Quotulatiousness

December 3, 2012

The feudal technopeasant internet

Filed under: History, Liberty, Technology — Tags: , , , , , , — Nicholas @ 11:20

Bruce Schneier on the less-than-appealing state of user security in today’s internet:

It’s a feudal world out there.

Some of us have pledged our allegiance to Google: We have Gmail accounts, we use Google Calendar and Google Docs, and we have Android phones. Others have pledged allegiance to Apple: We have Macintosh laptops, iPhones, and iPads; and we let iCloud automatically synchronize and back up everything. Still others of us let Microsoft do it all. Or we buy our music and e-books from Amazon, which keeps records of what we own and allows downloading to a Kindle, computer, or phone. Some of us have pretty much abandoned e-mail altogether … for Facebook.

These vendors are becoming our feudal lords, and we are becoming their vassals. We might refuse to pledge allegiance to all of them — or to a particular one we don’t like. Or we can spread our allegiance around. But either way, it’s becoming increasingly difficult to not pledge allegiance to at least one of them.

Feudalism provides security. Classical medieval feudalism depended on overlapping, complex, hierarchical relationships. There were oaths and obligations: a series of rights and privileges. A critical aspect of this system was protection: vassals would pledge their allegiance to a lord, and in return, that lord would protect them from harm.

Of course, I’m romanticizing here; European history was never this simple, and the description is based on stories of that time, but that’s the general model.

And it’s this model that’s starting to permeate computer security today.

We’re from the ITU and we’re here to “fix” your internet

Filed under: Bureaucracy, Liberty, Media, Technology — Tags: , , , , , — Nicholas @ 10:32

At Techdirt, Nick Masnick recounts some of the wonderful things the International Telecommunications Union would like to “help” regarding that pesky “internet” thing:

We’ve been talking about the ITU’s upcoming World Conference on International Telecommunications (WCIT) for a while now, and it’s no longer “upcoming.” Earlier today, the week and a half session kicked off in Dubai with plenty of expected controversy. The US, the EU and now Australia have all come out strongly against the ITU’s efforts to undermine the existing internet setup to favor authoritarian countries or state-controlled (or formerly state-controlled) telcos who want money for internet things they had nothing to do with. The BBC article above has a pretty good rundown of some of the scarier proposals being pitched behind closed doors at WCIT. Having the US, EU and Australia against these things is good, but the ITU works on a one-vote-per-country system, and plenty of other countries see this as a way to exert more control over the internet, in part to divert funds from elsewhere into their own coffers.

Hamadoun Toure, secretary-general of the ITU, keeps trying to claim that this is all about increasing internet access, but that’s difficult to square with reality:

    “The brutal truth is that the internet remains largely [the] rich world’s privilege, ” said Dr Hamadoun Toure, secretary-general of the UN’s International Telecommunications Union, ahead of the meeting.

    “ITU wants to change that.”

Of course, internet access has already been spreading to the far corners of the planet without any “help” from the ITU. Over two billion people are already online, representing about a third of the planet. And, yes, spreading that access further is a good goal, but the ITU is not the player to do it. The reason that the internet has been so successful and has already spread as far as it has, as fast as it has, is that it hasn’t been controlled by a bureaucratic government body in which only other governments could vote. Instead, it was built as an open interoperable system that anyone could help build out. It was built in a bottom up manner, mainly by engineers, not bureaucrats. Changing that now makes very little sense.

Canada is also on the record as being against the expansion of the ITU’s role.

Canada will look to prevent governments from taking more power over the Internet when governments sit down for 12 days of negotiations on the future of the Internet next week, but the government didn’t say Thursday where it stands on a contentious proposal that could see users pay more for online content.

Canada’s position going into the World Conference on International Telecommunications (WCIT) mirrors a number of Western allies in opposing having governments control how the Internet functions, leaving it to the current mix of public and private sector actors, according to documents released to Postmedia News under access to information laws. That stance is in contrast to proposals from some of the 193 members of the International Telecommunications Union, such as Russia, that want greater control over the Internet — more so than they already have in some cases — including more powers to track user identities online.

