Advertising - Instant Ads Set the Pace on the Web: Via NYTimes.com .

Now, companies like Google, Yahoo and Microsoft let advertisers buy ads in the milliseconds between the time someone enters a site’s Web address and the moment the page appears. The technology, called real-time bidding, allows advertisers to examine site visitors one by one and bid to serve them ads almost instantly.

For example, say a man just searched for golf clubs on eBay (which has been testing a system from a company called AppNexus for more than a year). EBay can essentially follow that person’s activities in real time, deciding when and where to show him near-personalized ads for golf clubs throughout the Web.

If eBay finds out that he bought a driver at another site, it can update the ad immediately to start showing him tees, golf balls or a package vacation to St. Andrew’s, Scotland, often called the home of golf. If a woman was shopping, eBay could change the ad’s color or presentation. [ Read more ... ]

Feds: TSA Worker Tried to Sabotage Terror Database: Via Threat Level.

A former Transportation Security Administration contractor is being charged in Colorado for allegedly injecting malicious code into a government network used for screening airport security workers and others.

The malicious code, a logic bomb installed last October, was designed to cause damage and disrupt data on servers on an undisclosed date but was caught by other workers before it delivered its payload.

Douglas James Duchak, 46, had worked as a data analyst at the TSA’s Colorado Springs Operations Center, or CSOC, since 2004. The CSOC is used to vet people who have “access to sensitive information and secure areas of the nation’s transportation network,” according to the indictment. A source involved in the case said this involved screening of both passengers and workers at airports and other transportation facilities.

He pleaded not guilty in a Denver federal court on Wednesday and was released on a $25,000 unsecured bond. The indictment did not say whether the malware was crafted to erase or alter data, or simply disable servers.

The CSOC network stores updated information from the government’s terrorist watchlist as well as criminal histories from the U.S. Marshal’s Service Warrant Information Network. [ Read more ... ]

Zeus botnet dealt a blow as ISP Troyak knocked out: Via Computerworld Cybercrime/Hacking News.

Internet service providers linked to the notorious Zeus botnet have been taken down, knocking out a third of the command-and-control servers that run the network of hacked machines.

Two ISPs, named Troyak and Group 3, were home to 90 of the 249 known Zeus command-and-control servers. Zeus Tracker, a Web site that tracks the botnet, noticed the steep drop in servers on Wednesday morning.

The Troyak network was itself an upstream provider to six networks, known to host a large number of cybercrime servers, including Web sites used in drive-by attacks and phishing sites, according to Kevin Stevens, a researcher with SecureWorks. "There's lots of Zeus and Fragus exploit kit [sites]," he said. Whoever was behind the takedown "just decided to knock out a large area of cybercirme, and this was probably one of the easiest ways to do it." [ Read more ... ]

European Parliament Rips Global IP Accord: Via Threat Level.

The European Parliament delivered a political blow to Hollywood and the Obama administration, voting Wednesday 663 to 13 in opposition to a proposed and secret intellectual property agreement being negotiated by the European Union, United States and a handful of others.

Wednesday’s developments concerning the Anti-Counterfeiting and Trade Agreement are substantial because the European Union’s 27 countries vastly outnumber the remaining countries negotiating the deal. They are Australia, Canada, Japan, South Korea, Mexico, Morocco, New Zealand, Singapore, Switzerland and the United States. Ambassador Ron Kirk, the top U.S. trade official, is spearheading the deal that began being crafted under the George W. Bush administration.

Kirk’s office declined comment.

To be sure, there is a dispute and heavy confusion concerning whether internet service providers under ACTA would be forced to punish customers deemed copyright scofflaws by reducing or eliminating service, according to a string of leaked documents. So Parliament members also agreed Wednesday to oppose the measure if it contains so-called “three strikes” or “graduated response” policies — regardless of whether that’s now in the text.

And because of the text’s secrecy, Parliament on Wednesday also demanded (.pdf) that the private agreement still under negotiation be publicly released. [ Read more ... ]

Mobile that allows bosses to snoop on staff developed: Via BBC News.

Researchers have produced a mobile phone that could be a boon for prying bosses wanting to keep tabs on the movements of their staff.

