Posts tagged ‘Facebook’

Krebs on Security: Windows 10 Shares Your Wi-Fi With Contacts

This post was syndicated from: Krebs on Security and was written by: BrianKrebs. Original post: at Krebs on Security

Starting today, Microsoft is offering most Windows 7 and Windows 8 users a free upgrade to the software giant’s latest operating system — Windows 10. But there’s a very important security caveat that users should know about before transitioning to the new OS: Unless you opt out, Windows 10 will by default share your Wi-Fi network password with any contacts you may have listed in Outlook and Skype — and, with an opt-in, your Facebook friends!

msoptoutThis brilliant new feature, which Microsoft has dubbed Wi-Fi Sense, doesn’t share your WiFi network password per se — it shares an encrypted version of that password. But it does allow anyone in your Skype or Outlook or Hotmail contacts lists to waltz onto your Wi-Fi network — should they ever wander within range of it or visit your home (or hop onto it secretly from hundreds of yards away with a good ‘ole cantenna!).

I first read about this disaster waiting to happen over at The Register, which noted that Microsoft’s Wi-Fi Sense FAQ seeks to reassure would-be Windows 10 users that the Wi-Fi password will be sent encrypted and stored encrypted — on a Microsoft server. According to PCGamer, if you use Windows 10’s “Express” settings during installation, Wi-Fi Sense is enabled by default.

“For networks you choose to share access to, the password is sent over an encrypted connection and stored in an encrypted file on a Microsoft server, and then sent over a secure connection to your contacts’ phone if they use Wi-Fi Sense and they’re in range of the Wi-Fi network you shared,” the FAQ reads.

The company says your contacts will only be able to share your network access, and that Wi-Fi Sense will block those users from accessing any other shared resources on your network, including computers, file shares or other devices. But these words of assurance probably ring hollow for anyone who’s been paying attention to security trends over the past few years: Given the myriad ways in which social networks and associated applications share and intertwine personal connections and contacts, it’s doubtful that most people are aware of who exactly all of their social network followers really are from one day to the next.

El Reg says it well here:

That sounds wise – but we’re not convinced how it will be practically enforced: if a computer is connected to a protected Wi-Fi network, it must know the key. And if the computer knows the key, a determined user or hacker will be able to find it within the system and use it to log into the network with full access.

In theory, someone who wanted access to your company network could befriend an employee or two, and drive into the office car park to be in range, and then gain access to the wireless network. Some basic protections, specifically ones that safeguard against people sharing their passwords, should prevent this.

I should point out that Wi-Fi networks which use the centralized 802.1x Wi-Fi authentication — and these are generally tech-savvy large organizations — won’t have their Wi-Fi credentials shared by this new feature.

Microsoft’s solution for those concerned requires users to change the name (a.k.a. “SSID“) of their Wi-Fi network to include the text “_optout” somewhere in the network name (for example, “oldnetworknamehere_optout”).

It’s interesting to contrast Microsoft’s approach here with that of Apple, who offer an opt-in service called iCloud Keychain; this service allows users who decide to use the service to sync WiFi access information, email passwords, and other stored credentials amongst their own personal constellation of Apple computers and iDevices via Apple’s iCloud service, but which does not share this information with other users. Apple’s iCloud Keychain service encrypts the credentials prior to sharing them, as does Microsoft’s Wi-Fi Sense service; the difference is that it’s opt-in and that it only shares the credentials with your own devices.

Wi-Fi Sense has of course been a part of the latest Windows Phone for some time, yet it’s been less of a concern previously because Windows Phone has nowhere near the market share of mobile devices powered by Google’s Android or Apple’s iOS. But embedding this feature in an upgrade version of Windows makes it a serious concern for much of the planet.

Why? For starters, despite years of advice to the contrary, many people tend to re-use the same password for everything. Also, lots of people write down their passwords. And, as The Reg notes, if you personally share your Wi-Fi password with a friend — by telling it to them or perhaps accidentally leaving it on a sticky note on your fridge — and your friend enters the password into his phone, the friends of your friend now have access to the network.

Source: How-To Geek

Source: How-To Geek

An article in Ars Technica suggests the concern over this new feature is much ado about nothing. That story states: “First, a bit of anti-scaremongering. Despite what you may have read elsewhere, you should not be mortally afraid of Wi-Fi Sense. By default, it will not share Wi-Fi passwords with anyone else. For every network you join, you’ll be asked if you want to share it with your friends/social networks.”

To my way of reading that, if I’m running Windows 10 in the default configuration and a contact of mine connects to my Wi-Fi network and say yes to sharing, Windows shares access to that network: The contact gets access automatically, because I’m running Windows 10 and we’re social media contacts. True, that contact doesn’t get to see my Wi-Fi password, but he can nonetheless connect to my network.

While you’re at it, consider keeping Google off your Wi-Fi network as well. It’s unclear whether the Wi-Fi Sense opt-out kludge will also let users opt-out of having their wireless network name indexed by Google, which requires the inclusion of the phrase “_nomap” in the Wi-Fi network name. The Register seems to think Windows 10 upgraders can avoid each by including both “_nomap” and “_optout” in the Wi-Fi network name, but this article at How-To Geek says users will need to choose the lesser of two evils.

Either way, Wi-Fi Sense combined with integrated Google mapping tells people where you live (and/or where your business is), meaning that they now know where to congregate to jump onto your Wi-Fi network without your permission.

My suggestions:

  1. Prior to upgrade to Windows 10, change your Wi-Fi network name/SSID to something that includes the terms “_nomap_optout”.
  2. After the upgrade is complete, change the privacy settings in Windows to disable Wi-Fi Sense sharing.
  3. If you haven’t already done so, consider additional steps to harden the security of your Wi-Fi network.

Further reading:

What Is Wi-Fi Sense and Why Does it Want Your Facebook Account? 

UH OH: Windows 10 Will Share Your Wi-Fi Key With Your Friends’ Friends

Why Windows 10 Shares Your Wi-Fi Password and How to Stop it

Wi-Fi Sense in Windows 10: Yes, It Shares Your Passkeys, No You Shouldn’t Be Scared

TorrentFreak: Sony Settles Piracy Lawsuit With Russia’s Facebook

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

vkFor several years VKontakte, or VK, has been branded as a piracy facilitator by copyright holders and even the U.S. Government.

In common with many user-generated sites, VK allows its millions of users to upload anything from movies and TV shows to their entire music collections. However, copyright holders often claim that Russia’s social network has failed to adopt proper anti-piracy measures.

Last year this resulted in a lawsuit filed at the Saint Petersburg and Leningrad Region Arbitration Court, in which Sony Music, Universal Music and Warner Music demanded countermeasures and compensation for the large scale copyright infringement VK allegedly facilitates.

The case is still ongoing, but as of this week Sony Music has dropped out. According to a local report Sony and VK signed a confidential settlement agreement to resolve the dispute.

No further details on the content of the deal have been published, but according to sources VK will upgrade its current music service.

Among other things, the social network will start charging mobile users for access to its official music platform. Desktop users will still have free access, but these views will be monetized through advertisements.

Both changes will be rolled out gradually after a thorough test phase.

The settlement with Sony Music is a breakthrough for the Russian equivalent of Facebook, but it doesn’t mean that all legal troubles are over.

The remaining cases against Universal Music and Warner Music haven’t been resolved yet. Together with Sony the companies demanded 50 million rubles ($830,000) in damages in their complaint last year, and VK is still on the hook for most of it.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and the best VPN services.

TorrentFreak: MPAA Sues MovieTube Sites Over Mass Piracy

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

movietubeUnauthorized movie streaming sites have been a thorn in the side of Hollywood for many years, and yesterday the MPAA decided to take one of the most prominent players to court.

MPAA members 20th Century Fox, Columbia Pictures, Disney, Paramount, Universal and Warner Bros filed a lawsuit against a group of MovieTube affiliated websites, which operate from more than two dozen domain names.

In the complaint, filed at a New York District Court a few hours ago, the movie studios describe MovieTube as a business that’s designed and operated to promote copyright infringement for profit.

The MPAA lists several popular websites including MovieTube.cc, TuneVideo.net, Watch33.tv, MovieTube.cz, Anime1.tv, MovieTube.pm, FunTube.co, MovieTube.la and KissDrama.net. These sites share hosting facilities and a similar design and the studios believe that they are operated by the same people.

The websites in question are typical streaming sites, where users can watch videos and in some cases download the source files to their computers.

“Defendants, through the MovieTube Websites, aggregate, organize and provide embedded links to extensive libraries of Infringing Copies of Plaintiffs’ Works,” the compliant (pdf) reads.

“…users can watch Infringing Copies without leaving the MovieTube Websites. The MovieTube Websites even allow users, in some instances, to download Infringing Copies by clicking on a selection from a menu built into the video player software supplied by Defendants.”

According to the MPAA, MovieTube’s operators are well aware of the infringing nature of their site. On one of their Facebook pages they write that it’s not a problem that many films are pirated, since they are not bound by U.S. laws.

facebookadmit

The complaint accuses MovieTube of various counts of copyright and trademark infringement. This means that the site’s operators face millions of dollars in statutory damages.

Perhaps more importantly, the MPAA is also demanding a broad preliminary injunction to make it virtually impossible for the operators to keep their sites online.

Among other things, the proposed measures would prevent domain registrars, domain registries, hosting companies, advertisers and other third-party outfits from doing business with the site.

If granted, MovieTube’s operators will have a hard time keeping the sites afloat, but it appears that the injunction may not even be needed.

At the time of writing all MovieTube domain names are unreachable. It is unclear whether the operators took this decision themselves, but for now the future of these sites looks grim.

The full list of sites mentioned in the complaint is as follows: MovieTube.tw, MovieTube.ph, TVStreaming.cc, MovieTube.sx, MovieTube.pw, MovieTubeNow.com, MovieTube.tf, MovieTube.co, MovieOnDrive.com, MovieTube.vc, TuneVideo.net, MovieTube.mn, MovieTube.cc, Watch33.tv, MovieTube.cz, Anime1.tv, MovieTube.pm, FunTube.co, MovieTube.la, KissDrama.net, MovieTube.so, MovieTube.click, MovieTubeHD.co, MovieTubeHD.net, MovieTubeHD.org, MovieTubeHD.tv, MovieTubeHD.us, MovieTubenow.in and TuneMovie.me.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and the best VPN services.

Linux How-Tos and Linux Tutorials: How to Install WordPress With Nginx, MariaDB and HHVM in Ubuntu 15.04

This post was syndicated from: Linux How-Tos and Linux Tutorials and was written by: Falko Timme. Original post: at Linux How-Tos and Linux Tutorials

HHVM (Hip Hop Virtual Machine) is a just-in-time compiler developed by Facebook to run applications that are written in PHP and Hack language. HHVM is faster than the traditional PHP engine from ZEND and is used by Facebook to serve billions of web requests per day. This tutorial describes the steps to install WordPress with Nginx, MariaDB and HHVM on Ubuntu 15.04 Server.

Read more at HowtoForge

TorrentFreak: KickassTorrents Disappears From Google After Penalty

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

kickassWith millions of visitors per day KickassTorrents (KAT) is arguably the most visited torrent site on the Internet, outranking even the notorious Pirate Bay.

After several domain hops KAT has been operating from the KAT.cr domain name for a few months now. However, in recent weeks many infrequent visitors have experienced trouble locating the site, leading to all sorts of problems.

Traditionally, the site has been easy to find through Google by entering the search terms “KickassTorrents” or “Kickass Torrents,” but this is no longer the case.

In fact, the official KAT.cr address is nowhere to be found in the top results. Instead, people see the unknown and unaffiliated Kickasstorrents.eu domain on top in many locations, as the screenshot below shows.

Google’s KickassTorrents search results
googlekick

The KAT team informs us that Google began to penalize its pages a while ago, for reasons unknown. Perhaps there are ways to solve the problems, but the site is currently not doing any search engine optimization (SEO).

“It’s already about five or six months since we started to experience some kind of penalty from Google. The issue is that we were not performing any SEO activities at all,” KAT says.

What makes matters worse is that .eu site which tops Google search results is a scam. It doesn’t offer any torrents but instead prompts visitors to download File_Downloader.exe, which appears to be malware.

The KAT team finds it unfortunate that Google is sending tens of thousands of visitors to a shady site and encourages people to check the official Facebook and Twitter accounts for the latest official domain name.

Interestingly, not all search engines treat KAT the same. In Bing the site’s official domain name is not on top either, but it’s listed on the first page. DuckDuckGo does the best job, identifying the correct domain and even tagging it as an “official site,” which is quite useful to estranged KAT users.

DuckDuckGo’s KickassTorrents search results
duckkick

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and the best VPN services.

