Airgap-Jumping Malware May Use Ultrasonic Networking To Communicate

Hugh Pickens DOT Com writes “Dan Goodwin writes at Ars Technica about a rootkit that seems straight out of a science-fiction thriller. According to security consultant Dragos Ruiu one day his MacBook Air, on which he had just installed a fresh copy of OS X, spontaneously updated the firmware that helps it boot. Stranger still, when Ruiu then tried to boot the machine off a CD ROM, it refused and he also found that the machine could delete data and undo configuration changes with no prompting. Next a computer running the Open BSD operating system also began to modify its settings and delete its data without explanation or prompting and further investigation showed that multiple variants of Windows and Linux were also affected. But the story gets stranger still. Ruiu began observing encrypted data packets being sent to and from an infected laptop that had no obvious network connection with—but was in close proximity to—another badBIOS-infected computer. The packets were transmitted even when the laptop had its Wi-Fi and Bluetooth cards removed. Ruiu also disconnected the machine’s power cord so it ran only on battery to rule out the possibility it was receiving signals over the electrical connection. Even then, forensic tools showed the packets continued to flow over the airgapped machine. Then, when Ruiu removed internal speaker and microphone connected to the airgapped machine, the packets suddenly stopped. With the speakers and mic intact, Ruiu said, the isolated computer seemed to be using the high-frequency connection to maintain the integrity of the badBIOS infection as he worked to dismantle software components the malware relied on. It’s too early to say with confidence that what Ruiu has been observing is a USB-transmitted rootkit that can burrow into a computer’s lowest levels and use it as a jumping off point to infect a variety of operating systems with malware that can’t be detected. It’s even harder to know for sure that infected systems are using high-frequency sounds to communicate with isolated machines. But after almost two weeks of online discussion, no one has been able to rule out these troubling scenarios, either. ‘It looks like the state of the art in intrusion stuff is a lot more advanced than we assumed it was,’ says Ruiu. ‘The take-away from this is a lot of our forensic procedures are weak when faced with challenges like this. A lot of companies have to take a lot more care when they use forensic data if they’re faced with sophisticated attackers.'”

Share on Google+

Read more of this story at Slashdot.




Airgap-Jumping Malware May Use Ultrasonic Networking To Communicate

Hugh Pickens DOT Com writes “Dan Goodwin writes at Ars Technica about a rootkit that seems straight out of a science-fiction thriller. According to security consultant Dragos Ruiu one day his MacBook Air, on which he had just installed a fresh copy of OS X, spontaneously updated the firmware that helps it boot. Stranger still, when Ruiu then tried to boot the machine off a CD ROM, it refused and he also found that the machine could delete data and undo configuration changes with no prompting. Next a computer running the Open BSD operating system also began to modify its settings and delete its data without explanation or prompting and further investigation showed that multiple variants of Windows and Linux were also affected. But the story gets stranger still. Ruiu began observing encrypted data packets being sent to and from an infected laptop that had no obvious network connection with—but was in close proximity to—another badBIOS-infected computer. The packets were transmitted even when the laptop had its Wi-Fi and Bluetooth cards removed. Ruiu also disconnected the machine’s power cord so it ran only on battery to rule out the possibility it was receiving signals over the electrical connection. Even then, forensic tools showed the packets continued to flow over the airgapped machine. Then, when Ruiu removed internal speaker and microphone connected to the airgapped machine, the packets suddenly stopped. With the speakers and mic intact, Ruiu said, the isolated computer seemed to be using the high-frequency connection to maintain the integrity of the badBIOS infection as he worked to dismantle software components the malware relied on. It’s too early to say with confidence that what Ruiu has been observing is a USB-transmitted rootkit that can burrow into a computer’s lowest levels and use it as a jumping off point to infect a variety of operating systems with malware that can’t be detected. It’s even harder to know for sure that infected systems are using high-frequency sounds to communicate with isolated machines. But after almost two weeks of online discussion, no one has been able to rule out these troubling scenarios, either. ‘It looks like the state of the art in intrusion stuff is a lot more advanced than we assumed it was,’ says Ruiu. ‘The take-away from this is a lot of our forensic procedures are weak when faced with challenges like this. A lot of companies have to take a lot more care when they use forensic data if they’re faced with sophisticated attackers.'”

