Art, Technology

Launched / Loading Artist

Gregor Czaykowski at the webcomic Loading Artist did a makeover of the website and did several comics about the process. This one should be familiar to anyone who ever launched a new website. It’s one of the reasons why millions of bloggers don’t stick with it more than a few weeks — via Neatorama

Rights, Technology

Quora’s misogyny problem: A cautionary tale

Quora’s misogyny problem is a tempest out of the teapot, and it’s a perfect example of why user based websites need to change the way they think about targeted users.

What women have been going through on Quora is harrowing: Harassment and threats, stalking on and off the site, and an atmosphere that enables ongoing targeting with moderators that don’t understand, or help.

That’s because Quora’s baseline of normal behavior around gender is all screwed up — and it was made that way — via


Washington Post, New York Times and Mozilla team up for new Web site comment system

In an unusual partnership, The Washington Post, the New York Times and software developer Mozilla will team up to create digital tools that will make it easier for readers to post comments and photos on news sites and to interact with journalists and each other.

The two-year development project will be funded by a $3.89 million grant from the John S and James L Knight Foundation, the Miami-based philanthropic organization that specialises in media and the arts.

As described by its developers, the as-yet-unnamed system aims to standardize the many different community engagement systems that Web sites now use to collect and publish outside contributions, especially reader comments and photos — via


A hue angle of 270 degrees, a saturation of 50% and a lightness of 40%

Eric Meyer is an expert on the Cascading Style Sheets (CSS) system used to control the appearance of web documents. He’s the author of multiple books on CSS, and the chaperone of the css-discuss mailing list. His daughter, Rebecca, passed away, and her family asked that those attending memorial services wear purple, her favourite color. Dominique Hazaël-Massieux requested that a purple be added to the CSS color list be named Becca Purple in her memory. Eric suggested that it be named rebeccapurple because his daughter wanted everyone to call her Rebecca after she turned six, and she was six for almost twelve hours. Today, a co-chair of the CSS Working Group announced approval of the change. From now on, rebeccapurple means #663399 — via

Design, Technology

Boeing 727-200 Airplane Home / Bruce Campbell

Electrical engineer Bruce Campbell lives in a retired Boeing 727-200 that he has parked on his rural property in Hillsboro, Oregon. Campbell bought the plane back in 1999 for $100,000, and has spent the intervening years converting it to a modest living space. The plane-home features one working lavatory, a futon, a simple kitchen, and nine emergency exits. He estimates he has spent a total of $220,000 on the project — via Laughing Squid

Photo: John Brecher/MSNBC

Business, Technology

Liam F1 Turbine / The Archimedes

Small wind turbines scaled to the right size for residential and urban areas have so far lived in the shadows of their larger wind-farm-sized counterparts. The power output has been too low for a reasonable return on investment through energy savings and the noise they produce is louder than most homeowners can deal with.

A Dutch renewable energy start-up called The Archimedes is working to solve both of those problems in a new class of small-scale wind turbine — one that is almost silent and is far more efficient at converting wind into energy. The company states that the Liam F1 turbine could generate 1,500 kWh of energy per year at wind speeds of 5m/s, enough to cover half of an average household’s energy use.

When used in combination with rooftop solar panels, a house could run off grid. When there is wind you use the energy produced by the wind turbine; when the sun is shining you use the solar cells to produce the energy, The Archimedes CEO Richard Ruijtenbeek said.

The Liam’s blades are shaped like a Nautilus shell. The design allows it to point into the wind to capture the most amount of energy, while also producing very little sound. The inventor of the turbine Marinus Mieremet says that the power output is 80 percent of the theoretical maximum energy that could be harnessed from the wind — via treehugger

Politics, Rights, Technology

Rise Up Against Govt Anti-Piracy Plans, ISP Urges

Last month Australia’s Attorney-General George Brandis labeled his citizens the worst pirates on the planet and vowed to help content holders turn that position around. But Brandis’ industry-leaning position soon became clear as he repeatedly refused to answer questions as to whether he’d properly consulted with consumer groups.

Brandis has, however, consulted deeply with the entertainment industries. His proposals for solving the piracy issue are straight out of the MPAA and RIAA cookbook – three strikes and account terminations for errant Internet users plus ISP blockades of torrent and similar sites.

The reason why the debate over these measures has dragged on so long is down to the defeat of the studios in their legal battle against ISP iiNet. That case failed to render the ISP responsible for the actions of its subscribers and ever since iiNet has provided the most vocal opposition to tough anti-piracy proposals. Today, iiNet Chief Regulatory Officer Steve Dalby underlined that stance with a call for consumers to fight back against foreign interests.

The Hollywood Studios have been relentlessly lobbying the Australian Government on a range of heavy-handed solutions, from a three strikes proposal, through to website filtering — none of which take consumers’ interests into account, Dalby explains.

On three strikes, Dalby notes that even though customers will be expected to pick up the bill for its introduction, there’s no evidence that these schemes have curtailed piracy or increased sales in any other country — via


Thieves Planted Malware to Hack ATMs

A recent ATM skimming attack in which thieves used a specialized device to physically insert malicious software into a cash machine may be a harbinger of more sophisticated scams to come.

Authorities in Macau — a Chinese territory approximately 40 miles west of Hong Kong — this week announced the arrest of two Ukrainian men accused of participating in a skimming ring that stole approximately $100,000 from at least seven ATMs. Local police said the men used a device that was connected to a small laptop, and inserted the device into the card acceptance slot on the ATMs.