Krebs on Security: Third Hacking Team Flash Zero-Day Found

This post was syndicated from: Krebs on Security and was written by: BrianKrebs. Original post: at Krebs on Security

For the third time in a week, researchers have discovered a zero-day vulnerability in Adobe’s Flash Player browser plugin. Like the previous two discoveries, this one came to light only after hackers dumped online huge troves of documents stolen from Hacking Team — an Italian security firm that sells software exploits to governments around the world.

News of the latest Flash flaw comes from Trend Micro, which said it reported the bug (CVE-2015-5123) to Adobe’s Security Team. Adobe confirmed that it is working on a patch for the two outstanding zero-day vulnerabilities exposed in the Hacking Team breach.

We are likely to continue to see additional Flash zero day bugs surface as a result of this breach. Instead of waiting for Adobe to fix yet another flaw in Flash, please consider removing or at least hobbling this program.

flashpotus

Google Chrome comes with its own version of Flash pre-installed, but disabling it is easy enough. On a Windows, Mac, Linux or Chrome OS installation of Chrome, type “chrome:plugins” into the address bar, and on the Plug-ins page look for the “Flash” listing: To disable Flash, click the disable link (to re-enable it, click “enable”).

Windows users can remove Flash from non-Chrome browsers from the Add/Remove Programs panel, and/or using this Flash Removal Tool. Note that you must exit out of all Web browsers before running the tool. To verify that Flash has been removed, visit this page; if it says your browser needs Flash, you’ve successfully removed it.

For Mac users, AppleInsider carries a story today that has solid instructions for nixing the program from OS X once and for all.

“Flash has become such an information security nightmare that Facebook’s Chief Security Officer called on Adobe to sunset the platform as soon as possible and ask browser vendors to forcibly kill it off,” AppleInsider’s Shane Cole writes. “Though most exploits are targeted at Windows, Mac users are not invincible.”

I removed Flash entirely more than a month ago and haven’t missed the program one bit. Unfortunately, some sites — including many government Web sites  — may prompt users to install Flash in order to view certain content. Perhaps it’s time for a petition to remove Flash Player from U.S. Government Web sites altogether? If you agree, make your voice heard here.  For more on spreading the word about Flash, see the campaign at OccupyFlash.org.

If you decide that removing Flash altogether or disabling it until needed is impractical, there are in-between solutions. Script-blocking applications like Noscript and ScriptSafe are useful in blocking Flash content, but script blockers can be challenging for many users to handle.

Another approach is click-to-play, which is a feature available for most browsers (except IE, sadly) that blocks Flash content from loading by default, replacing the content on Web sites with a blank box. With click-to-play, users who wish to view the blocked content need only click the boxes to enable Flash content inside of them (click-to-play also blocks Java applets from loading by default).

Windows users who decide to keep Flash installed and/or enabled also should take full advantage of the Enhanced Mitigation Experience Toolkit (EMET), a free tool from Microsoft that can help Windows users beef up the security of third-party applications.

Backblaze Blog | The Life of a Cloud Backup Company: What You Would Do With a Storage Pod

This post was syndicated from: Backblaze Blog | The Life of a Cloud Backup Company and was written by: Andy Klein. Original post: at Backblaze Blog | The Life of a Cloud Backup Company

blog-pod-contest-winner-1

A few weeks ago, we held a contest offering a free Storage Pod chassis as a prize to people who came up with creative ways to use/reuse a Backblaze Storage Pod chassis. The response was outstanding! We reviewed all the submissions and selected 20 we thought the most deserving – it was hard work. Here are some of the winning entries with all the winners listed at the end.

Storage Pods in education

Over the years, students have built Storage Pods to store data for research projects and similar data intensive activities. Here are a couple of submissions where the students most likely will not be using the Storage Pods to store data – and that’s just fine with us.

    “I have three kids ages 9, 7 and 5. What would we do with these? They would immediately be incorporated into their ongoing quasi-engineering to build various things out of parts of all kinds, both indoors and outdoors, as they continue to develop their imagination, creativity and engineering ability.”

    “We are building a Makerspace and Tinkering lab at our SF school and are trying to use as much up-cycled and repurposed material as possible. Our students would love to think of creative and innovative uses for the pods in their new spaces.”

A second career for the Storage Pods

The Storage Pods being retired have worked 24/7 for the last six years. That’s equivalent to working 40 hours a week for 26 years. While these Storage Pod chassis are technically in retirement, some of them want to continue to work. Several of the contest winners suggested excellent second careers.

    Magician’s Assistant – “I am a magician. The storage pods would be easily convertible into a mini sword box, where I could put something inside and stick swords though the item, then open it up and see the item is still in one piece with no holes.”

    Roadie – “I would use it for storage for all my musical equipment and I will be able to route cables and ports through the holes so that way I can make it a one stop shop for all my outboard gear for recording.”

    Senior Roadie – A sturdy box to put cables and other material for guitar gigs and then place the box under my 2×12 guitar cabinet to elevate it. A metal box is sturdy as well as has a good connection to the ground as it’s important that the cab rests on a sturdy environment so the cab won’t move around and has a good connection so the low-end guitar sound is propagated through the floor.

    Skydiving Assistant – I would make it in to a skydiving gear box including a monitor to playback the action after each jump. So many skydivers are geeky enough that they would immediately recognize and be envious of this unique and awesome piece of history.

blog-pod-contest-winner-2

Courtesy of Angel

A leisurely Storage Pod life

A full time second career may not be what every retiring Storage Pod wants. Here are some suggestions from our contest winners that would let Storage Pods leisurely pass the time.

    Popcorn Dispenser – Design a Storage Pod to “distribute popcorn to 3 cups at once.”

    Boombox – “A sweet boombox to turn my famous server room parties up to 11.”

    Bookshelf – Repurpose the Storage Pod into a little free library in front of my historic New Orleans home. Use solar power to charge batteries to illuminate it at night.

Fish and zombies

Of course there are some Storage Pods looking for something a little different in their retirement. Here are a couple of suggestions that have an interesting twist…

    A wagon – Construct a wagon from a Storage Pod so “I can take my pet fish, Ruth Bader Ginsberg, out for walks. She always complains we never take her anywhere.”

    A doll house – Build a doll house out of a Storage Pod so it can be used as safe place for dolls during a zombie apocalypse. Playful, yet practical.

blog-pod-contest-winner-3

Courtesy of Kirk (left) and Bret (right)

What’s next?

Over the next few days, we’ll match each Storage Pod chassis to their appropriate retirement opportunity. Each Pod is different, so this could take a while. Then, we’ll ship out the Storage Pods to their new owners. That will be a happy yet sad day here at Backblaze.

The Winners

The people below have been contacted and we will be shipping out their Storage Pods shortly.

    Wayne, Kent, Frank, Nicholas, Tristan, Bret, Nathan, Paul, Jorge, Yon, Franz, Angel, Kirk, and Alan.

The following people are winners, but we’ve been unable to reach them. If your name is below and you’re interested in receiving a Storage Pod chassis, contact us at (andy at backblaze.com) and let us know. If we don’t hear from you by July 15th, we’ll select another winner.

    Nepal, Don, Samantha, Michael, Alan, Gaëtan, and Marius.

No losers

If you didn’t win a Storage Pod this time, don’t fret there will be more Storage Pod chassis coming available over the next few months. We’ll post updates to our Facebook page as they become available and let you know how you can scoop one up!

Thanks to everyone that sent in a submission, we appreciate each of your very creative and entertaining ideas.

The post What You Would Do With a Storage Pod appeared first on Backblaze Blog | The Life of a Cloud Backup Company.

TorrentFreak: Popcorn Time Warns Users Against Malware and Scams

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

popcorntWith millions of users worldwide Popcorn Time is one of the most used pieces of software.

This success has also caught the attention of scammers, who launch rip-off sites to lure people into downloading malware or paying to obtain the client.

In recent months the developers of the original Popcorntime.io fork have received numerous complaints about “unofficial” releases.

“We’ve been dealing with reports about malware in Popcorn Time for a long time, and constant questions via email, Reddit or on our forums complaining about malware or other malicious copies,” the Popcorntime.io team informs TF.

“We felt it was time to publish a blog post about it in order to clear it up with a proper answer, and help prevent the constant questions so we can dedicate our time elsewhere.”

A search for “Popcorn Time” on Google does indeed return a long list of websites that contain shady links and popup ads. Also, there are sites that require people to pay or like them on Facebook, before allowing people to download anything.

Confusingly, all these Popcorn Time websites have more or less the same layout, so prospective users should tread carefully.

“…we warn you that we’re victims of our own success and you should always be careful: The ‘Popcorn Time’ branding is used a lot by malicious people trying to surf the wave and make a profit,” Popcorntime.io explains.

“This means you may find in some of these websites either non-working applications, which are simply a genuine waste of time and bandwidth, or – and this is worse – end up with viruses, adware or other trojan horses infecting your machine.”

In addition, the Popcorn Time team explains that they are not affiliated with the Porn Time app or the Popcorn-Time.se fork. While these clients are by no means harmful, the myriad of alternatives often causes confusion.

To point users in the right direction the Popcorntime.io developers have made a flow chart, which is featured below. Interestingly, the developers also list Netflix as an option for people who are willing to pay.

Popcorntime.io’s flow chart
popcornlegit

Although it has to be said that there are several harmless Popcorn Time forks out there, including those listed earlier, the scammer problem is definitely a growing concern.

On that note, we also asked the Popcorntime.io team why they still use torrents from the compromised ETZV.ch site. We were informed that they’re looking for a good alternative, without any signs of malware. They will use the hijacked site in the meantime.

“While we’re working on moving we haven’t noticed any infected video from the compromised EZTV site and believe it to be acceptable while we work on finding the replacement rather than simply taking TV shows out of the application for the time being,” they inform TF.

Yet another pitfall to be on the lookout for.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and the best VPN services.

TorrentFreak: Tech Giants Oppose Broad Anti-Piracy Injunctions

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

msfacebookIn recent months there have been several lawsuits in the U.S. in which copyright holders were granted broad injunctions, allowing them to seize domain names of alleged pirate sites.

In addition, these injunctions were sometimes directed at hosting providers, search engines and ISPs, preventing these companies from doing business with these sites.

Most recently, such a request came from the publishing company Elsevier, who sued the websites Libgen.org and Sci-Hub.org. The publisher asked for a preliminary injunction targeting several third-party services.

While the operators of the “pirate” sites have yet to respond, several tech companies have joined in to protest the request. This week the Computer & Communications Industry Association (CCIA), which includes members such as Google, Facebook and Microsoft, asked the court to limit the proposed injunction.

In its current form the proposal targets any search engine, ISP and hosting company, without naming any in particular, which isn’t allowed according to the tech companies.

“What Plaintiffs here are seeking is, in essence, an injunction against the world. It is well established that such a sweeping injunction against nonparty intermediaries is impermissible,” CCIA writes (pdf).

According to the tech companies, neutral service providers are not “in active concert or participation” with the defendant, and should therefore be excluded from the proposed text.

The CCIA gives the example of search engines, which may link to pirate websites but can’t be seen as “aiders and abettors,” or as collaborating with these sites to violate the law.

Even if one of the third party services could be found liable, the matter should be resolved under the DMCA and not through an injunction, the CCIA claims.

“The DMCA thus puts bedrock limits on the injunctions that can be imposed on qualifying providers if they are named as defendants and are held liable as infringers. Plaintiffs here ignore that.”

“What they seek, in the posture of a preliminary injunction against nonparties, goes beyond what Congress was willing to permit, even against service providers who come before a court as defendants against whom an actual judgment of infringement has been entered. That request must be rejected.”

The New York federal court has scheduled a hearing later this month after which it will decide whether to issue the preliminary injunction or not. Thus far, Elsevier hasn’t responded to CCIA’s opposition.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and the best VPN services.

Блогът на Юруков: На пазар за кметове и общински съветници

This post was syndicated from: Блогът на Юруков and was written by: Боян Юруков. Original post: at Блогът на Юруков

Преди седмица кабинетът публикува справка за сменените адресни регистрации. Поместена беше в правителствения портал за отворени данни, от където всеки може да я свали и анализира. В последните дни излязоха няколко статии и карти по темата, които ще опиша по-долу. Повечето се фокусираха върху голямото увеличение на сменилите адреса си в определени общини спрямо предишни периоди.

В началото реших да не се занимавам с темата, тъй като видях, че достатъчно хора разглеждат данните и създават визуализации. Зачудих се обаче какъв би бил реалният ефект върху изборите, ако всички тези регистрации са наистина с цел изборна измама. В повечето населени места говорим за около стотина избиратели в повече и това не прави особено впечатление. С тези цифри всичко изглежда като буря в чаша вода.

Каква част от вота е предрешен?

