Copy Link
Add to Bookmark
Report
Atari Online News, Etc. Volume 17 Issue 25
Volume 17, Issue 25 Atari Online News, Etc. July 10, 2015
Published and Copyright (c) 1999 - 2015
All Rights Reserved
Atari Online News, Etc.
A-ONE Online Magazine
Dana P. Jacobson, Publisher/Managing Editor
Joseph Mirando, Managing Editor
Rob Mahlert, Associate Editor
Atari Online News, Etc. Staff
Dana P. Jacobson -- Editor
Joe Mirando -- "People Are Talking"
Michael Burkley -- "Unabashed Atariophile"
Albert Dayes -- "CC: Classic Chips"
Rob Mahlert -- Web site
Thomas J. Andrews -- "Keeper of the Flame"
With Contributions by:
Fred Horvat
To subscribe to A-ONE, change e-mail addresses, or unsubscribe,
log on to our website at: www.atarinews.org
and click on "Subscriptions".
OR subscribe to A-ONE by sending a message to: dpj@atarinews.org
and your address will be added to the distribution list.
To unsubscribe from A-ONE, send the following: Unsubscribe A-ONE
Please make sure that you include the same address that you used to
subscribe from.
To download A-ONE, set your browser bookmarks to one of the
following sites:
http://people.delphiforums.com/dpj/a-one.htm
Now available:
http://www.atarinews.org
Visit the Atari Advantage Forum on Delphi!
http://forums.delphiforums.com/atari/
=~=~=~=
A-ONE #1725 07/10/15
~ 'Hacking Team' Hacked! ~ People Are Talking! ~ New Atari Comics?
~ First Look at Firebee! ~ Major Firefox Patches! ~ PSN Hacker Guilty!
~ Win 10 Almost A Wrap! ~ Student Writes Malware ~ Chrome Tops Firefox
~ Google Search Poisoned ~ Windoes 8.1 Passes XP! ~ DuckDuckGo Soars!
-* Nintendo's PlayStation Found *-
-* Hillary: China Hacks Everything..." *-
-* Cybersquatters & Presidential Candidates! *-
=~=~=~=
->From the Editor's Keyboard "Saying it like it is!"
""""""""""""""""""""""""""
It's been another long week, and yet another "late" issue - I apologize.
But, I'm sure that it will all be worth the wait! Lots of interesting
stuff this week, including thew beginning of what should be an informative
discussion by Fred Horvat on his new Firebee acquisition. Be sure to stay
tuned for his observations and experiences!
The summer is starting to take hold here in New England, but we've been
fortunate so far not to have been hit with scorching temperatures. We
haven't been hit with a 90-degree day yet - a plus as far as I'm concerned.
We've had some rain, resulting in some closer-to-normal drought conditions.
That's always a good thing!
Well, enough of the small talk - let's get right to the good stuff!
Until next time...
=~=~=~=
Checking Out The Firebee!
I ordered a Firebee for my 50th Birthday and it arrived today! So far the
30 minutes I messed with it has not gone so well. Right now it appears
the CF Card has either come loose or more likely got corrupted. It's not
obvious how to open the unit to get to the CF card to check so I emailed
Mathias about opening the case or for other suggestions.
Not so good at the moment. (Dana this will make a decent weekly
contribution to AONE. I will have to start something next week if I don't
write something tonight or tomorrow for you.)
It appears that the Compact Flash drive is corrupt. Which is both good
and bad but mostly bad.
Bad - Because I can't use my new expensive toy.
Good - Because I have to lean how the machine works and have to install
MiNT from scratch.
Biggest problem for me or anybody else getting one of these who did not
follow or develop for/on a Firebee the last few years is that almost
everything about it is assumed that you know everything about the
Firebee inside and out before turning it on. What you know about you
Atari ST helps but this is a completely different beast in every way.
You know you are in for a wild ride when you read the Quick Start from
Fredi at Medusa thanking you for purchasing an Alpha Product. So the next
revision they are working on will hopefully correct a lot of bugs and non
function hardware on the board. I will be in contact with the ACP team
in updating the documentation and mostly creating documentation so that
a noob doesn't have to go through what I am.
For example on documentation in installing MiNT. One of the first steps
says Prepare CF Card. OK great HOW? I'm staring at a TOS Desktop and how
do I do that? So that's one of the items I want to update. What got me
was the Video Resolution Test. I got some real nasty looking horizontal
lines. I thought the monitor was not capable so I got another monitor.
When in fact this meant the monitor was good. The documentation never
mentions this. After the fact I looked online and others complained
about this on Atari-Forum.com also.
Stay tuned for regular updates!
=~=~=~=
->In This Week's Gaming Section - PSN & Xbox Live Hacker Guilty!
""""""""""""""""""""""""""""" Nintendo's PlayStation Found!
Dynamite and Atari Team Up for New Comic Ventures!
=~=~=~=
->A-ONE's Game Console Industry News - The Latest Gaming News!
""""""""""""""""""""""""""""""""""
Lizard Squad Member Found Guilty of Hacking
Into PlayStation Network and Xbox Live
Julius "zeekill" Kivimaki, one of the members of Lizard Squad - the gang
of hackers infamous for launching a distributed denial-of-service attack
on PlayStation Network (PSN) and Xbox Live gaming services around
Christmas last year - has been found guilty of 50,700 offences related to
computer crimes in Finland according to Finnish newspaper Kaleva.
Kivimaki played an integral role in last year's attacks and was also the
group's spokesman in on-air interviews with Sky News. In order to bring
down PSN and Xbox Live, the group used thousands of hacked home Internet
routers.
However, Kivimaki will not being going to jail. Rather, he has received a
two-year suspended prison sentence and his Internet activity will be
monitored by the Finnish police.
While a large chunk of the Internet is up in arms due to the leniency of
the sentence, the Lizard Squad Twitter account was having a field day,
gloating about getting away scot-free in a string of tweets, one of which
reads: "All the people that said we would rot in prison don't want to
comprehend what we've been saying since the beginning, we have free
passes."
Another tweet read ruled out extradition, saying: "And no zeekill will not
be extradited. Finnish citizens have the right to refuse extradition
regardless of any treaty."
Nintendo's PlayStation, The Holy Grail of Game Memorabilia, Has Been Found
An extraordinarily rare prototype of the Nintendo PlayStation console,
which was created as part of a failed partnership between Nintendo and
Sony some 25 years ago, has been discovered.
Never-before-seen images offer the first ever close-ups of the machine, now
yellowed with age, which combines the form factor of the SNES along with
the branding of PlayStation.??When it was first revealed in 1991, the
system was referred to as the "Nintendo Play Station", and Sony was thought
to have created some 200 prototypes. The pitch from the electronics giant
was that the console would not only play Nintendo game cartridges but also
games on compact disks. However, due to a public fall-out between both
companies, the prototypes were destroyed.
