Posts tagged ‘Facebook’

Backblaze Blog | The Life of a Cloud Backup Company: Office Manager Emily Joins the Backblaze Horde!

This post was syndicated from: Backblaze Blog | The Life of a Cloud Backup Company and was written by: Yev. Original post: at Backblaze Blog | The Life of a Cloud Backup Company

photo-emma

The newest addition to the crew at Backblaze, Emily breaks down her favorite hobbies and aspirations. They involve pets and World of Warcraft…what a combo!

What is your Backblaze title?
Office Manager

If you didn’t have to work, what would you do?
If I didn’t have to work, I would work! I would start my own non-profit organization and open up a series of diverse animal shelters across the country. I am a huge animal advocate and love working with them. I spent the first 13 years of my life helping my grandparents run various campgrounds near Yosemite. My father and I wandered the forest, catching every creature that crossed our path. Mom almost never let us keep them, and I really wanted to bring home a bear, but even my father protested that. I would still attend school and obtain my RN license, and start another non-profit organization that provided medication and medical treatment for children in poor countries.

What is your dream job?
Working for Backblaze of course! However another dream job of mine is to join the Air Force, and work in counter-intelligence. I intend to finish getting my BA in nursing, join the Air Force, then retire and work as a Nurse at the Yountville Veterans Home.

What attracted you to Backblaze?
My husband has worked for Backblaze for well over 2 years now. He was constantly talking about how “cool” it is to work here, throwing all these names around that I could never remember. Except for Brian, I always knew there was a Brian….or two…or three….. maybe even four. Finally, I decided to check this place out for myself and liked what I saw. Luckily, they did too! The Company’s standard of transparency and honesty is refreshing, and I look forward to serving this company.

Where else have you worked?
Previously, I worked at Napa Valley Hospice as their Program Assistant – a very rewarding experience! I am incredibly thankful for the opportunity to have worked there. The things I learned are priceless, and the people I met are wonderful. Hospice is a unique form of healthcare, with an interdisciplinary team approach to patient care. Hospice helps both patients with terminal diagnoses and their loved ones, as they write their final life chapter.

Favorite place you’ve traveled?
Disneyland is my absolute favorite! In fact, my husband proposed to me on Pirates of the Caribbean. Needless to say, Disneyland holds many fond memories! However I have not traveled out of the country, and would love to visit South America and Europe.

Favorite hobby/interests?
I love camping, fishing, kicking butt and taking names in Call of Duty, spending an incredible amount of time at Petco, and playing World of Warcraft. For the Horde!

Help us welcome Emily to the Backblaze fold, and if you’re an Alliance member and meet her in-game…good luck to you!

Author information

Yev

Yev

Social Marketing Manager at Backblaze

Yev enjoys speed-walking on the beach. Speed-dating. Speed-writing blog posts. The film Speed. Speedy technology. Speedy Gonzales. And Speedos. But mostly technology.

Follow Yev on:

Twitter: @YevP | LinkedIn: Yev Pusin | Google+: Yev Pusin

The post Office Manager Emily Joins the Backblaze Horde! appeared first on Backblaze Blog | The Life of a Cloud Backup Company.

TorrentFreak: The Pirate Bay’s Facebook Page Is Shut Down Too

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

tpbfacebookMore than a week has passed since The Pirate Bay’s servers were pulled offline, and now the same is happening to the site’s official Facebook page.

With more than 470,000 likes TPB’s Facebook page had quite a reach, although the last status update dates back to last year. Since then the page was mostly used by ‘fans’ to share TPB related news stories, and most recently links to Pirate Bay alternatives.

Those who try to access the page today are out of luck though, as Facebook informs them that “the page isn’t available” and that it “may have been removed.”

It’s unclear what the reason behind the removal is. It could have been initiated by The Pirate Bay crew itself but it’s also possible that Facebook was asked to shut it down for alleged links to copyright infringing material.

tpb-facebook

If The Pirate Bay crew deleted the page the motivation may have been to cover its tracks. Swedish authorities have confirmed that there’s a new criminal investigation ongoing into the site’s operators, which may have prompted some to cut their ties.

That said, TPB’s official Twitter profile, which hasn’t been updated since December last year, remains online.

The Pirate Bay crew have remained pretty much silent over the past few days. Earlier this week a message was relayed through “Mr 10100100000″ who suggested that no decision has yet been made on a potential return.

“Will we reboot? We don’t know yet. But if and when we do, it’ll be with a bang,” Mr 10100100000 said.

Meanwhile, most of the site’s users are flocking to the Pirate Bay copies that are floating around, or one of the other popular torrent sites. This mass migration caused trouble at ExtraTorrent yesterday, who were briefly offline due to a “sudden increase in user traffic.”

At the same time, groups using the “Anonymous” moniker claimed to have hacked both the Swedish Government and the New Zealand police in a retaliatory move, while a better known “Anonymous” group distanced itself from The Pirate Bay.

“We do not support the return of The Pirate Bay itself. We used to be the activist arm behind this website and what it stood for, but we feel like The Pirate Bay doesn’t represent our message anymore,” the latter group said.

And so the storm continues.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

Backblaze Blog | The Life of a Cloud Backup Company: 2014 Year In Review

This post was syndicated from: Backblaze Blog | The Life of a Cloud Backup Company and was written by: Gleb Budman. Original post: at Backblaze Blog | The Life of a Cloud Backup Company

blog-2014

Seven years ago we started on a mission to make storing data astonishingly easy and low-cost so that no one loses their wedding photos, curated music, work files, or any of the other items from their computers. In 2014, I’m proud to say we made a good dent in that mission. Here are a few of the highlights from our 2014 year in review.

Products
We launched an Android app to complement our existing iPhone app and increased restore sizes on hard drives to 4 TB and by 2x on flash drives to 128 GB so our customers could access more of their data faster. Email Notifications and Backup Summaries ensured they knew their data was safely backed up. Our refer-a-friend program gave our customers and their friends months of Backblaze for free. Upgrades to support iOS 8, Apple OS X Mavericks, and hundreds of smaller updates to keep improving the service for our customers.

Community
I am incredibly grateful to the community that has supported us over the years. Another 11 incredible people joined our team to help us scale, plus a few interns (one of whom just won a $100,000 national science award.)

On Twitter, Facebook, and other digital places we talked with you virtually and then met many of you in person at Macworld, RootsTech, and many other events.

We wrote 75 blog posts such as those sharing a bunch of data on hard drive reliability, the impact of temperature on a hard drive, and which hard drive SMART stats matter. Since about 1,000,000 of you read these posts, we revamped our blog platform and will strive to continue sharing learning worthy of your time reading.

Scale
The simplicity of the product our customers see hides the wild scale of the systems and operations required to support it. We introduced a new 270 TB Storage Pod this year, scaled up to store over 100,000,000 GB of customer data, and opened a huge new 500 petabyte data center. Our support team answered their 100,000th ticket. Our customers recovered over 6 billion files that would have been irretrievably lost.

Recognition
Famed consumer product reviewer Walt Mossberg recommends Backblaze and makes it his personal service. Gizmag calls Backblaze one of the easiest to use. And Deloitte ranks Backblaze the 128th fastest growing company in North America, with 917% revenue growth over five years.

Next
So with 2015 imminently arriving, where do we go? Keep focusing on making storing data astonishingly easy and low-cost. One of the things I’m incredibly proud of our team for is being able to support a 1000% increase in per-customer data storage while keeping the $5 unlimited pricepoint unchanged. Thus, a lot of what we have planned will continue to be in the background – enhancing our massive cloud storage system to scale bigger, be more cost-efficient, and work ever better – so that our customers can continue to store more and more data, easier and easier.

A huge thank you to all of you: our customers, our community, our partners, and our employees for helping us make this happen.

 

Author information

Gleb Budman

Co-founder and CEO of Backblaze. Founded three prior companies. He has been a speaker at GigaOm Structure, Ignite: Lean Startup, FailCon, CloudCon; profiled by Inc. and Forbes; a mentor for Teens in Tech; and holds 5 patents on security.

Follow Gleb on: Twitter / LinkedIn / Google+

The post 2014 Year In Review appeared first on Backblaze Blog | The Life of a Cloud Backup Company.

Raspberry Pi: Royal Institution Christmas Lectures

This post was syndicated from: Raspberry Pi and was written by: Liz Upton. Original post: at Raspberry Pi

As you may have heard if you follow us on Twitter, Facebook or G+, we are sponsoring this year’s Royal Institution Christmas Lectures. The lectures are part of British educational history: Michael Faraday started them in 1825 to introduce science to ordinary people – especially young people – and they’ve been running ever since, with only one break in 1939-42 during World War II.

Professor Danielle George, presenter of this year's lectures. Photo credit: Paul Wilkinson

Professor Danielle George, presenter of this year’s lectures. Photo credit: Paul Wilkinson

We’re incredibly proud to be associated with the lectures. They’re a real educational jewel, and they provide some of the best television in the UK over the Christmas period. British readers can watch this year’s lectures on BBC4 on December 29, 30 and 31 – the theme (which, serendipitously, has a lot of relevance for Raspberry Pi users) is Sparks will fly: How to hack your home. International viewers will be able to watch later on on the Royal Institution’s website.

Here’s a teaser the Royal Institution released on YouTube yesterday.

If you’d like to read more about this year’s lectures, there’s a long interview with Professor Danielle George in the Guardian, where she explains why hacking is such a crucial skill for children. We hope you’ll be watching the lectures along with us!

TorrentFreak: Former ‘Pirate’ Site Dropped From UK Blocklist

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

filestube-newLast week the popular media search engine FilesTube transformed itself into a licensed video aggregator.

The site, which was once branded one of the top pirate sites by the entertainment industry, hopes that the move will bring in new revenue opportunities.

First, however, the site had to get rid of various remnants from its “pirate” history. The site is still blocked in the UK, for example, as the High Court previously declared that FilesTube infringed music rights.

Earlier, FilesTube informed TF that it planned to challenge the blockade at the High Court, but it turns out that this is no longer needed. Music industry group BPI, who were the driving force behind FilesTube’s blockade, followed recent developments and decided to unblock the site.

This is the first time that the list of blocked pirate sites in the UK has become shorter, although it may not be for long.

The BPI believes that FilesTube is a good example of how High Court orders can motivate websites to go legit and hopes that others will follow the example.

“We are pleased that the block has encouraged FilesTube to change its business model so that it no longer appears to infringe music rights,” BPI’s General Counsel Kiaron Whitehead tells TF.

“Accordingly, we have agreed to un-block the site, which the ISPs will implement over the next few weeks. We hope that other sites which are subject to blocking orders will follow suit and help to support the development of legal digital entertainment.”

TF also spoke with FilesTube, who are happy with BPI’s swift response. Since the music group can amend the blocklists without a court order, this saves the trouble of going through court.

“We used to be a media search engine for content on cyberlocker sites. Now we operate as a free VOD aggregator with licensed content only. We are grateful to BPI for agreeing to lift the blocks and we look forward to the growth of the new FilesTube,” a spokesperson informed TF.

In addition to the lifted blockade, FilesTube’s Facebook page was also unblocked recently. The page was taken down by the movie industry FACT, but is now accessible again.

