pdabbadabba writes "A Florida iPhone and iPad app developer, Blue Toad, has come forward claiming that it is the source of the Apple UDIDs previously released by Anonymous. Their dataset, they say, is a 98% match for the one Anonymous hackers claim to have stolen from an FBI laptop. If so, this development would cast serious doubt on Anonymous' claims and, possibly, calm fears that this data is evidence of an ongoing FBI surveillance operation (a claim the FBI has also denied)."

quax writes "Bettina Wulff faces an uphill battle for her reputation. Her husband had to resign as Germany's president due to corruption allegations and has many detractors. Apparently some of them started a character assassination campaign against his wife. At least that is, if you trust serious journalists who looked into the matter and stated that it is made up. Unfortunately though for Bettina Wulff, the rumors took off on the Internet. Now whenever you enter her name Google suggest the additional search terms 'prostitute' and 'escort.' Google refuses to alter its search index."

Hugh Pickens writes "Frédéric Filloux writes that eighteen months ago — under non disclosure — Google showed publishers a new transaction system for inexpensive products such as newspaper articles. It works like this: to gain access to a web site, the user is asked to participate to a short consumer research session: a single question or a set of images leading to a quick choice. It can be anything: pure market research for a packaging or product feature, surveying a specific behavior, evaluating a service, intention, expectation, you name it. Google's size puts it in a unique position to probe millions of people in a short period of time and the more Google gains in reliability, accuracy, and granularity (i.e. ability to probe a segment of blue collar-pet owners in Michigan or urbanite coffee-drinkers in London), the bigger it gets and the better it performs cutting market research costs 90% compared to traditional surveys. Companies will pay $150 for 1500 responses drawn from the general U.S. internet population. But what's in it for users? A young audience will be more inclined to accept such a surveywall because they always resist any form of payment for digital information, regardless of quality, usefulness, or relevance. Free is the norm. Or its illusion. This way users make micropayments, but with attention and data instead of cash. 'Young people have already demonstrated their willingness to give up their privacy in exchange for free services such as Facebook — they have yet to realize they paid the hard price,' writes Filloux. 'Economically, having one survey popping up from time to time — for instance when the user reconnects to a site — makes sense. Viewed from a spreadsheet, it could yield more money than the cheap ads currently in use.'"

CowboyRobot writes "Spyware is no longer the primary concern with unwanted software on mobile devices. According to mobile security firm Lookout, most mobile malware performs 'toll fraud' — billing victims using premium SMS services. The problem is very geographically-dependent, worst in areas with weak SMS regulation, particularly China, Ukraine, and Russia, where users are 10,000 times more likely to have malware on their phones than users in Japan, for example. Other risks include mobile ads surreptitiously uploading personal data, as well as apps that download other malware without users knowing. The full report is available."

New submitter blando writes "Between February and March of 2011, at the height of Egypt's tumultuous revolution, protesters stormed the offices of their feared State Security Investigations Service in Alexandria and Sixth of October city, on the edge of Cairo. It was there, amongst evidence of detentions, torture and surveillance at SSIS's headquarters, that information first came to light regarding a sales pitch by UK-based Gamma Group to Egypt's security agency for their FinFisher spyware."

dgharmon writes with word from the BBC that "A U.S. hacker who sold access to thousands of hijacked home computers has been jailed for 30 months. Joshua Schichtel of Phoenix, Arizona, was sentenced for renting out more than 72,000 PCs that he had taken over using computer viruses." Time is cheap: Schichtel admitted to giving access to those 72,000 computers for $1500.

Presto Vivace writes with this outline of what voting can look like while remaining countable and anonymous — and how it does look north of the U.S. border. "In Canada, they use hand-marked paper ballots, hand counted in public. Among other things, that process means that we can actually be sure who won. And if the elections of 2000 and 2008 are any guide, and the race stays as close as the pollsters sat it is, we might, on Wednesday, November 7, not be sure who won." Any Canadians among our readers who want to comment on this?"

bazorg writes "Rick Falkvinge of the Swedish Pirate Party blogs on the subject of freedom of the press and foresees how users of Google glasses could be charged for possession and distribution of illegal porn. 'Child pornography is a toxic subject, but a very important one that cannot and should not be ignored. This is an attempt to bring the topic to a serious discussion, and explain why possession of child pornography need to be re-legalized in the next ten years.'"

jfruh writes "Two lawyers in Houston were able to exploit business filing systems to seize control of dormant publicly traded corporations — and then profit by pushing their worthless stock. In many states, anyone can change important information about a publicly registered company — including the corporate officers or company contact information — without any confirmation that they have anything to do with the company in the first place. Massachusetts requires a password to do this through the state registry's website, but they'll give you the password if you call and ask for it. Long focused on individual ID theft, state governments are finally beginning to realize that corporate ID theft is a huge problem as well."

