Even the 768 bit RSA algorithm cracked, so far 1024 is safe

Cracking encryption codes is an activity that has been carried out for millenia now, since the carrying of information in a way that outsiders cannot read it is as old as man's quest for politics and fighting with each other. The tales of the Enigma project in the second World War, the quest between the Allied and Axis powers to read each other's secret messages, and then the quest between the Soviets and the US over encryption and safety of messages eventually turned into a battle of mathematics; and this is what encryption is all about now, a quest for who can have a higher degree of combination of mathematics and computing power to either set up more secure systems, or to break other other's codes.
A few years ago, it seemed that 128 bit encryption was secure, and now it does not even seem that 768 bit is secure (link to article):

Most modern cryptography relies on single large numbers that are the product of two primes. If you know the numbers, it's relatively easy to encrypt and decrypt data; if you don't, finding the numbers by brute force is a big computational challenge. But this challenge gets easier every year as processor speed and efficiency increase, making "secure" a bit of a moving target. The paper describes how the process was done with commodity hardware, albeit lots of it.
Although most people aren't going to have access to these sorts of clusters, they represent a trivial amount of computing power for many organizations. As a result, the authors conclude, "The overall effort is sufficiently low that even for short-term protection of data of little value, 768-bit RSA moduli can no longer be recommended." 1024-bit values should be good for a few years still.

Huge China based computer ring broke into computers worldwide

For the past several years, there has been an active discussion among researches about the impact that a sustained attack on the computer infrastructure of developed countries could achieve. With modern infrastructures such as electricity, water, transport, finance, etc all being controlled through computational technologies, there is a persisting fear that all of this infrastructure is under threat from any clever band of cyber attackers. Modern military games incorporate threats by hackers who are affiliated to sovereign countries, and in many cases, it is claimed that developing the ability to bring down the computer networks of other countries is part of the game plan for offensive action. In the past, it has been feared that countries such as China and Russia have developed capabilities for offensive cyber-warfare.
Consider this case where a computer network, based in China, and dubbed as the 'GhostNet' by a team of Canadian researches turned up a huge network based on computers located in China; these computers were the initiators of hacking attempts that broke into computers all over the world; this probe was based on a need by the Dalai Lama office in India to ensure that its own computers were not infected (link to article):

In "Tracking GhostNet: Investigating a Cyber Espionage Network," issued over the weekend, the Canadian researchers say that the GhostNet comprises 1,295 infected computers in 103 countries, almost one third of them being "high-value targets, including ministries of foreign affairs, embassies, international organizations, news media, and NGOs."
The breaches tended to stem from a so-called social-engineering exploit, in which targets in the Tibetan community were sent an e-mail that appeared to be from the address campaigns@freetibet.org and that carried an attached Word document titled "Translation of Freedom Movement ID Book for Tibetans in Exile"--and that Word document was infected with the malicious code. The University of Cambridge report, "The snooping dragon: social-malware surveillance of the Tibetan movement," doesn't refrain from charging that the Chinese government was directing malware attacks: "(I)t was a targeted surveillance attack designed to collect actionable intelligence for use by the police and security services of a repressive state, with potentially fatal consequences for those exposed."

These incidents are also warnings to Governments about how their infrastructural systems are only as strong as their weakest links. One node in the system getting hacked can lead into other nodes also falling, and lead to a risk that the entire system is being compromised. In the current system, it was also found that the exploit had the powers to turn on the voice recording and the camera systems of the infected computer, leading to a spying of the proceedings happening in front of the computer.

Twitter hacked

Twitter is a service that has become tremendously popular, that too, within a very short period of time. The ability to post micro-blogging type messages (restricted to 140 characters) and for others being able to read them through a variety of means (SMS, RSS, via the Twitter site, email, or through specialist applications) made the usage of Twitter even more popular. With such a popular site, one can only imagine the number of attempts that would be made to hack into such a service, and it happened - the Twitter sites of many celebrities where hacked through the compromising of some internal Twitter administration tools:

Members of the online forum Digital Gangster may have been behind yesterday's Twitter hack. On Monday, hackers gained access to, and posted messages from, 33 Twitter accounts including those of Bill O'Reilly, Britney Spear and CNN's Rick Sanchez. According to this thread, a hacker named GMZ gained access to Twitter login information and then posted a different thread--that has since been removed--calling on other DG members to email him for credentials to individual accounts. At least another four members then claim to have been part of yesterday's Twitter hack.
The hack included several prank posts from Twitter users such as Fox News, Facebook and president-elect Barack Obama. The strange thing about some of these messages is that they included affiliate links--a common marketing program that pays the creator of the link for driving traffic to another Web site such as Amazon--according to reports. That may make finding the culprits easier as the affiliate programs in question should have a virtual paper trail leading back to the payee

No matter who did this, the hacking of Twitter (and not much apparent concern from users about this) is a reminder that security on the internet can be compromised; revealing personal details on the internet comes with a certain amount of risk.

