Researchers Cripple Pushdo Botnet: Via Slashdot.

Trailrunner7 writes with this from ThreatPost: "Researchers have made a huge dent in the Pushdo botnet, virtually crippling the network, by working with hosting providers to take down about two thirds of the command-and-control servers involved in the botnet. Pushdo for years has been one of the major producers of spam and other malicious activity, and researchers have been monitoring the botnet and looking for ways to do some damage to it since at least 2007. Now, researchers at Last Line of Defense, a security intelligence firm, have made some serious progress in crushing the botnet's spam operations. [ Read more ... ]

Factbox: Where BlackBerry Stands Around The World: Via Epicenter | Wired.com .

NEW DELHI (Reuters) – BlackBerry maker Research In Motion is facing demands for access to its encrypted data in some of its fastest-growing markets.

RIM’s encrypted traffic is delivered through its network operating centers, based mostly in Canada, though corporate clients can choose to host their BlackBerry Enterprise Servers elsewhere. RIM says it cannot access data sent via its devices.

RIM does not give usage numbers by region, but research firm Gartner estimates that, of 10.55 million BlackBerry devices shipped in the last quarter, 1.4 percent went to the Middle East and Africa, 7.6 percent to Asia and 9.5 percent to Latin America.

North America took more than half and more than a quarter went to western Europe.

Below is a factbox showing how different governments have dealt with concerns raised by BlackBerry’s encrypted data.

Read Original Article:(Via Epicenter | Wired.com .)

Civility, Neutrality, and Google: Via Lauren Weinstein's Blog.

Greetings. It's now four days since Google and Verizon published their joint policy proposal for an open Internet. Today, Google posted an additional document, addressing what they view as the misconceptions being promulgated in various negative reactions to the plan.

I am extremely disappointed.

However, my disappointment is not with Google, nor Verizon. I applaud the willingness of both firms to put forth their public proposal.

Rather, I am disappointed -- no, that's not a strong enough word -- I'm mortified -- by the level of vitriol, obnoxiousness, obscenity, and emotionally-laden, hyperbole-saturated rhetoric that is characterizing many of the negative responses to the proposal. [ Read more ... ]

‘John Doe’ Who Fought FBI Spying Freed From Gag Order After 6 Years: Via Threat Level.

The owner of an internet service provider who mounted a high-profile court challenge to a secret FBI records demand has finally been partially released from a 6-year-old gag order that forced him to keep his role in the case a secret from even his closest friends and family. He can now identify himself and discuss the case, although he still can’t reveal what information the FBI sought.

Nicholas Merrill, 37, was president of New York-based Calyx Internet Access when he received a so-called “national security letter” from the FBI in February 2004 demanding records of one of his customers and filed a lawsuit to challenge it. His company was a combination ISP and security consultancy business that was launched in the mid-90s and had about 200 customers, Merrill said, many of them advertising agencies and non-profit groups.

Despite the fact that the FBI later dropped its demand for the records, Merrill was prohibited from telling his fiancée, friends or family members that he had received the letter or that he was embroiled in a lawsuit challenging its legitimacy. He occasionally showed up for court hearings about the case, but sat silently in the audience with other court observers. In 2007, he was prevented from publicly accepting an award for his courage from the American Civil Liberties Union, because he was not allowed to identify himself as the plaintiff in the case.

U.S. District Judge Victor Marrero in New York finally released Merrill partially from the gag order (.pdf) on July 30, which Merrill revealed publicly only on Monday. [ Read more ... ]

A Review of Verizon and Google's Net Neutrality Proposal: Via EFF.org Updates.

Efforts to protect net neutrality that involve government regulation have always faced one fundamental obstacle: the substantial danger that the regulators will cause more harm than good for the Internet. The worst case scenario would be that, in allowing the FCC to regulate the Internet, we open the door for big business, Hollywood and the indecency police to exert even more influence on the Net than they do now.

On Monday, Google and Verizon proposed a new legislative framework for net neutrality. Reaction to the proposal has been swift and, for the most part, highly critical. While we agree with many aspects of that criticism, we are interested in the framework's attempt to grapple with the Trojan Horse problem. The proposed solution: a narrow grant of power to the FCC to enforce neutrality within carefully specified parameters. While this solution is not without its own substantial dangers, we think it deserves to be considered further if Congress decides to legislate.

