Stephen Fry prison 'pledge' over 'Twitter joke' .

Comedian Stephen Fry has said he is "prepared to go to prison" over the "Twitter joke" trial.

Fry was at a benefit gig for a man who is appealing against his conviction for sending a menacing communication.

Paul Chambers had tweeted: "Crap! Robin Hood Airport is closed. You've got a week... otherwise I'm blowing the airport sky high!"

Fry argued that Chambers' tweet was an example of Britain's tradition of self-deprecating humour and banter.

Appeal funds

Chambers' case has become a cause celebre on Twitter, with hundreds of people reposting his original comments in protest at the conviction.

"This [verdict] must not be allowed to stand in law," Fry said, adding that he would continue to repeat Chambers' message and face prison "if that's what it takes".

Among the other celebrities lending their support to the fundraising evening were Al Murray, Rufus Hound, Katy Brand and Father Ted writer Graham Linehan.

Speaking generally about the internet and freedom of speech, Linehan told the audience: "We've got this incredible tool and we should fight any attempt to take it out of our hands."

The benefit gig, at London's Bloomsbury Theatre, aimed to raise funds for Chambers' appeal.

Freedom of speech

The aim of the organisers is that he will not be forced to drop his case because of the possibility he would have to pay the prosecution's legal costs were he to lose.

Few of the stars were prepared to assign wisdom to Chambers' original tweet, however.

Sitting inconspicuously in the stalls, Chambers was subjected to plenty of good-natured ribbing from those on stage and was variously described as a knucklehead, a nerd and a "doughnut".

Murray even branded the gig the "Save Paul Chambers from his own stupid destiny event".

But everyone seemed united by a desire to protect freedom of speech or at least the ability to recognise the difference between jokes and menacing terrorist threats.

Chambers' lawyer, David Allen Green, also addressed the audience, briefing them on the key details of his case.

'Speak freely'

Although he was careful not to criticise the courts, he said the decision to find his client guilty "does not make me proud to be an officer of the court".

"We should be able to have banter," he concluded. "We should be able to speak freely without the threat of legal coercion."

Chambers - who now lives in Northern Ireland but lived in Balby, Doncaster, at the time - sent the message to his 600 followers in the early hours of 6 January 2010. He claimed it was in a moment of frustration after Robin Hood Airport in South Yorkshire was closed by snow.

He was found guilty in May 2010 and fined £385 and told to pay £600 costs.

His appeal is likely to go before the High Court later this year.

Read more »

Posted in 'Twitter joke',Stephen Fry prison 'pledge' over 'Twitter joke' No comments

Still sites are not secure

Ask anyone to recall a three-letter acronym associated with the web and they will probably trot out LOL, OMG, WWW and perhaps even WTF.

But quiz them on what SSL stands for and you are likely to get blank looks.

Yet those three letters and the technology they refer to are more integral to the web than almost all of the other acronyms.

SSL stands for Secure Sockets Layer and, along with the associated TLS system, it is the method by which traffic between a website and anyone visiting it is encrypted to prevent eavesdropping.

When connecting to a secured site, a user's web browser is able to automatically verify its authenticity.

It does this by requesting a digital certificate which is checked against a list held by a third-party "certificate authority".

Most people encounter the system when they visit an online shop and use a credit or debit card to make a purchase. SSL protects those card numbers and other identifying details as they fly across the web.

Increasingly e-mail and social networking sites are using secure connections to safeguard communications between themselves and their users.

Both Twitter and Facebook have recently introduced SSL encrypted options.

The technology is ubiquitous, embedded in the web and some believe, thanks to recent attacks on it, badly broken.Warning words

In March 2010, security researchers Christopher Soghoian and Sid Stamm published a paper which warned that the SSL mechanism was vulnerable to a variety of sophisticated attacks.

Sure enough, in March 2011, just such an attack was carried out against Comodo - one of the firms that helps to operate and administer the SSL system.

"This is one of those cases where I can say I told you so but it doesn't feel good to be able to say that," said Mr Soghoian.

The attack allowed a hacker to impersonate a series of high profile websites including Google, Yahoo and the site that hosts add-ons for the Firefox browser.

Paul Mutton, a security analyst at monitoring firm Netcraft, which gathers data about SSL, said the person responsible was probably trying to set up a situation where they sat between users and the sites that they wanted to visit.

That malicious middleman would have been able to scoop up data, read it, and then pass it on to the legitimate site.
Continue reading the main story
“
Start Quote

It does make me wonder if this has happened in the past and no-one knows about it”
Paul Mutton
Netcraft

"The attacker would be acting as a proxy and be able to see your user name and password," said Mr Mutton.