Meanwhile, many of FilesTube’s former users are disappointed with the change. Apparently “going legit” also has its downsides, but the site hopes to rebuild a new community during the months to come.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

Krebs on Security: SpamHaus, CloudFlare Attacker Pleads Guilty

This post was syndicated from: Krebs on Security and was written by: BrianKrebs. Original post: at Krebs on Security

A 17-year-old male from London, England pleaded guilty this week to carrying out a massive denial-of-service attack last year against anti-spam outfit SpamHaus and content delivery network CloudFlare, KrebsOnSecurity has learned.

narko-stophausIn late March 2013, a massive distributed denial-of-service (DDoS) attack hit the web site of SpamHaus, an organization that distributes a blacklist of spammers to email and network providers. When SpamHaus moved its servers behind CloudFlare, which specializes in blocking such attacks — the attackers pelted CloudFlare’s network. The New York Times called the combined assault the largest known DDoS attack ever on the Internet at the time; for its part, CloudFlare dubbed it “the attack that almost broke the Internet.”

In April 2013, an unnamed then-16-year-old male from London identified only by his hacker alias “Narko,” was arrested and charged with computer misuse and money laundering in connection with the attack.

Sources close to the investigation now tell KrebsOnSecurity that Narko has pleaded guilty to those charges, and that Narko’s real name is Sean Nolan McDonough. A spokesman for the U.K. National Crime Agency confirmed that a 17-year-old male from London had pleaded guilty to those charges on Dec. 10, but noted that “court reporting restrictions are in place in respect to a juvenile offender, [and] as a consequence the NCA will not be releasing further detail.”

During the assault on SpamHaus, Narko was listed as one of several moderators of the forum Stophaus[dot]com, a motley crew of hacktivists, spammers and bulletproof hosting providers who took credit for organizing the attack on SpamHaus and CloudFlare.

WHO RUNS STOPHAUS?

It is likely that McDonough/Narko was hired by someone else to conduct the attack. So, this seems as good a time as any to look deeper into who’s likely the founder and driving force behind the Stophaus movement itself. All signs point to an angry, failed spammer living in Florida who runs an organization that calls itself the Church of Common Good.

cocg-fbNot long after McDonough’s arrest, a new Facebook page went online called “Freenarko,” which listed itself as “a solidarity support group to help in the legal defense and media stability for ‘Narko,’ a 16-yr old brother in London who faces charges concerning the Spamhaus DDoS attack in March.”

Multiple posts on that page link to Stophaus propaganda, to the Facebook page for the Church of the Common Good, and to a now-defunct Web site called “WeAreHomogeneous.org” (an eye-opening and archived copy of the site as it existed in early 2013 is available at archive.org; for better or worse, the group’s Facebook page lives on).

The Church of Common Good lists as its leader a Gulfport, Fla. man named Andrew J. Stephens, whose LinkedIn page says he is a “media mercenary” at the same organization. Stephens’ CV lists a stint in 2012 as owner of an email marketing firm variously called Digital Dollars and IBT Inc, moneymaking schemes which Stephens describes as a “beginner to intermediate level guide to successful list marketing in today’s email environment. It incorporates the use of both white hat and some sketchy techniques you would find on black hat forums, but has avoided anything illegal or unethical…which you would also find on black hat forums.”

More recent entries in Andrew’s LinkedIn profile show that he now sees his current job as a “social engineer.” From his page:

“I am a what you may call a “Social Engineer” and have done work for several information security teams. My most recent operation was with a research team doing propaganda analysis for a media firm. I have a unique ability to access data that is typically inaccessible through social engineering and use this ability to gather data for research purposes. I have a knack for data mining and analysis, but was not formally trained so am able to think outside the box and accomplish goals traditional infosec students could not. I am proficient at strategic planning and vulnerability analysis and am often busy dissecting malware and tracking the criminals behind such software. There’s no real title for what I do, but I do it well I am told.”

Turns out, Andrew J. Stephens used to have his own Web site — andrewstephens.org. Here, the indispensable archive.org helps out again with a cache of his site from back when it launched in 2011 (oddly enough, the same year that Stophaus claims to have been born). On his page, Mr. Stephens lists himself as an “internet entrepreneur” and his business as “IBT.” Under his “Featured Work” heading, he lists “The Stophaus Project,” “Blackhat Learning Center,” and a link to an spamming software tool called “Quick Send v.1.0.”

Stephens did not return requests for comment sent to his various contact addresses, although a combative individual who uses the Twitter handle @Stophaus and has been promoting the group’s campaign refused to answer direct questions about whether he was in fact Andrew J. Stephens.

Helpfully, the cached version of Andrewstephens.org lists a contact email address at the top of the page: stephensboy@gmail.com (“Stephensboy” is the short/informal name of the Andrew J. Stephens LinkedIn profile). A historic domain registration record lookup purchased from Domaintools.com shows that same email address was used to register more than two dozen domains, including stophaus.org and stopthehaus.org. Other domains and businesses registered by that email include (hyperlinked domains below link to archive.org versions of the site):

-“blackhatwebhost.com“;
-“bphostingservers.com” (“BP” is a common abbreviation for “bulletproof hosting” services sold to -spammers and malware purveyors);
-“conveyemail.com”;
-“datapacketz.com” (another spam software product produced and marketed by Stephens);
-“emailbulksend.com”;
-“emailbulk.info”;
-“escrubber.info” (tools to scrub spam email lists of dummy or decoy addresses used by anti-spam companies);
-“esender.biz”;
-“ensender.us”;
-“quicksendemail.com“;
-“transmitemail.com”.

The physical address on many of the original registration records for the site names listed above show an address for one Michelle Kellison. The incorporation records for the Church of Common Good filed with the Florida Secretary of State list a Michelle Kellison as the registered agent for that organization.

Putting spammers and other bottom feeders in jail for DDoS attacks may be cathartic, but it certainly doesn’t solve the underlying problem: That the raw materials needed to launch attacks the size of the ones that hit SpamHaus and CloudFlare last year are plentiful and freely available online. As I noted in the penultimate chapter of my new book — Spam Nation (now a New York Times bestseller, thank you dear readers!), the bad news is that little has changed since these ultra-powerful attacks first surfaced more than a decade ago.

Rodney Joffe, senior vice president and senior technologist at Neustar –a security company that also helps clients weather huge online attacks — estimates that there are approximately 25 million misconfigured or antiquated home and business routers that can be abused in these digital sieges. From the book:

Most of these are home routers supplied by ISPs or misconfigured business routers, but a great many of the devices are at ISPs in developing countries or at Internet providers that see no economic upside to spending money for the greater good of the Internet.

“In almost all cases, it’s an option that’s configurable by the ISP, but you have to get the ISP to do it,” Joffe said. “Many of these ISPs are on very thin margins and have no interest in going through the process of protecting their end users— or the rest of the Internet’s users, for that matter.”

And therein lies the problem. Not long ago, if a spammer or hacker wanted to launch a massive Internet attack, he had to assemble a huge botnet that included legions of hacked PCs. These days, such an attacker need not build such a huge bot army. Armed with just a few hundred bot- infected PCs, Joffe said, attackers today can take down nearly any target on the Internet, thanks to the millions of misconfigured Internet routers that are ready to be conscripted into the attack at a moment’s notice.

“If the bad guys launch an attack, they might start off by abusing 20,000 of these misconfigured servers, and if the target is still up and online, they’ll increase it to 50,000,” Joffe said. “In most cases, they only need to go to 100,000 to take the bigger sites offline, but there are 25 million of these available.”

If you run a network of any appreciable size, have a look for your Internet addresses in the Open Resolver Project, which includes a searchable index of some 32 million poorly configured or outdated device addresses that can be abused to launch these very damaging large-scale attacks.

The Hacker Factor Blog: You Can Bank On It

This post was syndicated from: The Hacker Factor Blog and was written by: The Hacker Factor Blog. Original post: at The Hacker Factor Blog

Last week, security journalist Brian Krebs reported on a U.S. Treasury Department finding. The Treasury found that TOR nodes account for a large percent of online banking fraud.

I found this report to be startling. I wasn’t surprised that TOR was being used for fraud. Rather, I was stunned that, after all these years, the banking industry was not filtering out logins from TOR nodes!

Don’t look at me!

Let’s back up a moment… The purpose of TOR (the onion router) is to mix up the network pathway so that users can be anonymous online. The purpose of logging into anything — a bank, Google, Facebook, or any other online service — is to identify yourself. These are diametrically opposed concepts. You cannot be anonymous and identify yourself at the same time!

There may be some online services where you don’t care about the account and you want to be anonymous. A good example would be a free Yahoo Mail account that some anti-government Chinese citizen wants to access. They are anonymous but also identified for logging into the account. However, online banking is different.

With online banking, it is not a “free account”. The account manages tangable assets (money) and is directly associated with a person (or company). Customers want the bank to know it is them doing legitimate business and not someone else doing fraud.

The only time a user might want to be anonymous when accessing a bank is if the account is for doing something illegal (like money laundering). This way, the bank won’t be able to trace the account to an individual. But then again, no FDIC Insured bank wants that kind of customer. (Let’s leave the fraud to non-insured PayPal accounts.)

Seriously: I cannot think of any legitimate reason to do anonymous online banking. I see no legitimate reason to access your bank account using TOR.

Safe Web Access

The other thing to remember is that TOR is not a safe online system. Sure, nobody can trace the network connection from the web client to the web server, but that doesn’t mean it is safe. Specifically, you (the TOR user) do not know who owns each TOR exit node and you have no idea what they are doing to your data.

Last October, some researchers discovered that a few TOR exit nodes were maliciously modifying files. You may think you are downloading a program, but the TOR node was inserting malware instead.

Hostile TOR nodes have also been used to track users and even record logins and passwords.

In effect, if you use TOR then you should assume that (1) nobody knows it is you, and (2) someone is watching and recording what you do. Logging into your bank, or anywhere else, is really a bad idea for TOR users. Knowing this, it strikes me that banks are being intentionally ignorant to permit logins from TOR nodes. This majority of banking fraud should have been stopped years ago.

Filtering by Network

I have previously written about various ways to detect proxies. There are two fast and easy ways to detect proxy users: network and application filtering.

The first way focuses on the network address. The folks at the Tor Project actually have an FAQ entry for online services that want to block TOR. They even provide the list of known TOR nodes! At this point, the web server can look at every login request and check if the client’s network address is the same as a known TOR node. If it is, then they can block the request. (And if the login was valid, the bank can even block all login access to the account since the account has been compromised.)

Keep in mind: TOR is not the only proxy network out there. There are dozens of free lists of open proxies. (And even more fee-based lists.) There are also a couple of DNS-blacklist systems that identify known proxy addresses. And then there are network-based geo-location databases — most have some subnets identified as known proxy networks. Banks could even use the geo-location information to identify likely fraud. For example, if I last logged in from Colorado and then, minutes or hours later, appear to come from Europe, then my account has likely been compromised.

If banks really wanted to be proactive, then they would also identify Starbucks, McDonalds, Holiday Inn, and other major free-Internet providers and add them to the “no login” list. Users should never check their bank accounts from a free Internet service.

Filtering by Application

While network filtering will identify known addresses that denote proxy systems, there are always other proxies that are not found on any list.

Beyond looking at network addresses, services can detect proxies by looking at the web traffic’s HTTP header. Many proxy systems add in their own HTTP headers that denote a network relay. If any of these proxy headers exist, then the server should reject the login.

The biggest problem with HTTP headers is that there is no consistent method to identify a web proxy. Some relays add in an HTTP “VIA” header. Others may use “FORWARDED”, “FORWARDED-FOR”, “HTTP_CLIENT_IP”, “X-PROXY-ID” or similar header fields. My own FotoForensics system currently looks for over a dozen different HTTP headers that denote some kind of proxy network connection. While some of these proxy networks may be acceptable for online banking (e.g., “X-BlueCoat-Via” or “Client-IP”), others should probably be blacklisted.

