Security News

Turkey adopts new tactic to block social media

Turkey has reportedly started hijacking net addresses in an attempt to step up blocks on access to social media in the country. This is the latest in a series of attempts in recent days to clamp down on Twitter and YouTube after critical and embarrass...

UK update to copyright law imminent

The UK is to update its 1988 copyright law in line with recommendations from a review of the legislation in the light of new digital formats for content, such as CDs, DVDs and e-books. In May 2011, the Hargreaves review recommended changes to copyright law, noting that the law had “started to act as a regulatory barrier to the creation of certain kinds of new, internet-based businesses”. Under the 1988 Copyright, Designs and Patents Act, it is illegal to transform a piece of copyrighted content from one storage form to another. But the planned changes announced by the UK Intellectual Property Office (IPO) will legalise “ripping” content from purchased CDs and DVDs for use on mobile devices, such as MP3 players. The changes will also mean that a book or film bought for one device can be copied for use on another without infringing copyright. But transferring the content will be legal only if the content is owned by the person making the copy and the copy is made for personal use only.  It will remain illegal to make copies for other people or to make a copy of something that is not owned or has been acquired without the copyright owner’s permission. This means it will still be illegal to make copies of content for use by other people, to copy rented or streamed content, and to copy content downloaded illegally from file-sharing websites. Making copies of content “for family at home” is currently illegal, and there are no plans to change that, according to a guide published by the IPO. Anyone who gives away or sells a CD that they have backed up will have to destroy the backup copy to stay within the law, the guide notes. “The changes make small but important reforms to UK copyright law and aim to end the current situation where minor and reasonable acts of copying which benefit consumers, society and the economy are unlawful,” said the IPO in a statement. “They also remove a range of unnecessary rules and regulations from the statute book in line with the government’s aim to reduce regulation.” However, the IPO said some media are often protected by anti-copying technology to guard against copyright piracy, and this is protected by law. Copyright owners will still be able to apply this protection. But if copy protection is too restrictive, consumers can raise a complaint with the secretary of state. The government said the proposed legislation strikes an important balance between enabling reasonable use of copyright material in the modern age with minimal impact on copyright owners. Before being approved, the regulations will be debated in both Houses of Parliament. If approved, the new rules could come into force as early as 1 June 2014. Email Alerts Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox. By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy Read More Related content from ComputerWeekly.com RELATED CONTENT FROM THE TECHTARGET NETWORK

NSA Director Gen. Alexander Retires: What Will Be His Legacy?

NEWS ANALYSIS: The Snowden disclosures have completely changed the way the world looks at the NSA—and perhaps the legacy of Gen. Keith Alexander. It wasn't all that long ago that the U.S National Security Agency (NSA) was often referred to as "No Such Agency." The super-secret intelligence division of the U.S. has long lived in the shadows, but that changed dramatically during the era of Gen. Keith Alexander. Alexander's last day as the head of the NSA was Friday, March 28. He had served as the director of the NSA since 2005 and had been in the U.S. Army since 1974. After a life spent in the service of the U.S., Alexander is heading into retirement. However, I suspect given the current climate of continued disclosures about NSA practices, Alexander's retirement might not be the quiet respite he deserves. In 2012, Alexander himself stepped into the limelight to help bring awareness to the NSA and to recruit security professionals. At the 2012 DefCon security conference, Alexander was the keynote speaker. I was in the front row for that keynote, no more than 20 feet away from the general. DefCon doesn't give any preferential seating to the press, so I had staked out my seat hours in advance, waiting, like so many others, to hear Alexander speak. Alexander's 2012 message was an aspirational one, praising the DefCon Kids effort of that year that helped provide information security education training to children. That keynote was also a recruiting effort for Alexander. "This is all about our future; we can't sit on the sidelines or let others that don't understand this space tell us what to do," said Alexander, who appeared on stage not in his military uniform, but instead opting for a more casual DefCon T-shirt. "That's why I came here, to solicit your help." At the end of his prepared remarks, Alexander took a few questions from DefCon founder Jeff Moss. One of the questions was whether or not the NSA has a dossier on every American. "No we don't have a file on every American, it's just not true," Alexander responded. At the end of Alexander's DefCon keynote, the overall atmosphere in the crowd was relatively positive and upbeat. Little did anyone know at the time how things would change within the next year. In June 2013, NSA contractor Edward Snowden fled the U.S. to Hong Kong, where he first disclosed information that he had stolen from the NSA about its surveillance activities. The first major disclosure from Snowden was about the PRISM program that collects metadata on all U.S. phone calls. News of the NSA's PRISM program ignited a debate about privacy and surveillance and whether or not the NSA was stepping beyond boundaries set by the U.S Constitution. Alexander was banned from DefCon in 2013, but the Black Hat 2013 conference welcomed him, and it was there that he gave what might well be the most pivotal speech he's ever delivered. Remember, Alexander came to Black Hat, just a few weeks after the initial Snowden disclosures, at a time when there was intense interest in what the NSA could say in its defense. For Alexander's Black Hat 2013 keynote, I was once again in the front row (this time only 15 feet away), and I sat next to a cadre of very serious looking U.S. government officials. The anticipation to see Alexander speak was unlike anything I had ever experienced. What could this man say to refute the claims that the NSA had overstepped the bounds of privacy? With surprising candor and humility, Alexander explained what PRISM was all about. He stressed time and again that the NSA's actions were all about helping to connect the dots to make sure another 9/11 terrorist attack never happens.

