7.4 C
Friday, November 24, 2017
Home Tags Vancouver

Tag: Vancouver

Canada's highest court sought to alter search results, but it won't apply in US.
Equustek won an unprecedented global order, but it's unlikely to stick in the US.
Canadian family posted bite pictures afterward.

Airline upgraded their next flight.
Google says Canadian order is “repugnantrdquo; to the First Amendment.
Vancouver tech company seeks to de-list a website selling alleged counterfeits.
Hack worked by stitching together three separate exploits.
Image Engine VFX reveals the thought process fueling The Thing, District 9, and X-Files.
Or, how to support civil liberties, $5 at a time, with the slap of a hand.
10th anniversary edition of Pwn2Own hacking contest offers over $1M in prize money to security researchers across a long list of targets including Virtual Machines, servers, enterprise applications and web browsers. Over the last decade, the Zero Day Initiative's (ZDI) annual Pwn2Own competition has emerged to become one of the premiere events on the information security calendar and the 2017 edition does not look to be any different. For the tenth anniversary of the Pwn2Own contest, ZDI, now owned and operated by Trend Micro, is going farther than ever before, with more targets and more prize money available for security researchers to claim by successfully executing zero-day exploits.HPE sold its TippingPoint division, which includes ZDI, for $300 million to Trend Micro in 2016 and the Pwn2own event that year was hosted as a joint effort between the two companies. By the end of the two-day event in 2016, $460,000 in prize money was awarded to researchers that demonstrated a total of 21 zero-day vulnerabilities.The Pwn2Own 2017 event is co-located at the CanSecWest conference in Vancouver, Canada, set for March 15-17. The 2017 event is sponsored by Trend Micro and unlike past Pwn2Own events, is not focused on web browsers.Among the targets this year are Virtual Machines, including both VMware and Microsoft Hyper-V systems. Researchers will need to execute a virtualization hypervisor escape from the guest virtual machine, to run arbitrary code on the underlying host operating system. ZDI will pay a $100,000 reward to the security researcher that is able to successfully execute a Virtual Machine escape. "We're always considering new targets for each year," Brian Gorenc, senior manager of vulnerability research with Trend Micro, told eWEEK. Outside of the Pwn2Own event, ZDI is in the business of acquiring security vulnerabilities from researchers. Gorenc added that ZDI is actively acquiring virtual machine escapes through its' program."Hopefully Pwn2Own will raise awareness among researchers, so we see even more of these reports," Gorenc said.While virtual machines are on the target list for Pwn2Own, Docker containers are not. Gorenc noted that containers weren’t really a consideration for this year's contest. Linux Pwn2Own has targeted Apple's macOS and Microsoft Windows based technologies for the past decade, but in 2017, the open-source Linux operating system has finally made the target list.Pwn2Own researchers will specifically be able to target the Ubuntu 16.10 Linux operating system in a pair of separate challenges, one for privilege escalation, the other for server-side web host exploitation.Researchers that target Linux will be awarded $15,000 if they can leverage a kernel vulnerability to escalate privileges. The same feat on Windows will earn a researcher $30,000, while a macOS escalation of privilege will be rewarded with $20,000.Ubuntu Linux systems can be secured with an additional layer of mandatory access control security known as 'AppArmor' that in some cases would limit the risk of a local user privilege escalation exploit. Gorenc noted that for the Pwn2Own contest, ZDI is not setting up any AppArmor profiles for this year's event.On the server side, the ZDI will award a successful exploit against the open-source Apache Web Server running on Ubuntu 16.10 Linux with a $200,000 prize. Web Browsers Once again web browsers are a key target at Pwn2Own, with successful exploitation of Microsoft's Edge browser or Google Chrome worth $80,000. A successful exploit of Apple's Safari will be rewarded with a $50,000 prize.After not being part of the 2016 event, Mozilla's Firefox web browser is back on the Pwn2Own target list of 2017. A successful exploit of Firefox will earn $30,000."Mozilla improved their security enough for us to warrant their re-inclusion in the contest," Gorenc said.Additionally the 2017 Pwn2Own event will award researchers $50,000 for each successful exploit of Adobe Reader, Microsoft Office Word, Excel and PowerPoint. The total prize pool available for researchers is more than any other Pwn2Own event has ever offered."Much of the final tally will depend on how many entries we have," Gorenc said. "We're definitely over $1 million, which is our largest Pwn2Own ever."After 10 years of running Pwn2Own events, it's likely that the hacking challenge will continue for many more years to come."While it would be great to live in a world with perfect security, we know this isn’t really practical," Gorenc said. "A lot of great research has been through the contest and inspired by the contest – research which ended up improving security for everyone."Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.
Enlargeullstein bild / Getty Images News reader comments 54 Share this story Rather than disclose the source code that the FBI used to target a child porn suspect, federal prosecutors in Tacoma, Washington recently dropped their appeal in United States v. Michaud. The case is just one of 135 federal prosecutions nationwide involving the Tor-hidden child porn website Playpen. The vast effort to bust Playpen has raised significant questions about the ethics, oversight, capabilities, and limitations of the government’s ability to hack criminal suspects. In United States v. Michaud, Jay Michaud of Vancouver, Washington allegedly logged on to Playpen in 2015. But unbeknownst to him at that point, federal investigators were temporarily operating the site for 13 days before shutting it down. As authorities controlled Playpen, the FBI deployed a sneaky piece of software (a "network investigative technique (NIT)," dubbed by many security experts as malware), which allowed them to reveal Playpen users’ true IP addresses. With that information in hand, identifying those suspects became trivial. Since being apprehended, some of the Playpen defendants immediately took plea deals. Others have challenged the government's NIT and the single out-of-district warrant that authorized its use. In this case, US District Judge Robert Bryan eventually ordered the government to hand over the NIT's source code. Since that May 2016 order, the government has classified the source code itself, thwarting efforts for criminal discovery in more than 100 Playpen-related cases that remain pending. In June 2016, prosecutors began the appeals process to the 9th US Circuit Court of Appeals, but they ultimately decided to abandon Michaud at the higher court.  