CowboyRobot writes "Spyware is no longer the primary concern with unwanted software on mobile devices. According to mobile security firm Lookout, most mobile malware performs 'toll fraud' — billing victims using premium SMS services. The problem is very geographically-dependent, worst in areas with weak SMS regulation, particularly China, Ukraine, and Russia, where users are 10,000 times more likely to have malware on their phones than users in Japan, for example. Other risks include mobile ads surreptitiously uploading personal data, as well as apps that download other malware without users knowing. The full report is available."

New submitter blando writes "Between February and March of 2011, at the height of Egypt's tumultuous revolution, protesters stormed the offices of their feared State Security Investigations Service in Alexandria and Sixth of October city, on the edge of Cairo. It was there, amongst evidence of detentions, torture and surveillance at SSIS's headquarters, that information first came to light regarding a sales pitch by UK-based Gamma Group to Egypt's security agency for their FinFisher spyware."

dgharmon writes with word from the BBC that "A U.S. hacker who sold access to thousands of hijacked home computers has been jailed for 30 months. Joshua Schichtel of Phoenix, Arizona, was sentenced for renting out more than 72,000 PCs that he had taken over using computer viruses." Time is cheap: Schichtel admitted to giving access to those 72,000 computers for $1500.

Presto Vivace writes with this outline of what voting can look like while remaining countable and anonymous — and how it does look north of the U.S. border. "In Canada, they use hand-marked paper ballots, hand counted in public. Among other things, that process means that we can actually be sure who won. And if the elections of 2000 and 2008 are any guide, and the race stays as close as the pollsters sat it is, we might, on Wednesday, November 7, not be sure who won." Any Canadians among our readers who want to comment on this?"

bazorg writes "Rick Falkvinge of the Swedish Pirate Party blogs on the subject of freedom of the press and foresees how users of Google glasses could be charged for possession and distribution of illegal porn. 'Child pornography is a toxic subject, but a very important one that cannot and should not be ignored. This is an attempt to bring the topic to a serious discussion, and explain why possession of child pornography need to be re-legalized in the next ten years.'"

jfruh writes "Two lawyers in Houston were able to exploit business filing systems to seize control of dormant publicly traded corporations — and then profit by pushing their worthless stock. In many states, anyone can change important information about a publicly registered company — including the corporate officers or company contact information — without any confirmation that they have anything to do with the company in the first place. Massachusetts requires a password to do this through the state registry's website, but they'll give you the password if you call and ask for it. Long focused on individual ID theft, state governments are finally beginning to realize that corporate ID theft is a huge problem as well."

New submitter InPursuitOfTruth writes with news that the Obama administration has been circulating a draft of an executive order focused on cybersecurity. This follows the recent collapse of an attempt at cybersecurity legislation in the Senate. According to people who have seen the draft, the order would codify standards and best practices for critical infrastructure. That said, it's questionable how effective it would be, since participation would be voluntary, and the standards would be set by "an inter-agency council that would be led by the Department of Homeland Security." The other agencies involved would include NIST, the DoD, and the Commerce Dept. "It would be left up to the companies to decide what steps they want to take to meet the standards, so the government would not dictate what type of technology or strategy they should adopt."

Underholdning writes "It's been five years since Radiohead brought the pay what you want model to the public with their successful sale of their 'In Rainbows' album. Now, here's a fresh example of how a game developer is making The Pirate Bay work for him by offering his game, McPixel, for free and letting people pay what they want. Currently TPB has more than 5000 applicants wanting to do the same. 'Sosowski isn't worried that promoting a game on a site known for piracy might be more effective at attracting more pirates than actual paying customers. "The game was already available on TPB beforehand, and I believe if someone didn't want to pay, he just didn't ... It is up to people to decide how much they would like to pay for the game, and I have no worries. I am happy that more people can enjoy my game. ... TPB is one of the most visited sites in the Internet, and simply having a game there is a form of advertisement and promotion."'"

An anonymous reader writes "Ars reports on a decision from a district judge in Illinois, who ruled that sniffing traffic on an unencrypted Wi-Fi network is not wiretapping. In the ruling, the judge points out an exception in the Wiretap Act which allows people to 'intercept or access an electronic communication made through an electronic communication system that is configured so that such electronic communication is readily accessible to the general public.' He concludes that 'the communications sent on an unencrypted Wi-Fi network are readily available to the general public.' Orin Kerr disagrees with the ruling, saying that the intent of the person setting up the network is important: 'No one suggests that unsecured wireless networks are set up with the goal that everyone on the network would be free to read the private communications of others.'"

