Shared posts

28 Dec 16:28

Microsoft lashes out at Apple's iWork price decrease

by Chris Merriman
Microsoft lashes out at Apple's iWork price decrease

Its Office cash cow is threatened


    


28 Dec 16:28

Samsung fined $340,000 for faking online comments

by Aaron Souppouris

After being caught paying for false praise and negative comments about competitors, Samsung has been fined just over $340,000. The issue first arose internationally in April, when Taiwan's Fair Trade Commission (FTC) announced it was opening an investigation into the allegations. That investigation found the allegations were true: the FTC says Samsung used a "large number of hired writers and designated employees" to post in Taiwanese forums. The commission does add that the company did this through a third-party marketing company, just as Samsung originally claimed. Two local marketing firms were fined a combined total of over $100,000 for their part in the marketing ploy.

When news first broke of Samsung's behavior, HTC was presented...

Continue reading…

27 Dec 16:00

How NSA-Proof Are VPN Providers?

by Ernesto

cameraspyLet’s start off by saying that no VPN service can ever guarantee your anonymity 100%. That said, there is good reason to believe that the most secure encryption schemes are nearly impossible to crack.

In theory, however, there’s always a possibility that certain agencies are operating several steps ahead of the game. For example, the NSA and others might be capable of cracking more advanced encryptions when data streams are stored for future decoding.

And then there’s the possibility of VPN providers being forced to hand over customer data. While no-logging policies protect against traditional court orders, things get more complicated when government agencies issue gag orders, such as those contained in United States national security letters.

To explore these issues TorrentFreak talked to BlackVPN, IPredator, Private Internet Access, VikingVPN and TorGuard.

Below is an overview of the responses we received. On the one hand they address which encryption schemes are still safe, and which ones should be avoided. Separately, the U.S. based providers shared their thoughts on the discussions regarding national security letters.


Does encryption still work?

The first question is whether encryption still works. A few weeks ago many VPN users got concerned after they read that the NSA had compromised privacy software and cracked encryption algorithms.

So does that mean VPNs can no longer be trusted? While the various providers all have different opinions, they agree that the most secure encryptions are impossible to crack on the fly. Similarly, most providers warn that PPTP is flawed and should be avoided wherever possible.

BlackVPN

“OpenVPN is the best choice when available on your device. It’s easy to check that your VPN provider is using strong encryption algorithms and keys (like 256bit keys and AES encryption) by looking at the OpenVPN configuration files supplied by your VPN provider. Also it can be configured to use TCP on port 443 which makes it extremely difficult to block as it looks like standard HTTP over SSL traffic.”

“OpenVPN is slightly more effort to setup (download and install a client for Windows, OS X, IOS 5+ & Android 4+) but it should be the default way for most people to connect to their VPN. We have been using OpenVPN securely (2048 bit RSA keys and AES-256) since our beginning in 2009 so previous traffic should still be secure from decryption.”

“L2TP/IPSec is a good choice if you want a quick and easy setup. However the encryption algorithms and keys used depend on your VPN provider and your device, and it is difficult to know if secure or insecure encryption is being used. Your data could be encrypted with AES-256 (more secure) or with 3DES (not secure) and you wouldn’t know. An evil or silly VPN provider could force all clients to use 3DES. Also Windows XP does not support AES and would use 3DES encryption instead.”

“PPTP has known security weaknesses and should only be used as last option or where nothing else works with your device. There are no good reasons to use PPTP unless IPSec traffic is being blocked and you cannot install openVPN on your device. We would recommend only use PPTP if your security and privacy are not a concern – for example if you just want to access websites or content blocked in your country.”

IPredator

Sweden-based IPredator is also clear on the point that PPTP should be avoided by users who are looking for the most secure setup, but in common with many other VPN providers, they still offer these connections.

“We explicitly tell users that PPTP is insecure and that it’s not suitable for privacy related things anymore to protect against a government attacker. We could just turn it off BUT then people would just go to other providers who still offer it, so in my opinion it’s better to educate them.”

