Net pirate monitoring firm hacked

17 May 2011 Last updated at 08:37 ET

A firm employed by the French government to track down net pirates has been hacked.

Trident Media Guard is believed to have exposed a range of data, including advice on how to avoid detection.

TMG monitors peer-to-peer networks as part of France's anti-piracy measures.

Eric Walter, head of the French anti-piracy unit, confirmed on Twitter that it had "temporarily suspended" links with TMG.

France's so-called HADOPI law has caused controversy since it was introduced in 2009.

Suspected illegal file-sharers receive three official warnings, after which they are reported to a judge who can hand out a range of punishments, including disconnecting them from the internet.

The UK is due to introduce similar legislation, although at this stage it has no plans to punish offenders with disconnection.

But it will need to employ a firm similar to TMG.

When anti-piracy firms monitor peer-to-peer networks for copyright infringements, they find IP addresses - the numerical code linked to a specific computer.

Armed with this information, copyright holders can request that a judge forces ISPs to hand over the physical addresses associated with the IP address.

"Any firm that gets involved in this will need to make sure that its security is nailed down," said John Walker, professor at Nottingham Trent University's school of computing.

"This was the perfect storm waiting to happen. It was an instant target for hacktivists. You can't even call it a hack, it was a walk-in, a travesty," he said.

A similar attack was perpetrated by hacktivists from the loose-knit Anonymous group against ACS Law, a firm pursuing alleged net pirates in the UK.

In the process of rebuilding his website, the firm's sole Andrew Crossley exposed thousands of names and addresses plus lists of pornographic films that people were alleged to have been downloaded without paying for.

He was fined just �1,000 after he claimed bankruptcy, but the UK Information Commissioner said the breach was so severe it warranted a fine of �200,000.

Powered By WizardRSS.com | Full Text RSS Feed | Amazon Plugin | Settlement Statement | WordPress Tutorials

Court rejects new Facebook case

17 May 2011 Last updated at 02:56 ET

The latest attempt by Cameron and Tyler Winklevoss to re-open their case against Facebook founder Mark Zuckerberg has been rejected.

They had asked the 9th US Circuit Court of Appeals in San Francisco to reconsider its April ruling upholding the $65m (�40m) settlement from 2008.

The twins say that Facebook concealed information and they should have received more Facebook shares.

Mr Zuckerberg denies their claims that he stole the idea of Facebook.

In April, a three-judge panel decided not to scrap the original settlement and not to allow a fresh case to begin.

In their latest move, the Winklevoss twins had asked for a full panel of 11 judges to review that decision.

No fresh reasons were given for declining the appeal.

Their lawyer Jerome Falk said in a statement that they would appeal to the Supreme Court.

The 2008 settlement gave them $20m in cash and $45m of stock valued at $36 a share.

But the shares are not yet traded anywhere, and the brothers say that they were duped because internally the shares were only valued at $9.

Their claim that Mr Zuckerberg stole their website idea while they were all students at Harvard was made famous by the film The Social Network.

Powered By WizardRSS.com | Full Text RSS Feed | Amazon Plugin | Settlement Statement | WordPress Tutorials

Android handsets 'leak' ID data

17 May 2011 Last updated at 06:34 ET

More than 99% of Android phones are potentially leaking data that, if stolen, could be used to get the information they store online.

The data being leaked is typically used to get at web-based services such as Google Calendar.

The discovery was made by German security researchers looking at how Android phones handle identification information.

Google has yet to comment on the loophole uncovered by the researchers.

ID attack

University of Ulm researchers Bastian Konings, Jens Nickels, and Florian Schaub made their discovery while watching how Android phones handle login credentials for web-based services.

Many applications installed on Android phones interact with Google services by asking for an authentication token - essentially a digital ID card for that app. Once issued the token removes the need to keep logging in to a service for a given length of time.

Sometimes, found the researchers, these tokens are sent in plain text over wireless networks. This makes the tokens easy to spot so criminals eavesdropping on the wi-fi traffic would be able to find and steal them, suggest the researchers.

Armed with the token, criminals would be able to psoe as a particular user and get at their personal information.

Even better, found the researchers, tokens are not bound to particular phones or time of use so they can be used to impersonate a handset almost anywhere.

"[T]he adversary can gain full access to the calendar, contacts information, or private web albums of the respective Google user," the researchers wrote in a blog post explaining their findings.

Abuse of the loophole might mean some people lose data but other changes may be harder to spot.