hypnosec writes "A new patch for Apache by Roy Fielding, one of the authors of the Do Not Track (DNT) standard, is set to override the DNT option if the browser reaching the server is Internet Explorer 10. Microsoft has by default enabled DNT in Internet Explorer 10 stating that it is to 'better protect user privacy.' This hasn't gone down well with ad networks, users and other browser makers. According to Mozilla, the DNT feature shouldn't be either in an active state or an inactive state until and unless a user specifically sets it. Along the same lines is the stance adopted by Digital Advertising Alliance. The alliance has revealed that it will only honor DNT if and only if it is not switched on by default. This means advertisers will be ignoring the DNT altogether no matter how a particular browser is set up. The DNT project has another member – Apache. It turns out that Microsoft's stance is like a thorn to Apache as well. Fielding has written a patch for the web server titled 'Apache does not tolerate deliberate abuse of open standards.' The patch immediately sparked a debate, which instigated Fielding to elaborate on his work: 'The only reason DNT exists is to express a non-default option. That's all it does. [...] It does not protect anyone's privacy unless the recipients believe it was set by a real human being, with a real preference for privacy over personalization.'"

linjaaho writes "Senja Larsen, who runs popular Facebook study group Senja teaches you Swedish, collected $14,161 via Kickstarter's crowd funding service. The project caught much media attention in Finland (TV and all major newspapers), since it is the first crowdfunded book project in this country, and among the first Finnish crowdfunded projects. (Previous ones include the movie Iron Sky, the role-playing game Myrskyn Sankarit, and the Wishbone headphone wire manager). Now, after successfully collecting the funds for the book (and after the book has been edited and printed), the National Police Board of Finland has asked Senja to submit a statement [PDF; Finnish] concerning using crowdfunding to finance a project [PDF; Finnish] and the terminology used. It is possible that all the funding collected must be returned. The main problem is that direct translations of terminology at Kickstarter, such as 'bounty' and 'support,' are interpreted to mean collecting money without giving anything back, and this kind of operation requires a permit which can be only given to associations, not to private persons, and it takes long to apply for such permit."

An anonymous reader writes "Election Analytics is a website developed by Dr. Sheldon Jacobson at the University of Illinois designed to predict the outcomes of the U.S. presidential and senatorial elections, based on reported polling data. From the site: 'The mathematical model employs Bayesian estimators that use available state poll results (at present, this is being taken from Rasmussen, Survey USA, and Quinnipiac, among others) to determine the probability that each presidential candidate will win each of the states (or the probability that each political party will win the Senate race in each state). These state-by-state probabilities are then used in a dynamic programming algorithm to determine a probability distribution for the number of Electoral College votes that each candidate will win in the 2012 presidential election. In the case of the Senate races, the individual state probabilities are used to determine the number of seats that each party will control.'" You can tweak the site by selecting a skew toward the Republican or Democratic tickets, and whether it's mild or strong. Right now, this tool shows the odds favor another four years for Obama, even with a strong swing for the Republicans.

itwbennett writes "Hoping to avoid a sales ban in the Netherlands, Samsung has said that Android's multitouch software doesn't work as well as Apple's. Samsung lawyer Bas Berghuis van Woortman said that while Apple's technology is a 'very nice invention,' the Android system is harder for developers to use. Arguing the bizarre counterpoint, Apple's lawyer Theo Blomme told judge Peter Blok, that the Android multitouch isn't inferior and does so infringe on Apple's patent: 'They suggest that they have a lesser solution, but that is simply not true,' said Blomme."

MrSeb writes "The U.S. Federal Bureau of Investigation has begun rolling out its new $1 billion biometric Next Generation Identification (NGI) system. In essence, NGI is a nationwide database of mugshots, iris scans, DNA records, voice samples, and other biometrics that will help the FBI identify and catch criminals — but it is how this biometric data is captured, through a nationwide network of cameras and photo databases, that is raising the eyebrows of privacy advocates. Until now, the FBI relied on IAFIS, a national fingerprint database that has long been due an overhaul. Over the last few months, the FBI has been pilot testing a face recognition system, which will soon be scaled up (PDF) until it's nationwide. In theory, this should result in much faster positive identifications of criminals and fewer unsolved cases. The problem is, the FBI hasn't guaranteed that the NGI will only use photos of known criminals. There may come a time when the NGI is filled with as many photos as possible, from as many sources as possible, of as many people as possible — criminal or otherwise. Imagine if the NGI had full access to every driving license and passport photo in the country — and DNA records kept by doctors, and iris scans kept by businesses. The FBI's NGI, if the right checks and balances aren't in place, could very easily become a tool that decimates civilian privacy and freedom."