The meeting in Dubai will determine whether the ITU, an arm of the United Nations, will receive broad regulatory powers to set rules of road in cyberspace. The potential to centralize control over the Internet into the hands of governments has some users and hacktivists concerned that freedoms online would be crushed should a new binding international treaty change the status quo for how telecommunications companies interact across borders.

November 16, 2012

SEC employee stress levels must be down because they’re not surfing for porn during “98% of the workday”

Filed under: Bureaucracy, Government, USA — Tags: , , , — Nicholas @ 09:49

Ah, the hard life of the SEC employee must have gotten a bit less stressful recently. Tim Cushing has the, um, sordid details:

An internal investigative report of the SEC’s Trading and Markets division has been recently been reviewed by Reuters. After reading its rundown of the misdeeds and abuses uncovered, I’m left with the urge to laugh maniacally in the manner of someone having just cleared the tipping point and now sliding irretrievably into insanity. The sheer irresponsibility on display here springs from the sort of irredeemable carelessness that comes with spending other people’s money (taxes) and operating without any credible oversight or accountability (a large percentage of government entities).

Bess Levin at Dealbreaker points out that while the SEC’s internal investigation may have turned up several misdeeds, ranging from the merely stupid to the positively horrendous, it is quite a step up from the insatiable pornhounds that used to populate the Commission:

    If you had asked us two years or two months or two days ago if we thought that there would be a time in the near future when Securities and Exchange employees would not be regularly reprimanded for watching porn on their work-issued computers for 98 percent of the workday, we would have said absolutely not. No judgment, but in our professional opinion, people do not go from, among other things:

    * Receiving “over 16,000 access denials for Internet websites classified by the Commission’s Internet filter as either “Sex” or “Pornography” in a one-month period”

    * Accessing “Internet pornography and downloading pornographic images to his SEC computer during work hours so frequently that, on some days, he spent eight hours accessing Internet pornography…downloading so much pornography to his government computer that he exhausted the available space on the computer hard drive and downloaded pornography to CDs or DVDs that he accumulated in boxes in his office.”

    …to living a porn-free existence at l’office.

Truly a mind-boggling set of employees. One regional staff accountant ran into the “no-porn” wall 1,800 times in a two week period, yet remained undeterred. Those caught accessing porn with ridiculous frequency cited the “stress” of their jobs as the underlying reason for the nearly uninterrupted pornathons.

November 13, 2012

Online education is the future of universities (if they have one)

Filed under: Education, Media — Tags: , — Nicholas @ 11:08

Alex Tabarrok explains why 15 minutes of his time has outweighed the rest of his teaching career:

In 2009, I gave a TED talk on the economics of growth. Since then my 15 minute talk has been watched nearly 700,000 times. That is far fewer views than the most-watched TED talk, Ken Robinson’s 2006 talk on how schools kill creativity, which has been watched some 26 million times. Nonetheless, the 15 minutes of teaching I did at TED dominates my entire teaching career: 700,000 views at 15 minutes each is equivalent to 175,000 student-hours of teaching, more than I have taught in my entire offline career.[1] Moreover, the ratio is likely to grow because my online views are increasing at a faster rate than my offline students.

Teaching students 30 at a time is expensive and becoming relatively more expensive. Teaching is becoming relatively more expensive for the same reason that butlers have become relatively more expensive–butler productivity increased more slowly than productivity in other fields, so wages for butlers rose even as their output stagnated; as a result, the opportunity cost of butlers increased. The productivity of teaching, measured in, say, kilobytes transmitted from teacher to student per unit of time, hasn’t increased much. As a result, the opportunity cost of teaching has increased, an example of what’s known as Baumol’s cost disease. Teaching has remained economic only because the value of each kilobyte transmitted has increased due to discoveries in (some) other fields. Online education, however, dramatically increases the productivity of teaching. As my experience with TED indicates, it’s now possible for a single professor to teach more students in an afternoon than was previously possible in a lifetime.