"...an adversary could change the stored e-mail address of the victim's boss or business partners hoping to receive sensitive or confidential material pertaining to their business," the team speculated.

There is no suggestion that attackers are exploiting the Android loophole at the moment.

Almost all versions of the Android operating system were passing round unencrypted authentication tokens, found the researchers. It was fixed in version 2.3.4 but, suggest Google figures, only 0.3% of Android phones are running this software.

Some Google services, such as image sharing site Picasa, are still using unencrypted authentication tokens that can be stolen, found the team.

The researchers urged Android phone owners to update their device to avoid falling victim to attacks via the loophole. Google is also known to be working with operators and handset makers to get updates to people faster than at present.

Powered By WizardRSS.com | Full Text RSS Feed | Amazon Plugin | Settlement Statement | WordPress Tutorials

Nokia kills off Ovi mobile brand

16 May 2011 Last updated at 09:02 ET

Nokia is to stop using the Ovi brand to sell music, games and mobile apps.

The company said it planned to wind up the four-year-old project and would be offering services under the Nokia name in future.

In its early days, critics claimed that Ovi was an ill-conceived, rushed reaction to Apple's app store and iTunes.

However, by 2011, its worldwide user base was downloading an average of five million products every day.

The changeover was announced on Nokia's Ovi blog by editor Pino Bonetti.

He wrote: "The main reason for this change is so we can leverage the high-value of the Nokia master brand to better support future plans to deliver disruptive and compelling mobile experiences globally."

Mr Bonetti assured users that the only change to the service would be its name.

Confusing brands

Industry watchers said that it made sense for Nokia to ditch the Ovi brand following its agreement with Microsoft to use Windows on its smartphones.

"The problem was they created a brand out of something that did not need to be branded," said Stuart Miles, editor of Pocketlint.com

"With the move to Windows Phone 7 they are not going to be able to keep the Ovi store. That was going to get very confusing."

Continue reading the main story

"Start Quote

It seems a very strange way of going about it at the present time."

End Quote Dr Windsor Holden Juniper Research

Microsoft's Windows Phone allows users to download applications through its dedicated Marketplace store.

Although Nokia plans to use the platform for all future smartphones, the majority of the handsets it makes run on Nokia's own, less sophisticated operating system.

Software for those will continue to be made available through the rebranded Ovi platform, leading some analysts to question whether the new setup will be any simpler.

"If you are going to abandon Ovi, I would imagine you would want to have a single app store offered by both companies," said Dr Windsor Holden, a telecoms analyst with Juniper Research.

"It seems a very strange way of going about it at the present time," he added.

Business rethink <!-- Embedding the video player --> <!-- This is the embedded player component -->

<!-- embedding script -->

<!-- companion banner --> <!-- END - companion banner --><!-- caption -->

Rory Cellan-Jones asks Nokia's Stephen Elop and Microsoft's Steve Ballmer why they chose to form an alliance

<!-- END - caption -->

<!-- end of the embedded player component --> <!-- Player embedded -->

Nokia has been forced to rethink its strategy in recent years as it feels the pressure from rival manufacturers.

Its global market share fell from 33% in April 2010 to 29% in April 2011, according to Strategy Analytics.

In its core business of producing low end, simple handsets, competition has come from companies such as Samsung, which recently passed the Finnish firm as the leading mobile retailer in Western Europe.

The Finnish firm's decline has been even more precipitous in the rapidly growing smartphone segment, with Apple's iPhone and Google Android-powered devices eroding its long standing dominance.

According to figures from IDC, Nokia's share of the smartphone market fell from 57% in 2009 to 20.8% in 2011.

In an attempt to turn the tide, it announced a strategic alliance with Microsoft in February 2011.

Nokia said that there would be substantial job losses as a result of the deal.

Powered By WizardRSS.com | Full Text RSS Feed | Amazon Plugin | Settlement Statement | WordPress Tutorials

Sony begins PlayStation relaunch

15 May 2011 Last updated at 05:11 ET

Sony has announced that it will begin restoring its online PlayStation video game network on Sunday.

The phased restoration of services will begin in the US, Europe, Australia, New Zealand and the Middle East.

The move comes more than three weeks after Sony discovered a huge security breach that led to the theft of personal data from millions of users.

The firm said its expects to have the network, including Qriocity services, fully restored by the end of May.

The restoration of Japanese and Asian services would begin soon, it added.

'Aggressive action'

Continue reading the main story

Analysis

<!-- pullout-items--> <!-- pullout-body-->

The news of PlayStation Network's restart will be welcomed by gamers, many of whom were beginning to give up hope of it ever reappearing.