Despite ending the appeal on December 23, the case is still technically live: prosecutors could ask the judge to reconsider his May 25, 2016 order suppressing the evidence found on Michaud’s computer as a result of the NIT. But if the government declines to pursue the case further at the district court level, Michaud would become the second Playpen-related case that's been dismissed. Prosecutors did not immediately respond to Ars’ request for comment. Michaud’s federal public defender, Colin Fieman, has been dogged in trying to force the government to reveal more information about how the NIT worked. “We’re not out of the woods yet because they can ask for another motion to reconsider,” Fieman told Ars. “It may not be a dismissal of the indictment at this point, but it would be odd for them to try to pursue further. But we’ll have to wait and see.” Last year, a federal judge in a related case prosecuted out of Oklahoma, United States v. Arterbury, also ruled against the prosecution. The government eventually dropped the appeal and then dismissed the indictment at the district court in October 2016. Yet another Playpen case, United States v. Levin, where the defense prevailed initially, is currently on appeal at the 1st US Circuit Court of Appeals. Beau Croghan, a man in Iowa, was another alleged user hit by this NIT—his case was just one of three in which a judge ruled to suppress the evidence due to a defective warrant. Croghan's case is now pending before the 8th US Circuit Court of Appeals. Beyond Michaud, Fieman is representing another Playpen defendant in the same judicial district (the Western District of Washington) before the very same judge. In the second case, the evidence and legal questions are nearly identical. That case, United States v. Tippens, is set to go to trial on February 27, 2017 in Tacoma.
'Tor pedo' torpedo torpedoed In a surprising and worrying move, the FBI has dropped its case against a man accused of downloading child sex abuse images, rather than reveal details about how they caught him. Jay Michaud, a middle school teacher in Vancouver, Washington, was arrested in July last year after visiting the Playpen, a dark web meeting place tens of thousands of perverts used to swap mountains of vile underage porn. Unbeknown to him at the time, the FBI were, for about a fortnight, running the site after taking over its servers, and managed to install a network investigative technique (NIT) on his computer to get his real public IP address and MAC address. The Playpen was hidden in the Tor anonymizing network, and the spyware was needed to unmask suspects – about 1,300 public IP addresses were collected by agents during the operation. According to the prosecution, a police raid on his home revealed a substantial hoard of pictures and video of child sex abuse on computer equipment. But now, guilty or not, he's now off the hook after the FBI filed a motion to dismiss its own case [PDF] late last month. Why? Because Michaud's lawyer insisted that the FBI hand over a sample of the NIT code so it could be checked to ensure that it didn't breach the terms of the warrant the FBI obtained to install the malware, and to check that it wouldn't throw up any false positives. US District Judge Robert Bryan agreed, saying that unless the prosecution turned over the code, he'd have to dismiss the charges. The FBI has since been arguing against that, but has now decided that it's better to drop the case than reveal its techniques. The Playpen affair has proved to be a legal minefield in more ways than one. For a start, the admission that the FBI had been distributing such images and videos online troubled many. But the agency also only sought a single warrant to distribute its NIT internationally, which may have been illegal at the time. That's no longer the case, since a change in Rule 41 of the Federal Rules of Criminal Procedure was nodded through by the US Supreme Court and came into effect on December 1 last year. Judges in Playpen cases – there have been hundreds of prosecutions similar to Michaud's lined up by the Feds – haven't always agreed that the FBI had the right to introduce evidence gathered without a local warrant. In the past the FBI has dropped cases rather than reveal their investigation techniques, particularly with its cellphone-tracking Stingray equipment. But those were minor cases – nothing so serious as child abuse. ® Sponsored: Customer Identity and Access Management
Bracknell, UK. 29 September 2016 - Computer Products Solutions, a division of Panasonic System Communications Europe (PSCEU) (“Panasonic”), and FusionPipe Software Solutions Inc. (“FusionPipe”), a Vancouver-based developer of authentication & data security solutions for enterprises, today announced a new partnership through which Panasonic will sell and support FusionPipe’s patented QuikID™ authentication solutions to its European customers, resellers and distributors.QuikID™ is patented software, engineered to improve end-user authentication (lock/unlock) for ruggedised PC’s, laptops, tablets and VPN networks.
It eliminates the need for username / password combinations, tokens, smartcards, OTPs (one-time passwords) or USB’s, offering a superior user experience while increasing work force productivity without compromising data and network security. FusionPipe Quick ID Software CF-20 Fusionpipe is one of the latest Independent Software Vendors (ISV’s) to become officially certified and approved for use with Toughbook or Toughpad devices, under Panasonic’s new Certified ISV Programme. John Harris, Head of Engineering at Panasonic Computer Products Solutions, said “I have been working with the FusionPipe team since I first met them at Mobile World Congress 2015 to evaluate QuikID™’s technical merits, security provisions and the potential of their authentication technology.
I have not only been impressed with the FusionPipe team and their technology, but also the opportunity that this innovative solution brings to our existing customer base, prospects and distribution channel.” FusionPipe’s CEO & Chairman David Snell said: “We are honoured and excited to have Panasonic become one of our major Value Added Resellers for our ground-breaking authentication technology.