Being proactive is not a crime

There are many viable uses for proxy networks. However, there are also times when using a proxy is a really bad idea. Banks should be utilizing all of these proxy detection methods. They should be ensuring that the network address is not part of a known proxy system. And they should be proactively trying to identify and reduce fraud.

Of course, some people may tell you that online banking through TOR is safe if you use HTTPS. However, that really isn’t true. Anyone who has seen the Defcon Wall of Sheep knows that HTTPS is easy to compromise if you control the network. Remember: SSL is a security placebo and not an actual security solution.

Before I began focusing on forensic tool development, I did a lot of forensic analysis for corporations. I always thought it was ironic when the corporate lawyers would give me very specific directions, like: “We want to know exactly what happened on this computer. Who did what and when. And whatever happens, we do not want you to look at that computer over there!” With corporate attorneys, if they know about something then they must act on it. But if they don’t explicitly know, then they don’t have to do anything about it. By not looking at the problem, they could always claim ignorance.

This entire “TOR used for bank fraud” situation has a similar feel. It is as if the banks want to claim ignorance rather than addressing the problem. But in this case, the entire industry has known for years that TOR is commonly used for online criminal activity. And we have long known that easy banking access facilitates fraud. In this case, not blocking TOR users really looks to me like intentional criminal negligence.

Backblaze Blog | The Life of a Cloud Backup Company: Holiday Gift Guide – Backblaze Style

This post was syndicated from: Backblaze Blog | The Life of a Cloud Backup Company and was written by: Yev. Original post: at Backblaze Blog | The Life of a Cloud Backup Company

blog-giftguide-2014
We all have those hard to shop for members of our family, and at Backblaze, we wanted to take a moment and make your holiday shopping conundrums a bit easier to solve. We realize this is coming out a bit late in the holiday gift guide season, so we pooled together some items that you could get fairly quickly, if you act fast!

For those of your family who just can’t shake their nostalgia this 3.5″ floppy is a great get, and best of all, a ten pack is only $7.95 at floppydisk.com:

Floppy_disk_300_dpi

Need a bit more data, but want a functional way to carry it around? May we introduce you to the Stick Around! You can prop up your phone with this beauty, plus it has a 4GB hardcore storage capability:
3

Have a budding young data fan in your family? Get them this adorable little Minion USB Key (for tons of other novelty flash keys take a gander at Amazon:
minionUSB

Too old for minions or novelty flash keys? Well, what about a nice piece of hardware? Get some wood, 1 whole TB worth:
wooden USB

OK, wood might be a bit too much, but what about something to compliment that new Mac Pro you got? How about a nice 1TB sphere:
Sphere_Artistic

Perhaps 1TB futuristic drives aren’t your thing? You need a bit more space because you collect lots of “data”? A Drobo is the thing for you:
Drobo

“5 hard drive slots? What am I? A peasant? My cat photo library itself is over 100TB!” Is that so? Fine…you deserve your own Backblaze storage pod…a Storinator:storinator_splash.1

So now that you have all that fancy hardware, you need to fill it with hard drives right? Might we humbly suggest these HGST drives:
hgst

Wait, you didn’t need to store your data at all, you just wanted your phone to look awesome? We totally misunderstood. Here’s a rad case:
hard_drive_case_for_iphone

We hope that helps with your holiday gift giving angst. If you’re still looking for something though, a great gift that keeps on giving is a Backblaze gift code. You can buy a gift code for someone today, and help keep their important data safe for the years to come! It’s better than coal right? Plus you don’t have to wait for shipping…
blog-giftguide-present

Author information

Yev

Yev

Social Marketing Manager at Backblaze

Yev enjoys speed-walking on the beach. Speed-dating. Speed-writing blog posts. The film Speed. Speedy technology. Speedy Gonzales. And Speedos. But mostly technology.

Follow Yev on:

Twitter: @YevP | LinkedIn: Yev Pusin | Google+: Yev Pusin

The post Holiday Gift Guide – Backblaze Style appeared first on Backblaze Blog | The Life of a Cloud Backup Company.

Schneier on Security: Corporations Misusing Our Data

This post was syndicated from: Schneier on Security and was written by: schneier. Original post: at Schneier on Security

In the Internet age, we have no choice but to entrust our data with private companies: e-mail providers, service providers, retailers, and so on.

We realize that this data is at risk from hackers. But there’s another risk as well: the employees of the companies who are holding our data for us.

In the early years of Facebook, employees had a master password that enabled them to view anything they wanted in any account. NSA employees occasionally snoop on their friends and partners. The agency even has a name for it: LOVEINT. And well before the Internet, people with access to police or medical records occasionally used that power to look up either famous people or people they knew.

The latest company accused of allowing this sort of thing is Uber, the Internet car-ride service. The company is under investigation for spying on riders without their permission. Called the “god view,” some Uber employees are able to see who is using the service and where they’re going — and used this at least once in 2011 as a party trick to show off the service. A senior executive also suggested the company should hire people to dig up dirt on their critics, making their database of people’s rides even more “useful.”

None of us wants to be stalked — whether it’s from looking at our location data, our medical data, our emails and texts, or anything else — by friends or strangers who have access due to their jobs. Unfortunately, there are few rules protecting us.

Government employees are prohibited from looking at our data, although none of the NSA LOVEINT creeps were ever prosecuted. The HIPAA law protects the privacy of our medical records, but we have nothing to protect most of our other information.

Your Facebook and Uber data are only protected by company culture. There’s nothing in their license agreements that you clicked “agree” to but didn’t read that prevents those companies from violating your privacy.

This needs to change. Corporate databases containing our data should be secured from everyone who doesn’t need access for their work. Voyeurs who peek at our data without a legitimate reason should be punished.

There are audit technologies that can detect this sort of thing, and they should be required. As long as we have to give our data to companies and government agencies, we need assurances that our privacy will be protected.

This essay previously appeared on CNN.com.

Блогът на Юруков: Тест за интелигентност: дали бият нетествана ваксина на децата ни

This post was syndicated from: Блогът на Юруков and was written by: Боян Юруков. Original post: at Блогът на Юруков

шествалентна ваксина черен триъгълник Хексацима нетествана наблюдение ваксина Hexacima  bylgariq my life

Преди дни стана ясно, че проблемът с шествалентните ваксини е решен. Ваксината се казва Хексацима (Hexacima) и съвсем скоро флаконите ще бъдат доставени на лекарите. Малко след като се разбра името на ваксината, из мрежата плъзнаха коментари (даже нямам намерение да ги линквам), че е била нетествана и виждаш ли – големите фармацевтични компании щели да използват българските бебета като опитни зайчета. Индикация за това бил черният триъгълник в листовката указващ, че продуктът „подлежи на допълнително наблюдение“. Разбира се, новината беше прекопирана из всякакви сензационни сайтове и си има вече тема в БГ Мама.

Какво всъщност означава обърнатият черен триъгълник? Най-просто казано, това е мярка на европейско ниво за всички нови лекарства, които съдържат наскоро одобрени препарати или биологични продукти. Прилага се за всички нови ваксини просто заради масовостта им. Това наблюдение не означава, че продуктът не е тестван или крие някакви рискове. Точно обратното – въпреки доказаната безопасност, Европейската медицинска агенция ще го наблюдава за всеки случай. Всички ваксини излезли след 2011-ти попадат в този списък.

Това, разбира се, не пречи на противниците на ваксините да сеят паника сред родителите. Тъй като последните съвсем разбираемо се притесняват за децата си, редовно има коментари, че „навярно не знаем цялата истина“, „щом го пише в нета значи има нещо“ и „ще изчакаме да видим дали има проблем при другите“. Всичко това застрашава здравето както на децата, така и на новородените около тях, които са твърде малки, за да бъдат защитени с ваксини. За рисковете от подлъгването по подобни глупости съм писал много до сега.

Ето обаче и черешката на тортата. Реших да погледна дали шествалентната ваксина, която бихме на дъщеря ми в Германия, има такъв черен триъгълник. Не съм ги купувал аз, даже не съм виждал опаковката. В Германия лекарят идва с една спринцовка и нищо не ти казва. В имунизационния картон обаче има лепенка и там пише, че ваксината е Hexyon. След кратка проверка установих, че това е същата ваксина, която ще бият в България. Просто в някои държави се продава под друго име. Препаратът е същия, както става ясно от производителя и регулатора.

Това може да означава две неща – или в последните две години горките немски деца са били подложени на нечовешки експеримент за тестване на непроверена ваксина, или всички трябва да се замислим какво ниво на интелигентност трябва имаш, за да повярваш на такива глупости. Още повече, че всичко за процеса на тестване, одобрение и прилагане на ваксината, както и за режима на наблюдение след това, е публично и лесно достъпно. Това се прави точно, за да могат родителите да се информират за въпросните продукти.

Не казвам, че родителите, които търсят повече информация са глупави. Точно обратното – аз го правя и при толкова много достъпна информация препоръчвам на всички да я погледнат. Трябва обаче сериозно да не ти пука за детето ти, за да не се зачетеш по-сериозно, а да възприемаш като достоверни няколко панически поста във Facebook.

За повече информация: листовка за Hexyon, листовка за Hexacima, информация за интензивното наблюдение.

TorrentFreak: Pirate Bay’s Peter Sunde Picks Up Fight for a Free Internet

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

peter-sundeOn November 10 former Pirate Bay spokesman Peter Sunde was released from the high security prison where he’d been detained since his arrest last May.

After more than two weeks on the outside Peter is still struggling to put his thoughts into words and come to terms with what happened, a process that needs time.

Peter, who was Pirate Bay’s public face but never got involved in day-to-day operations, sees his incarceration as a kidnapping. He never committed a crime, but was jailed for a made-up offense due to pressure from the copyright lobby.

While in prison Peter lost his father. Not being able to stand beside his loved ones during this time made it all so much worse. Slowly, however, there’s a light glimmering at the end of the tunnel, a light that strengthens Peter’s inner-urge as an Internet activist.

Today, Peter is kind enough to share some of his thoughts on the past and future with TF and the many people who spoke out in his support during the past few months.

Looking back at the difficult months in prison, and ahead to his future as a free man, it’s clear that Peter hasn’t given up on his fight to preserve a free and open Internet. Quite the contrary.

“Data is the oil of our century and the fight against piracy is our version of the invasion of Kuwait. Put this into context and the fight for a free and open network becomes something else. It becomes the fight for a free humanity and open society,” he says.

TF: Looking back at your time in prison, what was the hardest part?

Peter: The hardest part was actually not being there, but the fact that I could not take care of things outside. The people who depend on me, especially my father, didn’t have me there when they needed me. People I work with had (and still have) to work much harder since I’m not around to take care of things.

The other things, the fact that the “food” was uneatable and unhealthy, the fact that there was nothing to put your mind into besides books and letters which essentially makes one lose one’s intellectual skills. The fact that you’re never really treated as a human being but rather a bastard that deserves shit, are all awful things but not comparable to the feeling of being un-free in a situation of crisis.

TF: Was there anything positive?

Peter: The positive things? I realize that criminals in general are not the people one should be afraid of. Criminals are mostly products of a state that didn’t care enough for its citizens. The people they commit crimes against are victims of victims. The most dangerous criminals I met inside were those who committed the crime of breaking human rights on a daily basis. They are the ones making sure that criminals keep being criminals. But positive? The most positive thing was leaving.

TF: You mention the term “kidnapping” in relation to the prison sentence. Can you elaborate on that?