New submitter InPursuitOfTruth writes with news that the Obama administration has been circulating a draft of an executive order focused on cybersecurity. This follows the recent collapse of an attempt at cybersecurity legislation in the Senate. According to people who have seen the draft, the order would codify standards and best practices for critical infrastructure. That said, it's questionable how effective it would be, since participation would be voluntary, and the standards would be set by "an inter-agency council that would be led by the Department of Homeland Security." The other agencies involved would include NIST, the DoD, and the Commerce Dept. "It would be left up to the companies to decide what steps they want to take to meet the standards, so the government would not dictate what type of technology or strategy they should adopt."

Underholdning writes "It's been five years since Radiohead brought the pay what you want model to the public with their successful sale of their 'In Rainbows' album. Now, here's a fresh example of how a game developer is making The Pirate Bay work for him by offering his game, McPixel, for free and letting people pay what they want. Currently TPB has more than 5000 applicants wanting to do the same. 'Sosowski isn't worried that promoting a game on a site known for piracy might be more effective at attracting more pirates than actual paying customers. "The game was already available on TPB beforehand, and I believe if someone didn't want to pay, he just didn't ... It is up to people to decide how much they would like to pay for the game, and I have no worries. I am happy that more people can enjoy my game. ... TPB is one of the most visited sites in the Internet, and simply having a game there is a form of advertisement and promotion."'"

An anonymous reader writes "Ars reports on a decision from a district judge in Illinois, who ruled that sniffing traffic on an unencrypted Wi-Fi network is not wiretapping. In the ruling, the judge points out an exception in the Wiretap Act which allows people to 'intercept or access an electronic communication made through an electronic communication system that is configured so that such electronic communication is readily accessible to the general public.' He concludes that 'the communications sent on an unencrypted Wi-Fi network are readily available to the general public.' Orin Kerr disagrees with the ruling, saying that the intent of the person setting up the network is important: 'No one suggests that unsecured wireless networks are set up with the goal that everyone on the network would be free to read the private communications of others.'"

hypnosec writes "A new patch for Apache by Roy Fielding, one of the authors of the Do Not Track (DNT) standard, is set to override the DNT option if the browser reaching the server is Internet Explorer 10. Microsoft has by default enabled DNT in Internet Explorer 10 stating that it is to 'better protect user privacy.' This hasn't gone down well with ad networks, users and other browser makers. According to Mozilla, the DNT feature shouldn't be either in an active state or an inactive state until and unless a user specifically sets it. Along the same lines is the stance adopted by Digital Advertising Alliance. The alliance has revealed that it will only honor DNT if and only if it is not switched on by default. This means advertisers will be ignoring the DNT altogether no matter how a particular browser is set up. The DNT project has another member – Apache. It turns out that Microsoft's stance is like a thorn to Apache as well. Fielding has written a patch for the web server titled 'Apache does not tolerate deliberate abuse of open standards.' The patch immediately sparked a debate, which instigated Fielding to elaborate on his work: 'The only reason DNT exists is to express a non-default option. That's all it does. [...] It does not protect anyone's privacy unless the recipients believe it was set by a real human being, with a real preference for privacy over personalization.'"

linjaaho writes "Senja Larsen, who runs popular Facebook study group Senja teaches you Swedish, collected $14,161 via Kickstarter's crowd funding service. The project caught much media attention in Finland (TV and all major newspapers), since it is the first crowdfunded book project in this country, and among the first Finnish crowdfunded projects. (Previous ones include the movie Iron Sky, the role-playing game Myrskyn Sankarit, and the Wishbone headphone wire manager). Now, after successfully collecting the funds for the book (and after the book has been edited and printed), the National Police Board of Finland has asked Senja to submit a statement [PDF; Finnish] concerning using crowdfunding to finance a project [PDF; Finnish] and the terminology used. It is possible that all the funding collected must be returned. The main problem is that direct translations of terminology at Kickstarter, such as 'bounty' and 'support,' are interpreted to mean collecting money without giving anything back, and this kind of operation requires a permit which can be only given to associations, not to private persons, and it takes long to apply for such permit."