Japanese phone giant KDDI Corporation has developed technology that tracks even the tiniest movement of the user and beams the information back to HQ.

It works by analysing the movement of accelerometers, found in many handsets.

Activities such as walking, climbing stairs or even cleaning can be identified, the researchers say.

The company plans to sell the service to clients such as managers, foremen and employment agencies.

"Technically, I think this is an incredibly important innovation," says Philip Sugai, director of the mobile consumer lab at the International University of Japan. [ Read more ... ]

The majestic petulance of John Roberts: Via Salon: Glenn Greenwald.

The petulance and sense of self-importance on display here is quite something to behold:

U.S. Supreme Court Chief Justice John Roberts said Tuesday the scene at President Obama's State of the Union address was "very troubling" . . . . Obama chided the court, with the justices seated before him in their black robes, for its decision on a campaign finance case. . . . Responding to a University of Alabama law student's question, Roberts said anyone was free to criticize the court, and some have an obligation to do so because of their positions.
"So I have no problems with that," he said. "On the other hand, there is the issue of the setting, the circumstances and the decorum.
"The image of having the members of one branch of government standing up, literally surrounding the Supreme Court, cheering and hollering while the court -- according the requirements of protocol -- has to sit there expressionless, I think is very troubling."

The N.Y.P.D. Is Watching Certain People: Via NYTimes.com .

From 2004 through 2009, in a policy that has gotten completely out of control, New York City police officers stopped people on the street and checked them out nearly three million times, frisking and otherwise humiliating many of them.

Upward of 90 percent of the people stopped are completely innocent of any wrongdoing. And yet the New York Police Department is compounding this intolerable indignity by compiling an enormous and permanent computerized database of these encounters between innocent New Yorkers and the police.

Not only are most of the people innocent, but a vast majority are either black or Hispanic. There is no defense for this policy. It’s a gruesome, racist practice that should offend all New Yorkers, and it should cease. [ Read more ... ]

The Botnet Challenge: by CDT Via Comcast Voices | The Official Comcast Blog.

Editor's Note: Our thanks to Leslie Harris, President and CEO, Center for Democracy & Technology, for writing this guest blog post about botnets.

Botnets are armies of computers that criminals have infected with malicious software so they can control them to remotely to steal information, launch denial-of-service attacks, spread malware and host illegal content. Botnets are one of the most serious threats to Internet security today. They have compromised untold millions of computers – and even DSL routers – worldwide. The Conficker worm alone has infected up to 15 million consumer, business and government computers into a massive botnet in a little over two years.

Botnet armies are built on the computers of regular Internet users who have no idea that their PCs have been compromised and are being used for malicious purposes. In fact, botnets depend on users’ ignorance in order to stay operational. At the same time, the spam, phishing, and denial-of-service attacks that botnets perpetrate may have little or no impact on the compromised users or their ISPs, while wreaking havoc on faraway users connected to entirely different networks. [ Read more ... ]

Supreme Court Takes ‘Informational Privacy’ Case: Via Threat Level.

The U.S. Supreme Court is agreeing to decide how much personal information the federal bureaucracy may acquire on its workers.

The justices, without comment, decided Monday to review a lower-court decision surrounding the concept of so-called “informational privacy.” The 9th U.S. Circuit Court of Appeals in San Francisco struck down intrusive background checks last year on nearly three dozen National Aeronautics and Space Administration contractors as being too invasive — calling them an unconstitutional, “broad inquisition.”

The checks sought information from any source surrounding their sex lives, finances and even drug use. The contractors being investigated were not privy to classified information. [ Read more ... ]

Worker ID Card at Center of Immigration Plan: Via Wall Street Journal.

Lawmakers working to craft a new comprehensive immigration bill have settled on a way to prevent employers from hiring illegal immigrants: a national biometric identification card all American workers would eventually be required to obtain.

Under the potentially controversial plan still taking shape in the Senate, all legal U.S. workers, including citizens and immigrants, would be issued an ID card with embedded information, such as fingerprints, to tie the card to the worker.

The ID card plan is one of several steps advocates of an immigration overhaul are taking to address concerns that have defeated similar bills in the past.

