да решите, че имате повече знания и разбиране от лекари и епидемиолозите борещи се с тези болести от десетилетия.

Защо тази кампания е толкова вредна?

Проблемът има две страни. Може да не ни направи впечатление, но дори малък спад в броят ваксинирани може да доведе до епидемия, особено когато повече такива деца са в един квартал или детска градина. Вече виждаме такива случаи в Холандия, Франция и щатите. Макар някои родители да твърдят, че си е тяхна работа и не трябва да ни занимава дали ваксинират децата си, реалността е съвсем друга. Много деца са твърде малки за някои ваксини, други не може да бъдат ваксинирани заради автоимунни заболявания или определено лечение. Те разчитат единствено на това, че хората около тях ще са защитени и няма да им предадат болестта. Отделно ваксините само помагат на организма да разпознае заплахата. При някои деца това работи по-добре от други. Когато се разболеят от грип или друга болест, имунната им система е отслабена и дори да разпознае опасна болест, може да не успее да я пребори. Ваксините в никакъв случай не са идеални и работят най-добре при масова ваксинация. Това обаче не означава, че трябва да се връщаме към средновековието позволявайки половината ни деца да умират преди пубертета, само защото откритото решение не е 100% ефективно.

Холандия през 2013-та. В синьо са общините с най-малко
ваксинирани срещу морбили. В червено – случаите на заболели.

Вторият проблем е, че целия дебат около ваксините се измества. В споровете си с фанатичните антиваксъри не остава време и среда, в която да обсъждаме истинските проблеми в системата. Това е информационната кампания, образованието, минимизиране на лекарските грешки, контролът над фармацевтичните компании и внимателен анализ на всички данни. Преди няколко години имаше епидемия в България преди 4 години бум на морбили заради ниското ниво на ваксинирани сред ромите. Има лекари, които дават съвети опасни за здравето на децата, като това, че ваксините може да се бият поотделно през 2-3 седмици или че някоя от ваксините не е нужна, защото заболеваемостта е ниска. Образоваността на лекарите е също толкова важно, колкото това на родителите.

Говорейки за тези неща е трудно обаче, защото антиваксърите веднага наскачат и изваждат от контекст всички факти. Дискусията бързо се обръща от това как да подобрим една система към това как ваксините са били опасни. Вместо да говорим за по-добри процедури и отчетност, се налага да обясняваме, че във ваксините няма тежки метали, а съединенията със страшни имена ги има в много по-голяма концентрация в кърмата.

Продължаваме напред

Въобще ситуацията е абсурдна. Антиваксърите (не обичат това име, както ще забележите) са доста шумни, а за медицинските специалисти това е твърде голяма глупост, за да се занимават с нея. Трудно е да преценим какви са реалните измерения на проблема, тъй като доста родители мамят с документите заради детски градини и училища. Това не би трябвало да ни учудва, щом е честа практика да вадят медицинско на децата си с хронични заболявания по същата причина.

Не можем да видим БГ Мама за темата, но трябва да е ясно, че средата определя тона. Тези теми са капка в морето на този сайт и като структура на коментиращите не са нищо специално. Статистиката горе обаче потвърждава съмненията ми, че малко ядро от хора създава сериозен проблем за всички. В никакъв случай не мисля, че го правят за своя облага, макар да има доста антиваксъри, които да са създали доста успешен бизнес от страданието на другите. Това, че описаните горе коментират през ден в течение на години също не говори за някаква организация – всички активисти го правим по различни теми. Важно е обаче да покажем, че този проблем съществува, че незабелязано се превръща в епидемия и ако му позволим да се разпространи, тя ще върне много болести, ужасът от които тъкмо забравихме.

TorrentFreak: Google Porn Takedowns Carpet Bomb Github

This post was syndicated from: TorrentFreak and was written by: Andy. Original post: at TorrentFreak

google-bayEvery single week thousands of copyright holders and anti-piracy companies demand that Google removes links to allegedly infringing content.

The effort required to deal with this deluge is considerable. Google has received as many as 11 million requests in a single week and in 2014 alone the search giant processed some 345 million URL takedowns.

While it’s believed that most takedown requests are accurate, Google still does its best to ensure that erroneous notices don’t negatively affect legitimate online services. Google regularly rejects overbroad and inaccurate notices but like everyone else, the company isn’t perfect.

The latest head-shaker arrives courtesy of anti-piracy outfit Takedown Piracy (TDP). Acting on behalf of porn outfit Wicked Pictures, TDP sent Google a notice containing thousands of URLs targeting dozens of well and lesser-known file-sharing sites.

Sadly, however, the notice also targeted coding site Github – over and over and over again. And Google complied.

“The materials reported in this notice are the copyrighted DVD/videos of Wicked Pictures,” the notice begins.

Not exactly.

Impure Takedown

Two URLs targeted – and belong to the Pure.css project. Described as “a set of small, responsive CSS modules that you can use in every web project”, Pure.css is owned by Yahoo.

Apparent reason for takedown: Wicked has a movie titled Impure Hunger

On the rebound

tpbfacebook“Rebound is a java library that models spring dynamics. Rebound spring models can be used to create animations that feel natural by introducing real world physics to your application,” the project’s lead in begins.

Sadly, TDP thinks that this BSD-licensed Facebook-owned project’s URLs (1) (2) infringes on its client’s copyrights.

Thanks to another takedown, a separate project of the same name exploring “collisional dynamics” and operated by several academics is now harder to find too.

Their crimes? Wicked’s “Stormy Daniels” has a movie called Rebound.

Get down Netflix

netflixIn June 2013, Netflix announced Lipstick, the company’s open source Pig workflow visualization tool.

Unfortunately for the movie streaming outfit TDP believes that their Github project located at infringes Wicked Picture’s copyrights.

Another project, also titled Lipstick, was also accused of doing the same.

Reason for takedown? Wicked has a movie title containing the same word.

A wickedly poor choice of name

opensuseIf only the people behind the free Linux-based operating system openSUSE had been a little more cautious. When selecting a name for their network configuration tool located here there were millions to choose from.

But by titling their project ‘Wicked’ they became sitting ducks for several URL takedowns by an adult company of the same name.

The same goes for Wicked Charts, whose main URL for their “beautiful and interactive javascript charts” has been delisted from Google. The Schneems ‘wicked’ project likewise.

No pushover

Wicked Pictures’ 1999 movie Pushover has a lot to answer for too.

Takedown Piracy hit Google with demands to delist the main URLs for no less than ten Github projects simply because they had the word ‘pushover’ in their titles.

Tip of the iceberg

The above are just a few examples from a single takedown notice which can be viewed on ChillingEffects. It makes disappointing reading.

In Takedown Piracy’s defense the company has sent 39.6 million URL notices to Google since 2011. However, that will be of little comfort to the many legitimate projects which are now harder to find due to the company’s errors.

Conclusion: Always blaming Google

Taking a wider look at Google’s Transparency Report, one discovers that Github is being targeted on a regular basis by a wide range of copyright holders. Few if any bother to send a notice to Github itself. If they did they might make few mistakes, but carpet-bombing Google is much easier, quicker and cheaper.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and anonymous VPN services.

Backblaze Blog | The Life of a Cloud Backup Company: We Need a Java Engineer!

This post was syndicated from: Backblaze Blog | The Life of a Cloud Backup Company and was written by: Yev. Original post: at Backblaze Blog | The Life of a Cloud Backup Company


Want to work at a company that helps customers in over 150 countries around the world protect the memories they hold dear? A company that stores over 100 petabytes (1/4th as much as Facebook) of customers’ photos, music, documents and work files in a purpose-built cloud storage system? A company that has grown over 917% the last 5 years?

Well here’s your chance. Backblaze is looking for another fantastic Java engineer.

You will work on the server side APIs that authenticate users when they log in, accept the backups, manage the data, and prepare restored data for customers. You will work with artists and designers to create new HTML web pages that customers use every day. And you will help build new features as well as support tools to help chase down and diagnose customer issues.

Must be proficient in:
– Java
– Apache Tomcat
– Struts
– UTF-8, Java Properties, and Localized HTML (Backblaze runs in 11 languages)
– Large scale systems supporting thousands of servers and millions of customers
– And some ‘C’ and Javascript is helpful
– Cross platform (Linux/Macintosh/Windows) — don’t need to be an expert on all three, but cannot be afraid of any.