However, one unit appears to have survived. This unit is so rare that its
specific design features, such as a horizontal volume slider at the front
and an assortment of outputs at the back, were not public knowledge.
The console is historically significant because it represents the brief
partnership between Nintendo and Sony prior to its intense rivalry that
still exists today.
At the Consumer Electronics Show in 1991, Sony showcased its
Nintendo-endorsed vision for a SNES-CD, which it branded with a
"PlayStation" logo. Nintendo shocked Sony, however, by suddenly
announcing - at the same show - that it would be partnering with
electronics firm Phillips instead.
Incensed and embarrassed, the Sony executive Ken Kutaragi began to
internally lobby the company to fund plans to build a console without
Nintendo's support. The outcome of that plan, also called the
PlayStation, brought about a tectonic power-shift in the games business.
This prototype model was found by the son of a businessman who had ties
with a former Sony executive, believed to be Olafur Olafsson, who was the
chief executive of Sony Interactive Entertainment in 1991.
The son, who is only known by his online handle 'Dnldbld', first published
the images on Reddit, and then on Assembler Games. He says that he will
try to find the power supply for the prototype and boot the system up for
the first time.
=~=~=~=
->A-ONE Gaming Online - Online Users Growl & Purr!
"""""""""""""""""""
Dynamite and Atari Team Up for New Comic Ventures
Dynamite Entertainment announced that it will team up with Atari, Inc. in
a collaboration that will include securing the rights to a retrospective
hardcover book comprised of photos and concept artwork, as well as
behind-the-scenes information and interviews with those involved in
Ataris history. The collaboration allows the company to publish original
graphic novels and comics based on popular Atari properties such as
Asteroids, Centipede, Missile Command, Crystal Castles and Tempest. In
addition, Dynamite plans to re-print existing material such as the 1980s
Atari Force comics.
'Atari' doc trailer digs deep into legend of infamous 'E.T.' video game
We are excited to be teaming up with Dynamite Entertainment to bring a
modern twist to a classic series of comics and table top books that are
rich with historic art, Fred Chesnais, Chief Executive Officer of Atari
said in a statement. Ataris roots in the comic book world and iconic
art is a collector and video game enthusiasts dream. Our partnership is
a fun way to expose our brand to a new generation and resonate with our
long-time fans.
Atari is a touchstone for so many people, added Dynamite Director of
Business Development Rich Young. Their games and game system exposed a
lot of folks to video games for the first time
and frankly, got them
hooked! I have fond memories of playing games on the 2600 with friends
growing up, and am quite happy that we have a chance to work with Atari
on this publishing program.
Originally founded in 1972, Atari was the pioneer of video consoles and
arcade games, and helped pave the way for the entertainment gaming
industry throughout the next decade. Dynamites products will be
available through comic book stores and digital platforms such as
Comixology and Dynamite Digital.
=~=~=~=
A-ONE's Headline News
The Latest in Computer Technology News
Compiled by: Dana P. Jacobson
Hillary Clinton: China Hacks 'Everything That Doesn't Move' in the US
US presidential hopeful Hillary Clinton has accused China of
state-sponsored hacking designed to steal both trade secrets and
government information.
Speaking at a Fourth of July campaign rally in New Hampshire on Saturday,
the former US Secretary of State said the rise of China was the story of
the 21st century and how the US responded to that would determine the
future of the entire world.
She added that she hoped to see China prosper in a peaceful way but also
warned that vigilance was required.
The US has to be aware, she said, that China's military strength is
increasing quickly as the nation continues to establish new military
installations in contested territories - such as the Philippines - and
other countries the US has treaties with.
Scrawling her foreign policy credentials on the cyber blackboard, she said:
They're also trying to hack into everything that doesn't move in America.
Stealing commercial secrets, blueprints... from defense contractors,
stealing huge amounts of government information, all looking for an
advantage.
Make no mistake: they know they're in a competition, and they're going to
do everything they can to win it.
Quite what Clinton means by "everything that doesn't move" is not clear.
After all, we know that most assets compromised by a hack or error
certainly do move. And I'm not just talking about mechanical devices such
as aeroplanes, drones or even cars; there are other, more personal targets
too: us.
Fortunately, the effects of hacking are now being taken far more seriously
by court systems that are beginning to appreciate the effects of a crime
that doesn't involve actual or threatened physical violence against
property or the person.
Take for instance the case of Alex Yucel, the co-creator of the
Blackshades RAT. He was recently sentenced to 57 months in jail over the
malware that had the capability to steal banking and other information, as
well as hold machines to ransom or use their computing power as part of a
DDoS network - a win for the good guys, as John Shier said to Paul Ducklin
in the latest Chet Chat podcast (from 8m 24s).
Hillary Clinton's comments come three months after a huge breach at the US
Office of Personnel Management left the personal records of millions of
federal employees compromised. US officials said at the time that they
believed China was behind the attack which bore a striking resemblance to
a similar incident the previous year.
China, as to be expected, denied all claims of wrongdoing.
Of course it's not the first time that the US has accused China of
nation-state hacking, nor is it the first time that Clinton herself has
wagged her finger in that direction.
In 2010 she demanded an explanation from China after Google claimed it had
experienced a "highly-sophisticated" attack that led to the theft of
intellectual property. Subsequently named "Operation Aurora," the attack
also impacted a large number of other US financial and technology
companies as well as military organisations.
Unsurprisingly, the finger pointing goes both ways - the Chinese government
has recently been able to cite Edward Snowden's revelations as proof that
the US has launched cyber attacks in the other direction.
I wonder what a possibly-future President Clinton would have to say about
that?
Hacking Team Spyware Company Hacked, Embarrassing Emails Revealed
Hacking Team, a company that helps police hack citizens, has been hacked
itself. In a series of tweets from the companys compromised Twitter
account, the unknown hackers appear to have revealed embarrassing
internal emails and a torrent with 400GB of internal files, source code,
and communications. One particular tweet appears to show an email from
Hacking Team CEO David Vincenzetti, mocking a competitor for being
severely hacked. No hacking groups have claimed responsibility for the
breach yet.
Hacking Team has more than 40 employees and sells commercial hacking
software to law enforcement in several dozen countries, including Morocco,
Ethiopia, and the United Arab Emirates. A recent report from Motherboard
revealed that the Hacking Team also supplies spyware tools to the Drug
Enforcement Agency to implant software in a suspects phone and record
texts, emails, passwords, and monitor conversations.