According to iPredator, OpenSSL with ECDHE + AES and without RC4 is the most secure option for VPN users at the moment.

TorGuard

According to TorGuard many of the strongest encryptions can still be trusted, and the company sees Open Source Software as a key element to keep intelligence agencies for implementing backdoors.

“Encryption still works and nothing has been mathematically broken. What has been broken is the consumer trust relationship between government and big business. The NSA has attempted to undermine VPN encryption not by brute force or mathematics, but by sabotaging secure technologies at the corporate level.”

“Open source software is in the driver’s seat, everyone else is just along for the ride. Community driven code like what powers OpenVPN is continuously subject to scrutiny, making it virtually impossible for an outside agency to implement a secret backdoor.”

“It is also important to point out that there is no known method that even comes close to breaking 128bit Blowfish encryption. For the ultra-paranoid, TorGuard offers AES-256 bit ‘Stealth’ connections that actually disguise packets as regular HTTP traffic on the network. We will soon be offering these stealth AES-256 connections on all servers as standard options.”

“True privacy in this digital age requires sound cryptography and companies who are willing to back it up – no matter the cost. If we expect to have any privacy in the future, the entrepreneurs and cypherpunks of today must work together in continuing to develop effective privacy solutions for tomorrow.”


National Security Letters

Aside from the worries about broken encryption and backdoors, there’s also the possibility that providers might find themselves served with a national security letter by U.S. security agencies or a foreign equivalent. Yesterday VPN provider CryptoSeal shut its doors in the belief it could no longer guarantee the privacy of its users following the Lavabit ordeal.

TorrentFreak asked three prominent U.S. based VPN providers to share their thoughts on this issue.

Private Internet Access

“Prior to the entire Lavabit ordeal, we had begun reaching out to the EFF, ACLU and FFTF in order to better understand the legal climate in which the internet operates such that we would better understand how we could hedge the company to better protect our ‘way of the internet’. Our CTO/co-founder, who many know as coderrr, the developer of privacy extensions from the early years of Bitcoin, moved out of the US along with our entire admin/development team.”

“Moving or establishing a VPN company outside of the US/EU would do little to protect against these kinds of issues as long as anyone with access to the machines remains within said regions. As such, he and the entire admin/development team are committed to remain outside of the US, and in fact, the team in its entirety are decentralized across the globe in countries that have historically been very reluctant to assist the US. Simultaneously, our research team has been implementing and increasing our available crypto-suite.”

“As for myself [Andrew Lee], I love my country. Please do not misunderstand, as a minority born, raised and living in the US, I am certainly not screaming, ‘MERIKA FUK YAH!’ However, this country has provided a climate in which people can work hard to better their lives and, as well, enjoy great liberties which, in reality, most/many countries fail to match. As such, I, myself, remain in the US in order to help see to it that this country is able to continue/return to being a land of liberty and freedom. To this extent, we’re really putting our money where our mouths are.”

“However, to remain in the US, meant, as well, the relinquishing of my access to the PIA systems/network. Administrators, developers and co-founders everywhere can relate to the difficulty of doing so, but the reality is that it was a requirement if I was to remain here. This policy is in place, and relinquished access I have.”

“With regard to the gag orders, recently a US judge ruled the gag order provision to be unconstitutional, in violation of First Amendment rights. We do consider this to be a win for our side, in our quest to bring our privacy and civil liberties back to levels which we as a society can decide for ourselves. With that said, it’s not the end of the battle, as the ruling is currently being appealed, and as such, no decision is certain at present.”

“However, we’re a company that operates, as we said on our privacy policy, within the spirit and letter of the law. As such, we believe in constitutionally provided privacies and liberties and, to this extent, I’d like to make it unequivocally clear that we will fight any gag order to the fullest extent given that it clearly undermines First Amendment rights and the transparency of governmental interactions with private entities.”