Открих обаче нещо съвсем различно. По-долу описах цялата ми методология, но накратко казано, ако почти всички допълнителни регистрации наистина гласуват по нечия команда, то те могат да осигурят следното:

  • 81 места в общинските съвети на 42 общини
  • Над 70% контрол над съветите в две общини
  • Поне 20% контрол в съветите на още пет общини
  • 31 почти сигурни общински кметове и още 19 с голяма вероятност
  • 196 почти сигурни селски кметове
  • 33 населени места с риск за поне 20% подменен вот
  • Това са измеренията на проблема. Не осъзнаваме на колко места стигат 50-60 гласа за избор на общински съветник. На следните карти тези данни се виждат по-ясно.

    Осигурени места в общинските съвети

    Тази карта показва колко места в общинските съвети биха били спечелили, яко допълнително регистрираните гласуват по команда за една партия. Отличават се Грамада, Видин, Трекляно и Кюстендил с 8-9 места. В още 40 други биха се спечелили между едно и 3 места. Това не изглежда много, докато не отчетем факта, че в малките общини съветите са понякога по 10-11 члена. На места са достатъчни 50-60 гласа, за да бъде избран един общински съветник.

    Отвори картата в пълен размер

    Контрол над общинските съвети

    Това е алтернативна карта на предишната, в която е отчетен споменатия размер на съветите. Отново се отчита висок процент при Трекляно и Грамада – над 70%. При други пет потенциалното влияние варира между 20 и 30%. Концентрацията им е предимно в северозападна България, но се забелязва активност и в крайморските общини.

    Отвори картата в пълен размер

    Влияние върху избора на общински кметове

    Тази карта показва къде допълнителните гласоподаватели биха наклонили решаващо везните, ако резултатът от кметската надпревара е близък до тази от предишните избори. С други думи, гледа се съотношението между съмнителните регистрации и разликата между водещите кандидати за кмет.

    Отличава се Бобошево, Кюстендилско с 20 пъти. Следва Вълчи дол, Добричко със 7 пъти. Средец, Долна митрополия, Грамада, Якимово, Враца и Трекляно са с по 5 пъти. При всички тях има оспорвани избори и допълнителните гласове биха имали огромно влияние.

    Отвори картата в пълен размер

    Влияние върху избора на селски кметове

    Когато разгледаме селските кметове става по-интересно. Там броят на избирателите е много по-малък и възможността за манипулация – много по-лесна. Засякох 196 малки кметства в 111 общини като рискови. В тях има съмнителни регистрации на между 1 и 3 пъти повече хора, отколкото е било нужно, за да се обърне резултата на предишните избори. Тук съм показал само общата бройка кметства към всяка община. Отличават се Нова Загора, Димитров град с по 6, както и Марица, Тополовград, Перник и Бойчиновци с по 4.

    Отвори картата в пълен размер

    Места с висок риск на подмяна на вота

    Тази карта показва общините с високорискови кметства. За такива се смятат тези, в които допълнителните регистрации надвишават 20% от гласувалите на предходните избори. Докато при горните карти показах как резултатът от вота би могъл да бъде подменен в желана посока с малко на брой хора, тук се вижда в абсолютни цифри къде има концентрация на съмнителни смени на настоящ адрес. Забелязва се, че са групирани в близки общини. Тук може да се спекулира, че това са региони, в които работят групи организиращи всичко на местно ниво.

    Отвори картата в пълен размер

    Методология и условности

    В анализа си използвам няколко концепции и предположения, които носят със себе си различни условности. Най-напред е важно да се разбере, че дори сравнително голямо увеличение на сменилите настоящ адрес не означава непременно, че ще има някаква форма на измама. С горните карти показвам какво може да се постигне, ако описаните тук предположения са верни в една или друга степен.

    За съмнителни регистрации считам онези, които надвишават значително нормалния брой регистрации за този период. За целта събрах регистрациите по настоящ адрес във всяко населено място между ноември 2014 и април 2015. От тази сума извадих средното за същите шест месеца през 2013 и 2014. Така получих разлика, която в някои случаи значително надвишаваше това, което аз приемам за нормална активност. Преценката тази бройка за разминава при различните анализи именно заради различни методи за преценка на нормалната активност.

    Важно е да се отбележи, че тук, както и в други анализи публикувани тази седмица, само предполагаме, че новите регистрации са на пълнолетни българи с право на глас. За това няма индикации в публикуваната справка. Също така, за да имат влияние върху вота, тези хора трябва да подадат заявление за гласуване по настоящ адрес до ЦИК, както и да гласуват там по определен начин. Не на последно място, в този анализ включвам извадка само последните 6 месеца. Подготовка за евентуални манипулации е възможно да е започнала постепенно много по-рано и да остава скрита в шума на данните.

    Отново аналогично на други анализи, не се взимат под внимание отписванията по настоящ адрес, както и регистрациите и отписванията по постоянен. Не се взима и предвид динамиката на населението като смъртност, емиграция и младежи, които са навършили пълнолетие от последните избори насам. Всички тези фактори влияят на избирателните списъци, а от там и на вероятността дописаните избиратели да имат ефект. Почти всички населени места, които разгледахме горе, имат силно изразен отрицателен приръст и състаряващо население. Това означава, че изброените тук фактори биха само засилили ефектът от дописаните избиратели.

    Гласовете нужни за осигуряване на място в общински съвет пресмятам като взимам данните от местния вот през 2011-та, събирам бюлетините на спечелилите места и разделям на броят съветници. За Сърница взех данните от местния вот от тази година. Така получих силно разминаващи се цифри – между няколко десетки и няколко хиляди гласа нужни за едно място. След това разделих съмнителните регистрации в населените места във всяка община на борят нужни гласове за място и получих броя съветници, които биха могли да осигурят.

    Разбира се, тази оценка зависи силно от активността на гласоподавателите в местния вот, броя и подкрепата за отделни кандидати, коалиционни споразумения и скандали в изборната кампания. При толкова много променливи е изключително трудно да се прецени какво и в каква посока би повлияло на резултата. От друга страна обаче, изкуственото вкарване на не голям брой организирани гласоподаватели в процеса може да има сериозен ефект предвид традиционно ниската активност и силната фрагментираност на много места.

    Има различни начини да се определи какво би повлияло на изборите за кмет. Единият вариант е да се сметне колко гласове са били нужно до сега. Друг би бил да се вземат 50% от гласоподавателите в населеното място. В тези случаи обаче бихме получили какво е нужно, за да подмени с абсолютна сигурност местния вот. В повечето случаи имаме двама или трима водещи кандидати, които събират около 70% от гласовете. Така разликите между тях варират силно от няколко гласа до няколко хиляди. Затова аз разглеждам какво е нужно, за да се обърне именно този баланс. С помощта на едва стотина гласа би било възможно да се промени коренно изхода.

    За целта пресметнах каква е разликата между първия и втория кандидат за общински и селски кметове в двата тура. Изчислявам и колко от гласовете са дадени за останалите кандидати, за да изчистя случаите, в които става въпрос за няколко гласа разлика при значителен брой подадени бюлетини. Така получавам реалистичния брой гласоподаватели, които трябва да бъдат осигурени, за да бъде подменен кметския вот. Разделям на допълнителните регистрации и получавам индекса, който виждате на втората и третата карта. При селските кметове показвам само местата, в които съмнителните регистрации са поне толкова, колкото хора са нужни за подмяната, докато при общинските започвам от 50%.

    Съмненията ни свързани с допълнителните регистрации сочат към само един вид манипулация. Както е добре известно, купения и контролиран вот постига значителни резултати използвайки гласоподаватели, които са вече на място. За целта обаче са нужни хора, които са съгласни да продадат гласа си или такива в икономически и социални зависимости. Допълнителните регистрации явно са алтернатива, когато тези фактори не са налице. В доста от случаите те може да допълват други схеми за изборни измами, особено в случаите, когато представляват значителна част от избирателите.

    Такива възприемам кметствата, които са в риск от подмяна. Там допълнителните адресни регистрации представляват поне 20% от валидните бюлетини подадени на последния вот. Отново не взимам цялото население или големината на избирателните списъци, защото така не се отчита както на демографските процеси, така и на избирателната активност. Контролирайки такъв голям процент от активно гласуващите има голям риск от манипулация, която не би била отчетена при други анализи.

    Изводи

    В този и други анализи говорим за възможност за изборни манипулации. Има различни процеси, които може да обяснят увеличеното местене на хора в дадено населено място. Когато обаче има толкова рязка промяна в точно определен период преди изборите и то разминаваща се с броят регистрирани по постоянен адрес, най-естественото обяснение е именно изборна схема. Ще забележите, че преценката за съмнителните регистрации варира много. Тя зависи силно от използваната методология. В моят анализ с условностите, които описах горе, те са малко на 23000.

    Невъзможно е да кажем дали и как тези допълнителни избиратели биха били използвани. Почти невъзможно е да се прецени и как добавянето на 10 или 20% избиратели в списъците би повлияло на местната избирателна активност, кандидатите и изчисленията в крайният резултат. Това, което става пределно ясно от анализите е, че с малък брой контролирани и стратегически разпределени гласоподаватели, може едновременно да се избере желан селски кмет, да се вкарат няколко общински съветници и да се наклонят везните в борбата за общински кмет.

    Склонни сме да подценяваме местния вот като просто подготовка за парламентарните избори. Истината е, че изключвайки пенсиите и социалните плащания, местната власт преразпределя дори повече ресурс, отколкото централната власт. Възможностите за скрити злоупотреби са не по-малки, както стана видно в Ракитово преди дни. Почти никой не следи работата на общинския съвет и кмета си, освен когато вече има сериозен проблем. Надали хората осъзнават, че общината им е била в практически фалит в даден момент дължащ се на лошо управление, злоупотреби с европроекти и други схеми.

    Продължаваме напред

    Промените в закона за гражданската регистрация са една стъпка за решаването на този проблем. Те няма да имат дългосрочен ефект обаче, ако липсва постоянен контрол на тези регистрации на местно ниво, както и редовни проверки дали последните спазват контрола. Именно това става ясно от проверките сега, но те не трябва да са кампанийни. Никоя промяна в който и да е закон не може да спре изборните измами. Такива има в цял свят в една или друга степен. Целта трябва да бъде да ги ограничим до ниво, при което не може да влияят на крайния резултат, а вероятността да се разкрие такава схема и наказанието да са толкова големи, че партиите и кандидатите да не смеят да рискуват.

    Публикуването на отворени данни за смените на адресните регистрации е пример как може гражданите да помогнат. Доста пъти съм казвал, че отворените данни са само инструмент в ръцете на журналисти и организации. Информацията, която виждаме сега и която ще бъде добавяна в бъдеще на портала за отворени данни на правителството, няма да реши проблемите с изборите и управлението ни. Тя може само да ни помогне да засечен проблеми като обсъждания тук по-рано, за да настояваме за своевременни мерки.

    Най-важното обаче е нещо, което всички трябва да сме наясно – най-ефективният начин да се противодейства на такива схеми е да се гласува. Трудно ми е да подчертая това повече. Изказвания „всички са маскари“ или „не ме интересува“ са ефект от същите тези схеми. Всеки даден глас преполовява смисъла на контролирания вот. Никоя мярка на държавата, полицията, наблюдаващи НПО-та или който и да е няма да има такъв ефект, както повишената избирателна активност.

    Повече по темата ще намерите в ClubZ, които първи пуснаха анализ на данните. Центъра за изследване на демокрацията публикува графики и разглежда отделни примери по места. Доста от тях ще намерите и на профила на Антоанета Цонева. Дневник и DW също пуснаха няколко статии по темата. Големите медии като цяло странят от темата. Един интересен разговор ще намерите в Нова.

    Горният материал подлежи на същия лиценз, както всички останали в този блог, с единствената разлика, че за препечатването ѝ трябва да се иска изрично разрешение. Може да изпратите запитване през Facebook профила ми или формата за контакти горе.

    TorrentFreak: UK Authorities Launch Facebook Piracy Crackdown

    This post was syndicated from: TorrentFreak and was written by: Andy. Original post: at TorrentFreak

    Due to their prevalence among citizens of the UK, Facebook accounts have grown out to become much more than just a place to manage social lives. For some they’re providing a great way to distribute infringing content and this hasn’t gone unnoticed by the authorities.

    Over the past several weeks enforcement officers have raided a dozen separate locations and are still involved in 22 investigations as part of a Facebook crackdown across England, Wales and Northern Ireland.

    Operated by the National Trading Standards eCrime Team alongside the National Markets Group (with members the BPI, Federation against Copyright Theft and the Alliance for Intellectual Property Theft) Operation Jasper is manned by officers from police and government agencies and is reportedly the largest operation of its type. It is targeted at “criminals” who exploit social media to commit “copyright theft” and sell “dangerous and counterfeit” goods.

    In the past several weeks officers say they have raided 12 addresses although at this stage there are no reports of any arrests. Facebook itself has also been hit, with 4,300 listings and 20 profiles removed. Authorities say they have sent more than 200 warning letters and 24 cease and desist letters to those they accuse of infringement offenses carried out on Facebook.