Armed with this toolset, the authorities said, the men were able to install malware capable of siphoning the customer’s card data and PINs. The device appears to be a rigid green circuit board that is approximately four or five times the length of an ATM card.

According to local press reports (and supplemented by an interview with an employee at one of the local banks who asked not to be named), the insertion of the circuit board caused the software running on the ATMs to crash, temporarily leaving the cash machine with a black, empty screen. The thieves would then remove the device. Soon after, the machine would restart, and begin recording the card and PINs entered by customers who used the compromised machines.

The Macau government alleges that the accused would return a few days after infecting the ATMs to collect the stolen card numbers and PINs. To do this, the thieves would reinsert the specialized chip card to retrieve the purloined data, and then a separate chip card to destroy evidence of the malware — via

Rights, Technology

Vodafone’s Disclosure Report reveals global scale of mobile phone surveillance

The world’s second largest mobile phone company, Vodafone, says at least six unnamed governments can use its phone system to monitor customers whenever they want.

The company’s Disclosure Report says most governments need legal notices to access its networks, but there are six nations — which is says it cannot name for legal reasons — that have direct access.

It says in those countries authorities have inserted their own equipment into the network or have diverted all data through government systems so they can permanently access customers’ communications.

In a small number of countries the law dictates that specific agencies and authorities must have direct access to an operator’s network, bypassing any form of operational control over lawful interception on the part of the operator, the company said.

It added that in Albania, Egypt, Hungary, India, Malta, Qatar, Romania, South Africa and Turkey it could not disclose any information related to wiretapping or interception — via

Rights, Technology

MP3, DVD and CD Copying is Now Legal in The UK (For Some)

Most people in the UK may not have realised it, but every time they backed up an MP3 or made a copy of a CD or DVD for personal use, they were breaking the law.

Starting today this is no longer the case for the disabled, thanks to a revision of copyright law that just went into effect. Disabled citizens can now copy and publish copyrighted material if there’s no commercial alternative available.

Disabled people and disability groups can now make accessible copies of copyright material (eg music, film, books) when no commercial alternative exists, the Government announced today.

Previously the Government also said that all private copying for personal use would be legal starting in June, but this has apparently been delayed pending Parliament approval.

However, following a thorough inspection of local copyright legislation the UK Government has already committed to change current laws in favor of consumers — via

Business, Technology

Australia sees rise in cyber attacks, competitors to blame: CERT

The main motivation behind rising online security attacks in Australia is competitors seeking commercial information and advantage, according to the latest Cyber Crime and Security Survey Report by Computer Emergency Response Team (CERT) — part of the Attorney-General’s Department.

The main motivation for cyber-attacks is considered to be competitors seeking commercial advantage, said George Brandis, Australia’s Attorney General and Minister for the Arts. This aligns with the cyber threat of most concern to businesses, which is theft or breach of confidential information or intellectual property.

This of course has recently come to prominence through the US indicting Chinese officials for the theft of IP from US companies by cyber means.

While many of the companies surveyed reported the computer security incidents, others didn’t, raising concerns they don’t know what’s really happening on their networks — via

Rights, Technology

Mozilla begrudgingly decides to adopt Adobe’s DRM

Like it or not, a new era of DRM began on the internet overnight. Mozilla, the last major holdout to the W3C’s endorsed DRM extensions known as Encrypted Media Extensions (EME), reluctantly decided to reverse its previous position and implement EME in the desktop versions of Firefox.

We have come to the point where Mozilla is not implementing the W3C EME specification means that Firefox users have to switch to other browsers to watch content restricted by DRM, wrote Mozilla’s new CTO Andreas Gal in a blog post.

Mozilla would have preferred to see the content industry move away from locking content to a specific device (so called node-locking), and worked to provide alternatives.

To implement its DRM solution, the browser maker has teamed up with Adobe to provide a Content Decryption Module (CDM) — unlike the rest of Mozilla’s codebase, the CDM has a proprietary licence. Rather than directly loading the CDM, Mozilla have decided to place the CDM in an open source sandbox, and removed permissions for the CDM to access a user’s hard drive or network. The only data passed to the CDM will be decoding DRM-wrapped data, with the CDM returning its frame results for display to the user — via

Politics, Rights, Technology

Glenn Greenwald: how the NSA tampers with US-made internet routers

But while American companies were being warned away from supposedly untrustworthy Chinese routers, foreign organisations would have been well advised to beware of American-made ones. A June 2010 report from the head of the NSA’s Access and Target Development department is shockingly explicit. The NSA routinely receives — or intercepts — routers, servers and other computer network devices being exported from the US before they are delivered to the international customers.

The agency then implants backdoor surveillance tools, repackages the devices with a factory seal and sends them on. The NSA thus gains access to entire networks and all their users. The document gleefully observes that some SIGINT tradecraft … is very hands-on (literally!).

Eventually, the implanted device connects back to the NSA. The report continues: In one recent case, after several months a beacon implanted through supply-chain interdiction called back to the NSA covert infrastructure. This call back provided us access to further exploit the device and survey the network.