Looking for an attitude of:
– Passionate about building friendly, easy to use Interfaces and APIs.
– No platform bigotry — Linux good, Windows good, Macintosh good!
– Has to believe NoSQL is an Ok philosophy to build enormously scalable systems.
– Likes to work closely with other engineers, support, and sales to help customers.
– Believes the whole world needs backup, not just English speakers in the USA.
– Customer Focused (!!) — always focus on the customer’s point of view and how to solve their problem!

This position is located in San Mateo, California. Regular attendance in the office is expected. Backblaze is an Equal Opportunity Employer and we offer competitive salary and benefits, including our no policy vacation policy.

If this sounds like you — contact us on our jobs form.
We’ll be accepting resumes through January 20, 2015.


Author information



Social Marketing Manager at Backblaze

Yev enjoys speed-walking on the beach. Speed-dating. Speed-writing blog posts. The film Speed. Speedy technology. Speedy Gonzales. And Speedos. But mostly technology.

Follow Yev on:

Twitter: @YevP | LinkedIn: Yev Pusin | Google+: Yev Pusin

The post We Need a Java Engineer! appeared first on Backblaze Blog | The Life of a Cloud Backup Company.

TorrentFreak: Wiziwig: Poor Legal Options Turn People into Pirates

This post was syndicated from: TorrentFreak and was written by: Andy. Original post: at TorrentFreak

Until our report yesterday it’s likely that Wiziwig, a streaming portal covering just about every spectator sport around, had flown under the radars of many readers. And that’s surprising.

The site is ranked #1,546 worlwide by Alexa and is the 239th most-popular site in the UK. On Thursday the term ‘wiziwig’ was the 8th most popular search on, ahead of official sports broadcaster BT Sport. But the popularity wasn’t based on good news. Citing changes in Spanish law, Wiziwig had been forced to close just hours earlier.

In the wake of the closure TorrentFreak caught up with the operators of this hugely popular site to find out about events leading up to its shutdown. Interestingly it’s what didn’t happen on the site’s first day offline that topped the discussion.

Among dozens of other sports, Wiziwig carried links to live soccer games and as a result became somewhat of a magnet for companies such as the UK’s Premier League. New Year’s Day is a traditionally big date for UK soccer so coinciding with the first day of Wiziwig downtime, the site’s operators stood back and watched what happened.

“What we noticed Thursday, and that’s what we’ve always been thinking, is that the Premier League has only been focusing on Wiziwig lately to take down streams, like those from [P2P streaming service] Sopcast for example,” Wiziwig told us.

“If we added a Sopcast link for a game in the Premier League, then quickly that link was made inaccessible. On Thursday all Sopcast channels kept working all day, without any been taking down during the early kickoff, 3pm game and late game. Coincidence?”

The idea that the soccer league had been using Wiziwig to find streams and have them taken down at source was confirmed when matches streamed from other sources also remained up.

“Same applied with Veetle links, as when those previously appeared on Wiziwig they were quickly taken down. If we didn’t add them they were working all game long, while people could find them easily in Veetle. That also applied to several other links.”

Aside from changes in Spanish law where the site was based, Wiziwig also reminded us of two serious events in the UK earlier in the year. In April the operator of sports streaming site was arrested by officers from the Police Intellectual Property Crime Unit. That was followed by a September raid on the operator of the Coolsport streaming service.

When all things were considered (Wiziwig’s Twitter account was shutdown by a complaint in December) the team felt that the timing was right to call it a day. But even though Wiziwig is no more, other sites are bound to try and fill the gap the portal has left in the market. These, Wiziwig’s operators say, wouldn’t even exist if more effort was put into getting official services to consumers.

“We’ve seen in the past several years that people don’t get the right options to watch the sports and games they want to watch. Many sports events, and many games, aren’t available worldwide. The Leagues or competitions often don’t provide the right options for people to watch games in a legal way, which is also what we’ve seen from many replies on Twitter and Facebook,” Wiziwig explain.

“People want to subscribe to some games, some PPV events, and don’t want long contracts. In many countries there are no options to watch specific sports events and competitions. So not just the big sports/leagues, but also for smaller events.

“Then people decide to watch the online streams. A good example is the 3pm soccer games in England which aren’t shown on UK TV due to an old law designed to keep stadiums full. If the leagues fail to provide such options then websites like Wiziwig and [illicit] streams will always exist,” Wiziwig adds.

With the site closed the team are now turning their attention to GetYourFixtures, a TV guide for sports with links to only official streams.

“GetYourFixtures’ aim is to provide people with the correct TV info for all sports events, and if there isn’t a TV channel showing it then they want to give people the options to watch it officially online.

“Maybe leagues and competitions will wake up and start working on providing decent PPV options, letting people pay for just a single game, a flexible way of watching sports. On TV, mobile or tablet: wherever they are, either free and supported with advertisements when there isn’t any TV coverage/legal pay option, or just for small fees. They should work together,” Wiziwig concludes.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

The Hacker Factor Blog: Oh Baby!

This post was syndicated from: The Hacker Factor Blog and was written by: The Hacker Factor Blog. Original post: at The Hacker Factor Blog

For me, 2014 was a serious suck year. Two family deaths and associated family drama, some of my good friends get laid off due to significant cutbacks, and some of my favorite projects came to an end. November just seemed to lose steam and December continued the downward slope. By the time News Years Eve arrived, the entire Internet seemed to come to a stop. No news stories, Digg came to a crawl, people stopped tweeting, and even FotoForensics saw the lowest visitor rate since the site started nearly three years ago.

This slow-growth seems to be creating a “don’t care” attitude. We seem to have more censorship and less anger, less reliable news and more people accepting it, and a growing general lack interest. Another airplane crashed in Asia? It barely received three minutes of news coverage around here. In previous years, they would hype up all of the previous crashes and as they rode the fear wagon. But by the end of 2014? Barely a footnote. You can even see this in the length of news reports by Reuters. Their initial coverage of the recent AirAsia Flight QZ8501 crash is only a few paragraphs. In contrast, their initial report of MH17 goes on for pages.

2014 ended with a lackadaisical respect for traditions. Around here, fewer stores participated in the three-months of Christmas music, and the after-holiday discount aisles (like buying Halloween candy after Halloween) only lasted days instead of weeks. Even some hospitals have stopped celebrating the New Years Baby — even though the new year is typically represented by an old Father Time passing his duties to a Baby New Year.

2015 seems to be starting slowly. But hopefully it will pick up and become more interesting.

Old Acquaintance will be forgot

The New Year has already started with a strong wave of censorship. Sony has escalated from sending “don’t publish anything” threats to sending DMCA takedown notices. WikiLeaks says that their employee’s email has been seized, and China is seriously restricting access to Gmail.

The latest censorship news came out today. News outlets are reporting on widespread government censorship in India. The Indian government has decided to blacklist at least 60 web sites associated with file sharing, picture sharing, and video sharing. The claim is that these sites carry anti-India and pro-ISIS related content.

The list of censored sites includes SourceForge and GitHub (open source code), PasteBin and (data sharing), Imgur (pictures), Vimeo (video), and (the Internet Archive). Honestly, if they are going to block sites that host significantly less than 1% offensive content, then they should add Twitter, Facebook, and Google+ to their lists. In fact, they should just block anything that starts with “http://”.

This isn’t the first time India has tried to cut off a limb instead of applying a bandage. As The Economic Times mentioned, “In June 2014, the Delhi High Court ordered a block of 472 file sharing websites including Google Docs and Pirate Bay following a complaint filed by Sony Entertainment.”

The Hacker News was quick to point out the irony of this situation, writing, “the contents of the list is particularly embarrassing for Prime Minister Narendra Modi as well, who recently unveiled a ‘Make In India’ campaign earlier this year in an attempt to encourage international businesses to invest in India, which also includes information technology sector. And blocking websites like GitHub is the most definitely not in sync with that vision.”

It looks like India is starting the New Year by throwing the baby out with the bathwater. Or as they say in Hindi: Sonay ko kachray ke saath phenk dena! (Thanks to Gibran Ashraf for the translation!)