    In addition to the usual counterfeit items such as t-shirts, tablets and mobile phones, ‘pirate’ Android ‘streaming’ boxes were targeted yet again. Earlier this month police and trading standards raided addresses in the north of England in search of the movie and TV show streaming devices, making at least one arrest in the process.

    This time around, however, officers appear to have another string to their enforcement bow. While noting that the Android boxes in question do indeed allow the illegal streaming of movies and sports channels, authorities say they also being targeted because they are supplied with ‘unsafe’ mains chargers.

    Lord Toby Harris, Chair of National Trading Standards, said that his officers have taken important action, especially against those who believe they can operate anonymously online.

    “Operation Jasper has struck an important psychological blow against criminals who believe they can operate with impunity on social media platforms without getting caught,” Harris said.

    “It shows we can track them down, enter their homes, seize their goods and computers and arrest and prosecute them, even if they are operating anonymously online. I commend the National Trading Standards e-Crime team and all other parties involved in this operation.”

    Nick Boles, Minister at the Department for Business, Innovation and Skills said that consumers need to be wary of consuming pirate content.

    “Counterfeiting and piracy of trademarked and copyrighted materials harms legitimate businesses, threatens jobs and pose a real danger to consumers. That’s why we are taking strong action to stop these criminals through the Government’s funding of the National Trading Standards E-Crime Team,” Boles said.

    According to the government’s latest IP Crime Report, social media has become the “channel of choice” for online ‘pirate’ activity. In the past several months several of the leading torrent sites have had issues with their Facebook accounts. The Pirate Bay’s account was shuttered in December 2014 and in May and June 2015, ExtraTorrent and RARBG had their accounts suspended on copyright infringement grounds.

    Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and the best VPN services.

    TorrentFreak: TorrentTags: A Database of ‘Risky’ Torrents

    This post was syndicated from: TorrentFreak and was written by: Andy. Original post: at TorrentFreak

    spyYou’ve spotted a hot music torrent in the top 100 most popular downloads on The Pirate Bay. You’re keen to obtain it but if you grab it now, the chances are that several anti-piracy companies will monitor the transaction.

    Whether that decision will result in a strike on your ISP account, a $3,000 lawsuit, a $20 fine, or absolutely nothing at all, depends largely on a combination of luck and a collision of circumstances. However, a project currently in beta aims to better inform users whether the torrent they’re about to grab is of interest to anti-piracy companies.

    Created by a team of Australian software developers in response to tougher anti-piracy legislation, TorrentTags is currently building a user-searchable database which aims to provide a level of ‘risk’ advice on any given torrent while helping to reduce piracy.

    ttag-main

    TorrentTags obtains its data in two ways. Firstly, it uses the Chilling Effects database to import the details of torrents that have already been subjected to a DMCA notice on feeder sites including Google search, Twitter and Facebook.

    Second, and more controversially, the site is calling on rightsholders to submit details and hashes of content they do not want freely shared on BitTorrent. These can then be added to the TorrentTags database so that when people search for content, warnings are clearly displayed.

    “Rightsholders can inform torrent users about copyrighted torrents by sending claims to our database. This is likely to lead to a decrease in the number of downloads of those torrents,” the team informs TF.

    However, the team also views the problem from another angle. Concerned by companies such as Dallas Buyers Club LLC using downloaders as a cash-settlement revenue stream, TorrentTags would like to see public declarations placed on their site to warn potential targets in advance.

    “Without a public claim [by copyright holders] the monitoring of users’ activity with the goal of suing would be equivalent to ‘honeypot’ strategies. This is because, from a user’s perspective, any torrent without a public claim is indistinguishable from a torrent created by a copyright owner with the aim of operating a ‘honeypot’,” the team explain.

    Warning: Dallas Buyers Club

    tab-dbc

    And herein lies a problem. While it seems unlikely that companies like DBC are operating their own ‘honeypots’, copyright trolls do rely on users sharing their content on BitTorrent in order to track and eventually demand settlement from them. It is therefore unlikely that the most ‘dangerous’ torrents would be voluntarily submitted to TorrentTags by those monitoring them.

    It’s certainly possible for information to be added to the database once a lawsuit is made public, but by this time many downloaders will have already been caught. Of course, it may serve as assistance for the future, but it’s also worth noting that Dallas Buyers Club have been suing people publicly for years and still people continue to download the movie.

    On the other hand, for companies that simply don’t want their content shared in public, submitting data to a site like TorrentTags might be a way to deter at least some people from downloading their content without permission. Whether they could be encouraged to do so in large volumes remains to be seen – a strong level of participation from a broad range of rightsholders will be required in order to maximize the value of the resource.

    While certainly an interesting concept, the TorrentTags team have significant hurdles to overcome to ensure that users of the site aren’t inadvertently misled. Although the importation of millions of notices from Chilling Effects is a good start, the existence of a DMCA notice doesn’t necessarily mean that a torrent is being monitored by trolls. Equally, just because a torrent isn’t listed as ‘dangerous’ it shouldn’t automatically be presumed that it’s safe to download.

    In some ways TorrentTags faces some of the same challenges presented to blocklist providers. Although some users swear by them, IP blockers are well-known for not only overblocking, but also letting through a significant number of IP addresses that they should’ve blocked. Time will tell how the balance will be achieved.

    Nevertheless, if TorrentTags indeed develops in the manner envisioned by its creators, it could turn into a fascinating resource, not only for BitTorrent users but also those researching anti-piracy methods.

    “We hope that TorrentTags will be able to serve as a comprehensive and easily accessible claim database for users. We also hope that TorrentTags will help dissolve the social stigma unjustly associated with Torrents and allow them to be widely used by society for file sharing purposes,” the team conclude.

    Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and anonymous VPN services.

    Schneier on Security: Counterfeit Social Media Accounts

    This post was syndicated from: Schneier on Security and was written by: schneier. Original post: at Schneier on Security

    Interesting article on the inner workings of a Facebook account farm, with commentary on fake social media accounts in general.

    Backblaze Blog | The Life of a Cloud Backup Company: Backblaze Open Sources Reed-Solomon Erasure Coding Source Code

    This post was syndicated from: Backblaze Blog | The Life of a Cloud Backup Company and was written by: Brian Beach. Original post: at Backblaze Blog | The Life of a Cloud Backup Company

    Reed  Solomon Erasure Coding

    At Backblaze we have built an extremely cost-effective storage system that enables us to offer a great price on our online backup service. Along the path to building our storage system, we have used time-tested technologies off the shelf, but we have also built in-house technologies ourselves when things weren’t available, or when the price was too high.

    We have taken advantage of many open-source projects, and want to do our part in contributing back to the community. Our first foray into open source was our original Storage Pod design, back in September of 2009.

    Today, we are releasing our latest open-source project: Backblaze Reed-Solomon, a Java library for erasure coding.

    An erasure code takes a “message,” such as a data file, and makes a longer message in a way that the original can be reconstructed from the longer message even if parts of the longer message have been lost. Reed-Solomon is an erasure code with exactly the properties we needed for file storage, and it is simple and straightforward to implement.

    Erasure codes and storage

    Erasure coding is standard practice for systems that store data reliably, and many of them use Reed-Solomon coding.

    The RAID system built into Linux uses Reed-Solomon. It has a carefully tuned Reed-Solomon implementation in C that is part of the RAID module. Microsoft Azure uses a similar, but different, erasure coding strategy. We’re not sure exactly what Amazon S3 and Google Cloud Storage use, because they haven’t said, but it’s bound to be Reed-Solomon or something similar. Facebook’s new cold-storage system also uses Reed-Solomon.

    If you want reliable storage that can recover from the loss of parts of the data, then Reed-Solomon is a well-proven technique.

    Backblaze Vaults utilize erasure coding

    Earlier this year, I wrote about Backblaze Vaults, our new software architecture that allows a file to be stored across multiple Storage Pods, so that the file can be available for download even when some Storage Pods are shut down for maintenance.

    To make Backblaze Vaults work, we needed an erasure coding library to compute “parity” and then use it to reconstruct files. When a file is stored in a Vault, it is broken into 17 pieces, all the same size. Then three additional pieces are created that hold parity, resulting in a total of 20 pieces. The original file can then be reconstructed from any 17 of the 20 pieces.

    We needed a simple, reliable, and efficient Java library to do Reed-Solomon coding, but didn’t find any. So we built our own. And now we are releasing that code for you to use in your own projects.

    Performance

    Backblaze Vaults store a vast amount of data and need to be able to ingest it quickly. This means that the Reed-Solomon coding must be fast. When we started designing Vaults, we assumed that we would need to code in C to make things fast. It turned out, though, that modern Java virtual machines are really good, and the just-in-time compiler produces code that runs fast.

    Our Java library for Reed-Solomon is as fast as a C implementation, and is much easier to integrate with a software stack written in Java.

    A Vault splits data into 17 shards, and has to calculate 3 parity shards from that, so that’s the configuration we use for performance measurements. Running in a single thread on Storage Pod hardware, our library can process incoming data at 149 megabytes per second. (This test was run on a single processor core, on a Pod with an Intel Xeon E5-1620 v2, clocked at 3.70GHz, on data not already in cache memory.)

    Where is the open source code?

    You can find the source code for Backblaze Reed-Solomon on the Backblaze website, and also at GitHub.

    The code is licensed with the MIT License, which means that you can use it in your own projects for free. You can even use it in commercial projects.

    If you’re interested in an overview of the math behind the code, keep reading. If not, you already have what you need to start using the Backblaze Reed-Solomon library. Just download the code, read the documentation, look at the sample code, and you’re good to go.

    Reed-Solomon Encoding Matrix Example

    Feel free to skip this section if you aren’t into the math.

    We are fortunate that mathematicians have been working on matrix algebra, group theory, and information theory for centuries. Reed and Solomon used this body of knowledge to create a coding system that seems like magic. It can take a message, break it into n pieces, add k “parity” pieces, and then reconstruct the original from n of the (n+k) pieces.

    The examples below use a “4+2” coding system, where the original file is broken into 4 pieces, and then 2 parity pieces are added. In Backblaze Vaults, we use 17+3 (17 data plus three parity). The math—and the code—works with any numbers as long as you have at least one data shard and don’t have more than 256 shards total. To use Reed-Solomon, you put your data into a matrix. For computer files, each element of the matrix is one byte from the file. The bytes are laid out in a grid to form a matrix. If your data file has “ABCDEFGHIJKLMNOP” in it, you can lay it out like this:

    The Original Data
    The Original Data

    In this example, the four pieces of the file are each 4 bytes long. Each piece is one row of the matrix. The first one is “ABCD”. The second one is “EFGH”. And so on.
    The Reed-Solomon algorithm creates a coding matrix that you multiply with your data matrix to create the coded data. The matrix is set up so that the first four rows of the result are the same as the first four rows of the input. That means that the data is left intact, and all it’s really doing is computing the parity.

    Applying the Coding Matrix
    Erasure Coding

    The result is a matrix with two more rows than the original. Those two rows are the parity pieces.

    Each row of the coding matrix produces one row of the result. So each row of the coding matrix makes one of the resulting pieces of the file. Because the rows are independent, you can cross out two of the rows and the equation still holds.

    Data Loss: 2 of the 6 rows are “lost”
    Data Loss: 2 of the 6 rows are lost

    With those rows completely gone it looks like this:

    Data Loss: The matrix without the 2 “lost” rows
    Data Loss: The matrix without the 2 "lost" rows

    Because of all the work that mathematicians have done over the years, we know the coding matrix, the matrix on the left, is invertible. There is an inverse matrix that, when multiplied by the coding matrix, produces the identity matrix. As in basic algebra, in matrix algebra you can multiply both sides of an equation by the same thing. In this case, we’ll multiply on the left by the identity matrix:

    Multiplying Each Side of the Equation by the Inverse Matrix
    Multiplying Each Side of the Equation by the Inverse Matrix

    The Inverse Matrix and the Coding Matrix Cancel Out
    The Inverse Matrix and the Coding Matrix Cancel Out

    This leaves the equation for reconstructing the original data from the pieces that are available:

    Reconstructing the Original Data
    Reconstructing the Original Data

    So to make a decoding matrix, the process is to take the original coding matrix, cross out the rows for the missing pieces, and then find the inverse matrix. You can then multiply the inverse matrix and the pieces that are available to reconstruct the original data.

    Summary

    That was a quick overview of the math. Once you understand the steps, it’s not super complicated. The Java code goes through the same steps outlined above.

    There is one small part of the code that does the actual matrix multiplications that has been carefully optimized for speed. The rest of the code does not need to be fast, so we aimed more for simple and clear.

    If you need to store or transmit data, and be able to recover it if some is lost, you might want to look at Reed-Solomon coding. Using our code is an easy way to get started.