David Gerard writes "Internet Brands bought Wikitravel.org in 2006, plastered it with ads and neglected it. After years, the Wikitravel community finally decided to fork under CC by-sa and move to Wikimedia. Internet Brands is now suing two of the unpaid volunteers for wanting to leave. The Wikimedia Foundation is seeking a declaratory judgement (PDF) that you can actually fork a free-content project without permission. Internet Brands has a track record of scorched-earth litigation tactics."

chicksdaddy writes "A malicious software researcher finds herself in company with First Lady Michelle Obama and science fiction author Neil Gaiman: booted from the Web by hard-headed copyright protection algorithms, according to the Naked Security blog. Mila Parkour, a researcher who operates the Contagio malware blog, said on Thursday that she was kicked off the cloud based hosting service Mediafire, after three files she hosted there were flagged for copyright violations and ordered removed under the terms of the Digital Millennium Copyright Act (DMCA). The files included two compressed and encrypted malicious PDF files linked to Contagio blog posts from 2010. The firm responsible for filing the DMCA take down notice was Paris-based LeakID, which describes itself as a 'digital agency ...founded by experts from the world of radio, television and Internet.' LeakID markets 'Leaksearch,' an 'ownership tool that will alert you within seconds if your content...is being pirated.' According to Parkour, Mediafire received a notice from LeakID claiming that it was 'acting on behalf of the copyright owners,' though the owners and presumed copyrighted content weren't named."

This presentation was given by Joshua Corman at CodenomiCON 2012 in Las Vegas, an invitation-only security mini-conference sponsored by the pen-testing company Codenomicon that ran concurrently with Black Hat USA 2012. Josh is Director, Security Intelligence, for Akamai, and is one of the instigators of Rugged Software. He sympathizes with Anonymous more than with corporate or government forces that are determined to bring order to everything, including the Internet, on their terms. We have no transcript for this video since we only have permission to embed it, not to alter or add to it. But it's well worth watching, including the accompanying slides. And if Joshua Corman is speaking anywhere near you, it's well worth your time to go see him.

An anonymous reader writes "On Thursday a U.S. District Judge approved a settlement between the Department of Justice and three publishers accused to colluding to inflate ebook prices (order). 'The Justice Department had accused Apple and five publishers in April of illegally colluding on prices as part of an effort to fight internet retailer Amazon.com Inc's dominance of e-books. The publishers who agreed to settle are News Corp's HarperCollins Publishers Inc, CBS Corp's Simon & Schuster Inc and Lagardere SCA's Hachette Book Group. Apple; Macmillan, a unit of Verlagsgruppe Georg von Holtzbrinck GmbH; and Pearson Plc's Penguin Group have vowed to fight the Justice Department's lawsuit with a trial due to start on June 3 next year.' The decision came after a lengthy period of public comment. According to the AP, 'The ruling released Thursday cast aside the strident objections of Apple, other book publishers, book sellers and authors who argued the settlement will empower Internet retailing giant Amazon.com Inc. to destroy the "literary ecosystem" with rampant discounting that most competitors can't afford to match. Those worries were repeatedly raised in court filings about the settlement. More than 90 percent of the 868 public comments about the settlement opposed the agreement.'"

An anonymous reader writes "According to British daily The Telegraph, Sir Tim Berners-Lee has warned that plans to monitor individuals' use of the internet would result in Britain losing its reputation as an upholder of web freedom. The plans, by Home Secretary Theresa May, would force British ISPs and other service providers to keep records of every phone call, email and website visit in Britain. Sir Tim has told the Times: 'In Britain, like in the US, there has been a series of Bills that would give government very strong powers to, for example, collect data. I am worried about that.' Sir Tim has also warned that the UK may wind up slipping down the list of countries with the most Internet freedom, if the proposed data-snooping laws pass parliament. The draft bill extends the type of data that internet service providers must store for at least 12 months. Providers would also be required to keep details of a much wider set of data, including use of social network sites, webmail and voice calls over the internet." Jimmy Wales doesn't seem to be a very big fan of the UK snooping either.

thomst writes "Geeta Dayal of Wired's Threat Level blog posts an interesting report about bot-mediated automatic takedowns of streaming video. He mentions the interruption of Michelle Obama's speech at the DNC, and the blocking of NASA's coverage of Mars rover Curiosity's landing by a Scripps News Service bot, but the story really drills down on the abrupt disappearance of the Hugo Award's live stream of Neil Gaiman's acceptance speech for his Doctor Who script. (Apparently the trigger was a brief clip from the Doctor Who episode itself, despite the fact that it was clearly a case of fair use.) Dayal points the finger at Vobile, whose content-blocking technology was used by Ustream, which hosted the derailed coverage of the Hugos."