Unfortunately, the same document that proposed this intriguing idea also included some really terrible ideas. It carves out exemptions from neutrality requirements for so-called "unlawful" content, for wireless services, and for very vaguely-defined "additional online services." The definition of "reasonable network management" is also problematically vague. As many, many, many have already pointed out, these exemptions threaten to completely undermine the stated goal of neutrality.

Here's a more detailed breakdown of our initial thoughts: [ Read more ... ]

U.S. authorities able to tap BlackBerry messaging
| Reuters: Via Reuters.

(Reuters) - The BlackBerry -- renown for the security of its messaging -- doesn't offer 100 percent protection from eavesdropping. At least not in the United States.

U.S. law enforcement officials said they can tap into emails and other conversations made using the device, made by Research in Motion, as long as they have proper court orders.

RIM's willingness to grant authorities access to the messages of its clients is a hot-button issue. The United Arab Emirates claims it does not have the same kind of surveillance rights to BlackBerry messages as officials in the United States. It has threatened to clamp down on some services unless they get more access.

The exact details of the dispute remain unclear, but security experts say that many governments around the world enjoy the ability to monitor BlackBerry conversations as they do communications involving most types of mobile devices. [ Read more ... ]

Google, Verizon Deny Deal -- and Why I Have No Comment (For Now): Via Lauren Weinstein's Blog.

Greetings. A lot of people (including various media) have been banging on my inbox and phone wondering why I haven't so far specifically commented on the New York Times Google/Verizon Internet Deal story (and similar articles in other publications), and have been asking me for immediate comments.

First, let's note here that as of this morning, Google has said that the Times story is wrong, and Verizon has published a similar statement denying the reported deal.

In a previous note I acknowledged the usefulness of private discussions in some related situations (so long as full transparency is forthcoming), and my concern that the track record of many "agreements" related to telecom is poor enough to engender understandable skepticism in some quarters. [ Read more ... ]

Secretive group seeks recruits, finds skepticism - security, Project Vigilant, Defcon, BBHC Global: Via PC World .

A secretive volunteer group that tries to track terrorists and criminals on the Internet went to the Defcon hacker conference this past week in hopes of recruiting information security experts, but it will first have to overcome some skepticism.

That's because most information security professionals have never heard of the group, called Project Vigilant. The group's director, Chet Uber, came forward Sunday at a press conference run by Defcon organizers to try to recruit volunteers from among the show's attendees. "We need more people," he said. "By increasing the numbers, we increase the likelihood that we will get the work done."

Run by former military, law enforcement and intelligence volunteers, Project Vigilant is able to monitor more than 250,000 IP (Internet protocol) addresses each day and create profiles for bad actors, their online identities and even the IP addresses they use. The group has access to data provided by 12 regional Internet service providers and also gathers intelligence from its growing network of volunteers, Uber said. [ Read more ... ]

Project Vigilant and the government/corporate destruction of privacy: Via Salon: Glenn Greenwald.

Forbes' technology writer Andy Greenberg reports that at the Defcon Security Conference yesterday, an individual named Chet Uber appeared with revelations about the case of accused WikiLeaks leaker Bradley Manning and government informant Adrian Lamo.  These revelations are both remarkable in their own right and, more important, highlight some extremely significant, under-examined developments unrelated to that case.  This is a somewhat complex story and it raises even more complex issues, but it is extremely worthwhile to examine.

Uber is the Executive Director of a highly secretive group called Project Vigilant, which, as Greenberg writes, "monitors the traffic of 12 regional Internet service providers" and "hands much of that information to federal agencies."  More on that in a minute.  Uber revealed yesterday that Lamo, the hacker who turned in Manning to the federal government for allegedly confessing to being the WikiLeaks leaker, was a "volunteer analyst" for Project Vigilant; that it was Uber who directed Lamo to federal authorities to inform on Manning by using his contacts to put Lamo in touch with the "highest level people in the government" at "three letter agencies"; and, according to a Wired report this morning, it was Uber who strongly pressured Lamo to inform by telling him (falsely) that he'd likely be arrested if he failed to turn over to federal agents everything he received from Manning.   [ Read more ... ]

A Major Internet Milestone: DNSSEC and SSL: Via Freedom to Tinker.