    The post Backblaze Open Sources Reed-Solomon Erasure Coding Source Code appeared first on Backblaze Blog | The Life of a Cloud Backup Company.

    Schneier on Security: Should Companies Do Most of Their Computing in the Cloud? (Part 2)

    This post was syndicated from: Schneier on Security and was written by: schneier. Original post: at Schneier on Security

    Let me start by describing two approaches to the cloud.

    Most of the students I meet at Harvard University live their lives in the cloud. Their e-mail, documents, contacts, calendars, photos and everything else are stored on servers belonging to large internet companies in America and elsewhere. They use cloud services for everything. They converse and share on Facebook and Instagram and Twitter. They seamlessly switch among their laptops, tablets and phones. It wouldn’t be a stretch to say that they don’t really care where their computers end and the internet begins, and they are used to having immediate access to all of their data on the closest screen available.

    In contrast, I personally use the cloud as little as possible. My e-mail is on my own computer — I am one of the last Eudora users — and not at a web service like Gmail or Hotmail. I don’t store my contacts or calendar in the cloud. I don’t use cloud backup. I don’t have personal accounts on social networking sites like Facebook or Twitter. (This makes me a freak, but highly productive.) And I don’t use many software and hardware products that I would otherwise really like, because they force you to keep your data in the cloud: Trello, Evernote, Fitbit.

    Why don’t I embrace the cloud in the same way my younger colleagues do? There are three reasons, and they parallel the trade-offs corporations faced with the same decisions are going to make.

    The first is control. I want to be in control of my data, and I don’t want to give it up. I have the ability to keep control by running my own services my way. Most of those students lack the technical expertise, and have no choice. They also want services that are only available on the cloud, and have no choice. I have deliberately made my life harder, simply to keep that control. Similarly, companies are going to decide whether or not they want to — or even can — keep control of their data.

    The second is security. I talked about this at length in my opening statement. Suffice it to say that I am extremely paranoid about cloud security, and think I can do better. Lots of those students don’t care very much. Again, companies are going to have to make the same decision about who is going to do a better job, and depending on their own internal resources, they might make a different decision.

    The third is the big one: trust. I simply don’t trust large corporations with my data. I know that, at least in America, they can sell my data at will and disclose it to whomever they want. It can be made public inadvertently by their lax security. My government can get access to it without a warrant. Again, lots of those students don’t care. And again, companies are going to have to make the same decisions.

    Like any outsourcing relationship, cloud services are based on trust. If anything, that is what you should take away from this exchange. Try to do business only with trustworthy providers, and put contracts in place to ensure their trustworthiness. Push for government regulations that establish a baseline of trustworthiness for cases where you don’t have that negotiation power. Fight laws that give governments secret access to your data in the cloud. Cloud computing is the future of computing; we need to ensure that it is secure and reliable.

    Despite my personal choices, my belief is that, in most cases, the benefits of cloud computing outweigh the risks. My company, Resilient Systems, uses cloud services both to run the business and to host our own products that we sell to other companies. For us it makes the most sense. But we spend a lot of effort ensuring that we use only trustworthy cloud providers, and that we are a trustworthy cloud provider to our own customers.

    This essay previously appeared on the Economist website, as part of a debate on cloud computing. It’s the second of three essays. Visit the site for the other side of the debate and other commentary.

    TorrentFreak: Facebook Removes RARBG Page After Copyright Complaint

    This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

    rarbg-logoWith millions of regular visitors RARBG is one of the most popular torrent sites on the Internet.

    Like most sites of its size, RARBG also has a Facebook presence where it keeps its users informed about the latest developments, including new features and the occasional outage.

    However, a few hours ago RARBG’s official Facebook page suddenly disappeared.

    Initially, the operator assumed that there was some kind of error, but after logging into Facebook he was presented with the following message.

    “We have disabled or removed access to the following content you posted on Facebook because we received a report from a third party that the content infringes their copyright(s).”

    rarbgface

    TF spoke with the operator of the torrent site who informed us that they were careful not to link to any infringing material. In fact, until now they have never received any copyright complaints from Facebook.

    According to RARBG, Facebook simply took a copyright holder complaint for granted without any further investigation.

    “Once again Facebook proved that they are not fighting for freedom of speech and they will bend over to any company that makes any copyright complaint without even taking the time to send a warning or properly investigate the issue,” RARBG’s admin says.

    This isn’t the first time that Facebook has shut down a torrent site fanpage. Previously, the same happened to The Pirate Bay, KickassTorrents and ExtraTorrent.

    For RARBG the removal was the last straw. The torrent site doesn’t plan to make a new Facebook page just to risk starting all over again a few months from now, so will simply be a little less social instead.

    Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and anonymous VPN services.

    Блогът на Делян Делчев: (П)оставката на Искров

    This post was syndicated from: Блогът на Делян Делчев and was written by: Delian Delchev. Original post: at Блогът на Делян Делчев

    Отдавна не съм писал в блога, защото нямам време. Обаче много се подразних на твърденията на Искров (от преди една година) как в името на банковата стабилност щял да подаде оставка и от тогава насам ту подава, ту не подава. Вчера пак – сутринта подаваше (твърдение на М.Стоянова), вечерта вече не подаваше (неясно опровержение от БНБ). В този смисъл перефразирах някой от думите и събитията около Искров в последните години в нещо като малък каталог от шеги, защото той за мен сякаш отдавна се е превърнал в една шега.

    Тука има, тука нема цяла година оставката на Искров #Искровоставка

    Posted by Delian Delchev on Friday, June 5, 2015

    Искров нямало да подавал оставка, боли го глава #Искровоставка

    Posted by Delian Delchev on Friday, June 5, 2015

    Искров нямало да подава оставка, не бил в настроение #Искровоставка

    Posted by Delian Delchev on Friday, June 5, 2015

    След поредната загуба на Левски, за купата, зрителите започнали да викат "Оставка! Оставка!". "Няма пък!" казал Искров! #Искровоставка

    Posted by Delian Delchev on Friday, June 5, 2015

    Искров нямало да подавал оставка, докато не го пуснат да мине квалификациите на Мюзик Айдъл #Искровоставка

    Posted by Delian Delchev on Friday, June 5, 2015

    Искров подкрепи Величко Адамов в правото му да се барикадира в кабинета си и да не пуска там други #Искровоставка

    Posted by Delian Delchev on Friday, June 5, 2015

    Искров заплаши, че ще поиска оставката на всеки който му поиска оставката! #Искровоставка

    Posted by Delian Delchev on Friday, June 5, 2015

    Искров обяви, че нямало да си даде оставката, защото с нея е подпрял банковата стабилност #Искровоставка

    Posted by Delian Delchev on Friday, June 5, 2015

    Искров нямало да си подаде оставката, защото я е бил загубил #Искровоставка

    Posted by Delian Delchev on Friday, June 5, 2015

    Искров нямало да подаде оставка, докато не намери банковата независимост, която се била загубила някъде между страниците и #Искровоставка

    Posted by Delian Delchev on Friday, June 5, 2015

    Пред БНБ група хора скандирали "Оставка! Оставка!". "Глупави хора, Орешарски я подаде преди година!" си казал Искров #Искровоставка

    Posted by Delian Delchev on Friday, June 5, 2015

    В един бар били се събрали Орешарски, Пеевски, Станишев, Борисов и Доган. По едно време пристигнал и Искров но щом ги ви…

    Posted by Delian Delchev on Friday, June 5, 2015

    Звъннал телефона на арменският поп. "Много хора ми искат оставката, ама аз не искам да я дам!", "Нали ти казах да я пода…

    Posted by Delian Delchev on Friday, June 5, 2015

    Искров не може вече да си подаде оставката, защото Блатер му я бил откраднал #Искровоставка

    Posted by Delian Delchev on Friday, June 5, 2015

    В деня, в който Блатер обяви най на края оставката си, Искров ревал цяла нощ #Искровоставка

    Posted by Delian Delchev on Friday, June 5, 2015

    В официално изявление от БНР Янкулов обявил, че нямало да си подаде оставката заради банковата независимост и стабилност…

    Posted by Delian Delchev on Friday, June 5, 2015

    В София имало леко земетресение. Тъкмо се успокоило и секретарката на Искров чула зверски крясък "Не се потдавам на нааа…

    Posted by Delian Delchev on Friday, June 5, 2015

    Искров като звъни на секс клуб търси момиче дето да му иска оставката и после да му бие шамари, когато той не я дава #Искровоставка

    Posted by Delian Delchev on Friday, June 5, 2015

    Попитали Искров "ще има ли нов управител на БНБ?". "Ако ме изберат, ще има". "Ами ако не ви изберат?" "Тогава ще остане старият" подсмихнал се Искров #Искровоставка

    Posted by Delian Delchev on Friday, June 5, 2015

    Искров казал, че щял да си подаде оставката, ако му намерят заместник. Но обърнал внимание и на това, че по закон не могат да му намерят заместник, докато не си подаде оставката #Искровоставка

    Posted by Delian Delchev on Friday, June 5, 2015

    Искров си мечтаел да направи рап-формация "Моме Калино" но всички, с които работил все подавали оставка или бягали в Сърбия #Искровоставка

    Posted by Delian Delchev on Friday, June 5, 2015

    Искров непрекъснато напомнял, че е невинен за случая с КТБ защото от него нищо не зависи и той нищо не правил, но все пак нямало да си подава оставката, защото имал още много работа #Искровоставка

    Posted by Delian Delchev on Friday, June 5, 2015

    След последните промени в закона за референдумите БНБ излезе с изявление, че вече спокойно би приела евентуален референдум за оставката на Искров! #Искровоставка

    Posted by Delian Delchev on Friday, June 5, 2015

    Искров искал да остане начело на БНБ поне докато България пребори корупцията! #Искровоставка

    Posted by Delian Delchev on Friday, June 5, 2015

    Искров обявил, че повече нямало да ходи на мачове на Левски и ЦСКА! Феновете все оставки искали там! #Искровоставка

    Posted by Delian Delchev on Friday, June 5, 2015

    Какво е общото между Блатер, Искров и Мавродиев? Нямало да подадат оставка #Искровоставка

    Posted by Delian Delchev on Friday, June 5, 2015

    Искров се обяви в защита на правото на жените да си променят постоянно мнението дали да подават или да не подават оставка, когато имат месечен цикъл! #Искровоставка

    Posted by Delian Delchev on Friday, June 5, 2015

    На 19-ти Юни 2015 излиза Искров на трибуната на НС, прокашля се и започва да чете от едно листче: "Излизам пред вас на т…

    Posted by Delian Delchev on Friday, June 5, 2015

    Проф. Върбанов звъни на полицята: – Проклетото копеле се е окопало в кабинета си, не иска да си тръгва, не иска да допуска никой вътре, крие и изнася документи за да прикрива вината си, оправдава се с други хора, слаб закон и автономия! – Няма проблем ще помогнем! казва полицейският началник. На следващият ден Върбанов пак звъни: – Какво става, цял ден ви чакам никакви ви няма? – Как да ни няма, там сме, като на война е, не ще и не ще да излезе, и да си ходи! Вече викнахме и жандармерията! – Е как бе, аз съм тук пред кабинета на Величко Адемов и не ви виждам? – Какъв Адемов бе? Не вадим ли Искров?