Ask.com allows erasing of past searches

Once, there was the thought that all the searches that you made were not anything to be worried about; that thought did not last very long as it became clear that search engines were storing searches along with information. Fine, but even then a person does not know who are you - after all, your name and address are not revealed. And then there was research done on the basis of using the various searches conducted by the same computer, and enough information was able to be extracted that the actual address and person could be found. During this time, the question of privacy came to be raised more and more, and there was increasing pressure on search engines to modify their search archival to address privacy concerns.
And now search provider Ask.com has thrown the gauntlet much further. It has announced a feature called AskEraser that seeks to project an image of handling customer-privacy concerns by allowing users to set that their searches on Ask.com be deleted from the company's servers:

When enabled by the user, the feature will completely delete search queries and associated cookie information from Ask.com servers -- including IP addresses, user IDs, session IDs and the text of queries made, according to the company. In most cases, the deletion will take place within a few hours of the time a search is completed, the company said.
But there are important caveats to keep in mind, Chester said, Ask.com, for instance, will still collect and store user search data by default, unless the user specifically enables AskEraser, Chester said. And enabling AskEraser does nothing to prevent third parties with whom Ask.com has relationships from collecting and storing search data.

There are some exceptions, but this is a further movement in the area of search engines being more concerned about privacy. One wonders as to whether Google will react to this move in some way, after all, Google is seen as the market leader in search, and it needs to not be concerned about the privacy of its users. At the same time, Google has made change only after some amount of pressure in the past through privacy experts and through the media.

Facebook forced to reverse plans on Beacon

It seems so logical a business plan; you create a social networking site. Put in effort, put in a lot of useful features, and you start to get a lot of good publicity. People start pouring in, and you start salivating about how to use these large number of people. You get the perfect method, based on advertising. Everything seems fine, and then suddenly there is a large amount of uproar about the loss of privacy implied in this feature, and reluctantly, you have to withdraw the feature. And this is exactly what Facebook had to do over the 'Beacon' feature it introduced.

Facebook is giving members of its social network the ability to completely decline participating in the company's controversial Beacon ad system, a reaction to intense criticism that Beacon is too intrusive and compromises people's privacy. Beacon, part of the company's new ad platform, tracks certain actions of Facebook users on some external sites, like Blockbuster and Fandango, in order to report those actions back to users' Facebook friends network.
The idea is to generate advertising that is more effective because it is intricately combined with people's social circle, so that products and services are promoted in a more organic way via the actions of friends and family.

In this case, the analysis found that Beacon gathered a web of data about the activities of the user even under certain circumstances. For example, Beacon tracks users even if they are logged off from the social-networking site and have declined having their activities broadcast to friends. Beacon captures detailed data including for users who have never signed up to Facebook (but who are transacting on partner sites) or have deactivated their accounts.
Facebook went too far in terms of gathering and using data; however, this is also an example of how even the most fervent supporters can turn against you if they feel that they are being exploited - a sort of warning to developers of such sites.

Apple starts disabling hacked iPhones

After the release of the iPhone, there was some consternation over the non-release of the iPhone outside the United States; it was speculated that hacked copies of the iPhone would be available outside the United States and that this was a natural occurrence. Apple would not be able to do anything about this. Well, looks like the design of Apple's engineers had actually planned for this. So, the latest firmware update to the iPhone has actually disabled the iPhone, apparently permanently for those people who have hacked iPhones. But is this the last statement on this matter ?

The iPhone 1.1.1 update, released Thursday, breaks phones that have been hacked so that they work with providers other than AT&T Inc., the only U.S. provider Apple has allowed to carry its mobile phones. Apple has said that it would fight any attempts to unlock the iPhone. Earlier this week the company released a warning that unlocked iPhones "will likely result in the modified iPhone becoming permanently inoperable when a future Apple-supplied iPhone software update is installed."
The new software is Apple's biggest iPhone update to date, and it fixes a number of security flaws in the mobile phone's browser, mail client and Bluetooth networking server. The majority of the flaws do not appear to be critical, but the update fixes a larger number of bugs than the first iPhone update, released July 31.
Mobile phone users typically cannot update their own software, but Apple introduced this capability in the iPhone, which uses the update mechanism in the phone's iTunes music player. iTunes checks for these updates once per week, so it may take up to seven days for all iPhone users to see these updates. Apple advises users to install the update immediately.