As the titan in the ruggedized device marketplace, their vision, market strategy and growing user base for their popular devices is key to the success of our mutually advantageous business partnership.” Panasonic will sell FusionPipe’s QuikID™ software as part of its ProServices range of offerings within its existing line of distribution channels across the European Economic Area, Switzerland and Turkey . For details of Panasonic Toughbook and Toughpad solutions visit www.toughbook.eu NDS Press contact:Michael BartleyThe Amber Groupmichael@ambergroup.net+44 (0)118 949 7750 About Panasonic System Communications Company Europe (PSCEU)PSCEU is the European branch of Panasonic Systems Communications Company, the global B2B division of Panasonic. PSCEU’s goal is to improve the working lives of business professionals and help their organisations’ efficiency and performance. We help organisations capture, compute and communicate all sorts of information: image, voice, and textual data. Products include PBX telephone switches, document printers, professional cameras, projectors, large visual displays, rugged mobile PCs and fire alarms solutions. With around 400 staff, engineering design expertise, global project management capability and a large European partner network, PSCEU offers unrivalled capability in its markets. PSCEU is made up of four product categories: Communication Solutions, including professional scanners, multifunctional printers, telephony systems and SIP terminal devices. Visual System Solutions, including projectors and professional displays. Panasonic offers the widest range of Visual products, and leads the European projector market with 28% revenue share (Futuresource B2B market tracking, Q1/2014). Professional Camera Solutions, including Broadcast & ProAV products, security, fire alarm systems and industrial medical vision (IMV) technology. Panasonic is one of the top two professional camera vendors in Europe. Computer Product Solutions helps mobile workers improve productivity with its range of Toughbook rugged notebooks, Toughpad business tablets and electronic point of sales (EPOS) systems.

As European market leaders, Panasonic Toughbook had a 66% revenue share of sales of rugged and durable notebooks and Panasonic Toughpad held a 59% revenue share of sales of rugged business tablets in 2015 (VDC Research, March 2016). About FusionPipeFusionPipe Software is a dynamic, rapidly growing technology company whose mission is to replace passwords, smart cards and tokens using smartphones and wearables to enable more convenient and secure end user authentication. We are the leader in world-class authentication and advanced data security solutions for Enterprises. Our patented technology addresses the growing global need for convenient yet secure authentication and identity management.

FusionPipe provides Enterprises with disruptive technology, that is easy to use and implement, increases productivity and lowers the total cost of ownership.

For more information on FusionPipe’s innovative authentication technology solutions, visit: www.fusionpipe.com. Disclaimer: All brand names shown are the registered trademarks of the relevant companies.

All rights reserved.
All working conditions, times and figures quoted are optimum or ideal levels and may differ as a result of individual and local circumstances. Specifications, product availability and price given herein may be changed at any time without prior notice.