    Posted by Delian Delchev on Friday, June 5, 2015

    Искров не можел да понася Роджър Уотърс! Особено, откакто на концертите му пишело за оставка! #Искровоставка

    Posted by Delian Delchev on Friday, June 5, 2015

    Искров никога не ползва поставка! Напомняло му за оставка! #Искровоставка

    Posted by Delian Delchev on Friday, June 5, 2015

    Искров никога не ползвал доставка! Съдържала (вредна съставка) оставка! #Искровоставка

    Posted by Delian Delchev on Friday, June 5, 2015

    Искров стоял пред огледалото и повтарял "А вие защо биете негрите? Вие защо биете негрите, а?". Пеевски гледал, гледал и…

    Posted by Delian Delchev on Friday, June 5, 2015

    Пеевски звънял на Искров да го успокоява: – Не се притеснявай, подавай спокойно оставка! Намерили сме ти послушен замест…

    Posted by Delian Delchev on Friday, June 5, 2015

    Телефона на Искров звъни: – Аз съм известен сръбски музикален продуцент! Бързо подавай оставка и ти издавам албум! Хахах…

    Posted by Delian Delchev on Friday, June 5, 2015

    Искров и Мавродиев седяли един до друг на официално събитие и дремели. Мавродиев се будил от време на време в пот провик…

    Posted by Delian Delchev on Friday, June 5, 2015

    На 24-ти април сутринта Пеевски звъни на Искров по телефона: – За съжаление е изтекло едно видео… – Ужас! Как можа? Не…

    Posted by Delian Delchev on Friday, June 5, 2015

    Борисов внимателно се промъква в коридорите на НС и като стига до вратата на ДПС бързо се шмугва вътре. Заварва Менда Ст…

    Posted by Delian Delchev on Friday, June 5, 2015

    Блатер подал оплакване в полицията за тормоз. Някакъв си пияница Искров от България постоянно му звънял и ридал по телефона защо си бил подал оставката #Искровоставка

    Posted by Delian Delchev on Friday, June 5, 2015

    По Sirma Misheva: Подаде ли оставка Искров? Не и преди да запише в дует с Мавродиев саундтрака от "Оркестър без име" и парчето на Маргарита Хранова "Оставаме" #ИскровОставка

    Posted by Delian Delchev on Friday, June 5, 2015

    Борисов решил да демонстрира новата си консенсусна политика, та се разбрал и с Реформаторският Блок и с ДПС, хем Искров …

    Posted by Delian Delchev on Friday, June 5, 2015

    Агенция ПИК организира видео семинар на тема "медийна, банкова, академична и спортна независимост и оставки", с видео вк…

    Posted by Delian Delchev on Friday, June 5, 2015

    Искров и Йордан Цонев се срещнали в църквата, запалили свещички и започнали да се кръстят! – Ти ми каза, че ТОЙ е всемо…

    Posted by Delian Delchev on Friday, June 5, 2015

    Защо Адамов и аз да не сме ранобудни студенти? провикнал се Искров из зад заключеният си окупиран кабинет. – Защото, г-н…

    Posted by Delian Delchev on Friday, June 5, 2015

    #ИскровОставка

    Posted by Delian Delchev on Friday, June 5, 2015

    "Швейцария обяви, че ще разкрие банковата тайна на всеки гражданин на ЕС, който е разследван за пране на пари! Имало бил…

    Posted by Delian Delchev on Friday, June 5, 2015

    Искров всъщност бил подал оставка, но служебното лице дето я превозвало му се допикало насред цариградско, спрял да дотича в храстите, и някой я откраднал от задната седалка! #ИскровОставка

    Posted by Delian Delchev on Friday, June 5, 2015

    Искров бил написал Оставка, обаче неизвестно служебно лице я поправило на 10ставка! #ИскровОставка

    Posted by Delian Delchev on Friday, June 5, 2015

    В тефтерчето на Златанов, Искров бил написал "Да се удари О." като имал в предвид Оставка. Обаче нали го били откраднали, та сега чакал първо Цацаров да го намери, преди да удари една оставка #ИскровОставка

    Posted by Delian Delchev on Friday, June 5, 2015

    Искров винаги обичал да казва, че мафията и банките обичат тишийната. Говоренето особено на истини поставяло рискове пред тях. За това и не му е приятно, че му искат публично оставката #ИскровОставка

    Posted by Delian Delchev on Saturday, June 6, 2015

    Искров не можел да подаде оставка. Тя била част от държавният депозит в ПИБ и ако се извади, щяла да застраши банковата стабилност #ИскровОставка

    Posted by Delian Delchev on Saturday, June 6, 2015

    Мавродиев бил певец от класа. За това често ходил при Цветан Василев да го учи как да пее заедно с Искров. Заради това г…

    Posted by Delian Delchev on Saturday, June 6, 2015

    Искров иска първо да му изтече мандата, и едва тогава да почнем да си говорим за оставка #ИскровОставка

    Posted by Delian Delchev on Saturday, June 6, 2015

    На бал с маски винаги е много трудно да се разпознаят Искров и Мавродиев. Всеки се облича като другия #ИскровОставка

    Posted by Delian Delchev on Saturday, June 6, 2015

    Искров наел детективска фирма да открие къде му е оставката. Оказало се, че Горанов я бил депозирал в ПИБ, които я дали …

    Posted by Delian Delchev on Saturday, June 6, 2015

    Искров най обичал да гледа филмите за "Извънземни от миналото" по Хистъри чанъл, защото там никога не ставало дума за оставка #ИскровОставка

    Posted by Delian Delchev on Saturday, June 6, 2015

    Агитката на Левски съблекли блузата на Петев за да търсят оставката му и най на края я намерили татуирана на гърдите. За това Искров носи оставката си в долните си гащи #ИскровОставка

    Posted by Delian Delchev on Saturday, June 6, 2015

    Искров искал да отпечата оставката си при Росен Желязков, ама откакто го разследваха за Костинбродските бюлетини, му нямал вече вяра. #ИскровОставка

    Posted by Delian Delchev on Saturday, June 6, 2015

    Искров и Мирослав Найденов се срещнали на парти, заговорили се и по едно време Искров дръпнал Найденов в спалнята, енерг…

    Posted by Delian Delchev on Saturday, June 6, 2015

    Бисеров и Ментата си говорят на по чашка: – Лоша е тая работа с тая съдебна реформа – Лоша, ако стане може и да ни хван…

    Posted by Delian Delchev on Saturday, June 6, 2015

    Искров всеки път като се срещал с Ментата питал къде е Бисеров и къде е скрил парите! Последният път Ментата не издържал…

    Posted by Delian Delchev on Saturday, June 6, 2015

    Krebs on Security: States Seek Better Mousetrap to Stop Tax Refund Fraud

    This post was syndicated from: Krebs on Security and was written by: BrianKrebs. Original post: at Krebs on Security

    With the 2014 tax filing season in the rearview mirror, state tax authorities are struggling to incorporate new approaches to identifying and stopping fraudulent tax refund requests, a $6 billion-a-year problem that’s hit many states particularly hard this year. But some states say they are encountering resistance to those efforts on nearly every front, from Uncle Sam to online tax vendors and from the myriad of financial firms that profit handsomely from processing phony tax refunds.

    Cash Cow: Check out this primer on which companies are profiting from tax refund fraud.

    Cash Cow: Click on the image above for a primer on how many companies are profiting from tax refund fraud.

    Last week, the Internal Revenue Service (IRS) disclosed that thieves had stolen up to $50 million in phony refunds by pulling tax data on more than 100,000 Americans directly from the agency’s own Web site. The thieves were able to do this for the same reason that fraudsters are able to get away with filing and getting paid for bogus refunds: The IRS, the states and the tax preparation firms all try to authenticate filers based on static identifiers about the filer — such as birthdays and Social Security numbers, as well as answers to a handful of easily-guessed or researched “knowledge based-authentication” questions.

    I spoke at length with several state tax commissioners about the size and scope of the tax refund fraud problem, and what the IRS and the states are doing to move beyond reliance on static identifiers to authenticate taxpayers. One of the state experts I spoke with was Julie Magee, commissioner Alabama’s Department of Revenue.

    Magee described her work on a new task force organized by the IRS aimed at finding solutions for reducing the tax refund fraud problem across the board. Magee is one of several folks working on a fraud and authentication working group within the IRS’s task force, which is trying to come to a consensus about ways to do a better job authenticating taxpayers and to improve security around online tax preparation services such as TurboTax.

    Earlier this year, TurboTax briefly suspended the online filing of state tax returns after dozens of state revenue departments complained about a massive spike in fraudulent refund requests — many of which were tied back to hijacked or fraudulently-created TurboTax accounts.

    One of those victimized in that scourge was Joe W. Garrett, — Magee’s deputy commissioner — who had a $7,700 fraudulent return filed in his name after thieves created a duplicate TurboTax account with his personal information.

    Magee said her working group — one of three on the IRS’s task force — is populated by stakeholders with competing agendas.

    “You have companies like Intuit that don’t want the government getting into the online tax preparation business, and then there are the bricks-and-mortar operations like Liberty and H&R Block that don’t want to see their businesses cannibalized by the do-it-yourself online firms like TurboTax,” Magee said. “And then we have the banking industry, which is making a fortune off of this whole problem. Right now, the only entities that are really losing out are states and the US Treasury.” (For a look at which companies stand to profit from fraudulent refunds, see this sidebar).

    In February, KrebsOnSecurity published exclusive interviews with two former TurboTax security professionals who accused TurboTax of making millions of dollars knowingly processing state and federal tax refunds filed by identity thieves. Magee said Intuit — the company that owns TurboTax — came to the first two working group meetings with a plan to provide states with an anti-fraud screening mechanism similar to Apple Pay‘s “green/yellow/red path” program, which seeks to offer participating banks some idea of the relative likelihood that a given new customer is in fact a fraudster signing up in the name of an ID theft victim.

    “The first two meetings, Intuit acted like they were leading the charge on this, and they were really amenable to everything,” Magee said. “They had come up with an idea that was very much like the red- yellow-green kind of thing, and they were asking us what data elements they should be looking at and sharing.” greenyellowred

    According to the Alabama tax commissioner, that’s when the American Coalition for Taxpayer Rights (ACTR), a trade group representing the tax preparation firms, stepped in. “The lobbyist group put the kibosh on that idea. They basically said it’s not their right to be the police – that it should be the IRS or the states — but that they would be more than willing to send us the indicators and that we could use our own system to do the scoring,” Magee said. “The states aren’t hung up on getting some red, yellow, green type system. I think we’re more interested in making sure data elements we can use to make a score are passed on to us.”

    Magee said ACTR also protested that tax prep firms like Intuit couldn’t legally share certain information about their customers with the states and the IRS. Representatives with ACTR did not respond to requests for comment. Intuit declined to be interviewed for this story.

    “They threw up a red flag and basically said, ‘We can’t you pass that information because it’s protected by IRS code sections regarding taxpayer confidentiality issues,’” Magee recalled. “Thankfully, the IRS brought in their attorneys and the commissioner a few weeks ago and they said, ‘That’s bunk, you can most certainly send that information to us and to the states. So we won that battle.” So how will Alabama and other states process returns differently next year?

    “On a high level, what we’ve determined as of this week is that — unless the lobbyists derail our efforts – we’re going to ask for different authentication measures on a new customer, and different on returning customer, and then we’re going to ask for whole bunch of data elements that we’re not getting now that will allow us to filter the returns on receipt and will allow us to put the returns in various buckets of scores for possible fraud.”

    For example, one telltale sign of a fraudulent return is one that takes the filer a very short time to fill out.

    “If someone takes two minutes or less to fill out a tax return, that’s pretty much fraud 100 percent of the time, because they’re just cutting and pasting information from somewhere else,”  said Magee’s deputy Garrett. “So we said, okay, send us information about how long it takes them to fill out a return.”

    Magee said there are a number of other data elements that the tax preparation firms could share about the way its customers file refund requests that would be helpful in separating legitimate returns from those filed by fraudsters.

    “The states and the IRS are really trying to figure out what other data elements about customers is reasonable to ask of the software vendors in terms of helping us screen suspicious returns,” Magee said. “But end of the day, the best thing they can do for us is avoid account takeovers and to authenticate that it’s not a criminal setting up the account, that it’s a legitimate taxpayer.”

    Garrett said the states believe they have some power to drive change because the states ultimately get to decide whether or not they accept a tax return filed through an electronic tax preparation firm.

    “We get to choose whether or not we accept returns from vendor or not, but we have not exercised that choice in the past,” Garrett said. “What we’re going to do this is say let’s make sure that not only does the return have all the right data filled out in all the right fields, but let’s make sure you doing certain things on customer authentication as well.”

    Magee said regardless of what happens with the IRS task force, her state will be requiring more from tax preparation firms in the coming months.

    “Every summer we provide software vendors with file format that they must program into their systems, and usually the changes have to do with new laws or new tax structure,” Magee said. “But this year, that’s also going to include security measures. Ultimately, our goal is to deter people from using information on Alabama residents to file fraudulent tax returns. Then we could actually get back to the type of tax administration we’re used to, which is catching plain old tax cheats.”

    One final note: The U.S. Senate Finance Committee is set to hold hearings today about the IRS transcript problem mentioned at the top of this piece. When I broke the news about this fraud back in March, I did so by telling the nightmarish story of Michael Kasper, a taxpayer who reached out after discovering he’d been victimized by tax fraud and that someone had pulled his tax transcript after creating an account at the IRS’s site using his personal information. Kasper is set to testify before the Senate Finance Committee today.

    There’s also been a minor update on Kasper’s tax fraud case. In my original report, I noted that Kasper had tracked down a local woman who’d willingly or unwittingly helped fraudsters funnel the money from Kasper’s fraudulent IRS refund to scammers in Nigeria. That individual, a woman named Isha Sesay, declined my requests for an interview at the time. But on May 29, the Williamsport, Pa. police department posted a notice on their Facebook page about a standing warrant for her arrest: According to Kasper, she is also wanted for helping to funnel refund fraud money from an ID theft victim in South Dakota.

    This is significant because these so-called “money mules” so seldom get prosecuted or held accountable for the very critical role that they play in these fraud schemes. UPDATE: A notice posted to the police department’s Facebook page states that Sesay has been arrested.

