O2 says net piracy letters ‘bully’ web users;Mobile network slams tactics used by law firm

O2 has slammed a UK law firm for issuing letters to web users suspected of illegal file-sharing, saying they "bully or threaten" consumers.

In January, it was revealed that ACS:Law had issued letters to around 150 Brits, claiming they had illegally downloaded content from the web.

ACS:Law said it was acting on behalf of DigiProtect, an anti-piracy firm that represents a number of copyright holders, and the recipient was required to pay a £500 fine and sign a legal undertaking agreeing not to illegally file-share in the future.

O2 said it was "legally obliged" to provide the law firm with contact details for a number of its customers after IP addresses belonging to the ISP were identified as having taken part in illegal file-sharing.

The mobile network said it preferred the "win-win approach of encouraging the development of new business models that offer customers the content they want, how they want it, for a fair price".

However, Andrew Crossley of ACS: Law said the letters did not bully or threaten anyone.


Viacom Makes Its Case Against Yesterday’s YouTube

Today, after three years of litigation, the Viacom v. YouTube combatants finally publicly released their briefs (Viacom’s; YouTube’s; Class Action Plaintiffs’) in what most expect to be the main event in the case, namely, cross-motions for summary judgment (for the non-lawyers: a summary judgment motion asks the court to rule that the case is such a slam dunk in your favor that no trial is necessary).

One surprise from Viacom is a concession that it basically has no beef with YouTube as it has been run since May 2008: "[W]e do not ask the Court to address potential liability for post-May 2008 infringement in this motion and, if Viacom’s summary judgment motion is granted, do not intend to do so at trial." What happened in May 2008? That would be when YouTube launched its Content ID system, enabling copyright owners to "claim" their content and decide whether it will be blocked or monetized on YouTube.

In other words, this case isn’t really about YouTube (at least YouTube circa 2010). It’s about Viacom’s effort to get the court to re-write the DMCA safe harbors to require everyone else to implement (and pay for) copyright filtering. If Viacom succeeds, it would radically change the innovation environment for all Internet companies that depend on the DMCA safe harbors.


Look out for these 4 Census scams

The 2010 U.S. Census survey will be mailed to all U.S. residents in mid-March, opening the door to con artists who will use the program as an opportunity to swindle people out of their money and their identity.

The U.S. Better Business Bureau, in Arlington, Va., warns consumers to be on guard for online and in-person Census fraudsters in the coming months, says spokeswoman Alison Southwick.

The Census questionnaire asks 10 questions, none involving personal financial information such as bank account or credit card numbers or your Social Security number.

"We are warning people to beware of phishing e-mails that purport to be from the Census Bureau, (as well as) phone calls, knocks on the door and mail, basically all forms of contact where people are asked for financially sensitive information such as their Social Security number or bank account numbers," says Southwick.

Read more about some ways that scammers may try to deceive you and what you should do in http://www.bankrate.com/finance/personal-finance/look-out-for-these-4-census-scams-1.aspx

Police want tighter domain registration rules

ICANN pushed to keep better details of domain owners

Law enforcement officials in the UK and US are pushing the Internet Corporation for Assigned Names and Numbers to put in place measures that would help reduce abuse of the domain name system.

Now it is "ridiculously easy" to register a domain name under false details, said Paul Hoare, senior manager and head of e-crime operations for the UK’s Serious Organised Crime Agency (SOCA). Domain names can be used for all kinds of criminal activity, ranging from phishing to trademark abuse to facilitating botnets. Law enforcement often run into difficulty when investigating those domains, as criminals use false details and stolen credit cards.

The FBI and SOCA have submitted a set of recommendations to ICANN for how it could strengthen Registration Accreditation Agreements (RAAs). The agreement is a set of terms and conditions that a registrar, an entity that can accept domain name registrations, would be subject to in order to run their business. ICANN’s RAA applies to registrars for generic top-level domains (gTLDs), such as ".com."

The ideas from the FBI and SOCA have not been publicly revealed but include stronger verification of registrants’ name, address, phone number, e-mail address and stronger checks on how they pay for a domain name, Hoare said. Those financial checks are already done for e-commerce transactions, so "there’s no reason why the registries and domain registrars can’t do the same thing," Hoare said. Many registrars and registries already do this, he said.


Shopping website hacked with malware

Online bargain hunters had their shopping expeditions disrupted when Google discovered malware or malicious software hidden on a major Australian retail website.

Visitors to DealsDirect.com.au using Google Chrome, Firefox and Internet Explorer browsers on Friday received warnings the site could harm computers due to a malware hosting threat.

The site sells household goods, furniture and electronics.

DealsDirect spokeswoman Elisha Booth told Fairfax the malicious code had been removed and people were able to return to safe online shopping on Friday afternoon.


IE8, iPhone will fall first day of hacking contest, predicts organizer

Pwn2Own sponsor bets researchers will hack Windows 7, Microsoft’s browser, Apple’s phone

Microsoft’s Internet Explorer 8, not Apple’s Safari, will be the first browser to fall in next week’s Pwn2Own hacking challenge, the contest organizer said today.