Share on Google+

Read more of this story at Slashdot.




The Copyright Monopoly Can Only Be Enforced With Mass Wiretapping, And Must Therefore Be Torpedoed

cameraspyThe copyright monopoly debate started with an assertion from the monopolists that “no artist can make money without having a complete monopoly on every form of distribution”.

This is obviously false, most easily observed by looking at the millions of works under Creative Commons licenses, where artists have renounced their already-awarded copyright monopoly rights.

When this is pointed out to copyright monopoly fundamentalists, who begrudgingly have to admit the existence of Creative Commons, they frequently shift stances and say it should be up to every individual creator what distribution they would allow of their book, painting, or guitar piece. They argue that the “distribution control of the author” is some kind of right that has no side effects at all.

Few things could be more deranged and out of touch with reality.

Today, noncommercial distribution of works under the copyright monopoly take place in our private communications, intermixed with our most private data that leave and arrive at our devices. You can’t tell one type of data from the other without looking at all of it, so the only way to discover copyright monopoly violations is by mass wiretapping and mass surveillance.

This means that enforcement of the copyright monopoly has become mutually exclusive with private communications as a concept, which is why the copyright monopoly must take a rather large step back into brain-undamaged territory.

This means that allowing every author to control distribution of their book – including me and my swarm leadership book Swarmwise – would give each and every one of those authors the right to wiretap and censor every individual on the planet. That’s the very real, and very insane, consequence.

Let’s take that again, because it is key to the whole copyright monopoly debate today: it was never about the money, it was about the fact that you can’t enforce the copyright monopoly without mass wiretapping, censorship, and intrusive mass surveillance. This is also why you see the copyright industry relentlessly pushing for just that – for example, when they sued Eircom for the right to install the copyright industry’s wiretapping and censorship equipment in the deepest of the Irish internet hubs. The audacity, it burns!

You cannot say that freedom of speech and the secrecy of private correspondence applies to some types of data (mail, surfing, communications) but not to other types (transmissions of works under copyright monopoly), because the only way to tell which is which is to break the secret of correspondence in the first place. You can’t tell if the contents of a letter is legal or illegal without opening it, reading it, and sorting it based on your findings. This monopoly enforcement breaks centuries of civil liberties.

This is also why the common and dismissive counter-argument from copyright monopolists along the lines of “you’re just spoiled brats who don’t want to pay” is such an enraging insult. In Sweden, there’s a saying that “the mouth speaks of what fills the mind”. Monopolists may only care about money, but I don’t care about that and I never did – the copyright monopoly conflict was always a deep civil liberties issue, where the monopoly has become incompatible with fundamental civil liberties for the entire online generation.

Therefore, the copyright monopoly needs to give way.

The copyright monopoly needs to be permanently and irrevocably scaled back in legislation. Until it is, it is everybody’s duty to undermine it in favor of the communications secret and freedom of speech that have always covered private communications.

In the words of the Freenet philosophy: “You cannot have both copyright monopoly enforcement and freedom of speech. Therefore, any technology designed to promote and protect freedom of speech must by necessity prevent copyright monopoly enforcement.”

About The Author

Rick Falkvinge is a regular columnist on TorrentFreak, sharing his thoughts every other week. He is the founder of the Swedish and first Pirate Party, a whisky aficionado, and a low-altitude motorcycle pilot. His blog at falkvinge.net focuses on information policy.

Book Falkvinge as speaker?

Follow @Falkvinge

Source: The Copyright Monopoly Can Only Be Enforced With Mass Wiretapping, And Must Therefore Be Torpedoed

Piracy Isn’t Killing The Entertainment Industry, Scholars Show

lbeOver the past years there have been ample research reports showing that file-sharing can have positive effects on the entertainment industries.

Industry lobbyists are often quick to dismiss these findings as incidents or weak research, and counter them with expensive studies they have commissioned themselves.

The London School of Economics and Political Science (LSE) jumps into the discussion this week with a media policy brief urging the UK Government to look beyond the reports lobbyists hand to them. Their report concludes that the entertainment industry isn’t devastated by piracy, and that sharing of culture has several benefits.

“Contrary to the industry claims, the music industry is not in terminal decline, but still holding ground and showing healthy profits. Revenues from digital sales, subscription services, streaming and live performances compensate for the decline in revenues from the sale of CDs or records,” says Bart Cammaerts, LSE Senior Lecturer and one of the report’s authors.

