Wednesday, December 8, 2010

Mastercard attack 'hits payments'

Web attacks on the Mastercard site have disrupted payments, the BBC has learnt.

The site is among several targeted by the Anonymous group of hackers, who have pledged to pursue firms that have withdrawn services from Wikileaks.

Mastercard, which stopped processing payments to the whistle-blowing site, said the attack had had "no impact" on people's ability to use their cards.

But the BBC has been contacted by a payment firm that said its customers had "a complete loss of service".

In particular, it said that an authentication service for online payments known as Mastercard's SecureCode, had been disrupted.

Other readers have also said that they have had problems with online payments. The scale of the problems is still unclear.

Mastercard has not responded to the claims.

Earlier, Doyel Maitra of the firm, said: "Mastercard is experiencing heavy traffic on its external corporate website - Mastercard.com - but this remains accessible.

"We are working to restore normal speed of service. There is no impact whatsoever on Mastercard or Maestro cardholders' ability to use their cards for secure transactions."

False account

Anonymous, which claimed to have carried out the attack, is a loose-knit group of hacktivists, with links to the notorious message board 4chan.

It said that it has hit several targets, including the website of the prosecutors who are acting in a legal case against Wikileaks founder Julian Assange.

"Start Quote

Websites that are bowing down to government pressure have become targets"

End Quote Coldblood Anonymous

PayPal, which has stopped processing donations to Wikileaks, has also been targeted.

The firm said Wikileaks' account had violated its terms of services.

"On 27 November the State Department, the US government, basically wrote a letter [to Wikileaks] saying that [its] activities were deemed illegal in the United States," PayPal's Osama Bedier told the Le Web conference in France.

"And as a result our policy group had to make the decision of suspending their account.

"It's honestly, just pretty straight forward from our perspective and there's not much more to it than that," he said.

Other firms that have distanced themselves from the site have also been hit in the recent spate of attacks including the Swiss bank, PostFinance, which closed the account of Wikileaks founder Julian Assange.

The bank said Mr Assange had provided false information when opening his account.

Swamp site

Security experts said the sites had been targeted by a so-called distributed denial-of-service attack (DDoS), which swamp a site with so many page requests that it becomes overwhelmed and drops offline.

Paul Mutton of security firm Netcraft said that 1,600 computers were involved in flooding the site with spoof requests.

Access to Mastercard's site is still intermittent.

Noa Bar Yosef, a senior analyst at Imperva said the attacks were "very focused".

"It is recruiting people from within their own network. They are actually asking supporters to download a piece of code, the DDoSing malware, and upon a wake-up call the computer engages in the denial of service," he said.

Before the Mastercard attack, a member of Anonymous, who calls himself Coldblood, told the BBC that "multiple things" were being done to target companies that had stopped working with Wikileaks or which were perceived to have attacked the site.

"Websites that are bowing down to government pressure have become targets," he said.

"As an organisation we have always taken a strong stance on censorship and freedom of expression on the internet and come out against those who seek to destroy it by any means."

"We feel that Wikileaks has become more than just about leaking of documents, it has become a war ground, the people vs. the government," he said.

Some of the early DDoS hits failed to take sites offline, although that was not the point of the attacks, according to Coldblood.

"The idea is not to wipe them off but to give the companies a wake-up call," he said. "Companies will notice the increase in traffic and an increase in traffic means increase in costs associated with running a website."

DDoS attacks are illegal in many countries, including the UK.

Coldblood admitted that such attacks "may hurt people trying to get to these sites" but said it was "the only effective way to tell these companies that us, the people, are displeased".

Anonymous is also helping to create hundreds of mirror sites for Wikileaks, after its US domain name provider withdrew its services.

Coldblood said that the group was beginning to wind down the DDoS attacks so that it could concentrate on using "other methods which are more focused on supporting Wikileaks and making sure the Internet stays a free and open place".

Are you a Mastercard customer? Have you been affected by the attack? Send us your comments using the form below.



Powered by WizardRSS | Best Membership Site Software

Google unveils Chrome OS notebook

<!-- Embedding the video player --> <!-- This is the embedded player component -->
<!-- embedding script -->
<!-- companion banner --> <!-- END - companion banner --><!-- caption -->

Google's head of product for Chrome, Sundar Pichai, demonstrates the new operating system

<!-- END - caption -->
<!-- end of the embedded player component --> <!-- Player embedded -->

Google has delayed the launch of its much anticipated laptop, powered by its Chrome operating system, until 2011.

Instead, Google announced a pilot programme aimed at people who "live on the web".

Chrome OS is Google's boldest bid yet to challenge Microsoft's market dominance with Windows software.

