Police: download a file, go to jail for 10 years and pay an “unlimited” fine

 


The 70,000 daily visitors to popular music site RnBXclusive.com were met with a purposely terrifying message on Tuesday and part of Wednesday. The UK’s Serious Organized Crime Agency (SOCA) took the site down, arrested its operator, and threw up a splash page that warned downloaders of “up to 10 years imprisonment.” Thought statutory damages of up to $150,000 per infringement in the US were ludicrous? SOCA warns that downloaders from the site could face an “unlimited fine under UK law.”

SOCA also showed users their own IP address and warned that “the above information can be used to identify you and your location,” adding that “SOCA has the capability to monitor and investigate you, and can inform your Internet service provider of these infringements.”

Didn’t get the message? The warning goes on to say, “You may be liable for prosecution and that fact that you have received this message does not preclude you from prosecution.”

SOCA announced separately on Wednesday that the rather theatrical warning (our judgment, not their words) would only stay up for 32 hours, apparently as a way to reach the site’s regular visitors. (The notice has now been removed.)

“The website in question specialised in RnB and enabled access to music obtained by hacking, including some which had not yet been released,” SOCA said in its statement. “[Global music trade group] IFPI estimates losses to legitimate businesses and artists caused by the site to be £15m a year. During the week running up to arrest phase the website had 70,000 users daily, mainly males aged 18 to 25 years.”

SOCA agents stress that they have “monitored responses” to the arrest and takedown, including watching people discuss it globally on Twitter. They claim that related sites have already cleaned up their act to avoid similar action.

While RnBxclusive.com might have been a hive a scum and villainy, SOCA agents hardly give the impression of acting as neutral agents of justice. The takedown was clearly pushed by the recording industry, which in itself is fine; all sorts of private parties complain to police when laws have been broken. But the SOCA warning page on RnBxclusive.com went well beyond a mere legal statement and warning.

“As a result of illegal downloads young, emerging artists may have had their careers damaged,” it said. “If you have illegally downloaded music you will have damaged the future of the music industry.”



The extraordinary statement—opening as it does with the frank admission that this is all unprovable (“may”) and concluding with an odd remark (the “music industry” is hardly synonymous with the “recording industry” actually being assisted here)—sounds like the sort of moralizing argument that is more appropriately the domain of rightsholders than the police. The coppers then provide a link directing visitors to pro-music.org, a site actually run by the recording industry.

Source: ars

-Eric

  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • Twitter
  • RSS

Judge denies record label’s request to shutter “used” MP3 store

A one-of-a-kind website enabling the online sale of preowned digital-music files got a major legal boost late Monday when a federal judge refused to shutter it at the request of Capitol Records.

ReDigi, which opened in October, says it’s a modern-day, used-record store that provides account holders with a platform to buy and sell used MP3s that were purchased lawfully through iTunes. The platform’s technology does not support other digital files such as those purchased from Amazon or ripped from a CD.

The brief ruling (PDF) by US District Judge Richard Sullivan of New York did not clearly outline the reason for the decision. But among other things, the legal questions before him included the first-sale doctrine, the legal theory that people in lawful possession of copyrighted material have the right to sell it.

Sullivan’s decision means that the case is still headed to trial, where Capitol will attempt to prove its allegations that ReDigi facilitates wanton copyright infringement and is not protected by the first-sale doctrine.

John Ossenmacher, ReDigi’s founder, blasted Capitol in a statement. “We hope Capitol can get back to their business and find a way to catch up to the times instead of trying to stop the innovation process, denying rights to their paying customers along the way,” he said.

Richard Mandel, Capitol’s attorney, said in a telephone interview that “We are confident we will prevail at trial.” Sullivan said at a hearing on Monday that Capitol had a strong “likelihood of success on the merits,” Mandel said.

A different federal judge sided with the first-sale principle in 2008, when it debunked UMG Recordings’ claim that it retained perpetual ownership of promotional CDs it releases before an album’s debut. Last year, however, a different court ruled against now-defunct online service Zediva, which streamed movies to customers via DVDs that Zediva had purchased.

In the ReDigi case, Capitol Records sued the Massachusetts-based startup last month in New York federal court. Claiming ReDigi was not the used record store it said it was, Capitol said ReDigi was liable for contributing to copyright infringement.