It is quite possible that Chinese firms are implanting surveillance mechanisms in their network devices. But the US is certainly doing the same — via

Politics, Technology

Australian government likely to standardise on Drupal

The federal government is eyeing the introduction of a government-wide content-management system. The Australian Government Information Management Office (AGIMO) has indicated its preference is to use the open-source Drupal Web platform and to have the CMS delivered as a cloud service.

The Government Content Management System (GovCMS) is envisaged as an important service offering for Australian Commonwealth Government agencies, the Australian government CTO, John Sheridan, wrote in a blog entry.

GovCMS is intended to support more effective web channel delivery functions within Government, and enable agencies to redirect effort from non-core transactional activities, towards higher-value activities that are more aligned with core agency missions, a draft statement of requirements issued by AGIMO states.

An analysis by AGIMO found that between 182 and 450 websites could be transitioned to GovCMS over four years. The use of an open source solution means that Drupal modules could be shared between public sector agencies and the community, the draft states.

A transition to GovCMS will begin with and, the document states. The target go-live date is September this year — via


Programming Sucks / Peter Welch

Every friend I have with a job that involves picking up something heavier than a laptop more than twice a week eventually finds a way to slip something like this into conversation: Bro,1 you don’t work hard. I just worked a 4700-hour week digging a tunnel under Mordor with a screwdriver.

They have a point. Mordor sucks, and it’s certainly more physically taxing to dig a tunnel than poke at a keyboard unless you’re an ant. But, for the sake of the argument, can we agree that stress and insanity are bad things? Awesome. Welcome to programming — via Still Drinking


Huge floppy disks and other old tech is common at Air Force nuclear missile silos

You’d probably expect to encounter all sorts of crazy technology in a US Air Force nuclear silo. One you might not expect: floppy disks.

Leslie Stahl of CBS’s 60 Minutes reported from a Wyoming nuclear control center for a segment that aired on Sunday, and the Cold War-era tech she found is pretty amazing. But it also makes sense. The government built facilities for the Minuteman missiles in the 1960s and 1970s, and though the missiles have been upgraded numerous times to make them safer and more reliable, the bases themselves haven’t changed much. And there isn’t a lot of incentive to upgrade them. ICBM forces commander Major General Jack Weinstein told Stahl that the bases have extremely tight IT and cyber security, because they’re not Internet-connected and they use such old hardware and software — via


Almost 100 hate-crime murders linked to single website, report finds

People charged with the murders of almost 100 people can be linked to a single far-right website, according to a new report from the Southern Poverty Law Center (SPLC).

The White Nationalist web forum says it promotes values of the embattled white minority, and its users include Anders Behring Breivik, who killed 77 people in a 2011 massacre in Norway, and Wade Michael Page, who shot and killed six people at a Sikh temple in Wisconsin in 2012.

After a two-year investigation, the SPLC said (pdf) that since Stormfront became one of the first hate sites on the internet in 1995, its registered users have been disproportionately responsible for major killings. The report was released a month early after white supremacist Frazier Glenn Miller, also known as Frazier Glenn Cross, was accused of killing three people at a Jewish center in Kansas City on Sunday.

We know that the people who are going to commit the kinds of crimes, like the kinds of crimes Miller committed last weekend, this is where they live, said Heidi Beirich, report author and a director at the SPLC’s Intelligence Project. The report, released on Thursday, calls Stormfront the largest hate site in the world and a magnet and breeding ground for the deadly and deranged.

Of the site’s more than 286,000 users, only a small sliver are highly active, the report found, with fewer than 1,800 people logging in each day. While the SPLC only identified 10 murderers out of this large user base, researchers think the murderers’ connection to the site is important because it shows how the website offers a community for people who commit these crimes — via


‘Heartbleed’ Bug Exposes Passwords, Web Site Encryption Keys

Researchers have uncovered an extremely critical vulnerability in recent versions of OpenSSL, a technology that allows millions of Web sites to encrypt communications with visitors. Complicating matters further is the release of a simple exploit that can be used to steal usernames and passwords from vulnerable sites, as well as private keys that sites use to encrypt and decrypt sensitive data.


The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop communications, steal data directly from the services and users and to impersonate services and users

— via

Politics, Rights, Technology

Border Protection forces Facebook content removal through Twitter

The Department of Immigration and Border Protection (DIBP) has succeeded in having a member of the public remove a post from her Facebook wall that a spokesperson has said targeted a staff member within the department.

On Friday, in a series of Tweets from the Department of Immigration and Border Protection’s official Twitter account, the department asked Vanessa Powell, a teacher and a volunteer on community radio, to remove a Facebook post that “contains an offensive remark directed at a staff member” from a man named George Georgiadis — via

Politics, Rights, Technology

Dob in your tweeting mate at work? So much for free speech

There is no case, none, to limit debate about the performance of national leaders. The more powerful people are, the more important the presumption must be that less powerful people should be able to say exactly what they think of them.

That’s the Tony Abbott of 2012, addressing his friends at the Institute for Public Affairs. What a difference a couple of years makes.

New guidelines from the department of prime minister and cabinet threaten employees with discipline if they are critical or highly critical of the department, the minister or the prime minister on Facebook, Twitter, YouTube, Pinterest, Flickr, blogs, or anywhere much else.

Note that the policy applies to posts in a personal capacity — even those made anonymously — and that public servants are urged to dob in any colleagues they might recognise.

If an employee becomes aware of another employee who is engaging in conduct that may breach this policy, the edict explains, there is an expectation that the employee will report the conduct to the ­department.