Peter: Well yes. Kidnapping: “In criminal law, kidnapping is the unlawful taking away or transportation of a person against that person’s will, usually to hold the person unlawfully.” – there’s no legal merit in taking me, because I’ve never committed a crime. The state has abused their powers. The whole case is similar to me saying that someone owns me money, making a false receipt and then taking the money from that persons wallet. Noone would consider that right or legal. Hence, the state kidnapped me.

TF: Can you tell us a little bit about the projects you’re working on, or have planned for the future?

Peter: I’m working on lots of things, as usual. I’ve wasted a lot of time during my kidnapping, and I still need some time to catch up with myself. Not (only) because of the kidnapping, mostly for family reasons. There are big things coming, besides the public things such as heml.is (which btw, is awfully close to release and the team is awfully awesome) and a new version of Flattr which will turn a lot of heads. The bigger things are not announced nor public, and mostly still in the planning stages. But it will be bigger than the other projects.

TF: Have you come to any new insights over the past months, or new project ideas?

Peter: Lots of ideas! My issue has always been that I have a lot of ideas that I want done, but usually not the funds, time or team (because of the funds mostly) to make them happen. I’ve decided to work less hands-on with tech and rather focus on the idea development.

I’ve always tried to merge my views on politics with tech, but I also need to merge those things with reaching out to the mainstream public. That’s my next thing. Not going more mainstream, but reaching out to it more. Also, I’ve decided to spend more time on hobbies (such as my work in comedy and architectural design) since I think it’s better to get a break from doing the same thing 24 hours a day.

TF: What are the main threats the Internet faces today? How should these be addressed? Do you plan to get involved yourself?

Peter: I’ve been involved for as long as I can remember now, and I’m never stopping. The main threats are the same as always – the quest for control and power. Everyday more people connect to the network, and every day we move power away from users to big corporations that have lobbyists employed to make sure they’re allowed to centralize. All these corporations, that claim to love the free and open web, that say that the free market ensures it will be a-ok, really lock down the internet and buy their competitors so that they own the markets.

If we don’t stop it now it will end up in an armed revolution in a few years. The internet has gone from being a playground for new technology and entertainment to becoming the bearer of almost all communication, information and expressions; while still being treated as a playground in a sense. The market owners play with our personal information for a profit, states play around with our secrets and integrity (and for that matter, other states secrets and integrity).

All while we, the people, use the systems that enslave us to try to kill the beast. We click “like” on Facebook when we see a group trying to stop Facebook from violating our human rights. We need to wake up out of that stupidity and demand our rights back.

The past decades we all saw the internet being free. We can’t imagine a non-free network today. But it will become locked up, closed down, segregated, if we’re still this naive further down the line.

It’s never been about just the free downloads for me. They just happened to be the first step, the first fight. Data is the oil of our century and the fight against piracy is our version of the invasion of Kuwait. Put this into context and the fight for a free and open network becomes something else. It becomes the fight for a free humanity and open society.

Based on the above it’s clear that the Internet hasn’t heard the last of Peter just yet, whether it’s Heml.is, Flattr or any of the new projects. We wish Peter all the best in accomplishing his goals and want to thank him profoundly for sharing his thoughts with us, which wasn’t easy.

Finalizing our question round we asked Peter where he wants to be in 10 years.

“Still in love,” he replied.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

The Hacker Factor Blog: Happy Holidays from Facebook

This post was syndicated from: The Hacker Factor Blog and was written by: The Hacker Factor Blog. Original post: at The Hacker Factor Blog

If you do anything in the computer security or forensics world, then you probably view Facebook as a hive of scum and villainy. As a major social network, it attracts all sorts of criminal elements. Pedophiles use Facebook. Terrorists use Facebook. Drug dealers use Facebook. It’s like the only people not using Facebook are teens.

Social networks are split into two camps. On one side are the open forums. Everything is accessible and anyone can see content without needing special access. Twitter, Reddit, and most news sites fall into this category. While some content can be made private, most is public.

On the other side are the walled gardens. These are social networks where people on the outside can barely see anything inside. Facebook and Apple are the two big examples. As someone who isn’t on Facebook, I’ve never actually seen FarmVille. And I cannot see most user profiles or “wall” pages without logging in and connecting to users. It’s that “connecting” part that is a problem for law enforcement. The last thing you want to do is tip off a suspect by friending them, just to gain access to their shared information.

One Little Change

Earlier this week, Facebook made a subtle but important change to their service. Specifically, they changed their picture filenames. This, in turn, directly impacts online forensics. Since I’ve been tracking changes at Facebook for years, I’ve managed to put together a pretty good timeline.

Before July 2012, Facebook filenames used a five-number pattern: aa_bb_cc_dd_ee_n.jpg. (For example, 1234_5678_91011_12345_1234_b.jpg.) aa is the photo id, bb is the album id, cc is the profile id of the user who uploaded the picture. The dd and ee fields are random and designed to mitigate guessing a picture’s id. (The dd field may have some other purpose, but I never figured it out.) The final character, n, indicates the size for auto-scaling. Changing the final character to ‘o’ returns the original-size picture, ‘b’ is big, ‘q’ is 180px wide, etc.

Given a Facebook filename in this format, an analyst can quickly identify the URLs to the picture, album, and user’s profile.

In February 2012, Facebook started testing a new filenaming system. This system was fully deployed in July 2012. This new filename format uses a three-number pattern: aa_bb_ee_n.jpg. (E.g., 1234_567891011121_23456_b.jpg.) aa and bb are still the photo and album ids. The ee field is random and designed to prevent someone from guessing a picture’s id. The final character, n, still indicates the size for auto-scaling.

Given a Facebook filename in this three-number format, an analyst can still quickly identify the URL to the picture and wall page. If the picture’s wall page is public, then it displays the user’s account name, the image, and all comments related to the picture.

In October 2012, Facebook began to test an Akamai EdgeControl cache with cryptographic signatures. Akamai provides a last-mile content delivery system for distributing the network load. The cryptographic checksum prevents tampering to the URL. This means that real-time processing instructions in the URL, such as ‘/c92.0.403.403/’ for cropping or the size determination (e.g., ‘n’ or ‘o’), cannot be altered by the analyst. Any changes will return a ‘Content not found’ message.

The caching and anti-tamper system was deployed on 27-Dec-2012. However, the filenames still mapped to non-Akamai URLs for directly accessing the content at Facebook. In addition, relatively few pictures were served through the Akamai caching service.

All of this changed on 24-Nov-2014. (I may be off by a few days for the actual deployment). That’s when Facebook changed filenames again and began to distribute pictures almost exclusively through Akamai and with anti-tamper URLs. Technically, the filename still looks like the three-number format: aa_bb_ee_n.jpg. However, they changed the aa photo ID number in the filename. As a result, all filenames that predate 2014-11-24 can no longer be used to find the direct URL at Facebook. Pictures uploaded after 2014-11-24 may, in rare cases, be mapped to direct URLs at Facebook. But most of the time, they are only available from Akamai. Given only the Facebook filename, you can no longer find the URL to the picture hosted at Facebook. You can still find the wall page with the picture (if it is public), but not the direct URL to the picture itself.

For example, 1000526_539054152803549_1177659804_n.jpg is the filename of a picture that was uploaded to FotoForensics over a year ago. The direct URL to the picture was ‘https://scontent-a-fna.xx.fbcdn.net/hphotos-xfa1/1000526_539054152803549_1177659804_o.jpg’. Prior to 24-Nov-2014, this would return the image, but today it returns ‘Content not found’.

However, from this filename I can identify the wall page’s URL: https://www.facebook.com/photo.php?fbid=539054152803549. (It’s gross, so I’m not hyperlinking to it.) According to the wall page, the picture’s new filename is 1014640_539054152803549_1177659804_o.jpg — the first number changed from 1000526 to 1014640.

‘Good news’ is relative

The impact to forensics and investigators is significant. If you have a filename that matches the three-number format, then you can trace the filename to Facebook. But if the file was acquired before 2014-11-24, then you cannot find the direct URL at Facebook in order to confirm that the file came from there. (By seeing the picture at Facebook, I suspect that law enforcement would have an easier time getting a warrant. Without the confirmation, it should be a little harder.) By the same means, some media outlets try to validate sources. They used to be able to confirm that a picture came from Facebook by tracing the filename to a URL. But today, they cannot positively confirm it unless the wall page is public.

In addition, anyone who was hotlinking to a picture at Facebook should have noticed that the link is now broken. In effect, Facebook just raised the walls a little higher around their private garden.

If someone sees a filename from Facebook, then it can no longer be traced back to the user. And if the URL contains an anti-tampering field (my example Facebook filename above did not have this field), then nobody can uncrop the image without more knowledge about where the picture is stored at Facebook. This stops people from snooping, law enforcement from tracking images without a warrant, and external web sites from hotlinking.

And the bad news?

Privacy advocates may be very pleased with this change. However, I think all of the privacy benefits are a side-effect from something much more detrimental. Since I have no insider knowledge about Facebook, I can only speculate about the cause behind this naming change. And I suspect that the cause is very anti-privacy.

Facebook rolled out this new change around 2014-11-24. That is just a few days after Facebook announced a major change to their new privacy policy. Most media outlets pointed out that the new policy is 70% shorter and much easier to read. But a few outlets, like PCworld pointed out that it specifies that Facebook wants to collect even more information about you.

For example, the new privacy policy says “We receive information about you and your activities on and off Facebook from third-party partners, such as information from a partner when we jointly offer services or from an advertiser about your experiences or interactions with them.” And this is where it comes back to pictures…

As I mentioned, Facebook had been testing Akamai’s EdgeControl cache service for months, but did not deploy it until they released their new privacy policy. Akamai is a huge company — they serve as much as 30% of all web traffic, and they collect metrics about users. To quote from the Wall Street journal, “Because it stores copies of websites, Akamai has the potential to access 15% to 30% of total Web traffic. Two years ago, it began offering to track Web users’ browsing activity for advertising purposes.” WSJ wrote that back in 2010, so Akamai has been tracking users for over six years.

Now we have Facebook, a giant company that can only collect information at Facebook, teaming up with Akamai, a giant company that can cross-collect information from a third of the Internet. It used to be that Facebook could only track you at third-party sites if their site had a link to Facebook. I previously showed how Facebook uses links at Home Depot to track users who visit this home improvement online store. But now, sites do not even need to have a link to Facebook.

Let’s trace how this entire thing works now. You visit a web site that is not a Facebook affiliate and has no link to Facebook. But, they do have a small ad that is hosted at Akamai. As your browser downloads the picture for the ad from Akamai, your browser (via the HTTP referer [sic] field) provides information about what site you are visiting. Akamai can even drop a cookie into your browser, just in case you change network addresses. (While not essential, the cookie simplifies following mobile devices.) Later, you go to some site that has a “Like us on Facebook” link with code hosted at Facebook and an image from Akamai. Now Akamai can put it all together and provide it to Facebook. They know the sites you visit, when you visited them, and what your interests are outside of Facebook. They can tie this together with Facebook information, so they further know your likes, friends, interests, etc.

Moreover, the list of Akamai customers is huge! Best Buy, NPR, MySpace, McAfee… Facebook can now see into the walled gardens at Apple and Microsoft, since both of them are Akamai clients. The Department of Defense is listed as an Akamai customer… I wonder if Facebook can identify DoD employees? The same goes for the Australian Government National Security (another Akamai client).