An anonymous reader writes "Election Analytics is a website developed by Dr. Sheldon Jacobson at the University of Illinois designed to predict the outcomes of the U.S. presidential and senatorial elections, based on reported polling data. From the site: 'The mathematical model employs Bayesian estimators that use available state poll results (at present, this is being taken from Rasmussen, Survey USA, and Quinnipiac, among others) to determine the probability that each presidential candidate will win each of the states (or the probability that each political party will win the Senate race in each state). These state-by-state probabilities are then used in a dynamic programming algorithm to determine a probability distribution for the number of Electoral College votes that each candidate will win in the 2012 presidential election. In the case of the Senate races, the individual state probabilities are used to determine the number of seats that each party will control.'" You can tweak the site by selecting a skew toward the Republican or Democratic tickets, and whether it's mild or strong. Right now, this tool shows the odds favor another four years for Obama, even with a strong swing for the Republicans.

itwbennett writes "Hoping to avoid a sales ban in the Netherlands, Samsung has said that Android's multitouch software doesn't work as well as Apple's. Samsung lawyer Bas Berghuis van Woortman said that while Apple's technology is a 'very nice invention,' the Android system is harder for developers to use. Arguing the bizarre counterpoint, Apple's lawyer Theo Blomme told judge Peter Blok, that the Android multitouch isn't inferior and does so infringe on Apple's patent: 'They suggest that they have a lesser solution, but that is simply not true,' said Blomme."

MrSeb writes "The U.S. Federal Bureau of Investigation has begun rolling out its new $1 billion biometric Next Generation Identification (NGI) system. In essence, NGI is a nationwide database of mugshots, iris scans, DNA records, voice samples, and other biometrics that will help the FBI identify and catch criminals — but it is how this biometric data is captured, through a nationwide network of cameras and photo databases, that is raising the eyebrows of privacy advocates. Until now, the FBI relied on IAFIS, a national fingerprint database that has long been due an overhaul. Over the last few months, the FBI has been pilot testing a face recognition system, which will soon be scaled up (PDF) until it's nationwide. In theory, this should result in much faster positive identifications of criminals and fewer unsolved cases. The problem is, the FBI hasn't guaranteed that the NGI will only use photos of known criminals. There may come a time when the NGI is filled with as many photos as possible, from as many sources as possible, of as many people as possible — criminal or otherwise. Imagine if the NGI had full access to every driving license and passport photo in the country — and DNA records kept by doctors, and iris scans kept by businesses. The FBI's NGI, if the right checks and balances aren't in place, could very easily become a tool that decimates civilian privacy and freedom."

David Gerard writes "Internet Brands bought Wikitravel.org in 2006, plastered it with ads and neglected it. After years, the Wikitravel community finally decided to fork under CC by-sa and move to Wikimedia. Internet Brands is now suing two of the unpaid volunteers for wanting to leave. The Wikimedia Foundation is seeking a declaratory judgement (PDF) that you can actually fork a free-content project without permission. Internet Brands has a track record of scorched-earth litigation tactics."

chicksdaddy writes "A malicious software researcher finds herself in company with First Lady Michelle Obama and science fiction author Neil Gaiman: booted from the Web by hard-headed copyright protection algorithms, according to the Naked Security blog. Mila Parkour, a researcher who operates the Contagio malware blog, said on Thursday that she was kicked off the cloud based hosting service Mediafire, after three files she hosted there were flagged for copyright violations and ordered removed under the terms of the Digital Millennium Copyright Act (DMCA). The files included two compressed and encrypted malicious PDF files linked to Contagio blog posts from 2010. The firm responsible for filing the DMCA take down notice was Paris-based LeakID, which describes itself as a 'digital agency ...founded by experts from the world of radio, television and Internet.' LeakID markets 'Leaksearch,' an 'ownership tool that will alert you within seconds if your content...is being pirated.' According to Parkour, Mediafire received a notice from LeakID claiming that it was 'acting on behalf of the copyright owners,' though the owners and presumed copyrighted content weren't named."

This presentation was given by Joshua Corman at CodenomiCON 2012 in Las Vegas, an invitation-only security mini-conference sponsored by the pen-testing company Codenomicon that ran concurrently with Black Hat USA 2012. Josh is Director, Security Intelligence, for Akamai, and is one of the instigators of Rugged Software. He sympathizes with Anonymous more than with corporate or government forces that are determined to bring order to everything, including the Internet, on their terms. We have no transcript for this video since we only have permission to embed it, not to alter or add to it. But it's well worth watching, including the accompanying slides. And if Joshua Corman is speaking anywhere near you, it's well worth your time to go see him.