Tim Wilson, then head of the IPA, was in the audience for Abbott’s freedom wars speech. Surely our self-proclaimed freedom commissioner will denounce measures muzzling public servants?

Not so much, no.

There is nothing inconsistent with free speech and having codes of conduct or policies as a condition of employment that require professional, respectful behaviour in their role and the public domain, Wilson told the Daily Telegraph.

Elsewhere, Wilson explicitly rejects the charge that he cares only about the rights of the most powerful. Free speech is for everyone, he says. But his support for the restrictions on employees illustrates that, by everyone, he means something more like everyone I know — via

Business, Rights, Technology

Mozilla boss Brendan Eich resigns after gay marriage storm

The chief executive of Mozilla — the company best known for its Firefox browser — has stepped down.

Brendan Eich was appointed just last month but came in for heavy criticism for his views on same-sex marriage.

Mozilla’s executive chairwoman Mitchell Baker announced the decision in a blog post.

Mozilla prides itself on being held to a different standard and, this past week, we didn’t live up to it, she wrote.

We know why people are hurt and angry, and they are right: it’s because we haven’t stayed true to ourselves.

“We didn’t act like you’d expect Mozilla to act. We didn’t move fast enough to engage with people once the controversy started. We’re sorry. We must do better.

Mr Eich has also stepped down from the board of the Mozilla Foundation, the non-profit organisation which owns the for-profit Mozilla Corporation — via

Business, Entertainment, Technology

Terminator-maker ‘Cyberdyne Inc’ lists on Tokyo stock exchange

El Reg readers of a more fatalistic disposition may be dismayed, but probably not surprised, to hear that Cyberdyne — the company that invented Skynet and ultimately the murderous Terminator machines – has just listed on the Tokyo stock exchange.

Of course, it’s not the shadowy defence firm of the iconic Arnie films, which unwittingly brings about the virtual destruction of mankind.

No, this one is a maker of exoskeleton suits and supports designed to help those with serious muscular, nerve or cerebral damage recover movement.

The firm also produces support gear which can be worn by carers to lift heavy loads and even markets a radiation-shielding disaster recovery suit for emergency workers.

Innocuous enough, you may think, although so were the origins of the cybermen — via


Gordon Sands Threatens Seattle Bubble with Google Disavow in Misguided Attempt to Clean Up Comment Spam

Last week I got an email from Gordon Sands, a principal of — a website I’d never heard of — claiming that Seattle Bubble contains link(s) to The claimed reason for this random email was to remove a link on my site because the links are not in the same niche as our site, but the real reason was obviously that the proprietors of this site had previously engaged in link-spamming, were punished by Google, and are now scrambling to get publishers to remove their comment spam links — via

Rights, Technology

Chilling Effects DMCA Archive is ‘Repugnant’, Copyright Group Says

If it wasn’t for the Chilling Effects DMCA clearing house the actions of those abusing the DMCA would go largely unreported. Still, the Copyright Alliance doesn’t like the site, this week describing the information resource as repugnant to the DMCA. Unsurprisingly, Chilling Effects sees things differently.

Thanks to Google’s Transparency Report we have the clearest picture yet of the battle taking place between content owners and the indexing and linking of allegedly infringing content online. The search engine takes down millions of URLs every week, a not insignificant amount by any standard.

Fortunately we don’t simply have to take Google’s statistics at face value. The notices received by the company are processed and later sent to the Chilling Effects Clearinghouse. There they are input into a searchable database so that the public can cross reference Google’s reports (along with others from companies such as Twitter) with the actual takedown notices, thus bringing accountability to the process.

It is through both of these database that TorrentFreak has been able to unearth dozens of serious errors and abuses carried out by the automated takedown systems operated by the world’s largest copyright holders. While there can be little doubt that Chilling Effects is an invaluable resource for those reporting on piracy issues or tracking DMCA abuses, not everyone is happy with the service being offered by the site– via

Politics, Rights, Technology

Australian government departments want to keep power to censor websites

The Australian Federal Police (AFP), the Australian Securities Investment Commission (ASIC), and one unnamed agency have indicated to the government that they would likely seek to keep using powers in the Telecommunications Act to force ISPs to block websites.

In April 2013, following a bungle by ASIC that resulted in accidentally blocking customer access to 250,000 websites for at least two ISPs — when the agency was just seeking to block websites associated with investment fraud — it was revealed that three Commonwealth government agencies had been using Section 313 of the Telecommunications Act to compel ISPs to block customer access to websites on their behalf.

Following public backlash, and amid cries of censorship and criticism over the lack of transparency over the power, the then-Labor government promised to review the power, and improve the oversight and transparency of the process.

At the time, despite the controversy, it seems that internally, agencies had indicated to the government that they intended to continue using the power. A briefing document from a meeting convened by the Department of Communications in May 2013, and published online yesterday under Freedom of Information revealed that the three agencies the department had discovered to be using section 313 to block websites indicated their intention to use Section 313(3) in a similar way in the future.

The heavily redacted briefing document showed that the AFP had used the power 21 times between June 2011 and February 2013 to request ISPs to block websites listed on the Interpol worst of child abuse websites, and would continue to do so in the future.

The document also stated that the AFP may have also used the power to combat some spam and phishing sites. AFP deputy commissioner Michael Phelan said last year that this is not an efficient method of dealing with malware sites.