The counter-argument is that there is an ineffable quality of the classroom experience that raises its value well above the same material taught online. Even after many years of teaching, however, what exactly this quality might be remains ineffable to me. Actually, that is not quite fair. Bringing the most advanced students in any field up to the cutting edge of knowledge and beyond has always required a kind of apprenticeship rather than a more straightforward communication of data/knowledge. Fields with greater physicality, not just sports and dance, but also experimental biology, physics, and chemistry will also require more in-classroom teaching with greater attention from a human being. Even recognizing these exceptions, however, still leaves the vast majority of teaching open to massive productivity increases. Until late college, physics is mostly teaching knowledge known since Newton. Most of the mathematics known or needed by most people has not advanced much beyond Euclid and Pythagoras, let alone Euler. No one expects online education to substitute for apprenticing to a master, but much education at the college level is already mass education taught not by a master but by an adjunct.

Protecting children from online pornography – the impossible dream

Filed under: Britain, Media, Technology — Tags: , , , — Nicholas @ 10:46

In the Guardian, Cory Doctorow talks about the actual scale of effort the British government is attempting to mandate to “protect the children from pr0n”:

In order to filter out adult content on the internet, a company has to either look at all the pages on the internet and find the bad ones, or write a piece of software that can examine a page on the wire and decide, algorithmically, whether it is inappropriate for children.

Neither of these strategies are even remotely feasible. To filter content automatically and accurately would require software capable of making human judgments — working artificial intelligence, the province of science fiction.

As for human filtering: there simply aren’t enough people of sound judgment in all the world to examine all the web pages that have been created and continue to be created around the clock, and determine whether they are good pages or bad pages. Even if you could marshal such a vast army of censors, they would have to attain an inhuman degree of precision and accuracy, or would be responsible for a system of censorship on a scale never before seen in the world, because they would be sitting in judgment on a medium whose scale was beyond any in human history.

Think, for a moment, of what it means to have a 99% accuracy rate when it comes to judging a medium that carries billions of publications.

Consider a hypothetical internet of a mere 20bn documents that is comprised one half “adult” content, and one half “child-safe” content. A 1% misclassification rate applied to 20bn documents means 200m documents will be misclassified. That’s 100m legitimate documents that would be blocked by the government because of human error, and 100m adult documents that the filter does not touch and that any schoolkid can find.

In practice, the misclassification rate is much, much worse. It’s hard to get a sense of the total scale of misclassification by censorware because these companies treat their blacklists as trade secrets, so it’s impossible to scrutinise their work and discover whether they’re exercising due care.

November 12, 2012

Firefox users more likely to stay on old version longer than other browser users

Filed under: Technology — Tags: , , — Nicholas @ 08:47

John Leyden summarizes the recent findings about how quickly users update their web browsers after a new release:

Nearly one in four netizens are using outdated web browsers and are therefore easy pickings for viruses and exploit-wielding crooks.

The average home user upgrades his or her browser to the latest version one month after it is released, according to a survey of 10 million punters. Two thirds of those using old browser software are simply stuck on the version prior to the latest release — the remaining third are using even older code.

Internet Explorer is the most popular browser (used by 37.8 per cent of consumers), closely followed by Google Chrome (36.5 per cent). Firefox is in third place with 19.5 per cent.

Firefox users tend to be the worst for keeping up to date with new software releases, according to the survey by security biz Kaspersky Lab. The proportion of users with the most recent version installed was 80.2 per cent for Internet Explorer and 79.2 per cent for Chrome, but just 66.1 per cent for Firefox.

Old-codgers Internet Explorer 6 and 7, with a combined share of 3.9 per cent, are still used by hundreds of thousands of punters worldwide.

October 27, 2012

Do you use a stupidly easy-to-guess password?