Now, while this patch fixes bugs in the iPhone and should be installed by users, it is unlikely that the hacker community will accept this matter as a fait accompli. It's a gauntlet that Apple has thrown to the hacker community, and with the hacks spawning a new business, there is a major commercial angle to it. Thus, it is likely that hackers will now start to put their creative thoughts on how to defeat this latest attempt by Apple.

YouTube returns to Thailand after it agrees to censorship

So the web is not as all-powerful as we thought it would be. After Google and Yahoo changed their policies to agree to censorship in China, and then Second Life buckled down to US pressure and removed gambling from the online game, YouTube agreed to some amount of censorship and remove some videos that were critical of the country's highly regarded king. This agreement related to existing videos and new ones as well, which means extra overhead for YouTube as they will to review all videos referred to them by Thailand and remove the ones deemed insulting to the King:

Thai censors lifted their ban Friday after five months of blocking the online video site because it had carried material seen as insulting to the country's highly venerated king. The site's management has agreed to block any future clips that are deemed offensive to Thai culture or that violate Thai law, said Sitthichai Pookaiyaudom, the minister of information and communications technology.
Sitthichai said the agreement with YouTube — a site that allows people to post and share video clips — had been reached some time ago, but that there had been technical problems in implementing it. "Any clip that we think is illegal, we will inform YouTube and YouTube will have a look independently," he said. "If YouTube agrees that it is illegal for Thailand or against Thai culture, they will block it from viewers in Thailand."

Thailand has laws that prohibit any disrespect of the King, and people have been penalized in the past. However, there is no difference now if Iranian and Saudi Arabians censors prohibit a lot of videos that are either disrespectful of the Prophet or show too much skin. In addition, since China has an unstated law that any mention of democracy or openness is equivalent to sedition and must be punished, they must be justified in their attempts to censor what all people can read.

Unlocking the iPhone

Ever since the iPhone was released, there has been a quest among the hacking community to break open the restrictions placed on the iPhone. There would be 3 primary reasons for the hacking effort:
- It's a new device, hence the need for a large section of the hacking community to try and break it; after all, it's a device out there with a major reputation to be made for the first person who successfully is able to demonstrate a break
- The iPhone is locked to the AT & T telecom service for 5 years, and hence there is an effort to break it such that the phone can work with other services inside the US
- There is currently no announced service for the iPhone outside the US, and with a number of people having seen and heard news for months about this great new device, there is a strong factor in trying to get the device to work outside the US.
There have been some news in the past, but no confirmed hack for the iPhone that will break the AT & T activation need. It is of course only a matter of time, and there seem to be some credible news about these breaks:

The iPhone unlocking game heated up considerable over the weekend with no less than three people/groups claiming to have unlocked the coveted Apple device. The first and most impressive iPhone unlock comes from a New Jersey teenager and involves soldering, but most definitely works. Shortly after that came word from Engadget that the somewhat questionable outfit iPhone Sim Free had succeeded with a software only SIM unlock (Engadget claims to have an iPhone that was successfully unlocked).
What about the iPhone Sim Free hack? Engadget is pretty adamant that it works, the iPhone Sim Free folks unlocked one of their iPhones, which led Engadget to throw some bold tags around this statement: “Again: we can confirm with 100% certainty that iPhoneSIMfree.com’s software solution completely SIM unlocks the iPhone, is restore-resistant, and should make the iPhone fully functional for users outside of the US.”

Once such a news is confirmed, and hacking of the iPhone becomes easy, it is very likely that there will be a small industry that will grow around the concept of easy hacking of an iPhone so that it can be used outside the country.