Did you see that link to PCworld that I have in the middle of this blog entry? (Where I point out that Facebook wants to collect information.) If you clicked it then you triggered an Akamai tracker. The tracker is in some JavaScript on the PCworld web page. The same goes for the links to Bloomberg and ABCnews that I have in the first paragraph.

Tis the season

But let’s go back to pictures. Why would Facebook change their filenames? The only reason that makes sense to me is that they intentionally want to break links for anyone hotlinking to their site. They are effectively drawing a line in the sand and saying “this is the baseline” for all new data collected.

Finally, I couldn’t help but notice that they rolled all of this out days before Thanksgiving and the start of the holiday shopping season. This year, an estimated 37% of shoppers are expected to shop online, and nearly all of them will trigger at least one Akamai or Facebook tracker.

Ho ho ho…

Блогът на Юруков: Поправка за данните за замърсяването

This post was syndicated from: Блогът на Юруков and was written by: Боян Юруков. Original post: at Блогът на Юруков

Преди два дни пуснах статия за замърсяването от ТЕЦ Марица Изток 2. Тази сутрин беше публикувана и в Дневник. Статията се базираше на данните за замърсяването на Изпълнителната агенция по околна среда, които отворих преди година.

В коментарите тук и във Facebook ми отбелязаха, че някои цифри на интерактивното табло изглеждат странно. Пример беше въглеродния дуокис отделен от големите ТЕЦ-ове, който изглеждаше непропорционален на мощностите. Затова погледнах отново данните и открих два проблема. Първият беше в кода ми – макар цифрите да се зареждаха правилно, на едно място използвам integer вместо long в PHP и някои количества се отрязваха до около 2.5 млн. тона на година. Другият проблем обаче се оказа, че Изпълнителната агенция е променила данните в регистъра в последните няколко месеца. Изтеглих всичко наново и се оказа, че поне 300 показателя са обновени. Преди липсваха данни за някои години на отделни инсталации. Мога само да предположа, че са поправили грешки в базата си данни.

Обновените данни може да разгледате на интерактивната визуализация. Те показват, че всички индустриални инсталации в България са изхвърлили 242 млн. тона CO2 в атмосферата за 7 години. Почти една трета от тях се дължат на ТЕЦ Марица Изток 2 – 73.2 млн.т. Затова ще коригирам третото изречение на петия параграф от предишната ми статия за замърсяването с бележка за корекцията.

тец марица изток 2 поправка замърсяване  technologyandinternet Промяна на емисиите на серни оксиди в ТЕЦ МИ2

Поправката в данните обаче не засяга серните оксиди, които се явяват основен компонент при изчисляването на щетата от замърсяването. Силната тенденция надолу при ТЕЦ МИ2 се потвърждава и е аналогична с промяната при частните ТЕЦ-ове. Затова няма промяна при извода ми, че собствеността на централата няма отражение върху намаляването на замърсяването. Единствено ТЕЦ Бобов дол отбелязва слабо намаление, което трябва да говори за недостатъчни усилия в тази насока. Всички останали изглежда са отговорили на изискванията.

Всичко това потвърждава отново, че проблемът е в технологията на ТЕЦ-овете, а не в това кой стои в борда на директорите. Щом софтуерът има проблем да осмисли числото 252203020867.82 като количество замърсители, то може би и ние трябва да се замислим сериозно.

TorrentFreak: BT Starts Blocking Private Torrent Sites

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

bt-blockedFollowing a series of High Court orders, six UK ISPs are currently required to block subscriber access to dozens of the world’s largest torrent sites.

The latest order was issued last month after a complaint from the major record labels. It expands the UK blocklist by 21 torrent sites, including limetorrents.com, nowtorrents.com, picktorrent.com, seedpeer.me and torlock.com.

This weekend both BT and Sky implemented the new changes, making it harder for their subscribers to reach these sites. Interestingly, however, BT appears to have gone above and beyond the court order, limiting access to various other sites as well.

Over the past several days TorrentFreak has received reports from several users of private torrent sites who get an “error blocked” message instead of their favorite sites. These include the popular IPTorrents.com and TorrentDay.com trackers, as well as scene release site Scnsrc.me.

IPTorrents and Torrentday are significant targets. Although both sites require prospective users to obtain an invite from a current member (or from the site itself in exchange for cash), they have over a hundred thousand active users.

The error displayed when BT subscribers try to access the above URLs is similar to that returned when users to try access sites covered by High Court injunctions.

However, there is no known court decision that requires BT to block these URLs. In fact, no UK ISP has ever blocked a private torrent site before.

TF contacted BT’s press contact and customer service team but we have yet to receive a response to our findings. Meanwhile, several of the affected users are discussing on Facebook and Twitter how they can bypass the blockades.

bt-blocked

It appears that for now IPTorrents is still accessible via https and via the site’s alternative .me and .ru domains. In addition, VPNs and proxy servers are often cited among suggested workaround techniques.

Whether the private torrent sites will remain blocked and on what grounds remains a mystery for now. We will update this article if BT sends us a response. BT users who spot more unusual blocks are encouraged to get in touch.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

Backblaze Blog | The Life of a Cloud Backup Company: Thank You!

This post was syndicated from: Backblaze Blog | The Life of a Cloud Backup Company and was written by: Yev. Original post: at Backblaze Blog | The Life of a Cloud Backup Company

blog-thanksgiving-clouds

It’s Thanksgiving week here in the United States, so we wanted to follow the grand tradition of showing thanks. At Backblaze, we’re incredibly thankful for all of our loyal customers. Without them we wouldn’t be here, and we’re pleased as punch that some of them feel the same way about us. That’s why we wanted to take a bit of time, and use our fancy new blogging platform to share some of our favorite tweets from this past year:

So whether you found us because you were already searching for an online backup product, or you read one of our blogs and decided to give us a shot…thank you! It means a lot to us, and we’ll continue working to make Backblaze the best online backup program around. Plus we’re looking forward to seeing your happy tweets someday!

Author information

Yev

Yev

Social Marketing Manager at Backblaze

Yev enjoys speed-walking on the beach. Speed-dating. Speed-writing blog posts. The film Speed. Speedy technology. Speedy Gonzales. And Speedos. But mostly technology.

Follow Yev on:

Twitter: @YevP | LinkedIn: Yev Pusin | Google+: Yev Pusin

The post Thank You! appeared first on Backblaze Blog | The Life of a Cloud Backup Company.

Backblaze Blog | The Life of a Cloud Backup Company: Backblaze + Time Machine = ♥

This post was syndicated from: Backblaze Blog | The Life of a Cloud Backup Company and was written by: Yev. Original post: at Backblaze Blog | The Life of a Cloud Backup Company

blog-time-machine

“Why do I need online backup if I have Time Machine Already?” We get that question a lot. Here, we recommend you use both. Backblaze strongly believes in a 3-2-1 backup policy. What’s 3-2-1? Three copies of your data, on two different media, and one copy off-site. If you have that baseline, you’re in good shape. The on-site portions of your backup strategy are typically, the original piece of data, and an external hard drive of some sort. Most of our Mac customers use Time Machine, so that’s the one we’ll focus on here.

Raising Awareness
Apple did a great job with Time Machine, and with building awareness for backups. When you plugged in your first external hard drive, your Mac would ask if you wanted to use that drive as a Time Machine backup drive, which was instrumental in teaching users about the importance and potential ease of backups. It also dramatically simplified data backup, making it automatic and continuous. Apple knew that having people manually drag and drop files into folders and drives so they were backed up was not a reliable backup strategy. By making it automatic, many people used Time Machine for their local backup, but this still left a hole in their backup strategy, they had nothing off-site.

Why Bother
Having an off-site backup comes in handy when your computer and local backup (Time Machine in this case) are both lost. That can occur because of fire, theft, flood, forgetfulness, or a wide variety of other unfortunate reasons. Stories of people neglecting to replace their failed Time Machine drive then having their computer crash are well known. An off-site backup that is current, such as an automatic online backup can also be used to augment the local Time Machine backup, especially when traveling. For example, your hard drive in your laptop crashes while you’re on vacation. Time Machine can be used to recover up to the point where you left for your trip and your online backup can be used to fill in the rest.

Some Limitations
One thing about using Time Machine, is that as a hard drive, it doesn’t scale with the amounts of data that you have. When you purchase a 500GB drive, that’s all the space you have for your backup. For example, if you have your Mac Pro or MacBook and have a Time Machine hard drive connected to it, it will back up the data that’s on the computer. If you add an additional hard drive in to the mix as a storage drive, the Time Machine drive may not be large enough to handle both data sets, from the Mac and from the additional storage. So the more data you accumulate, the larger the Time Machine drive you have to use.

Additionally, if you store data on your Time Machine drive itself, those files are not actually going to be included in the Time Machine backup, so be wary! Apple and Backblaze strongly recommend using a separate, dedicated drive for your Time Machine backup, and not keeping any original data on that drive. That way, if the drive fails, you only lose one copy, and avoid potentially losing both copies. Backblaze works similarly, because you have an off-site backup with Backblaze, it’s another layer of protection from data loss.

Diversification
So use both! And if you’re on a PC, use an external hard drive as your second media type (most come with their own local-backup software). There’s no such thing as too many backups. Backing up is like a retirement or stock portfolio, the more diversification you have, the less vulnerability you have!

Author information

Yev

Yev

Social Marketing Manager at Backblaze

Yev enjoys speed-walking on the beach. Speed-dating. Speed-writing blog posts. The film Speed. Speedy technology. Speedy Gonzales. And Speedos. But mostly technology.

Follow Yev on:

Twitter: @YevP | LinkedIn: Yev Pusin | Google+: Yev Pusin

The post Backblaze + Time Machine = ♥ appeared first on Backblaze Blog | The Life of a Cloud Backup Company.

Backblaze Blog | The Life of a Cloud Backup Company: There’s No I in Bryan

This post was syndicated from: Backblaze Blog | The Life of a Cloud Backup Company and was written by: Yev. Original post: at Backblaze Blog | The Life of a Cloud Backup Company

blog-bryan
Straight out of Portland, Bryan joins our Datacenter staff to help backup your world! Having had a wide variety of jobs before joining the Backblaze team, including farming and store clerking, Bryan is excited to join the tech industry, and can’t wait to help ensure your data is safe. Let’s learn some more about our fourth, and latest “Brian”!

What is your Backblaze Title?
Datacenter Technician

Where are you originally from?
Before Sacramento, I lived in Portland, Oregon. Before that, I called upstate New York “home”.

Why did you move to Sacramento?
I moved to California to help backup your world!

What attracted you to Backblaze?
I’ve lost data before and it’s horrible. I like knowing that my stuff is backed up securely, and I’d like to help other people know their stuff is backed up too. Backblaze is the place to do this.

From the outside, Backblaze struck me as inventive and ambitious, and the data center work looked like it would switch from thinking/planning to moving/doing and back again throughout the day at a good clip. I’ve been here for a week, and it really does function that way. I love it.

Where else have you worked?
Farms, video rental stores, gas stations, radio waves, computer stores, and offices. You know, the usual.

Tell us how you currently backup your photos, music, data, etc. on your home computer?
Local backups: Time Machine
Bootable backups: Shirt-Pocket’s Super Duper! and Bombich’s Carbon Copy Cloner
Offsite backups: Backblaze

If you won the lottery tomorrow, what would you do?
I would buy you lunch!

How did you get into computers?
In sixth grade when I was 12, my grandparents bought a Packard Bell so they could make spreadsheets tracking their stats in fantasy NASCAR. Every day after school I pedaled my bicycle to their house along ATV trails through the forest, so that I could use the computer. Eventually I was given someone’s used computer. I still visited my grandparents though.