    Linux How-Tos and Linux Tutorials: 11 Things to do After Installing Fedora 22

    This post was syndicated from: Linux How-Tos and Linux Tutorials and was written by: Swapnil Bhartiya. Original post: at Linux How-Tos and Linux Tutorials

    Fedora 22 is certainly an exciting release for the hard core Fedora fans. And it has more than enough glitter to attract a potential new user.

    One of the most notable improvements includes the arrival of DNF which replaces the aging Yum. In my own experience DNF is faster and more memory efficient than Yum. It looks like we have an answer to apt-get in Fedora land.

    Since Fedora is primarily a Gnome distro, you will notice the brand new and shiny Gnome 3.16. There are massive improvements in Gnome 3.16 including the brand new notification system, the improved Nautilus (Files) and image viewer which removes all the chrome to focus on the image itself.

    One of the most exciting tools in Fedora is the introduction of Vagrant which helps developers in getting started with virtualized environments quickly and easily.

    As usual it’s a polished release of the distro with a lot of news features which we will cover in a detailed review next week.

    Every operating system whether it be Mac OS X, Windows or Fedora needs some work to customize to serve its user. However, unlike its proprietary counterparts, Fedora comes with quite a lot of software pre-installed so you won’t have to do that much work.

    Here are some of the things that I do after installing Fedora on a system. None of it is mandatory and most of it is targeted to an average user. You will be able to use Fedora without doing any of it, but these tips can help improve your experience with the distro. So without further ado let’s get started.

    Update your system

    First of all we need to update the system. A lot of packages have received updates in the time between this latest update and when you installed Fedora on your system. To ensure your system is safe and secure you must keep your system up-to-date. With Fedora 22, ‘yum’ is on its way out and ‘dnf’ is replacing it, so we will be using ‘dnf’ instead of ‘yum’ to perform many tasks.

    To install updates on your system run the following command:

    sudo dnf update

    Install extra repositories

    As it’s widely known, many Linux distributions can’t ship a variety of packages through official repositories due to licences and patents. On a Fedora system you can get access to such packages by installing RPM Fusion repository.

    You have to install two repositories – Free and Non-free. It’s extremely simple to add these repositories to your system; just open the RPM Fusion website. There you will find links for different versions of Fedora. Click on the link for your version of Fedora and it will install that repo on your system through the ‘Software’ app. It’s recommended to first install the ‘Free’ repo and then the ‘Non-Free’ one.

    fedora rpmfusion

    Once these two repos are installed we now have access to many more applications.

    Install VLC Media Player

    VLC is the the swiss knife of media players. It can play virtually every media format out there. Since the RPMFusion repos are already installed you can install VLC using ‘dnf':

    sudo dnf install vlc

    Install Clementine

    As much as I like Gnome, the default desktop environment of Fedora, I am not a huge fan of the painfully simple Rhythmbox. I always install the ‘Clementine’ music player which not only has a nicer interface, but also comes with more features. You can install Clementine by running:

    sudo dnf install clementine

    Install MP3 codecs

    Fedora’s focus on FOSS-only software packages does make it more challenging to get stuff like mp3 files to work. I used to install gstreamer plugins for mp3 support, but I faced some problems in Fedora 22. So I resorted to another nifty tool called Fedy. Since Fedy does more than installing codecs, I will talk about it separately.

    Get Fedy, before you get fed-up

    Fedy is a ‘jack of all trades’ kind of tool. Install Fedy using the following command:

    $ su -c "curl https://satya164.github.io/fedy/fedy-installer -o fedy-installer && chmod +x fedy-installer && ./fedy-installer"

    Once installed, you will see there are broadly two kinds of tasks you can perform using Fedy: install new packages and tweak the system. Under the ‘Apps’ tab you will find the option to install ‘multimedia codecs’ which will also bring ‘mp3′ support to your system.

    Just scroll through it and see what else you want to install. Two of my favorite packages, in addition to codecs, are Microsoft fonts (for better font rendering) and Sublime Text.

    fedora fedy

    There are chances that a font may look ugly in Fedora. This problem isn’t unique to Fedora; I have the same issue with Arch Linux, openSUSE or Kubuntu as well. I spend a considerate amount of time fixing fonts on these systems. Fedy has made it extremely easy to make fonts look good under Fedora with just one click. Under ‘Tweaks’ one of the most important options is ‘font rendering’, which will fix font issues on your system.

    Install Gnome Tweak Tool

    Gnome is the default desktop environment of Fedora and the overall Gnome experience heavily rely on extensions. And Gnome Tweak Tool is an important tool go get a pristine Gnome experience. It’s surprising to see that Tweak Tool doesn’t come pre-installed on Fedora. Comparatively openSUSE does a better job by pre-installing Tweak Tool and some useful extensions. You can install Tweak Tool in Fedora by running this command:

    sudo dnf install gnome-tweak-tool

    Once the tool is installed, you can manage your extensions from there. I wish the tool was able to search and install new extensions too. Currently you have to visit the Gnome Extensions site to install new extensions. Once the extension is installed, you can enable it, configure it and disable it from the Tweak Tool.

    Since I have a multi-monitor set-up I grab the extension for Multiple Monitors. I also recommend ‘Dash to Dock’ which allows a user to configure the Dash. You can disable Dash from ‘autohiding’, you can change the icon size, you can even choose the location of the dash. Last, but not least, you can also extend the dash to the length of the screen just like the one in Unity. For the users of multiple monitors, there is a nifty option to show the dash on the desired monitor. It’s a must-have extension.

    Install Chrome to watch Netflix

    Fedora tends to offer the vanilla Gnome experience, but instead of Web, the default web browser of Gnome, it comes with Firefox. However Firefox sill doesn’t support DRMed content on Linux so you can’t watch Netflix. That’s where Google Chrome comes in handy. You can install Chrome by either downloading it from the Google site or from Fedy.

    Download and install Chrome from the official site.

    Cloud in your hands

    If you are running your own private cloud — and you must in order to safeguard any sensitive data — you can grab the clients for Seafile or ownCloud for your system. But if you use Google Drive or Dropbox you can also use them easily on Fedora.

    There are official clients for all commercial cloud services including Dropbox, with Google Drive being an exception. One of the easiest ways to get Google Drive on Linux is inSync; while it does have more features than the Google Drive client, it costs money to use. You can install inSync by downloading the official client from their website. Once installed, connect it to your Google account, point it to the location where you want your files to be saved, and you are good to take Google for a drive.

    Online accounts

    Despite being a Plasma user I envy the Online Accounts feature of Gnome. It makes it extremely easy to configure communication tools such as email, calendars, address book and IM.

    Gnome’s Online Accounts supports more than half a dozen services including Google, Facebook, Flickr, ownCloud, etc. Open Online Accounts from the Dash and choose the service you want to configure. Once you are connected to an account, you can choose what kind of service you want to enable for that account. In case of Google, for example, I enabled all these services.

    fedora online accounts

    The beauty is that when I open Evolution, the default email client in Fedora, it’s already configured with that email account.

    Getting non-free drivers for GPU

    It’s really hard to get non-free software to work with Fedora. I use Arch Linux and I find it much easier to install Nvidia drivers on Arch than it is on Fedora. The fact is you will not need non-free drivers under Fedora as your graphics card will work out-of-the-box. However if you do need them (why would you buy an expensive Nvidia card if you can’t take full advantage of it?) then you have to do some hard work. I broke my previous Fedora installs due to non-free drivers so gave up on them. If you want to install such drivers on the Fedora box I would suggest this RPMFusion page. My free advice to you would be, don’t try it at home.

    Getting your printer to work in Fedora

    It’s a non-issue nowadays, depending on the make of your printer. In most cases when you run the Printer’s tool, Fedora will detect and configure your printer with one click.

    That’s most of what I do on my Fedora system. A few things, mostly related to non-free software, do look more complicated under Fedora. That’s mainly due to Fedora’s policy to use and promote FOSS. Once you cross that river Fedora is a pleasant OS to use.

    Now tell us what things you do after installing Fedora on your system.

    TorrentFreak: Police Shut Down Yet More ‘Pirate’ Sites in Ongoing Sweep

    This post was syndicated from: TorrentFreak and was written by: Andy. Original post: at TorrentFreak

    moviesWith web-blockades, domain seizures and payment processor interventions making headlines, campaigns to shut down individual sites have been less prominent than usual in the first half of 2015. But that doesn’t mean they’ve stopped.

    Just last week the popular BT-Chat was shut down in Canada following pressure from the MPAA and news from Europe suggests that at least two more sites have fallen in recent days following industry action.

    After a long investigation, police in Poland report that authorities swooped last week on individuals said to be part of a “criminal group” involved with the unauthorized distribution of video online, movies in particular. In an operation carried out by municipal police and officers from a regional cybercrime unit, several locations were searched including homes, offices and cars.

    Three men aged between 24 and 33 years-old were arrested in Wroclaw, the largest city in western Poland. According to police, 14 computers, 13 external drives, 40 prepaid cards, several mobile phones and sundry other items were seized during the raids.

    In addition to the images below, police have put together a video (mp4) of one of the targeted locations complete with a horror movie-style audio track for added impact.

    pol-raid

    While police have not published the names of the domains allegedly operated by the men, two leading sites have disappeared in recent days without explanation. TNTTorrent.info and Seansik.tv were the country’s 160th and 130th most popular sites overall but neither is currently operational.

    The men are being blamed for industry losses of at least $1.3m and together stand accused of breaching copyright law which can carry a jail sentence of up to five years in criminal cases. For reasons that are not entirely clear, however, police are currently advising a potential three year sentence.

    The latest shutdowns, which also encompass torrent site Torrent.pl, follow police action in May which closed down eKino.tv and the lesser known Litv.info, Scs.pl and Zalukaj.to. With around 324,000 likes on its Facebook page eKino.tv was by far the most popular site but it seems unlikely that it will return anytime soon. Currently displaying “THE END” on its front page, its owner was arrested last month.

    arrest49Credit:Olsztyn.wm.pl

    Local media is connecting the closure to the arrest of a 49-year-old businessman who had been running a company offering “Internet services” and also Poland’s largest pirate site. According to authorities he made millions of dollars from the operation and laundered money by investing in the stock exchange. Those funds have reportedly been frozen.

    Also arrested were three accomplices, including a 36-year-old allegedly responsible for creating the database of movies and setting up a US company to assist with the site’s finances. They all stand accused of copyright infringement and money laundering offenses and face ten years in prison.

    Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and anonymous VPN services.

    Krebs on Security: Malware Evolution Calls for Actor Attribution?

    This post was syndicated from: Krebs on Security and was written by: BrianKrebs. Original post: at Krebs on Security

    What makes one novel strain of malicious software more dangerous or noteworthy than another? Is it the sheer capability and feature set of the new malware, or are these qualities meaningless without also considering the skills, intentions and ingenuity of the person wielding it? Most experts probably would say it’s important to consider attribution insofar as it is knowable, but it’s remarkable how seldom companies that regularly publish reports on the latest criminal innovations go the extra mile to add context about the crooks apparently involved in deploying those tools.

    mysteryman

    Perhaps with some new malware samples, the associated actor attribution data is too inconclusive to publish —particularly when corporate lawyers are involved and such findings are juxtaposed to facts about a new code sample that can be demonstrated empirically. Maybe in other cases, the company publishing the research privately has concerns that airing their findings on attribution will somehow cause people to take them or the newfound threat less seriously?

    I doubt many who are familiar with my reporting will have trouble telling where I come down on this subject, which explains why I’m fascinated by a bit of digging done into the actor behind a new malware sample that recently received quite a bit of media attention. That threat, known variously as “Rombertik” and “Carbon Grabber,” is financial crimeware that gained media attention because of a curious feature: it was apparently designed to overwrite key sections of the hard drive, rendering the host system unbootable.

    News about Rombertik’s destructive ways was first published by Cisco, which posited that the feature was a defense mechanism built into the malware to frustrate security researchers who might be trying to unlock its secrets. Other security firms published competing theories about the purpose of the destructive component of the malware. Some argued it was the malware author’s way of enforcing licensing agreements with his customers: Those who tried to use the malware on Web addresses or domains that were not authorized as part of the original sale would be considered in violation of the software agreement — their malware infrastructure thus exposed to (criminal) a copyright enforcement regime of the most unforgiving kind.

    Incredibly, none of these companies bothered to look more closely at the clues rather clumsily left behind by the person apparently responsible for spreading the malware sample that prompted Cisco to blog about Rombertik in the first place. Had they done so, they might have discovered that this ultra-sophisticated new malware strain was unearthed precisely because it was being wielded by a relatively unsophisticated actor who seems to pose more of a threat to himself than to others.

    AFRICAN PERSISTENT THREAT

    As much as I would love to take credit for this research, that glory belongs to the community which has sprung up around ThreatConnect, a company that specializes in threat attribution with a special focus on crowdsourcing raw actor data across a large community of users.