ASIC was also listed as intending to use the power again — via

Business, Technology

Tim Cook Soundly Rejects Politics of the NCPPR, Suggests Group Sell Apple’s Stock

In an emotional response to the National Centre for Public Policy Research (NCPPR), Apple CEO Tim Cook soundly rejected the politics of the group and suggested it stop investing in Apple if it doesn’t like his approach to sustainability and other issues.

Mr Cook’s comments came during the question and answer session of Apple’s annual shareholder meeting, which the NCPPR attended as shareholder. The self-described conservative think tank was pushing a shareholder proposal that would have required Apple to disclose the costs of its sustainability programs and to be more transparent about its participation in “certain trade associations and business organizations promoting the amorphous concept of environmental sustainability.”

As I covered in depth yesterday, the proposal was politically-based, and rooted in the premise that humanity plays no role in climate change. Other language in the proposal advanced the idea that profits should be the only thing corporations consider.

That shareholder proposal was rejected by Apple’s shareholders, receiving just 2.95 percent of the vote. During the question and answer session, however, the NCPPR representative asked Mr Cook two questions, both of which were in line with the principles espoused in the group’s proposal — via

Business, Technology

Melbourne IT to purchase Netregistry in AU$50.4m deal

Melbourne IT announced today that it has entered into an agreement with competitor Netregistry to purchase the company in a deal worth AU$50.4 million.

The payment for the purchase will be made in two parts, with 4.99 percent to 9.99 percent of outstanding Melbourne IT shares offered to Netregistry shareholders, and the remainder paid in cash. This will see Melbourne IT part with 4.3 million to 9.3 million shares and between AU$38 million to AU$45 million in cash, subject to regulatory approval.

The proposed transaction will bring together two of Australia’s leading web services businesses, generating significant benefits for customers, employees, and shareholders of both companies, said acting CEO of Melbourne IT Peter Findlay — via

Business, Technology

Australia’s ongoing online retail fiasco

The continuing inability of Myer and David Jones to deliver customers a decent online brand experience disqualifies them from complaining about digital competitors eating their lunch, argues Tim Burrowes.

All credit to Myer. It’s not many retailers who can make a Boxing Day sale last for three weeks.

But thanks to comments from unhappy customers on the company’s Facebook page, it is possible to monitor in real time the continuing erosion of brand value.

I must declare an interest here. I am myself an amused and bemused consumer of that online experience. Not that Myer’s main rival David Jones has done much better, but more on that later.

Being something of a misanthrope when it comes to bricks and mortar retail sales, I actually decided to give the stores’ online sales a shot.

As it will have been hard to miss, Myer’s site crashed within hours of its Christmas night launch and remained offline for the next eight days.

In a world where Google being down for eight seconds would be remarked upon, Australia’s biggest retail brand was down for eight days.

But most curious was how unconcerned Myer boss Bernie Brookes seemed.

The nice folk at partner IBM were hard at work fixing it, he told the market.

And online was, he reassured his investors, only responsible for about one per cent of the company’s revenues. Which doesn’t sound too bad until you wonder whether the fact that it’s only at one per cent is because the store hasn’t been doing enough to catch up with its competitors.

Still, when the Myer site came back, and lured by the offer of free delivery, I gave it a shot — via

Politics, Rights, Technology

Turkish police fire tear gas, rubber bullets in protests against internet control, corruption

Riot police in Turkey have fired tear gas, rubber bullets and used water cannons on demonstrators in Istanbul and Ankara protesting against government plans to impose curbs on the internet.

Rights groups say the proposals, which were approved by parliament last week, amount to censorship and will increase government control of the internet.

Up to 2,000 protesters chanted government resign and all united against fascism at Istanbul’s Taksim Square, some of them hurling fireworks and stones at police.

Everywhere Taksim, everywhere resistance, they shouted, using the slogan of last June’s anti-government protests that first erupted in the square.

The demonstration was organised in protest at plans to impose curbs on the internet and over the graft scandal rocking the government.

It broke up after the police action without any immediate reports of injuries or arrests — via

Politics, Rights, Technology

Teen Reported to Police After Finding Security Hole in Website

A teenager in Australia who thought he was doing a good deed by reporting a security vulnerability in a government website was reported to the police.

Joshua Rogers, a 16-year-old in the state of Victoria, found a basic security hole that allowed him to access a database containing sensitive information for about 600,000 public transport users who made purchases through the Metlink web site run by the Transport Department. It was the primary site for information about train, tram and bus timetables. The database contained the full names, addresses, home and mobile phone numbers, email addresses, dates of birth, and a nine-digit extract of credit card numbers used at the site, according to The Age newspaper in Melbourne.

Rogers says he contacted the site after Christmas to report the vulnerability but never got a response. After waiting two weeks, he contacted the newspaper to report the problem. When The Age called the Transportation Department for comment, it reported Rogers to the police.

It’s truly disappointing that a government agency has developed a website which has these sorts of flaws, Phil Kernick, of cyber security consultancy CQR, told the paper. So if this kid found it, he was probably not the first one. Someone else was probably able to find it too, which means that this information may already be out there.

The paper doesn’t say how Rogers accessed the database, but says he used a common vulnerability that exists in many web sites. It’s likely he used a SQL injection vulnerability, one of the most common ways to breach web sites and gain access to backend databases — via


Internet Archive puts classic 70s and 80s games online

Classic video games from the 1970s and 1980s have been put online by the Internet Archive and can be played within a web browser for nothing.