“While I’d like to yell some kind of statement as many have before that most certainly could never be upheld, our customers and TorrentFreak readers deserve to know that we’re fighting to the best of our abilities, within the confines and maturity of the existing societal infrastructure. This is not the only way, but this is currently the best way for us to make a meaningful broad impact.”

TorGuard

“Lavabit’s actions to suspend operations and preserve its client’s privacy were truly inspiring. This serves as an excellent example for other companies to not let big government push them around and stand up by legally challenging unlawful data requests or gag orders. Curbing the power of government surveillance on the corporate sector won’t be easy, but it needs to start now with increased transparency and corporations that take an oath of privacy no matter the cost to business. In Lavabit’s case – if you can’t leave Texas then burn the servers.”

“A big misconception going around is that one’s data is far safer from scrutiny with foreign based corporations. Unfortunately, the US isn’t the only country with a spy agency and they certainly are not confined by domestic borders. We’ve seen countless incidents in the recent past where both domestic and international surveillance agencies abused power to gain access to servers and customer data – no gag order required.”

“Just because a company is incorporated in ‘Timbuktu’ doesn’t mean the third-party data centers they lease servers from won’t open the door when federal agents come knocking. That’s why more transparency is needed on a global scale, not just from US service providers, but also by these international based ISPs, Data Centers, Domain Registrars and Merchant Providers..(the list goes on).”

“While TorGuard does have US-based representation, we are an internationally owned company with 90% of our employees and server resources based abroad. As owner/operator, I’ve pledged an oath of privacy to our client base and I intend to uphold this promise to the best of my abilities, even if it means temporarily suspending services or relocating company assets. We have backup plans for our backup plans, and travel light.”

VikingVPN

“Knowing whether or not a company has been compromised by a national security letter is deceptively simple. All you have to do is ask. Right now, I can confidently say that VikingVPN has not been served a National Security Letter. Feel free to ask me again later. If I don’t reply at some point in the future when you ask me, then you’ll know. See how easy that was?”

“The reason this works is that the Govt. cannot compel you to lie, but they can (apparently) compel you to remain silent. I would actually argue that the national security letters, and indeed the entire PRISM/XKeyScore system are illegal and unconstitutional, but obviously I don’t sit on the FISA court or Supreme Court, so my opinion holds little weight.”

“I would encourage TorrentFreak to reach out to all the US VPN providers and simply ask them if they have received a national security letter. If they don’t reply within a reasonable time-frame you will have your answer. I would even encourage you to keep a running list of VPN providers that reply. You could ask them once a month.”

“Further, VPNs have always been about trust. You’re entrusting your data to the VPN service provider, and hoping they don’t betray you. Any VPN service provider could be secretly logging and passing your data to a 3rd party without your permission. Some of this trust can be gained (or lost) from reputation.”

“Do users of the service report betrayals in the form of legal notices? Some of the trust has to come from knowing just who runs the VPN service. VikingVPN has been very transparent about this. You can see who myself and my partners, Justin Greene & Derek Zimmer, are. You can see that we’re not connected to any Intelligence Agencies or Copyright bodies. You can also view the kinds of political speech we engage in. We’re vehemently anti-spying and anti-PRISM.”

“US VPNs can still be trusted because you can place a honeypot anywhere in the world when it comes to VPN services. The paranoia surrounding US-based VPNs simply is not thought through very well. The UK and Sweden both have similarly intrusive dragnet programs, and there seems to be little concern for VPN services out of those nations. Furthermore, you can save all the packets you want, unless the VPN itself is compromised it isn’t going to matter.”

Conclusion

The conclusion brings us right back to the start of this article. No VPN provider can guarantee that any type of encryption is 100% secure. Hopefully the above has given people some pointers on what to avoid, and what the more secure alternatives are.

But even if people pick the strongest encryption possible, one still has to trust VPN providers to keep his or her data safe, regardless of where the company is located.