On July 15th, a small but significant internet event occurred. On that day, years of planning culminated in the deployment of a cryptographic signature on the root DNS zone. To simplify greatly, this means that internet users will soon be able to have a much higher degree of trust in the hierarchical Domain Name System by utilizing the powers of recursion and cryptography. When a user's computer is told that the IP address for "gmail.com" is 72.14.204.19, the user can be sure that this answer is true. This is important if you are someone such as a Chinese dissident who wants to reliably and securely reach gmail.com in order to communicate with your peers. The rollout of this throughout all domains, DNS resolvers, and client applications will take a little while, but the basic infrastructure is now in place.

This mitigates a certain class of vulnerabilities that web users used to face. Although it forecloses attacks at the domain name-to-IP address stage of requesting a web page, it does not necessarily foreclose attacks at other stages. [ Read more ... ]

DOJ Pushing to Expand Warrantless Access to Internet Records: Via EFF.org Updates.

This morning's Washington Post reveals that the Department Of Justice has been pressuring Congress to expand its power to obtain records of Americans' private Internet activity through the use of National Security Letters (NSLs).

NSLs, you may remember, are one of the most powerful and frightening tools of government surveillance to be expanded by the Patriot Act. These letters allow the FBI to secretly demand data from phone companies and internet service providers about the private communications of ordinary citizens. The letters include a gag order, which forbids recipients from ever revealing the letters' existence to their coworkers, their friends, or even to their family members, much less the public. [ Read more ... ]

White House proposal would ease FBI access to records of Internet activity: Via Washington Post .

The Obama administration is seeking to make it easier for the FBI to compel companies to turn over records of an individual's Internet activity without a court order if agents deem the information relevant to a terrorism or intelligence investigation.

The administration wants to add just four words -- "electronic communication transactional records" -- to a list of items that the law says the FBI may demand without a judge's approval. Government lawyers say this category of information includes the addresses to which an Internet user sends e-mail; the times and dates e-mail was sent and received; and possibly a user's browser history. It does not include, the lawyers hasten to point out, the "content" of e-mail or other Internet communication.

But what officials portray as a technical clarification designed to remedy a legal ambiguity strikes industry lawyers and privacy advocates as an expansion of the power the government wields through so-called national security letters. These missives, which can be issued by an FBI field office on its own authority, require the recipient to provide the requested information and to keep the request secret. They are the mechanism the government would use to obtain the electronic records. [ Read more ... ]

UK ISP TalkTalk Monitoring its Customers Online Activity Without Consent: Via ISPreview UK.

Broadband ISP TalkTalk UK could be about to incur the wrath of privacy campaigners after some of its customers spotted that their online website browsing activity was being monitored and recorded without consent. The situation has caused a significant amount of concern with many end-users worried about the impact upon their personal privacy.

TalkTalk has since confirmed that the monitoring, [ Read more ... ]

Law Enforcement "Controls Access" to New Minneapolis Public Wi-Fi Network: Via Lauren Weinstein's Blog.

Greetings. With much fanfare in mid-June, Minneapolis announced the activation of a free public Wi-Fi network, with 117 outdoor hotspots, "for use by residents and visitors alike."

Just one problem. At the apparently explicit "request" of law enforcement, you can't access the current system without first creating an account using a credit card!

We're told that, "[The] log-in process was requested by law enforcement officials because being able to log on to the Web anonymously presents security concerns." [ Read more ... ]

The Privacy Risks of ISPs Using Deep Packet Inspection: Via CDT - Center for Democracy & Technology/a>.

