Friday, November 20, 2009

Can the government see what Web sites I visit?

Imagine you're shopping at a mall. You browse different stores, make a few purchases and move on. Then, you notice that a man you don't know seems to be following you. You even catch a glimpse of him taking notes on what you're looking at and buying. The entire time you've been shopping, you've been spied on!

Many people fear that a similar thing is happening on the Web. They're worried that someone, usually the government, is recording and analyzing their Web browsing activity. They argue that these acts are an invasion of privacy. Are they right to be worried? Can the government keep track of all the Web sites everyone visits, and would it be able to act on that information?

Laptop Image Gallery

Internet spy
©iStockphoto/Angel Manuel Herrero
Good try, but a ski mask offers little protection from online scrutiny. See more laptop pictures.

It's easy to understand why some people are worried. The United States Patriot Act expands the government's ability to perform searches and install wiretaps. It doesn't seem like a big stretch to add tracking people's Internet activity to the list. These people fear that they'll be spied on whether they've done anything to justify it or not.

Big Brother's Browser
People who worry that the government is tracking their Web activities sometimes use the adjective Orwellian. The word means invasive and totalitarian, and it's named after author George Orwell, who wrote the book "1984." In that novel, a government known as Big Brother controls nearly every aspect of citizens' lives.

In some ways, fear about the government's ability to keep tabs on Web activities has reached the level of a conspiracy theory. In the most extreme version of the theory, the government is tracking not only Web site activity, but also is building a database of potential suspects for crimes ranging from corporate sabotage to terrorism. Other theories don't go that far, but still suggest the government is treating everyone like a suspect -- even if people aren't doing anything illegal or questionable.


Europe Looks for a Peer-to-Peer TV

An open-source P2P project to compete with BitTorrent, Joost, and IPTV. IEEE Spectrum reports.

content provided by John Blau, IEEE Spectrum

The same kind of peer-to-peer file sharing that made Napster famous -- and infamous -- is being used in a new research project in Europe that aims to pipe TV programs over the Internet.

As part of the P2P-Next project, engineers from several European universities, research institutes, broadcast networks and manufacturers have agreed to pool their expertise to develop a file-sharing system, based on free open-source software.

The system could someday allow users connected to the Internet to deliver videos from anywhere to anywhere -- and to any number of people throughout the world.

The four-year project, which has attracted more than 20 member organizations, including the British Broadcasting Corp., Delft University of Technology, in the Netherlands, and STMicroelectronics, will receive $29 million from the European Union under its Seventh Framework Program, with another $5 million to come from the project partners.

The goal is to develop not only an entirely open P2P platform for delivering video on demand and live webcast streaming services but one that is also legal, secure and reliable, according to Johan Pouwelse, a professor at Delft University and scientific director of the P2P-Next project.

More From IEEE Spectrum:
Digital Dilemma
Does China Have the Best Digital Standard on the Planet?
The Dawn of Digital Television

Powering Forward with P2P

The project reflects a growing European interest in Internet-based television, including pioneering work by the state-owned Norwegian Broadcasting Corporation, which has launched a hugely successful TV series delivered via P2P.

Internet video companies like YouTube could someday benefit from the new technology, Pouwelse says, "Instead of having every bit come from their own central servers, which is costly, they could use P2P to reduce their bandwidth costs."

Unlike broadcasters, which beam shows from radio masts to home antennas, or cable-TV networks, which send content down a coaxial cable to set-top boxes in a similar broadcast fashion, Internet-based TV providers like YouTube require users to connect to central content servers to fetch programs.

Flipping the Switch from Cable to Internet

Replacing broadcast and cable TV service with the Internet would require many more servers, not to mention strain content suppliers to provide sufficient bandwidth to transmit the content. P2P technology, according to Pouwelse, tackles this problem by sharing storage and transmission tasks with all enabled users.