Baby Tossing

Yesterday, one of my fourteen loyal readers (Janne), showed me a news photo that came out earlier this year. I had not seen it before now, but apparently it created quite a stir when it first came out. The AFP/Getty photo claims to show a father playing with his child at the beach in Gaza City. Here’s the picture:

Janne pointed out that the error level analysis (ELA) result for this picture really makes it look like the baby was added to the picture.

ELA visually represents the JPEG compression level. In an unaltered original photo, all edges should have similar intensities, all near-uniform colored areas (sky, shirt) should be consistent, and all textures (all water, all rocks) should be similar. Each time a picture is saved, the quality degrades and the ELA result should get darker. (If it is saved too many times, then nothing will stand out but small patches of chromatic noise.) If anything under ELA stands out as being significantly different, then the differences identify a probable alteration.

In this case, the flying baby is bright white, while the rest of the picture is dark. Dark indicates multiple resaves, while white identifies “newer pixels” that have not been saved as many times. The baby appears edited.

At this point, we don’t know if someone selectively sharpened the child or digitally added in the kid. Fortunately, there are additional tools that can be used for evaluating the image. For example, I’ve previously mentioned using color distance as a metric to evaluate blending. A natural photo should have blended edges, while splices do not. Splices typically show up as a single-pixel black line (or a black dashed line). With this picture, the baby definitely has the black line around large sections of his body.

And then there’s the camera lighting (luminance gradient, or LG). This identifies the sensor noise from the camera and differences in lighting direction.

In this case, LG shows that the baby has very sharp edges, while nothing else in the photo is that sharp. This could be due to someone selectively sharpening the picture. Regarding the baby, LG is consistent with the ELA and color distance results.

However, LG is also very good at picking up slight distortions from alterations. For example, LG highlights the clouds that are about the baby’s height. The clouds stretch the entire width of the picture, but are distorted around the child. The clouds even appear broken in the color distance picture — there is a smooth halo around the kid. If the child was digitally placed there, then the artist screwed up the surrounding clouds.

More importantly, there are some subtle distortions in the water, at the horizon, and to the photo-left of the child’s hip. The water distortions are almost shaped like the kid’s legs, and the round shape next to the kid looks like a head. Because they are very subtle, I have drawn in black lines to show these distortion edges:

If we overlay the image, aligning the child’s feet with the distortion, then we can see that the original child was likely no higher than the father’s hands. And this lower height is consistent with another photo taken by the same photographer. In this other photo, the father is only throwing the child a little bit into the air. (Let’s forget the fact that the buildings on the horizon are gone…)

In this case, the flying-baby photo is attributed to AFP Photo / Mahmud Hams. He was a 2008 Pulitzer finalist who captured an equally controversial photo of a missile falling. (Was the missile digitally added? The Jawa Report makes very strong arguments for staged and altered.)

Hasta La Vista, Baby

Personally, I’m glad to see the end of 2014, and it won’t take much for 2015 to be a better year. Ghandi once said, “Be the change that you wish to see in the world.” (At least, that quote is commonly attributed to Ghandi, even though he may not have said it. It’s hard to validate this with all of the censorship in India. In any case…) I’ve decided to take this philosophy to heart this year. I do not want 2015 to be a repeat of 2014, and I’ve already set things in motion. Expect some big announcements in the near future.

[Медийно право] [Нели Огнянова] : Фейсбук и личната неприкосновеност

This post was syndicated from: [Медийно право] [Нели Огнянова] and was written by: nellyo. Original post: at [Медийно право] [Нели Огнянова]

 Делото Campbell v. Facebook Inc  се гледа в Оукланд, Калифорния, и се отнася до практиката на Фейсбук да разполага реклама на базата на съдържанието на съобщенията на  потребителите. Ищците възразяват срещу     създаването на профили и разполагането на реклама, като се взема предвид съдържанието на частните съобщения, вкл. споменаване на име на компания или харесванията.

Представителите на Фейсбук твърдят, че става въпрос за законна практика, допустима по изключение от Electronic Communications Privacy Act  за дейности в рамките на обичайния бизнес, за защита от вируси и спам. Според съда няма доказателства дали е точно така.

От съдебния акт на този етап става ясно,  че има различия по въпроса дали потребителите   във Фейсбук трябва да имат оправдано очакване за конфиденциалност на съобщенията. В други съдебни решения се уточнява, че очакване за конфиденциалност има, когато страните желаят комуникацията да се ограничи само до тях и  – като вземат предвид всички съпровождащи обстоятелства – не могат да очакват съобщенията да се подслушват, записват или споделят по-нататък с по-широк кръг адресати.

Процесът продължава.



Krebs on Security: Alleged Counterfeiter “Willy Clock” Arrested

This post was syndicated from: Krebs on Security and was written by: BrianKrebs. Original post: at Krebs on Security

In September 2014, I wrote about receiving a package of $500 in counterfeit U.S. currency from an unknown sender, after mentioning in a blog post about a rash of funny money resellers flooding underground cybercrime markets. Last week, U.S. authorities announced the arrest of a Texas man charged with leading the international counterfeit currency operation from a location in the Republic of Uganda.

Counterfeit $100s and $50s from "Willy Clock," allegedly the online alias of a Texas man living in Uganda.

Counterfeit $100s and $50s from “Willy Clock,” allegedly the online alias of a Texas man living in Uganda.

U.S. prosecutors say 27-year-old Ryan Andrew Gustafson – a.k.a. “Jack Farrel” and “Willy Clock” — is a U.S. citizen currently residing in Kampala, Uganda. Gustafson was arrested on Dec. 16 by Ugandan authorities and charged with conspiracy, counterfeiting, and unlawful possession of ammunition.

The defendant and his alleged accomplices are suspected of passing approximately $270,000 in fake U.S. currency in Uganda. In total, Ugandan authorities say they seized some $1.8 million in funny money from Gustafson’s operation.

The U.S. Secret Service, which investigates currency counterfeiting, said the investigation began in December 2013 when agents were alerted to the passing of counterfeit notes at retail stores and businesses in the Pittsburgh area. A press release from the Justice Department outlines the rest of the investigation:

“Agents determined that an individual identified as J.G. had passed these notes and was renting a postal box at The UPS Store on Pittsburgh’s South Side.  On Feb 19, 2014, law enforcement learned that J.G. received three packages addressed from Beyond Computers, located in Kampala, Uganda.  Agents executing a search warrant on the packages found $7,000 in counterfeit $100, $50 and $20 FRNs located in two hidden compartments within the packaging envelopes.  A fingerprint on a document inside one of the packages was identified as belonging to Ryan Andrew Gustafson.”

Jack Farrel's Facebook page. The U.S. Secret Service alleges that Farrel is Gustafson, a.k.a. counterfeiter "Willy Clock."

Jack Farrel’s Facebook page. The U.S. Secret Service alleges that Farrel is Gustafson, a.k.a. counterfeiter “Willy Clock.”

“The Secret Service subsequently worked with Ugandan authorities to identify the source of the counterfeit [cash].  Their efforts led to A.B., who admitted to sending the packages, explaining that an American named “Jack Farrel,” and another person, provided him the counterfeit notes to ship.  Based on information provided by A.B., the Secret Service used facial recognition to identify Jack Farrel as Ryan Andrew Gustafson.”

The government says Gustafson sold the bills through the Tor Carding Forum, a cybercrime shop that is unreachable from the regular Internet. Rather, visiting the Tor Carding Forum requires the visitor to route his communications through Tor, a free software-based service that helps users maintain anonymity by obfuscating their true location online.

Willy Clock’s phony currency wasn’t only available via Tor. By the middle of 2014, ads for his funny money were showing up on regular, Internet-based cybercrime forums. One reseller of Willy Clock’s notes even set up his own sales thread on Reddit.

Once again, it appears that sloppy operational security contributed to an arrest of an alleged bad guy. According to the government’s complaint (PDF), the email address that Gustafson provided on his U.S. passport application was the same one he allegedly used to maintain a Facebook account under the Jack Farrel alias. Investigators found that Gustafson also used the same Internet address to access his real Facebook page and the Farrel account. Another Facebook page tied to the Jack Farrel identity says the accused was in Uganda as a project associate at the U.N. refugee shelter program.

