Sen. Rockefeller Announces Anti-Online-Tracking Bill

Found on Wired on Friday, 06 May 2011
Browse Politics

Chairman Jay Rockefeller (D-West Virginia) said the bill, to be introduced next week, will create a "universal obligation for all online companies" to not track people who set a browser flag or cookie saying they don't want to be tracked.

"This bill will offer a simple, straightforward way for people to stop companies from tracking their every move on the internet."

Oh yeah, I can already see the 100% success rate. Instead of telling the user to opt-out, companies should be required to have the user opt-in.

Sony offers identity theft protection, little news on PSN relaunch

Found on Ars Technica on Thursday, 05 May 2011
Browse Internet

Sony has given us a flurry of updates describing the steps being taken to get the service back up, the company has announced that PlayStation Network members will be given a year of identity theft protection, and Sony CEO Howard Stringer has offered another apology.

It's a simple thing to order a new credit card and change your passwords, but when we buy a game we expect it to work online. We want to play it right the heck now, and some gamers are going to be flat out angry after an outage this long.

Identity theft protection? Too little too late, I would say. Apart from that, if you think it's a bigger problem that you can't play a game than having your credit card details and identity stolen, you have a serious issue.

LastPass Asks Users To Change Password After Probable Breach

Found on ThreadPost on Wednesday, 04 May 2011
Browse Internet

LastPassLastPass, a Web based password management firm, advised its customers to change the password they use to access the service following what the company discovered signs that its network may have been compromised.

An analysis of the outbound data transfer from the server is large enough to have included "people's email addresses, the server salt and their salted password hashes from the database."

Anybody who entrusts passwords to an online service is in a state of sin. I wouldn't give my passwords even to my closest friends, so why should I store them with a third party I don't even know? Now many people would say "because it's so convenient to access your passwords from anywhere". Guess what, convenience does not work together with security. It's a XOR decision.

Mozilla refuses US request to ban Firefox add-on

Found on The Register on Wednesday, 04 May 2011
Browse Censorship

The request came from officials at the Immigration and Customs Enforcement, the agency under the Department of Homeland Security that in February took the unprecedented step of seizing domain names accused of streaming live pay-per-view sporting events.

According to a blog post published on Thursday by Mozilla General Counsel Harvey Anderson, ICE officials alleged MafiaaFire circumvented their seizure order and asked Mozilla to remove it.

Good to see that the Mozilla Foundation does not give in to those censorship demands. "Operation in our Sites" (who comes up with those retarded project names?) is operating in a more than just grey area. Simply taking domains from their rightful owner is basically theft and thus illegal. It's also about time that the control over the com/net/org TLD's is taken away from the US.

Even Robots Can Be Heroes

Found on Science on Tuesday, 03 May 2011
Browse Technology

For all organisms, the ultimate goal is to pass on one's genes. The problem with altruism is that sacrificing individual gains for the greater good can compromise that goal

The robots have two independently operating wheels and a "nervous system" composed of sensors and a camera, which allow them to detect small discs - a stand in for food.

Some of these "mutations" helped the robots better gather the food disks, while some made the robots less efficient at the task.

The more closely related the robots, the quicker they cooperated.

I wonder when those robots will be available to toy around with.

How to avoid sharing personal info online

Found on CNet News on Monday, 02 May 2011
Browse Internet

You can't trust anyone on the Web. Just ask the millions of people who signed up for Sony's PlayStation Network and who now must protect against possible hack attacks on their bank accounts and other private data lost due the recent data breach.

In addition to your credit card number and e-mail address, Web services may require--or at least request--other personal information. Unless the company will be shipping something to you, there's no need to give out your street or mailing address.

For example, when a service requires that I fill in my birth date, I use the earliest date it allows, such as January 1, 1905. I get a big kick out of seeing the geriatric-aid ads this generates.

