Posts tagged ‘research’

Krebs on Security: Spike in Malware Attacks on Aging ATMs

This post was syndicated from: Krebs on Security and was written by: BrianKrebs. Original post: at Krebs on Security

This author has long been fascinated with ATM skimmers, custom-made fraud devices designed to steal card data and PINs from unsuspecting users of compromised cash machines. But a recent spike in malicious software capable of infecting and jackpotting ATMs is shifting the focus away from innovative, high-tech skimming devices toward the rapidly aging ATM infrastructure in the United States and abroad.

Last month, media outlets in Malaysia reported that organized crime gangs had stolen the equivalent of about USD $1 million with the help of malware they’d installed on at least 18 ATMs across the country. Several stories about the Malaysian attack mention that the ATMs involved were all made by ATM giant NCR. To learn more about how these attacks are impacting banks and the ATM makers, I reached out to Owen Wild, NCR’s global marketing director, security compliance solutions.

Wild said ATM malware is here to stay and is on the rise.


BK: I have to say that if I’m a thief, injecting malware to jackpot an ATM is pretty money. What do you make of reports that these ATM malware thieves in Malaysia were all knocking over NCR machines?

OW: The trend toward these new forms of software-based attacks is occurring industry-wide. It’s occurring on ATMs from every manufacturer, multiple model lines, and is not something that is endemic to NCR systems. In this particular situation for the [Malaysian] customer that was impacted, it happened to be an attack on a Persona series of NCR ATMs. These are older models. We introduced a new product line for new orders seven years ago, so the newest Persona is seven years old.

BK: How many of your customers are still using this older model?

OW: Probably about half the install base is still on Personas.

BK: Wow. So, what are some of the common trends or weaknesses that fraudsters are exploiting that let them plant malware on these machines? I read somewhere that the crooks were able to insert CDs and USB sticks in the ATMs to upload the malware, and they were able to do this by peeling off the top of the ATMs or by drilling into the facade in front of the ATM. CD-ROM and USB drive bays seem like extraordinarily insecure features to have available on any customer-accessible portions of an ATM.

OW: What we’re finding is these types of attacks are occurring on standalone, unattended types of units where there is much easier access to the top of the box than you would normally find in the wall-mounted or attended models.

BK: Unattended….meaning they’re not inside of a bank or part of a structure, but stand-alone systems off by themselves.

OW: Correct.

BK: It seems like the other big factor with ATM-based malware is that so many of these cash machines are still running Windows XP, no?

This new malware, detected by Kaspersky Lab as Backdoor.MSIL.Tyupkin, affects ATMs from a major ATM manufacturer running Microsoft Windows 32-bit.

This new malware, detected by Kaspersky Lab as Backdoor.MSIL.Tyupkin, affects ATMs from a major ATM manufacturer running Microsoft Windows 32-bit.

OW: Right now, that’s not a major factor. It is certainly something that has to be considered by ATM operators in making their migration move to newer systems. Microsoft discontinued updates and security patching on Windows XP, with very expensive exceptions. Where it becomes an issue for ATM operators is that maintaining Payment Card Industry (credit and debit card security standards) compliance requires that the ATM operator be running an operating system that receives ongoing security updates. So, while many ATM operators certainly have compliance issues, to this point we have not seen the operating system come into play.

BK: Really?

OW: Yes. If anything, the operating systems are being bypassed or manipulated with the software as a result of that.

BK: Wait a second. The media reports to date have observed that most of these ATM malware attacks were going after weaknesses in Windows XP?

OW: It goes deeper than that. Most of these attacks come down to two different ways of jackpotting the ATM. The first is what we call “black box” attacks, where some form of electronic device is hooked up to the ATM — basically bypassing the infrastructure in the processing of the ATM and sending an unauthorized cash dispense code to the ATM. That was the first wave of attacks we saw that started very slowly in 2012, went quiet for a while and then became active again in 2013.

The second type that we’re now seeing more of is attacks that start with the introduction of malware into the machine, and that kind of attack is a little less technical to get on the older machines if protective mechanisms aren’t in place.

BK: What sort of protective mechanisms, aside from physically securing the ATM?

OW: If you work on the configuration setting…for instance, if you lock down the BIOS of the ATM to eliminate its capability to boot from USB or CD drive, that gets you about as far as you can go. In high risk areas, these are the sorts of steps that can be taken to reduce risks.

BK: Seems like a challenge communicating this to your customers who aren’t anxious to spend a lot of money upgrading their ATM infrastructure.

OW: Most of these recommendations and requirements have to be considerate of the customer environment. We make sure we’ve given them the best guidance we can, but at end of the day our customers are going to decide how to approach this.

BK: You mentioned black-box attacks earlier. Is there one particular threat or weakness that makes this type of attack possible? One recent story on ATM malware suggested that the attackers may have been aided by the availability of ATM manuals online for certain older models.

OW: The ATM technology infrastructure is all designed on multivendor capability. You don’t have to be an ATM expert or have inside knowledge to generate or code malware for ATMs. Which is what makes the deployment of preventative measures so important. What we’re faced with as an industry is a combination of vulnerability on aging ATMs that were built and designed at a point where the threats and risk were not as great.

According to security firm F-Secure, the malware used in the Malaysian attacks was “PadPin,” a family of malicious software first identified by Symantec. Also, Russian antivirus firm Kaspersky has done some smashing research on a prevalent strain of ATM malware that it calls “Tyupkin.” Their write-up on it is here, and the video below shows the malware in action on a test ATM.

In a report published this month, the European ATM Security Team (EAST) said it tracked at least 20 incidents involving ATM jackpotting with malware in the first half of this year. “These were ‘cash out’ or ‘jackpotting’ attacks and all occurred on the same ATM type from a single ATM deployer in one country,” EAST Director Lachlan Gunn wrote. “While many ATM Malware attacks have been seen over the past few years in Russia, Ukraine and parts of Latin America, this is the first time that such attacks have been reported in Western Europe. This is a worrying new development for the industry in Europe”

Card skimming incidents fell by 21% compared to the same period in 2013, while overall ATM related fraud losses of €132 million (~USD $158 million) were reported, up 7 percent from the same time last year.

Krebs on Security: Microsoft, Adobe Push Critical Security Fixes

This post was syndicated from: Krebs on Security and was written by: BrianKrebs. Original post: at Krebs on Security

Adobe, Microsoft and Oracle each released updates today to plug critical security holes in their products. Adobe released patches for its Flash Player and Adobe AIR software. A patch from Oracle fixes at least 25 flaws in Java. And Microsoft pushed patches to fix at least two-dozen vulnerabilities in a number of Windows components, including Office, Internet Explorer and .NET. One of the updates addresses a zero-day flaw that reportedly is already being exploited in active cyber espionage attacks.

brokenwindowsEarlier today, iSight Partners released research on a threat the company has dubbed “Sandworm” that exploits one of the vulnerabilities being patched today (CVE-2014-4114). iSight said it discovered that Russian hackers have been conducting cyber espionage campaigns using the flaw, which is apparently present in every supported version of Windows. The New York Times carried a story today about the extent of the attacks against this flaw.

In its advisory on the zero-day vulnerability, Microsoft said the bug could allow remote code execution if a user opens a specially crafted malicious Microsoft Office document. According to iSight, the flaw was used in targeted email attacks that targeted NATO, Ukrainian and Western government organizations, and firms in the energy sector.

More than half of the other vulnerabilities fixed in this month’s patch batch address flaws in Internet Explorer. Additional details about the individual Microsoft patches released today is available at this link.

brokenflash-aSeparately, Adobe issued its usual round of updates for its Flash Player and AIR products. The patches plug at least three distinct security holes in these products. Adobe says it’s not aware of any active attacks against these vulnerabilities. Updates are available for Windows, Mac and Linux versions of Flash.

Adobe says users of the Adobe Flash Player desktop runtime for Windows and Macintosh should update to Adobe Flash Player To see which version of Flash you have installed, check this link. IE10/IE11 on Windows 8.x and Chrome should auto-update their versions of Flash, although my installation of Chrome says it is up-to-date and yet is still running v. (with no outstanding updates available, and no word yet from Chrome about when the fix might be available).

The most recent versions of Flash are available from the Flash home page, but beware potentially unwanted add-ons, like McAfee Security Scan. To avoid this, uncheck the pre-checked box before downloading, or grab your OS-specific Flash download from here.

Windows users who browse the Web with anything other than Internet Explorer may need to apply this patch twice, once with IE and again using the alternative browser (Firefox, Opera, e.g.). If you have Adobe AIR installed, you’ll want to update this program. AIR ships with an auto-update function that should prompt users to update when they start an application that requires it; the newest, patched version is v. for Windows, Mac, and Android.

Finally, Oracle is releasing an update for its Java software today that corrects more than two-dozen security flaws in the software. Oracle says 22 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. Java SE 8 updates are available here; the latest version of Java SE 7 is here.

If you really need and use Java for specific Web sites or applications, take a few minutes to update this software. Updates are available from or via the Java Control Panel. I don’t have an installation of Java handy on the machine I’m using to compose this post, but keep in mind that updating via the control panel may auto-select the installation of third-party software, so de-select that if you don’t want the added crapware.

javamessOtherwise, seriously consider removing Java altogether. I’ve long urged end users to junk Java unless they have a specific use for it (this advice does not scale for businesses, which often have legacy and custom applications that rely on Java). This widely installed and powerful program is riddled with security holes, and is a top target of malware writers and miscreants.

If you have an affirmative use or need for Java, unplug it from the browser unless and until you’re at a site that requires it (or at least take advantage of click-to-play). The latest versions of Java let users disable Java content in web browsers through the Java Control Panel. Alternatively, consider a dual-browser approach, unplugging Java from the browser you use for everyday surfing, and leaving it plugged in to a second browser that you only use for sites that require Java.

For Java power users — or for those who are having trouble upgrading or removing a stubborn older version — I recommend JavaRa, which can assist in repairing or removing Java when other methods fail (requires the Microsoft .NET Framework, which also received updates today from Microsoft).

SANS Internet Storm Center, InfoCON: green: CSAM: Be Wary of False Beacons, (Mon, Oct 13th)

This post was syndicated from: SANS Internet Storm Center, InfoCON: green and was written by: SANS Internet Storm Center, InfoCON: green. Original post: at SANS Internet Storm Center, InfoCON: green

[This is a guest diary published on behalf of Chris Sanders]

Hunting for evil in network traffic depends on the analysts ability to locate patterns and variances in oceans of data. This can be an overwhelming tasks and relies on fundamental knowledge of what is considered normal on your network as well as your experienced-based intuition. These dark waters are navigated by finding glimmers of light”>and following them where they lead you by carefully investigating all of the data sources and intelligence in your reach. While hunting the adversary in this manner can yield treasure, following some of these distant lights can also land you in the rocks.