Schneier on Security: Lessons from the Sony Hack

This post was syndicated from: Schneier on Security and was written by: schneier. Original post: at Schneier on Security

Earlier this month, a mysterious group that calls itself Guardians of Peace hacked into Sony Pictures Entertainment’s computer systems and began revealing many of the Hollywood studio’s best-kept secrets, from details about unreleased movies to embarrassing emails (notably some racist notes from Sony bigwigs about President Barack Obama’s presumed movie-watching preferences) to the personnel data of employees, including salaries and performance reviews. The Federal Bureau of Investigation now says it has evidence that North Korea was behind the attack, and Sony Pictures pulled its planned release of “The Interview,” a satire targeting that country’s dictator, after the hackers made some ridiculous threats about terrorist violence.

Your reaction to the massive hacking of such a prominent company will depend on whether you’re fluent in information-technology security. If you’re not, you’re probably wondering how in the world this could happen. If you are, you’re aware that this could happen to any company (though it is still amazing that Sony made it so easy).

To understand any given episode of hacking, you need to understand who your adversary is. I’ve spent decades dealing with Internet hackers (as I do now at my current firm), and I’ve learned to separate opportunistic attacks from targeted ones.

You can characterize attackers along two axes: skill and focus. Most attacks are low-skill and low-focus­people using common hacking tools against thousands of networks world-wide. These low-end attacks include sending spam out to millions of email addresses, hoping that someone will fall for it and click on a poisoned link. I think of them as the background radiation of the Internet.

High-skill, low-focus attacks are more serious. These include the more sophisticated attacks using newly discovered “zero-day” vulnerabilities in software, systems and networks. This is the sort of attack that affected Target, J.P. Morgan Chase and most of the other commercial networks that you’ve heard about in the past year or so.

But even scarier are the high-skill, high-focus attacks­the type that hit Sony. This includes sophisticated attacks seemingly run by national intelligence agencies, using such spying tools as Regin and Flame, which many in the IT world suspect were created by the U.S.; Turla, a piece of malware that many blame on the Russian government; and a huge snooping effort called GhostNet, which spied on the Dalai Lama and Asian governments, leading many of my colleagues to blame China. (We’re mostly guessing about the origins of these attacks; governments refuse to comment on such issues.) China has also been accused of trying to hack into the New York Times in 2010, and in May, Attorney General Eric Holder announced the indictment of five Chinese military officials for cyberattacks against U.S. corporations.

This category also includes private actors, including the hacker group known as Anonymous, which mounted a Sony-style attack against the Internet-security firm HBGary Federal, and the unknown hackers who stole racy celebrity photos from Apple’s iCloud and posted them. If you’ve heard the IT-security buzz phrase “advanced persistent threat,” this is it.

There is a key difference among these kinds of hacking. In the first two categories, the attacker is an opportunist. The hackers who penetrated Home Depot’s networks didn’t seem to care much about Home Depot; they just wanted a large database of credit-card numbers. Any large retailer would do.

But a skilled, determined attacker wants to attack a specific victim. The reasons may be political: to hurt a government or leader enmeshed in a geopolitical battle. Or ethical: to punish an industry that the hacker abhors, like big oil or big pharma. Or maybe the victim is just a company that hackers love to hate. (Sony falls into this category: It has been infuriating hackers since 2005, when the company put malicious software on its CDs in a failed attempt to prevent copying.)

Low-focus attacks are easier to defend against: If Home Depot’s systems had been better protected, the hackers would have just moved on to an easier target. With attackers who are highly skilled and highly focused, however, what matters is whether a targeted company’s security is superior to the attacker’s skills, not just to the security measures of other companies. Often, it isn’t. We’re much better at such relative security than we are at absolute security.

That is why security experts aren’t surprised by the Sony story. We know people who do penetration testing for a living­real, no-holds-barred attacks that mimic a full-on assault by a dogged, expert attacker­and we know that the expert always gets in. Against a sufficiently skilled, funded and motivated attacker, all networks are vulnerable. But good security makes many kinds of attack harder, costlier and riskier. Against attackers who aren’t sufficiently skilled, good security may protect you completely.

It is hard to put a dollar value on security that is strong enough to assure you that your embarrassing emails and personnel information won’t end up posted online somewhere, but Sony clearly failed here. Its security turned out to be subpar. They didn’t have to leave so much information exposed. And they didn’t have to be so slow detecting the breach, giving the attackers free rein to wander about and take so much stuff.

For those worried that what happened to Sony could happen to you, I have two pieces of advice. The first is for organizations: take this stuff seriously. Security is a combination of protection, detection and response. You need prevention to defend against low-focus attacks and to make targeted attacks harder. You need detection to spot the attackers who inevitably get through. And you need response to minimize the damage, restore security and manage the fallout.

The time to start is before the attack hits: Sony would have fared much better if its executives simply hadn’t made racist jokes about Mr. Obama or insulted its stars­or if their response systems had been agile enough to kick the hackers out before they grabbed everything.

My second piece of advice is for individuals. The worst invasion of privacy from the Sony hack didn’t happen to the executives or the stars; it happened to the blameless random employees who were just using their company’s email system. Because of that, they’ve had their most personal conversations­gossip, medical conditions, love lives­exposed. The press may not have divulged this information, but their friends and relatives peeked at it. Hundreds of personal tragedies must be unfolding right now.

This could be any of us. We have no choice but to entrust companies with our intimate conversations: on email, on Facebook, by text and so on. We have no choice but to entrust the retailers that we use with our financial details. And we have little choice but to use cloud services such as iCloud and Google Docs.

So be smart: Understand the risks. Know that your data are vulnerable. Opt out when you can. And agitate for government intervention to ensure that organizations protect your data as well as you would. Like many areas of our hyper-technical world, this isn’t something markets can fix.

This essay previously appeared on the Wall Street Journal CIO Journal.

SANS Internet Storm Center, InfoCON: green: Bridging Datacenters for Disaster Recovery – Virtually, (Fri, Dec 19th)

This post was syndicated from: SANS Internet Storm Center, InfoCON: green and was written by: SANS Internet Storm Center, InfoCON: green. Original post: at SANS Internet Storm Center, InfoCON: green

Its been a while since we talked about Disaster Recovery issues – the last diary I posted on this was on using L2TPv3 to bridge your Datacenter / Server VLAN to the same VLAN at a DR site, over an arbitrary Layer 3 network (

Since then, things have changed. Theres a real push to move DR sites from a rack in a remote office location to recognized IaaS cloud locations. With that change comes new issues. If you are using your own servers in a colocation facility, or using IaaS VM instances, rack space for a physical router may either come with a price tag, or if its all virtual, there might be no rack space at all.

In my situation, I had two clients in this position. The first customer simply wanted to move their DR site from a branch office to a colocation facility. The second customer is a Backup-as-a-Service Cloud Service Provider, who is creating a DR as a service product. In the first situation, there was no rack space to be had. In the second situation, the last thing a CSP wants is to have to give up physical rack space for every customer, and then deploy CSP owned hardware to the client site – that simply does not scale. In both cases, a VM running a router instance was clearly the preferred (or only) choice.

Virtual routers with enterprise features have been around for a while – back in the day we might have looked at quagga or zebra, but those have been folded into more mature products these days. In our case, we were looking at Vyatta (now owned by Brocade), or the open-source (free as in beer) fork of Vyatta – Vyos ( Cisco is also in the game, their 1000V product supports IOS XE – their bridge L2 over L3 approach uses OTV rather than L2TPv3 or GRE. Youll find that most router vendors now have a virtual product.

