INTERNET PROTEST

GROUPS Will Fight Back FEBRUARY 11TH 2014

   

INTERNET PROTEST GROUPS, news websites and user webpages are clubbing together to fight mass surveillance next week on 11 February.

The protestors are uniting under the "Day We Fight Back" banner, and include the American Civil Liberties Union (ACLU), Demand Progress, Mozilla, Reddit, environmental activist group Greenpeace and websites like Boingboing.

The groups are uniting to protest after seven odd months of US National Security Agency (NSA) revelations on the anniversary of persecuted internet activist Aaron Schwartz's passing. The campaign launched in January and now, in the final preparation stages, the protestors are asking more people to participate.

"Today the greatest threat to a free internet, and broader free society, is the National Security Agency's mass spying regime," said David Segal, executive director of Demand Progress. "If Aaron were alive he'd be on the front lines, fighting back against these practices that undermine our ability to engage with each other as genuinely free human beings."

Not participating is Wikileaks, a website that has some common ground with the protestors. However, according to a blog post on the Fight Back website, discussions with Wikipedia have failed to meet on that common ground, and it appears that the organisation will not be participating.

The Day We Fight Back group has posted an open letter to Wikipedia trying to change its mind.

"We believe Wikipedia should take part because the project and its crucial mission are threatened by the mass surveillance we now face, and because Wikipedia's participation can have a meaningful impact," it said.

"Wikipedia provides access to material that might be considered subversive, that challenges authority structures, that cuts against what one can learn from government propaganda or mainstream media sources. It is precisely the people who engage in the editing and reading of this sort of material who are the most likely to be chilled - and the most likely to be noticed by the surveillance regime. In other words, the people that Wikipedia most needs to reach are the ones whose freedom is being most threatened."

On the day of action the websites and their users will put out messages and questions about the NSA and surveillance. Internet users are asked to take part by using supportive avatars and sharing memes and tools and passion. 

Beware! Malicious

 major website ads lead to ransomware

Malicious advertisements on domains belonging to Disney, Facebook, The Guardian newspaper and others are leading people to malware that encrypts a computer's files until a ransom is paid, Cisco Systems has found.

The finding comes shortly after technology companies and U.S. law enforcement banded together in a large operation to shut down a botnet that distributed online banking malware and so-called "ransomware," a highly profitable scam that has surged over the last year.

Cisco's investigation unraveled a technically complex and highly effective way for infecting large number of computers with ransomware, which it described in detail on its blog.

"It really is insidious," said Levi Gundert, a former Secret Service agent and now a technical lead for threat research and analysis at Cisco, in a phone interview Friday.

Cisco has a product called Cloud Web Security (CWS) which monitors its customers web surfing and reports if they are browsing to suspected malicious domains. CWS monitors billions of web page requests a day, Gundert said.

The company noticed that it was blocking requests to 90 domains, many of those WordPress sites, for more than 17 percent of its CWS customers, he said.

Further investigation showed that many of the CWS users were ending up on those domains after viewing advertisements on high-traffic domains such as "apps.facebook.com," "awkwardfamilyphotos.com," "theguardian.co.uk" and "go.com," a Disney property, among many others.

Certain advertisements that appeared on those domains, however, had been tampered with. If clicked, they redirected victims to one of the 90 domains.

The style of attack, known as "malvertising," has long been a problem. Advertising networks have taken steps to try and detect malicious advertisements placed on their network, but the security checks aren't foolproof.

Occasionally, bad advertisements slip in, which are shown on a vast array of websites that have signed up with the network or its affiliates. The websites where the ads appear are often unaware they're being abused.

"It goes to show that malvertising is a real problem," Gundert said. "People expect when they go to a Tier 1 website that it is a trustworthy place to visit, but because there are so many third-party external links, that's not really true."

The 90 domains the malicious advertisements pushed traffic to had also been hacked, Gundert said. In the case of the WordPress sites, it appears the attackers used brute-force attacks -- which involves guessing login credentials -- to access the site's control panels. Then, an exploit kit called Rig was inserted, which attacked the victim's computer, Gundert said.

The Rig exploit kit, first spotted in April by Kahu Security, checks if users are running an unpatched version of Flash, Java or the Silverlight multimedia program. If someone's computer isn't patched, "you're instantly exploited," Gundert said.

In the next stage of the attack, a ransomware program called "Cryptowall," a relative of the infamous Cryptolocker malware, is installed. It encrypts the user's files, demanding a ransom. In another sign of the operation's sophistication, the website where users can pay the ransom is a hidden website that uses The Onion Router, or the TOR network.

To navigate to a TOR hidden website, a user must have TOR installed, which Cryptowall helpfully provides instructions for how to install. Those who delay paying the ransom find it increases as time passes.

Because of the use of TOR and the technically complex attack chain, Cisco hasn't yet been able to identify a group behind the attacks.

Gundert said it is likely that several groups or people with different skills -- such as malvertising, traffic redirection, exploit writing and ransomware campaigns -- are working together.

"You could have a threat actor putting together all of these pieces on their own, but there are so many different specialties involved in this attack chain," he said.