The label was demanding US District Judge Richard Sullivan immediately order ReDigi to remove Capitol-owned material, (PDF) and to also award damages of up to $150,000 per track against the startup. ReDigi would have gone defunct had the judge sided with Capitol.

ReDigi explained to Sullivan in court papers (PDF) that its undisclosed number of account holders have a right to upload their purchased iTunes files into ReDigi’s cloud. And when a file is sold to another ReDigi account holder, no copy is made. What’s more, because of ReDigi’s technology, the original uploaded file that is sold cannot be accessed by the seller any more through ReDigi or via the seller’s iTunes account.

Prices for songs vary on ReDigi, with some files having asking prices as high as 87 cents—just 12 cents less than what many songs retail for on iTunes. The company, which earns up to 15 percent per sale, also offers cloud-storage music streaming.

Source: ars

-Eric

  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • Twitter
  • RSS

Anonymous pokes fate bear, leaks FBI conference call about Anonymous

Anonymous has begun taunting its police pursuers in ever-more aggressive ways, upping the ante today by releasing an internal FBI conference call in which agents from across the country and police in the UK share status updates on their investigations of the group—and reveal that major new action is coming soon.

Much of the call is taken up by a UK investigator from the Metropolitan Police who comes across as eager to curry favor with the FBI. The biggest way this is being done? UK investigators are intentionally trying to delay the court cases against Ryan Cleary and Jake “Topiary” Davis, two UK Anons arrested last year, for up to eight weeks as a favor to the FBI’s New York field office.

The goal is to build the extra time into the ongoing cases so that it “won’t look suspicious.” While eight weeks is being requested, judicial delay for even six weeks should be enough for some unspecified but imminent action on the part of the New York FBI.

“We’ve cocked things up in the past, we know that,” said the UK investigator on the call. Providing the delay is one way in which he is trying to make things right with the FBI.

The official also detailed a West Midlands investigation into a hacker who goes by “tehwongz.” He turns out to be a 15-year old kid “who’s doing this all for attention and [is] a bit of an idiot,” the investigator says. In addition, he’s a “pain in the bum” and a “wannabe type character.”

And yet—the youngster claimed to have access to thousands of Steam logins (Steam is “some sort of a gaming site,” the investigator adds) and may have been involved in a Steam breach that is currently being investigated out of the FBI’s Baltimore field office.

Just before the leaked call broke, TehWongz took to Twitter to link up his resume, in which he says:

My hacking portfolio includes Steam (which, when I was pissed with Omni (the owner of this site) I used to hit this site offline for a good few hours. I have also hacked Police websites, released an SQLi on police.uk – Hacked 2 Stock Exchanes [sic], Defaced 2 Banks, DDoS’d MasterCard, Paypal & multiple Gov sites, Defaced hundreds of Websites and given out gifts, Christmas presents, domain names etc for ‘LulzXmas’ worth over $100.000 to shelters, charities, twitter followers & random people.

At the moment I am looking for any work I can get (My average charge is between $15 – $45 per Hour)

Has he been turned? UK police say they have his hard drive, and other Anons seem to think he’s cooperating. But “still I never got arrested lol,” he wrote this morning.

The US has clearly been helping the UK out to a considerable extent in its cases. The UK official also noted that the US had provided him with a 325-page forensic report on Cleary’s hard drive. “We’re quite impressed with it,” he added. (“Indecent images” were allegedly found.)

Cat and mouse

The short call wrapped up without much more of substance being discussed, but the leak did shed light on just how many investigators are after Anonymous. Forty-five people are listed on the leaked e-mail advertising the “Anon-Lulz International Coordination Call,” though most did not appear. Four names on the list came from the UK, two from Ireland, three from The Netherlands, three from France, one from Germany, three from Sweden, two from Europol, and 27 from the FBI.

And these were just representatives; it’s clear many others are involved in the work. The UK official, for instance, noted that his country has an “intel cell” that looks into these issues.

But the leak also showed how Anons are after the investigators. Despite high-profile arrests over the last few years, national police seem unable to put a serious dent in the ranks of top Anonymous hackers. The combination of the FBI e-mail and conference call recording suggests that at least someone in Anonymous has access to internal FBI communications or accounts.