Hacking the iPhone and ease of hacking the Mac

For a long time, Apple and Mac users have disdained the PC and Windows as very bad in security, and instead tom-tommed the relative lower number of hacks on the Mac. Microsoft has always been on the defensive in terms of security, and the large number of cracks and holes available on the OS and apps have always led them to be worried. There have been people who have been saying that Mac has not shown so many cracks just because it has a 5% market share, and people have not found it worth their while to try and break through the Mac OS security:

Though there has yet to be any documented criminal hijacking of the iPhone outside of a lab, Miller says his research shows the relative ease of hacking smart phones, as well as Macs in general. He spoke with Forbes.com about the iPhone's vulnerabilities, Apple's short-lived patch and the company's undeserved reputation for building secure computers.
There are two issues with the iPhone. First, the specific weakness that we found in its Web browser. But there's a more fundamental problem. The iPhone runs everything as "root." In other words, there are no privileges for different users. They should have built layers of security. Instead, if you can find a single crack, any user has the entire phone at their disposal. Last week they basically patched a hole in the wall. But inside, it's still pudding.
Bad guys aren't yet targeting Macs because they want to maximize their time. That means writing viruses that target 95% of computers rather than 5%. Apple currently has around 3.5% of the market, but its market share is growing by around 35% a year. As Mac's numbers creep up to 30% or 40%, cyber-criminals will start asking whether it's better to spend two weeks writing a bug for Windows or just a couple days to write one for Macs.

Almost nothing in this interview is complementary to Mac, but one tends to agree with what he says. Windows is the dominant OS, and most hackers are anyhow biased against Microsoft, in addition people are ready to believe that Windows is inherently insecure, and hence most hackers target Microsoft. Now that the iPhone is a well advertised target, one can expect many more Black Hat hackers to target the iPhone for benefit, and for Apple to be on the backfoot.

An apple patch that you might want to take

Apple has recently released a patch, 2007-007 update for MacOS X, 10.3 and 10.4. This is a mega patch, fixing over 45 defects, out of which 17 are serious security issues where hackers could compromise systems and are classified as equivalent to 'critical'. Since Apple also uses a number of open-source projects, approx 75% of the patches were in the open-source software that Apple blends in with its own code.
These open-source bug fixed include fixes in the following apps: Kerberos, PHP, Samba, SquirrelMail and Tomcat. Components of MacOS X patched as part of this release were CFNetwork, the Mac OS X library of network protocols; CoreAudio, the API (application programming interface) that handles sound on Macs; the zgrep file compression utility; iChat; and WebCore, the part of the WebKit application framework that handles HTML rendering. Fixes also included fixes in Safari (including a fix for a problem on Safari on iPhone)
One normally hears primarily of Microsoft releasing patches at regular intervals to fix security holes and other bugs, so it would be interesting to evaluate whether this gets an negative publicity for Apple. Microsoft would like to advertise this as claiming that OS X has also a number of flaws, and equally, open source technology has a number of security holes for which there are no clear owners, and the total cost of ownership of open source systems is high, as per the Microsoft argument.

Security company warns against using iPhone's web dialer

The iPhone has a great new feature, and since it is a combination phone and browser, the feature can work really well for most users. But like any other new great feature, there is tremendous capability for misuse, and seeing the ease of misuse, security companies are warning users against using this feature, or to be very careful when using this feature.
What is the feature? Well, the iPhone uses Safari as a web browser. Now, if the web site displays a phone number, all that the user has to do is to click on the phone number in the browser, and the number will get dialed. This is a great feature, but so is the scope for misuse. Imagine the phone in the hand of a neophyte who is viewing some 'interesting' site on the browser, and there is a number displayed along with a catchy slogan. Press the number, and if the number is an international number, or a fraud number, the calls could become very expensive very soon.

Attackers could exploit a bug in this feature to trick a victim into making phone calls to expensive "900" numbers or even keep track of phone calls made by the victim over the Web, said Billy Hoffman, lead researcher with SPI Labs. The iPhone could even be stopped from dialing out, or set to dial out endlessly, he said.
In order for the attack to work, the bad guys would have to either trick iPhone users into visiting a malicious Web site or make a legitimate Web site send untrustworthy information to the iPhone using what's known as a cross-site scripting attack. "Any time someone could control the content that's getting sent to the iPhone [the possibility of an attack] exists," Hoffman said.

It is not as difficult as it looks. It is actually as easy as letting the iPhone be used by a child or by somebody else who is not so experienced, and it is not difficult to create a site that will look attractive and feature this kind of mischief. But as of now there is no way to prevent it, so being careful is the only good way of dealing with this problem.