The collection has launched with games from five early home consoles, including the Atari 2600 and Colecovision.

The games do not have sound, but will soon, the Internet Archive said.

In coming months, the playable software collection will expand greatly, archivist Jason Scott wrote.

Making these vintage games available to the world, instantly, allows for commentary, education, enjoyment and memory for the history they are a part of.

The other machines included are the Atari 7800, the Magnavox Odyssey (known as the Philips Videopac G7000 in Europe) and the Astrocade.

Well-recognised titles such as Pacman, Space Invaders and Frogger are all in the archive — with more consoles and games expected soon — via


How Anti-Piracy Trolls Tried and Failed to Ruin Christmas

Copyright trolls do not care about people. Copyright trolls do not care about family life. Copyright trolls do not care if they ruin someone’s reputation. What copyright trolls care about is money, as much money as they can get their greedy hands on. Nevertheless, some people have been standing up to them and today they will enjoy the fruits of their patience, sharing Christmas day with family and spending their money on those who matter.

For the last couple of years TorrentFreak has run semi-regular articles on the efforts of GoldenEye International, an adult movie outfit affiliated with the Ben Dover porn brand and one that realized there’s money to be made from the bullying game.

Just like most other trolls their business model is simple. Send threatening letters to ISP account holders telling them that they have been caught watching some pretty embarrassingly titled movies and inform them that paying a cash settlement is the only way to remedy the situation.

TorrentFreak invited people targeted by the company to contact us and over the past year we’ve had a steady stream of terribly worried individuals email us with requests for information. The more of these emails you read, the more you appreciate the scale of the heartbreak for all of those involved.

At this point we should be clear — some people we spoke with clearly knew more than they were prepared to admit and some probably did download some content without permission. However, many others obviously did not and when you come across these cases you can see that companies like GoldenEye really do not give a damn about who they hurt, and they will brush off collateral damage like it doesn’t exist — via

History, Technology

Royal pardon for codebreaker Alan Turing

Computer pioneer and codebreaker Alan Turing has been given a posthumous royal pardon.

It overturns his 1952 conviction for homosexuality for which he was punished by being chemically castrated.

The conviction meant he lost his security clearance and had to stop the code-cracking work that proved critical to the Allies in World War II.

The pardon was granted under the Royal Prerogative of Mercy after a request by Justice Minister Chris Grayling — via

Rights, Technology

How much did NSA pay to put a backdoor in RSA crypto? Try $10m

The mystery of why RSA would use a flawed, NSA-championed algorithm as the default random number generator for several of its encryption products appears to be solved, and the answer is utterly banal, if true: the NSA paid it to.

Reuters reports that RSA received $10m from the NSA in exchange for making the agency-backed Dual Elliptic Curve Deterministic Random Bit Generator (Dual EC DRBG) its preferred random number algorithm, according to newly disclosed documents provided by whistleblower Edward Snowden.

If that figure sounds small, that’s because it is. Tech giant EMC acquired RSA for $2.1bn in 2006 — around the same time as the backroom NSA deal — so it seems odd that RSA would kowtow to the g-men so cheaply.

But according to Reuters, at the time, things weren’t looking so good for the division of RSA that was responsible for its BSafe encryption libraries. In 2005, those tools brought in a mere $27.5m of RSA’s $310m in annual revenue, or just 8.9 per cent.

By accepting $10m from the NSA, as Reuters claims, the BSafe division managed to increase its contribution to RSA’s bottom line by more than a third — via


Trust Me (I’m a kettle)

The internet of things may be coming to us all faster and harder than we’d like.

Reports coming out of Russia suggest that some Chinese domestic appliances, notably kettles, come kitted out with malware — in the shape of small embedded computers that leech off the mains power to the device. The covert computational passenger hunts for unsecured wifi networks, connects to them, and joins a spam and malware pushing botnet. The theory is that a home computer user might eventually twig if their PC is a zombie, but who looks inside the base of their electric kettle, or the casing of their toaster? We tend to forget that the Raspberry Pi is as powerful as an early 90s UNIX server or a late 90s desktop; it costs £25, is the size of a credit card, and runs off a 5 watt USB power source. And there are cheaper, less competent small computers out there. Building them into kettles is a stroke of genius for a budding crime lord looking to build a covert botnet.

But that’s not what I’m here to talk about — via

Business, Technology

TPG buys AAPT from Telecom NZ for AU$450m

Telecom New Zealand is set to sell off AAPT at a fraction of the price it paid for the company back in 1999, with TPG stepping out to buy the company for AU$450 million.

Telecom NZ this morning confirmed to the Australian Securities Exchange that TPG would pick up the business telecommunications and cloud company by the end of February 2014.

The transaction was said to be free of conditions precedent.

It had been reported that Telecom NZ had been looking to sell the Australian business since at least October, with Goldman Sachs recruited to manage the transaction.

Including the AU$60 million iiNet paid for AAPT’s consumer division in 2010, the total value for AAPT is significantly lower than the AU$2.2 billion that Telecom New Zealand paid for it in the peak of the dot com boom in 1999.