Filed under: Technology — Tags: , , , , — Nicholas @ 11:15

SplashData has released an updated list of the top 25 passwords gleaned by hackers from stolen password files:

# Password Change from 2011
1 password Unchanged
2 123456 Unchanged
3 12345678 Unchanged
4 abc123 Up 1
5 qwerty Down 1
6 monkey Unchanged
7 letmein Up 1
8 dragon Up 2
9 111111 Up 3
10 baseball Up 1
11 iloveyou Up 2
12 trustno1 Down 3
13 1234567 Down 6
14 sunshine Up 1
15 master Down 1
16 123123 Up 4
17 welcome New
18 shadow Up 1
19 ashley Down 3
20 football Up 5
21 jesus New
22 michael Up 2
23 ninja New
24 mustang New
25 password1 New

If you recognize any password on this list … do yourself a favour and change it to something not on the list, preferably using more characters (including upper and lower case letters, numbers, and symbols). And don’t use the same password on multiple sites! SplashData sells a password keeper application that is quite useful (I’ve been using it for years now), and is available for multiple platforms.

October 26, 2012

“Canada has effectively become the Digital Third World”

Filed under: Business, Cancon, Media, Technology — Tags: , , — Nicholas @ 09:21

In Forbes, Reuven Cohen looks at the state of internet access in Canada:

Before I get into what was discussed, I need to provide some context to the current state of Internet connectivity in Canada. To understand the Internet landscape in Canada is to endeavour into the realm of duopolies, bandwidth caps and mediocre Internet connections. As it stands today, Canada has effectively become the Digital Third World.

A recent video interview with The Globe and Mail’s Omar El Akkad and Netflix CEO Reed Hastings summaries the problems with cloud computing in Canada. Hastings’ specifically calls out capped Internet plans as compared to the rest of the world saying “Canada has the misfortune of being the country with the lowest internet caps maybe in the world but certainly in the developed world and in all of the Netflix world. In Mexico, Internet is largely uncapped; in the US it’s largely uncapped; in the UK it’s completely uncapped; in Canada there’s a number of providers with very low caps…I don’t quite understand it.”

Herein lies the problem, the widespread use of bandwidth caps in Canada is partially the result of a market defined by vast geographies and a limited population base. This has resulted in a highly concentrated market controlled by a small group of ISPs. Making things worse is a highly government controlled telecom industry that prevents foreign investments, particularly for wireless and broadband services. This combination of factors has led to one of the most restrictive markets for cloud computing as well as other internet related services found in any of the major industrialized nations today.

October 24, 2012

UN report says the internet is too vulnerable to terrorist use

Filed under: Liberty, Technology — Tags: , , , , — Nicholas @ 14:21

Mike Masnick views with alarm a new UN report that deserves to be viewed with alarm:

Ah, the UN. As highlighted by Declan McCullagh, a new report from the United Nations Counter-Terrorism Implementation Task Force, clocking in at an unwieldy 158 pages (pdf) warns that this old internet of ours is just too damn open, and that means terrorists can use it. Thus, it has to stop the openness. The report really is just about that bad: if terrorists might misuse it, it’s bad and must be stopped. The costs of locking up all this openness are brushed aside, if they’re even considered at all. Among the problems? How about open WiFi?

    ISPs may require users to provide identifying information prior to accessing Internet content and services. The collection and preservation of identifying information associated with Internet data, and the disclosure of such information, subject to the appropriate safeguards, could significantly assist investigative and prosecutorial proceedings. In particular, requiring registration for the use of Wi-Fi networks or cybercafes could provide an important data source for criminal investigations. While some countries, such as Egypt, have implemented legislation requiring ISPs to identify users before allowing them Internet access, similar measures may be undertaken by ISPs on a voluntary basis.

It seems like it should be a general rule that, if you’re supporting something that includes better surveillance tools by saying, “Hey, Egypt — the same country that recently had the people rise up to force out a dictator, who tried to shut down the internet — does it!” perhaps you don’t have a very good argument.

The report is basically one big “OMG! But… but… terrorists! Kill it!”

October 23, 2012

The law, sexting, and shady website operations

Filed under: Britain, Law, Media, Technology — Tags: , , , , — Nicholas @ 14:41

Tim Worstall discusses the weird and disturbing online world of sexting teens, parasitical porn websites and the insanity of our current laws on the topic:

… the legal problems go much further than just young people losing control of images of themselves.