However porous the company's internet security was previously, you can bet it now has seriously beefed-up safeguards.

But that in itself creates a new problem.

There is nothing hackers love more than a challenge, and cracking the PlayStation Network for a second time will almost certainly become one of the holy grails for these electronic invaders.

Sony will be under no illusions that there is such a thing as perfect security, but the mere suggestion that its system has been "fixed" makes it a hostage to fortune.

Another breach would be disastrous for the beleaguered company.

In gaming parlance, Sony has used up all its lives, and the enemy is still at the gates.

<!-- pullout-links-->

Sony said it had implemented "new and additional security measures" that would provide users with better protection.

These were designed in conjunction with a number of external security firms, the company said, and include increased encryption levels and additional firewalls.

"I'd like to send my sincere apologies for the inconvenience this incident has caused you, and want to thank you for all the kind patience you've shown as we worked through the restoration process," said Kazuo Hirai, Sony's executive deputy president.

He added the company was taking "aggressive action" to resolve the security issues and was making "consumer protection a full-time, company-wide commitment".

The company said it would be offering a "welcome back" package to users that included some "premium content".

Sony first discovered the security breach, which led to the theft of personal data from 100m online accounts, on 20 April.

Many users were upset about the company taking two days to contact the police and almost a week to inform those people affected.

Sony hired outside specialist cyber-security firms to investigate the breach, and earlier this month blamed the online vigilante group Anonymous for indirectly allowing it.

The group has denied being involved in the theft.

Powered By WizardRSS.com | Full Text RSS Feed | Amazon Plugin | Settlement Statement | WordPress Tutorials

Games maker Square Enix hacked

13 May 2011 Last updated at 12:08 ET

Hackers have broken into two websites belonging to Japanese video games maker Square Enix.

The company confirmed that the e-mail addresses of up to 25,000 customers who had registered for product updates may have been stolen as a result.

Resumes of 350 people applying for jobs in its Canadian office could also have been copied from the web servers.

Square Enix, which makes the popular Final Fantasy, Deus Ex and Tomb Raider games, apologised for the breach.

In a statement, it said: "Square Enix can confirm a group of hackers gained access to parts of our Eidosmontreal.com website as well as two of our product sites.

"We immediately took the sites offline to assess how this had happened and what had been accessed, then took further measures to increase the security of these and all of our websites, before allowing the sites to go live again."

It is understood that the websites affected were Eidosmontreal.com, run by Square Enix's subsidiary Eidos, and Deusex.com, a promotional site for the forthcoming game, Deus Ex: Human Revolution.

Scammer's dream

Graham Cluley, a consultant at security firm Sophos, warned that both leaks could cause problems for the individuals concerned.

"With the e-mail there is a danger that gamers could be e-mailed by someone pretending to be from the company who gets them to click on a link or run some malicious software," he told BBC News.

"The resumes are a blueprint for identity theft. They have everything that scammers want. The only thing missing is credit card information."

Square Enix emphasised that it does not hold customers' credit card data on its web servers.

It also said there was no evidence that the information had been distributed.

Mr Chippy

Shortly after the attack, both websites displayed the message "Owned by Chippy1337", as well as several other known hacker names, including Xero, XiX and Venuism.

However, it appears that some or all of those names may have been misappropriated by the real attackers.

Logs of Internet Relay Chat (IRC) conversations have appeared on the online, which appear to show the perpetrators discussing the hack as they carried it out.

In one section, the individuals taking part wrote: "We put it in the name of chippy1337 and write the names ryan, dfs, xero, nikon, xix, venuism and evilhom3r.

The same person then added the comment, "lol [laugh out loud]".

Security in the video games industry has been in the spotlight in recent weeks after the hacking attacks on Sony's PlayStation Network and SOE online multiplayer system.

The personal details of around 100 million users were stolen from the company's servers.

Investigations into the source of the data breach are continuing, with specialist computer forensic teams and the FBI getting involved.

The PlayStation Network remains offline, more than three weeks after the intrusion was discovered.

Powered By WizardRSS.com | Full Text RSS Feed | Amazon Plugin | Settlement Statement | WordPress Tutorials

Limewire pays $105m settlement

13 May 2011 Last updated at 07:31 ET

File-sharing software company Limewire has reached an out of court settlement with record labels that sued it for helping people pirate music.