As “AnonymousIRC” put it on Twitter, “The #FBI might be curious how we’re able to continuously read their internal comms for some time now. #OpInfiltration”

An FBI spokesperson would tell Ars only that “the information was intended for law enforcement officers only and was illegally obtained. A criminal investigation is under way to identify and hold accountable those responsible.”

  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • Twitter
  • RSS

Swarm of Flying Robots

     This freaky footage of a gang of tiny flying robots looks like it’s straight out of a sci-fi flick. But it’s 100 percent real.

     On Wednesday, robotics researchers at University of Pennsylvania released a video of what they call “nano quadrotors” – tiny flying robots that engage in complex social movements like swarming and pattern formation.

     The video shows what look like mini helicopters flying with remarkable agility and precision. They can do flips, avoid obstacles, and shift direction effortlessly, all on command. Toss one up in the air, and it finds its balance and and flies back to the hand that launched it. Best of all, when in the company of other drones, they gather to fly in a figure-8 formation.

     The machines come from UPenn’s General Robotics, Automation, Sensing, and Perception (GRASP) lab. Scientists there hope that swarms of tiny bots like these can replace human search and surveillance teams, like those used after a disaster. But future technology will need to improve our ability to coordinate large groups of inexpensive robots, instead of programming and configuring each one manually.

     The researchers express their hopes for the future of this technology in a written statement;

“Can large numbers of autonomously functioning vehicles be reliably deployed in the form of a ‘swarm’ to carry out a prescribed mission and to respond as a group to high-level management commands? Can such a group successfully function in a potentially hostile environment, without a designated leader, with limited communications between its members, and/or with different and potentially dynamically changing “roles” for its members?”</quote

Let’s just hope these little guys don’t get angry.

 

source: huffpost

  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • Twitter
  • RSS

Life-like Beavis and Butt-head Busts are Creepy

 

  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • Twitter
  • RSS

As Anonymous protests, Internet drowns in inaccurate anti-ACTA arguments

 

After the Internet’s decisive victory over the Stop Online Piracy Act earlier this month, online activists have been looking for their next target, and a growing number of them have chosen the Anti-Counterfeiting Trade Agreement (ACTA), which was signed by the EU last week. Indeed, the renewed focus on ACTA even led a group of Polish politicians to hold paper Guy Fawkes masks—the symbol of Anonymous—over their faces in protest at the way ACTA has been pushed through. In the US, over 35,000 people have signed a petition urging the White House to “end ACTA,” despite the fact that it has already been signed by the US.

At Ars Technica, we’re as committed as anyone to defending free speech, fair use, and the open Internet against draconian new copyright laws. But it’s important for the debate to be informed by accurate information. Unfortunately, many of the claims about ACTA that are circulating among the treaty’s opponents are highly misleading or outright inaccurate. We’ve been covering ACTA for over four years, and hopefully we can shed some light on a tricky subject.

Much of the misinformation seems to come from the fact that the final text proved to be much less dangerous to Internet freedom than early drafts had suggested. Any number of controversial proposals were included, or rumored to be included, in early drafts of the treaty. But thanks in part to an intense public backlash, most of these provisions were stripped out, or at least watered down, in the final version of ACTA.

That final version has been publicly available for months, but many ACTA opponents continue to focus on these deleted provisions in their arguments against the treaty. We’ll examine four of the most trenchant claims about ACTA that have been circulating on the Internet in the last week, then compare them to what ACTA actually says.

Four dubious claims about ACTA

Claim: “ACTA gives [ISPs] the power—or more accurately forces them—to monitor all your packets, all the time.”

Reality: This is the most-repeated claim, and it’s simply inaccurate. Nothing in the treaty appears to require ISPs to monitor their customers’ traffic. While earlier versions of the treaty had proposed French-style “three strikes” measures, these proposals were dropped from the final version of the treaty. The closest ACTA comes to mandating ISP surveillance is section 27.3, which requires participating nations to “promote cooperative efforts within the business community to effectively address trademark and copyright or related rights infringement while preserving legitimate competition and, consistent with that Party’s law, preserving fundamental principles such as freedom of expression, fair process, and privacy.”