Selling security exploits

The biggest fear of software makers, application system makers and the like (Microsoft, Adobe, Apple, and numerous other big entities) is coming true. Ever since software holes and bugs started to come into existence, there was always the pressure between the software company trying to release a patch, and hackers trying to exploit this defect. In the past, software makers would try to apply pressure on the defect finders to keep it quiet till the patch is released. If the patch was found by a big company, they would normally respond to pressure from the likes of Microsoft and not release into the public domain.
However, this was not happening more and more, with the security companies releasing their findings independently of the software makers. Some of them would even sell these to people who would exploit them for nefarious purposes. As an example, review the number of botnets that exist in the internet today, with millions of computers being hacked into and controlled. The situation was literally demanding a market-place for such bugs:

An eBay-like auction site that sells vulnerabilities will improve security by ensuring researchers get a fair price for their work, its founders say. "The existing business model to reward researchers is a failure," said Herman Zampariolo, chief executive of WSLabi, and the man behind the WabiSabiLabi auction site. A tiny minority of vulnerabilities currently get patched, he said, because IT experts aren't paid for their work in uncovering them.
"As long as vulnerabilities are bought and sold privately, the value can't be the right one," Zampariolo said. "Our intention is that the marketplace facility on WSLabi will enable security researchers to get a fair price for their findings and ensure that they will no longer be forced to give them away for free or sell them to cybercriminals," he added.
So far, no bids have been posted, possibly because of delays in identifying the buyers, each of whom must use snail mail or fax to deliver proof of their identity and their bank account--electronic currencies are not accepted on the site. Around 20 buyers have been registered so far, as well as 30 sellers, who have provided another batch of flaws that should be on the site next week.

In this case, the intention may be genuine; however, where is the control mechanism to ensure that these sales are happening to the right people. If we are just dependent on the operators of the exchange, then there is no guarantee. Later, if the number of such buyers increases, it would be very easy for the cyber-criminals to pretend to be a genuine buyer and get access to top-notch holes on a very quick basis.

iPhone: The hacking race begins

In the past, there was a great market for cracking the service linkages of phones. The concept being, SIM based GSM phones in many countries are locked to service providers. They are much cheaper than their cost because of the service conrtract, with a subsidy being provided by the telecom carrier such as AT&T, SPrint, etc. This subsidy is provided because the contract normally locks the user in for a 2 year conract, and the company can recover the subsidy during this period.
The iPhone is a somewhat different model. AT&T does not provide any subsidy for the iPhone, with the full cost of the phone being the amount charged ($499 for a 4 GB one, and $599 for a 8 GB one); but Apple, presumably in a bid to repay AT&T over the allowances allowed to Apple while designing the phone prevents another SIM from being used in the phone. In addition, no functionality of the device such as music playing, video, camera, etc can be used without activation (which can only happen with AT&T in the US - and not yet allowed outside the US).
Thus the cat and mouse game between a company and hackers has now begun. The iPhone is a prime target for hackers and crackers, many seeing it as a game / test; and many seeing it as something worth a great deal of money. When Apple would have designed the phone, it would have been a priority to set the security of the phone such that the protection would have difficult to crack:

Locked phones can only be used with cellular service from one carrier, a move designed to guarantee carriers recover the cost of subsidizing a handset through monthly service charges. But the cost of the iPhone, which is priced at either US$499 or $599 depending on the model, is not subsidized by AT&T. Users must pay full price for the handset and sign a two-year contract, which requires them to pay from $59.99 to $99.99 per month for cellular service.
Unlocking the iPhone will enable the handset to be used with any cellular provider with a GSM (Global System for Mobile Communication) or EDGE (Enhanced Data Rates for GSM Evolution) network, not just AT&T's network. That's an attractive proposition for users who already have a cellular contract with another carrier, or users outside the U.S. who can't wait to get their hands on Apple's new handset.
Efforts to unlock the iPhone are being tracked on several Web sites, including Hackint0sh and the iPhone Dev Wiki.

This is also something that is a bit odd. If users are being made to pay the full amount for the phone, then they should be able to use the phone at their discretion. It is understandable if the iPhone was subsidized, in which case the service provider locks the phone until the subsidy has been paid. But to lock the phone till activation and prevent usage of other functions is very strange, and once could argue, an extra charge that a user has to bear for having the iPhone. Especially because the AT&T network has been shown to be a slow one, and limiting the speed of wireless browsing.
It is bound to happen sooner or later that the unlocking scheme will fail, and when that happens, it will be a pretty simple job to do this in mass. That will be time when the world proliferation of the iPhone begins.