The Lime Group, which developed the Limewire system, has agreed to pay $105m (�64.6m) to 13 music firms.

The figure is far less than the billion dollar bill for damages that the Recording Industry Association of America (RIAA) claimed it was owed.

The prolonged legal fight has led to Limewire being shut down.

Mitch Bainwol, chairman of the RIAA - which represents record labels - said the organisation was pleased with the result.

"This hard fought victory is reason for celebration by the entire music community, its fans and the legal services that play by the rules," said Mr Bainwol in a statement.

Limewire was a program that used peer-to-peer technology to help people find media on other computers and let others see their libraries of files.

The RIAA first took legal action against Limewire in 2006 shortly after concluding a $115m settlement with peer-to-peer software maker Kazaa.

In May 2010, the judge overseeing the case ruled that Limewire and its creator Mark Gorton had infringed copyright and aided others in downloading pirated music.

Another court ruling in the case in October 2010 led to the effective closure of Limewire as it was banned from letting people search, download, upload or trade files using the program.

An official updated version of the program has been distributed that stops people using Limewire to swap files in this way.

However, a pirate edition has been produced that leaves those services intact.

Powered By WizardRSS.com | Full Text RSS Feed | Amazon Plugin | Settlement Statement | WordPress Tutorials

Twitter boost for Japan doctors

13 May 2011 Last updated at 03:13 ET

In the aftermath of the earthquake in Japan, Twitter is proving "an excellent system" for communicating with chronically-ill patients, say doctors.

In letters written to The Lancet, Japanese doctors say social networking sites have been vital in notifying patients where to get medication.

Although telephone networks were disrupted after the earthquake, internet access remained reliable.

But Japan must now strengthen its primary care system, they said.

The letters, which appear in the Correspondence section of The Lancet, were written by Japanese doctors across the country.

They talk about the health care consequences of the earthquake and tsunami disaster which occurred in Japan in March.

In one letter, Dr Yuichi Tamura and and Dr Keiichi Kukuda, from the department of cardiology at Keio University School of Medicine in Tokyo, described their initial concern over how to get drugs to patients with pulmonary hypertension after the disaster.

"Forming a supply chain for such drugs in the earliest stages of the disaster was difficult; however we found that social networking services could have a useful role."

Continue reading the main story

"Start Quote

We were able to notify displaced patients via Twitter on where to acquire medications."

End Quote Dr Yuichi Tamura and Dr Keiichi Kukuda

Using the 're-tweet' facility on Twitter allowed information to be spread rapidly, they said.

"We were able to notify displaced patients via Twitter on where to acquire medications. These 'tweets' immediately spread through patients' networks, and consequently most could attend to their essential treatments."

On the move

But they also needed the hands-on help of countless medical staff to deliver drugs and oxygen.

"Our experience has shown that social networking services, run concurrently with physical support, were significant in triumphing over many difficulties in the recent catastrophe," they wrote.

In another letter, doctors describe how they transferred 600 dialysis patients from the area near the Fukushima nuclear power plant over 200km to another city to receive the urgent care they needed.

The patients were unable to bring their medical records with them on the journey from Iwaki to Niigata in the north west of Japan.

Dr Junichiro James Kazama, from Niigata University Hospital, said his team's experience of two previous earthquakes helped in the mass transfer.

"The transfer of 600 haemodialysis patients is an unprecedented event.

"However this mass relocation seems to be merely the beginning, because the accident recovery operation is still underway at the Fukushima Daiichi nuclear power plant," Dr Kazama wrote.

In other letters, doctors criticised the weakness of the Japan's primary care system, saying that patients normally have to go straight to hospital if they want to be treated for anything.

After the earthquake and tsunami, this situation created chaos.

"Hospitals were unable to tend to patients with non-urgent but important needs such as treatment of hypertension, diabetes, gastroenteritis, and so forth. Japan needs to strengthen its primary-care system," wrote Dr Jay Starkey from the University of Iowa and Dr Shoichi Maeda from Keio University in Tokyo.

Powered By WizardRSS.com | Full Text RSS Feed | Amazon Plugin | Settlement Statement | WordPress Tutorials

Wiki boss criticises injunctions

12 May 2011 Last updated at 06:53 ET

Wikipedia founder Jimmy Wales has waded into the debate over super-injunctions, saying current privacy laws are a "human rights violation".

The online encyclopaedia has fallen foul of UK privacy law in recent weeks, with details about those using super-injunctions appearing on the site.

Mr Wales told the BBC that such information would be removed because it did not come from a reliable source.