The uphill effort to pass a bill is being led by Sens. Chuck Schumer (D., N.Y.) and Lindsey Graham (R., S.C.), who plan to meet with President Barack Obama as soon as this week to update him on their work. An administration official said the White House had no position on the biometric card. [ Read more ... ]

Supreme Court to Decide Case Involving ‘Right of Informational Privacy’: Via News - ABA Journal.

The U.S. Supreme Court has agreed to decide whether the First Amendment protects demands for personal information from government contract workers at NASA’s Jet Propulsion Laboratory.

The case asks whether the Constitution protects a “right of informational privacy,” SCOTUSblog reports. “The Supreme Court mentioned such a right in a 1977 decision, and has seldom mentioned it since,” the blog says.

The case could affect how the federal government investigates the background of its employees, the Associated Press reports. [ Read more ... ]

Feds Move to Break Voting-Machine Monopoly: Via Threat Level.

Citing anti-competitive concerns, the Justice Department sued Election Systems & Software in order to force the company to divest itself of the voting machine assets it obtained from Premier Election Solutions last year.

The department’s Antitrust Division, along with nine state attorneys general, filed the civil antitrust lawsuit (.pdf) in U.S. District Court in Washington, D.C., charging that the acquisition threatened competition. The department proposed a settlement that, if accepted, would dissolve the merger and force ES&S to sell its Premier business to a buyer approved by the Justice Department.

“The proposed settlement (.pdf) will restore competition, provide a greater range of choices and create incentives to provide secure, accurate and reliable voting equipment systems now and in the future,” said Molly S. Boast, deputy assistant attorney general for the Antitrust Division in a statement. [ Read more ... ]

The Cell Phone Network: Law Enforcement's Surveillance Dream: Via Blog of Rights: Official Blog of the American Civil Liberties Union.

Yesterday, WNYC's On the Media (OTM) profiled our cell phone tracking case. In this case, the ACLU, Center for Democracy and Technology and the Electronic Frontier Foundation (EFF) asked the court to require that the government at least show probable cause before it can ask a wireless provider to fork over information about your whereabouts using GPS or cell tower tracking via your cell phone. We won in the district court (PDF); the government appealed that decision to the 3rd Circuit. [ Read more ... ]

Security Pros Question Deployment of Smart Meters: Via Threat Level.

The country’s swift deployment of smart-grid technology has security professionals concerned that utilities and smart-meter vendors are repeating the mistakes made in the rollout of the public internet, when security became a priority only after malicious attacks had reached mass levels.

But when it comes to the power grid, the costs of remote hack attacks are potentially more dramatic.

“The cost factor here is what’s turned on its head. We lose control of our grid, that’s far worse than a botnet taking over my home PC,” said Matthew Carpenter, senior security analyst of InGuardian, speaking at a panel at the RSA Security Conference in San Francisco this week. [ Read more ... ]

Security Pros Question Deployment of Smart Meters: Via Threat Level.

The country’s swift deployment of smart-grid technology has security professionals concerned that utilities and smart-meter vendors are repeating the mistakes made in the rollout of the public internet, when security became a priority only after malicious attacks had reached mass levels.

But when it comes to the power grid, the costs of remote hack attacks are potentially more dramatic.

“The cost factor here is what’s turned on its head. We lose control of our grid, that’s far worse than a botnet taking over my home PC,” said Matthew Carpenter, senior security analyst of InGuardian, speaking at a panel at the RSA Security Conference in San Francisco this week. [ Read more ... ]

White House Cyber Czar: ‘There Is No Cyberwar’: Via Threat Level.

Howard Schmidt, the new cybersecurity czar for the Obama administration, has a short answer for the drumbeat of rhetoric claiming the United States is caught up in a cyberwar that it is losing.

“There is no cyberwar,” Schmidt told Wired.com in a sit-down interview Wednesday at the RSA Security Conference in San Francisco.

“I think that is a terrible metaphor and I think that is a terrible concept,” Schmidt said. “There are no winners in that environment.”

Instead, Schmidt said the government needs to focus its cybersecurity efforts to fight online crime and espionage.