The time involved in getting the iPhone to actually start working

In all the launch buzz of the iPhone, there has been an incredibly successful publicity campaign that has been run, and market watchers have been waiting to see whether Apple will do anything to trip up on this success story. Well, there is some news, just not enough to trip up the iPhone story, but enough to give a serious headaches to the thousands of people affected.
Normally, the process of wireless activation involves the sales person in the shop handling the activation process, something that would take rougly an hour. However, to make things easier for the large crowds expected, Apple changed the activation process to something that can be done via the user's own computer, through their version of iTunes. However, in the end, this caused problems for a number of buyers, with no clarity regarding contact numbers, and in many cases, with buyers having to spend more than 10 hours waiting for activation to happen.
This can actually be the most frustating thing in the world as of that point, if you imagine spending some time in queue to buy a new phone for around $600-700, and then having to wait while customer service tells you that you need to wait. Obviously, these are teething problems, and Apple should be happy that otherwise people are happy with the phone, otherwise this issue would have escalated into a disaster.

Apple and AT&T unveiled an innovative activation scheme with the iPhone launch. Usually, activating a new cell phone means spending almost an hour or so in a wireless store as the sales representative lights up the phone. But with the long lines expected last Friday, Apple came up with a way to use iTunes to connect to AT&T's activation process so iPhone customers could set up the device at home.
Activation was supposed to be a snap: hook up the iPhone to a Mac or PC with the latest version of iTunes installed, and the software would automatically walk you through the process. After entering a credit card number and selecting a rate plan, the system was supposed to send an e-mail confirming the iPhone had been activated. But waiting for that e-mail turned into a frustrating experience for some iPhone customers.
Other iPhone owners on Apple's Web site reported problems with the SIM (subscriber identity module) cards inside their iPhones. SIM cards hold information unique to a mobile phone account and allow users to easily switch between phones while keeping their numbers and contacts--except on the iPhone, which uses a SIM card that works only with the iPhone. It seemed that the activation system was unable to recognize the SIM cards in some iPhones, which led it to bypass the activation screen and move straight into syncing music, movies and contacts. One user reported that his local AT&T store switched the SIM card that originally came with his iPhone for a new one, fixing the problem. Others said they had done the same thing.

Of course, Apple made a feature that caused a lot of worry to those users who were not activated. Unless the phone was activated, users could not even access other features on the phone; this was something that Apple should have thought through much more clearly, and from the perspective of phone users, not from the perspective of AT&T.

China censors Flickr: 'Great Firewall'

China has a major department geared towards the censoring of news and internet content. It is difficult for people in open societies to believe this, but China's restriction of individual rights extends onto the internet, and its citizens are starting to squeal about this. Not too loudly, because there is a Chinese proverb, 'The tallest tree in the forest is the first to be cut down', and no one wants to be identified as the one protesting the most, but there is dissent at the blockage of famous sites also.
For example, suppose a famous photo site also has photos of the Tienanmen Square massacre or other such incidents, then the people running the Chinese firewalls can actually block the whole site. No matter if this site is also the way to exchange photos among friends. And this is actually what has happened, with the photo sharing site Flickr coming under the keen gaze of Chinese censors because of people placing Chinese dissident type photos over there, and oh my, such things cannot be allowed to be shown to gullible Chinese citizens; what happens if they suddenly develop tendencies towards political freedom and openness. Refer this news:

Yang's fury erupted a few days ago when he found he could not browse his friend's holiday snaps on Flickr.com, due to access restrictions by censors after images of the 1989 Tiananmen Square massacre were posted on the photo-sharing Web site. "Once you've complained all you can to your friends, what more can you do? What else is there but anger and disillusionment?" Yang said after venting his anger with friends at a hot-pot restaurant in Beijing.
The blocking of Flickr is the latest casualty of China's ongoing battle to control its sprawling Internet. Wikipedia and a raft of other popular Web sites, discussion boards and blogs have already fallen victim to the country's censors. China employs a complex system of filters and an army of tens of thousands of human monitors to survey the country's 140 million Internet users' surfing habits and surgically clip sensitive content from in front of their eyes.

It is an ever going battle between the censors and the people trying to evade the censors. Hence, steps on how to bypass the censors and see these 'banned' site are also very popular among the Chinese. But this is a battle that will take some time to mature, as the internet pushing crowd is also a beneficiary of economic reforms and is unlikely to push very hard for political reform, especially when they know the likely consequence of 'activities against the state'. And China is not alone in this, there are a host of other countries that have tried to censor the internet such as Saudi Arabia, Iran, and even a democracy like India (censored Blogger for some time).
In addition, due to the lure of working with the Chinese Government, even large corporations such as Google, Yahoo and Microsoft cooperate with the Chinese government in these censorship attempts.