    In this case, ThreatConnect dug deeper into centozos[dot]org[dot]in, the control server used in the Rombertik sample featured in the original Cisco report. The Web site registration records for that domain lists an individual in Lagos, Nigeria who used the email address genhostkay@dispostable.com. For those unfamiliar with Dispostable, it is a free, throwaway email service that allows anyone to send and receive email without supplying a password for the account. While this kind of service relieves the user of having to remember their password, it also allows anyone who knows the username to read all of the mail associated with that account.

    KallySky's inbox at Dispostable.

    KallySky’s inbox at Dispostable.

    Reviewing the messages in that genhostkay@dispostable.com account reveals that the account holder registered the domain centozos[dot]org[dot]in with registrar Internet.bs, and that he asked to be CC’d on another email address, “kallysky@yahoo.com”. ThreatConnect found that same genhostkay@dispostable.com email address used to register a number of other domains associated with distributing malware, including kallyguru[dot]in, nimoru[dot]com, directxex[dot]net, and norqren[dot]com.

    The email address kallysky@yahoo.com is tied to a Facebook account for a 30-year-old Kayode Ogundokun from Lagos, Nigeria, who maintains a robust online presence from his personal and “business” Facebook accounts, Blogger, LinkedIn, Twitter and Youtube,” ThreatConnect wrote.

    kallysocial

    “In fact Ogundokun has done very little in the way of operational security (OPSEC). His efforts in covering tracks his tracks have been minimal to non-existent,” ThreatConnect continued. “Ogundokun’s skillset appears to be limited to using commodity RATs and botnets within email borne attacks and is motivated primarily on financial gain rather than espionage or ideological purposes. [We assess] that Ogundokun likely purchased a new version of Carbon Grabber from a much more capable and sophisticated tool author, where the author subsequently licensed it to a less capable operator. His particular sample of Carbon Grabber was simply caught up in a headline grabbing story.”

    REVEALING INTERNET SECRETS TO YOU

    For several years until very recently, Kally/Koyode maintained kallysky.com, which thanks to archive.org we can still review in all its glory. In it, Kally’s site — which boldly and confidently displays the banner message “Revealing Internet Secrets to You” — links to dozens of video tutorials he produced and stars in on how to use various malware tools.

    One of countless pages archived from Kallysky[dot]com

    One of countless pages archived from Kallysky[dot]com

    “He claims to offer services for Citadel Bot, Cybergate RAT, Darkcomet RAT with cpanel web services, ‘Fully Undetectable’ by anti-virus as well as other capabilities such as binders and file extension spoofers, all for educational purposes, of course,” ThreatConnect notes. “He also provides his phone number, BlackBerry Pin and the same kallysky@yahoo[dot]com email address that we observed earlier with the genhostkay@dispostable[dot]com norqren[dot]com domain expiration email.”

    In an April 2014 video, Ogundokun provides a Carbon Form Grabber / Carbon Grabber tutorial. At the beginning of the video, he includes his kallysky@yahoo[dot]com contact details.

    Sadly, Kally did not respond to requests for an interview about his work sent to his yahoo.com address. But his case and the initial industry writeups on Rombertik are illustrative of a trend within the security industry that’s become all-too-common: Threat reports that lack context — particularly on attribution that is so trivially discoverable, ThreatConnect observed.

    “As news of Rombertik spread, we saw sensationalized reporting which used attention grabbing terms such as ‘terrifying,’ ‘deadly’ and ‘suicide bomber malware’ dominate the security news headlines,” the company wrote. “Now if we consider for a moment the man hours and ad hoc reprioritization for many security teams globally who were queried or tasked to determine if their organization was at risk to Rombertik – had the organizations also had adversary intelligence of Ogundokun’s rudimentary technical and operational sophistication, they would have seen a clearer comparison of the functional capabilities of the Rombertik/Carbon Grabber contrasted against the operator’s (Ogundokun) intent, and could have more effectively determined the level of risk.”

    Backblaze Blog | The Life of a Cloud Backup Company: What Would You Do With a Storage Pod?

    This post was syndicated from: Backblaze Blog | The Life of a Cloud Backup Company and was written by: Andy Klein. Original post: at Backblaze Blog | The Life of a Cloud Backup Company

    Empty Backblaze Storage Pods
    Backblaze Storage Pod 027 has been running 24/7/365 storing customer data for the past 7 years. Pod 027 has served us well, but now it is time to retire. Pod 027 is one of 20 Backblaze Storage Pods being retired. In this group are version 1 and version 2 Storage Pods. They have been removed from service, their drives, motherboard, SATA cards, backplanes, wiring, and power supplies, all removed. What remains is Backblaze history – 20 Backblaze Storage Pod chassis that helped launch our company.

    It’s not time to be sad, Pod 027 and friends are ready for the next phase in their collective life, but what should that be? We’ve had some ideas. We could sell them, but we’re not sure anyone would buy them. We could make another Backblaze “B”, but given our tight quarters, having another “B” is a tough sell. We could make them into desks or maybe build a few more baby cribs – all good ideas, but these Pods deserve something special. That’s where you come in.

    Wanted, your ideas

    What you would do with your very own Backblaze Storage Pod chassis? Would you use your Storage Pod to house your digital media collection, build a really big bird feeder or turn a Storage Pod into a work of art inspired by works of Patrick Amoit? No idea is too crazy, cool, or clever, the last thing we want to do is give them to Mel the Metal Guy for scrap.

    Storage pods available

    We currently have 20 Backblaze Storage Pod metal chassis. They are roughly 18” wide, 29” long and 7” high in size and weigh about 25 pounds or 11.3 kilograms. They are rolled steel and of course painted Red. They are used, so they have a few scratches and small dents, but they all have the Backblaze front plate. The drives, boards, wires, power supply etc., have been removed.

    Storage Pod 027

    Why are they available?

    Backblaze is migrating from standalone Backblaze Storage Pods to Backblaze Vaults. The version 1 and version 2 Storage Pods are not vault compatible without a number of physical changes that are not financially practical. Unless you’re building your own Backblaze Vault, these pods will work for you.

    blog_empty_storage_pod_v1

    Submitting your winning idea

    To submit your idea for what you would do with your very own Storage Pod chassis, go to our Facebook page at www.facebook.com/backblaze and post your idea there. Photos along with the submission are encouraged and the liberal use of Photoshop is expected. We’ll collect submissions through 11:59 pm (Pacific Daylight Time) on June 15, 2015. Late or improperly submitted submissions will not be accepted.

    What happens if you WIN!

    Winners will be announced in late June. We’ll post the winning ideas on our blog and our Facebook page and we’ll contact winners via Facebook. For those winners receiving a Storage Pod, Backblaze will pay for packaging and shipping to you. We’ll choose the shipping method and timeframe. Expedited shipping and insurance, if desired, will be at the winner’s expense.

    What are you waiting for?

    Over the years Storage Pod 027 along with the other 19 Storage Pods have done an awesome job storing and restoring data. They’ve served us well. Here’s your chance to make their retirement a memorable experience. Send in your submission today.

    In the weeds…

    1. Backblaze reserves the exclusive right to accept or reject submissions for any reason without explanation. Rejected submissions may be removed from the Backblaze Facebook page if deemed inappropriate.
    2. You will not receive compensation for your submission.
    3. Submissions are considered in the public domain.
    4. Submissions may be used by Backblaze for promotional purposes.
    5. Backblaze reserves the exclusive right to select the winning entries.

    The post What Would You Do With a Storage Pod? appeared first on Backblaze Blog | The Life of a Cloud Backup Company.

    TorrentFreak: H33T.to Mysteriously Disappears….But Can Be Found

    This post was syndicated from: TorrentFreak and was written by: Andy. Original post: at TorrentFreak

    People being unable to access a particular torrent site is perhaps the most common complaint in the file-sharing world today, and that should come as little surprise considering the elements at play.

    While citizens of the U.S. largely enjoy unfettered access to any site, file-sharers in Europe have to deal with website blocking on a grand scale. Add domain seizures, pressure on webhosts and sundry raids that effect everyone into the mix, it’s perhaps surprising just how well sites are coping.

    One site with a checkered recent uptime history is H33T. At times one of the world’s Top 10 torrent sites, H33T has fought through some very public spats with copyright holders and has been blocked in the UK since 2013 after music industry group BPI obtained a High Court order against the country’s six ISPs.

    Recently H33T disappeared again but with no comment from anyone running the site (if anyone is, day to day), millions of the site’s users were left wondering what the following message from Cloudflare means for the future.

    “You’ve requested a page on a website (h33t.to) that is on the CloudFlare network. CloudFlare is currently not routing the requested domain (h33t.to). There are two potential causes of this,” Cloudflare explains.

    cloud-h33t

    From the above it’s clear that Cloudflare isn’t currently a helpful service for those trying to access the site. The big question, however, is whether H33T is functioning somewhere and Cloudflare is the issue, or whether it’s gone altogether. Time to bypass Cloudflare to find out.

    A few minutes of detective work turn up two potential direct IP addresses for H33T, one registered to a Canadian datacenter and the other located in the tiny 115-island country of Seychelles. At first, both appear useless, with the Canadian IP doing nothing and the Seychelles IP directing straight back to Google.

    However, by adding the latter IP to the Windows hosts file and then accessing H33T.to in the usual way……

    h33t-block

    ….H33T magically springs to life.

    Perhaps surprisingly the site seems entirely operational, with torrents uploaded as recently as today. Exactly what the problem is remains unclear, but serious issues with Cloudflare that have persisted for many days seem to be the culprit.

    Why these haven’t been fixed is a question likely to go unanswered. The site’s once-popular Facebook page hasn’t been updated since October 2014 and still lists the long-defunct URL H33T.com as the site’s main domain.

    In the meantime and not withstanding hosts edits, proxies such as this one are keeping the site alive. Only time will tell if Cloudflare will re-enable the site – the company does not discuss individual cases.

    Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and anonymous VPN services.

    Krebs on Security: Recent Breaches a Boon to Extortionists

    This post was syndicated from: Krebs on Security and was written by: BrianKrebs. Original post: at Krebs on Security

    The recent breaches involving the leak of personal data on millions of customers at online hookup site Adult Friend Finder and mobile spyware maker mSpy give extortionists and blackmailers plenty of ammunition with which to ply their trade. And there is some evidence that ne’er-do-wells are actively trading this data and planning to abuse it for financial gain.

    Within hours after data on tens (if not hundreds) of thousands of mSpy users leaked onto the Deep Web, miscreants on the “Hell” forum (reachable only via Tor) were busy extracting countless Apple iTunes usernames and passwords from the archive.

    “Apple Id accounts you can use Tor to login perfectly safe! Good method so far use ‘Find My phone,’” wrote Ping, a moderator on the forum. “Wipe data and set a message that they been hacked and the only way to get their data back is to pay a ransom.”

    "Hell" forum users discuss extorting mSpy users who had iTunes account credentials compromised in the breach.

    “Hell” forum users discuss extorting mSpy users who had iTunes account credentials compromised in the breach.

    mSpy works on non-jailbroken iPhones and iPads, but the user loading the program needs to supply the iTunes username and password to load mSpy onto the device. The tough part about a breach at a company like mSpy is that many “users” will not know they need to change their iTunes account passwords because they don’t know they have the application installed in the first place!

    Late last week, several publications reported that the database for Adult Friend Finder’s users was being sold online for the Bitcoin equivalent of about USD $17,000. Unfortunately, that same database seems to be circulating quickly around the Deep Web, including on the aforementioned Hell forum.

    In an update posted to its site on Friday, AFF owner FriendFinder Networks sought to assure registered users there was no evidence that any financial information or passwords were compromised.

    Nevertheless, the AFF breach clearly threatens to inundate breached users with tons more spam, and potentially makes it easy to identify subscribers in real life. Such a connection could expose users to blackmail attempts: I spent roughly 10 minutes popping email addresses from the leaked AFF users list into Facebook, and managed to locate more than a dozen active Facebook accounts apparently tied to married men.

    A description posted to the "Hell" forum listing the attributes of the Adult Friend Finder user database.

    A description posted to the “Hell” forum listing the attributes of the Adult Friend Finder user database.

    According to a note posted by the aforementioned Hell moderator Ping (this user is also administrator of the Deep Web forum The Real Deal), the AFF database has been traded online since March 2015, but it only received widespread media attention last week.

    Lauren Weinstein's Blog: Seeking Anecdotes Regarding “Older” Persons’ Use of Web Services

    This post was syndicated from: Lauren Weinstein's Blog and was written by: Lauren. Original post: at Lauren Weinstein's Blog

    Greetings. I’m seeking anecdotes regarding the use of Web services (e.g. as provided by Google, Facebook, Twitter, etc.) by “older” users. Keeping in mind that our memories, vision, and other key attributes typically begin to degrade by the time we reach our 20s, I’m not specifying any particular age ranges here. Please email whatever you can to: experiences@vortex.com I’m especially…