Deep packet inspection (DPI) -- technology that potentially allows providers of Internet service to collect and analyze the Internet communications of millions of users simultaneously -- has been a hot topic in a number of different policy circles in recent years. In the privacy arena, ISPs’ use of DPI has drawn scathing criticism despite the fact that other kinds of service providers (like content delivery networks and web-based service providers) are capable of conducting content inspection. In a guest essay over at the Canadian DPI portal DeepPacketInspection.ca, I explore what separates ISPs from other kinds of service providers, and why their use of DPI can raise unique concerns:
  [ Read more ... ]

Study: net neutrality could lead to "devastating" job losses: Via Law & Disorder Section - Ars Technica.

If you're looking for the Armageddon version of net neutrality analysis, search no further than a  new study released by New York Law School's Advanced Communications Law & Policy Institute. The assessment, titled Net Neutrality, Investment & Jobs, damns the Federal Communications Commission's proposed net neutrality rules as "destabilizing" and suggests they could "place the nation's economy at even greater risk." [ Read more ... ]

Verizon: Comcast P2P blocking was wrong, we won't do it: Via Law & Disorder Section - Ars Technica.

Verizon isn't a fan of the FCC's proposed "third way" approach to network neutrality rules, and the company's top policy people have suggested that the Internet needs an entirely new "policy framework." Such a framework will require massive wrangling in Congress, so in the short term, Verizon has partnered with Google and others to find a "consensus" framework for the short-term.

Is this a plan to avoid government rules on openness and turn the company into a maniacal bit-blocker? At a recent panel discussion (PDF), Verizon policy exec Link Hoewing said no—the company has no wish to go down Comcast's P2P blocking route, and he called out Comcast for its earlier approach.

Read Original Article:(Via Law & Disorder Section - Ars Technica.)

Time Warner Cable Resists Mass BitTorrent Lawsuit: Via Threat Level.

A consortium of independent film producers is hitting a stumbling block in its plan to simultaneously sue thousands of BitTorrent users for allegedly downloading pirated movies. Time Warner Cable is refusing to look up and turn over the identities of about a thousand of its customers targeted in the lawsuits, on the grounds that the effort would require three months of full-time work by its staff.

The brouhaha dates to March, when the U.S. Copyright Group launched its mass-litigation campaign, suing thousands of BitTorrent users by the IP addresses they used when feeding and seeding films like Steam Experiment, Far Cry, Uncross the Stars, Gray Man and Call of the Wild 3D.  Unlike the similar music-industry lawsuit campaign, which spread its lawsuits out over years, the filmmakers hit ISPs around the country with subpoenas for hundreds of customers at a time, demanding Time Warner Cable comb through its records to identify past users by IP address.

Court filings suggest that none of the broadband providers is happy about servicing the mass subpoenas, but Time Warner Cable is fighting them in court, arguing that serious law enforcement requests for information could fall by the wayside if the company is forced into becoming the research arm of the independent film producers. [ Read more ... ]

Lawmakers consider changes to wiretapping law to protect cloud services: Via Computerworld Privacy News.

Users of e-mail and cloud computing services need to have the same protections Users of e-mail and cloud computing services need to have the same protections from law enforcement searches as do people who leave information on laptops or in office cabinets, witnesses told a U.S. House of Representatives subcommittee.

Congress should rewrite the 1986 Electronic Communications Privacy Act (ECPA), a law governing law enforcement agencies' access to electronic information, to account for changes in technology in the past two decades, representatives of Microsoft and the Center for Democracy and Technology (CDT) said during a hearing Wednesday.

There's widespread confusion over the law, said James Dempsey, CDT's vice president for public policy.

The U.S. Department of Justice has asserted that federal agents do not need a court-issued warrant to request the contents of e-mail from vendors that store the e-mail, even though agents would need a warrant to see a document stored on a laptop or in a file cabinet, said Dempsey. Some courts have required warrants for stored e-mail, however. [ Read more ... ]

AT&T settles suit over improper DSL speed caps: Via Law & Disorder Section - Ars Technica.

If you have subscribed to AT&T DSL service at any point from 1994 until today, you may be eligible for a cash payout from the company over allegations that it improperly rate-limited some DSL lines, making it impossible for subscribers to achieve maximum speeds.