Welcome Bryan! We’re jazzed to have you on board, and will definitely look forward to that lunch after you hit it big withe lotto!

Author information

Yev

Yev

Social Marketing Manager at Backblaze

Yev enjoys speed-walking on the beach. Speed-dating. Speed-writing blog posts. The film Speed. Speedy technology. Speedy Gonzales. And Speedos. But mostly technology.

Follow Yev on:

Twitter: @YevP | LinkedIn: Yev Pusin | Google+: Yev Pusin

The post There’s No I in Bryan appeared first on Backblaze Blog | The Life of a Cloud Backup Company.

Raspberry Pi: MagPi issue 28

This post was syndicated from: Raspberry Pi and was written by: Liz Upton. Original post: at Raspberry Pi

I’m in a bit of a rush today; we’re all at the factory in Wales where the Raspberry Pi is built to show the team that works in Cambridge how to make a Pi. So I’ll hand over to Team MagPi, who have just released their 28th edition of the free monthly Raspberry Pi magazine, written by Raspberry Pi fans for Raspberry Pi fans.

Screen Shot 2014-11-18 at 14.17.27

Editor Ash Stone says:

This month’s Issue is packed with hardware and programming articles.  We are pleased to present the first article in an OpenCV (open source computer vision) image recognition software series by Derek Campbell.  The robot that Derek used to test the software configuration is shown on this month’s cover.

Expanding the I/O possibilities of the Raspberry Pi is often a first step of electronics projects.  This time, Dougie Lawson presents a review of the Arduberry board from Dexter Industries.  This little board provides an ideal microcontroller interface for more complicated electronics projects.  This month’s hardware articles are rounded off by Karl-Ludwig’s third BitScope article, which includes examples of preamplifier circuits and associated test and measurement.

The Raspberry Pi provides the opportunity to run many different software applications.  Voice over IP (VoIP) allows telephone calls to be carried over an internet connection.  Walbarto Abad continues his mini-series by describing how to setup an Asterisk VoIP server.

The second application article this month continues the discussion of git (distributed version control system).  Git was originally produced for Linux kernel development, but is now a mainstay of many different development projects and has been adopted by several schools too.  Alec Clews leads us through his second tutorial on the subject.

This month’s programming article demonstrates how to build an arcade game using FUZE BASIC.  Jon Silvera includes instructions, code and images to build a horizontally scrolling game.

We are on the look out for more articles at all levels and on all subjects.  If you are interested in submitting an article, please get in touch with us by emailing articles@themagpi.com.

If you have any other comments, you can find us on Twitter (@TheMagP1) and Facebook (www.facebook.com/MagPiMagazine) too.

 

 

Backblaze Blog: How Backblaze Achieved 917% Growth

This post was syndicated from: Backblaze Blog and was written by: Gleb Budman. Original post: at Backblaze Blog

blog-fast500

With 917% revenue growth over the last 5 years, Backblaze has just secured itself the 128th spot on the list of the fastest growing technology companies in the United States. The journey has been exciting but could have come to an abrupt end at various times. Let me share a bit about how we grew and what we’ve learned.

Start
In 2007, Jeanine had a computer crash and begged Brian for help recovering her files. She had no backup. He could not help.

Five of us talked about this experience and realized that 100% of the photos, movies, and personal and work documents were going digital. But with fewer than 10% of people backing up their computers, eventually all of these digital items would vaporize. We quit our jobs and started Backblaze to solve the impending disaster.

Financing
While we had previously raised VC funding for startups, we decided to start Backblaze differently, committing to each other that we would work for 1 year without pay, and to put a bit of money into the business. This would effectively be the seed round.

After five years of steady growth, we decided to raise our first VC round.

Challenges
From the outside it seems like a simple, beautiful exponential growth curve up and to the right. From the inside, the challenges along the way don’t fit onto a single page. Probably not into a book either. Paul Graham has a fantastic chart of this experience he calls the “Startup Curve”.

I thought of many issues we might have: not getting the product/market fit right, not being able to build the product, not being able to attract customers, running out of cash. And some of these bumps, such as finding that many of the expected ways to find customers don’t work, we actually did run into.

But others, such as the distraction of almost being acquired or the massively impactful challenge of a flood in Thailand were harder to predict.

Successes
Despite the challenges, there were two things that kept the company succeeding: 1) focused, determined, hard work, and 2) luck.

The day of our initial beta launch on June 4th, 2007, we had glowing articles in TechCrunch and Ars Technica. People were signing up in droves and it was thrilling. But a week later the servers were bored – no one was showing up to the website. The initial external excitement vaporized and what happened next was all of us having to put our heads down and plow forward. Day after day we needed to do the small things required to build the business, that over time, add up to growth.

And then there was luck. We planned to store data on Amazon S3. Since we couldn’t afford it, we designed our own storage. Not only did that end up being a huge boon to us as it dramatically reduced our costs, but open-sourcing our Backblaze Storage Pod design hit a nerve and 1 million people read that blog post. It helped put us on the map.

Growth
Early on the data center asked us to commit to ¼ of one cabinet for one year. At the time that was a $12,000 commitment and we negotiated it down to 6 months to reduce our risk. Now we have over 100 petabytes of data stored in over 100 cabinets, adding 3 cabinets of equipment every month, and committed for several years. Sometimes growth sneaks up on you.

From 2009 through 2013 we’ve grown revenue 917%. That was good enough for 128th place in the 2014 Deloitte Technology Fast 500™ in the United States – just beating out Facebook in the 129th spot.

To qualify for the Fast 500 a business had to earn over $50K in revenue in 2009 and over $5M in revenue in 2013. We obviously exceeded those numbers. (While we don’t disclose revenue, Backblaze is in double-digit millions of dollars in revenue.)

Balance
In the same period as Backblaze has grown 917%, it is estimated that 55% of companies failed. Mortality rates are even higher in the information technology space where Backblaze resides, and over the years multiple online backup companies and services have folded.

There is a saying I’ll paraphrase: Businesses don’t fail because they are unprofitable; they fail because they run out of cash.

Bootstrapping a company, especially a capital-intensive one, meant we constantly had to watch cash-flow. Initially we were “afraid of customers” because a large influx of new customers meant having to buy another $10,000 storage pod, for customers who would pay us $5 per month. Eventually it would make sense, but for the first year we would be cash-flow negative. We came up with one simple way to solve this cash-flow challenge, but without raising capital, sometimes you have to make the tradeoff that things that make sense in the long run aren’t feasible because you won’t make it to the ‘long run’ if you run out of cash.

Takeaways
I’m honored that Backblaze has received this Fast 500 award and there has been a lot that we have learned. Here are 4 key takeaways:

  1. Build a sustainable business

    I don’t mean a ‘green’ business; I mean a business that can last. A business can’t be high-growth if it’s out of business. Aim toward a model where customers support the company, even if at times you decide to raise funding. If customers are the cash-engine, your business won’t be at the whim of the funding markets.

  2. Plan for the long term

    Some companies are a flash-in-the-pan – founded, launched, and acquired in a year. There’s a draw to this quick-buck approach. But most successful companies take years to build. Work on something you’ll be excited to do for many years. It’ll make the journey great, help overcome the bumps, and increase the chances of success.

  3. Work a day-at-a-time

    A great launch or customer-win feels fantastic. Celebrate the successes, but don’t fear the small steps. A business that makes $1 in revenue the first day and grows a mere 1% per day will only make $37 in revenue per day after an entire year…but it will make $76,240,508 in revenue per day after five years.

  4. Stay focused

    When we started Backblaze, we wrote an entire wall of products and features we wanted to build. After 7 years, we’re still working on the first one. Solving the right problem takes focus and time, and doing that is generally much better than partially solving many different problems.

Today is one of those exciting ‘success’ days when we celebrate an achievement. But this growth is looking in the rearview mirror. And tomorrow it’s time to get our heads back down and charge on.

 

Author information

Gleb Budman

Co-founder and CEO of Backblaze. Founded three prior companies. He has been a speaker at GigaOm Structure, Ignite: Lean Startup, FailCon, CloudCon; profiled by Inc. and Forbes; a mentor for Teens in Tech; and holds 5 patents on security.

Follow Gleb on: Twitter / LinkedIn / Google+

The post How Backblaze Achieved 917% Growth appeared first on Backblaze Blog.

TorrentFreak: Hey UK: Jailing File-Sharers for Years is Shameful

This post was syndicated from: TorrentFreak and was written by: Andy. Original post: at TorrentFreak

jailMonday this week, Kane Robinson and Richard Graham, an admin and uploader of now-defunct file-sharing forum Dancing Jesus, had their lives turned upside down when they were handed jail sentences of 32 and 21 months respectively.

The pair had got involved in Dancing Jesus years ago, when they were teenagers. The site dealt in leaked music, no one disputes that, but if you knew of Dancing Jesus before the site got raided you were in the minority. It was a niche site, to say the least.

Still, the UK record labels claimed the duo had cost them around £240m ($378m) in losses. It appears the court believed them and as a result the pair are locked away at this very moment for a very long time indeed.

Sadly that estimate can only be a dramatic exaggeration. If we are to believe claims from the other side of the Atlantic, the behemoth that was Megaupload – the subject of the world’s largest copyright case – ‘only’ managed to cost the entertainment industry an alleged $500m, and that’s the estimate of a notoriously aggressive US Government.

Also, Megaupload hosted 12 billion unique files and had 100 million users. Dancing Jesus had 12,000 registered users and carried 22,500 allegedly infringing links. Robinson and Kane made no money from their activities, that much was accepted in court. Megaupload made an alleged $175m.

The sums don’t add up, anyone can see that, but at this point, today, none of that means much to the pair staring at four gray walls with devastated families at home and ruined lives behind them.

Ok, they knew what they were doing and many will argue that there needs to be some kind of punishment for distributing content to the public without permission, but this week’s sentences go way too far by most sensible standards.

Before his incarceration, Graham told TF that he’d been taking school exams when the music industry first homed in on him, and since being arrested he’d gone on to university and obtained a degree.

And leading up to Dancing Jesus, Kane Robinson was headhunted to run the official Arctic Monkeys website by the band’s manager.

“Kane’s fansite (which ironically shared their tracks for free and gained the band a lot of exposure) was receiving a lot more traffic than theirs. He ran that for several months,” Kane brother Kyle informs TF.

After the closure of Dancing Jesus, both men had put file-sharing behind them and were working in legitimate jobs. Dangerous? No. Violent? No. Dancing Jesus years behind them? No doubt. Compassion then? Not a chance.

To underline the harshness of this week’s sentences we could compare them with cases recently before the UK courts.

Consider the pilot who admitted to flying a plane whilst three times over the drink limit yet faces a maximum two years in jail? Or what about the sex offender caught file-sharing Category A-rated child abuse images on file-sharing networks? He got a 15 month suspended sentence just days after Robinson and Graham were given 32 and 21 months each.

Instead, however, let’s take a look at a file-sharing case that concluded last week in Finland. It involved a 40-year-old man also accused of making copyrighted content available to the public – 964 video files, 49,951 music tracks and 573 other sundry files to be precise.

Last week the court found the man guilty of copyright infringement, fined him 1,000 euros with 2,000 euros in legal costs. He was also ordered to pay damages to local music rights group Teosto to the tune of 1,500 euros plus 3,000 euros to IFPI. Jail wasn’t on the agenda.

Whether this is a fair punishment for the offenses in hand is for others to decide. However, it seems unlikely that those with the ability to look beyond this week’s “£240 million losses” headlines will feel that it’s proportionate for two non-violent men to spend the next few Christmas Days behind bars.