One scenario that often puts analysts in murky waters occurs when they chase patterns of network traffic occurring over clearly visible intervals. This periodic activity often gets associated with beaconing, where analysts perceive the timing of the communication to mean that it may be the result of malicious code installed on a friendly system.

As an example, consider the flow records shown here:

” />
Figure 1 (click on image for full size)

If you look at the timestamps for each of these records, you will see that each communication sequence occurs almost exactly one minute from the previous. Along with this, the other characteristics of the communication appear to be similar. A consistent amount of data is being transferred from an internal host to an external host each time.

So, whats going on here? Less experienced analysts might jump to the conclusion that the friendly device is compromised and that it is beaconing back out to some sort of attacker controlled command and control infrastructure. In reality, it doesn” />
Figure 2 (click on image for full size)

As analysts, we are taught to identify patterns and hone in on those as potential signs of compromise. While this isnt an entirely faulty concept, it should also be used with discretion. With dynamic content so prevalent on the modern Internet, it is incredibly common to encounter scenarios where devices communicate in a periodic nature. This includes platforms such as web-based e-mail clients, social networking websites, chat clients, and more.

Ultimately, all network traffic is good unless you can prove its bad. If you do need to dig in further in scenarios like this, try to make the best use of your time by looking for information you can use to immediately eliminate the potential that the traffic is malicious. This might include some basic research about the potentially hostile host like we did here, immediately pivoting to full PCAP data to view the content of the traffic when possible, or by simply examining the friendly host to determine which process is responsible for the connection(s). The ability to be selective of what you choose to investigate and to quickly eliminate likely false positives is the sign of a mature analyst. The next time you are hunting through data looking for evil, be wary when your eyes are drawn towards beaconing”>Blogs:”>”>

(c) SANS Internet Storm Center. Creative Commons Attribution-Noncommercial 3.0 United States License.

TorrentFreak: NetNames Anti-Piracy Chief Moves to IFPI

This post was syndicated from: TorrentFreak and was written by: Andy. Original post: at TorrentFreak

price-imgNetNames is one of a number of brand protection businesses operating online today. The company, which aims to cushion the effects of fraud on its clients’ brands, positions itself as a global leader in the sector.

Established as Group NBT in 1995, the company was renamed NetNames in 2013 and shortly after grabbed dozens of headlines after publishing a major study into online piracy.

Commissioned by NBC Universal and titled ‘Sizing the Piracy Universe‘, the study mapped piracy volumes and prevalence around the world. NetNames’ found that piracy is both “tenacious and persistent”, with a penchant for consuming increasing amounts of Internet bandwidth every year.

The report was overseen by Dr David Price, then Director of Piracy and Counterfeit Analysis at NetNames. Price also presided over the publication last month of NetNames’ latest piracy study which focused on the role played by credit card companies in the cyberlocker space.

Published exactly a year after the NBC study, ‘Behind The Cyberlocker Door: A Report How Shadowy Cyberlockers Use Credit Card Companies to Make Millions‘ was commissioned by the Digital Citizens Alliance (DCA), ostensibly to protect consumers. DCA doesn’t openly reveal its sources of funding but the report has all the hallmarks of an entertainment industry-focused study.

Previously, Price was the chief of Piracy Intelligence at Envisional and the head of a study claiming to be the first to accurately estimate the amount of infringing traffic on the Internet.

Now it appears that Price’s work has received the ultimate compliment from one of the most powerful entertainment industry organizations on the planet.

ifpilogoThe International Federation of the Phonographic Industry, or IFPI as it’s more often called, is the umbrella anti-piracy organization for the world’s leading recording labels. As of now, IFPI – probably in their UK office since that’s where Price is based – has a new employee.

According to an amendment tucked away on his Linkedin profile, Price – who has a doctorate in Criminology from the University of Cambridge – is now working for the IFPI as their Head of Anti-Piracy Research and Analysis.


In recent years Price has maintained a clear anti-piracy stance, which will obviously suit IFPI. He has participated in discussions calling for government action against piracy and regularly uses content-industry friendly terms such as “stealing” to describe unauthorized copying.

TorrentFreak contacted NetNames’ PR company for a comment on Price’s departure but at the time of publication we were yet to receive a response.

IFPI London, where the organization’s anti-piracy operations are based, also did not immediately respond to a request for comment.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

TorrentFreak: Research Warns Against Overestimated Movie Piracy Losses

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

pixel-pirateWhen it comes to movie piracy Hollywood tends to be most concerned about unauthorized copies that appear online when a film is still paying in theaters.

These are often CAM releases, which are copies of the movie recorded in a theater. Despite their low quality, these CAMs are often downloaded hundreds of thousands if not millions of times.

To find out what effect these downloads have on box office revenues APAS Laboratory researcher Marc Milot conducted a thorough field study. By using download statistics from the torrent site Demonoid, in combination with movie ratings and pre-release buzz, the research estimates the effect of CAM piracy on box office sales.

The findings, published this week in a paper titled “Testing the lost sale concept in the context of unauthorized BitTorrent downloads of CAM copies of theatrical releases”, reveal an intriguing pattern.

Based on a sample of 32 widely released movies, the results show that box office revenue could be best predicted by pre-release buzz and to a lesser extent by the rating of the movies, which were both taken from Rotten Tomatoes. Interestingly, the amount of times a movie was pirated had no effect on its box office sales.

Instead of a link with sales, the amount of unauthorized downloads was affected by how visible these titles were on Demonoid. TorrentFreak contacted Milot, who believes that these results support the notion that many pirates download movies to discover new content.

“The research findings are the first to support with concrete behavioral evidence what BitTorrent file-sharers have been saying all along: that they don’t always download movies – in this case CAM versions of theatrical releases – they would have paid to view if they were not available on sites like Demonoid,” Milot told us.

This notion is supported by the fact that, unlike at the box office, the rating of a movie doesn’t affect the piracy volume. This finding is based on ratings by both Pirate Bay and Rotten Tomatoes users, to control for the possibility that pirates simply have a different movie taste.

Downloads/sales by movie rating

According to the researcher, these results should caution the movie industry not to overestimate the effect of CAM piracy on box office sales.

“BitTorrent site users appear to be exploring and downloading the most visible movies, without caring how good or bad they are. It is in this way that BitTorrent sites and the box office are completely different systems in which people behave uniquely and with different motivations,” Milot explains.

“These findings should caution against the use of download statistics alone in calculations of losses – in this case lost ticket sales – to avoid overestimation,” he adds.

Whether the above will be a reassurance for Hollywood has yet to be seen. There have been several studies on the impact of movie piracy in recent years, often with conflicting results. The current research helps to add yet another piece to the puzzle.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

Krebs on Security: Bugzilla Zero-Day Exposes Zero-Day Bugs

This post was syndicated from: Krebs on Security and was written by: BrianKrebs. Original post: at Krebs on Security

A previously unknown security flaw in Bugzilla — a popular online bug-tracking tool used by Mozilla and many of the open source Linux distributions — allows anyone to view detailed reports about unfixed vulnerabilities in a broad swath of software. Bugzilla is expected today to issue a fix for this very serious weakness, which potentially exposes a veritable gold mine of vulnerabilities that would be highly prized by cyber criminals and nation-state actors.

The Bugzilla mascot.

The Bugzilla mascot.

Multiple software projects use Bugzilla to keep track of bugs and flaws that are reported by users. The Bugzilla platform allows anyone to create an account that can be used to report glitches or security issues in those projects. But as it turns out, that same reporting mechanism can be abused to reveal sensitive information about as-yet unfixed security holes in software packages that rely on Bugzilla.

A developer or security researcher who wants to report a flaw in Mozilla Firefox, for example, can sign up for an account at Mozilla’s Bugzilla platform. Bugzilla responds automatically by sending a validation email to the address specified in the signup request. But recently, researchers at security firm Check Point Software Technologies discovered that it was possible to create Bugzilla user accounts that bypass that validation process.

“Our exploit allows us to bypass that and register using any email we want, even if we don’t have access to it, because there is no validation that you actually control that domain,” said Shahar Tal, vulnerability research team leader for Check Point. “Because of the way permissions work on Bugzilla, we can get administrative privileges by simply registering using an address from one of the domains of the Bugzilla installation owner. For example, we registered as, and suddenly we could see every private bug under Firefox and everything else under Mozilla.”

Bugzilla is expected today to release updates to remove the vulnerability and help further secure its core product.

“An independent researcher has reported a vulnerability in Bugzilla which allows the manipulation of some database fields at the user creation procedure on Bugzilla, including the ‘login_name’ field,” said Sid Stamm, principal security and privacy engineer at Mozilla, which developed the tool and has licensed it for use under the Mozilla public license.

“This flaw allows an attacker to bypass email verification when they create an account, which may allow that account holder to assume some privileges, depending on how a particular Bugzilla instance is managed,” Stamm said. “There have been no reports from users that sensitive data has been compromised and we have no other reason to believe the vulnerability has been exploited. We expect the fixes to be released on Monday.”

The flaw is the latest in a string of critical and long-lived vulnerabilities to surface in the past year — including Heartbleed and Shellshock — that would be ripe for exploitation by nation state adversaries searching for secret ways to access huge volumes of sensitive data.

“The fact is that this was there for 10 years and no one saw it until now,” said Tal. “If nation state adversaries [had] access to private bug data, they would have a ball with this. There is no way to find out if anyone did exploit this other than going through user list and seeing if you have a suspicious user there.”

Like Heartbleed, this flaw was present in open source software to which countless developers and security experts had direct access for years on end.

“The perception that many eyes have looked at open source code and it’s secure because so many people have looked at it, I think this is false,” Tal said. “Because no one really audits code unless they’re committed to it or they’re paid to do it. This is why we can see such foolish bugs in very popular code.”


Raspberry Pi: A digital making community for wildlife: Naturebytes camera traps

This post was syndicated from: Raspberry Pi and was written by: Helen Lynn. Original post: at Raspberry Pi

Start-up Naturebytes hopes their 3D printed Raspberry Pi camera trap (a camera triggered by the presence of animals) will be the beginning of a very special community of makers.