AAPT’s revenue has declined over the last few years, with the company this year reporting earnings before interest, tax, depreciation, and amortisation of AU$57 million, down by AU$10 million on the previous financial year — via

Science, Technology

Polymer gel, heal thyself: Engineering team proposes new composites that can regenerate when damaged

When a chair leg breaks or a cell phone shatters, either must be repaired or replaced. But what if these materials could be programmed to regenerate — themselves, replenishing the damaged or missing components, and thereby extend their lifetime and reduce the need for costly repairs?

That potential is now possible according to researchers at the University of Pittsburgh Swanson School of Engineering, who have developed computational models to design a new polymer gel that would enable complex materials to regenerate themselves — via

Rights, Technology

Photographer wins $1.3m payout from companies that took images from Twitter

A US federal jury has ordered two media companies to pay $US1.2 million ($1.3m) to a freelance photojournalist for their unauthorised use of photographs he posted to Twitter.

The jury found Agence France-Presse and Getty Images wilfully violated the Copyright Act when they used photos Daniel Morel took in his native Haiti after the 2010 earthquake that killed more than 250,000 people, Mr Morel’s lawyer, Joseph Baio, said.

The case is one of the first to address how images that individuals make available to the public through social media can be used by third parties for commercial purposes.

We believe that this is the first time these defendants, or any other major digital licensor of photography, have been found liable for wilful violations of the Copyright Act, Mr Baio said in an email.

Lawyers for AFP and Getty did not immediately respond to requests for comment — via

Politics, Rights, Technology

Hosting what the Govt won’t: Delimiter establishes AGD FoI mirror

Technology media outlet Delimiter today revealed it would establish a free file-serving mirror of PDF documents published under Freedom of Information laws by the Attorney-General’s Department and relevant to the technology sector, in the wake of confirmation by the department that it has removed such documents from its website.

Under the Freedom of Information Act, all government departments and agencies covered by the legislation must provide a way for the public to access documents which any party has requested under the legislation. This means that if individuals make FoI requests of government organisations, that that information will eventually reach the public domain and be accessible to all.

Almost all Federal Government organisations — including some government business enterprises such as NBN Co — interpret the act to mean that they must publish documents released under the FoI act in a disclosure log on their website. The Attorney-General’s Department, which contains FoI oversight as part of its portfolio, has historically done this.

However, the department recently removed PDF documents relating to FoI requests from its website, forcing those seeking access to the documents to email or otherwise communicate with it directly. This has substantially reduced access to a number of sensitive documents — via

Business, Technology

New Research Says Aussie Retailers Suck At Online Shopping

Australian consumers are embracing digital commerce, but Australian retailers are failing to build long-term relationships with their customers online, according to new research.

More than 50 per cent of Australians have been described as digital buyers who prefer to buy online where possible, a statistic that puts Australians among the top digital consumers in the world.

But the Australian retail sector is late to the party. A recent Deloitte survey found that Australian retailers are going digital at a snail’s pace.

More than 50 per cent of respondents expect to generate less than 2 per cent of their Christmas sales online.

And while David Jones’ 1000 per cent quarterly increase in online sales recently made headlines, this increase comes from a very low base, with digital commerce now accounting for a mere 1% of the retail giant’s total sales figure — via


3D-printed guns can explode, injure users, tests show

The Bureau of Alcohol, Tobacco, Firearms, and Explosives (ATF) last week released videos of tests of plastic guns made with 3D printers that show some exploding on the first shot. The explosions could injure users, the testing found.

The ATF has been testing guns made with 3D printers using two commonly used thermoplastic materials over the past year to determine how safe the weapons are.

Guns made using one of the two thermoplastics tested, a polymer from VisiJet, never lasted more than one shot before exploding. The other material, acrylonitrile butadiene styrene (ABS), could produce a gun that fired eight times without incident.

The agents stopped shooting after eight bullets, an ATF spokesperson said.

It depends on the material as well as the quality of the printer. Those variables both go into it, the spokesperson said.

The spokesperson wouldn’t identify 3D printers used or which computer-assisted drawing (CAD) files were downloaded to create the weapon — via

Business, Rights, Technology

UK spies continue ‘quantum insert’ attack via LinkedIn, Slashdot pages

According to a new report by Der Spiegel, the British signals intelligence spy agency has again employed a quantum insert technique as a way to target employees (Google Translate) of two companies that are GRX (Global Roaming Exchange) providers.

The lead author of the story in the German magazine is Laura Poitras, one of the journalists known to have access to the entire trove of documents leaked by former National Security Agency (NSA) contractor Edward Snowden.

GRX is roughly analogous to an IX (Internet Exchange), and it acts as a major exchange for mobile Internet traffic while users roam around the globe. There are only around two dozen such GRX providers globally. This new attack specifically targeted administrators and engineers of Comfone and Mach (which was acquired over the summer by Syniverse), two GRX providers.

Der Spiegel suggests that the Government Communications Headquarters (GCHQ), the British sister agency to the NSA, used spoofed versions of LinkedIn and Slashdot pages to serve malware to targets. This type of attack was also used to target nine salaried employees of the Organisation of Petroleum Exporting Countries (OPEC), the global oil cartel.

