For the NSA, Tor and Trails Linux users are "extremists"

The source code of the XKeystore shows that the U.S. agency seeks to trace and identify all those interested directly or indirectly in "Tor" or "Tails Linux".

If you use the Tor network or Tails secure Linux operating system - or you are simply connected to the websites of these programs - know that there is a good chance the NSA has you now on sight and tagged as an "extremist". 
This is what the German WDR and ARD sites just revealed after they've got their hands on some of the XKeystore source code, the famous NSA search engine .  
 
In a video report, we find lines of code with the obvious goal to "identify potential Tor users". But this is not all, The same type of marking is for visitors of the Tor website. You only have to go to the website without installing the software, and you're stuck with the NSA. Same for Linux Tails. 
Even a simple Google search on this operating system is enough to get you in the databases of the monitoring agency. As for the term "extremist", it is used by the author of the code in a comment field to refer to all those people who have the nerve to use the "anonymizer" software.

  

Source: 01net.com

The code also shows that the marking is done either for users using SSL connections to the "bridges.torproject.org" website or for emails sent to "bridges@torproject.org".  
Note that Xkeyscore can scan the contents of an email, as shown by the command "email_body ('https://bridges ....".

Source: http://www.tagesschau.de/inland/nsa-xkeyscore-100.html

Top 5 IT Threats to Watch Out for in 2014

As the IT industry continues to expand successfully, negative effects also come along with the various improvements in technology, creating avenues for cyber threats and crimes. In WebsenseInc’s 2014 Security Predictions Report, the company determined key threats that organizations should observe including the increased volume of malware, data destruction, and cloud data predators.

Meanwhile, a different set of data from Verizon’s 2013 Data Breach Investigation Report (DBIR) revealed that speed and sophistication are the themes of these attacks, and it seems that they will still be prevalent for this year. As the company noted, “understanding the sophistication of the attackers and their tactics will help you to adopt a smarter approach to protecting your business”.

 

Source:http://www.cnmeonline.com/

To get you on the right track this year, here are some of the threats that you need to be aware of.

1. “Bring your own cloud”

Cloud services resulted from the convergence of cloud computing and mobile devices, allows you to store and retrieve information efficiently. However,

A Hacker proved that he could activate the camera of a MacBook without warning the user

Once again the Apple MacBook is the source of a privacy problem. A man named Jared Abrahams managed to hack the MacBook camera of a classmate without her being aware. The hacker was able to take naked pictures that he subsequently sent to her. The victim quickly realized that she had been photographed without her knowledge for a considerable time.
To do so, Abrahams has managed to disable the green LED that illuminates normally when the camera is activated. So she couldn't know when it is active. It is normally impossible to take such an action, except for the hacker who has found a solution.  

The FBI found on his computer a special software that can remotely control the camera and the green LED. This practice is indeed already used by the FBI and other similar agencies to spy on some suspicious users. This manipulation is of course not available to everyone.
The vulnerability has been explained by two students from Johns Hopkins University in the United States . According to them, it is necessary to change the OS X kernel to successfully disable the LED of the camera. In fact, the vulnerability is not present on the Mac available since 2008. Nevertheless, it is quite possible that a similar method exists on the latest models to date.
 
Source: The Washington Post

Spying on a computer keystrokes with an iPhone

Researches have shown that sensors found in our smartphones can sometimes be misused: as an example some researchers used the built-in iPhone 4 accelerometer to build an app that capture keystrokes.
  

The idea is simple: a smartphone is placed next to the keyboard and the accelerometer is capable of recording the vibrations each time you hit a key.  The app is then able to determine the position of each button according to the vibration.  

The program is not really able to detect every keystroke, it simply divides the keyboard into several areas: the accelerometer can actually detect roughly if the pressed key is on the top left, top right, bottom left or bottom right of the keyboard. Next, an analysis is performed in overlapping areas with a dictionary to try to reconstruct words.

When the keyboard type is known (QWERTY, AZERTY, etc..) and the language used is identified, the recognition rate of the text is quite high, with a success rate between 70 and 80% . Obviously there are some problems with recognition, especially when a one letter word is used, but the results are interesting.
 

The type of the used smartphone has also an influence: an iPhone 3GS, which uses a conventional accelerometer is unusable, while an iPhone 4 which couples the accelerometer to a gyroscope is effective. Overall, any modern smartphone used in an environment free from excessive vibration should succeed to do the same work.

Although this might sound innovative and fun, but the goals of the study were to show that the monitoring method are not always obvious to detect, and to raise awareness about using technology in a responsible and ethical way, while appreciating and embracing your privacy and respecting the others'.