The report shows that the entertainment industries are actually doing quite well. The digital gaming industry is thriving, the publishing sector is stable, and the U.S. film industry is breaking record after record.

“Despite the Motion Picture Association of America’s (MPAA) claim that online piracy is devastating the movie industry, Hollywood achieved record-breaking global box office revenues of $35 billion in 2012, a 6% increase over 2011,” the report reads.

Even the music industry is doing relatively well. Revenue from concerts, publishing and digital sales has increased significantly since the early 2000s and while recorded music revenues show a decline, there is little evidence that piracy is the lead cause.

“The music industry may be stagnating, but the drastic decline in revenues warned of by the lobby associations of record labels is not in evidence,” the report concludes.

Music industry revenue

musicgraph

The authors further argue that file-sharing can actually benefit the creative industries in various ways.

The report mentions the success of the SoundCloud service where artists can share their work for free through Creative Commons licenses, the promotional effect of YouTube where copyrighted songs are shared to promote sales, and the fact that research shows that file-sharers actually spend more money on entertainment than those who don’t share.

“Within the creative industries there is a variety of views on the best way to benefit from online sharing practices, and how to innovate to generate revenue streams in ways that do not fit within the existing copyright enforcement regime,” the authors write.

Finally, the report shows that punitive enforcement strategies such as the three strikes law in France are not as effective as the entertainment industries claim.

The researchers hope that the U.K. Government will review the Digital Economy Act in this light, and make sure that it will take into account the interests of both the public and copyright holders.

This means expanding fair use and private copying exceptions for citizens, while targeting enforcement on businesses rather than individuals.

“We recommend a review of the DEA and related legislation that strikes a healthy balance among the interests of a range of stakeholders including those in the creative industries, Internet Service Providers and internet users.”

“When both [the creative industries and citizens] can exploit the full potential of the internet, this will maximize innovative content creation for the benefit of all stakeholders,” the authors write.

Source: Piracy Isn’t Killing The Entertainment Industry, Scholars Show

Piracy Isn’t Killing The Entertainment Industry, Scholars Show

lbeOver the past years there have been ample research reports showing that file-sharing can have positive effects on the entertainment industries.

Industry lobbyists are often quick to dismiss these findings as incidents or weak research, and counter them with expensive studies they have commissioned themselves.

The London School of Economics and Political Science (LSE) jumps into the discussion this week with a media policy brief urging the UK Government to look beyond the reports lobbyists hand to them. Their report concludes that the entertainment industry isn’t devastated by piracy, and that sharing of culture has several benefits.

“Contrary to the industry claims, the music industry is not in terminal decline, but still holding ground and showing healthy profits. Revenues from digital sales, subscription services, streaming and live performances compensate for the decline in revenues from the sale of CDs or records,” says Bart Cammaerts, LSE Senior Lecturer and one of the report’s authors.

The report shows that the entertainment industries are actually doing quite well. The digital gaming industry is thriving, the publishing sector is stable, and the U.S. film industry is breaking record after record.

“Despite the Motion Picture Association of America’s (MPAA) claim that online piracy is devastating the movie industry, Hollywood achieved record-breaking global box office revenues of $35 billion in 2012, a 6% increase over 2011,” the report reads.

Even the music industry is doing relatively well. Revenue from concerts, publishing and digital sales has increased significantly since the early 2000s and while recorded music revenues show a decline, there is little evidence that piracy is the lead cause.

“The music industry may be stagnating, but the drastic decline in revenues warned of by the lobby associations of record labels is not in evidence,” the report concludes.

Music industry revenue

musicgraph

The authors further argue that file-sharing can actually benefit the creative industries in various ways.

The report mentions the success of the SoundCloud service where artists can share their work for free through Creative Commons licenses, the promotional effect of YouTube where copyrighted songs are shared to promote sales, and the fact that research shows that file-sharers actually spend more money on entertainment than those who don’t share.

“Within the creative industries there is a variety of views on the best way to benefit from online sharing practices, and how to innovate to generate revenue streams in ways that do not fit within the existing copyright enforcement regime,” the authors write.

Finally, the report shows that punitive enforcement strategies such as the three strikes law in France are not as effective as the entertainment industries claim.