Forcing ISPs to actively monitoring their customers’ traffic might be one way to comply with this requirement. Implementing a “three strikes” regime might be another. But there are also innocuous ways a country could comply, like holding conferences on copyright enforcement, sending literature to businesses encouraging them to respect copyright, and setting up an anonymous tipline for suspected copyright or trademark infringement.

Claim: “Can you imagine generic drugs that could save lives being banned? Can you imagine seeds that could feed thousands being controlled and withheld in the name of patents? This could become a reality with ACTA.”

Reality: Section 3 of ACTA deals with the flow of infringing products across borders. It requires countries to allow customs officials to seize goods suspected of infringement. Such seizures would be allowed not only in the origin and destination nations, but also while the goods are in transit through third countries.

Critics argue that drug companies could use this provision to get generic drugs seized as they pass through third countries, even if the drugs would be legal under the patent system of the destination country. Similarly, they worry that genetically-modified, and patent-encumbered, seeds would be seized as they were shipped across borders. But footnote 6 of the treaty states that “patents and protection of undisclosed information do not fall within the scope” of section 3.

There have been isolated cases of generics being seized on trademark grounds because they too closely mimicked the appearance of the corresponding name-brand drug. (Think of Nexium, for example, which is marketed as the “purple pill.”) But at worst that would require the manufacturers of generics to tweak the appearance of their drugs to avoid infringing on trademarks.

An in-depth report on the impact of ACTA on generic medicines found that the treaty “makes enforcement of intellectual property rights in courts, at borders, by the government and by private parties easier, less costly, and more ‘deterrent’ in the level of penalties. In doing so, it increases the risks and consequences of wrongful searches, seizures, lawsuits and other enforcement actions against legitimate suppliers of generic medicines.” So at the margin, ACTA might be bad for the flow of generic drugs to poor countries, but it’s a huge exaggeration to say that generic drugs would be “banned.”

Claim: ACTA “obliges its signatories to take on many of the worst features of SOPA and PIPA.” It’s “the European version of the US SOPA and PIPA rolled into one and cranked up to 11.”

Reality: The provisions of SOPA and PIPA that generated the most outrage were those that would have blacklisted sites from DNS, search engines, payment networks, and ad networks. None of these proposals were included in ACTA. Perhaps this is a reference to the provisions requiring signatories to “promote cooperative efforts within the business community,” but as we’ve seen, there are any number of ways to comply with this requirement that are less draconian than the SOPA provisions that generated so much controversy.

As respected Candian copyright scholar (and longtime ACTA critic) Michael Geist has put it, “from a substantive perspective, ACTA’s Internet provisions are plainly not as bad as those contemplated by SOPA. Over the course of several years of public protest and pressure, the Internet provisions were gradually watered down with the removal of three strikes and you’re out language. Other controversial provisions on statutory damages and anti-camcording rules were made optional rather than mandatory.”

Claim: “ISPs will be required to constantly check that no copyrighted material, or links to copyrighted material, are found on their servers… Even parts of sentences could be protected and made prescripted by copyright.”

Reality: These claims come from a video that was produced by Anonymous; while the group’s many “members” are concerned about censorship and copyright maximalism, the video itself is full of erroneous claims. The video has been embedded by outlets that should know better, like The Atlantic, and it has been viewed half a million times.

For the record, nothing in ACTA appears to require sites to constantly monitor user-generated material for infringing material. And we have no idea how ACTA could be interpreted as bringing “parts of sentences” under copyright protection.

ACTA is a bad treaty

None of this is to say ACTA is a good treaty. It isn’t. It has both procedural and substantive problems—and critics need to attack it on the right grounds.

ACTA was negotiated in extreme secrecy by a small group of wealthy nations. As leaked documents make clear, the explicit goal of this approach was to bypass existing international instituions like WIPO where other countries might object to even stricter IP enforcement. Instead, ACTA was a “coalition of the willing which “would aim to set a ‘gold standard’ for IPR [intellectual property rights] enforcement among a small number of like-minded countries, and which other countries might aspire to join.”

As for the secrecy, even some participants found it unsettling. The EU’s top negotiator on ACTA even told US embassy official in Sweden that “the secrecy issue has been very damaging to the negotiating climate in Sweden… The secrecy around the negotiations has led to the legitimacy of the whole process being questioned.”