Facebook to start selling our data to U.S TV channels

In order to compete with Twitter, Facebook announced that it would start sending shared data on its platform to some U.S. television channels. The aim is to highlight the interactions and popularity of programs on the social network.  

While a Nielsen highlighted the ability of Twitter to boost  TV viewership, Facebook has decided to exploit this niche too.  

The Wall Street Journal reports that the social network will start sharing its data with a handful of U.S. partners : ABC, NBC, Fox and CBS.
The reports will consist of information related to likes, publications and comments associated with a television program. The channels will be able to analyze the behavior of the community and draw conclusions that will eventually influence decisions.  

And of course it won't be Facebook if it only based its reports on public data users. Private content will be also integrated, to the data sent to American channels. The result should look like a list of statistics available at the discretion of TV channels with more data to be incorporated over time to refine the statistics, giving Facebook a new way to monetize data from its 1.27 billion members.

Personalized ads might be coming to Gmail Android

Recently updated, the Gmail application for Android carries signs of the imminent arrival of advertising.

The Android Police website, analyzed the last updated Gmail for Android 4.6. The site was not disappointed, since among the novelties of this version, they came back with clues about the arrival of advertising on the app.

A new library named "ads" - has appeared. In it, a series of XML files evoking multiple ad formats, but also a command that refers to the page of the user's preferences, suggesting that the custom settings (used for targeting) could be part of .
 

Even thought Google has already started sending Sponsored mails via Gmail, the service does not appear, for the moment, to include advertising. This situation could change in the future, at least for the Android application, if the company decided to integrate the elements cited above in its APK.

Stay tuned!

An artist got an RFID chip implanted under his skin

The worst has happened! An artist, Anthony Antonellis just got an RFID chip implanted in his skin. The RFID chip is the size of a grain of rice and can contain up to 1KB of data. All you need is to approach your smartphone to scan the hand and discover content. For now, Anthony Antonellis is using it to display his favorite GIFS.
     

              
This experience can be scary because we can easily imagine the marketing excesses that could result if everyone starts to implement this kind of chip in their skin. Some say that it could store vital data, which would be effective in an accident for example. Some would say it is just a new way to be more "controlled" than we already are ...

So, for or against?

For the first time in 5 years, Yahoo is #1

For the first time in five years, Yahoo passes Google in web traffic in the United States. The Mountain View giant lost its number one spot in July. A surprising result, but is Yahoo able to sustain its position?
  

The figures from ComScore for July confirms it, Yahoo sites surpassed Google sites by 4 338 900 visits (196 564 000 to 192 225 100  visits for Google).  
To realize better what just happened, you must know that Google has been holding the number one spot since April 2008, while Yahoo always oscillated between the second and third place.
 
In the rest of the chart, we find Microsoft Sites in third with 179 595 visits and Facebook in fourth with 266.142 million visits. Note that these figures refer only to the United States. This is a real "tour de force" to Yahoo and its president, Marissa Mayer, who herself worked at Google in the past.  

The figures do not rely solely on search engines, but on all the sites operated by these companies. This includes for example the online messaging and blogs. ( Note that Google recently bought Tumblr from Yahoo, and is currently ranking 38th with 38 367 000 visits)

While this is great news for Yahoo, and whether it is able to hold its position or not, we cannot but wonder if Google professing the lack of privacy their users have to deal with and Microsoft's infamous campaign against them (Scroogled) - Keeping in mind,  Microsoft services mediocrity and lack of security - played a role in boosting the number of visits for the already popular site (Yahoo) in the US.  





Source: Phonandroid

Microsoft shows you how you're getting scroogled

The Competition is fierce between Google and Microsoft. The latter recently accused his rival of disguising advertisements in emails and sending them directly to the user's inbox. A technique that Microsoft has named Gspam.

Following an update of Gmail users now have a "Promotions" tab to separate the commercial emails from the rest of the electronic correspondence. The idea might seem a bit silly to you, but Microsoft accuses Google of scanning mails from its users, analyzing keywords and then sending advertising messages among the "Promotions".

Microsoft styling this technique "Gspam" and invites users to no longer be "scroogled". Indeed, the role of a mailbox is to filter spam and not to drag some more or less discreetly.

Of course, I can invite you all to leave Gmail and end my post, but it would be pointless and ridiculous since I have no better viable alternative ( Unless you are willing to try self-hosting and take full responsibility for your own security). 

However, the only advice I can give you is not to use OUTLOOK, because how could you trust the firm who released windows 8, willingly handed the NSA Skype data, and are shamelessly advertising the Xbox one (a spy in your home).