Anyway, Working with Vyatta/Vyos configs isnt like Cisco at all – their configs look a whole lot more like you might see in JunOS. While Vyos supports the L2TPv3 protocol we know and love, its a brand new feature, and it comes with a note from the developer if you find any bugs, send me an email (confidence inspiring, that). Vyatta doesnt yet have that feature implemented. So I decided to use GRE tunnels, and bridge them to an ethernet interface. Since this tunnel was going to run over the public internet, I encrypted/encapsulated the whole thing using a standard site-to-site IPSEC tunnel.font-family:” times=””>The relevant configs look like the one below (just one end is shown) Note that this is not the entire config, and all IP”>Please – use our comment form and let us know if youve used a different method ofline-height:
normal”>First, define the bridge interface. Not that STP (Spanning Tree Protocol) is disabled. You likely want this disabled unless youline-height:
normal”>The ETH0 interface is on the server VLAN (or port group if you are using standard ESXi vSwitches) this is the VLAN that you are bridging to the DR site.line-height:
normal”>The GRE tunnel is also bridged, and also doesnt have an IP address. The encapsulation of GRE-bridge is the same as GRE (IP protocol 47), but the gre-bridgeline-height:
normal”>This stuff is all important for your security posture, but is not relevant to the tunneling or bridging, so Iline-height:
normal”> line-height:
normal”> line-height:
normal”>mso-bidi-font-family:Symbol”> Note that the peer IP is the public / NATmso-bidi-font-family:Symbol”>
IDs have to be created for each end – these routers use XAUTH when you define a pre-shared key, so to avoid having them use the FQDN, itmso-bidi-font-family:Symbol”>
The traffic match for encryption is defined by the source prefix+destination prefix+protocol. In our case, its the management IP of the customer router AND the matching IP on the cloud router AND GREmso-bidi-font-family:Symbol”>mso-bidi-font-family:Symbol”> Take some care in defining the pre-shared key. If a word occurs on your corporate website, facebook page, or linkedin (or in a dictionary), its a bad choice, LEET-speak or no.mso-bidi-font-family:Symbol”> We set both ends to initiate, which enables both init and respond. This allows either end to start the tunnel

Rob VandenBrink

(c) SANS Internet Storm Center. Creative Commons Attribution-Noncommercial 3.0 United States License.

Backblaze Blog | The Life of a Cloud Backup Company: Office Manager Emily Joins the Backblaze Horde!

This post was syndicated from: Backblaze Blog | The Life of a Cloud Backup Company and was written by: Yev. Original post: at Backblaze Blog | The Life of a Cloud Backup Company


The newest addition to the crew at Backblaze, Emily breaks down her favorite hobbies and aspirations. They involve pets and World of Warcraft…what a combo!

What is your Backblaze title?
Office Manager

If you didn’t have to work, what would you do?
If I didn’t have to work, I would work! I would start my own non-profit organization and open up a series of diverse animal shelters across the country. I am a huge animal advocate and love working with them. I spent the first 13 years of my life helping my grandparents run various campgrounds near Yosemite. My father and I wandered the forest, catching every creature that crossed our path. Mom almost never let us keep them, and I really wanted to bring home a bear, but even my father protested that. I would still attend school and obtain my RN license, and start another non-profit organization that provided medication and medical treatment for children in poor countries.

What is your dream job?
Working for Backblaze of course! However another dream job of mine is to join the Air Force, and work in counter-intelligence. I intend to finish getting my BA in nursing, join the Air Force, then retire and work as a Nurse at the Yountville Veterans Home.

What attracted you to Backblaze?
My husband has worked for Backblaze for well over 2 years now. He was constantly talking about how “cool” it is to work here, throwing all these names around that I could never remember. Except for Brian, I always knew there was a Brian….or two…or three….. maybe even four. Finally, I decided to check this place out for myself and liked what I saw. Luckily, they did too! The Company’s standard of transparency and honesty is refreshing, and I look forward to serving this company.

Where else have you worked?
Previously, I worked at Napa Valley Hospice as their Program Assistant – a very rewarding experience! I am incredibly thankful for the opportunity to have worked there. The things I learned are priceless, and the people I met are wonderful. Hospice is a unique form of healthcare, with an interdisciplinary team approach to patient care. Hospice helps both patients with terminal diagnoses and their loved ones, as they write their final life chapter.

Favorite place you’ve traveled?
Disneyland is my absolute favorite! In fact, my husband proposed to me on Pirates of the Caribbean. Needless to say, Disneyland holds many fond memories! However I have not traveled out of the country, and would love to visit South America and Europe.

Favorite hobby/interests?
I love camping, fishing, kicking butt and taking names in Call of Duty, spending an incredible amount of time at Petco, and playing World of Warcraft. For the Horde!

Help us welcome Emily to the Backblaze fold, and if you’re an Alliance member and meet her in-game…good luck to you!

Author information



Social Marketing Manager at Backblaze

Yev enjoys speed-walking on the beach. Speed-dating. Speed-writing blog posts. The film Speed. Speedy technology. Speedy Gonzales. And Speedos. But mostly technology.

Follow Yev on:

Twitter: @YevP | LinkedIn: Yev Pusin | Google+: Yev Pusin

The post Office Manager Emily Joins the Backblaze Horde! appeared first on Backblaze Blog | The Life of a Cloud Backup Company.

TorrentFreak: The Pirate Bay’s Facebook Page Is Shut Down Too

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

tpbfacebookMore than a week has passed since The Pirate Bay’s servers were pulled offline, and now the same is happening to the site’s official Facebook page.

With more than 470,000 likes TPB’s Facebook page had quite a reach, although the last status update dates back to last year. Since then the page was mostly used by ‘fans’ to share TPB related news stories, and most recently links to Pirate Bay alternatives.

Those who try to access the page today are out of luck though, as Facebook informs them that “the page isn’t available” and that it “may have been removed.”

It’s unclear what the reason behind the removal is. It could have been initiated by The Pirate Bay crew itself but it’s also possible that Facebook was asked to shut it down for alleged links to copyright infringing material.


If The Pirate Bay crew deleted the page the motivation may have been to cover its tracks. Swedish authorities have confirmed that there’s a new criminal investigation ongoing into the site’s operators, which may have prompted some to cut their ties.

That said, TPB’s official Twitter profile, which hasn’t been updated since December last year, remains online.

The Pirate Bay crew have remained pretty much silent over the past few days. Earlier this week a message was relayed through “Mr 10100100000″ who suggested that no decision has yet been made on a potential return.

“Will we reboot? We don’t know yet. But if and when we do, it’ll be with a bang,” Mr 10100100000 said.

Meanwhile, most of the site’s users are flocking to the Pirate Bay copies that are floating around, or one of the other popular torrent sites. This mass migration caused trouble at ExtraTorrent yesterday, who were briefly offline due to a “sudden increase in user traffic.”

At the same time, groups using the “Anonymous” moniker claimed to have hacked both the Swedish Government and the New Zealand police in a retaliatory move, while a better known “Anonymous” group distanced itself from The Pirate Bay.

“We do not support the return of The Pirate Bay itself. We used to be the activist arm behind this website and what it stood for, but we feel like The Pirate Bay doesn’t represent our message anymore,” the latter group said.

And so the storm continues.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

Backblaze Blog | The Life of a Cloud Backup Company: 2014 Year In Review

This post was syndicated from: Backblaze Blog | The Life of a Cloud Backup Company and was written by: Gleb Budman. Original post: at Backblaze Blog | The Life of a Cloud Backup Company


Seven years ago we started on a mission to make storing data astonishingly easy and low-cost so that no one loses their wedding photos, curated music, work files, or any of the other items from their computers. In 2014, I’m proud to say we made a good dent in that mission. Here are a few of the highlights from our 2014 year in review.

We launched an Android app to complement our existing iPhone app and increased restore sizes on hard drives to 4 TB and by 2x on flash drives to 128 GB so our customers could access more of their data faster. Email Notifications and Backup Summaries ensured they knew their data was safely backed up. Our refer-a-friend program gave our customers and their friends months of Backblaze for free. Upgrades to support iOS 8, Apple OS X Mavericks, and hundreds of smaller updates to keep improving the service for our customers.

I am incredibly grateful to the community that has supported us over the years. Another 11 incredible people joined our team to help us scale, plus a few interns (one of whom just won a $100,000 national science award.)

On Twitter, Facebook, and other digital places we talked with you virtually and then met many of you in person at Macworld, RootsTech, and many other events.

We wrote 75 blog posts such as those sharing a bunch of data on hard drive reliability, the impact of temperature on a hard drive, and which hard drive SMART stats matter. Since about 1,000,000 of you read these posts, we revamped our blog platform and will strive to continue sharing learning worthy of your time reading.

The simplicity of the product our customers see hides the wild scale of the systems and operations required to support it. We introduced a new 270 TB Storage Pod this year, scaled up to store over 100,000,000 GB of customer data, and opened a huge new 500 petabyte data center. Our support team answered their 100,000th ticket. Our customers recovered over 6 billion files that would have been irretrievably lost.