Supported by the Raspberry Pi Foundation’s Education Fund and Nesta, Naturebytes aims to establish a digital making community for wildlife with a very important purpose. Their gadgets, creations and maker kits (and, hopefully, those of others who get involved) will be put to use collecting real data for conservation and wildlife research projects – and to kick it all off, they took their prototype 3D printed birdbox-style camera trap kit to family festival Camp Bestival to see what everyone thought.

NatureBytes camera trap prototype

If you were one of the lucky bunch to enjoy this year’s Camp Bestival, you’d have seen them over in the Science Tent with a colourful collection of their camera trap enclosures. The enclosure provides a snug home for a Raspberry Pi, Pi camera module, passive infrared sensor (PIR sensor), UBEC (a device used to regulate the power) and battery bank (they have plans to add external power capabilities, including solar, but for now they’re using eight trusty AA batteries to power the trap).

A colourful collection of camera trap enclosures

A colourful collection of camera trap enclosures

The PIR sensor does the job of detecting any wildlife passing by, and they’re using Python to control the camera module, which in turn snaps photos to the SD card. If you’re looking for nocturnal animals then the Pi NoIR could be used instead, with a bank of infrared LEDs to provide illumination.

Naturebytes says:

When you’re aiming to create maker kits for all manner of ages, it’s useful to try out your masterpiece with actual users to see how they found the challenge.

Naturebytes at Camp Bestival

Explaining how the camera trap enclosures are printed

Assembling camera traps at Camp Bestival

Camp Bestival festival-goers assembling camera traps

With screwdrivers at the ready, teams of festival-goers first took a look at one of our camera enclosures being printed on an Ultimaker before everyone sat down to assemble their own trap ready for a Blue Peter-style “Here’s one I made earlier” photo opportunity (we duct-taped a working camera trap to the back of a large TV so everyone could be captured in an image).

In fact, using the cam.start_preview() Python function we could output a few seconds of video when the PIR sensor was triggered, so everyone could watch.

One camera trap in action capturing another camera trap

Naturebytes duct-taped a working camera trap to the back of a large TV so everyone could see a camera trap in action

Our grand plan is to support the upcoming Naturebytes community of digital makers by accepting images from thousands of Naturebytes camera traps out in gardens, schools or wildlife reserves to the Naturebytes website, so we can share them with active conservation projects. We could, for example, be looking for hedgehogs to monitor their decline, and push the images you’ve taken of hedgehogs visiting your garden directly to wildlife groups on the ground who want the cold hard facts as to how many can be found in certain areas.

Job done, Camp Bestival!

Job done, Camp Bestival!

Keep your eyes peeled – Naturebytes is powering up for launch very soon!

TorrentFreak: Most Top Films Are Not Available on Netflix, Research Finds

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

netflix-logoThere is little doubt that, in the United States, Netflix has become the standard for watching movies on the Internet.

The subscription service is responsible for a third of all Internet traffic during peak hours, dwarfing that of online piracy and other legal video platforms.

It’s safe to assume that Netflix is the best and most convenient alternative to piracy at this point. That is, if the service carries the movies people want to see. This appears to be a problem.

Research firm KPMG has just released a new study that looks at the online availability of the 808 most popular and critically acclaimed films. The study was commissioned by NBC Universal and praised by the MPAA, presumably to dispel the argument that many people pirate because they don’t have the option to watch some films legally.

“This first-of-its-kind report analyzed the availability of 808 different film titles over 34 major online video distribution services and found that 94 percent of the films were available on at least one service,” MPAA’s Chris Dodd commented on the study.

The MPAA is right that most of the movies are available through online stores and rental services. However, the Hollywood group conveniently ignores the lacking availability on popular subscription platforms which services such as Netflix and Hulu use.

This is not a minor oversight as the study finds that availability of top films on Netflix and other subscription services is very low.

Although KPMG decided not to mention it in the executive summary of the report, the findings show that only 16% of the films are available through on-demand subscription services (SOVD).

Availability of the top films

The above sheds a different light on the availability argument. Because, what good is it if 94 percent of the films are available online, but (at least) 84% are missing from the most-used movie service?

After all, most people prefer to get their movies in one place as it’s not very convenient to use a few dozen services to get your movie fix.

Of course this is not an excuse for people to go out and download films without permission, and we have to admit that a lot of progress has been made on the availability side in recent years. However, Hollywood can definitely learn from the music industry, where most of the popular content is available through subscription services.

From the availability point of view there’s another issue worth pointing out. The most pirated titles are usually recent releases, and these are generally not available, not even through iTunes, Amazon or rental services.

This is also illustrated in the KPMG report which shows that 100% of the top 2012 films are available online, compared to 77% of the 2013 releases. It’s probably safe to say that the majority of all pirated downloads are of films that are not yet legally available.

In other words, there’s still plenty of improvement possible.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

Bradley M. Kuhn's Blog ( bkuhn ): IRS Tax-Exempt Status & FaiF 0x4E

This post was syndicated from: Bradley M. Kuhn's Blog ( bkuhn ) and was written by: Bradley M. Kuhn. Original post: at Bradley M. Kuhn's Blog ( bkuhn )

Historically, I used to write a blog post for each episode of the
audcast, Free as in Freedom that
Karen Sandler and I released. However, since I currently do my work on
FaiF exclusively as a
volunteer, I often found it difficult to budget time for a blog post about
each show.

However, enough happened in between when Karen and I
recorded FaiF 0x4E and
when it was released earlier this week that I thought I’d comment on those

First, with regard to the direct content of the show, I’ve added
some detail in the 0x4E
show notes
about additional research I did about various other
non-software-related non-profit organizations that I mention in the

The primary thrust of Karen’s and my discussion on the show, though,
regarded how the IRS is (somewhat strangely) the regulatory body for
various types of organizational statuses, and that our legislation lumps
many disparate activities together under the term “non-profit
organizations” in the USA.
The types of
these available
, outlined
in 26
, vary greatly in what they do, and in what the IRS
intends for them to do.

Interestingly, a few events occurred in mainstream popular culture since
FaiF 0x4E’s recording that relate to this subject. First, on John
Oliver’s Last
Week Tonight
Episode 18 on 2014-09-21 (skip to 08:30 in the video to
see the part I’m commenting on)
, John actually pulled out a stack of
interlocking Form 990s from various related non-profit organizations and
walked through some details of misrepresentation to the public regarding
the organization’s grant-making activities. As an avid reader of Form
990s, I was absolutely elated to see a popular comic pundit actually assign
his staff the task of reviewing Form 990s to follow the
. (Although I wish he hadn’t wasted the paper to print them out
merely to make a sight gag.)

Meanwhile, the failure of just about everyone to engage in such research
remains my constant frustration. I’m often amazed that people judge
non-profit organizations merely based on
a (Stephen-Colbert-style)
gut reaction
of truthiness rather
than researching the budgetary actions of such organizations. Given that
tendency, the mandatory IRS public disclosures for all these various
non-profits end up almost completely hidden in plain sight.

Granted, you sometimes have to make as many as three
, and type the name of the
organization twice
on Foundation
Center’s Form 990 finder
to find these documents. That’s why I started
to maintain the

FLOSS Foundation gitorious repository of Form 990s of all the orgs related
to Open Source and Free Software
— hoping that a git
able solution would be more appealing to geeks. Yet, it’s rare
that anyone besides those of us who maintain the repository read these.
The only notable exception
is Brian
Proffitt’s interesting article back in March 2012, which made use of FLOSS
Foundation Form 990 data
. But, AFAIK, that’s the only time the media
has looked at any FLOSS Foundations’ Form 990s.

The final recent story related to non-profits
was linked
to by Conservancy Board of Directors member, Mike Linksvayer on
. In
the article
from Slate Mike references there
, Jordan Weissmann
points out that the
NFL is a 501(c)(6).
Weissmann further notes that permission for football to be classified
under 501(c)(6) rules seems like pork barrel politics in the first

These disparate events — the Tea Party attacks against IRS 501(c)(4)
denials, John Oliver’s discussion of the Miss America Organization,
Weissmann’s specific angle in reporting the NFL scandals, and (more
parochially) Yorba’s 501(c)(3) and OpenStack Foundation’s 501(c)(6)
application denials — are brief moments of attention on non-profit
structures in the USA. In such moments, we’re invited to dig deeper and
understand what is really going on, using public information that’s readily
accessible. So, why do so many people use truthiness rather than data to
judge the performance and behavior of non-profit organizations? Why do so
many funders, grant-makers and donors admit to never even reading the Form
990 of the organizations whom they support and with whom they collaborate?
I ask, of course, rhetorically, but I’d be delighted if there is any answer
beyond: “because they’re lazy”.

The Hacker Factor Blog: Works Like a Charm

This post was syndicated from: The Hacker Factor Blog and was written by: The Hacker Factor Blog. Original post: at The Hacker Factor Blog

As a software developer, one of my core philosophies is to automate common tasks. If you have to do something more than once, then it is better to automate it.

Of course, there always is that trade-off between the time to automate and the time saved. If a two-minute task takes 20 hours to automate, then it’s probably faster (and a better use of your time) to do it manually when needed. However, if you need to do it hundreds of times, then it’s better to spend 20 hours automating it.

Sometimes you may not even realize how often you do a task. All of those minutes may not seem like much, but they can really add up.

Work Harder, Not Smarter

FotoForensics is currently receiving over 1,000 unique pictures per day. We’re at the point where we can either (A) hire more administrators, or (B) simplify existing administrative duties.

Recently I’ve been taking a closer look at some of the tasks we manually perform. Things like categorizing content for various research projects, identifying trends, scanning content for “new” features that run the gambit from new devices to new attacks, reviewing flagged content, and responding to user requests. A lot of these tasks are time consuming and performed more than once. And a few of them can be automated.

Network abuses come in many different forms. Users may upload prohibited content, automate submissions, attack the site with port scans and vulnerability tests, or submit comment-spam to our contact form. It’s always a good idea to check abusers against known blacklists. This tells me whether it is a wide-spread abuse or if my site is just special.

There are a bunch of servers that run DNS-based blacklists. They all work in similar ways:

  1. You encode the query as a hostname. Like “”. This encodes the IP address in reverse-notation:
  2. You perform a DNS hostname lookup.
  3. The DNS result encodes the response as an IP address. Different DNSBL servers have different encoded values, but they typically report suspicious behavior, known proxies, and spammer.

Some DNSBL servers seem too focused for my use. For example, if they only report known-spam systems and not proxies or malware, then it will rarely find a match for my non-spam queries. Other DNSBL systems seem to have dated content, with lists of proxies that have not been active for years. (One system will quickly add proxies but won’t remove them without a request. So dead proxies remain listed indefinitely.)