Hacking Team is infamous in security circles for injecting targeted
malware into YouTube and Microsofts Live services. Formed by two Italian
programmers, the pair originally created a program called Ettercap that
quickly became the weapon of choice for hackers wanting to spy on people.
The success of Ettercap led to Hacking Team, and now attention from rival
hackers who have renamed the companys Twitter account to Hacked Team.
Hacking Team Breach Shows a Global Spying Firm Run Amok
Few news events can unleash more schadenfreude within the security
community than watching a notorious firm of hackers-for-hire become a hack
target themselves. In the case of the freshly disemboweled Italian
surveillance firm Hacking Team, the company may also serve as a dark
example of a global surveillance industry that often sells to any
government willing to pay, with little regard for that regimes human
rights record.
On Sunday night, unidentified hackers published a massive, 400 gigabyte
trove on bittorrent of internal documents from the Milan-based Hacking
Team, a firm long accused of unethical sales of tools that help
governments break into target computers and phones. The breached trove
includes executive emails, customer invoices and even source code; the
companys twitter feed was hacked, controlled by the intruders for nearly
12 hours, and used to distribute samples of the companys hacked files.
The security community spent Sunday night picking through the spy firms
innards and in some cases finding what appear to be new confirmations
that Hacking Team sold digital intrusion tools to authoritarian regimes.
Those revelations may be well timed to influence an ongoing U.S. policy
debate over how to control spying software, with a deadline for public
debate on new regulations coming this month.
One document pulled from the breached files, for instance, appears to be
a list of Hacking Team customers along with the length of their contracts.
These customers include Azerbaijan, Bahrain, Egypt, Ethiopia, Kazakhstan,
Morocco, Nigeria, Oman, Saudi Arabia, Sudan, and several United States
agencies including the DEA, FBI and Department of Defense. Other documents
show that Hacking Team issued an invoice for $1 million to Ethiopias
Information Network Security Agency (the spy agency of a country known to
surveil and censor its journalists and political dissidents) for licensing
its Remote Control System, a spyware tool. For Sudan, a country thats the
subject of a UN embargo, the documents show a $480,000 invoice to its
National Intelligence and Security Services for the same software.
These are the equivalents of the Edward Snowden leaks for the
surveillance industry, says Eric King, the deputy director of Privacy
International. There are few countries [Hacking Team] arent willing to
sell to. There are few lines they arent willing to cross.
In its marketing materials, Hacking Team describes its RCS product as a
solution designed to evade encryption by means of an agent directly
installed on the device an agency is monitoring. You want to look
through your targets eyes, reads the script of one of the companys
videos, shown below. You have to hack your target. Last year,
researchers at Toronto-based Internet surveillance analysis group Citizen
Lab and antivirus firm Kaspersky revealed Hacking Team software that
targets every mobile operating system to take total control over phones.
Hacking Team hasnt yet responded to WIREDs request for comment. One
Hacking Team engineer, Christian Pozzi, seemed to defend his employer
briefly on Twitter, writing that the companys attackers were spreading
lies about the services we provide. His feed was soon hacked and then
deleted.
Hacking Teams newly exposed business practices call into question
whether current regulations effectively prevent a private firm from
selling hacking software to any government in the world. One written
exchange between Hacking Teams executives and UN officials shows the UN
questioning Hacking Teams sales to Sudan. A letter from the UN to the
company references a March 2015 letter Hacking Team sent the UN, in which
it argued that its spying tools didnt count as a weapon, and so didnt
fall under the UNs arms embargo. (The UN disagreed.)
Sudan is one of the most strictly embargoed countries in the world, says
Chris Soghoian, a privacy activist and lead technologist for the American
Civil Liberties Union who first spotted the UN correspondence in the
Hacking Team data dump. If Hacking Team believes they can lawfully sell
to Sudan, they believe they can sell to anyone.
That issue of whether hacking tools are defined as weapons in the terms of
arms control agreements couldnt be more timely: An arms control pact
called the Wassenaar Arrangement has been hotly debated in recent weeks
over its measures that would control the international export of intrusion
software. The US Department of Commerce has opened the process to public
comment, a window that ends on July 20.
The Wassenaar Arrangement has been criticized by the hacker community as
limiting security research and preventing the sharing of penetration
testing tools. But Privacy Internationals Eric King argues that the
practices of Hacking Team demonstrate why the pact is necessary, along
with what he describes as carve-outs to protect security research.
Whats clear is that these companies cant be left to their own devices,
says King. Some form of regulation is needed to prevent these companies
from selling to human rights abusers. Thats a hard policy question, and
one tool wont be a silver bullet. But regulation and export controls
should be part of the policy response.
The issue of whether hacking tools are defined as weapons in the terms of
arms control agreements couldn't be more timely.
Despite Hacking Team being based in Italy, the US Department of Commerces
still-evolving export control regulations may still apply to the company,
says the ACLUs Chris Soghoian. He points to two firms he spotted in
Hacking Teams breached files who appeared to be reselling the companys
tools: Cyber Point International in Maryland and Horizon Global Group in
California.
The hacked documents are far from the first evidence that Hacking Team has
sold its tools to authoritarian governments. Researchers at Citizen Lab
have accused Hacking Team of selling to countries including Sudan and the
United Arab Emirates, who used it to spy on a political dissident who was
later beaten by thugs. WIRED reported in 2013 on an American activist who
was apparently targeted by Turkey using Hacking Team tools. But Hacking
Team has responded with denials, criticisms of Citizen Labs methods, and
claims that it doesnt sell to repressive regimes.
Hacking Team has continuously thrown mud, obfuscated, tried to confuse
the truth, says Privacy Internationals King. This release helps set the
record straight on that, and shows their deviousness and duplicity in
responding to what are legitimate criticisms.
Cybersquatters Giving Some US Presidential Candidates A Bad Name
Chris Christie, the governor of New Jersey, is about to announce he's
running to become the next president of the United States - something he
alluded to this past weekend when he began tweeting out links to his
website, chrischristie.com.
But first, Governor Christie needed to secure the website domain from its
previous owner, a computer programmer from Wisconsin with the same name.
It's not clear how the politician Christie acquired the domain from the
programmer Christie (we've contacted the latter to inquire about it, but
haven't heard back) - but it might have cost the governor a substantial
sum of money to acquire it.
Another candidate for president, Senator Rand Paul, reportedly paid a
group of his own supporters who owned of randpaul.com $100,000 for that
domain.
In the cases of chrischristie.com and randpaul.com, the former domain
owners were acting in good faith, rather than registering those websites
merely for the purpose of getting the high-profile politicians to
purchase the domains.
On the other hand, the owner of chrischristie2016.org registered that
domain back in 2011 in hopes that Christie would be running for office in
2016 and offer to buy it.