In the US, ACTA was dubbed an “executive agreement” rather than a “treaty,” which allowed negotiators to skip the ordinary Senate ratification process. If ACTA becomes a binding part of international law, it will create a precedent for future treaties that avoid basic principles of transparency and democratic accountability.

On the merits, the problem with ACTA is less that it would require changes to American or European law as that it would become another mechanism for Western governments to force poorer countries to adopt bad copyright policies. For example, the treaty requires signatories to adopt anti-circumvention rules similar to those in the American DMCA, and a regime of statutory damages like the one that produced a $1.5 million judgment against Jammie Thomas-Rasset for infringing 24 songs. Once ACTA is adopted by wealthy countries, the US government is likely to make its adoption a factor in its Special 301 report, which lists countries Washington regards as having insufficiently strong copyright laws. Thanks to this kind of arm-twisting, copyright treaties that are adopted in the US and Europe are eventually foisted on the rest of the world.

More generally, the treaty continues the one-way ratchet toward ever-stronger copyright protections. ACTA establishes a new, higher minimum of copyright protections and enforcement that countries must provide, but it doesn’t require countries to preserve mechanisms like fair use and intermediary immunity that protect intellectual freedom.

If Congress ever decides that IP rights have swung too far in one direction, it can always rebalance them by changing the law, right? Not exactly. International agreements like ACTA bind the hands of legislators unless the US is willing to withdraw from them first.

That’s why Rep. Darrell Issa (R-CA) last week called ACTA “more dangerous than SOPA.” He added, “It’s not coming to me for a vote. It purports that it does not change existing laws. But once implemented, it creates a whole new enforcement system and will virtually tie the hands of Congress to undo it.”

Unfortunately, these arguments are hard to explain to the general public. So too many ACTA opponents are, perhaps unknowingly, attacking ACTA for provisions that aren’t in the treaty. We’re not going to shed too many tears if this misinformation helps to kill a bad treaty, but we’d rather win the debate honestly—and prepare people for the upcoming ACTA sequel.

source: ars

-Eric

00

  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • Twitter
  • RSS

Pro-government hactivists deface Al Jazeera coverage of Syrian violence

 

The Al Jazeera English website was attacked and defaced on January 29 by hackers supporting Syrian president Bashar al-Assad. Targeting the news organization’s “Syria Live Blog,” which has been providing ongoing coverage of the Arab League’s observer mission to Syria and developments in the ongoing unrest in the country, the hacker group calling itself the Syrian Electronic Army posted pro-Assad and pro-Syrian government images to the site.

 

The relationship of the Syrian Electronic Army to the government itself is unclear. However, the group’s domain was registered in May of 2011 in Tartous, Syria, and its site is hosted on servers maintained by the Syrian Computer Society—a group Assad was the head of before assuming Syria’s presidency, and introduced the Internet to Syria in 2001.

The attack started at about 2:30 PM Central Time, just after Al Jazeera posted a report on casualties reported by the Local Coordinating Committees, an activist network in Syria. On their own site, the Syrian Electronic Army announced the “code re-penetration” of the site by a “professional Syrian battalion” of hackers, denouncing Al Jazeera for broadcasting “false and fabricated news” to “ignite sedition” among the people of Syria and achieve the goals of “Washington and Tel Aviv.”

This is the second attack against Al Jazeera this month claimed by the pro-Assad hacktivist group. In September, the group attacked Harvard University’s site, and keeps a graphic from Harvard’s site on its homepage as a trophy of that exploit. In August, the group attacked the Tumblr site set up by YourAnonNews in response to Anonymous’ attacks on Syrian government sites.

Source: ars

-Eric

  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • Twitter
  • RSS

How to Build a (Nearly) Hack-Proof Password System with LastPass and a Thumb Drive

 

It seems like every day there’s news that a new site or service has been hacked. The intruders make off with usernames and passwords, and even if they’re encrypted the service forces users to change them. This week it was DreamHost, and last week it was Zappos.

We’re big fans of LastPass, a cross-platform password manager that helps you create and manage secure, unique passwords for every site, but the point of failure is obvious: What happens if someone gets your master password? Here’s how you can beef up LastPass by turning a USB flash drive into a key you have to plug in to your computer before you can access your passwords. This way, the next time a service you use has been hacked—even if it’s LastPass—you won’t worry.