The researchers hope that the U.K. Government will review the Digital Economy Act in this light, and make sure that it will take into account the interests of both the public and copyright holders.

This means expanding fair use and private copying exceptions for citizens, while targeting enforcement on businesses rather than individuals.

“We recommend a review of the DEA and related legislation that strikes a healthy balance among the interests of a range of stakeholders including those in the creative industries, Internet Service Providers and internet users.”

“When both [the creative industries and citizens] can exploit the full potential of the internet, this will maximize innovative content creation for the benefit of all stakeholders,” the authors write.

Source: Piracy Isn’t Killing The Entertainment Industry, Scholars Show

A ZON alterou as suas condições contratuais e quem não concordar pode rescindir

Article note: Está na altura de rever o meu contrato com a ZON…

Recentemente a ZON alterou e informou os clientes de novas condições contratuais. Embora estejam a ser criados alguns entraves, é possível desistir dos serviços subscritos.

A ZON alterou as suas condições contratuais. Na factura de Setembro, podemos ler a seguinte frase: “Novas Condições Gerais Serviços ZON a partir de 01.11.2013. Consideram-se aceites se o Contrato não for denunciado, sem penalidades, até 15.10.2013.”.

O texto, que parece bastante simples, pode deixar algumas pessoas confusas. O Tugaleaks foi esclarecer a questão.

 

noticias  A ZON alterou as suas condições contratuais e quem não concordar pode rescindir

 

Foram efectuadas três chamadas para o Serviço de Apoio a Clientes ZON por três Clientes ZON, um deles ZON Empresas (a redacção do Tugaleaks). Destas, todas ouvidas pelo nosso órgão de comunicação social em tempo real, obtivemos as seguintes conclusões:
Chamada #1 – conta da redacção do Tugaleaks, ZON Empresas – Após explicar o propósito da nossa chamada, o operador de nada sabia. Confrontado com a questão da informação na factura, confirmou a nossa possibilidade de desistir mesmo tendo fidelização.
Chamada #2 – Cliente Particular sem IRIS – Cliente efectua chamada e diz que está descontente com as novas condições no site e dá como exemplo o ponto da Política de Utilização Aceitável. Operador informa que não é possível rescindir sem pagar fidelização. Cliente informa que na factura diz que “sem penalidades” e, depois de algumas trocas de opiniões, operador confirma possibilidade de desistir em período de fidelização.
Chamada #3 – Cliente Particular com IRIS – Cliente diz que não pretende novas condições, operador alega fidelização e cliente mantém-se com serviço sem fazer qualquer insistência.

 

O Tugaleaks chegou ainda ao contacto com um operador do callcenter da ZON em Lisboa, que afirmou, sob anonimato, que “apenas se os clientes falaram na mensagem da factura é que lhe podemos indicar que podem desistir, mas temos sempre que insistir com o cliente e tentar baixar custos”.

Tentámos também contactar a ANACOM, que, até ao momento, não prestou esclarecimentos sobre esta informação

Por outro lado, a Direcção Central de Comunicação e Conteúdos Multimédia da ZON explicou-nos que “na generalidade, as alterações são transposições de alterações legais ocorridas e são favoráveis aos clientes” e que “comunicámos as alterações aos clientes em estrita obediência ao que o nº.6 do artº.48º, nº.6 da lei das comunicações eletrónicas e no respeito pelos direitos dos clientes”. Em relação ao período de fidelização, informam que “no nosso entendimento, o disposto no nº.7 do artigo 48º da lei das comunicações eletrónicas salvaguarda os períodos de fidelização, o regime das contrapartidas previstas para a rescisão antecipada, pelos assinantes, dos contratos que estabelecem períodos contratuais mínimos“.

O referido artigo, indicado pela ZON, indica que “O disposto no número anterior não se aplica às alterações contratuais em que seja possível identificar uma vantagem objectiva para o assinante nem afasta o regime de contrapartidas previstas para a rescisão antecipada, pelos assinantes, dos contratos que estabelecem períodos contratuais mínimos”.

 

noticias  A ZON alterou as suas condições contratuais e quem não concordar pode rescindir

 

 

Será que existe uma “vantagem objectiva”?