Registering a domain in good faith is an important distinction, because
buying up domains with names of famous people or brands for the purpose of
extorting money is what is known as cybersquatting, and it's (supposed to
be) illegal.
The Anticybersquatting Consumer Protection Act (ACPA) is intended to
prevent cybersquatting for profit.
Corporations like Facebook and Pinterest have successfully sued
cybersquatters who registered domains that were close to the correct
domains but were off by a letter or two, like facegbook.com or
pimterest.com, taking advantage of people who inadvertently mistype the
web address.
This kind of abuse is what Sophos calls "typosquatting" - and it's not
just a nuisance, but possibly dangerous for web users who accidentally
visit those websites.
A few years ago, we conducted an experiment where we surveyed 1500
websites with one-character mistakes in the web addresses of six
well-known domains - for Facebook, Google, Twitter, Microsoft, Apple and,
while we were at it, Sophos.
We discovered that about 3% of those misspelled websites were associated
with phishing, spam, and other types of cybercrime.
But disputes over domain names, and whether a domain owner is acting in
"bad faith," aren't always cut and dry.
The ACPA law allows people to register domains for purposes that include
political speech, which can lead to some embarrassing or
reputation-damaging websites registered by political opponents.
Senator Ted Cruz, a presidential candidate and staunch opponent of
President Obama's immigration policies, doesn't own tedcruz.com - it's
instead owned by someone using the site to host the message: "Support
President Obama! Immigration Reform Now!"
Carly Fiorina, the former chief executive of HP who is now running for
president, didn't register carlyfiorina.org, and that website now hosts a
message highlighting the fact that Fiorina laid off 30,000 HP workers
during her tenure.
And the owners of the domain JebBushforPresident.com aren't supporters of
presidential candidate Jeb Bush - they purchased the domain in 2008 in
response to Bush's "horrible record with regards to LGBTQ rights," they
said.
According to the Internet Corporation for Assigned Names and Numbers
(ICANN) - the non-profit organization responsible for managing the
top-level domain name system and Internet Protocol (IP) allocation - if
you believe someone has registered your trademarked name in bad faith, you
can file a complaint under the Uniform Domain-Name Dispute Resolution
Policy.
You could also file a lawsuit against the domain owner, which real estate
mogul and now presidential candidate Donald Trump did in 2014 in response
to a squatter who registered several websites using Trump's name.
Trump won the lawsuit, which resulted in a judgment that the squatter
would have to pay Trump $32,000 in damages.
But not every business or individual has Trump's resources for fighting
off squatters with lawsuits, and defending against cybersquatting by
registering all potential domains containing your name or trademark is an
expensive proposition.
ICANN has begun approving a set of 600 new generic top-level domains
(gTLD), including the potentially embarrassing .SUCKS and .XXX.
According to the Coalition Against Domain Name Abuse, trademark owners who
want to pay to block registration of their names across 300 new gTLDs
during the pre-registration period could pay as much as $330,000 to
protect their brands from cybersquatters.
In addition to the costs to businesses, the CADNA notes that
cybersquatting potentially exposes consumers to counterfeit goods, fraud,
malicious websites and identity theft.
The CADNA has proposed changes to the ACPA law that it hopes will be
deterrents against future abuse of the domain name system - raising
penalties for violators and holding domain registrars accountable.
In the meantime, brand owners can make cybersquatting less profitable by
refusing to pay squatters for domains; and consumers can avoid potentially
harmful domains and avoid typosquatting sites by bookmarking their
favorite websites or using search engines to find the most relevant
website.
As for the 2016 presidential candidates, it might be time to start buying
up domains in preparation for another run in 2020.
Standoff Over Social Media Passwords Breaks New Legal Ground
A Texas man used social media to promote his gun store, posting
politically charged messages that criticized the president and promoted
Second Amendment rights.
But after losing ownership of his suburban Houston store in bankruptcy,
Jeremy Alcede spent nearly seven weeks in jail for refusing a federal
judge's order to share with the new owner the passwords of the business'
Facebook and Twitter accounts, which the judge had declared property.
"It's all about silencing my voice," said Alcede, who was released in May
after turning over the information. "... Any 3-year-old can look at this
and tell this is my Facebook account and not the company's."
Alcede's ultimately failed stand charts new territory in awarding property
in bankruptcy proceedings and points to the growing importance of social
media accounts as business assets. Legal experts say it also provides a
lesson for all business owners who are active on social media.
"If your business is something you feel very passionately about, it can be
hard to separate those things," said Benjamin Stewart, a Dallas-based
bankruptcy lawyer. "The moral for people is you have to keep your personal
life separate from your business life."
U.S. Bankruptcy Judge Jeff Bohm, who handled Alcede's case, acknowledged
"the landscape of social media is yet mostly uncharted in bankruptcy,"
and cited a 2011 New York bankruptcy court case that treated such
accounts like subscriber lists, which "provide valuable access to
customers and potential customers."
Other cases in the U.S. and abroad have touched on similar issues. In
2012, a South Carolina Internet company settled a lawsuit filed against a
former employee it had said cost them thousands of dollars in lost
business when he took 17,000 Twitter followers with him. A Pennsylvania
federal court in 2013 ruled in favor of a woman who had sued after her
former employer took over her LinkedIn account following her firing.
That same year, a British court approved a company's request to
temporarily stop a group of ex-employees from using the firm's LinkedIn
contacts to start a rival business. The employees claimed the LinkedIn
accounts and contacts were personal.
Villanova University School of Law professor Michael Risch said Facebook
and Twitter accounts, among other social media platforms, are now seen as
property by companies.
"I suspect that's what the judge was looking at, is this primarily an
asset being used for business advertising to get customers to talk about
what is going on with the company," said Risch, who specializes in
Internet law. "It might have started out as a personal (account) but
turned into a business property."
Alcede, however, remains defiant, even after his release from jail, saying
his refusal to hand over the passwords was not about keeping his Facebook
page but fighting tyrannical big government.
He said his Facebook posts and tweets criticizing President Barack Obama
and supporting gun owners' rights were his personal views and not done to
promote the business. But Bohm ruled in April that the gun store's social
media accounts were not personal but used to boost sales, citing a tweet
in which Alcede told his followers he was at a gun trade show as an
example of something that would attract customers because it showed him
as a "connected insider in the gun-buying community."
Control of the store and social media accounts was given to Steven Coe
Wilson, Alcede's former business partner. Bohm's ruling described Alcede
as a "disgruntled former business partner" trying to control assets that
no longer belonged to him.
Alcede, who in June filed a motion to revoke the bankruptcy plan, had
argued the accounts weren't listed as assets in the bankruptcy court
filings. He told The Associated Press he only turned over the passwords so
he could deal with various personal issues, including health problems he
developed while jailed.