However, the initiative competes against Joost, a commercial Internet TV start-up that largely uses proprietary P2P technology developed by the same two Scandinavian entrepreneurs who launched the Kazaa music file-sharing exchange and the Skype voice over Internet Protocol (VoIP) service. There are also numerous commercial Internet Protocol TV offerings now available from European telecommunications firms, mostly based on technology from Microsoft. Both services have been off to a bumpy start.

Setbacks and Challenges

Joost, which introduced commercial service last year, has suffered some technical glitches, resulting in frequent downtimes, particularly in March. Users also complain of excessive advertising, which many view as disruptive. Rumors are afloat that the venture could be on its last legs.

IPTV has also proven a challenge for many telcos in Europe and beyond. Initial hiccups in deploying Microsoft technology forced a few operators in Europe, such as Swisscom, to delay service; others, including Deutsche Telekom, have yet to find the right business model.

"IPTV is a telco approach with dedicated hardware, a closed business environment and walled gardens," Pouwelse says. "And although Joost uses some open-source for minute components, it's largely proprietary technology. P2P-Next is entirely open to all who want to use it. The system offers more choice and a nearly cost-free way for broadcasters to distribute content."

Delft University, for instance, is contributing its Tribler technology as a core component of the planned P2P-Next system, according to Pouwelse. Tribler, which stems from the word "tribe" and refers to its usage of social networks, is a client application based on an open-source implementation of the BitTorrent communications protocol.

Chomping at the BitTorrent

BitTorrent, widely used today for downloading TV shows from the Internet, is designed to distribute large amounts of data without the original distributor having to pick up the entire tab for hardware, hosting and bandwidth costs. Through the protocol, each recipient delivers pieces of data to other recipients, thereby reducing the cost and capacity burdens on any one individual.

Currently, BitTorrent traffic accounts for around 49 percent of traffic on the Internet backbone, of which nearly 50 percent is TV programming, according to Ipoque, a German company that specializes in monitoring Internet traffic.

For years, P2P has been a key technology for content pirates, offering an efficient way for them to share files. Hollywood hated it -- until last year when BitTorrent's co-founders decided to go commercial.

In a move to win over the studios, as well as publishers of videos, games and software, co-founders Ashwin Navin and Bram Cohen added digital rights management technology to protect content and closed the door to open-source development.

Fox, MTV, Paramount and Warner Brothers have since become supporters of BitTorrent's new commercial service.

Pouwelse believes that the move by BitTorrent's founders to sever ties with the open-source community will, in the long run, undermine further development of the technology, and that licensing fees will deter others from using the commercial application. Fortunately, some components of BitTorrent remain open to implement, he adds, and ventures including P2P-Next are using these to build new systems.

From TV, to PC -- and Beyond

Another advantage of P2P-Next over Joost is its "zero use" of servers, according to Pouwelse. The system will allow any type of Internet-connected device to participate, he says, adding that the venture will begin with PCs and expand later to other devices.

"By distributing all functionality, we are aiming for unbounded scalability," Pouwelse says.

What worked for one hugely successful P2P start-up may not work for all. With its largely proprietary and somewhat centralized approach, Skype is arguably the most successful P2P VoIP product in the world. The venture found a niche and successfully exploited it. Its business case is now under attack by telephone companies rolling out national and international flat-rate fees. The verdict on Joost is still out.

It's still too early to assess the chances of success for the P2P-Next initiative. Numerous European collaborative research projects have failed or underachieved because of rigid bureaucracy, cross-border rivalries, intercultural differences, or varying opinions on direction. Pouwelse is also honest enough to admit to the various problems inherent to P2P.

"The challenge of P2P is to turn something that can be unreliable and potentially malicious into something that is reliable and trustworthy and works," he says.

Nevertheless, Pouwelse believes that the initiative's approach -- "open source, open papers and open comments" -- could provide a big boost to the project in particular and to the use of P2P technology in general to deliver next-generation Internet TV services.

Others are equally optimistic.