A lista de alterações efectuadas pela ZON coloca uma política de utilização aceitável (conhecida como PUA) nos clientes bem como outras alterações que podem não ser benéficas para os clientes, nomeadamente os seguintes pontos que passam a constar das condições contratuais:

– 1.5 Ao efetuar o pagamento da primeira fatura, o Cliente aceita, reconhece e confirma que subscreveu os Serviços e Produtos constantes da mesma, os quais são prestados de acordo com as Condições dos Produtos e Serviços ZON.
– 8.3 Decorrido o prazo adicional de 30 (trinta) dias referido no número anterior, sem que o Cliente tenha efetuado o pagamento da fatura ou celebrado com a ZON qualquer acordo de pagamento por escrito, a ZON procederá, no prazo de 10 dias após o final do prazo adicional, à suspensão dos Serviços por um período de 30 (trinta) dias.
– 8.7 A suspensão do acesso aos Produtos e Serviços prevista nas alíneas (b) a (f) da Cláusula 8.1 será efetuada pela ZON mediante notificação ao Cliente, com uma antecedência mínima de 24 (vinte e quatro) horas, salvo em caso de emergência ou força maior, caso em que a suspensão poderá preceder a comunicação, que será efetuada logo que possível.
– 6.2 O Cliente reconhece e aceita que caso sejam efetuados consumos no âmbito dos Serviços que excedam significativamente os seus níveis habituais de consumo, a ZON poderá, a qualquer momento, exigir o pagamento dos serviços em causa.

 

Existem ainda casos de sucesso no Fórum ZWAME no tópico “Clientes ZON podem rescindir livremente até 15 de Novembro”, onde os serviços já foram inclusivamente rescindidos e alegadamente sem penalizações. O que leva a perguntar, perante o comentário da ZON e as chamadas efetuadas: qual dos lados está correcto?

 

Se não concorda com estas condições, lembre-se: terá que indicar expressamente a sua não concordância e se possível especificar um dos pontos com os quais não concorda.

The Do-It-Yourself Elop Analysis

Ok. If you don’t want any of my analysis or commentary or rants. Just the facts. Then Elop can be evaluated as Nokia CEO, for Nokia Corporate total results during his tenure. Or, because Nokia just now sold its total handset unit to Microsoft, it can be useful to see what results did Elop achieve at that handset unit (this includes both smartphones and featurephones). And lastly, since Elop did make a major change to Nokia’s largest and most profitable division, the smartphone unit, it is a detail worth considering. No more analysis, just the facts…

NOKIA CORPORATION UNDER ELOP

First 6 months – Corporate quarterly revenues up 26% from 10.0B Euro to 12.6B
Euro
Next 2.5 years – Corporate quarterly revenues down 55% from 12.6B
Euro to 5.6B Euro

First 6 months – Corporate quarterly profit up 200% from 295M
Euro to 884M Euro
Next 2.5 years – Corporate quarterly profit of 884M Euro turned
into loss of -115M Euro

During first 6 months – Standard & Poor’s rating for Nokia A, Moody’s rating A2, Fitch’s rating A 
On last day of office – Standard & Poor’s rating for Nokia junk, Moody’s rating junk, Fitch’s rating junk

On day before Elop announced as new CEO – Nokia share price $9.70
On day before Elop released his Burning Platforms memo – Nokia share price $11.28 (up 16%)
On day before Nokia announces Elop to step down as CEO – Nokia share price $3.90 (down 65%)

NOKIA HANDSET UNIT PERFORMANCE UNDER ELOP

First 6 months – Handset quarterly revenues up 25% from 6.8B Euro
to 8.5B Euro
Next 2.5 years – Handset quarterly revenues down 69% from 8.5B
Euro to 2.6B Euro

First 6 months – Total handsets profit first 6 months 1.8B Euro 
Next 2.5 years – Total handsets loss next 2.5 years 361M Euro

First 6 months – North America quarterly handset volume flat from
2.6M units to 2.6M units
Next 2.5 years – North America quarterly handset volume down 80%
from 2.6M units to 0.5M units

First 6 months – China quarterly handset volume up 13% from 19.3M
units to 21.9M units
Next 2.5 years – China quarterly handset volume down 81% from 21.9M
units to 4.1M units

Nokia handset market share when Elop started – 33%
Nokia handset market share when Elop departed – 14%

Nokia ranking handsets when Elop started – 1st
Nokia ranking handsets when Elop departed – 2nd