Wilson said in an email he couldn't comment until Bohm releases the company
from bankruptcy. Richard Kincheloe, Wilson's attorney, did not return phone
calls seeking comment, but said at an April court hearing that the issues
related to the social media accounts were "not about what someone is
allowed to say. It's about paying creditors."
If the new owners could not access the business' accounts and send messages
to followers, it could impact the store's profits, making it less valuable,
Stewart said. While having Alcede spend seven weeks in jail over the
passwords was "harsh," Stewart said that in the end, Alcede held the key
to his freedom.
"You have to strike a balance between making sure people respect the
court's authority and giving people the right to make their own decision
and accept the consequences if that is the way they want to go," he said.
Mystery Vandals Are Cutting Fiber-optic Cables in California
Somebody is cutting underground fiber-optic cables in Northern California.
The FBI said last month that it was investigating a rash of cable-cutting
vandalism in the San Francisco Bay Area - 10 incidents over the past year
- that resulted in loss of internet and phone service.
On Tuesday, 30 June, the 11th such case of vandalism cut off service for
customers of Wave Broadband, near the state capital of Sacramento, which
the internet service provider said was the result of a widespread
"coordinated attack."
Not so, according to the FBI, instead saying the most recent incident was
confined to one area and not part of a coordinated attack.
The FBI branch in San Francisco also said there is "no indication these
incidents are linked" to a case of vandalism in April 2013 that local law
enforcement officials called "sabotage," where a suspect cut fiber-optic
cables, knocking out 911 service, and then fired a rifle at a PG&E power
substation.
On the other hand, the 11 recent cases of cable-cutting do have enough
similarities to make you wonder if they are related.
According to a report in USA Today, many of the incidents involved
breaking into underground vaults to cut multiple cables, which would have
required special equipment to enter the vaults and cut through protective
sheathing on the cables.
The cables cut on Tuesday belong to Level 3 Communications and Zayo Group
Holdings, two companies that own network "backbones," which ISPs, cable
and phone companies use to connect to the internet.
It took about five hours on Tuesday for the companies to fix the cables
and restore service, but the FBI's presence on the scene for its
investigation slowed the repair efforts, according to the Wall Street
Journal.
It's not known how many customers lost service, but one big customer -
Microsoft - reported on Tuesday that its Azure cloud service experienced
"intermittent connectivity issues" in the Western and South Central US
due to "fiber cuts in the Western US."
FBI Special Agent Greg Wuthrich told USA Today that the vandalism was
"disturbing," and asked the public to come forward with tips:
When it affects multiple companies and cities, it does become disturbing.
We definitely need the public's assistance.
The individuals responsible may appear to be "normal telecommunications
workers," or have special equipment related to that job, the FBI said.
Yet the FBI is at a loss to explain the cable-cutting incidents of the
past year and knows of "no real motive," Ars Technica reported.
Just how vulnerable is the internet to this kind of sabotage?
The fiber-optic cables that carry the majority of the internet's traffic
are basically bundles of thin strands of glass that transmit data that is
converted into light at one end of the cable and then converted back into
data at the other end.
Cables are usually buried only a few feet underground and are small enough
around - about the size of a finger - to be cut with scissors.
The California incidents impacted customers in multiple cities at a time,
but it's possible to knock out internet service to a much wider area with
little more than a shovel.
In 2011, we reported on an incident that knocked out service to 90% of
Armenia when a 75-year-old woman from Georgia struck a cable while digging
for copper to sell.
To travel longer distances, internet traffic is carried by large undersea
cables that are also vulnerable to accidental severing - by ship anchors
or even shark bites.
In 2008, two major undersea cables were cut leading to widespread internet
and phone outages across the Middle East - leading some to speculate that
it was deliberate attack.
Losing internet service, even for a few hours, can cause big disruptions
with big consequences.
Usually, when we think of the security of the internet we worry about
defending against cyberattacks that could knock out financial, industrial,
government or military networks.
We should also be thinking about how to protect the internet from physical
attacks on its infrastructure.
This 20-year-old Student Has Written 100 Malware Programs in Two Years
Security firm Trend Micro has identified a 20-year-old Brazilian college
student responsible for developing and distributing over 100 Banking
Trojans selling each for around US$300.
Known online as 'Lordfenix', 'Hacker's Son' and 'Filho de Hacker', the
computer science student first began his career by posting in forums,
asking for programming help for a Trojan he was developing, researchers
said.
However, Lordfenix has "grown quite confident in his skills" and began
developing and distributing malware tailored to pilfer financial
information since at least 2013.
"Based on our research, Lordfenix has created more than 100 different
banking Trojans, not including his other malicious tools, since April
2013," Trend Micro says. "With each Trojan costing around R$1,000
(roughly $320), this young cybercriminal channeled his talent in
programming into a lucrative, illegal venture."
Trend Micro has also provided an image of the hacker's Facebook wall post
(given below) in which the hacker shows a considerable amount of local
currency.
In order to expand his operation, Lordfenix has now begun offering free
versions of fully-functional Banking Trojan source code other wanna-be
cyber criminals on the underground forum.
The free versions of the Trojan can be used to steal login details from
customers of four different Brazilian banking websites including HSBC
Brazil, Bank of Brazil, and Caixa. For access to other financial
institutions, 'clients' have to pay for a more powerful tool,
TSPY_BANKER.NJH.
TSPY_BANKER.NJH is a Trojan capable to identify when a user enters any of
a target bank's URLs into their browser. The malware then shuts down the
browser window (if it is running on Google Chrome), displays an error
message, and then opens a fake Chrome window.
Once the victim enters the login details into the fake window, the
information is sent back to the attackers address via email.
As an extra precaution, Lordfenix's malware also includes a software
program to terminate a security process called GbpSV.exe, which is used
by large number of Brazilian banks in an effort to keep their online
customer data secure.
Malware Threat to Online Banking is Growing rapidly and countries like
Brazil, where almost half of all financial transactions are conducted
online, have come up as a boon for hackers.
Privacy Outcry Over Proposal To Reveal Website Owners' Identities
People fighting for their privacy rights are deluging domain overseer
ICANN with comments opposing a proposal that would strip the rights of
commercial domains to use proxy services to shield registrants' true
identities and addresses.
It might seem like a straightforward issue of prohibiting proxy use by
domains "actively used for commercial transactions," but it's not that
easy, as dissenting members of ICANN pointed out.