"It's a test bed for new ideas, allowing us to collaborate with colleagues across Europe and to hone and develop technology that could help shape TV of tomorrow," writes George Wright, executive producer of the Rapid Development Unit within BBC's Future Media & Technology group, in a blog on the BBC Web site.

Pouwelse puts it another way. "This is really about who will define and deliver the TV standard of the future," he says.

John Blau writes about technology from Dusseldorf, Germany. For IEEE Spectrum, he explained German resistance to carbon caps on European cars and for IEEE Spectrum Online he describeda low-power processor for a disposable wireless vital-signs monitor. The views expressed are the author's alone and do not represent the official position of Discovery Communications.

Tuesday, March 3, 2009

Sality.AO, a virus that takes us back to the future

Sality.AO is a virus that combines the features of traditional viruses (infecting files and damaging as many computers as possible to achieve notoriety for creators) with the objectives of new malware, i.e. generating financial returns for cyber-criminals. PandaLabs, Panda Security’s malware detection and analysis laboratory, has noted an increase in the number of infections caused by this malware over recent days, as well as new variants using the same techniques. It is therefore advising users to be on their guard against a possible massive attack.

Sality.AO uses some techniques which haven’t been seen for years, such as EPO or Cavity. These techniques relate to the way in which the original file is modified in order to infect it, making it more difficult to detect these changes and to disinfect it. EPO allows part of a legitimate file to be run before infection starts, making it difficult to detect the malware. Cavity involves inserting the virus code in blank spaces within the legitimate file’s code, making it both more difficult to locate and to disinfect infected files.

These techniques are far more complex than those that can be achieved with automatic malware creation tools, which have been responsible for much of the increase in the number of threats in circulation recently. They require much greater skill and knowledge of malicious code programming.

In addition to these techniques related with early malware, Sality.AO includes a series of features associated with new malware trends, such as the possibility to connect to IRC channels to receive remote commands, potentially turning the infected computer into a zombie. Such zombie computers can be used for sending spam, distributing malware, denial of service attacks, etc. Similarly, infections are not just restricted to files, as was the case with old viruses, but also look to propagate across the Internet, in line with new trends. To this end, it uses an iFrame to infect PHP, ASP and .HTML files on the computer. The result is that when any of these files are run the browser is redirected, without the user’s knowledge, to a malicious page that launches an exploit against a computer in order to download more malware. But that is not all. If any of the infected files are posted on a Web page –and bear in mind these file types are typically uploaded to the Web-, any users downloading the files or visiting the Web pages will become infected.

The file downloaded through this technique is what PandaLabs refers to as hybrid malware, as it combines the functions of Trojans and viruses. The Trojan, in addition, has downloader features for downloading other strains of malware to the computer. The URLs used by this downloader were still not operative at the time of the PandaLabs analysis, but they could become active as the number of infected computers increases, according to Panda Security’s laboratory.

“As we forecast in our annual report, the distribution of classic malicious code such as viruses will be a major trend in 2009. The use of increasingly sophisticated detection technologies like Panda Security’s Collective Intelligence, capable of detecting even low-level attacks and the newest malware techniques, will make cyber-crooks turn to old codes, adapted to new needs. This means they won't be viruses designed simply to spread or damage computers, as they were 10 years ago, but will be designed, such as in this case, to hide Trojans or turn computers into zombies”, warns Luis Corrons, Technical Director of PandaLabs.


Tuesday, January 13, 2009

What is a Web Forgery? What is Phishing?

Web Forgery (also known as “Phishing”) is a form of identity theft that occurs when a malicious Web site impersonates a legitimate one in order to trick you into giving up sensitive information such as passwords, account details, or credit card numbers. Phishing attacks usually come from email messages that attempt to lure the recipient into updating their personal information on fake, but very real looking, Web sites. More information on phishing can be found at the Anti-Phishing Working Group, and there are a number of examples and resources available at the Wikipedia Phishing page.

Pilih Siaran radio anda



klik "STOP" untuk hentikan siaran radio. Semoga terhibur.