MySpace information causes arrest of sex offenders

A few weeks back, MySpace was issued subpoenas by various state attorney generals to provide information on sex offenders. At first, MySpace resisted giving this data to the attorney-generals, but soon capitulated and agreed to provide this information.
The attorney generals were looking for sex offenders who were maybe preying on children on MySpace, an objective which made it difficult for MySpace to oppose them. And now it looks like states are starting to act on the information supplied by MySpace.

Seven convicted sex offenders with profiles on MySpace.com have been arrested in what Texas officials said was the country's first large-scale crackdown of registered offenders who use the social networking Web site.
They were picked up after MySpace.com released the names of offenders with online profiles to the state Attorney General's Office, which had issued a subpoena for the site's subscriber information.

There are some privacy implications to supplying this information, but overall, it is incumbent on the state authorities and service providers to prevent their facilities from being used to exploit defenceless children. In that sense, this is a pretty good happening, and if it discourages more sex offenders from using the anonymity of the web for exploitation, even better.

Anti-botnet campaign by FBI

Botnets are a major nuisance on the internet. These are a large number of computers having inadequate protection, that have been compromised and are under the control of people wanting to use these large number of computers (in many cases, in the thousands) for a number of activities such as launching distributed denial of service attacks where these computers together attach a web site or network, used as relays for mass distribution of spam and malware, used for phishing, click fraud, and a variety of other attacks.
How does a computer get compromised? The computer may be running a version of Windows that has a hole, and this hole has been exploited to gain control of the computer. In addition, the computer may not be having an active firewall and virus protection. Botnets are increasingly being found on the internet and cause a high degree of costs by causing down-time, by actual losses due to phishing and click fraud, etc. And the biggest problem is that users do not even know that their computer has been compromised; they find that their computer has gone slower, or becomes active suddenly, but there are no easy ways of knowing that their computer has been used by a crime or is compromised. Typically, when a computer has been infected and is a part of a botnet, it can be used to attack hundreds of other computers.
Given this situation, and the dangers posed by the menace of botnets, the FBI has been investigating and found more than 1 million botnet victims so far. Along with the Justice Department, the FBI has been running a program called Operation Bot Roast to disrupt botnets. They have caught people; however, as long as security patches determine the safety of a computer, there will be infected and compromised computers in the wild. Refer this article:

The FBI is working with industry partners, including the Computer Emergency Response Team Coordination Center at Carnegie Mellon University, to notify the victim owners of the computers. Microsoft and the Botnet Task Force have also helped out the FBI. Through this process the FBI may uncover additional incidents in which botnets have been used to facilitate other criminal activity, the FBI said in a statement.
Bots are widely recognized as one of the top scourges of the industry. Gartner predicts that by year-end 75 percent of enterprises "will be infected with undetected, financially motivated, targeted malware that evaded traditional perimeter and host defenses," and early reports from beta customers of a yet to be released product from Mi5 show how nefarious these infections can be. Mi5 says it installed a Web security beta product at an organization with 12,000 nodes and in one month detected 22 active bots, 123 inactive bots and was watching another 313 suspected bots. That may not sound like a lot, but those bots were responsible for 136 million bot-related incidents, such as scanning for other hosts inside the firewall.

It can get pretty hairy for people. Suppose the computer of a unsuspecting user is used to break into a protected military installation or a bank, or used to break down a major network, the first path for investigators will be to find the computers that were used, and in the case of a compromised computer, the owner will have no idea.
This will also start to increase pressure on software companies to make their software more secure from the ground up, such that they do not land in the situation where the security of the system is dependent on patches.

Google bows before EU data privacy requests

How these mighty corporations tumble before government pressures. Google has done that in the past, with creating a censored version of search for China (http://www.google.cn/), bowing down to pressures from governments about the level of details displayed for Government and military structures in Google Earth, and so on. Well, here is one more.
Google saves search data (that could be used to identify actual people after some research) and uses that for commercial purposes, to better target advertising. Earlier, it used to save this data indefinitely, then changed that to 24 months after some pressure from privacy advocates.
Then in May, Google got another blast on this topic. It got told by the European Union data watchdog (representing 27 EU countries) that the 24 month period was unacceptable under privacy concerns, and asked Google to reply by mid-June about how these concerns could be addressed. Well, now Google seems to have buckled under pressure and is now reducing the time that this data will be stored to 18 months (from the earlier 24 months). Refer this article:

The European Union's top security official lauded Google Inc's. decision to scale back how long it keeps personally identifiable data accumulated from its Web users as a step towards addressing privacy concerns.
The world's top provider of Web search services said this week it was ready to curtail the time it stored user data to a year and a half, seeking to mollify an EU watchdog that has questioned its privacy policies.
Each time a Google user searches the Web, the company gathers information about that customer's tastes, interests and beliefs that could potentially be used by third parties such as advertisers. Google shares general user statistics but is adamant it never shares personal data outside the company.