Most DNSBL servers focus on anti-spam. They report whether the address was used to send spam, harvest addresses, or other related actions. Ideally, I’d like a DNSBL that focuses on other hostile activities: network scanners, attackers, and proxies. But for now, looking for other abuses, like harvesters and comment-spam, is good enough.

Anonymous Proxies
I believe that anonymous proxies are important. They permit whistle-blowers to make anonymous reports and allow people to discuss personal issues without the fear of direct retribution. Groups like “Alcoholics Anonymous” would not be as successful if members had to be fully outed.

Unfortunately, anonymity also permits abuses. The new automated system downloads the list of TOR nodes daily. This allows us to easily check if a ban is tied to a TOR node. We don’t ban every TOR node. Instead, we only ban the nodes used for uploading prohibited content to the site.

For beginner TOR users, this may not make sense. Banning one node won’t stop the problem since the user will just change nodes. Except… Not all TOR nodes are equal. Nodes that can handle a higher load are given a higher weight and are more likely to carry traffic. We’ve only banned about 300 of the 6,100 TOR nodes, but that seems to have stopped most abuses from TOR. (And best yet: only about a dozen of these bans were manually performed — most were caught by our auto-ban system.)

Automating History
The newly automated system also scans the logs for own ban records and any actions made after being banned. I can tell if the network address is associated with network attacks or if the user just uploaded prohibited content. I can also tell if the user attempted to avoid the ban.

I recently had one person request a ban-removal. He claimed that he didn’t know why he was banned. After looking at the automated history report, I decided to leave the ban in place and not respond to him. But I was very tempted to write something like: “Dude… You were banned three seconds after you uploaded that picture. You saw the ban message that said to read the FAQ, and you read it twelve seconds later. Then you reloaded eight times, switched browsers, switched computers, and then tried to avoid the ban by changing your network address. And now you’re claiming that you don’t know why you were banned? Yeah, you’re still banned.”

Performing a full history search though the logs for information related to a ban used to take minutes. Now it takes one click.

NCMEC Reports
The word forensics means “relating to the use of scientific knowledge or methods in solving crimes” or “relating to, used in, or suitable to a court of law”. When you see a forensic system, you know it is geared toward crime detection and legal issues.

And people who deal in child exploitation photos know that their photos are illegal. Yet, some people are stupid enough to upload illegal pictures to FotoForensics.

The laws regarding these pictures are very explicit: we must report pictures related to child abuse and exploitation to the CyberTipline at the National Center for Missing and Exploited Children (NCMEC).

While I don’t mind the reporting requirement, I don’t like the report form. The current online form has dozens of fields and takes me more than 6 minutes to complete each time I need to submit a report. I need to gather the picture(s), information about the submitter, and other related log information. Some reports have a lot of files to attach, so they can take 12 minutes or more to complete. The total time I’ve spent using this form in the last year can be measured in days.

I’ve finally had enough of the manual submission process. I just spent a few days automating it from my side. It’s a PHP script that automatically logs in (for the session tokens), grabs the form (for the fields and any pre-populated values), fills out the data, attaches files, and submits it. It also automatically writes a short report (that I can edit with more information), records the confirmation information, and archives the stuff I am legally required to retain.

Instead of taking me 6+ minutes for each report, it now takes about 3 seconds. This simplifies the entire reporting process and significantly reduces the ick-factor.

Will Work for Work

A week of programming effort (spread over three weeks) has allowed me to reduce the overhead. Administrative tasks that would take a few hours each day now take minutes.

There’s still a good number of tasks that can be automated. This includes spotting certain types of pictures that are currently being included in specific research projects, and some automated classification. I can probably add in a little more automated NCMEC reporting, for those common cases where there is no need for a manually confirmation.

Eventually I will need to get a more powerful server and maybe bring on more help. But for right now, simply automating common tasks makes the current server very manageable.

TorrentFreak: UK Govt Hopes to ‘Profit’ From Anti-Piracy Measures

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

pirate-cardA few weeks ago the UK Government announced its support for a new anti-piracy plan, the Voluntary Copyright Alert Programme (VCAP).

The Government teamed up with copyright holders and ISPs, who will start sending warning emails to pirating Internet users next year. In addition there will be a broader educational campaign to steer people towards using legal options.

While the campaign is a private initiative the Government has decided to back it financially with several million pounds. However, TorrentFreak has learned that the Government funding wasn’t straightforward and was made outside of the available marketing budget.

Through a Freedom of Information request we obtained an email conversation between the UK Intellectual Property Office (IPO) and music industry group BPI. In the email from May this year IPO’s Ros Lynch explains that there are no regular marketing funds available to support VCAP.

“As part of the process of agreeing Government financial support for the educational element of VCAP we will need to seek a marketing exemption as we are currently not permitted to spend on marketing,” Lynch writes to BPI’s Ian Moss.

To be able to get the exception the Government needs additional information from the entertaining industries, showing that the investment makes sense financially. Or put differently, that the Government will see a good return for their invested taxpayer money.

“Essentially this will require a proper business case which includes hard figures,” Lynch writes.

“For example, what research are you basing your target audiences on? How have you calculated your 5% reduction in infringement? What £ saving does a 5% reduction bring? What overall estimate can you make of the ROI of this campaign e.g. what financial benefit would a £2.2m Government investment bring?”


The above suggests that the BPI is predicting a 5% drop in piracy from the anti-piracy measures. However, in a response to the IPO’s request the industry group writes that even with a lower success rate the Government’s spending will pay off.

In a “Summary Business Case” (pdf) BPI uses the expected VAT increase to convince the Government of the “profitability” of the campaign. It estimates that if 15% of all illegal downloads are lost sales, piracy only has to decline 1% over three years for the Government to recoup their investment.

“The underlying assumptions are based on very good data that has been produced by Ofcom and by a number of academic studies looking at the replacement ratios. It shows that only very small changes in piracy lead to significant returns to Government,” BPI notes.

The music industry group stresses that the calculation only looks at VAT income and that the effects on the wider economy may be even greater. However, the static model they presented should already be good enough to warrant the funding.

“So even from a very simple, static assumption, a small reduction in piracy of between .49% and 1% over the three years would return Government investment of £4m in an education scheme,” BPI writes.

This prediction was apparently good enough for the Government to invest in the new anti-piracy plans beyond the available marketing budget. Even more so, the authorities committed £3.5 million to the campaign, instead of the £2.2 that was discussed in May.

Whether the Government will indeed be able to recoup the taxpayer money through the anti-piracy campaign will be hard to measure, but the plan is going full steam ahead.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

Raspberry Pi: PiKon and other Pi projects from Sheffield University

This post was syndicated from: Raspberry Pi and was written by: Ben Nuttall. Original post: at Raspberry Pi

Sheffield has been a maker city for many years – the thriving steel industry dates back to the 14th century. Today it has the likes of Pimoroni, who recently moved in to a huge new factory, making cases, HATs, media centres and more.


The good ship Pimoroni

The University of Sheffield has been undertaking a number of Raspberry Pi projects in the last couple of years. The computer science department has a research group called Sheffield Pi-Tronics led by Hamish Cunningham. One project of note is their new Pi-powered telescope – PiKon. Not to be confused with PyCon

The £100 3D printed Pi-powered telescope

The University has released incredible images of the moon taken with the Raspberry Pi’s camera module connected to a 3D printed telescope which costs just £100 to make from readily available parts.

The moon

Moon, the

The Pikon astro-cam is a collaborative project by the Department of Physics at the University of Sheffield and Mark Wrigley of Alternative Photonics, a small company based in north Sheffield. The project was set up to deliver a working telescope for the Festival of the Mind event.

They have a working model and they’re aiming to make all the 3D printing resources and instructions available soon. They’re also looking for help producing a simple interface to make it more accessible to all:

So far, we have a working telescope which is operated by entering command lines into the Raspberry Pi. We are looking for enthusiasts and educators to help us take things further. We want to encourage people to create, innovate, educate and share their efforts on an open source basis.

How it works (from


The PiKon Telescope is based on the Newtonian Reflecting Telescope. This design uses a concave mirror (objective) to form an image which is examined using an eyepiece. The mirror is mounted in a tube and a 45 degree mirror is placed in the optical path to allow the image to be viewed from the side of the tube.

visualtelescope3The PiKon Telescope is based on a very similar design, but the image formed by the Objective is focused onto the photo sensor of a Raspberry Pi Camera. The camera sensor is exposed by simply removing (unscrewing) the lens on the Pi Camera. Because of the small size of the Raspberry Pi Camera board, it is possible to mount the assembly in the optical path. The amount of light lost by doing this is similar to the losses caused by mounting the 45 degree mirror in a conventional Newtonian design.

Former physicist and member of the Institute of Physics, Mark Wrigley, said:

We’ve called this project Disruptive Technology Astronomy because we hope it will be a game changer, just like all Disruptive Technologies.

We hope that one day this will be seen on a par with the famous Dobsonian ‘pavement’ telescopes, which allowed hobbyists to see into the night skies for the first time.

This is all about democratising technology, making it cheap and readily available to the general public.

And the PiKon is just the start. It is our aim to not only use the public’s feedback and participation to improve it, but also to launch new products which will be of value to people.

Also this week the group launched Pi Bank – a set of 20 kits containing Pi rigs that are available for short-term loan. This means local schools and other groups can make use of the kits for projects without having to invest in the technology themselves, with all the essentials, plenty of extra bits to play with – and experts on hand to help out.



See more of the Sheffield Pi-Tronics projects at and read more about PiKon at

Any positive comments about Sheffield are completely biased as that’s where I’m from. If you’re interested in the history of Sheffield there’s a great documentary you should watch called The Full Monty.

The Hacker Factor Blog: Eight Is Enough

This post was syndicated from: The Hacker Factor Blog and was written by: The Hacker Factor Blog. Original post: at The Hacker Factor Blog

I must be one of those people who lives in a cave. (Well, at least it’s a man-cave.) I didn’t even realize that Apple’s iOS 8 was released until I heard all of the hoopla in the news.

When Apple did their recent big presentation, I heard about the new watch and the new iPhone, but not about the new operating system. The smart-watch didn’t impress me. At CACC last month, I saw a few people wearing devices that told the time, maintained their calendar, synced with their portable devices, and even checked their heart rates and sleep cycles. In this regard, Apple seems a little late to the game, over-priced, and limited in functionality.