If you’re not already using LastPass to generate, maintain, and manage different and unique strong passwords for every site and service you use on the web, it’s time to get started. The beauty of LastPass is that it’s available for Mac, Windows, Linux, and even mobile devices, and you can choose and remember one strong password and then use that password to manage and access all of your other logins and services on the web. Still, LastPass keeps all of your passwords in the cloud, and while they’re as secure as they possibly could be, if someone gets a hold of your LastPass password, you’re pretty much screwed, right? Not if you have a spare USB drive with Sesame, a utility that turns your USB key into an actual key needed to unlock your LastPass vault. Once installed and set up, you’ll need both your LastPass master password and your key plugged into your Mac, Windows, or Linux PC in order to unlock your vault and access your saved passwords.

Step One: Get LastPass and Set It Up

The first thing you’ll need is LastPass, and a Premium Account. It’s $12/year, but that’s a small price to pay for password security. LastPass is our favorite any-browser, any-OS password solution, and if you haven’t tried it yet, The How-To Geek has a great guide to getting started with it, and we have a more advanced guide to mastering your passwords and increasing your personal security with it.

Step Two: Grab a USB Flash Drive and Install Sesame

The next thing you’ll need is a USB flash drive. Building on the principle that most secure password is the one you can’t remember, your second authentication factor will be a device, not a passkey or code. LastPass offers a tool called Sesame that can turn any USB drive into a second authentication method to use when you need access to your LastPass vault. This way, even if someone obtains your LastPass password, it’s useless without the USB drive, and vice versa.

You already know how to secure your personal belongings, like your wallet or keys, so a USB flash drive like the LaCie key-shaped USB drives that fit right on your keychain shouldn’t be a problem to keep safe and secure.


Once you have Sesame downloaded and extracted to your USB drive, here’s how to set it up:

  1. Run the Sesame utility on your USB drive, and log in with your LastPass credentials.
  2. Sesame will email you an activation code, required to enable two-factor authentication on your account.
  3. Click the link in your activation email to activate Sesame. (Note: The activation code is only good for 10 minutes.)
  4. After you’ve activated Sesame, you’ll have to log in with both a Sesame passkey and your LastPass credentials whenever you want to access your password vault (more on this in the next section.)

 

Step Three: Use Your Key to Access Your Password Vault

Going forward, you’ll need your USB drive any time you want to access your Lastpass vault, like when a service or site you have an account with gets hacked and you need to change the password, or you reset a password for one of those services.

To access your LastPass vault once you have Sesame enabled, you have two options.

Option One:

  • Visit LastPass in your browser, and log in with your LastPass credentials.
  • When you’re prompted for a Sesame one-time token, pop in your USB key and run Sesame to generate your token and copy it to the clipboard.
  • Paste the token into the authentication screen, and click OK to access your password vault.

Option Two:

  • Insert your USB key and run Sesame.
  • Check the box for “Launch Browser,” and click the “Generate One Time Password” button.
  • Sesame will generate your token, open your browser and go to LastPass, and pass the token for you. Type in your master password, and click OK to access your vault.

Don’t worry, if you lose your Sesame USB key, the key is useless without your LastPass email address and master password. You can always visit your LastPass vault, click the link in the authentication screen to tell LastPass that you no longer have your Sesame device, and confirm via email that you want to deactivate Sesame. Then, you can grab another USB key, reinstall Sesame, re-activate it, and be on your way.

Step Four: Audit Your Passwords and Strengthen Security

Now that your LastPass vault is well protected with two-factor authentication, it’s time to tune up the passwords that LastPass is protecting. After all, LastPass won’t do you much good if your Amazon password is “password” or if your Google account password is “123456.” We’ve discussed how you can use LastPass to audit and update your passwords, and even how you can make those passwords more secure and easy to use. If you’re taking steps to make your LastPass account as hack-proof as possible, you may as well go the extra mile and make your individual passwords as strong as possible as well.