Cyber Black Markets Give Broad Access to Sophisticated Malware Tools

The tools and services needed to compromise networks and steal data have become a major market, and an increasingly sophisticated one, two studies find. Online black markets for cyber-crime tools and stolen data have become more sophisticated, allowing even the least technical would-be cyber-criminals to gain access to complex software and sell their illicit gains, according to two reports on the underground economy. In a report published on March 25, three researchers from RAND, a nonprofit research organization, surveyed the current state of black markets and found that the sale of increasingly sophisticated attack tools will make it harder for defenders to keep up with attackers. In addition, the markets' exodus to the "dark Web," described as anonymized locations on the Internet, will make it harder for law enforcement agencies to take down the cyber-crime sites. "These markets are empowering cyber-crime and cyber-criminals," Lillian Ablon, lead author of the study and an information systems analyst at RAND, told eWEEK. "It is super easy to find where to buy these exploit kits or credit cards, and these markets are incredibly resilient to takedown by law enforcement." Law enforcement has successfully shut down several credit-card—or carder—markets as well as the Silk Road marketplace, which—along with drugs—sold stolen credit and debit card numbers, exploit kits, attack tools and fake identification. In many cases, cyber-criminals have just relaunched the sites, or similar sites, and moved them to the dark Web, where the exact locations of the servers on which sites are hosted are hidden by anonymizing proxy servers and networks, such as the Tor network. With the arrest of the author of the popular Blackhole exploit kit in Russia, the market has opened up to a large variety of other software programs for facilitating the infection and control of computers. Exploit kits such as Whitehole, Eleonore and Cool sell anywhere from hundreds of dollars for the software to $10,000 per month for an exploit service, according to the report. While the tools are sophisticated, they do not use extremely advanced techniques. Instead, they harness small advancements and obfuscation to bypass security measures, said Charles Renert, vice president of security research for Websense, which will be releasing its own report on online black markets later this week. "The market has responded to the need of the vast majority of criminals to attack, not with zero-days, but with techniques that are just slightly better than the defenses out there today," he said. In fact, zero-day attacks, which use previously unknown vulnerabilities to break through defenses, are not necessary in the vast majority of cases, said RAND's Ablon. Black markets for cyber-crime tools and criminal services follow the same economic laws as other markets, according to the RAND report. While large operations—like the digital fleecing of retail giant Target—garner headlines, they are less of a boon for the market, Ablon said. "Big attacks, things like Target happen rarely, because when there is an influx of goods, it impacts price, and to keep the prices high, they need scarcity," she said.

Prenda Law stunner: “Porn trolls” win a round, dodge sanctions

Copyright docs look OK to a Minnesota judge, unconcerned by forgery allegations.

California man who lasered two helicopters to face 14 years behind...

26-year-old man from Fresno receives harshest sentence yet, prosecutors say.