The new iPhone also didn’t impress me. The only significant difference that I have heard about is the bigger screen. I find it funny that pants pockets are getting smaller and phones are getting bigger… So, where do you put this new iPhone? You can’t be expected to carry it everywhere by hand when you’re also holding a venti pumpkin spice soy latte with whip no room. Someone really needs to build an iPhone protector that doubles as a cup-holder. (Oh wait, it exists.) Or maybe an iBelt… that hangs the iPhone like a codpiece since it is more of a symbol of geek virility than a useful mobile device.

Then again, I’m not an Apple fanatic. I use a Mac, but I don’t go out of the way to worship at the foot of the latest greatest i-device.

Sight Seeing

Apple formally announced all of these new devices on September 9th. I decided to look over the FotoForensics logs for any iOS 8 devices. Amazingly, I’ve had a few sightings… and they started months before the formal announcement.

The first place I looked was in my web server’s log files. Every browser sends its user-agent string with their web request. This usually identifies the operating system and browser. The intent is to allow web services to collect metrics about usage. If I see a bunch of people using some new web browser, then I can test my site with that browser and ensure a good user experience.

With iOS devices, they also encode the version number. So I just looked for anything claiming to be an iOS 8 device. Here’s the date/time and user-agent strings that match iOS 8. I’m only showing the 1st instance per day:

[18/Mar/2014:18:40:39 -0500] “Mozilla/5.0 (iPad; CPU OS 8_0 like Mac OS X) AppleWebKit/538.22 (KHTML, like Gecko) Mobile/12A214″

[29/Apr/2014:13:27:58 -0500] “Mozilla/5.0 (iPhone; CPU iPhone OS 8_0 like Mac OS X) AppleWebKit/538.30.1 (KHTML, like Gecko) Mobile/12W252a”

[02/Jun/2014:16:56:45 -0500] “Mozilla/5.0 (iPhone; CPU iPhone OS 8_0 like Mac OS X) AppleWebKit/538.34.9 (KHTML, like Gecko) Version/7.0 Mobile/12A4265u Safari/9537.53″

[03/Jun/2014:16:44:38 -0500] “Mozilla/5.0 (iPhone; CPU iPhone OS 8_0 like Mac OS X) AppleWebKit/538.34.9 (KHTML, like Gecko) Version/7.0 Mobile/12A4265u Safari/9537.53″

After June 3rd, it basically became a daily appearance. The list includes iPhones and iPads. And, yes, the first few sightings came from Cupertino, California, where Apple is headquartered.

Even though iOS 8 is new, it looks like a few people have been using it for months. Product testers, demos, beta testers, etc.


When Apple released iOS 7, they added a new metadata field to their pictures. This field records the active-use time since the last reboot. I suspect that it is a useful metric for Apple. It also makes me wonder if iOS 8 added anything new.

As a research service, every picture uploaded to FotoForensics gets indexed for rapid searching. I searched the archive for any pictures that claim to be from an iOS 8 device. So far, there have only been five sightings. (Each photo shows personally identifiable information, selfies or pictures of text, so I won’t be linking to them.)

Amazingly, none of these initial iOS 8 photos are camera-original files. Adobe, Microsoft Windows, and other applications were used to save the picture. The earliest picture was uploaded on 2014-07-30 at 21:32:39 GMT by someone in California, and the picture’s metadata says it photographed on 2014-07-19.

Each of these iOS 8 photos came from an iPhone 5 or 5s device. I have yet to see any photos from an iPhone 6 device. (There was one sighting of an “iPhone 6Z” on 2013-01-30. But since it was uploaded by someone in France, I suspect that the metadata was altered.)

With the iPhone 5 and iOS 7, Apple introduced a “purple flareproblem. I don’t have many iOS 8 samples to compare against, and none are camera-originals. However, I’m not seeing the extreme artificial color correction that caused the purple flare. There’s still a distinct color correction, but it’s not as extreme. Perhaps the purple problem is fixed.

New Privacy

As far as I can tell, there is one notable new thing about iOS 8. Apple has publicly announced a change to their privacy policy. Specifically, they claim to have strong cryptography in the phones and no back doors. As a result, they will not be able to turn over any iPhone information to law enforcement, even if they have a valid subpoena. By implementing a technically strong solution and not retaining any keys, they forced their stance: it isn’t that they don’t want to help unlock a phone, it is that they technically cannot crack it in a realistic time frame.

While this stops Apple from assisting with iPhone and iPad devices that use iOS 8, it does nothing to stop Apple from turning over information uploaded to Apple’s iCloud service. (You do have the “backup to iCloud” option enabled, right?) This also does nothing to stop brute-force account guessing attacks, like the kind reportedly used to compromise celebrity nude photos. The newly deployed two-factor authentication seems like a much better solution even if it is too little too late.

Then again, I can also foresee new services that will handle your encryption keys for you, in case you lose them. After a few hundred complaints like “I lost my password and cannot access my precious kitty photos! Please help me!”, I expect that an entire market of back door options will become available for Apple users.

Behind the Eight Ball

I didn’t really pay attention to Apple’s latest releases until after they were out. However, it wouldn’t take much to make a database of known user agents and trigger an automated alert when the next Apple product first appears. It’s one thing to read about iOS 8 on Mac Rumors a few months before the release; it’s another thing to see it in my logs six months earlier.

While I don’t think much of Apple’s latest offerings, that doesn’t mean it won’t drive the market. Sometimes it’s not the produce itself that drives the innovation; sometimes it’s the spaces that need filling.

TorrentFreak: Mega Demands Apology Over “Defamatory” Cyberlocker Report

This post was syndicated from: TorrentFreak and was written by: Andy. Original post: at TorrentFreak

Yesterday the Digital Citizens Alliance released a new report that looks into the business models of “shadowy” file-storage sites.

Titled “Behind The Cyberlocker Door: A Report How Shadowy Cyberlockers Use Credit Card Companies to Make Millions,” the report attempts to detail the activities of some of the world’s most-visited hosting sites.

While it’s certainly an interesting read, the NetNames study provides a few surprises, not least the decision to include New Zealand-based cloud storage site There can be no doubt that there are domains of dubious standing detailed in the report, but the inclusion of Mega stands out as especially odd.

Mega was without doubt the most-scrutinized file-hosting startup in history and as a result has had to comply fully with every detail of the law. And, unlike some of the other sites listed in the report, Mega isn’t hiding away behind shell companies and other obfuscation methods. It also complies fully with all takedown requests, to the point that it even took down its founder’s music, albeit following an erroneous request.

With these thoughts in mind, TorrentFreak alerted Mega to the report and asked how its inclusion amid the terminology used has been received at the company.

Grossly untrue and highly defamatory

mega“We consider the report grossly untrue and highly defamatory of Mega,” says Mega CEO Graham Gaylard.

“Mega is a privacy company that provides end-to-end encrypted cloud storage controlled by the customer. Mega totally refutes that it is a cyberlocker business as that term is defined and discussed in the report prepared by NetNames for the Digital Citizens Alliance.”

Gaylard also strongly refutes the implication in the report that as a “cyberlocker”, Mega is engaged in activities often associated with such sites.

“Mega is not a haven for piracy, does not distribute malware, and definitely does not engage in illegal activities,” Gaylard says. “Mega is running a legitimate business alongside other cloud storage providers in a highly competitive market.”

The Mega CEO told us that one of the perplexing things about the report is that none of the criteria set out by the report for “shadowy” sites is satisfied by Mega, yet the decision was still taken to include it.

Infringing content and best practices

One of the key issues is, of course, the existence of infringing content. All user-uploaded sites suffer from that problem, from YouTube to Facebook to Mega and thousands of sites in between. But, as Gaylard points out, it’s the way those sites handle the issue that counts.

“We are vigorous in complying with best practice legal take-down policies and do so very quickly. The reality though is that we receive a very low number of take-down requests because our aim is to have people use our services for privacy and security, not for sharing infringing content,” he explains.

“Mega acts very quickly to process any take-down requests in accordance with its Terms of Service and consistent with the requirements of the USA Digital Millennium Copyright Act (DMCA) process, the European Union Directive 2000/31/EC and New Zealand’s Copyright Act process. Mega operates with a very low rate of take-down requests; less than 0.1% of all files Mega stores.”

Affiliate schemes that encourage piracy

One of the other “rogue site” characteristics as outlined in the report is the existence of affiliate schemes designed to incentivize the uploading and sharing of infringing content. In respect of Mega, Gaylard rejects that assertion entirely.

“Mega’s affiliate program does not reward uploaders. There is no revenue sharing or credit for downloads or Pro purchases made by downloaders. The affiliate code cannot be embedded in a download link. It is designed to reward genuine referrers and the developers of apps who make our cloud storage platform more attractive,” he notes.

The PayPal factor

As detailed in many earlier reports (1,2,3), over the past few years PayPal has worked hard to seriously cut down on the business it conducts with companies in the file-sharing space.

Companies, Mega included, now have to obtain pre-approval from the payment processor in order to use its services. The suggestion in the report is that large “shadowy” sites aren’t able to use PayPal due to its strict acceptance criteria. Mega, however, has a good relationship with PayPal.

“Mega has been accepted by PayPal because we were able to show that we are a legitimate cloud storage site. Mega has a productive and respected relationship with PayPal, demonstrating the validity of Mega’s business,” Gaylard says.

Public apology and retraction – or else

Gaylard says that these are just some of the points that Mega finds unacceptable in the report. The CEO adds that at no point was the company contacted by NetNames or Digital Citizens Alliance for its input.

“It is unacceptable and disappointing that supposedly reputable organizations such as Digital Citizens and NetNames should see fit to attack Mega when it provides the user end to end encryption, security and privacy. They should be promoting efforts to make the Internet a safer and more trusted place. Protecting people’s privacy. That is Mega’s mission,” Gaylard says.

“We are requesting that Digital Citizens Alliance withdraw Mega from that report entirely and issue a public apology. If they do not then we will take further action,” he concludes.

TorrentFreak asked NetNames to comment on Mega’s displeasure and asked the company if it stands by its assertion that Mega is a “shadowy” cyberlocker. We received a response (although not directly to our questions) from David Price, NetNames’ head of piracy analysis.

“The NetNames report into cyberlocker operation is based on information taken from the websites of the thirty cyberlockers used for the research and our own investigation of this area, based on more than a decade of experience producing respected analysis exploring digital piracy and online distribution,” Price said.

That doesn’t sound like a retraction or an apology, so this developing dispute may have a way to go.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

TorrentFreak: Report Brands Dotcom’s Mega a Piracy Haven

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

profitThe most popular file-hosting sites, also known as cyberlockers, have millions of visitors per day.