Read more about Scroogled

Apple developer's site under attack

Following an attack on developer.apple.com, certain personal information of developers were stolen.

Just back online, the Apple website dedicated to developers, was inaccessible since last Thursday. The Cupertino branch confirms that it was not an extended maintenance, but the result of an attack.

"Last Thursday, an intruder tried to access the personal information stored on our dedicated website for Apple developers. Sensitive personal information was encrypted and could not be found, however, the possibility that they had access to names, email or mailing addresses developers address is not spread, "said the message on the Apple website before restarting.

A possibility confirmed by Ibrahim Balic, a security researcher who says that the site 9to5Mac have had access to names, Apple IDs and email addresses of nearly 100,000 developers. He proves his claims via a YouTube video.

 

To prevent a new vulnerability is exploited in the future, Apple decided to overhaul its system and its infrastructure, updating its servers software and fully rebuild its database.

Google, Facebook and Twitter violate Kim Dotcom's patent

Kim DotCom announced that Twitter, Facebook, Google and other sites violate one of its patents by using a two-stage identification system. The announcement comes just days after Twitter has implemented this system on its website.

Recently, it had become possible to add another level of security to your Twitter account. In addition to the traditional couple( username / password), the site can use the mobile phone of the user, by sending an SMS to confirm that he is the right person. If this system is new on Twitter, other sites such as Google and Facebook, are already adopting it  for some time. But the inventor, Kim Dotcom, says that the two-stage identification is subject to a patent owned it since 1997.

He has published a link to the patent in question, registered under his name, which describes the use of a "transaction authorization number" that must transmit the user to another device from which it tries to connect. Therefor the patent seems to belong to him, and it is hard to ignore the irony with Kim DotCom being considered a hacker and an enemy of the United States while the people behind Twitter, Google and Facebook are considered the Superheros of this century.

I innovated two-factor-authentication (MonKey), connected cars (MegaCar), automated stock trading (Trendax) & cloud storage (Megaupload).
— Kim Dotcom (@KimDotcom) May 23, 2013

Google, Facebook, Twitter, Citibank, etc. offer Two-Step-Authentication.Massive IP infringement by U.S. companies. My innovation. My patent
— Kim Dotcom (@KimDotcom) May 22, 2013

I never sued them. I believe in sharing knowledge & ideas for the good of society. But I might sue them now cause of what the U.S. did to me
— Kim Dotcom (@KimDotcom) May 22, 2013

Google, Facebook, Twitter, I ask you for help. We are all in the same DMCA boat. Use my patent for free. But please help funding my defense.
— Kim Dotcom (@KimDotcom) May 22, 2013

5 privacy issues you probably didn't know about

1. Apple's IPhone is secretly tracking your movements and storing your data, and there is nothing you can do to stop it. Learn more..
2. Facebook's app automatically tries to activate your GPS whenever it is launched. There's no setting or option to disable this.
3. Gmail reads your email. Google never said that it  reads our mail, however, it publicly acknowledges that it "processes personal information" via cookies and on its servers, so it can provide "our products and services to users," as well as to keep its service running well. Learn more..
4. Facebook Home: Facebook latest "innovation", is trying to be the gateway to your virtual world. It's a layer between the OS and the apps, it is the gateway to any data exchange. Which means, that Facebook will possess every bit of data passing through. The problem is that Facebook is going to use all this data not to improve our lives but to target better marketing and advertising messages at us.
5. Over than 24% of online time is spent on social networks. And a major social network site, according to Neilsen, will experience one major breach, which will expose a terrific amount of personal data.

Twitter has got your back!

Privacy in the digital age means a lot of things to a lot of people. From social networks to government surveillance, people always seem to be concerned.
But let's not kid ourselves. Complaining about privacy has become nothing but a way to express the "geek side" or an additional item to the black geek glasses to complete the "geeky look" . For all the complaining, no one is going to do much about it. Hence the sense of what is private shrinks.

However, the Electronic Frontier Foundation has posted its annual report (Who has your back?) on which Internet vendors do the most to help protect their users' private information.

The most privacy-oriented companies should comply with these policies:

1. Requiring a Warrant for Content
2. Telling Users About Government Data Requests
3. Publishing Transparency Reports
4. Publishing Law Enforcement Guidelines
5. Fighting for Users’ Privacy in Court
6. Fighting for Users’ Privacy in Congress

2013 Results

Although these results might not comply with your expectations, you must keep in mind that the report is about the government access to user's data.