Famed consumer product reviewer Walt Mossberg recommends Backblaze and makes it his personal service. Gizmag calls Backblaze one of the easiest to use. And Deloitte ranks Backblaze the 128th fastest growing company in North America, with 917% revenue growth over five years.

So with 2015 imminently arriving, where do we go? Keep focusing on making storing data astonishingly easy and low-cost. One of the things I’m incredibly proud of our team for is being able to support a 1000% increase in per-customer data storage while keeping the $5 unlimited pricepoint unchanged. Thus, a lot of what we have planned will continue to be in the background – enhancing our massive cloud storage system to scale bigger, be more cost-efficient, and work ever better – so that our customers can continue to store more and more data, easier and easier.

A huge thank you to all of you: our customers, our community, our partners, and our employees for helping us make this happen.


Author information

Gleb Budman

Co-founder and CEO of Backblaze. Founded three prior companies. He has been a speaker at GigaOm Structure, Ignite: Lean Startup, FailCon, CloudCon; profiled by Inc. and Forbes; a mentor for Teens in Tech; and holds 5 patents on security.

Follow Gleb on: Twitter / LinkedIn / Google+

The post 2014 Year In Review appeared first on Backblaze Blog | The Life of a Cloud Backup Company.

Raspberry Pi: Royal Institution Christmas Lectures

This post was syndicated from: Raspberry Pi and was written by: Liz Upton. Original post: at Raspberry Pi

As you may have heard if you follow us on Twitter, Facebook or G+, we are sponsoring this year’s Royal Institution Christmas Lectures. The lectures are part of British educational history: Michael Faraday started them in 1825 to introduce science to ordinary people – especially young people – and they’ve been running ever since, with only one break in 1939-42 during World War II.

Professor Danielle George, presenter of this year's lectures. Photo credit: Paul Wilkinson

Professor Danielle George, presenter of this year’s lectures. Photo credit: Paul Wilkinson

We’re incredibly proud to be associated with the lectures. They’re a real educational jewel, and they provide some of the best television in the UK over the Christmas period. British readers can watch this year’s lectures on BBC4 on December 29, 30 and 31 – the theme (which, serendipitously, has a lot of relevance for Raspberry Pi users) is Sparks will fly: How to hack your home. International viewers will be able to watch later on on the Royal Institution’s website.

Here’s a teaser the Royal Institution released on YouTube yesterday.

If you’d like to read more about this year’s lectures, there’s a long interview with Professor Danielle George in the Guardian, where she explains why hacking is such a crucial skill for children. We hope you’ll be watching the lectures along with us!

TorrentFreak: Former ‘Pirate’ Site Dropped From UK Blocklist

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

filestube-newLast week the popular media search engine FilesTube transformed itself into a licensed video aggregator.

The site, which was once branded one of the top pirate sites by the entertainment industry, hopes that the move will bring in new revenue opportunities.

First, however, the site had to get rid of various remnants from its “pirate” history. The site is still blocked in the UK, for example, as the High Court previously declared that FilesTube infringed music rights.

Earlier, FilesTube informed TF that it planned to challenge the blockade at the High Court, but it turns out that this is no longer needed. Music industry group BPI, who were the driving force behind FilesTube’s blockade, followed recent developments and decided to unblock the site.

This is the first time that the list of blocked pirate sites in the UK has become shorter, although it may not be for long.

The BPI believes that FilesTube is a good example of how High Court orders can motivate websites to go legit and hopes that others will follow the example.

“We are pleased that the block has encouraged FilesTube to change its business model so that it no longer appears to infringe music rights,” BPI’s General Counsel Kiaron Whitehead tells TF.

“Accordingly, we have agreed to un-block the site, which the ISPs will implement over the next few weeks. We hope that other sites which are subject to blocking orders will follow suit and help to support the development of legal digital entertainment.”

TF also spoke with FilesTube, who are happy with BPI’s swift response. Since the music group can amend the blocklists without a court order, this saves the trouble of going through court.

“We used to be a media search engine for content on cyberlocker sites. Now we operate as a free VOD aggregator with licensed content only. We are grateful to BPI for agreeing to lift the blocks and we look forward to the growth of the new FilesTube,” a spokesperson informed TF.

In addition to the lifted blockade, FilesTube’s Facebook page was also unblocked recently. The page was taken down by the movie industry FACT, but is now accessible again.

Meanwhile, many of FilesTube’s former users are disappointed with the change. Apparently “going legit” also has its downsides, but the site hopes to rebuild a new community during the months to come.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

Krebs on Security: SpamHaus, CloudFlare Attacker Pleads Guilty

This post was syndicated from: Krebs on Security and was written by: BrianKrebs. Original post: at Krebs on Security

A 17-year-old male from London, England pleaded guilty this week to carrying out a massive denial-of-service attack last year against anti-spam outfit SpamHaus and content delivery network CloudFlare, KrebsOnSecurity has learned.

narko-stophausIn late March 2013, a massive distributed denial-of-service (DDoS) attack hit the web site of SpamHaus, an organization that distributes a blacklist of spammers to email and network providers. When SpamHaus moved its servers behind CloudFlare, which specializes in blocking such attacks — the attackers pelted CloudFlare’s network. The New York Times called the combined assault the largest known DDoS attack ever on the Internet at the time; for its part, CloudFlare dubbed it “the attack that almost broke the Internet.”

In April 2013, an unnamed then-16-year-old male from London identified only by his hacker alias “Narko,” was arrested and charged with computer misuse and money laundering in connection with the attack.

Sources close to the investigation now tell KrebsOnSecurity that Narko has pleaded guilty to those charges, and that Narko’s real name is Sean Nolan McDonough. A spokesman for the U.K. National Crime Agency confirmed that a 17-year-old male from London had pleaded guilty to those charges on Dec. 10, but noted that “court reporting restrictions are in place in respect to a juvenile offender, [and] as a consequence the NCA will not be releasing further detail.”

During the assault on SpamHaus, Narko was listed as one of several moderators of the forum Stophaus[dot]com, a motley crew of hacktivists, spammers and bulletproof hosting providers who took credit for organizing the attack on SpamHaus and CloudFlare.


It is likely that McDonough/Narko was hired by someone else to conduct the attack. So, this seems as good a time as any to look deeper into who’s likely the founder and driving force behind the Stophaus movement itself. All signs point to an angry, failed spammer living in Florida who runs an organization that calls itself the Church of Common Good.

cocg-fbNot long after McDonough’s arrest, a new Facebook page went online called “Freenarko,” which listed itself as “a solidarity support group to help in the legal defense and media stability for ‘Narko,’ a 16-yr old brother in London who faces charges concerning the Spamhaus DDoS attack in March.”

Multiple posts on that page link to Stophaus propaganda, to the Facebook page for the Church of the Common Good, and to a now-defunct Web site called “” (an eye-opening and archived copy of the site as it existed in early 2013 is available at; for better or worse, the group’s Facebook page lives on).

The Church of Common Good lists as its leader a Gulfport, Fla. man named Andrew J. Stephens, whose LinkedIn page says he is a “media mercenary” at the same organization. Stephens’ CV lists a stint in 2012 as owner of an email marketing firm variously called Digital Dollars and IBT Inc, moneymaking schemes which Stephens describes as a “beginner to intermediate level guide to successful list marketing in today’s email environment. It incorporates the use of both white hat and some sketchy techniques you would find on black hat forums, but has avoided anything illegal or unethical…which you would also find on black hat forums.”

More recent entries in Andrew’s LinkedIn profile show that he now sees his current job as a “social engineer.” From his page:

“I am a what you may call a “Social Engineer” and have done work for several information security teams. My most recent operation was with a research team doing propaganda analysis for a media firm. I have a unique ability to access data that is typically inaccessible through social engineering and use this ability to gather data for research purposes. I have a knack for data mining and analysis, but was not formally trained so am able to think outside the box and accomplish goals traditional infosec students could not. I am proficient at strategic planning and vulnerability analysis and am often busy dissecting malware and tracking the criminals behind such software. There’s no real title for what I do, but I do it well I am told.”