Huawei Posts Record Profits, Shakes Off News of NSA Spying

Chinese telecom giant Huawei announced record profits and said all was "calm" following reports that the NSA had hacked its servers. Huawei Acting CEO Eric Xu seemed to discount a news report that the National Security Agency (NSA) hacked into servers at the telecom equipment provider's headquarters in Shenzhen, China. "If The New York Times report is true, I think we will have known about this long ago," Xu said during a press briefing following the company's quarterly earnings announcement March 31. The New York Times reported March 22 that the NSA had "pried its way into the servers in Huawei's sealed headquarters," according to documents provided by former NSA contractor and whistleblower Edward Snowden. The NSA, said the report, "obtained information about the workings of the giant routers and complex digital switches that Huawei boasts connect a third of the world's population, and monitored communications of the company's top executives." A goal of the mission, code-named Shotgiant, was to find links between the company and the People's Liberation Army, but also to "exploit Huawei's technology" so that when it was purchased for use in other countries, the NSA could "roam through their computer and telephone networks to conduct surveillance and, if ordered by the president, offensive cyberoperations," said the report. Xu, during the press briefing, said it was "business as usual" at Huawei and that, after the report, the company "maintained calm," Reuters reported. "Nobody has ever said that Huawei has the capacity to spy on the U.S. network and things like that," Xu continued. "For a business organization, no one would be so unwise as to do such a thing." In 2012, the U.S. House Intelligence Committee released a report cautioning U.S. companies responsible for critical infrastructure such as shipping channels, financial systems, and natural gas, oil and water against purchasing from Huawei and ZTE, another Chinese telecom provider and mobile phone maker. In the report, committee member Mike Rogers (R-Mich.) expressed concerns about Huawei and ZTE's ties to the Chinese government, a known "perpetrator of cyber-espionage." "Any bug, beacon or backdoor put into our critical systems could allow for a catastrophic and devastating domino effect of failure throughout our networks," said Rogers. In July 2013, Gen. Michael Hayden, a former director of the NSA, told the Australian Financial Review that "as an intelligence professional," he stood back "in awe at the breadth, depth, sophistication and persistence of the Chinese espionage campaign against the West." Hayden admitted that the U.S. does "steal other countries' secrets," but that it does so to keep its citizens free and safe. China, by contrast, spies to makes its "citizens rich." Despite cautions from the United States, Huawei posted record sales and its highest profit in three years, at $3.38 billion. Behind the momentum was its enterprise business, which grew 32 percent over 12 months. Sixty-five percent of Huawei's income came from outside China.  "Our significant global presence has helped us achieve stable and continuous growth in the carrier network, enterprise and consumer businesses," said Xu. Follow Michelle Maisto on Twitter.

Supreme Court hears argument on a patent worthy of King Tut

Is the patent behind a global banking lawsuit just "a man with an abacus?"

Rearview cameras will be required in vehicles in 2018

The Department of Transportation finally addresses backup accidents.

More Wi-Fi is better: FCC expands use of 5GHz spectrum

Agency also says it will auction 65MHz of spectrum for mobile broadband.

BlackBerry EZ Pass, for Free Transitioning to BES10, Now Available

BlackBerry is now offering EZ Pass—its free solution for transitioning to BES10—and with it offering free tech support until Jan. 31. BlackBerry EZ Pass is now available. The service is touted as a simple way for companies running BES 5, or any mobile device management solution that competes with BlackBerry, to transition to BES10—and with it have a single console for managing BlackBerry, iOS and Android devices.   There's no cost to switch, and companies that trade in their licenses for BES10 licenses (the trade-in is one-for-one, and users will receive Silver-level licenses) will receive BlackBerry's Technical Support Services—the "best technical support in the world," BlackBerry said in a March 31 statement—for free until Jan. 31, 2015. Additionally, those in the EZ Pass program will be guaranteed a free upgrade to BES12 when it's released later this year. BlackBerry introduced EZ Pass and BES12 at the Mobile World Congress tradeshow in February. With BES12, BlackBerry will offer five core capabilities: backward compatibility to BES10 and BES 5, as well as "future proofing"; support for multiplatform solutions, which will soon include Windows Phone, as well as iOS and Android; advanced service management with automated problem resolution; support for hybrid- and all-cloud solutions (both public and private); and tools that make it easy to develop and deploy applications to the various mobile platforms a company supports. BlackBerry CEO John Chen told analysts during the company's March 28 earnings call that global response to the February announcement has been strong. "We actually had over a hundred thousand hits to our landing site … from the interested parties … and nearly 1,900 registrations for more information," said Chen. "We've seen customers around the world affirming commitments to our BES," Chen added. "We had wins in the U.S., Germany, the U.K., India, Australia and Latin America in the last quarter." Among them were Daimler, Airbus Group, the Australia National Audit Office and Itau Unibanco.  BlackBerry announced an earnings loss of $423 million during its most recent quarter, but this was a dramatic improvement over the $4.4 billion loss the quarter before. Chen said he is focused on making BlackBerry's handset business profitable, growing the company, expanding into nontraditional channels and leveraging BlackBerry's "full portfolio of end-to-end mobile solutions and connected cloud solutions." BlackBerry also intends to take a vertical-focused approach. In March, BlackBerry made two announcements aimed at businesses in regulated industries—industries, says Chen, that "value the BlackBerry strength." Its Secure Work Space for iOS and Android received Federal Information Processing Standards (FIPS) 140-2 certification, and BlackBerry 10 became the first mobility solution to receive Full Operational Capability to run on Department of Defense networks. During the earnings call, Chen said according to one analysis firm that BlackBerry has a 60 percent share of the MDM market. "Furthermore, we found out that in our competitors' install base, in over half of those, their needs are not being addressed—this is from their own survey," Chen continued. "So, this represents a great opportunity for BlackBerry to strengthen our position and market share with [BES12]."

Maryland puts its health exchange site before death panel

Flawed $125 million site will be replaced with Connecticut's system.