As we mentioned, Sesame is a great tool to make sure that even if LastPass gets hacked, or someone gets a hold of your LastPass master password, they don’t have carte-blanche to log in to your LastPass account and grab your credentials to everything else on the web. It doesn’t, however, automatically add a second authentication method for all of those services you use, so it’s important to make sure those passwords are strong.
Step Five: Consider Secondary Authentication for Other Web Services

In addition to beefing up your LastPass account, you might want to consider activating two-factor authentication for any other web services where it’s available. For example, we’ve discussed how you can—and should—set up two-factor authentication for your Google account, and how you can do the same for your Facebook account as well. Many banks and financial institutions are coming around to offering two-factor authentication before you can get at your financial statements or move your money around, so contact your bank or investment firm to see if that added security is available to you.

Step Six: Stay Vigilent

If you’ve been following along, you should now have LastPass set up with two-factor authentication for your vault, you’ve audited your passwords and made them stronger and more difficult to crack, and you’ve activated multi-factor authentication on the services where it’s available to you. That all doesn’t mean that you can relax and forget about security—you’ll still need to quickly change your passwords for any sites or services you use that get hacked, and you’ll still need to use different strong passwords for each site or service you use. No password mechanism, web service, or authentication scheme is completely hack-proof. That said, this should help you breathe a little easier.
Alternatives to Your Thumb Drive Key

LastPass provides more than one way to set up two-factor authentication, so if you don’t like this specific method, you have other options. For starters, you can purchase a Yubikey from Yubico for about $25, and set up Yubikey authentication on your LastPass account for the same effect. You can also use LastPass with Google Authenticator and turn your smartphone into the “key” that—along with your master password—unlocks your LastPass vault. If you’re not interested in paying for a LastPass premium account, consider grid multifactor authentication for your LastPass account, a technique we’ve shown you that you can apply to other services.

Source: lifehacker.com

-Eric

  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • Twitter
  • RSS

Buy 1 year get 1 free Offer Ends 1/31/12

This is the antivirus that I’ve been using for about a year now. In my opinion it’s the best one out there. And for the rest of this month Vipre is having a buy 1 get 1 year free sale. There are only a few days left – so you need to go ahead and order. It’s an even better deal if you have 3 or more computers. It’s less than $40 for 1PC for 2 years and for less than $70 you have 2 years of protection on up to 10 computers.

All the free antivirus programs that we use just don’t cut it anymore.  They don’t protect from the worst type of virus – a rootkit.  Rootkits do not show up on your computer as files – and the free antivirus programs are not able to scan anything that is not a file.  Vipre scans below the file system to find those rootkits and remove them from your system.

update: offer expired

Vipre Antivirus

-Eric

  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • Twitter
  • RSS

Judge: Fifth Amendment doesn’t protect encrypted hard drives

A federal judge has ruled that a Colorado woman can be compelled to decrypt her encrypted laptop so that the police can inspect it for incriminating evidence. The woman, Ramona Fricosu, is a defendant in a mortgage scam case. She had argued that the Fifth Amednment’s privilege against self-incrimination protected her from having to disclose the password to her hard drive, which was encrypted using PGP Desktop.

In previous cases, judges have drawn a distinction between forcing a defendant to reveal her password and forcing her to decrypt encrypted data without disclosing the password. The courts have held that the former forces the defendant to reveal the contents of her mind, which raises Fifth Amendment issues. But Judge Robert Blackburn has now ruled that forcing a defendant to decrypt a laptop so that its contents can be inspected is little different from producing any other kind of document.

Fifth Amendment issues can also arise if acknowledging ownership of a laptop or the existence of relevant documents is itself incriminating. But the police had recorded a phone call between Fricosu and her husband in which she seemed to acknowledge ownership of the laptop and to reference incriminating material on it. Blackburn ruled that barring prosecutors from using the fact that she was able to decrypt the laptop as evidence against her in court would satisfy the Fifth Amendment concerns with compelled disclosure.

Fricosu’s lawyer talked to CNET about the case and about his plans to appeal the ruling.

Dubois said that, in addition, his client may not be able to decrypt the laptop for any number of reasons. “If that’s the case, then we’ll report that fact to the court, and the law is fairly clear that people cannot be punished for failure to do things they are unable to do,” he said.

 

Source: Ars

-Eric

  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • Twitter
  • RSS