In recent years many of these sites have gotten a bad reputation as they are frequently used to share copyrighted files.

Today the Digital Citizens Alliance released a new report (pdf) that looks into the profitability of these sites and services. Titled “Behind The Cyberlocker Door: A Report How Shadowy Cyberlockers Use Credit Card Companies to Make Millions,” it offers insight into the money streams that end up at these alleged pirate sites.

The study, carried out by NetNames and backed by the entertainment industry, uses information from the busted Megaupload service to estimate the earnings of various other sites. Based on these and other assumptions it concludes that the top cyberlockers generate an average $3.2 million per site per year.

“Overall, total annual revenue across the thirty cyberlockers equated to $96.2 million or $3.2 million per site. One site gathered $17.6m per year in revenue,” the report notes, adding that it’s a conservative estimate.

Estimated revenue and profit per direct download cyberlocker

The report brands these sites as piracy havens based on a sample of the files they host. All the sites that are listed are used predominantly for copyright infringement, they claim.

“The overwhelming use of cyberlockers is for content theft. Analysis of a sampling of the files on the thirty cyberlocker sites found that the vast majority of files were clearly infringing,” the report reads.

“At least 78.6 percent of files on direct download cyberlockers and 83.7 percent of files on streaming cyberlockers infringed copyright,” it adds.

Alleged “infringing” use per cyberlocker

Here’s where the researchers make a crucial mistake. The sample, where the percentage of allegedly infringing files is based on, is drawn from links that are posted publicly online. These are certainly not representative for the entire site, at least not in all cases.

For Mega the researchers looked at 500 files that were shared online. However, the overwhelming majority of Mega’s files, which number more than 500,000,000, are never shared in public.

Unlike some other sites in the report, Mega is a rather traditional cloud hosting provider that’s frequently used for personal backup, through its desktop client or mobile apps for example. The files that are shared in public are the exception here, probably less than one percent of the total.

There is no denying that there are shady and rogue sites that do profit heavily from piracy, but lumping all these sites together and branding them with a pirate label is flat-out wrong.

Aside from “exposing” the estimated profitability of the cyberlockers the report also has a secondary goal. It puts out a strong call to the credit card companies Visa and MasterCard, and hosting providers such as Cloudflare, urging them to cut their ties with these supposed pirate havens.

“They should take a hard look at the checkered history of their cyberlocker partners. Simply put, the businesses that simply exploit and expropriate the creative efforts of others do not occupy a legitimate place in the Internet ecosystem,” the report notes.

“Content theft is a cancer on the Internet. It introduces viruses and malware to computers, robs creators who rely on the Internet to sell their products, damages brands by associating them with illegal and inappropriate content and provides seed money for criminals to engage in other illegal activities,” it adds.

Hopefully future reports will have more nuance. At minimum they should make sure to have all the facts right, as that’s generally more convincing.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

Krebs on Security: Medical Records For Sale in Underground Stolen From Texas Life Insurance Firm

This post was syndicated from: Krebs on Security and was written by: BrianKrebs. Original post: at Krebs on Security

How much are your medical records worth in the cybercrime underground? This week, KrebsOnSecurity discovered medical records being sold in bulk for as little as $6.40 apiece. The digital documents, several of which were obtained by sources working with this publication, were apparently stolen from a Texas-based life insurance company that now says it is working with federal authorities on an investigation into a possible data breach.

The "Fraud Related" section of the Evolution Market.

The “Fraud Related” section of the Evolution Market.

Purloined medical records are among the many illicit goods for sale on the Evolution Market, a black market bazaar that traffics mostly in narcotics and fraud-related goods — including plenty of stolen financial data. Evolution cannot be reached from the regular Internet. Rather, visitors can only browse the site using Tor, software that helps users disguise their identity by bouncing their traffic between different servers, and by encrypting that traffic at every hop along the way.

Last week, a reader alerted this author to a merchant on Evolution Market nicknamed “ImperialRussia” who was advertising medical records for sale. ImperialRussia was hawking his goods as “fullz” — street slang for a package of all the personal and financial records that thieves would need to fraudulently open up new lines of credit in a person’s name.

Each document for sale by this seller includes the would-be identity theft victim’s name, their medical history, address, phone and driver license number, Social Security number, date of birth, bank name, routing number and checking/savings account number. Customers can purchase the records using the digital currency Bitcoin.

A set of five fullz retails for $40 ($8 per record). Buy 20 fullz and the price drops to $7 per record. Purchase 50 or more fullz, and the per record cost falls to just $6.40 — roughly the price of a value meal at a fast food restaurant. Incidentally, even at $8 per record, that’s cheaper than the price most stolen credit cards fetch on the underground markets.

Imperial Russia's ad on Evolution pimping medical and financial records stolen from a Texas life insurance firm.

Imperial Russia’s ad pimping medical and financial records stolen from a Texas life insurance firm.

“Live and Exclusive database of US FULLZ from an insurance company, particularly from NorthWestern region of U.S.,” ImperialRussia’s ad on Evolution enthuses. The pitch continues:

“Most of the fullz come with EXTRA FREEBIES inside as additional policyholders. All of the information is accurate and confirmed. Clients are from an insurance company database with GOOD to EXCELLENT credit score! I, myself was able to apply for credit cards valued from $2,000 – $10,000 with my fullz. Info can be used to apply for loans, credit cards, lines of credit, bank withdrawal, assume identity, account takeover.”

Sure enough, the source who alerted me to this listing had obtained numerous fullz from this seller. All of them contained the personal and financial information on people in the Northwest United States (mostly in Washington state) who’d applied for life insurance through American Income Life, an insurance firm based in Waco, Texas.

American Income Life referred all calls to the company’s parent firm — Torchmark Corp., an insurance holding company in McKinney, Texas. This publication shared with Torchmark the records obtained from Imperial Russia. In response, Michael Majors, vice president of investor relations at Torchmark, said that the FBI and Secret Service were assisting the company in an ongoing investigation, and that Torchmark expected to begin the process of notifying affected consumers this week.

“We’re aware of the matter and we’ve been working with law enforcement on an ongoing investigation,” Majors said, after reviewing the documents shared by KrebsOnSecurity. “It looks like we’re working on the same matter that you’re inquiring about.”

Majors declined to answer additional questions, such as whether Torchmark has uncovered the source of the data breach and stopped the leakage of customer records, or when the company believes the breach began. Interestingly, ImperialRussia’s first post offering this data is dated more than three months ago, on June 15, 2014. Likewise, the insurance application documents shared with Torchmark by this publication also were dated mid-2014.

The financial information in the stolen life insurance applications includes the checking and/or savings account information of the applicant, and is collected so that American Income can pre-authorize payments and automatic monthly debits in the event the policy is approved. In a four-page discussion thread on Imperial Russian’s sales page at Evolution, buyers of this stolen data took turns discussing the quality of the information and its various uses, such as how one can use automated phone systems to verify the available balance of an applicant’s bank account.

Jessica Johnson, a Washington state resident whose records were among those sold by ImperialRussia, said in a phone interview that she received a call from a credit bureau this week after identity thieves tried to open two new lines of credit in her name.

“It’s been a nightmare,” she said. “Yesterday, I had all these phone calls from the credit bureau because someone tried to open two new credit cards in my name. And the only reason they called me was because I already had a credit card with that company and the company thought it was weird, I guess.”

ImperialRussia discusses his wares with potential and previous buyers.

ImperialRussia discusses his wares with potential and previous buyers.

More than 1.8 million people were victims of medical ID theft in 2013, according to a report from the Ponemon Institute, an independent research group. I suspect that many of these folks had their medical records stolen and used to open new lines of credit in their names, or to conduct tax refund fraud with the Internal Revenue Service (IRS).

Placing a fraud alert or freeze on your credit file is a great way to block identity thieves from hijacking your good name. For pointers on how to do that, as well as other tips on how to avoid becoming a victim of ID theft, check out this story.

TorrentFreak: Search Engines Can Diminish Online Piracy, Research Finds

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

google-bayIn recent years Hollywood and the music industry have taken a rather aggressive approach against Google. The entertainment industry companies believe that the search engine isn’t doing enough to limit piracy, and have demanded more stringent measures.

One of the suggestions often made is to remove or demote pirate sites in search results. A lower ranking would lead fewer people to pirate sources and promoting legal sources will have a similar effect.

Google previously said it would lower the ranking of sites based on DMCA complaints, but thus far these changes have had a limited effect. A few weeks ago the company also began promoting legal options but this effort is in the testing phase for now.

The question that remains is whether these changes would indeed decrease piracy. According to new research from Carnegie Mellon University, they can.

In a paper titled “Do Search Engines Influence Media Piracy?” the researchers ran two experiments where they let participants use a custom search engine to find a movie they wanted to watch. The respondents could pick from a list of 50 titles and received a $20 prepaid virtual Visa card as compensation.

All search results were pulled from a popular search engine. In the control category the results were not manipulated, but in the “legal” and “infringing” conditions the first page only listed “legal” (e.g Amazon) and neutral (e.g IMDb) sites or “infringing” (e.g. Pirate Bay) and neutral sites respectively.

While it’s quite a simple manipulation, and even though users could still find legal and pirated content in all conditions, the results are rather strong.

Of all participants who saw the standard results, 80% chose to buy the movie via a legal option. This went up to 94% if the results were mostly legal, and dropped to 57% for the group who saw mostly infringing results on the first page.

To Pirate or Not to Pirate

TorrentFreak contacted Professor Rahul Telang who says that the findings suggest that Google and other search engines have a direct effect on people’s behavior, including the decision to pirate a movie.

“Prominence of legal versus infringing links in the search results seem to play a vital role in users decision to consume legal versus pirated content. In particular, demoting infringing links leads to lower rate of consumption of pirated movie content in our sample,” he notes.

In a second study the researchers carried out a slightly modified version of the experiment with college students, a group that tends to pirate more frequently. The second experiment also added two new conditions where only the first three results were altered, to see if “mild” manipulations would also have an effect.

The findings show that college students indeed pirate more as only 62% went for the legal option in the control condition. This percentage went up gradually to 76% with a “mild legal” manipulation, and to 92% in the legal condition. For the infringing manipulations the percentages dropped to 48% and 39% respectively.

To Pirate or Not to Pirate, take two

According to Professor Telang their findings suggest that even small changes can have a significant impact and that altering search algorithms can be instrumental in the fight against online piracy.

“The results suggest that the search engines may play an important role in fight against intellectual property theft,” Telang says.