Turns out, Andrew J. Stephens used to have his own Web site — Here, the indispensable helps out again with a cache of his site from back when it launched in 2011 (oddly enough, the same year that Stophaus claims to have been born). On his page, Mr. Stephens lists himself as an “internet entrepreneur” and his business as “IBT.” Under his “Featured Work” heading, he lists “The Stophaus Project,” “Blackhat Learning Center,” and a link to an spamming software tool called “Quick Send v.1.0.”

Stephens did not return requests for comment sent to his various contact addresses, although a combative individual who uses the Twitter handle @Stophaus and has been promoting the group’s campaign refused to answer direct questions about whether he was in fact Andrew J. Stephens.

Helpfully, the cached version of lists a contact email address at the top of the page: (“Stephensboy” is the short/informal name of the Andrew J. Stephens LinkedIn profile). A historic domain registration record lookup purchased from shows that same email address was used to register more than two dozen domains, including and Other domains and businesses registered by that email include (hyperlinked domains below link to versions of the site):

-“” (“BP” is a common abbreviation for “bulletproof hosting” services sold to -spammers and malware purveyors);
-“” (another spam software product produced and marketed by Stephens);
-“” (tools to scrub spam email lists of dummy or decoy addresses used by anti-spam companies);

The physical address on many of the original registration records for the site names listed above show an address for one Michelle Kellison. The incorporation records for the Church of Common Good filed with the Florida Secretary of State list a Michelle Kellison as the registered agent for that organization.

Putting spammers and other bottom feeders in jail for DDoS attacks may be cathartic, but it certainly doesn’t solve the underlying problem: That the raw materials needed to launch attacks the size of the ones that hit SpamHaus and CloudFlare last year are plentiful and freely available online. As I noted in the penultimate chapter of my new book — Spam Nation (now a New York Times bestseller, thank you dear readers!), the bad news is that little has changed since these ultra-powerful attacks first surfaced more than a decade ago.

Rodney Joffe, senior vice president and senior technologist at Neustar –a security company that also helps clients weather huge online attacks — estimates that there are approximately 25 million misconfigured or antiquated home and business routers that can be abused in these digital sieges. From the book:

Most of these are home routers supplied by ISPs or misconfigured business routers, but a great many of the devices are at ISPs in developing countries or at Internet providers that see no economic upside to spending money for the greater good of the Internet.

“In almost all cases, it’s an option that’s configurable by the ISP, but you have to get the ISP to do it,” Joffe said. “Many of these ISPs are on very thin margins and have no interest in going through the process of protecting their end users— or the rest of the Internet’s users, for that matter.”

And therein lies the problem. Not long ago, if a spammer or hacker wanted to launch a massive Internet attack, he had to assemble a huge botnet that included legions of hacked PCs. These days, such an attacker need not build such a huge bot army. Armed with just a few hundred bot- infected PCs, Joffe said, attackers today can take down nearly any target on the Internet, thanks to the millions of misconfigured Internet routers that are ready to be conscripted into the attack at a moment’s notice.

“If the bad guys launch an attack, they might start off by abusing 20,000 of these misconfigured servers, and if the target is still up and online, they’ll increase it to 50,000,” Joffe said. “In most cases, they only need to go to 100,000 to take the bigger sites offline, but there are 25 million of these available.”

If you run a network of any appreciable size, have a look for your Internet addresses in the Open Resolver Project, which includes a searchable index of some 32 million poorly configured or outdated device addresses that can be abused to launch these very damaging large-scale attacks.

The Hacker Factor Blog: You Can Bank On It

This post was syndicated from: The Hacker Factor Blog and was written by: The Hacker Factor Blog. Original post: at The Hacker Factor Blog

Last week, security journalist Brian Krebs reported on a U.S. Treasury Department finding. The Treasury found that TOR nodes account for a large percent of online banking fraud.

I found this report to be startling. I wasn’t surprised that TOR was being used for fraud. Rather, I was stunned that, after all these years, the banking industry was not filtering out logins from TOR nodes!

Don’t look at me!

Let’s back up a moment… The purpose of TOR (the onion router) is to mix up the network pathway so that users can be anonymous online. The purpose of logging into anything — a bank, Google, Facebook, or any other online service — is to identify yourself. These are diametrically opposed concepts. You cannot be anonymous and identify yourself at the same time!

There may be some online services where you don’t care about the account and you want to be anonymous. A good example would be a free Yahoo Mail account that some anti-government Chinese citizen wants to access. They are anonymous but also identified for logging into the account. However, online banking is different.

With online banking, it is not a “free account”. The account manages tangable assets (money) and is directly associated with a person (or company). Customers want the bank to know it is them doing legitimate business and not someone else doing fraud.

The only time a user might want to be anonymous when accessing a bank is if the account is for doing something illegal (like money laundering). This way, the bank won’t be able to trace the account to an individual. But then again, no FDIC Insured bank wants that kind of customer. (Let’s leave the fraud to non-insured PayPal accounts.)

Seriously: I cannot think of any legitimate reason to do anonymous online banking. I see no legitimate reason to access your bank account using TOR.

Safe Web Access

The other thing to remember is that TOR is not a safe online system. Sure, nobody can trace the network connection from the web client to the web server, but that doesn’t mean it is safe. Specifically, you (the TOR user) do not know who owns each TOR exit node and you have no idea what they are doing to your data.

Last October, some researchers discovered that a few TOR exit nodes were maliciously modifying files. You may think you are downloading a program, but the TOR node was inserting malware instead.

Hostile TOR nodes have also been used to track users and even record logins and passwords.

In effect, if you use TOR then you should assume that (1) nobody knows it is you, and (2) someone is watching and recording what you do. Logging into your bank, or anywhere else, is really a bad idea for TOR users. Knowing this, it strikes me that banks are being intentionally ignorant to permit logins from TOR nodes. This majority of banking fraud should have been stopped years ago.

Filtering by Network

I have previously written about various ways to detect proxies. There are two fast and easy ways to detect proxy users: network and application filtering.

The first way focuses on the network address. The folks at the Tor Project actually have an FAQ entry for online services that want to block TOR. They even provide the list of known TOR nodes! At this point, the web server can look at every login request and check if the client’s network address is the same as a known TOR node. If it is, then they can block the request. (And if the login was valid, the bank can even block all login access to the account since the account has been compromised.)

Keep in mind: TOR is not the only proxy network out there. There are dozens of free lists of open proxies. (And even more fee-based lists.) There are also a couple of DNS-blacklist systems that identify known proxy addresses. And then there are network-based geo-location databases — most have some subnets identified as known proxy networks. Banks could even use the geo-location information to identify likely fraud. For example, if I last logged in from Colorado and then, minutes or hours later, appear to come from Europe, then my account has likely been compromised.

If banks really wanted to be proactive, then they would also identify Starbucks, McDonalds, Holiday Inn, and other major free-Internet providers and add them to the “no login” list. Users should never check their bank accounts from a free Internet service.

Filtering by Application

While network filtering will identify known addresses that denote proxy systems, there are always other proxies that are not found on any list.

Beyond looking at network addresses, services can detect proxies by looking at the web traffic’s HTTP header. Many proxy systems add in their own HTTP headers that denote a network relay. If any of these proxy headers exist, then the server should reject the login.

The biggest problem with HTTP headers is that there is no consistent method to identify a web proxy. Some relays add in an HTTP “VIA” header. Others may use “FORWARDED”, “FORWARDED-FOR”, “HTTP_CLIENT_IP”, “X-PROXY-ID” or similar header fields. My own FotoForensics system currently looks for over a dozen different HTTP headers that denote some kind of proxy network connection. While some of these proxy networks may be acceptable for online banking (e.g., “X-BlueCoat-Via” or “Client-IP”), others should probably be blacklisted.

Being proactive is not a crime

There are many viable uses for proxy networks. However, there are also times when using a proxy is a really bad idea. Banks should be utilizing all of these proxy detection methods. They should be ensuring that the network address is not part of a known proxy system. And they should be proactively trying to identify and reduce fraud.

Of course, some people may tell you that online banking through TOR is safe if you use HTTPS. However, that really isn’t true. Anyone who has seen the Defcon Wall of Sheep knows that HTTPS is easy to compromise if you control the network. Remember: SSL is a security placebo and not an actual security solution.