His stance contradicts Michael McConnell, the former director of national intelligence who made headlines last week when he testified to Congress that the country was already in the midst of a cyberwar — and was losing it. [ Read more ... ]

Thousands Sign Petition Protesting Net Neutrality Loopholes for Copyright Enforcement: Via EFF.org Updates.

San Francisco - The Electronic Frontier Foundation (EFF) submitted a petition signed by more than 7000 people to the Federal Communications Commission (FCC) today demanding that the agency close a loophole for copyright enforcement in its proposed regulations for network neutrality.

The petition is part of EFF's reply comments in the FCC's net neutrality rulemaking. The FCC's proposed rules generally prohibit ISPs from discriminating or blocking lawful content, but include a loophole for 'reasonable network management' by ISPs. The proposed rules then define 'reasonable network management" to include measures taken by ISPs to block unlawful content or transmissions. This exception would effectively permit ISPs to violate net neutrality rules and block lawful activities in the name of copyright enforcement.

"We can't afford to let lawful speech become collateral damage in Hollywood's war on copyright infringement," said EFF Senior Staff Attorney Fred von Lohmann. "Net neutrality regulations should not excuse ISPs that interfere with lawful content just because they claim they were acting as copyright cops." [ Read more ... ]

DMCA Muscle Strong-Arms DVD Copying: Via Threat Level.

Those awaiting a legitimate method to duplicate DVDs for personal use likely will have to wait even longer, perhaps forever, after RealNetworks tossed in the white towel and abandoned litigation toward that end.

RealNetworks spent almost two years in a legal battle with the Motion Picture Association of America, which sued the Seattle-based company to block the sale of its DVD-copying software and hardware –- generally known as RealDVD. The company said late Wednesday it was dropping its appeal of an August federal court decision that declared RealDVD an illegal violation of the Digital Millennium Copyright Act of 1998.

The act, which the Hollywood studios strongly lobbied for, prohibits the circumvention of encryption technology. DVDs are encrypted with what is known as the Content Scramble System, and DVD players must secure a license to play discs. RealDVD, U.S. District Judge Marilyn Hall Patel ruled, circumvents the CSS technology designed to prevent copying and is therefore a breach of the CSS license.

The litigation cost RealNetworks millions of dollars, including $4.5 million to reimburse the MPAA for its legal costs. The outcome cost Rob Glaser, RealNetworks’ CEO, his job. [ Read more ... ]

Tracing attack source key to cybersecurity strategy, Chertoff says: Via Computerworld Security News.

Michael Chertoff, former head of the U.S. Department of Homeland Security, talked of the difficulties in creating a national cybersucurity plan during an interview with Computerworld.

The difficult task of identifying the true sources of cyber attacks remains one of the biggest challenges in the development of a national cybersecurity strategy, former Department of Homeland Security Secretary Michael Chertoff told Computerworld in an interview at the RSA Security conference here today.

Chertoff, who is participating in a panel discussion at the conference, said there is a growing need for the U.S to create a strong, formal strategy for responding to cyberattacks against American interests. [ Read more ... ]

U.S. Declassifies Part of Secret Cybersecurity Plan: Via Threat Level.

The Obama administration declassified part of the government’s cybersecurity plan Tuesday, publishing parts of it that discuss intrusion detection systems for federal computer networks and the government’s role in securing critical infrastructure.

The declassification announcement was made by Howard A. Schmidt, a former Microsoft security executive who in December was appointed cybersecurity coordinator by President Barack Obama. Schmidt was speaking at the RSA Security Conference in San Francisco, an annual industry conference for computer security professionals.

The government’s Comprehensive National Cybersecurity Initiative was launched in 2008 by President George W. Bush under a shroud of secrecy. The plan has 12 directives that cover the government’s strategy to protect U.S. networks — including military, civilian,  government networks and critical infrastructure systems — as well as the government’s offensive strategy to combat cyber warfare.

Civil libertarians criticized the Bush administration for failing to disclose the contents of the plan or allowing independent oversight of its implementation. Schmidt said that Obama recognized the need for some transparency. [ Read more ... ]

Flipping Off Cops Is Legal, Not Advised: Via Threat Level.

Flipping the bird, or sticking out the middle finger, is perhaps the oldest insulting gesture on earth. The move dates back to ancient Greece and was adopted by the Romans as digitus impudicus — the impudent finger.