It has to be noted that Professor Telang and his colleagues received a generous donation from the MPAA for their research program. However, the researchers suggest that their work is carried out independently.

As a word of caution the researchers point out that meddling with search results in the real world may be much more challenging. False positives could lead to significant social costs and should be avoided, for example.

This and other caveats aside, the MPAA and RIAA will welcome the study as a new piece of research they can wave at Google and lawmakers. Whether that will help them to get what they want has yet to be seen though.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

Errata Security: Hacker "weev" has left the United States

This post was syndicated from: Errata Security and was written by: Robert Graham. Original post: at Errata Security

Hacker Andrew “weev” Auernheimer, who was unjustly persecuted by the US government and recently freed after a year in jail when the courts agreed his constitutional rights had been violated, has now left the United States for a non-extradition country:

I wonder what that means. On one hand, he could go full black-hat and go on a hacking spree. Hacking doesn’t require anything more than a cheap laptop and a dial-up/satellite connection, so it can be done from anywhere in the world.

On the other hand, he could also go full white-hat. There is lots of useful white-hat research that we don’t do because of the chilling effect of government. For example, in our VNC research, we don’t test default password logins for some equipment, because this can be interpreted as violating the CFAA. However, if ‘weev’ never intends on traveling to an extradition country, it’s something he can do, and report the results to help us secure systems.

Thirdly, he can now freely speak out against the United States. Again, while we theoretically have the right to “free speech”, we see how those like Barret Brown are in jail purely because they spoke out against the police-state.

TorrentFreak: BitTorrent: Our Users Buy 33% More Music Albums Online

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

bittorrent-crimeBitTorrent Inc, the company behind the successful uTorrent and BitTorrent file-sharing clients, has been making huge efforts in recent times to shed the false image that the company is synonymous with online piracy.

One of the key ways it’s changing this perception is by partnering with well-known artists such as De La Soul, Moby and Madonna, and showing that BitTorrent is an ideal tool to connect artists with fans.

To provide some examples of what it can do, BitTorrent Inc. has made a distribution and advertising deck with success stories. Thus far more than 10,000 artists have used BitTorrent’s bundles, generating over 100 million downloads which convert into real sales.

Slide from BitTorrent’s advertising deck (via Digiday)

Aside from listing its successes the company also reports some intriguing statistics on the consumer behavior of its community.

On slide 12 BitTorrent Inc. notes that its community is 33% more likely to buy albums online, makes 34% more DVD purchases, watches 34% more movies in theater and is twice as likely to have a paid music subscription.

BitTorrent’s community

Because BitTorrent Inc provides no source for the data provided in this last slide we contacted the company last week to find out more. Unfortunately, we haven’t received a response thus far.

However, while writing this article we found that the numbers reported in the pitch deck trace back to one of our own articles. The data reported by BitTorrent Inc. comes from music industry group IFPI and details the buying habits of music pirates. BitTorrent Inc subsequently used these piracy statistics to sell its “community” to potential partners.

This is interesting for a variety of reasons. First, IFPI’s research doesn’t mention BitTorrent users, but file-sharing music pirates in general. Furthermore, since when does BitTorrent see “music pirates” as its community? Perhaps that’s the reason why the source for the data isn’t provided in the pitch deck (IFPI was mentioned as source in an earlier pitch deck).

That said, BitTorrent Inc is right to point out that file-sharers tend to be more engaged fans than the average person. Even the RIAA was willing to admit that.

It’s good to see that more and more artists, including many big names, are beginning to recognize this potential too. Even U2, whose former manager is one of the most vocal anti-piracy crusaders, has now decided to give away its latest album for free hoping that it will increase sales of older work. Without piracy, that would have never happened.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

TorrentFreak: Spotify: Aussie Music Piracy Down 20%

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

spotify-blackSince its launch Spotify always had a very clear goal in mind. Compete with piracy and make it obsolete.

To see how the company is faring on this front Spotify regularly researches piracy rates in countries where they enter the market. Thus far the results have been rather positive.

In 2012 the streaming service entered the Australian market and Spotify’s own research now shows that music piracy via BitTorrent dropped significantly during the following year.

In a keynote speech at the BIGSOUND music conference today, Spotify’s Director of Economics Will Page reveals that the volume of music piracy has decreased 20% between 2012 and 2013. Similarly, the number of people sharing music via BitTorrent in Australia has gone down too.

“It’s exciting to see that we are making inroads into reducing the music piracy problem within such a short space of time in this market,” Page says.

“It shows the scope for superior legal services (offered at an accessible price point) to help improve the climate for copyright online,” he adds.

While the overall volume is down not all pirates are giving up their habit. The research found that it’s mostly the casual file-sharers who stop sharing, while the hard-core pirates remain just as active as before.

Also worth noting is that interest in illegal music downloads pales in comparison to that of other media. The research found that the demand for TV-shows and movies is four times that of music.

Spotify suggests that it’s partly responsible for the drop in music piracy, but doesn’t say to what extent. It’s also not clear how the demand for and volume of other forms of piracy changed in the same time period.

Page sees the drop in music piracy as an encouraging sign, but notes that more has to be done. While Spotify’s Director of Economics doesn’t comment on specific anti-piracy proposals the Government has put forward, he does stress that both carrots and sticks are required to address the issue.

“Let’s be clear, Australia still faces a massive challenge in turning around its much talked about media piracy challenge, and it always has, and always will, take a combination of public policy and superior legal offerings,” page says.

“The downward trend in piracy volume and population suggests superior music legal services like Spotify are making a positive impact, and this has proven to be the case in Scandinavia, but it will take both carrots and sticks to turn the market around.”

The research seems to suggest that services like Spotify are reasonably good carrots, but what the sticks look like will have to become clear in the months to come.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

Errata Security: Vuln bounties are now the norm

This post was syndicated from: Errata Security and was written by: Robert Graham. Original post: at Errata Security

When you get sued for a cybersecurity breach (such as in the recent Home Depot case), one of the questions will be “did you follow industry norms?”. Your opposition will hire expert witnesses like me to say “no, they didn’t”.

One of those norms you fail at is “Do you have a vuln bounty program?”. These are programs that pay hackers to research and disclose vulnerabilities (bugs) in their products/services. Such bounty programs have proven their worth at companies like Google and Mozilla, and have spread through the industry. The experts in our industry agree: due-diligence in cybersecurity means that you give others an incentive to find and disclose vulnerabilities. Contrariwise, anti-diligence is threatening, suing, and prosecuting hackers for disclosing your vulnerabilities.

There are now two great bounty-as-a-service*** companies “HackerOne” and “BugCrowd” that will help you run such a program. I don’t know how much it costs, but looking at their long customer lists, I assume it’s not too much.

I point this out because a lot of Internet companies have either announced their own programs, or signed onto the above two services, such as the recent announcement by Twitter. All us experts think it’s a great idea and that the tradeoffs are minor. I mean, a lot of us understand tradeoffs, such as why HTTPS is difficult for your website — we don’t see important tradeoffs for vuln bounties. It is now valid to describe this as a “norm” for cybersecurity.

By the way, I offer $100 in BitCoin for vulns in my tools that I publish on GitHub:

*** Hacker1 isn’t a “bounty-as-a-service” company but a “vuln coordination”. However, all the high-profile customers they highlight offer bounties, so it comes out to much the same thing. They might not handle the bounties directly, but they are certainly helping the bounty process.

Update: One important tradeoff is that is that such bounty programs attract a lot of noise from idiots, such as “your website doesn’t use SSL, now gimme my bounty” [from @beauwoods]. Therefore, even if you have no vulnerabilities, there is some cost to such programs. That’s why BugCrowd and Hacker1 are useful: they can more efficiently sift through the noise than your own organization. However, this highlights a problem in your organization: if you don’t have the expertise to filter through such noise (and many organizations don’t), then you don’t have the expertise to run a bug bounty program. However, this also means you aren’t in a position to be trusted.

Update: Another cost [from @JardineSoftware] is that by encouraging people to test your site, you’ll increase the number of false-positives on your IDS. It’ll be harder now to distinguish testers from attackers. That’s not a concern: the real issue is that you spend far too much time looking at inbound attacks already and not enough at successful outbound exfiltration of data. If encouraging testers doubles the number of IDS alerts, then that’s a good thing not a bad thing.

Update: You want to learn about cybersecurity? Then just read what’s in/out of scope for the Yahoo! bounty:

TorrentFreak: Breaking Bad Piracy Surges After Emmy Win, Research Finds

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

bbPeople have many different motivations to pirate TV-shows and other media. Availability is a factor, for example, and price plays a role as well.

Another important driver of piracy is exposure or promotion through traditional media.

The latter is illustrated by new research from piracy monitoring firm CEG TEK, who found that the interest in pirated copies of Emmy nominated TV-shows surged after the award show aired on television.

The company measured the BitTorrent swarms of 50 Emmy-nominated TV-shows and found a big spike in overall piracy rates.

Breaking Bad, winner of the Emmy for best drama series and several individual awards, saw a 412% increase in peers after the award ceremony.

Pirate’s interest in True Detective, House of Cards, Homeland and The Newsroom also spiked at least 340% the day after the Emmys. These peaks are unusual according to CEG TEK, who note of the 47 of the 50 nominated shows they monitored saw an increase in sharing activity.

“Typically, piracy peaks on weekends, but of the 50 shows we monitored, 47 were pirated more as a result of the Primetime Emmy Awards broadcast,” CEG TEK CTO Jon Nicolini says.

“Clearly, the prestige of the Emmys is alive and well,” he adds.

While an Emmy award is certainly a big win, some people in the TV industry believe that being the most pirated TV-show may do even more to boost a show’s profile.

Jeff Bewkes, CEO of HBO’s parent company Time Warner, previously said that Game of Thrones piracy resulted in more subscriptions for his company and that receiving the title of “most pirated” show was “better than an Emmy.”

So that’s a double score for the Emmy winners then.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

The Hacker Factor Blog: The Naked Truth

This post was syndicated from: The Hacker Factor Blog and was written by: The Hacker Factor Blog. Original post: at The Hacker Factor Blog

Warning: This blog entry discusses adult content.

In my previous blog entry, I wrote about the auto-ban system at FotoForensics. This system is designed to detect network attacks and prohibited content. Beginning yesterday, the system has been getting a serious workout. Over 600 people have been auto-banned. After 30 hours, the load is just beginning to ebb.