However, this is still right now only Google that has made the concession. To some extent this is justified since Google controls 60% of the search market, but a lot of other searches such as MSN, Yahoo, etc and other companies such as Microsoft, Apple, MySpace, AOL, eBay, Amazon, also have not disclosed as to how long they retain customer data. It would be their turn eventually; it just requires an accidental release of data from any of these places, and they will face the same amount of pressure as Google.

Problems in using Safari on Windows

Apple is on a high nowadays. It is seen as the leader in computing design, has the by-far-largest selling product in the personal media player market, has ownership of the iPhone (probably the most hotly awaited product for some time), and seems to have played a master stroke by moving its Mac onto an Intel machine, this allowing people the option to install windows on their Mac machines and pushing up the sales of Macs. However, there comes a time when a company gets too arrogant, and then realizes that arrogance is not a virtue (especially when the arrogance is revealed to be based on false premises). Microsoft has faced this repeatedly in the past, especially in the area of security (both for operating systems and applications); claiming that their apps are secure, and then facing a number of holes pointed out by hackers and security specialists. Well, the high and mighty Apple faces the same situation today with Safari.
Safari, the default browser on the Mac, is now available on Windows as a Beta, and I read reports where Apple claimed that this browser is secure. Well, no longer. Security experts, no doubt encouraged by Apple's claims, found numerous security holes in this Beta of Safari such as Denial of Service support, remote execution bugs, memory corruption, etc, As time goes by, more such errors will be found. This article claims that the Beta of Safari should not be used for actual web use because of its bugs.

Although all browsers have security issues uncovered on a relatively regular basis, most of which are rapidly patched up with updates and fixes, the latest beta version of Safari has been put to the test by a number of security researchers, as reported by PC Magazine and others, and is so far failing a lot of security tests.
Problems with Safari uncovered so far include DoS and remote execution bugs, memory corruption that could be exploited, command execution vulnerabilities simply by visiting a web site – and that’s just in the last couple of days. Security researchers are bound to find more bugs in the system, or more ghosts in the machine for Apple to eliminate.
So, should you use Safari on Windows? After all, plenty of Windows users will have downloaded Safari since its release on Monday, and will no doubt have had a surf around to see what it’s like. It looks and feels just like Safari on the Mac, it’s certainly fun to use. For now, it’s also the latest novelty must-have experience from Apple that Windows users can enjoy. Apple’s download servers must be running hot!

Safari is indeed hot, after all, it is the browser on the iPhone, which itself lends to a lot of pull for the browser. However, Firefox is a pretty strong competitor on a number of platforms, so it is not sure as to how much Safari can take away from established browsers.

Apple puts buyer information in DRM free tracks

A lot of people have celebrated the decision by Apple and EMI to provide DRM free audio tracks through iTunes (even if they cost 30 cents extra). But suddenly, when there was some amount of excitement among anti-DRM users, Apple has caused some amount of caution. It has been discovered that users who buy DRM free files are getting files that have their user names and email id's embedded in the files.
Users who download the latest update for iTunes, version 7.2 have got the ability to buy DRM free files. But analysis of these files have disclosed that these files have user information embedded in an unencrypted form. This should not harm anyone in an obvious manner.
However, for users who are going to share these files, analysis of these files will easily disclose the original buyer of these files, and know that these files have been shared, something that is still not legally permitted. However, Apple is not disclosing the reasons why these files carry the user information, something which makes privacy experts queasy. So, even though Apple has made files DRM free, it still wants to make sure that it has a way of tracking any movement of these files. Maybe this could have been part of the agreement with EMI.
Refer this article:

An Apple spokesman suggested by e-mail that Wired News contact Michael Gartenberg, an analyst at Jupiter Research who has been briefed about iTunes Plus. The Apple spokesman didn't respond to further requests for comment.
Gartenberg said there are many reasons why Apple would want to tag music sold through the iTunes store. The information could be used as a proof of purchase, or to facilitate upgrades (songs previously bought through iTunes can be upgraded to higher fidelity versions for an extra 30 cents). The identifier could help identify songs missing from albums (iTunes offers a "complete album" feature), as well as to thwart piracy.

The silence by Apple is puzzling. It does not solve any immediate need, and Apple would have expected that this would easily have been found, and they did not have a canned reply. Seems a bit strange.