For we’re in the middle of a social hysteria over child pornography and paedophilia. And as is usual in such hysterias reactions desperately overshoot. For example, in my native UK it is entirely legal for a 16 year old girl to have sex with whichever consenting also 16 years or above human she wishes. Any thing from removing her top for her lover’s delectation through to any perversion you might care to think about. However, if said lover, with her full permission, takes a photograph of her without her bikini top on this is child pornography. Yes, even if they’ve been lovers for nearly two legal years a topless photograph of her at 17 and 364 days old is child porn. And it is here that the real legal problems start.

[. . .]

It gets worse, too. The general assumption in the law these days is that a picture on a computer is production of child pornography, not possession of it. The reasoning is that, before you looked at the picture there was one copy, on the server. Now, as you look at the picture, there are two. One on the server, the other in your browser (or cache, whatever). Thus there are now two pictures, you have made one of them therefore you are producing child pornography. And it’s not all that much of a surprise to find that the penalties for the production as opposed to the possession of such are markedly stronger.

October 14, 2012

“I would hate to live in a world where every dumb ass thing I did from 13 to 30 would be captured forever for those who Googled my name”

Filed under: Liberty, Media, Technology — Tags: , , , , , — Nicholas @ 10:27

James Joyner on the phenomenon of internet privacy — and the growing reality that it’s pretty much an illusion.

In the first instance, a bad person is likely to have his real life — including his ability to make a living — upended by the conscious act of a reporter. In the second, two young people who did nothing more than join a school club had their biggest secret exposed by a well-meaning person who made the mistake of trusting Facebook, a data mining company that makes billions by getting people to give them their personal information.

[. . .]

I’ve been active online now since the mid-1990s and have, by virtue of this blog, been a very minor online public figure for almost a decade. For a variety of reasons, including the fact that my professional career is one that encourages writing and publishing, I’ve done virtually all of my online activity under my real life name. As such, I’ve long been aware that my family, friends, co-workers, bosses, and prospective employers might read everything that I put out there. That’s the safest way to operate online, in that it avoids the sort of disruptive surprises that Brutsch, Duncan, and McCormick received. But it also means, inevitably, that there’s a subtle filter that makes me more cautious than I might otherwise be. That’s likely both good and bad in my own case.

But I continue to worry about what it means for a younger generation, for whom Facebook and other social networks are part and parcel of their everyday existence from their teenage years forward. By the time the Internet was a public phenomenon, I was a grown man with a PhD. I would hate to live in a world where every dumb ass thing I did from 13 to 30 would be captured forever for those who Googled my name.

I have generally used my real name — or at least not tried to actively conceal my real identity — in most of my online activities. Some of this has been because there wasn’t a pressing reason to remain anonymous, but as in the writer’s case, it was a strong suspicion from the start that it would be difficult to maintain that degree of privacy over the long term (information wanting to be free, and all that).

September 22, 2012

The “joy” of data-capped, throttled internet access

Filed under: Business, Cancon, Technology — Tags: , , , — Nicholas @ 09:13

Welcome to Canada:

Blogger Stephanie Morrow has complained about data caps in Canada for a while now. The details of her situation show just how hard it can be to get faster internet even if you are willing to pay for it:

    My monthly data cap at the moment is 80 gigs. I pay just over $100 CA for 80 gigs a month, and $2 CA per gig over my cap. Understandably, 80 gigs is not that much, especially if you play multiple games or download a lot of games on Steam, watch Netflix, have a PlayStation 3, Xbox, 3DS, iPad or iPhone like we do. Sadly, there are not a lot of other options. We have two major ISP companies in the city that work this way (there’s no such thing as unlimited here in Canada from these two ISPs), and then there are a handful of smaller ISPs that do offer unlimited but at a greatly reduced speed.

    So, I had to make the sacrifice. Did I want an unlimited cap when I’d barely able to download anything because it would take weeks and weeks, or did I want a cap and be able to download at the speed of light? The cap is a harsh mistress, not to mention that everything peer-to-peer gets throttled. That means no free-to-play games for me because they typically download via a peer-to-peer method that gets throttled. I was unable to do my job while using internet from Rogers, one of the major companies here. I had no choice but to switch to a smaller company or give up my job. I wrote to the companies about this situation but didn’t hear anything back.