"We’re happy to report that several of the companies included in last year’s report have significantly improved their practices and policies concerning government access to user data"
  
"Readers of this year’s annual privacy and transparency report should be heartened, as we are,by the improvements major online service providers made over the last year."

In the end,  EFF thinks that things are getting better among these vendors that deal with so much user data, and it seems that they're really happy with Twitter's improvement:

"This year two companies received all six possible stars: Sonic.net and Twitter. We are extremely pleased to recognize the outstanding commitment each of these companies has made to public transparency around government access to user data."

and a bit disappointed with Google's latest statement:

"We notify users about legal demands when appropriate, unless prohibited by law or court order."

To read the full EFF annual report: https://www.eff.org/sites/default/files/filenode/who-has-your-back-2013-report.pdf

How to treat your visitors with respect?

Everyone of us work hard to make his website or blog appealing for the audience, whether by delivering the proper content, design or services. And to be able to always satisfy your visitors, you should gather some basic information about them(page views, country, browser, OS, traffic source).

Such information in my hands or any other website's, is most probably harmless and it is to serve a specific purpose.
These information become harmful when you hand them to big corporations with huge databases containing a tremendous amount of information, that eventually, by matching them, they could end up possessing some very intimate and personal information about your visitors.
And by big corporations I mean Google, Facebook, .... or in some countries, government.

Don't get me wrong here, I'm not trying by any means to generalize that big corporation are evil (Although it's not totally wrong) and other independent website are good. But there is a factor we can't ignore, these corporations have the power. Power that neither I nor any website have.

How is information gathered?
Well, simply put, an information is gathered whenever you Like something on Facebook, you +1 something on Google, you connect to iTunes or the scariest, when you send an email(check this post: Audacity).

Some other times, it is handed out to them by bloggers and website owners like us.

How? Well, in the process of working on our blogs and websites and making them more appealing, we need tools to help us, and some of these big corporations, as kind as they are, offer it to us for free (Check out this hostile post If you're not paying for it, you're the product). And it is needless to say, that the most powerful and popular tool is Google's web analytic.

How to treat your visitors with respect?
Whether you are a care free person who thinks that all this is delusional and worthless or whether you are some paranoid person who believes in conspiracy and spray over their webcams because you think you're under surveillance, whether you like this digital world or not, it is a fact that it is controlled in a way Hitler could've only dreamed of.

And once you have a website, you have a responsibility and whether you believe in privacy or not, it isn't up to you anymore. You have visitors, that have their own beliefs and you have to respect them. And in order to do that, you must not hand the information they trusted you with to anyone because by this you would be sabotaging your relationship and showing no respect to their privacy and freedom.

So, a first step would be keeping these information to yourself. And to do that, you must use tools developed by people who believe in freedom and personal privacy unlike Google. So what I am suggesting, is for us to stop using Google Analytic and start respecting our visitors. And by us, I mean myself too. So, join me!

What's the alternative?
If you've been coming to my blog (powered by Blogger-Google) for a long time, you would know that I won't leave you without an alternative, an excellent one:

http://piwik.org/ :a free software and by that I mean that it respects the freedom of computer users by putting the users first and granting them freedom and control. And it also happens that it costs 0$.

Another fracture in Google's Glasses!

Sorry, but when you have your Google Glasses on, you will not be able to, to enter to a local cinema or to your favorite strip club.

Already tested by some lucky picked users, the Google Glasses are not  welcome in cinemas or in striptease clubs. A spokesman for the Sapphire Gentlemen's Club in Las Vegas has made ​​it clear that due to the confidential nature of the activities taking place in his club and such clubs in general, and the hunt for  photos and videos leaked by smartphones for many years, Google Glasses will be banned.
  
And in case customers refuse to take off their glasses, "They will be escorted to their hotel in a limousine," he adds.

And concerning the ban from cinemas, I don't think that it needs much explanation. It is only rational, no?

But Google Glasses could lead to other security issues, privacy related issues. Not to mention the abusive use that may be made by sexual predators. Moreover, in this regard, Drew Donofrio, a private detective working since 12 years for the Bergen County, confessed to worry about this problem on NBC News.


Source: NBC news.

Software that tracks people on social media created by defence firm

I just read an article published in The Guardian on Sunday 10 February 2013, by Ryan Gallagher about a new video revealing a new data mining software created by a defence firm that could be transformed into a Google for spies.

Here's some highlights:

A video obtained by the Guardian reveals how an "extreme-scale analytics" system created by Raytheon, the world's fifth largest defence contractor, can gather vast amounts of information about people from websites including Facebook, Twitter and Foursquare.

Raytheon says it has not sold the software – named Riot, or Rapid Information Overlay Technology – to any clients.