That said, in today’s legal climate it’s unrealistic to expect UK-based file-sharing site operators to simply walk away from a court without some kind of punishment, even if they did only operate a linking forum. But even then, several years in jail makes little to no sense for non-commercial operators, especially when supposed financial losses are either plucked from thin air or a product of highly speculative accounting.

The lesson here is simple. The ground rules, at least in the UK, have changed. The last three big cases in the UK (SurftheChannel, Fast and Furious ‘cammer’, Dancing Jesus) were all private prosecutions by the entertainment industries and have all ended in prison time for the defendants. There is no reason to think things are about to change.

In the meantime, people like Kane’s family are left trying to rally support on Facebook in an attempt to scrape together £5,000 in a GoFundMe fundraiser to finance an appeal aimed at achieving a more realistic sentence.

In conclusion it now appears that anyone other than low-level UK file-sharers need to consider whether their “fun” hobby is really worth losing years of their freedom over. And of course, shameful as it might be, that’s the message the industry wanted to send all along.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

Krebs on Security: ‘Microsoft Partner’ Claims Fuel Support Scams

This post was syndicated from: Krebs on Security and was written by: BrianKrebs. Original post: at Krebs on Security

You can’t make this stuff up: A tech support company based in the United States that outsources its work to India says its brand is being unfairly maligned by — wait for it…..tech support scammers based in India. In an added twist, the U.S.-based tech support firm acknowledges that the trouble may be related to its admittedly false statements about being a Microsoft Certified Partner — the same false statements made by most telephone-based tech support scams.

Tech support scams are, unfortunately, an extremely common scourge. Most such scams are the telephonic equivalent of rogue antivirus attacks, which try to frighten consumers into purchasing worthless security software and services. Both types of scams try to make the consumer believe that the caller is somehow associated with Microsoft or with a security company, and each caller tries to cajole or scare the consumer into giving up control over his or her PC.

Earlier this month, a reader shared a link to a lengthy Youtube video by freelance journalist Carey Holzman, in which Holzman turns the tables on the tech support scammers. During the video, Holzman plays along and gives the scammer remote control access to a test computer he’s set up specifically for this video.  The scammer, who speaks with a strong Indian accent but calls himself “Steve Wilson” from the “Microsoft technical department,” tries to convince Holzman that he works for a company that is a legitimate Microsoft support partner.

“Let me show you who we are,” the scammer says, opening up Google.com and typing SB3 Inc. Clicking on the first result brings up sb3inc[dot]com, which proudly displays an icon in the upper right corner of its home page stating that it is a Microsoft Certified Partner. “This is our mother company. Can you see that we are a Microsoft certified partner?”

When Holzman replies that this means nothing and that anyone can just put a logo on their site saying they’re associated with Microsoft, the scammer runs a search on Microsoft.com for SB3. The scammer shows true chutzpah when he points to the first result, which — if clicked — leads to a page on Microsoft’s community site where members try to warn the poster away from SB3 as a scam.

When Holzman tries to get the scammer to let him load the actual search result link about SB3 on Microsoft.com, the caller closes the browser window and proceeds to enable the SysKey utility on Windows, which allows the scammer to set a secret master password that must be entered before the computer will boot into Windows (effectively an attempt at locking Holzman out of his test computer if he tries to reboot).

The video goes on for some time more, but I decided to look more closely at SB3. The Web site registration records for the company state that it is based in New Jersey, and it took less than a minute to find the Facebook page of the company’s owner — a Suvajit “Steve” Basu in Ridgewood, NJ. Basu’s Facebook feed has him traveling the world, visiting the World Cup in Brazil in 2014, the Ryder Cup in 2012, and more recently taking delivery on a brand new Porsche.

Less than 24 hours after reaching out to him on Facebook and by phone, Basu returns my call and says he’s working to get to the bottom of this. Before I let him go, I tell Basu that I can’t find on Microsoft’s Partner Site any evidence to support SB3’s claim that it is a Microsoft Certified Partner. Basu explains that while the company at one time was in fact a partner, this stopped being the case “a few months ago.” For its part, Microsoft would only confirm that SB3 is not currently a Microsoft partner of any kind.

SB3's homepage, before it removed the false "Microsoft Partner" claim.

SB3’s homepage, before it removed the false “Microsoft Partner” claim.

Basu explained that Microsoft revoked SB3’s partner status after receiving complaints that customers were being cold-called by SB3 technicians claiming to be associated with Microsoft. “Microsoft had gotten complaints and we took out all references to Microsoft as part of our script,” that the company gives to tech support callers, Basu said.

As for why SB3 still falsely claimed to be a Microsoft Partner, Basu said his instructions to take the logo down from the site had apparently been ignored by his site’s administrators.

“That was a mistake for which we do take the blame and responsibility,” Basu said in a follow-up email. “We have corrected this immediately on hearing from you and you will no longer find a mention of Microsoft on our SB3Inc Website.”

Basu said SB3 is a legitimate company based in the USA which uses off-shore manpower and expertise to sell tech support services through its iFixo arm, and that the company never participates in the sort of scammy activities depicted in Holzman’s video. Basu maintains that scammers are impersonating the company and taking advantage of its good name, and points to a section of the video where the scammer loads a payment page at support2urpc[dot]com, suggesting that Support to Your PC is the real culprit (the latter company did not return messages seeking comment).

“After viewing your video it is obvious to us that one or more persons out there are misusing our brand and good-will,” Basu wrote.”We feel horrible and feel that along with the unknowing consumers we are also victims. This is corporate identity theft.”

SB3 may well be a legitimate company that is being scammed by the scammers, but if that’s true the company has done itsself and its reputation no favors by falsely stating it is a Microsoft partner. What’s more, complaints about tech support scammers claiming to be from SB3 are numerous and date back more than a year. I find it remarkable that a tech support company with the uncommon distinction of having secured a good name in this line of work would not act more zealously to guard that reputation. Alas, a simple Internet search on the SB3 brand would have alerted the company to these shenanigans.

SB3 has since removed the Microsoft Certified Partner logo from its home page, but the image is still on its server. Running a search on that image at Tineye.com — an extremely useful image search Web site — produces more than 11,700 results. No doubt Microsoft and other scam hunters have used this investigative tool to locate tech support scams, which may explain why support2urpc[dot]com does not appear to include the same image on its site but instead claims association with sites that do.

LWN.net: Linux Security Distros Compared: Tails vs. Kali vs. Qubes (Lifehacker)

This post was syndicated from: LWN.net and was written by: jake. Original post: at LWN.net

Three security-oriented Linux distributions are compared and contrasted over at Lifehacker. The three (Tails, Kali Linux, and Qubes OS) have distinct use cases that are surveyed in the article. “The crux of Tails is anonymity. While it has cryptographic tools in place, its main purpose is to anonymize everything you’re during online. This is great for most people, but it doesn’t give you the freedom to do stupid things. If you log into your Facebook account under your real name, it’s still going to be obvious who you are and remaining anonymous on an online community is a lot harder than it seems.

Backblaze Blog: Obama Backs Backblaze – Throttling is Bad

This post was syndicated from: Backblaze Blog and was written by: Brian Wilson. Original post: at Backblaze Blog

President Obama is now on the record stating that Internet providers have “a legal obligation not to block or limit your access to a website.” We agree and want to thank the President for following in our footsteps by telling the world that throttling is bad. Backblaze itself does not actively throttle our customers. The….

Author information

Brian Wilson

I completed my undergraduate at Oregon State University in 1990, then completed a Stanford Masters degree in 1991. Ever since then I’ve worked at various companies as a software engineer, in the last few years starting my own software startups called MailFrontier (started in 2002) and most recently Backblaze (started in 2007).

I have a personal web site at http://www.ski-epic.com that I started in 1999 (it was originally just for one vacation, but it kept growing) where I put up my vacation pictures and videos. Nothing professional, it’s all just for fun.

In my spare time I enjoy skiing, motorcycling, and boating. I have been lucky enough to travel to a few countries, and I enjoy scouting out new places for the first time.

Follow Brian on:

Twitter: @brianwski

YouTube: brianwski

LinkedIn: brianwski

Google+: brianwski

Reddit: brianwski

The post Obama Backs Backblaze – Throttling is Bad appeared first on Backblaze Blog.

Errata Security: This Vox NetNeutrality article is wrong

This post was syndicated from: Errata Security and was written by: Robert Graham. Original post: at Errata Security

There is no reasoned debate over NetNeutrality because the press is so biased. An example is this article by Timothy B. Lee at Vox “explaining” NetNeutrality. It doesn’t explain, it advocates.

1. Fast Lanes

Fast-lanes have been an integral part of the Internet since the beginning. Whenever somebody was unhappy with their speeds, they paid money to fix the problem. Most importantly, Facebook pays for fast-lanes, contrary to the example provided.

One prominent example of fast-lanes is “channels” in the local ISP network to avoid congestion. This allows them to provide VoIP and streaming video over their own private TCP/IP network that won’t be impacted by the congestion that everything else experiences. That’s why during prime-time (7pm to 10pm), your NetFlix streams are low-def (to reduce bandwidth), while your cable TV video-on-demand are hi-def.

Historically, these channels were all “MPEG-TS”, transport streams based on the MPEG video standard. Even your Internet packets would be contained inside the MPEG streams on channels.

Today, the situation is usually reversed. New fiber-optic services have TCP/IP network everywhere, putting MPEG streams on top of TCP/IP. They just separate the channels into their private TCP/IP network that doesn’t suffer congestion (for voice and video-on-demand), and the public Internet access that does. Their services don’t suffer congestion, other people’s services do.

The more important fast-lanes are known as “content delivery networks” or “CDNs”. These companies pay ISPs to co-locate servers on their network, putting servers in every major city. Companies like Facebook then pay the CDNs to host their data.

If you monitor your traffic, you’ll see that the vast majority goes to CDNs located in your city. When you access different, often competing companies like Facebook and Apple, your traffic may in fact go to the same IP address of the CDN server.

Smaller companies that cannot afford CDNs most host their content in just a couple locations. Since these locations are thousands of miles from most of their customers, access is slower than CDN hosted content like Facebook. Pay-for-play has, with preferred and faster access, has been an integral part of the Internet since the very beginning.

This demonstrates that the Vox example of Facebook is a complete lie. Their worst-case scenario already exists, and has existed since before the dot-com era even started, and has enabled competition and innovation rather than hindering it.

2. Innovation

Vox claims: “Advocates say the neutrality of the internet is a big reason there has been so much online innovation over the last two decades“.

No, it’s opponents who claim the lack of government regulation is the reason there has been so much online innovation in the last decades.

NetNeutality means sweeping government regulation that forces companies to ask permission first before innovating. NetNeutrality means spending money lobbying for government for special rules, surviving or failing based on the success of paying off politicians rather than surviving or failing based on the own merits.

Take GoGo Inflight broadband Internet service on airplanes. They block NetFlix in favor of their own video streaming service. This exactly the sort of thing that NetNeutrality regulations are supposed to block. However, it’s technically necessary. A single person streaming video form NetFlix would overload the connection for everyone else. To satisfy video customers, GoGo puts servers on the plane for its streaming service — allowing streaming without using the Internet connection to the ground.

If NetNeutrality became law, such things would be banned. But of course, since that would kill Internet service on airplanes, the FCC would immediately create rules to allow this. But then everyone would start lobbying the FCC for their own exceptions. In the end, you’d have the same thing with every other highly regulated industry, where companies with the most lobbying dollars win.