Gap to leader when Elop started – Nokia 50% bigger than number 2 (Samsung)
Gap to leader when Elop departed – Samsung 30% bigger than Nokia

This handset unit has now been sold (plus patents and mapping licences) for 5.3B Euro to Microsoft

NOKIA SMARTPHONE DIVISION PERFORMANCE UNDER ELOP

First 6 months – Smartphone quarterly revenues up 29% from 3.4B
Euro to 4.4B Euro
Next 2.5 years – Smartphone quarterly revenues down 73% from 4.4B
Euro to 1.2B Euro

First 6 months – Smartphone quarterly profit up 94% from 283M
Euro to 548M Euro
Next 2.5 years – Smartphone quarterly profit of 548M Euro turned
into loss of -168M Euro

First 6 months – Smartphone quarterly volume up 18% from 24.0M
units to 28.3M units
Next 2.5 years – Smartphone quarterly volume down 74% from 28.3M
units to 7.4M units

Nokia smartphone market share when Elop started – 35%
Nokia smartphone market share when Elop departed – 3%

Nokia ranking smartphones when Elop started – 1st
Nokia ranking smartphones when Elop departed – 9th

Gap to leader when Elop started – twice as big as number 2 (RIM) or number 3 (Apple)
Gap to leader when Elop departed – Samsung smartphones is 12x bigger than Nokia smartphones

Worst CEO ever? You make the call. Was Nokia smartphone unit truly in catastrophic trouble before the Burning Platforms memo? You make the call. Did the Elop Effect turn strong growth into collapse? You make the call.

Joining Lavabit Et Al, Groklaw Shuts Down Because of NSA Dragnet

Article note: more news from the #USSA

An anonymous reader was the first to write with news that Groklaw is shutting down: “There is now no shield from forced exposure. Nothing in that parenthetical thought list is terrorism-related, but no one can feel protected enough from forced exposure any more to say anything the least bit like that to anyone in an email, particularly from the U.S. out or to the U.S. in, but really anywhere. You don’t expect a stranger to read your private communications to a friend. And once you know they can, what is there to say? Constricted and distracted. That’s it exactly. That’s how I feel. So. There we are. The foundation of Groklaw is over. I can’t do Groklaw without your input. I was never exaggerating about that when we won awards. It really was a collaborative effort, and there is now no private way, evidently, to collaborate.” Why it’s a big deal.

Share on Google+

Read more of this story at Slashdot.




Joining Lavabit Et Al, Groklaw Shuts Down Because of NSA Dragnet

Article note: more news from the #USSA

An anonymous reader was the first to write with news that Groklaw is shutting down: “There is now no shield from forced exposure. Nothing in that parenthetical thought list is terrorism-related, but no one can feel protected enough from forced exposure any more to say anything the least bit like that to anyone in an email, particularly from the U.S. out or to the U.S. in, but really anywhere. You don’t expect a stranger to read your private communications to a friend. And once you know they can, what is there to say? Constricted and distracted. That’s it exactly. That’s how I feel. So. There we are. The foundation of Groklaw is over. I can’t do Groklaw without your input. I was never exaggerating about that when we won awards. It really was a collaborative effort, and there is now no private way, evidently, to collaborate.” Why it’s a big deal.

Share on Google+

Read more of this story at Slashdot.




UK Government Destroys Guardian’s Snowden Drives

Article note: Pursue journalists via their partners, then destroy their data.

This is depressing.

An anonymous reader writes with revelations that the UK government has been pressuring the Guardian over its publication of the Snowden leaks for a while, and that it ultimately ended with GHCQ officials smashing drives of data to pieces. From the article: “The mood toughened just over a month ago, when I received a phone call from the centre of government telling me: ‘You’ve had your fun. Now we want the stuff back.’ … one of the more bizarre moments in the Guardian’s long history occurred — with two GCHQ security experts overseeing the destruction of hard drives in the Guardian’s basement just to make sure there was nothing in the mangled bits of metal which could possibly be of any interest to passing Chinese agents. ‘We can call off the black helicopters,’ joked one as we swept up the remains of a MacBook Pro.” The paper had repeatedly pointed out how pointless destroying the data was: copies exist, and all reporting on the Snowden leaks is already being edited and published from locations other than the UK.

Share on Google+

Read more of this story at Slashdot.