The power of Riot to harness popular websites for surveillance offers a rare insight into controversial techniques that have attracted interest from intelligence and national security agencies, at the same time prompting civil liberties and online privacy concerns.

The sophisticated technology demonstrates how the same social networks that helped propel the Arab Spring revolutions can be transformed into a "Google for spies" and tapped as a means of monitoring and control.

Read the full article here.

Firefox 20 available in final version

While Netscape freed, 15 years ago, the source code of its Web browser, resulting in the birth of the Mozilla project, Firefox is celebrating today its twentieth release. While the version numbers do not mean much anymore, but each Firefox version has brought a lot of new yet important updates so far. 
In addition to traditional invisible but important improvements, Firefox 20 has two new special updates to the user: 
First and the most visible, the new download manager and button at the top right of the toolbar. No need to start the download window, a single click will display the latest downloads and progression of downloads appears below the button. It is still possible to display a specific window, called "Library" which allows you to organize the downloaded files.
 

 
Another innovation will address the fans of  porn (private) mode that is particularly useful. Firefox offered previously the choice to reboot in private mode when it was selected, then closing the session where you were and preventing juggle between as it is possible such as Chrome.  
This twentieth release now offers navigation window that no longer requires the user to have to close the session to enjoy the incognito mode.

Note that this latest development is also valid for the Android smartphones version of Firefox. 
Finally, for developers, we note the integration of WebRTC's getUserMedia API, a toolbox allowing faster access to development tools. Firefox is available for: Windows, OS X, Linux, Android.

Galaxy series are far from being the most secure smartphones!

This is not really new: the security of Samsung smartphones based on Android is not good. And it is clearly not about to be fixed!

Security vulnerabilities seem to multiply on Samsung smartphones based on Android. Evidenced by the testimony of Roberto Paleari, an Italian computer scientist, who explains that the Galaxy S3 and Galaxy Tab GT-P1000, just to name a few, are far from being models of their kind.

Thus, to take a single example, Paleari says that taking remote control of Samsung devices is not a complicated exercise.
"All these faults were caused by specific software or customizations made ​​by Samsung in [Android].
Already at the beginning of the month, we saw hatch on the web videos on how to bypass the lock screen Galaxy S3 and Galaxy Note II. Since then, Samsung does not seem to have lifted a finger."

Whatsapp and Skype to be blocked in KSA?

Online communications services such as Skype and WhatsApp may be blocked in Saudi Arabia if they do not provide the means to monitor their content, declared today, sources in the telecommunications industry.

"Telecommunications companies were asked by the authorities to come up with the operators of these platforms applications to an agreement to monitor the content," said a source regulator in the Saudi Communications and Information Technology Commission (CITC).

 


"The CITC has been given a one-week period, which ends on Saturday, to the telecommunications companies to get a response regarding content monitoring" an official of the Saudi Telecommunication Co . (STC), one of the three operators of the country, stated.

After this time, the CITC may block the popular WhatsApp and Skype applications for smartphones and internet telephony, he continued.

In addition to STC, Saudi Arabia has two other operators, Mobily and Zain and according to an industry source, these are companies that have asked the CITC to take action against these online communication services under the claim of unfair competing.

We have to mention that in the United Arab Emirates,most applications like Skype are blocked by the regulator of the country, apparently to protect the commercial interests of the two local operators Etisalat and Du.

Google Glass first apps unveiled

It was at the SXSW Interactive (from 8 to 12 March 2013) that Google has introduced some of the applications that will be included in its famous glasses, Google Glass.

Four applications are already in the pipeline: Evernote, Gmail, Path and the New York Times. 

Evernote is a universal note-taking tool, which works with any web site and includes a voice recorder, etc.  
Gmail is email tool made ​​by Google.
Path, is a social network where you can accept 150 contacts (a kind of anti-Facebook).  
Finally, the application of the New York Times that can show you the latest news.

All of these applications (already available on other platforms), should be completely redesigned to be adapted to the reality glasses.The Verge explains for example that the Gmail application must be reconfigured so that only the most important messages are loaded, the photo of the recipient appears, and it is possible to dictate a particular message without typing anything. Same for Evernote: it is possible to take photos and share them instantly on Skitch, without wasting any time on sub-menus.
 
The marketing of these glasses should always take place in the course of the year, but the first releases are currently reserved for developers.

For the record, it was reported that "5 Point Cafe", a dive bar in Seattle, has banned Google Glass, even before its release for Privacy concerns, including the fact that the glasses can be used to discretely take video.
The bar outlined its problems with the glasses in a Facebook post here.