In ICANN's report on the issue of privacy/proxy service accreditation, the
members said the move could work against persecuted groups and
organizations, including minority political groups or those devoted to
gender orientation:
[M]embers of the [working group] noted that fundraising and membership
drives are often performed by the very groups and organizations seeking
privacy/proxy registration for protection, including minority political
groups, minority religious organizations, ethnic groups, organizations
committed to change of racial policies, gender orientation groups, and
publications engaged in freedom of expression. These groups and their
representatives note that, in the laws of their countries, the mere
collection of a donation or membership fee does not change their status
from "non-commercial" to commercial. Others noted that "non-profit" status
is limited to only a few countries.
The Electronic Frontier Foundation (EFF) focused on the issue on Tuesday,
with a post that detailed how the change is being pushed by US
entertainment companies that told Congress in March that privacy for
domain registration should be severely restricted.
Such companies want ever more names and contact information in their zeal
to accuse people of copyright and trademark infringement, preferably
without having to bother with getting a court order, the EFF said.
The typical number of responses ICANN receives in its public comment
periods hovers around 20, according to The Register.
In contrast, the idea of forcing commercial domains to reveal registrants'
names and addresses had garnered over 6000 commenters who overwhelmingly
opposed the plan as of Thursday morning.
A sample from the comments, from Opus:
With identity theft getting worse by the day, it is imperative that we be
able to keep our personal information private. I don't even use my domain
email in all instances (including this). I am a single woman living alone
and don't want everyone in the world to see where I live. Don't use
[F]acebook for the same reason. With just cause, get the [information]
needed by taking the legal route.
From Bob Baffy:
I've had issues in the past with people who have abused my personal
information through WHOIS searches, and it upsets me that my and other's
rights to privacy could be abused again in this way.
The vast majority of comments are coming from people who used form letters
supplied by two sites that are campaigning against the change:
RespectOurPrivacy.com and SaveDomainPrivacy.org.
A sample of one of the form letters:
Dear ICANN, Regarding the proposed rules governing companies that provide
WHOIS privacy services (as set forth in the Privacy and Policy Services
Accreditation Issues Policy document): I urge you to respect internet
users' rights to privacy and due process. - Everyone deserves the right
to privacy. - No one's personal information should be revealed without a
court order, regardless of whether the request comes from a private
individual or law enforcement agency. Private information should be kept
private. Thank you.
The 98-page report focuses on other changes, but it's a dense, wonkish
read, and nothing's gotten the same level of attention as this issue of
denying proxy/privacy services to "commercial" domains.
The EFF's Jeremy Malcolm and Mitch Stoltz pointed out that subpoenas do
just fine in getting website owners' identities, and we don't need another
mechanism to do so - particularly when the cost/benefit ratio is so
unconvincing:
The limited value of this change is manifestly outweighed by the risks to
website owners who will suffer a higher risk of harassment, intimidation
and identity theft. The ability to speak anonymously protects people with
unpopular or marginalized opinions, allowing them to speak and be heard
without fear of harm. It also protects whistleblowers who expose crime,
waste, and corruption. That's why EFF opposes the new proposal to roll
back anonymity.
Windows 8.1 Finally Edges Past XP on the Desktop
Almost two years after its release, Windows 8.1 has finally surpassed XP
in the desktop OS market.
Looking at Web traffic among desktop operating systems for the month of
June, Web tracker Net Applications pegged Windows 8.1 at a 13.1 percent
share, up slightly from 12.8 percent in May. Over the same time, XP's
share plummeted to 11.9 percent from 14.6 percent the previous month.
No. 1 Windows 7 also grabbed more fans as its share of Web traffic rose to
60.9 percent last month from 57.7 percent in May. And still in fifth place
behind Apple's OS X Yosemite was Windows 8, which saw its share dip down
to 2.9 percent from 3.5 percent.
Much of this activity may just be part of the natural chain of events.
Over the past several months, Windows 7 and 8.1 have gained a greater
chunk of Web traffic as tracked by Net Application, while XP and Windows 8
have lost share. But there may be another factor involved. Due to launch
July 29, the next-generation Windows 10 will bring free upgrades for the
first year, but only for users of Windows 7 and 8.1. If you're still
running Windows XP or Vista, you'll have to pay for the new operating
system. (Windows 8 users can freely upgrade to 8.1, so that's a
no-brainer.) People who want that free upgrade may be jumping to
Windows 7 or 8.1 in order to snag the freebie starting the end of this
month.
Windows 10 itself has been available as a technical preview since last
October. As such, it still registers as just a blip on Net Applications'
radar. For June, Windows 10's share of Web traffic was 0.16 percent, up
slightly from 0.13 percent the previous month. July's figures are likely
to also show a modest gain. But if enough users bite into Microsoft's free
upgrade offer, August's numbers for Window 10 should show a significant
increase.
Microsoft is counting on Windows 10 to win over many of the people turned
off by Windows 8, especially among the desktop and laptop crowd. To lure
in PC users, the latest version of Microsoft's venerable operating system
has brought back the Start menu and tweaked Windows apps so you can run
them from the desktop in any size window, just as you can a regular
desktop application. Microsoft has also positioned Windows 10 as the
unifying software for PCs, tablets and mobile phones, hoping that more
people will buy into the entire ecosystem.
Of course, Windows still dominates the operating-system landscape. For
June, Windows' overall share of Web traffic was 90.8 percent, according
to Net Applications, down a smidgen from 91 percent in May. But that still
left Mac OS X with just a 7.5 percent share and Linux with only
1.6 percent.
Microsoft Is Just Days Away From Wrapping Up Windows 10
Microsoft will wrap up work on Windows 10 this week in preparation for
distributing the operating system to device makers, according to numerous
online reports.
The Redmond, Wash. company will declare Windows 10's "release to
manufacturing" (RTM) milestone this week, The Verge contended today.
RTM is a historical way post in Microsoft's development schedule that
denotes when code is sufficiently stable to deliver to OEMs (original
equipment manufacturers), who use the build to pre-load the OS onto their
new devices prior to sale.
Neowin also chimed in today, claiming that "internal sources" indicated
Microsoft would sign off on RTM this week.
Others had also found signals of the impending RTM in a recently-leaked
edition, pegged as build 10163. Perennial leaker WZor, for example,
pointed out that build 10163 included a reference in the OS's Calendar
app to Thursday, July 9, as the "RTM Sign-Off" date, when Microsoft is to
green light the code as fit.
The BuildFeed website also noted that 10163 was tagged as from "th1,"
purportedly a reference to the internal RTM branch of "Threshold," a
former code name for Windows 10. Another build marked as th1 - 10176 -
was issued Sunday by Microsoft, according to BuildFeed.
The last official Windows 10 build was 10162, pushed to testers on July 2.
Build 10162 was the third issued within a week, Microsoft's fastest pace
yet, another sign that the company was closing on final code.