But if stories ran in foreign newspapers he would publish, he said.

"The Wikipedia community does not allow such things to come on the site unless there is a reliable source which currently there isn't because the newspapers aren't allowed to publish," he told the BBC Radio 4's PM programme.

But if they appeared in say the New York Times or a French newspaper he would run them, "without question".

US law

Mr Wales said his personal view was that privacy laws were "grave injustices and human rights violations".

"They should be done away with as quickly as possible. There should be no law constraining people from publishing legally obtained, factual information," he said.

Exceptions to this would be information that was life-threatening, such as troop movements.

"But we aren't talking about that. This is embarrassing facts about politicians and celebrities".

Wikipedia is owned by the US-based charity the WikiMedia Foundation and and is therefore subject to US law.

That is the same legal loophole that has allowed Twitter to continue publishing details about the private lives and subsequent super-injunctions of a range of celebrities.

Making mockery

It has said it will not identify the user who has been exposing the super-injunction gliterrati on the site, despite the fact that some of the details appear to be untrue.

Users worried by libellous tweets are advised to contact a lawyer.

Experts warned that the lawyers of celebrities could turn the tables, pressing for ISPs and firms such as Twitter to hand over the details of who is publishing comments on the site.

To do so they would need to obtain what is known as a Norwich Pharmacal order from a judge, the same process used by rights holders to force ISPs to hand over details about alleged illegal file-sharers.

"Celebrities could apply for Norwich Pharmacal orders against ISPs, Twitter or other parties holding data that may lead to the identification of a defendant," said solicitor Michael Forrester of law firm Ralli.

"The position is much more difficult when dealing with companies based in the US, such as Twitter and Google.

They may seek to avoid any applications on jurisdictional points and I suspect they may take a strong line with such applications, at least at first," he added.

The legislative net also appears to be closing in on social media sites with the UK culture secretary Jeremy Hunt saying places such as Twitter "made a mockery" of privacy laws.

"Whatever the laws tried to do on privacy, the internet is a very powerful force that you can't buck so we do need to look at it," he said at a Westminster lunch with journalists this week.

Meanwhile Twitter continues to ride high on the furore, recording its busiest day of online traffic this week.

Powered By WizardRSS.com | Full Text RSS Feed | Amazon Plugin | Settlement Statement | WordPress Tutorials

Twitpic triggers copyright clash

12 May 2011 Last updated at 06:08 ET

Picture posting service Twitpic has apologised for seeming to claim copyright on every image users upload.

A row blew up over photographs on Twitpic following changes made to the service's terms on 10 May.

Many users cancelled their Twitpic accounts because the changes implied that the site was claiming the right to sell pictures without permission.

Twitpic defended itself and said the new rules were intended to protect users' photos from abuse by the media.

Cash call

Twitpic founder Noah Everett apologised via the company blog for the "lack of clarity" in the updated Terms and Conditions.

Mr Everett stressed that Twitpic account holders own the copyright on the images and said the terms had been changed again to show "that you still own your content".

However, by signing up to Twitpic users also agree to let the service distribute their images to the company's partners.

This clause was needed, said Mr Everett, because as Twitpic has grown, a lot of the pictures that people post to it have found their way into reports about newsworthy events.

One of the most famous images posted on Twitpic came from January 2009 when a US Airways jet crash landed on the Hudson river.

"We've seen this content being taken without permission and misused," wrote Mr Everett.

By changing the terms, Twitpic hopes to limit this abuse. In this vein it recently signed an exclusive deal with the Wenn news group to syndicate images posted on Twitpic.

The apology and re-write of the terms came too late for many who said they had deleted their accounts and removed their photos.

Evidence of how strongly people felt about the issue was seen by the hashtags #twitpic and #delete trending in conjunction on the micro-blogging service.

Many also felt that the explanation did little to clear up the ambiguity over who would profit from a newsworthy photo. Mr Everett was pressed for a clearer statement via his account on Twitter. So far he has not replied.

Twitpic's terms and conditions are similar to those of many other Twitter picture services such as Yfrog, Flickr and Instagram which all give those firms the right to redistribute images.

The row prompted MobyPictures to change its terms to include a specific clause which says it will not try to sell users' images.

Twitpic is not the first new media company to irritate its users by changing their terms and conditions. Facebook has weathered several controversial changes as has Apple, Flickr and Google.

Powered By WizardRSS.com | Full Text RSS Feed | Amazon Plugin | Settlement Statement | WordPress Tutorials