Yesterday on 4chan (the land of trolls), someone posted a long list of “celebrity nude photos”. Let me be blunt: they are all fakes. Some with heads pasted onto bodies, others have clothing digitally removed — and it’s all pretty poorly done. (Then again: if it came from the site that gave us Rickrolling and Pedobear, did anyone expect them to be real?)

Plenty of news outlets are reporting on this as if it was a massive data security leak. Except that there was no exploit beyond some very creepy and disturbed person with photoshop. (Seriously: to create this many fakes strikes me as a mental disorder from someone who is likely a sex offender.) When actress Victoria Justice tweeted that the pictures are fake, she was telling the truth. They are all fakes.

Unfortunately in this case, when people think photos may be fake, they upload them to FotoForensics. Since FotoForensics has a zero-tolerance policy related to porn, nudity, and sexually explicit content, every single person who uploads any of these pictures is banned. All of them. Banned for three months. And if they don’t get the hint and visit during the three-month ban, then the ban counter resets — it’s a three month ban from your last visit.

Why Ban?

I have previously written about why FotoForensics bans some content. To summarize the main reasons: we want less-biased content (not “50% porn”), we want to stay off blacklists that would prevent access from our desired user base, and we want to reduce the amount of child porn uploaded to the site.

As a service provider, I am a mandatory reporter. I don’t have the option to not report people who upload child porn. Either I turn you in and you get a felony, or I don’t turn you in and I get a felony. So, I’m turning you in ASAP. (As one law enforcement officer remarked after reviewing a report I submitted, “Wait… you’re telling me that they uploading child porn to a site named ‘Forensics’ and run by a company called ‘Hacker’?” I could hear her partners laughing in the background. “We don’t catch the smart ones.”)

By banning all porn, nudity, and sexually explicit content, it dramatically reduces the number of users who upload child porn. It also keeps the site workplace-safe and it stops porn from biasing the data archive.

The zero-tolerance policy at FotoForensics is really no different from the terms of service at Google, Facebook, Yahoo, Twitter, Reddit, and every other major service provider. All of them explicitly forbid child porn (because it’s a felony), and most just forbid all pornography and sexually explicit content because they know that sites without filters have problems with child porn.

Unfortunately, there’s another well-established trend at FotoForensics. Whenever there is a burst of activity, it is followed by people who upload porn, and then followed by people uploading child porn. This current trend (uploading fake nude celebrities) is a huge current trend. Already, we are seeing the switch over to regular porn. That means we are gearing up to report tons of child porn that will likely show up over the next few days. (This is the part of my job that I hate. I don’t hate reporting people — that’s fun and I hope they all get arrested. I hate having my admins and research partners potentially come across child porn.)

Coming Soon…

Over at FotoForensics, we have a lot of different research projects. Some of them are designed to identify fads and trends, while others are looking for ways to better conduct forensics. One of the research projects is focused on more accurately identifying prohibited content. These are all part of the auto-ban system.

Auto-ban has a dozen independent functions and a couple of reporting levels. Some people get banned instantly. Others get flagged for review based on suspicious activity or content. Some flagged content generates a warning for the user. The warning basically says that this is a family friendly site and makes the user agree that they are not uploading prohibited content. Other times content is silently flagged — the user never notices it, but it goes into the list of content for manual review and potential banning. (Even the review process is simplified: one person can easily review a few thousand files per hour.)

We typically deploy a new function as a flagging tool until it is well-tested. We want zero false-positives before we make banning automated. (Over the last 48 hours, auto-ban has banned over 600 people and flagged another 400 for review and manual banning.)

One of the current flagging rules is a high-performance and high-accuracy search engine that identifies visually similar content. (I’m not using the specific algorithms mentioned in my blog entry, but they are close enough to understand the concept.) This system can compare one BILLION hashes per second per CPU per gigahertz, and it scales linearly. (One 3.3GHz CPU can process nearly 3 billion hashes per second — it would be faster if it wasn’t I/O bound. And I don’t use a GPU because loading and unloading the GPU would take more time than just doing the comparisons on the basic CPU.) To put it simply, it will take a fraction of a second to compare every new upload against the list of known prohibited content. And if there’s a strong match, then we know it is the same picture, even if it has been resized, recolored, cropped, etc.

The last two days have been a great stress test for this new profiling system. I don’t think we missed banning any of these prohibited pictures. Later this week, it is going to graduate and become fully automated. Then we can begin banning people as fast as they upload.

TorrentFreak: MPAA Research: Blocking The Pirate Bay Works, So…..

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

blocktpb1Website blocking has become one of the favorite anti-piracy tools of the entertainment industries in recent years.

The UK is a leader on this front, with the High Court ordering local ISPs to block access to dozens of popular file-sharing sites, including The Pirate Bay and KickassTorrents.

Not everyone is equally excited about these measures and researchers have called their effectiveness into question. This prompted a Dutch court to lift The Pirate Bay blockade a few months ago. The MPAA, however, hopes to change the tide and prove these researchers wrong.

Earlier today Hollywood’s anti-piracy wish list was revealed through a leaked draft various copyright groups plan to submit to the Australian Government. Buried deep in the report is a rather intriguing statement that refers to internal MPAA research regarding website blockades.

“Recent research of the effectiveness of site blocking orders in the UK found that visits to infringing sites blocked declined by more than 90% in total during the measurement period or by 74.5% when proxy sites are included,” it reads.

MPAA internal research

In other words, MPAA’s own data shows that website blockades do help to deter piracy. Without further details on the methodology it’s hard to evaluate the findings, other than to say that they conflict with previous results.

But there is perhaps an even more interesting angle to the passage than the results themselves.

Why would the MPAA take an interest in the UK blockades when Hollywood has its own anti-piracy outfit (FACT) there? Could it be that the MPAA is planning to push for website blockades in the United States?

This is not the first sign to point in that direction. Two months ago MPAA boss Chris Dodd said that ISP blockades are one of the most effective anti-tools available.

Combine the above with the fact that the United States is by far the biggest traffic source for The Pirate Bay, and slowly the pieces of the puzzle begin to fall into place.

It seems only a matter of time before the MPAA makes a move towards website blocking in the United States. Whether that’s through a voluntary agreement or via the courts, something is bound to happen.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

Raspberry Pi: Sonic Pi: Live & Coding Summer School

This post was syndicated from: Raspberry Pi and was written by: Carrie Anne Philbin. Original post: at Raspberry Pi

Carrie Anne – I have an ongoing long-term love affair with Sonic Pi ever since Dr Sam Aaron from the University of Cambridge introduced me to it in late 2012 to help me teach text-based programming to my students. Since then it has been used to teach music and artistic expression thanks to the Sonic Pi Live & Coding project, which I’ll talk more about in the coming months as it reaches its conclusion. A few weeks ago 60 children took part in a Sonic Pi Live & Coding summer school run by artists Juneau Projects at the Cambridge Junction. Here, in their own words, is their take on the experience:

Sonic Pi Live & Coding summer school

Sonic Pi Live & Coding summer school

The Sonic Pi Live & Coding summer school finished just over three weeks ago, and yet our heads are still full of it! It was a brilliant week where 56 children aged between 10 and 14 years spent the week at the Cambridge Junction, working amazingly hard not only to get to grips with the language of live coding, but also learning how to finesse that language and perform with it using Sonic Pi on Raspberry Pi. It was a beautiful thing to be a part of. Over the course of five days the students went from having never used Sonic Pi before to putting on a concert for an invited audience, incorporating never-before-seen software functions (literally added on the spot by Sam Aaron – the brains behind Sonic Pi – to help realise the students’ ambitions) and incredible showmanship!

Juneau Projects artists Ben &

Juneau Projects artists Ben & Phil

The plan for the week was not only to introduce the students to the technical aspects of Sonic Pi (i.e. how do you make a sound, and then make it sound how you want it to sound etc) but to offer an overview of what live coding sounds like and looks like and what it might become in the students’ hands. To this end we were lucky enough to see performances by Thor Magnusson, Shelly Knotts and Sam Aaron himself (wearing an incredible cyberpunk/wizard get-up – it’s amazing what a party hat and a pair of novelty sunglasses can do). The students were able to quiz the performers, who were all very open about their practice, and to get a sense not only of how these performers do what they do on-stage but also of why they do what they do.

Sam gives a performance to the students

Sam gives a performance to the students

The summer school was delivered by a great team that we were proud to be part of: Ben Smith, Ross Wilson (both professional musicians) and Jane Stott (head of music at Freman College) had all been part of the initial schools project during the summer term (at Freman College and Coleridge Community College) and brought their experience from those projects to help the students at the summer school on their journey into live coding. Michelle Brace, Laura Norman and Mike Smith did an amazing job of keeping everything moving smoothly over the course of the week, and in addition Michelle did a brilliant job of keeping everybody on track with the Bronze Arts Award that the students were working towards as part of the week, as well as project managing the whole thing! Pam Burnard and Franzi Florack were working on the research component of the project, interviewing students, observing the process of the week and feeding back to us – their feedback was invaluable in terms of keeping the week moving forward in a meaningful way. We had visits from Carrie Anne Philbin and Eben Upton from Raspberry Pi who supported the project throughout. Finally Sam Aaron was resident Sonic Pi guru, handling all those questions that no-one else could answer and being a general all-round ball of live coding enthusiasm.


Buttons + Sonic Pi + Raspberry Pi = Fun

The week held many highlights: the first ever Sonic Pi live coding battle (featuring 56 combatants!); live ambient soundtracks produced by thirty students playing together, conducted by Ross Wilson; Sonic Pi X Factor; and great guest performances by Thor and Shelly. From our perspective though there was no topping the final event. The students worked in self-selected groups to produce a final project. For many this was a live coding performance but the projects also included bespoke controllers designed to aid the learning process of getting to grips with Sonic Pi; ambient soundtrack installations; and a robotic performer (called ‘Pitron’).

The performances themselves were really varied in terms of the sounds and techniques used, but were universally entertaining and demonstrated the amount of information and knowledge the students had absorbed during the week. One group used live instruments fed directly into Sonic Pi, using a new function that Sam coded during the summer school – a Sonic Pi exclusive! A personal highlight were the Sonic Pi-oneers, a seven piece live coding group who blew the crowd away with the breadth of their live coding skills. They’re already being tipped as the One Direction of the live coding world. Another great moment was Pitron’s appearance on stage: Pitron’s creator, Ben, delivered an incredible routine, using lots of live coding skills in combination with genius comedy timing.


Live coding of music with Sonic Pi, instruments and installations.

All in all the summer school was a phenomenal thing to be a part of. We have never quite experienced anything like it before – it truly felt like the start of something new!