Given that the Comodo attack originated in Iran, some observers have speculated that it was part of an attempt by the Iranian government to find out more about protesters organising via web-based services.

Mr Mutton said that questions about the hacker's identity had only partially been answered when they posted to the Pastebin website details of the information used to perpetrate the attack.

"There's still speculation as to whether the hacker is an individual as he claims or not," he said.

The attack was only detected, according to Mr Mutton, because such high profile sites were chosen to be impersonated. Using sites with far less traffic might have gone unnoticed.

"It does make me wonder if this has happened in the past and no-one knows about it," he added.

Read more »

Posted in Still sites are not secure No comments

Privacy group wants Google cash

A leading US privacy group has filed an objection to agreements Google has reached over its social network Buzz.

The Buzz experiment was heavily criticised because it automatically enrolled all Gmail users without seeking prior permission.

Legal action was taken by a group of Gmail users, with Google agreeing to set up a $8.5m (£5.2m) privacy fund.

The Electronic Privacy Information Center (EPIC) is unhappy that it is not one of the beneficiaries of the fund.

This is despite the fact that it filed the original complaint about the service with the Federal Trade Commission.

It has asked for $1.75m (£1.09m), claiming that it is a more independent group than some of those being given money.

It said that the majority of funds would be allocated to groups that "receive support from Google for lobbying, consulting or similar services".

It asked the court to reject a deal "that encourages organisations to stand by quietly while others do the actual work of safeguarding internet privacy".

It declined to say which groups provided lobbying services.

The American Civil Liberties Union, the Electronic Frontier Foundation and the Brookings Institution are among those hoping to receive funds.
Moving on

Earlier this week, Google reached an agreement with the US Federal Trade Commission, following the conclusion of its investigation.

The FTC said that Google wrongly used information from Google Mail users to create Buzz.

Google has agreed to undergo a privacy review once every two years for the next 20 years.

In a statement after the FTC settlement, Google said it had "put this incident behind us".

"We are 100% focused on ensuring that our new privacy procedures effectively protect the interests of all our users," it said.

It declined to comment directly on the EPIC case.
Apologies

Buzz was launched as an application within Gmail in February 2010.

Like rival Facebook, it allowed users to post status updates, share content and read and comment on friends' posts.

But it also gave users a ready-made circle of friends based on the people they most frequently e-mailed.

This list could automatically be made public, which privacy experts said could be a huge problem for journalists, businesses or people having an illicit affair.

Following anger from users, Google made changes and apologised for insufficient testing of the service.

Read more »

Posted in Privacy group wants Google cash No comments

Sites hit in massive web attack

Hundreds of thousands of websites appear to have been compromised by a massive cyber attack.

The hi-tech criminals used a well-known attack vector that exploits security loopholes on other sites to insert a link to their website.

Those visiting the criminals' webpage were told that their machines were infected with many different viruses.

Swift action by security researchers has managed to get the sites offering the sham software shut down.
Code control

Security firm Websense has been tracking the attack since it started on 29 March. The initial count of compromised sites was 28,000 sites but this has grown to encompass many times this number as the attack has rolled on.

Websense dubbed it the Lizamoon attack because that was the name of the first domain to which victims were re-directed. The fake software is called the Windows Stability Center.

The re-directions were carried out by what is known as an SQL injection attack. This succeeded because many servers keeping websites running do not filter the text being sent to them by web applications.By formatting the text correctly it is possible to conceal instructions in it that are then injected into the databases these servers are running. In this case the injection meant a particular domain appeared as a re-direction link on webpages served up to visitors.

Early reports suggested that the attackers were hitting sites using Microsoft SQL Server 2003 and 2005 and it is thought that weaknesses in associated web application software are proving vulnerable.

Ongoing analysis of the attack reveals that the attackers managed to inject code to display links to 21 separate domains. The exact numbers of sites hit by the attack is hard to judge but a Google search for the attackers' domains shows more than three million weblinks are displaying them.

Security experts say it is the most successful SQL injection attack ever seen.

Generally, the sites being hit are small businesses, community groups, sports teams and many other mid-tier organisations.

Currently the re-directs are not working because the sites peddling the bogus software have been shut down.

Also hit were some web links connected with Apple's iTunes service. However, wrote Websense security researcher Patrick Runald on the firm's blog, this did not mean people were being redirected to the bogus software sites.

"The good thing is that iTunes encodes the script tags, which means that the script doesn't execute on the user's computer," he wrote.

Read more »

Posted in cyber crime,Sites hit in massive web attack No comments