Google Plans Low-Cost, High Quality Wi-Fi Networks For Small- And Medium-Sized Businesses, Report Says

Google is apparently planning to offers subsidized, commercial-grade Wi-Fi hardware to small and medium-sized businesses, The Information reports, alongside software to help greatly improve the quality of the Wi-Fi experience at places like doctors’ offices, restaurants, gyms and more. The hardware would be the only cost involved, as it would use the businesses’ existing Internet connections, unlike the Google-provided Wi-Fi networks running at Starbucks businesses across the U.S.

The plan is to get better Wi-Fi in the hands of these businesses in order to get more users working on Google apps and services, which ultimately means more customers spending more time engaging with Google’s money-making products, even when they’re away from their usual home and work Wi-Fi networks. This is the same team behind Google Fiber, the search giant’s high-speed net and TV service, which is being trialled in select markets across the U.S., The Information reports.

A key feature of said network would be that it could remember a user based on their Google account login, and set them up on any other Google-controlled Wi-Fi network anywhere in the world automatically. This so-called Hotspot 2.0 feature would help in terms of clearing up the onerous task of signing in to new networks every single time. And for Google, it means getting users more friction-free access to their Google accounts and services, which has obvious benefits in terms of its ad recommendation engines and products.

Google ultimately wants to blanket the world in connectivity, because that’s the best way for it to grow its user base and get its products in front of as many people as possible. The company announced its acquisition of Titan Aerospace last month, which helps with its ambitious Project Loon – bringing Internet connections to remote corners of the globe. This SMB Wi-Fi project isn’t quite as fantastic in scale, but if real, it has the same aim: make it so as many people as possible can use Google products as much as possible, as often as possible, as easily as possible.

Finally, Someone Is Disrupting The Towel

Showering is great, I’m a big fan. But drying off? Laaaaammmmmeeee. All that towelling, it’s enough to make you need another shower, am I right? New York-based startup The Body Dryer realizes this, and they’ve created a device to help you skip the towel and get dry a better way.

The Body Dryer dries you from the ground up, using a device that resembles a bathroom scale but that shoots air up to rid your body of all that excess water. The whole point of the thing is supposed to be to get rid of bacteria that can accumulate and grow on towels, which are apparently a breeding ground for that kind of thing (who knew).

The Body Dryer uses forced “ionized air” which can be set to blow either hot or cold, and the company wants to make them not only for home use, but also for commercial installations in gyms and other high traffic shower zones. At retail, this thing is supposedly going to sell for $250, but backers can secure a pre-order for just $125 while the Indiegogo campaign is going on. Already $30,000 of the $50,000 the company needs to hit production has been raised.

I didn’t include the video up top like I normally do for these projects because it includes the shameless use of scantily-clad women, which is completely unnecessary and frankly a bit stupid, but I still really do want to stop using towels and lighten my laundry load, despite any questionable marketing choices the company may have made.

As for drying time, the project’s creators claim around 30 seconds from start to finish, though this will vary slightly depending on your height – shorter people will dry faster, as they’re closer to the source of the outgoing air. Shipping on the devices is expected to take place in September, and so long as Dyson doesn’t come up with a competitor in the meantime, color me interested.

You can now 3D print your own Sesame Street toys thanks to MakerBot

We first learned of MakerBot's Digital Shop plans back at CES, and now the 3D printing outfit has announced its first licensing agreement: Sesame Street. That's right folks, starting today, you can download the requisite files needed to print your own Mr. Snuffleupagus, with more characters making their debuts in the months to come. This particular option prints in just under three hours and only deducts $1.29 from your bank account. The downside? Snuffy's source files are only compatible with the Replicator 2 and fifth-generation Replicator -- according to the online shop's specs. It shouldn't be a surprise that characters from Sesame Street are the first available here as MakerBot CEO Bre Pettis used to work for Jim Henson's Creature Shop. "3D printing is like having an engineering education in a box, but with Sesame Street, it has a playful and familiar twist," Pettis said.

Wikileaks: US government recording every call from Afghanistan

When The Intercept revealed mass NSA "full-take" call recording in the Bahamas and other nations, it declined to name another, sensitive country, citing US concerns about violence. Now Wikileaks has claimed that the nation in question is Afghanistan and said the NSA is bluffing about any possible danger to folks there. In the Wikileaks blog, Julian Assange said that the US has made such statements before and it has never seen any evidence of increased violence following leaks. On the other hand, it's easy to see why the US government wouldn't want such information public, given its war against terrorists in Afghanistan. But Assange countered that the press has no obligation to protect a country like the US if it engages in "ongoing crimes" against an entire nation. He added that's especially true when such calls are sometimes used to target drone strikes, which often kill innocent civilians. The US government has yet to comment on the matter.

Paralyzed teen to kick World Cup's first ball with mind-controlled exoskeleton

This year's World Cup could be host to something more exciting than a bicycle kick scoring the winning goal. Thanks to an international collaboration between universities such as Colorado State University, The Technical University of Munich and Duke University, a paralyzed teen is set to open the sporting event by kicking a football while wearing a motorized exoskeleton controlled by his or her brain. Colorado State University in particular recently published a video of its portion of the Walk Again Project, describing just how the mind-control helmet was 3D-printed layer-by-layer in order to fit the wearer's head and connect the electrodes. Take a peek after the break to see the video in question, which also offers a fascinating look into how advances in robotics and 3D printing can improve people's lives. Which is a hell of a lot more entertaining than watching Nigel de Jong roughing up Xabi Alonso again.