Source: How NSA-Proof Are VPN Providers?

27 Dec 15:59

Astronaut Karen Nyberg With Cosmonaut Fyodor Yurchikhin and Astronaut Luca Parmitano

ISS037-E-011136 (14 Oct. 2013) --- NASA astronaut Karen Nyberg, Expedition 37 flight engineer; Russian cosmonaut Fyodor Yurchikhin (center), commander; and European Space Agency astronaut Luca Parmitano, flight engineer, pose for a photo in the Kibo laboratory of the International Space Station. Image Credit: NASA
27 Dec 15:57

For the first time, the majority of Americans want to legalize marijuana

by Adrianne Jeffries

In 1969, a mere 12 percent of Americans wanted to legalize marijuana. Today, 58 percent do. That's according to a new poll by Gallup, which says the drug is moving toward social acceptance. "It has been a long path toward majority acceptance of marijuana over the past 44 years, but Americans' support for legalization accelerated as the new millennium began," the pollster says in a press release.

Public support for legalization soared in the 1970s, plateaued during the 1980s and 1990s, and began climbing again in 2000, according to Gallup. Support hit 50 percent in 2011, dipped below 50 percent in 2012, and now appears to have achieved a decisive majority.

Interestingly, the number of Americans who say they have tried marijuana has not...

Continue reading…

27 Dec 15:56

Dogs in Berlin are overdosing on drug addicts' feces

by Amar Toor

Berlin's dogs are being poisoned by the feces of drug addicts, according to a report from Germany's Tagesspiegel newspaper. Veterinarians tell the paper they've seen increased poisoning cases involving dogs that had eaten human waste, with many suffering from shaking, dehydration, and an inability to walk properly. Subsequent tests revealed that heroin and other illegal drugs were still present in the consumed feces.

Doctors say most of the dogs ate the feces in the city's Treptow and Kreuzberg areas, where drug users are known to gather — and occasionally defecate — in public parks. Drug use has been especially pervasive in Kreuzberg's Görlitzer Park, where some activists are pushing the government to combat the issue by l...

Continue reading…

26 Oct 04:45

Google breekt belofte bannerloze zoekpagina

by Henk-Jan Buist
Google beloofde nooit banners te zullen voeren bij zoekresultaten, maar laat nu toch een proefballonnetje op.
26 Oct 04:45

AMD R9 290X: Olympiër voor de Titan

by Jelle Stuip
Het heeft even geduurd, maar AMD's nieuwe topmodel, de R9 290X, is eindelijk uitgebracht. Tweakers benchmarkte de kaart en zette deze af tegen Nvidia's GTX Titan
26 Oct 04:45

LinkedIn maakt add-on voor mail-app iOS 7

by Arnoud Wokke
LinkedIn heeft een add-on gemaakt voor de mail-app van iOS 7. Een balk in de mail-client kan daardoor informatie van LinkedIn van een contactpersoon weergeven. De mail moet daarvoor wel via een LinkedIn-proxy geleid worden.
26 Oct 02:45

Blackhole Exploit Kit in retreat as criminals defect to rival exploit system

by John E Dunn)
The crimeware empire built by the infamous Blackhole Exploit Kit appears to be crumbling with the news that a criminal group using the important Cutwail botnet has defected to a rival platform.
    


26 Oct 02:44

Windows 8 users supplementing Windows Defender with dedicated antivirus software

by John E Dunn)
Microsoft’s integration of Windows Defender into Windows 8 seems to have little effect on the desire of users to install standalone security software, new figures from security management firm OPSWAT have shown.
    


26 Oct 02:41

IT workers called to become e-mentors

by noreply@idg.co.uk (Anh Nguyen)
A charity is looking for people working in the IT sector to become e-mentors for young people, in a bid to close the UK's technology skills gap.
    