Always make up fake information, unless you real identity is really required; for example, to have a shop mail your order to you or when you open a bank account. A gaming network has no reason whatsoever to demand the real identity of their users. Worst thing that can happen is the termination of the account; and even if they threaten to take legal action for signing up with false information, I'd be interesting to see such a case go to court. Always use imaginary names, throwaway emails, random countries, birthdates and of course different passwords. Try not to re-use the same fake identity twice. Sadly, one of the best defenses is not available: a whitelist for your bank account, so that you have to explicitely grant permission for every debit transfer. Recurring debits could be allowed to whitelisted accounts only. Think of it as a firewall for your account, with bank account numbers taking the place of the IP.

U.S. Forces Kill Osama bin Laden

Found on Wired on Sunday, 01 May 2011
Browse Politics

In a "compound" near an area deep inside Pakistan called Abottabad - not far from the capital of Islamabad - U.S. operatives engaged in a "firefight" with bin Laden's handlers, Obama said, and killed the terrorist leader.

The Afghanistan war will surely continue. Drone strikes in Pakistan will surely continue. Al-Qaida will surely proclaim imminently that it's merely transitioning into its next phase. But Obama called it the "most significant achievement to date in our effort to defeat al-Qaida."

Only a fool would assume that this means the end of terrorism. Bin Laden was nothing more than a symbol in the past few years, since he practically vanished from everyday life. Al-Qaida is not a single organisation, but a network, with more than enough cells working decentralized. It can, and will, continue; and chances are high that it will act soon to prove that it has not turned into a toothless beast. For the US, who trained and supported him in the past, it might be convenient that he resisted so he cannot be questioned anymore. Just like Saddam Hussein; and probably soon Ghaddafi. When your former buddies turn bad, make sure they won't be able to talk about the past once they are not in control anymore.

Did PlayStation Network hackers plan supercomputer botnet?

Found on The Register on Saturday, 30 April 2011
Browse Internet

The most dire scenario is that attackers gained, or tried to gain, control of the part of Sony's network that issues updates for the PlayStation 3.

"It's justification for Sony freaking out. They could lose control of their whole PS3 network."

Researchers speculating on the cause of the PSN breach are reading the posts as evidence that it may be possible to override Sony's security using modded PS3s, particularly if it was premised on the assumption that it was impossible for jailbroken consoles to access the network.

If a device is under the full control of a malicious user, there is no limit on what can be done. If Sony would not have removed the "Other OS" feature, things would not be that bad. For now, that is, because sooner or later the PS3 would have been broken anyway.

Record Label Demands From Amazon

Found on Techcrunch on Friday, 29 April 2011
Browse Internet

Dominating the discussions is the labels concern that personal cloud services will exacerbate piracy and erode their business even further.

All songs without a proof of purchase would be assumed to be unauthorized and not accepted into the system.

Sony wants loading to happen from only one computer. Each locker owner would have to designate a single location from which they could upload songs. Users could load music from either their laptop or desktop or office computer but not all three.

Locker owners would only be able to download their music files a single time if they claimed they were lost. All future downloads would be forbidden.

What WMG would like to see happen is that a central locker authority would administer all locker assignments.

I can only say it again and again: I want to see those big useless labels vanish sooner than later. Their broken and greedy business model does not work anymore and it's about time that they go down and leave it up to the artists to interact with their fans. It's a simple principle: remove the middle man.

Facebook shoots, ignores questions; account lock-out attack works

Found on Ars Technica on Thursday, 28 April 2011
Browse Internet

Got enemies on Facebook? Facebook is so eager to protect copyright that the mere accusation of copyright infringement is enough to get an account locked.

Prior to the account lockout, we had received no notices of infringement or warnings. Truly, we awoke to find that Facebook had summoned a judge, jury, and executioner and carried out its swift brand of McJustice all without bothering to let us know that there was even a problem.

That's what one gets for relying on a single service. Invest a little time and keep track of your friends, and keep backups. So even if Facebook shuts you down for no reason, you still have your contacts offline; and yes, emailing is still a way to communicate.