RTM has lost some of its importance with Windows 10, which Microsoft plans
to update and refresh regularly, but device makers have to start
somewhere. OEMs armed with the code have a shot at making the lucrative
back-to-school sales season in the U.S., contrary to expectations two
months ago.
In the past, Microsoft has given OEMs months of lead time. For Windows 8,
there was a 12-week lag between RTM and the first devices going on sale
with the new OS; Windows 7's grace was 13 weeks. If the recent signs of
impending RTM are accurate, Microsoft has pared that to less than three
with Windows 10.
But Microsoft's radical development changes mean that it will keep
churning out preview builds post-RTM. What remains unclear is what RTM
means to Microsoft beyond serving as the build it delivers to OEMs and
perhaps retailers, who need the OS to provide upgrade services to
customers who recently purchased Windows 8.1-powered devices.
While Microsoft has said that it will stagger ready-to-upgrade
notifications to customers, those alerts will show up only after the
company has pushed the file(s) to eligible Windows 7 and Windows 8.1
devices. It could conceivably begin distributing the code in the
background beginning this week if it does, in fact, declare RTM, then
trigger the upgrade notifications to more than just the Windows Insider
testers on July 29.
However, that's apparently not the plan. "Each day of the roll-out, we
will listen, learn and update the experience for all Windows 10 users,"
said Terry Myerson, who leads Microsoft's OS and devices groups, last
week. Myerson's comments hinted that Microsoft will not only stick to its
"waves" distribution scheme, but push different bits to users over time.
If Microsoft blesses Windows 10 RTM on Thursday, OEMs that sell
build-to-order PCs through their online outlets have the best chance of
having machines ready by the end of the month. Dell, for instance,
promises to ship pre-ordered Windows 10 systems on July 29.
Mozilla Patches Critical Vulnerabilities in Firefox Update
Mozilla has issued a new Firefox browser update with fixes for four
critical vulnerabilities and a number of less severe issues.
It is advised that users update their Firefox browser to the latest
version, as these vulnerabilities could be exploited by cyberattackers
looking to hijack sessions or steal sensitive data.
In Firefox 39, a total of four critical vulnerabilities, two high-level
flaws and six moderate bugs have been patched among a total of 13 fixes.
According to the Mozilla security advisory, security issues relate to
use-after-free vulnerabilities, poor validation processes, buffer overflow
problems and a variety of memory problems.
Two of the most critical issues are use-after-free vulnerabilities. When
using XMLHttpRequest, an API used by the Firefox browser to request data
from a server, in concert with either shared or dedicated workers, errors
occur when the XMLHttpRequest object is attached to a worker - but that
object is incorrectly deleted while still in use. This, in turn, can lead
to exploitable crashes.
In addition, seven vulnerabilities, lumped together under one critical bug
advisory, relate to released browser code. Three vulnerabilities were
discovered as uses of uninitialized memory, one related to poor validation
leading to an exploitable crash, one read of unowned memory in .zip files,
and two issues led to buffer overflows.
Separately, these bugs could not be exploited easily through web content,
but according to Mozilla "are vulnerable if a mechanism can be found to
trigger them."
Another critical vulnerability is a use-after-free flaw which occurs when
a Content Policy modifies the Document Object Model to remove a DOM
object. An error in microtask implementation can lead to an exploitable
browser crash - however, this flaw cannot generally be exploited through
Thunderbird email because scripting is disabled.
The last critical vulnerability relates to memory safety bugs in the
browser engine. Mozilla says a number of bugs could corrupt memory "under
certain circumstances," and may be exploited to run arbitrary code.
Other bugs fixed include signature validation errors, privilege escalation
flaws, ServerKeyExchange skipping bugs and type confusion problems.
Chrome Continues To Trounce Firefox in Desktop Browser Market
Firefox continues to lag behind Chome in Web traffic. Net Applications
Google's Chrome keeps gaining in popularity over rival Firefox, which has
failed to garner much in the way of users as seen in Web traffic numbers
recorded by Net applications.
For the month of June, Chrome's share of Web traffic across the world rose
to 27.2 percent from 26.3 percent in May, 25.6 in April and 24.9 in March.
During the past year, Chrome's share has shown a significant rise from the
19.3 percent in June 2014.
Firefox's ride has been less cheerful. In June, Mozilla's browser grabbed
a Web traffic share of 12 percent, up slightly from 11.8 percent in May
and 11.7 percent in April. Over time, though, Firefox's share has actually
fallen. Its June 2014 share of Web traffic was 15.5 percent, according to
Net Applications.
Why the rise for Chrome? Google's browser has long been considered cleaner
and less bloated than Microsoft's Internet Explorer and even Mozilla's
Firefox. By default, Chrome eschews menu bars, toolbars and other items
that chew up valuable screen real estate. Mozilla has tried to follow the
trend of a less bloated browser with its most recent releases, yet Chrome
continues to edge up in the ratings as Google keeps fine-tuning its
browser. Chrome also offers quicker access to Gmail, built-in language
translation, integration with Chrome apps and other features that likely
appeal to Google users.
And what of Microsoft's Internet Explorer?
IE is still at the top of the pack, with a 58.1 percent share of Web
traffic for June, up slightly from 57.8 in May. Over time, IE's share has
been relatively flat, according to Net Applications, as the real battle
has been between Chrome and Firefox. But despite its dominant market
share, IE is getting long in the tooth and even Microsoft seems to be
losing faith in it. The Windows 10 operating system, which arrives for
consumers at the end of July, will offer an alternative browser called
Edge.
Designed to be sleeker, faster and less burdened by add-ons and
extensions, Edge is being touted by Microsoft as one of the draws for
Windows 10. Oh, Internet Explorer will still be around in Windows 10, and
will probably still hang onto a hefty number of users. But it although it
has been getting a cleaner, more streamlined look in recent updates, IE
could use a good overhaul at this point if Microsoft still wants to keep
it relevant.
Among specific browser versions, Internet Explorer 11 was tops last month
with a Web traffic share of 27 percent, followed by Chrome version 43 with
17.5 percent and the aging IE 8 with 13.5 percent.
Net Applications' stats differ from those of other Web trackers.
StatCounter, for example, has long shown Chrome dominating over IE,
Firefox and the rest of the pack in Web traffic. Why the difference? Each
Web tracker uses its own somewhat unique methods and sources to determine
Web traffic data. For example, Net Applications counts unique visitors
per day rather than page views and has a stronger presence in certain
countries than do other Web trackers.
DuckDuckGo Search Traffic Soars 600% Post-Snowden
When Gabriel Weinberg launched a new search engine in 2008 I doubt even
he thought it would gain any traction in an online world dominated by
Google.