Aaron Portnoy, security research team lead with 3Com TippingPoint, the sponsor of Pwn2Own, also predicted that Apple’s iPhone will be the only smartphone hacked during the contest, which starts March 24.

Portnoy, who organized the fourth annual Pwn2Own, changed his predictions from earlier bets he made a month ago because of new information he received from researchers who have registered for the contest. Previously, Portnoy said that Apple’s browser would crumble before rivals from Google, Microsoft and Mozilla; he had also declined to speculate on which mobile phone, if any, would collapse under attack.


Wow! Windows XP Mode now accessible to more PCs but you need WAT.

From Windows 7 Team Blog:

We’re announcing an update to Windows XP Mode today that will make it a more accessible to PCs in small and midsize businesses who want to migrate to Windows 7 Professional but have applications that still require Windows XP. Windows XP Mode will no longer require hardware virtualization technology to run. This change makes it extremely easy for businesses to use Windows XP Mode to address any application incompatibility roadblocks they might have in migrating to Windows 7. Windows XP Mode will of course continue to use hardware virtualization technology such as Intel VT (Intel Virtualization Technology) or AMD-V if available. You can find more information and download the update which will go live later today here.

More details in http://windowsteamblog.com/blogs/windows7/archive/2010/03/18/windows-xp-mode-now-accessible-to-more-pcs.aspx

Note: Before you can download XP Mode and Virtual PC, you will need to allow installation of Windows Action Technology (WAT).  Open Windows Update application to download Windows Activation Technologies Update for Windows 7 (KB971033) or simply visit http://www.windows.com/xpmode, choose your download and allow WAT to run/install.

Jericho Forum Offers Free Security Product Assessment Tool

‘Nasty questions’ to ask your security vendors

International cloud security group Jericho Forum has created a free self-assessment tool for security vendors and buyers to determine the security of their products — namely in cloud-based environments.

The Jericho Forum’s Self-Assessment Scheme is for security vendors that want to check whether their products are cloud-ready, and for prospective buyers who want to vet those products. The tool is based on the forum’s 11 commandments for security, which are basically a checklist that can be used in RFPs. It asks direct questions intended to expose security flaws or potential loopholes in products, and includes a scoring process.

Vendors will be able to add a Jericho Forum "Self-Assessed" logo on their Websites, according to the Forum.

Bob West, founder and CEO of EchelonOne and a Jericho Forum board member, says he envisions the tool as an overall scorecard. "I see this as being part of a requirements document or checklist," West says. "It’s looking at a particular technology and incorporating it into a broader context." […]

The tool can be downloaded here (PDF).


New Free Service Filters Twitter Spam

Spamdetector sniffs out spammer accounts, which Twitter then deletes

Researchers recently launched a free spam-filtering service for Twitter that flags offenders for the microblogging service, which, in turn, removes the offending accounts.

The Spamdetector service crawls Twitter, using heuristics to detect spam accounts. Gianluca Stringhini, the researcher heading up the service, says the tool has a low false-positive rate.

"Around a year ago, we started observing these [social] networks, looking for malicious traffic…spammers show a very different behavior compared to real users, and therefore we were able to build a system that can detect them in a reliable way," says Stringhini, a researcher at the University of California-Santa Barbara.

Twitter already offers its users a button for reporting possible spam, but it relies on the user to spot suspicious tweets. The social network last week also added a new service that detects malicious URLs in an effort to quell the rise in spam and phishing on the network. It ultimately will scan all URLs before they hit the Twitter feed, but initially is doing so only for URLs sent via Twitter direct messages [DMs] and email notifications about DMs.

To be sure, abuse on Twitter is on the rise: One in eight Twitter accounts was found to be suspicious, malicious, or suspended last year, according to a recent report from Barracuda Networks. And Twitter itself currently finds 3 to 4 percent of accounts to be malicious, according to Barracuda’s data.


Mac OS X: "safer, but less secure"

Security expert Charlie Miller intends to disclose a potentially record-breaking 20 zero day security holes in Apple’s Mac OS X in one fell swoop. The details are to be revealed in his presentation at the Canadian CanSecWest security conference next week. Miller, who is already known for having discovered a number of bugs in Mac OS X, talked with heise Security, The H’s German associates, about his new findings and about the security of Apple’s operating system beforehand.

The approximately 20 zero-day holes are contained in closed source Apple products, said Miller. "OS X has a large attack surface consisting of open source components (i.e. webkit, libz, etc), closed source 3rd party components (Flash), and closed source Apple components (Preview, mdnsresponder, etc). Bugs in any of these types of components can lead to remote compromise", he emphasised.

Miller discovered the new vulnerabilities by fuzzing, a process which involves bombarding an application’s input channels with as much corrupted data as possible. His presentation is subtitled: "An analysis of fuzzing 4 products with 5 lines of Python". The expert explained: "The talk is about what you really find when you fuzz and it tries to draw conclusions about what to expect in the future when you fuzz a mature product." Parts of the presentation apparently consist of statistics, for instance, about which percentage of flaws causes crashes, and which percentage can be exploited remotely.