Before I began focusing on forensic tool development, I did a lot of forensic analysis for corporations. I always thought it was ironic when the corporate lawyers would give me very specific directions, like: “We want to know exactly what happened on this computer. Who did what and when. And whatever happens, we do not want you to look at that computer over there!” With corporate attorneys, if they know about something then they must act on it. But if they don’t explicitly know, then they don’t have to do anything about it. By not looking at the problem, they could always claim ignorance.

This entire “TOR used for bank fraud” situation has a similar feel. It is as if the banks want to claim ignorance rather than addressing the problem. But in this case, the entire industry has known for years that TOR is commonly used for online criminal activity. And we have long known that easy banking access facilitates fraud. In this case, not blocking TOR users really looks to me like intentional criminal negligence.

Backblaze Blog | The Life of a Cloud Backup Company: Holiday Gift Guide – Backblaze Style

This post was syndicated from: Backblaze Blog | The Life of a Cloud Backup Company and was written by: Yev. Original post: at Backblaze Blog | The Life of a Cloud Backup Company

We all have those hard to shop for members of our family, and at Backblaze, we wanted to take a moment and make your holiday shopping conundrums a bit easier to solve. We realize this is coming out a bit late in the holiday gift guide season, so we pooled together some items that you could get fairly quickly, if you act fast!

For those of your family who just can’t shake their nostalgia this 3.5″ floppy is a great get, and best of all, a ten pack is only $7.95 at


Need a bit more data, but want a functional way to carry it around? May we introduce you to the Stick Around! You can prop up your phone with this beauty, plus it has a 4GB hardcore storage capability:

Have a budding young data fan in your family? Get them this adorable little Minion USB Key (for tons of other novelty flash keys take a gander at Amazon:

Too old for minions or novelty flash keys? Well, what about a nice piece of hardware? Get some wood, 1 whole TB worth:
wooden USB

OK, wood might be a bit too much, but what about something to compliment that new Mac Pro you got? How about a nice 1TB sphere:

Perhaps 1TB futuristic drives aren’t your thing? You need a bit more space because you collect lots of “data”? A Drobo is the thing for you:

“5 hard drive slots? What am I? A peasant? My cat photo library itself is over 100TB!” Is that so? Fine…you deserve your own Backblaze storage pod…a Storinator:storinator_splash.1

So now that you have all that fancy hardware, you need to fill it with hard drives right? Might we humbly suggest these HGST drives:

Wait, you didn’t need to store your data at all, you just wanted your phone to look awesome? We totally misunderstood. Here’s a rad case:

We hope that helps with your holiday gift giving angst. If you’re still looking for something though, a great gift that keeps on giving is a Backblaze gift code. You can buy a gift code for someone today, and help keep their important data safe for the years to come! It’s better than coal right? Plus you don’t have to wait for shipping…

Author information



Social Marketing Manager at Backblaze

Yev enjoys speed-walking on the beach. Speed-dating. Speed-writing blog posts. The film Speed. Speedy technology. Speedy Gonzales. And Speedos. But mostly technology.

Follow Yev on:

Twitter: @YevP | LinkedIn: Yev Pusin | Google+: Yev Pusin

The post Holiday Gift Guide – Backblaze Style appeared first on Backblaze Blog | The Life of a Cloud Backup Company.

Schneier on Security: Corporations Misusing Our Data

This post was syndicated from: Schneier on Security and was written by: schneier. Original post: at Schneier on Security

In the Internet age, we have no choice but to entrust our data with private companies: e-mail providers, service providers, retailers, and so on.

We realize that this data is at risk from hackers. But there’s another risk as well: the employees of the companies who are holding our data for us.

In the early years of Facebook, employees had a master password that enabled them to view anything they wanted in any account. NSA employees occasionally snoop on their friends and partners. The agency even has a name for it: LOVEINT. And well before the Internet, people with access to police or medical records occasionally used that power to look up either famous people or people they knew.

The latest company accused of allowing this sort of thing is Uber, the Internet car-ride service. The company is under investigation for spying on riders without their permission. Called the “god view,” some Uber employees are able to see who is using the service and where they’re going — and used this at least once in 2011 as a party trick to show off the service. A senior executive also suggested the company should hire people to dig up dirt on their critics, making their database of people’s rides even more “useful.”

None of us wants to be stalked — whether it’s from looking at our location data, our medical data, our emails and texts, or anything else — by friends or strangers who have access due to their jobs. Unfortunately, there are few rules protecting us.

Government employees are prohibited from looking at our data, although none of the NSA LOVEINT creeps were ever prosecuted. The HIPAA law protects the privacy of our medical records, but we have nothing to protect most of our other information.

Your Facebook and Uber data are only protected by company culture. There’s nothing in their license agreements that you clicked “agree” to but didn’t read that prevents those companies from violating your privacy.

This needs to change. Corporate databases containing our data should be secured from everyone who doesn’t need access for their work. Voyeurs who peek at our data without a legitimate reason should be punished.

There are audit technologies that can detect this sort of thing, and they should be required. As long as we have to give our data to companies and government agencies, we need assurances that our privacy will be protected.

This essay previously appeared on

Блогът на Юруков: Тест за интелигентност: дали бият нетествана ваксина на децата ни

This post was syndicated from: Блогът на Юруков and was written by: Боян Юруков. Original post: at Блогът на Юруков

шествалентна ваксина черен триъгълник Хексацима нетествана наблюдение ваксина Hexacima  bylgariq my life

Преди дни стана ясно, че проблемът с шествалентните ваксини е решен. Ваксината се казва Хексацима (Hexacima) и съвсем скоро флаконите ще бъдат доставени на лекарите. Малко след като се разбра името на ваксината, из мрежата плъзнаха коментари (даже нямам намерение да ги линквам), че е била нетествана и виждаш ли – големите фармацевтични компании щели да използват българските бебета като опитни зайчета. Индикация за това бил черният триъгълник в листовката указващ, че продуктът „подлежи на допълнително наблюдение“. Разбира се, новината беше прекопирана из всякакви сензационни сайтове и си има вече тема в БГ Мама.

Какво всъщност означава обърнатият черен триъгълник? Най-просто казано, това е мярка на европейско ниво за всички нови лекарства, които съдържат наскоро одобрени препарати или биологични продукти. Прилага се за всички нови ваксини просто заради масовостта им. Това наблюдение не означава, че продуктът не е тестван или крие някакви рискове. Точно обратното – въпреки доказаната безопасност, Европейската медицинска агенция ще го наблюдава за всеки случай. Всички ваксини излезли след 2011-ти попадат в този списък.

Това, разбира се, не пречи на противниците на ваксините да сеят паника сред родителите. Тъй като последните съвсем разбираемо се притесняват за децата си, редовно има коментари, че „навярно не знаем цялата истина“, „щом го пише в нета значи има нещо“ и „ще изчакаме да видим дали има проблем при другите“. Всичко това застрашава здравето както на децата, така и на новородените около тях, които са твърде малки, за да бъдат защитени с ваксини. За рисковете от подлъгването по подобни глупости съм писал много до сега.

Ето обаче и черешката на тортата. Реших да погледна дали шествалентната ваксина, която бихме на дъщеря ми в Германия, има такъв черен триъгълник. Не съм ги купувал аз, даже не съм виждал опаковката. В Германия лекарят идва с една спринцовка и нищо не ти казва. В имунизационния картон обаче има лепенка и там пише, че ваксината е Hexyon. След кратка проверка установих, че това е същата ваксина, която ще бият в България. Просто в някои държави се продава под друго име. Препаратът е същия, както става ясно от производителя и регулатора.

Това може да означава две неща – или в последните две години горките немски деца са били подложени на нечовешки експеримент за тестване на непроверена ваксина, или всички трябва да се замислим какво ниво на интелигентност трябва имаш, за да повярваш на такива глупости. Още повече, че всичко за процеса на тестване, одобрение и прилагане на ваксината, както и за режима на наблюдение след това, е публично и лесно достъпно. Това се прави точно, за да могат родителите да се информират за въпросните продукти.

Не казвам, че родителите, които търсят повече информация са глупави. Точно обратното – аз го правя и при толкова много достъпна информация препоръчвам на всички да я погледнат. Трябва обаче сериозно да не ти пука за детето ти, за да не се зачетеш по-сериозно, а да възприемаш като достоверни няколко панически поста във Facebook.

За повече информация: листовка за Hexyon, листовка за Hexacima, информация за интензивното наблюдение.