This new revelation may be related to an attack earlier this year against Belgacom International Carrier Services (BICS), a subsidiary of the Belgian telecom giant Belgacom. BICS is another one of the few GRX providers worldwide — via


How to roll your own VPN

If you need to encrypt traffic from your computer or mobile device, you have many options. You could buy a commercial VPN solution, or you could sign up for a VPN service and pay a monthly fee. Or for less money, you could create your own VPN and gain the use of a Linux VPS (Virtual Private Server) anywhere in the world. This roll-your-own option is made possible through the use of the open source OpenVPN project, Linux, and a few open source client-side applications. The VPS-based setup described here is designed to encrypt all the traffic from your laptop, desktop, or mobile phone to your VPN server, which then unencrypts that traffic and passes it on to its destination. This can be very useful if you’re using the Internet from a coffee shop, a hotel, or a conference and you do not trust the network — via ITworld


Meet badBIOS, the mysterious Mac and PC malware that jumps airgaps

Three years ago, security consultant Dragos Ruiu was in his lab when he noticed something highly unusual: his MacBook Air, on which he had just installed a fresh copy of OS X, spontaneously updated the firmware that helps it boot. Stranger still, when Ruiu then tried to boot the machine off a CD ROM, it refused. He also found that the machine could delete data and undo configuration changes with no prompting. He didn’t know it then, but that odd firmware update would become a high-stakes malware mystery that would consume most of his waking hours.

In the following months, Ruiu observed more odd phenomena that seemed straight out of a science-fiction thriller. A computer running the Open BSD operating system also began to modify its settings and delete its data without explanation or prompting. His network transmitted data specific to the Internet’s next-generation IPv6 networking protocol, even from computers that were supposed to have IPv6 completely disabled. Strangest of all was the ability of infected machines to transmit small amounts of network data with other infected machines even when their power cords and Ethernet cables were unplugged and their Wi-Fi and Bluetooth cards were removed. Further investigation soon showed that the list of affected operating systems also included multiple variants of Windows and Linux.

We were like, ‘Okay, we’re totally owned,’ Ruiu told Ars. ‘We have to erase all our systems and start from scratch,’ which we did. It was a very painful exercise. I’ve been suspicious of stuff around here ever since.

In the intervening three years, Ruiu said, the infections have persisted, almost like a strain of bacteria that’s able to survive extreme antibiotic therapies. Within hours or weeks of wiping an infected computer clean, the odd behaviour would return. The most visible sign of contamination is a machine’s inability to boot off a CD, but other, more subtle behaviours can be observed when using tools such as Process Monitor, which is designed for troubleshooting and forensic investigations.

Another intriguing characteristic: in addition to jumping airgaps designed to isolate infected or sensitive machines from all other networked computers, the malware seems to have self-healing capabilities — via


So many cyberspying hackers about… and most of you are garbage

Cyber-espionage groups are too numerous to count and are often far less skilled than their reputation suggests, according to threat-trackers.

Costin Raiu, director of global research at Kaspersky Lab, estimated that anything between 100 to 200 hacking crews operate in China alone.

Despite the hype abut zero-day attacks, many successful assaults relied on rudimentary attacks that successfully took advantage of poor patching practices and other rudimentary security mistakes, Raiu said during a panel session at the RSA Europe Conference — via


Ditch Microsoft Office or take a pay cut: Which would you choose?

The strongest driver for free software adoption in a public administration? Fear of layoffs.

If you don’t believe it, ask the autonomous province of South Tyrol, in Northern Italy. The local government has just begun implementing a plan that will have most public sector organisations in the region using LibreOffice by 2016. Really.

And why did they do it? Because the austerity measures passed by the national government meant the region was left facing a €16m cut to its personnel budget. In order to avoid cutting employees (or, more likely, their pay), management and unions had to find a creative solution. Which they did: a mass migration from Microsoft Office to an open source equivalent.

The savings are mandatory, so it was either us or the proprietary software, said Erwin Pfeifer, not entirely joking. Pfeifer is a member of the autonomous province’s IT department and one of the people managing the project — via

Politics, Technology

FTTP NBN ‘wacko’, claims Mad Monk PM

Prime Minister Tony Abbott has described the previous Labor Federal Government’s attempt to extend fibre broadband to most Australian homes and businesses as wacko, despite the fact that Labor’s Fibre to the Premises model is seen as the long-term future of most fixed telecommunications networks globally.

Under Labor’s NBN policy, some 93 percent of Australian premises were to have received fibre directly to the premise, delivering maximum download speeds of up to 1Gbps and maximum upload speeds of 400Mbps. The remainder of the population was to have been served by a combination of satellite and wireless broadband, delivering speeds of up to 25Mbps.

Originally, the Coalition’s policy was to have seen fibre to the premises deployed to a significantly lesser proportion of the population — 22 percent — with 71 percent covered by fibre to the node technology, where fibre is extended to neighbourhood nodes and the remainder of the distance to premises covered by Telstra’s existing copper network. The Coalition’s policy was also continue to use the HFC cable network operated by Telstra and will also target the remaining 7 percent of premises with satellite and wireless.

However, the possibility of a different style of rollout has been raised by Turnbull in the several weeks since the Liberal MP became Communications Minister. In late September, Turnbull appeared to have drastically modified the Coalition’s policy stance on the NBN just weeks after the Federal Election, declaring the Coalition was not wedded to its fibre to the node model and was thoroughly open-minded about the technology to be used in the network. NBN Co is currently conducting a strategic review into its operations and model that will inform Turnbull’s decisions regarding the project’s future.

However, in a new interview with the Washington Post published this week, Abbott directly stated that Labor’s FTTP model was irrational — via