Now, seven years on, Philadelphia-based startup DuckDuckGo - a search
engine that launched with a promise to respect user privacy - has seen a
massive increase in traffic, thanks largely to ex-NSA contractor Edward
Snowden's revelations.
Since Snowden began dumping documents two years ago, DuckDuckGo has seen
a 600% increase in traffic (but not in China - just like its larger
brethren, its blocked there), thanks largely to its unique selling point
of not recording any information about its users or their previous
searches.
Such a huge rise in traffic means DuckDuckGo now handles around 3 billion
searches per year.
Speaking on CNBC, CEO Gabriel Weinberg explained how mainstream search
engines make money by tracking their customers around the web, saying
"It's really a myth that you need to track people to make money in
search," adding that DuckDuckGo makes its money by keyword advertising:
"You type in car and you get a car ad. And it's really that straight
forward".
By way of comparison, Weinberg said:
Google tracks you on all of these other sites because they run huge
advertising networks and other properties like Gmail and photos... so they
need that search engine data to track you. That's why ads follow you round
the internet.
Weinberg said that by focusing purely on web search - advertisers continue
to bid on lucrative keywords such as cars and mortgages - DuckDuckGo could
do away with the need to track its users to turn a profit, adding that:
What consumers don't really understand is that their data is being leaked
for other reasons they don't even realise.
When asked how use of DuckDuckGo differs from using Chrome's incognito
mode, or other browser privacy functions, Weinberg explained how web users
often misunderstood the functionality of such features:
This is another big myth people have. Incognito mode actually is only for
your computer and not around the internet. So when you're in incognito
mode Google is still tracking you, your ISP still knows where you're
going. All the sites you visit can still track you, including advertisers.
Mozilla decided to add DuckDuckGo as a pre-installed search engine choice
in Firefox last year, and it has been included in Apple's list of search
engine providers since iOS 8 and OS X 10.10.
Recent research suggests that 40% of Americans would prefer to use a
search engine that does not track their internet activity, and Weinberg
believes that indicates huge market potential for the company.
He did, however, concede that brand awareness was an issue, saying that
"Our main issue is just that no-one has heard of us".
When it was put to Weinberg that it would make a big difference to
consumers if they knew what information was out there about them, who has
it, and how they could control it, he said:
People want transparency, they want to know what's going on, they want
control so they can opt out and unfortunately they're usually getting
neither today. We're offering some real choice.
Poisoning Google Search Results and Getting Away With It
SophosLabs researchers recently uncovered a hack being used by
unscrupulous web marketers to trick Google's page ranking system into
giving them top billing, despite Google's ongoing efforts to thwart this
sort of search poisoning.
Over on the Sophos Blog, technical expert Dmitry Samosseiko explains how
the scammers did it, and how SophosLabs spotted what they were up to.
Here on Naked Security, we decided to take a look at why search engine
poisoning matters, and what we can do as a community if we see that
something is not what it seems.
Put your hand up (literally, if you like) if you have ever done either or
both of these:
Set out to research a topic or a product thoroughly. Used your favourite
search engine. Then gone no further than the first couple of results on
the very first page. Job done.
Used a search engine to gauge whether a business or website has been
around a while and built up trust in that time. Seen it near the top of
the first page of results. Job done.
If you have, you aren't alone, and that's why doing well in search
results is so important for a modern organisation.
And that, in turn, is why Search Engine Optimisation (SEO) exists: you
make every effort to write your web pages so they are clear and relevant,
and you do your best to build up a reputation that makes already-trusted
sites want to link to you.
When others link to you, that acts as an implicit recommendation, and
search engines let you bask in some of the reflected glory of the sites
that have linked to you.
Of course, getting high up in the search rankings gives great results for
cybercrooks too, and they don't play by the rules.
Treachery by cybercrooks gives search companies a double whammy: the
search engines end up not only giving away artificially high rankings for
free, but also conferring trust even on web pages that put users in
harm's way.
As a result, the search companies have been in a constant battle with the
Bad Guys to stamp out tricks that poison search rankings.
One search poisoning technique involves being two-faced: looking honest
and reputable when a search engine visits in the course of indexing the
web, yet serving up malevolent content when a user clicks through.
This trick is called cloaking, and it's been going on for years.
As you can imagine, the search engines have become adept at detecting when
websites feed back content that doesn't look right.
For example, they can compare what happens when their own search engine
software (known as a spider or a crawler) comes calling, and what shows up
when a regular browser visits the site.
Servers often tweak the pages
they present depending on which browser
you're using, so some variation between visits is to be expected.
But if a browser sees a story about apples while the crawler is being sold
on oranges, then something fishy is probably going on.
Additionally, a search engine can analyse the pages that its crawler finds
in order to estimate how realistic they look.
Google's crawler is known officially, as you see in the HTTP header
example above as the Googlebot, and it has been taught to be rightly
suspicious of web pages that seem to "try too hard" because they've been
artificially packed with fraudulent keywords.
But even Google doesn't get it right all the time.
Indeed, SophosLabs recently spotted dodgy web marketers using a
surprisingly simple trick to persuade the usually-sceptical Googlebot to
accept bogus content.
The trick inflated the reputation of dubious pages, and sent them
dishonestly scooting up the search rankings.
Our researchers immediately informed Google so that the problem could be
fixed, but the story makes for fascinating reading.
Dmitry Samosseiko of SophosLabs has published a highly readable report
about what happened; we're not going to spoil the fun by repeating it
here, so please head over to our Sophos Blog for the details.
If you see something suspicious, such as web pages that don't match what
you searched for, or emails that link where you don't expect, say
something!
You can report suspicious emails, web pages and files to Sophos:
By email, but please read our instructions so we receive the content in
a form we can use.
Via our web submission system.
And, remember, don't treat a few top-ranking search results as a
replacement for due diligence when you're trying to learn more about a
company or a product especially a software product that you're
thinking of downloading.
Search engines can have their moments of gullibility, too!
=~=~=~=
Atari Online News, Etc. is a weekly publication covering the entire
Atari community. Reprint permission is granted, unless otherwise noted
at the beginning of any article, to Atari user groups and not for
profit publications only under the following terms: articles must
remain unedited and include the issue number and author at the top of
each article reprinted. Other reprints granted upon approval of
request. Send requests to: dpj@atarinews.org
No issue of Atari Online News, Etc. may be included on any commercial
media, nor uploaded or transmitted to any commercial online service or
internet site, in whole or in part, by any agent or means, without
the expressed consent or permission from the Publisher or Editor of
Atari Online News, Etc.
Opinions presented herein are those of the individual authors and do
not necessarily reflect those of the staff, or of the publishers. All
material herein is believed to be accurate at the time of publishing.