A zillion middle fingers later, an Oregon man is suing suburban Portland cops (.pdf) over his use of the gesture, claiming civil rights violations. Twice he flipped them off for no apparent reason while driving and was pulled over each time — resulting in what he said was a “bogus” traffic citation that was later dismissed, and a tongue lashing he still remembers.

“The guy flew into a road rage,” Robert Ekas, a retired Silicon Valley systems analyst, said in a telephone interview Tuesday.

Lawrence Wolf, a Los Angeles criminal defense attorney, said there was no law against flipping off cops. And in most instances when it leads to an arrest or conviction, the charges are dismissed. But the gesture invites police confrontation, he said.

“It’s certainly not the smartest thing one can do,” Wolf said. [ Read more ... ]

Spain Busts Hackers for Infecting 13 Million PCs: Via Threat Level.

BOSTON (Reuters) — Spanish police have shut down a ring of computer hackers who infected more than 13 million PCs with a virus that stole credit card numbers and other valuable data in what may be the biggest cyber-raid to date.

Spain’s Civil Guard said on Tuesday that it arrested three men suspected of running the so-called Mariposa botnet, named after the Spanish word for butterfly. A press conference to give more details is scheduled for Wednesday.

Mariposa had infected machines in 190 countries in more than half of the world’s 1,000 largest companies and in at least 40 big financial institutions, according to two Internet security firms that helped Spanish officials crack the ring, Canada’s Defense Intelligence and Spain’s Panda Security. [ Read more ... ]

Cyberwar Hype Intended to Destroy the Open Internet: Via Threat Level.

The biggest threat to the open internet is not Chinese government hackers or greedy anti-net neutrality ISPs, it’s Michael McConnell, the former director of national intelligence.

McConnell’s not dangerous because he knows anything about SQL injection hacks, but because he knows about social engineering:  McConnell is the nice-seeming guy who is willing and able to use fear-mongering to manipulate the federal bureaucracy for his own ends, while coming off like a straight shooter to those not in the know.

When he was head of the country’s national intelligence, he scared President Bush with visions of e-doom, prompting the president to sign a comprehensive secret order that unleashed tens of billions of dollars into the military’s black budget so they can start making firewalls and malware into military equipment. And now McConnell, back safely in civilian life as a vice president at the secretive defense contracting giant Booz Allen Hamilton, is out in front of Congress and the media, peddling the same Cybaremaggedon! gloom.

And now he says we need to re-engineer the internet. [ Read more ... ]

Wiseguys Indicted in $20 Million Online Ticket Ring: Via Threat Level.

A ring of ticket brokers was indicted Monday in connection to an elaborate hacking scheme that used bots and other fraudulent means to purchase more than 1 million tickets for concerts, sporting events and other events.

The defendants made more than $28 million in profits from the re-sale of the tickets between 2002 and 2009.

According to the federal indictment (.pdf) in New Jersey, the defendants set up a nationwide network through which they were able to impersonate thousands of individual ticket buyers, defeating the security and fraud measures that online ticket vendors such as Ticketmaster, Musictoday and Tickets.com put in place to thwart automated ticket buying.

The defendants did business as Wiseguy Tickets and Seats of San Francisco, and used two shell companies called Smaug and Platinum Technologies to purchase IP blocks and rent servers to conduct the attacks. [ Read more ... ]

Open Wi-Fi 'outlawed' by Digital Economy Bill(UK)k: Via ZDNet.co.uk .

The government will not exempt universities, libraries and small businesses providing open Wi-Fi services from its Digital Economy Bill copyright crackdown, according to official advice released earlier this week.

This would leave many organisations open to the same penalties for copyright infringement as individual subscribers, potentially including disconnection from the internet, leading legal experts to say it will become impossible for small businesses and the like to offer Wi-Fi access.

Lilian Edwards, professor of internet law at Sheffield University, told ZDNet UK on Thursday that the scenario described by the Department for Business, Innovation and Skills (BIS) in an explanatory document would effectively "outlaw open Wi-Fi for small businesses", and would leave libraries and universities in an uncertain position. [ Read more ... ]