AT&T has agreed to settle an Ohio class-action lawsuit over the issue of Internet speeds, one that reaches all the way back into the dark ages of DSL and includes all of AT&T's predecessor companies (BellSouth, SBC, Ameritech—even Prodigy). [ Read more ... ]

Run Privacy Upgrade — It's Time for Congress to Update ECPA: Via Blog of Rights: Official Blog of the American Civil Liberties Union.

Today, the House Judiciary Subcommittee on the Constitution, Civil Rights, and Civil Liberties is holding its first hearing to discuss the woefully outdated Electronic Communications Privacy Act. (Did we mention that it was written in 1986?!)

The Fourth Amendment of the Constitution was designed to protect the privacy of our personal information. Unfortunately, innovation has far outpaced the electronic privacy laws passed by Congress, leaving us in a world of grey areas, loopholes, and inadequate protections that simply don't match our modern world.

The ACLU submitted testimony calling on Congress to modernize ECPA in the following ways: [ Read more ... ]

Net Neutrality: FCC Trojan Horse Redux: Via EFF.org Updates.

The Washington Post reports that FCC Chairman Genachowski is considering basing the FCC's proposed net neutrality rules on precisely the legal foundation discredited in a recent court ruling:

Specifically, he is exploring a legal push under the current legal framework for broadband, which is under Title I, that would make possible the FCC’s push for a new net neutrality rule and reforms under a national broadband plan, the sources said. That could include a legal push in courts where it would assert that the FCC has the mandate from Congress to deploy broadband to all Americans in a timely manner.

This is a bad idea, no matter what your views of the wisdom of the FCC's proposed net neutrality regulations. [ Read more ... ]

ACTA Backs Away From 3 Strikes: Via Threat Level.

A proposed global intellectual-property treaty no longer nudges the international community to develop “three strikes” protocols to suspend internet connections of customers caught downloading copyrighted works, according to a draft of the Anti-Counterfeiting Trade Agreement released Tuesday.

The official draft of the proposed intellectual property accord was released after months of leaks and assertions by the Obama administration that it was a classified national security secret.

Still, critics of the proposal said Tuesday that a controversial theme in the draft (.pdf) remains: that the United States was “attempting to export a regulatory regime that favors big media companies at the expense of consumers and innovators,” according to Public Knowledge, a Washington, D.C., digital rights group.

The group and others were, in part, referring to the U.S. Digital Millennium Copyright Act. Under the DMCA, internet service providers are responsible for the infringing material hosted on their networks if they fail to remove the content at the rights holder’s request. [ Read more ... ]

Comcast Customers Urged To Opt-Out of Settlement: Via Slashdot.

funchords writes "As a settlement to the class-action lawsuits over Comcast's blocking of users' Internet traffic, Comcast stands to pay 'up to' $16.00 to every subscriber who makes a claim at their settlement website and declares, under penalty of perjury, that their online activity was for a lawful purpose consistent with applicable copyright and other laws. Robb Topolski, the veteran networking engineer who kicked off the case when he discovered the blocking back in 2007, says that the proposed settlement doesn't make sense, especially after the US Court of Appeals for the District of Columbia Circuit ruled this month that the US Federal Communications Commission didn't have the authority to enforce its Net neutrality principles on Comcast. 'You paid about $50 a month for the service, and the amount that Comcast stands to return is up to about 50c per month for each month that it blocked traffic,' he wrote. 'If that tiny amount of money is compensation, then there is no penalty to Comcast for interfering with its customers, [ Read more ... ]

ISP Accused of "Hijacking" Google Search Queries and Subscribers' DNS: Via Lauren Weinstein's Blog.

Greetings. All of the data on this situation isn't in yet, but on its face this appears to be an extremely problematic situation, seemingly involving ISP "hijacking" of their subscribers' Google-related traffic.

Here's what we have so far, based on reports to date. When reading this, please also keep in mind the Testing Your Internet Connection for ISP DNS Diversions page from NNSquad (more on this below).

Apparently a few days ago, users of Windstream ISP services suddenly discovered that their Firefox-based Google toolbar search queries were being diverted by Windstream to an alternate Windstream-associated search service, through some form of DNS redirection. [ Read more ... ]