26 Oct 02:41

Cisco fixes serious security flaws in networking, communications products

by Lucian Constantin)
Cisco Systems released software security updates Wednesday to address denial-of-service and arbitrary command execution vulnerabilities in several products, including a known flaw in the Apache Struts development framework used by some of them.
    


26 Oct 02:41

ICANN zet sluisdeuren open voor vloedgolf domeinextensies

by Andreas Udo de Haes
ICANN heeft de eerste vier nieuwe generieke topleveldomeinen in de internetroot geactiveerd. Er volgen er nog 1400.
26 Oct 02:40

'Familiebedrijf' Dell steekt loftrompet over pc

by Kristian van Tuil
"De pc dood? Welnee!" Als het aan Michael Dell ligt, dan behoort deze discussie zo snel mogelijk tot het verleden.
26 Oct 02:40

Kabelaars VS willen datalimiet vast internet terug

by Henk-Jan Buist
De datalimiet op vast internet kan anno 2013 nog best, vindt een Amerikaanse belangenvereniging van providers en televisiezenders.
26 Oct 00:25

Google acquires Flexycore to enhance Android Project Butter

by Chris Merriman
Google acquires Flexycore to enhance Android Project Butter

It has a need... a need for speed


    


26 Oct 00:07

Japan’s Nuclear Regulation Authority Reports on Leakage and Sea Water Radioactivity

On 23 October 2013, the Japanese Nuclear Regulation Authority (NRA) provided the IAEA with an update on radioactivity in seawater at TEPCO’s Fukushima Daiichi Nuclear Power Station (NPS).

26 Oct 00:07

Battling Cardiovascular Disease with Nuclear Medicine

Cardiovascular disease is responsible for as many as 30% of all deaths every year. The IAEA hosted an international conference on diagnostic imaging and its role in the battle against cardiovascular disease.

25 Oct 23:54

Rechter: hacker heeft minder grondrechten

by Andreas Udo de Haes
Iemand die zichzelf 'hacker' noemt kan en zal vast zijn digital sporen wissen, dus moet niet gewaarschuwd worden bij een inval.
25 Oct 22:10

Diglett Wednesday: Diglett and Scratch Now Make Sense... or Something

diglett wednesday,diglett

You're welcome. @malletmoose

Submitted by: The_ND_Mallet_Guy

23 Oct 15:20

Why Apple’s Mac software isn’t really free

The most surprising announcement at Apple’s event Tuesday wasn’t the new and thinner iPad, but the company’s decision to give away the software that runs its computers. The Mac OS X operating system, for which in the past Apple has charged as much as $169, is now free.
23 Oct 15:20

The BBC Busted A 'Bogus' University By Successfully Enrolling A Dog In Its MBA Program

by Peter Jacobs

Dog BBC Diploma Graduate

The BBC has a great report out about how an investigative team successfully enrolled a dog in the American University of London's MBA program.

For a £4,500 fee — about $7,300 — AUOL would have given management consultant "Peter Smith" an MBA, based on a CV with 15 years of work experience and an undergraduate degree. However, Pete is actually a dog, and his prior employment and degree were, obviously, made up.

The BBC sent this CV, along with an MBA application, to AUOL. Additionally, the BBC reports, "AUOL also requires applicants to provide photocopies of previous qualifications and a photograph of themselves. However, Newsnight was unable to provide either since the qualifications did not exist and the applicant was a dog."

Pete was accepted for an MBA based on prior experiences, and an AUOL representative told the BBC that the school "awarded him the full degree immediately based on his qualification and his professional experience." 

The AUOL is uncredited in England and is listed as a "bogus" university by an Italian organization, although the BBC "found hundreds of senior executives listing AUOL qualifications."