Innovation happens because companies innovate first and ask for permission (or forgiveness) later. A few years ago, Comcast throttled BitTorrent traffic during prime time. NetNeutrality proponents think this is bad, and use it as an example of why we need regulation. But no matter how bad it is, it’s a healthy sign of innovation. Not all innovations are good, sometimes companies will try things, realize they are bad, then stop doing them. Under NetNeutrality regulations, nothing bad will happen ever again, because government regulators won’t allow it. But that also means good innovations won’t happen either — companies won’t be able to freely try them out without regulators putting a stop to it.

Right now, you can start a company like Facebook without spending any money lobbying the government. In the NetNeutrality future, that will no longer be possible. A significant amount of investor money will go toward lobbying the government for favorable regulation, to ask permission.

3. What’s Taking So Long

Vox imagines that NetNeutality is such a good idea that the only thing stopping it is technicalities.

The opposite is true. The thing stopping NetNeutrality is that it’s a horrible idea that kills innovation. It’s not a technical idea, but a political one. It’s pure left-wing wing politics that demands the government run everything. The thing stopping it is right-wing politics that wants the free-market to run things.

The refusal of Vox to recognize that this is a left-wing vs. right-wing debate demonstrates their overwhelming political bias on this issue.

4. FCC Bypassing Congress

The Internet is new and different. If regulating it like a utility is a good idea, then it’s Congress who should pass a law to do this.

What Obama wants to do is bypass congress and seize control of the Internet himself.

5. Opponent’s arguments

Vox gets this partly right, but fundamentally wrong.

The fundamental argument by opponents is that nothing bad is happening now. None of the evil scenarios of what might happen are actually happening now.

Sure, sometimes companies do bad things, but the market immediately corrects. That’s the consequence of permission-free innovation: innovate first, and ask for permission (or forgiveness) later. That sometimes companies have to ask for forgiveness is a good sign.

Let’s wait until Comcast actually permanently blocks content, or charges NetFlix more than other CDNs, or any of the other hypothetical evils, then let’s start talking about the government taking control.

6. Red Tape

Strangling with red-tape isn’t a binary proposition.

What red-tape means is that network access becomes politicized, as only those with the right political connections get to act. What red-tape means is that only huge corporations can afford the cost. If you like a world dominated by big, connected corporations, then you want NetNeutrality regulations.

While it won’t strangle innovation, it’ll drastically slow it down.

7. YouTube

Vox claims that startups like YouTube would have difficulty getting off the ground with NetNeutrality regulation. The opposite is true: companies like YouTube would no longer be able to get off the ground without lobbying the government for permission.

8. Level Playing Field

Vox description of the NetFlix-Comcast situation is completely biased on wrong, taking NetFlix’s and leftist description at face value. It’s not true.

Descriptions of the NetFlix-Comcast issue completely ignore the technical details, but the technical details matter. For one thing, it doesn’t stream “across the Internet”. The long-distance links between cities cannot support that level of traffic. Instead, NetFlix puts servers in every major city to stream from. These servers are often co-located in the same building as Comcast’s major peering points.

In other words, what we are often talking about is how to get video streaming from NetFlix servers from one end of a building to another.

During prime time (7pm to 10pm), NetFlix’s bandwidth requirements are many times greater than all non-video traffic put together. That essentially means that companies like Comcast have to specially engineer their networks just to handle NetFlix. So far, NetFlix has been exploiting loopholes in “peering agreements” designed for non-video traffic in order to get a free ride.

Re-architecting the Internet to make NetFlix work requires a lot of money. Right now, those costs are born by all Comcast subscribers — even those who don’t watch NetFlix. The 90% of customers with low-bandwidth needs are subsidizing those 10% who watch NetFlix at prime time. We like to think of Comcast as having monopolistic power, but it doesn’t. The truth is that Comcast has very little power in pricing. It can’t meter traffic, charging those who abuse the network during prime time to account for their costs. Thus, instead of charging NetFlix abusers directly, it just passes its costs to NetFlix.

Converting the Internet into a public-utility wouldn’t change this. It simply means that instead of fighting in the market place, the Comcast-NetFlix battle would be decided by regulators. And, the result of the decision would be whichever company did the best job lobbying the FCC and paying off politicians — which would probably be Comcast.

Krebs on Security: Feds Arrest Alleged ‘Silk Road 2′ Admin, Seize Servers

This post was syndicated from: Krebs on Security and was written by: BrianKrebs. Original post: at Krebs on Security

Federal prosecutors in New York today announced the arrest and charging of a San Francisco man they say ran the online drug bazaar and black market known as Silk Road 2.0. In conjunction with the arrest, U.S. and European authorities have jointly seized control over the servers that hosted Silk Road 2.0 marketplace.

The home page of the Silk Road 2.0 market has been replaced with this message indicating the community's Web servers were seized by authorities.

The home page of the Silk Road 2.0 market has been replaced with this message indicating the community’s Web servers were seized by authorities.

On Wednesday, agents with the FBI and the Department of Homeland Security arrested 26-year-old Blake Benthall, a.k.a. “Defcon,” in San Francisco, charging him with drug trafficking, conspiracy to commit computer hacking, and money laundering, among other alleged crimes.

Benthall’s LinkedIn profile says he is a native of Houston, Texas and was a programmer and “construction worker” at Codespike, a company he apparently founded using another company, Benthall Group, Inc. Benthall’s LinkedIn and Facebook profiles both state that he was a software engineer at Space Exploration Technologies Corp. (SpaceX), although this could not be immediately confirmed. Benthall describes himself on Twitter as a “rocket scientist” and a “bitcoin dreamer.”

Blake Benthall's public profile page at LinkedIn.com

Blake Benthall’s public profile page at LinkedIn.com

Benthall’s arrest comes approximately a year after the launch of Silk Road 2.0, which came online less than a month after federal agents shut down the original Silk Road community and arrested its alleged proprietor — Ross William Ulbricht, a/k/a “Dread Pirate Roberts.” Ulbricht is currently fighting similar charges, and made a final pre-trial appearance in a New York court earlier this week.

According to federal prosecutors, since about December 2013, Benthall has secretly owned and operated Silk Road 2.0, which the government describes as “one of the most extensive, sophisticated, and widely used criminal marketplaces on the Internet today.” Like its predecessor, Silk Road 2.0 operated on the “Tor” network, a special network of computers on the Internet, distributed around the world, designed to conceal the true IP addresses of the computers on the network and thereby the identities of the network’s users.

“Since its launch in November 2013, Silk Road 2.0 has been used by thousands of drug dealers and other unlawful vendors to distribute hundreds of kilograms of illegal drugs and other illicit goods and services to buyers throughout the world, as well as to launder millions of dollars generated by these unlawful transactions,”reads a statement released today by Preet Bharara, the United States Attorney for the Southern District of New York. “As of September 2014, Silk Road 2.0 was generating sales of at least approximately $8 million per month and had approximately 150,000 active users.”

Benthall's profile on Github.

Benthall’s profile on Github.

The complaint against Benthall claims that by October 17, 2014, Silk Road 2.0 had over 13,000 listings for controlled substances, including, among others, 1,783 listings for “Psychedelics,” 1,697 listings for “Ecstasy,” 1,707 listings for “Cannabis,” and 379 listings for “Opioids.” Apart from the drugs, Silk Road 2.0 also openly advertised fraudulent identification documents and computer-hacking tools and services. The government alleges that in October 2014, the Silk Road 2.0 was generating at least approximately $8 million in monthly sales and at least $400,000 in monthly commissions.

The complaint describes how federal agents infiltrated Silk Road 2.0 from the very start, after an undercover agent working for Homeland Security investigators managed to infiltrate the support staff involved in the administration of the Silk Road 2.0 website.

“On or about October 7, 2013, the HSI-UC [the Homeland Security Investigations undercover agent] was invited to join a newly created discussion forum on the Tor network, concerning the potential creation of a replacement for the Silk Road 1.0 website,” the complaint recounts. “The next day, on or about October 8, 2013, the persons operating the forum gave the HSI‐UC moderator privileges, enabling the HSI‐UC to access areas of the forum available only to forum staff. The forum would later become the discussion forum associated with the Silk Road 2.0 website.”

The complaint also explains how the feds located and copied data from the Silk Road 2.0 servers. “In May 2014, the FBI identified a server located in a foreign country that was believed to be hosting the Silk Road 2.0 website at the time. On or about May 30, 2014, law enforcement personnel from that country imaged the Silk Road 2.0 Server and conducted a forensic analysis of it . Based on posts made to the SR2 Forum, complaining of service outages at the time the imaging was conducted, I know that once the Silk Road 2.0 server was taken offline for imaging, the Silk Road 2.0 website went offline as well, thus confirming that the server was used to host the Silk Road 2.0 website.”

The government’s documents detail how Benthall allegedly hatched a selfless plan to help the Silk Road 2.0 community recover from an incident in February 2014, wherein thieves stole millions of dollars worth of Bitcoins from community users.

“On or about September 11, 2014, Defcon had an online conversation with the HSI-UC, in which he discussed, in sum and substance, his intention to reopen the Silk Road 2.0 marketplace, and his plan to recoup the deficit of Bitcoins that had been stolen from Silk Road 2.0. Specifically, Defcon confirmed that the site needed to recoup approximately 2,900 Bitcoins to cover the loss, and stated that he intended to donate approximately 1,000 of his own Bitcoins to return liquidity to Silk Road 2.0 (“I’m planning to throw my1000 BTC to kickstart the thing.”).”

“Defcon further acknowledged that the site had approximately 150,000 monthly active users (“We have 150,000 monthly active users. That’s why we have to save this thing.”). The HSI‐UC asked how long it would take to recover from the theft, and Defcon replied that it would take approximately three months’ worth of commission payments, if sales on Silk Road 2.0 continued at a steady rate (“Three months if sales continue at current pace and we don’t bottom out”). Thus, Defcon appears to have expected Silk Road2.0 to generate approximately $6 million in monthly sales over the next three months, which would have resulted in commissions over that three‐month period totaling approximately $900,000 ‐ equal to approximately 1,900 Bitcoins at the then prevailing exchange rate. “

Benthall’s biggest mistake may have been using his own personal email to register the servers used for the Silk Road 2.0 marketplace. In the complaint against Benthall, an undercover agent who worked the case said that “based on a review of records provided by the service provider for the Silk Road 2.0 Server, I have discovered that the server was controlled and maintained during the relevant time by an individual using the email account blake@benthall.net.”

“To me, it appears that both the human element, an undercover agent, plus technical attacks in discovering the hidden service, both played a key part in this arrest,” said Nicholas Weaver, a researcher at the International Computer Science Institute (ICSI) and at the University of California, Berkeley.

Federal agents also say they tracked Benthall administering the Silk Road 2.0 from his own computer, and using Bitcoin exchanges to make large cash withdrawals. In one instance, he allegedly cashed out $270,000, and used $70,000 for a down payment on a Tesla Model S, a luxury electric car worth approximately USD $127,000.

Benthall faces a raft of series charges that could send him to federal prison for life. He is facing one count of conspiring to commit narcotics trafficking, which carries a maximum sentence of life in prison and a mandatory minimum sentence of 10 years in prison; one count of conspiring to commit computer hacking, which carries a maximum sentence of five years in prison; one count of conspiring to traffic in fraudulent identification documents, which carries a maximum sentence of 15 years in prison; and one count of money laundering conspiracy, which carries a maximum sentence of 20 years in prison.

A copy of the complaint against Benthall is available here.