Google has already gone after Microsoft's Office software with its Google Docs product.

Chrome marks a departure from traditional operating systems, such as Mac OSX and Windows, by targeting users who spend most of their time on the web.

"We think cloud computing will define computing as we know it," said Eric Schmidt, Google's chief operating officer.

"Finally there is a viable third choice for an operating system."

Google's Sundar Pichai said the pilot scheme is aimed at early adopters, developers and users who are used to using beta software.

They will be given an unbranded black notebook, called the Cr-48.

Mr Pichai said there would be no devices on sale until next year simply because the software was not ready for prime time, due to a number of bugs and unfinished features.

"This is a profound shift," said Mr Pichai, claiming that the operating system is Google's attempt to "re-think the personal experience for the modern web".

"Chrome is nothing but the web," he added.

Machines for the pilot scheme will start shipping soon.

Consumer devices from Acer and Samsung are due on the market in 2011. No pricing details were given.

Computer share

At the press event in San Francisco, Google also outlined a number of features in Chrome OS.

Security was at its heart, with automatic updates for users taking away the need to constantly ensure that the latest version has been activated.

The company said that it hoped to be the first to ship a tool called "verified boot" on Chrome OS devices, which makes sure nothing on the machine has been modified or compromised.

"We are confident that when we ship Chrome notebooks, it will be the most secure OS ever shipped to users," said Mr Pichai.

He also said that because data will be accessed through the cloud, users could loan their machines to other people.

"By delivering nothing but the web, it makes it very easy to share your computer," said Mr Pichai.

Google said it has also partnered with US telecom titan Verizon to offer connectivity with Chrome notebooks when they go on sale.

The plans range from 100 MB of free data, to $9.99 a day for unlimited data, with no extra fees.

Two paths

A number of analysts have questioned whether or not Google is making a smart play with the Chrome OS, given that the computing world has changed dramatically since it announced plans for the low-cost operating system over 18 months ago.

In the last year, Apple's iPad has reinvigorated the tablet market, and Google's own Android OS - which powers smartphones - has taken off.

Android is also being used in tablet devices and netbooks, prompting a number of industry watchers to question Google's twin approach in the OS market.

"Google hasn't done a good job on why these two things need to exist," Michael Gartenberg, director with research firm Gartner, told the BBC last week.

"Android is designed for the here and now, an app centred world. The hottest devices don't have keyboards. Google has to come up with a better story of how Chrome fits in," he added.

Many fear two Google operating systems will cause confusion for consumers.

Google's Mr Schmidt does not believe it will, and recently stated that Chrome was for keyboards and Android was for touch-based devices.

The Chrome OS will be given free to hardware manufacturers.

Microsoft, in comparison, charges a fee for its Windows software.

Back in October, the software leader said Windows sales increased by 66% on a year earlier, to $4.8bn, helping to boost first quarter profits.



Powered by WizardRSS | Best Membership Site Software

IE9 introduces anti-tracking tool

Microsoft's IE9 browser will have tools that control what data is collected about what a user does online.

The tools will let people stop a site they are visiting sharing information about what they do with other sites.

Users will be able to create lists stating that their data will only be shared with sites they want to see it.

The news comes as the US government criticises the computer industry for its slow progress on protecting user privacy.

In a blog post, Microsoft said many people did not realise that when they visit a website what they look for, view or buy there is often shared with other companies without that user's knowledge.

In IE9, Microsoft is planning to introduce what it calls "Tracking Protection Lists" that it says will work like the "Do Not Call" lists that limit who marketing firms can cold call.

The lists will be defined by users and limit the sharing of data only to those sites which a user is happy to see the information. When switched on, the system might mean that some adverts or other features do not appear when users visit sites.

Anyone will be able to write a list and share it with others so they can get the same protection, said Microsoft.

It also plans to release the formatting and standards for the lists under an open licence so other browser makers can adopt them.

The tracking system will be turned off by default and users will have to "opt in" to use it.

Microsoft said early versions of the tools would be included in the version of IE9 due for release in early 2011.

It is not the first browser to offer such functionality. Chrome, Firefox and Opera also allow users to create lists of trusted sites.

The announcement comes in the wake of a report from the US Federal Trade Commission report into online privacy.

In it the FTC said that industry self-regulation of privacy was "too slow" and has "failed to provide adequate and meaningful protection".

It called for consumers to be given far more choice about the data being collected about them. It recommended the creation of a "Do Not Track" mechanism that would stop the wholesale collection of information about where people go online and what they are interested in.



Powered by WizardRSS | Best Membership Site Software