Check out the full BBC report on Pete's new MBA here >>

Join the conversation about this story »


    






23 Oct 13:12

Dell's Precision M3800 is a Windows 8.1 mobile workstation weighing under 2kg

by Lee Bell
Dell's Precision M3800 is a Windows 8.1 mobile workstation weighing under 2kg

It's 800g lighter than Toshiba’s Tecra W50


    


23 Oct 12:36

LIVE: Caterpillar Misses Earnings Estimates, Cuts Outlook (CAT)

by Sam Ro

Caterpillar

Caterpillar just announced its Q3 financial results, and the numbers look weak.

Earnings came in at $1.45 per share, which was much weaker than the $1.67 expected by analysts.

Revenue of $13.42 billion was below the $14.47 billion expected.

"This year has proven to be difficult, with expected sales and revenues nearly $11 billion lower than last year," said CEO Doug Oberhelman.  "That is a 17 percent decline from 2012, with about 75 percent of the drop from Resource Industries, which is principally mining.  We expect Resource Industries to be down close to 40 percent for the full year and Power Systems' and Construction Industries' sales to each be down about 5 percent."

"Not only is mining down from 2012, the demand for equipment has been difficult to forecast," said management in the company earnings announcement.  "Orders for new mining equipment began to drop significantly in mid-2012 and have continued at very low levels.  As a result of weak orders and feedback from end users, the sales and revenues outlook provided in January of 2013 included a decline in mining sales. "

Caterpillar manufactures construction and mining equipment that get used all over the world. As such, it is a useful indicator of global economic activity.

Click Here For Live Updates »

Join the conversation about this story »


    






23 Oct 12:35

Dokter helpt niet bij ziekenhuis

Maxim Bange

The Dutch..

Een fietsster die gistermiddag op 200 meter van het Ommelander Ziekenhuis in Delfzijl werd aangereden, moest wachten op de ambulancedienst voordat ze hulp kreeg vanuit het ziekenhuis.

Een voorbijganger meldde aan de balie van het ziekenhuis dat de vrouw vlakbij de hoofdingang was aangereden en vroeg of een arts of verpleegkundige naar het slachtoffer kon komen kijken. Het ziekenhuis belde 112 voor een ambulance en ondernam verder geen actie.

Volgens voorlichtster Ria Wubbels van de Ommelander Ziekenhuisgroep is alles wat buiten het terrein van het ziekenhuis gebeurt een zaak van de ambulancedienst.

Dit is regelgeving van het Ministerie van Volksgezondheid. De ambulancedienst moet een slachtoffer eerst ophalen. Pas dan mag het slachtoffer naar de eerste hulp worden gebracht.

23 Oct 12:34

Vatican suspends 'bishop of bling'

The Vatican suspends a German bishop dubbed the "bishop of bling" by the media over alleged lavish spending, including a $42m renovation of his home.
23 Oct 12:34

New DLC Available - Saints Row IV - Enter The Dominatrix

by Valve
Enter The Dominatrix, all new content for Saints Row IV is Now Available on Steam!

Enter the Dominatrix reveals the wild hijinx of the original vision of the canceled SR3 expansion. Steelport has been taken over by the Dominatrix and only the Saints can stop her from trapping everyone in a virtual prison! Includes behind-the-scenes commentary and the return of some fan-favorite characters.

If you already own the Season Pass, you already own this content. DO NOT purchase this here as you will be charged again.

23 Oct 12:34

GeenStijl verklaart de oorlog aan België

by Johnny Quid
België is een slap excuus voor een land. Nogal logisch dat de EU besloot te parasiteren op Brussel. Belgen zijn nu eenmaal een onderdanig volkje dat zich alles laat gezeggen. Een spuuglelijk onderdanig volkje, willen we daaraan toevoegen. Een knappe...
23 Oct 12:33

Eerste Syrië-gangers veroordeeld

Twee Nederlandse Syrië-gangers zijn veroordeeld voor het voorbereiden van een jihadreis. Omar H. kreeg 1 jaar cel, waarvan 4 maanden voorwaardelijk. Mohammed G. is ontoerekeningsvatbaar en is veroordeeld tot een jaar opname in een psychiatrisch ziekenhuis.