That’s a pretty amazing story. I remember the speeds I got when I used another cable company, and I remember just how bad it felt to have to set a game to download overnight. Stephanie goes on to update the situation on her Google + blog, noting that the company she is with is one of the worst throttlers in the country. She quotes TechVibes:

    In 2010, Shaw throttled 14% of users and Bell throttled 16% of users. Rogers? The Toronto-based telco throttled a startling 78% of users, and this number has surpassed 90% during some quarters since 2008.

Again, it can be hard for many of us to imagine having such a limited connection, but I hear from players all the time who have such issues. Is internet access a human right, as declared by the United Nations? Do players have a right to the internet, even if they are using the connection mainly for gaming? I’d have to say yes simply because there are so many common advantages that come with internet access, access that provides information not only about one’s social network but local weather problems, health issues… the list goes on and on. The internet is now so much a part of our lives that we forget just how much we need it.

It’s a very rare month that I don’t get a bandwidth warning from Rogers…

September 3, 2012

Volokh on the GOP “war on porn” platform plank

Filed under: Business, Media, Politics, USA — Tags: , , , , — Nicholas @ 12:46

At the Volokh Conspiracy, Eugene Volokh points out that aside from satisfying a checklist item for some constituencies, the GOP’s stated intention to crack down on pornography just doesn’t have a lot of benefits:

As we know, there’s lots of porn of all varieties out there on the Internet, including porn that might well be seen as offensive to “community standards” in at least one American state (the standard that would be applicable under the plurality view in Ashcroft v. ACLU (I) (2002), if prosecutors choose to bring a case in that state), or perhaps even under some “national community standard” (the alternative standard urged to varying extents by the other opinions in that case). In principle, the government might well be able to prosecute many American pornography producers and distributors under current obscenity laws.

[. . .]

So we have three possible outcomes:

(1) The U.S. spends who knows how many prosecutorial and technical resources going after U.S. pornographers. A bunch of them get imprisoned. U.S. consumers keep using the same amount of porn as before. Maybe they can’t get porn on cable channels or in hotel rooms any more, but that’s so twentieth century; instead, consumers will continue to be able to get more than they ever wanted on the Internet. Nor do I think that the crackdown will somehow subtly affect consumers’ attitudes about the morality of porn — it seems highly unlikely that potential porn consumers will decide to stop getting it because they hear that some porn producers are being prosecuted.

[. . .]

(2) The government gets understandably outraged by the “foreign smut loophole.” “Given all the millions that we’ve invested in going after the domestic porn industry, how can we tolerate all our work being undone by foreign filth-peddlers?,” pornography prosecutors and their political allies would ask. So they unveil the solution, in fact pretty much the only solution that will work: Nationwide filtering.

[. . .]

(3) Finally, the government can go after the users: Set up “honeypot” sites (seriously, that would be the technically correct name for them) that would look like normal offshore pornography sites. Draw people in to buy the stuff. Figure out who the buyers are. To do that, you’d also have to ban any anonymizer Web sites that might be used to hide such transactions, by setting up some sort of mandatory filtering such as what I described in option (2).

[. . .]

So, supporters of that plank of the platform, which do you prefer — #1, #2, or #3? Note that I’m not asking whether porn is bad, or whether porn should be constitutionally protected. I’m certainly not asking whether we’d be better off in some hypothetical porn-free world (just like no sensible debate about alcohol, drug, or gun policy should ask whether we’d be better off in some hypothetical alcohol-, drug-, or gun-free world).

I’m asking: How can the government’s policy possibly achieve its stated goals, without creating an unprecedentedly intrusive censorship machinery, one that’s far, far beyond what any mainstream political figures are talking about right now?

September 1, 2012

Digital “inheritance”: law has not caught up to our online lives

Filed under: Law, Media, Technology — Tags: , , , — Nicholas @ 00:01

As I mentioned in a post the other day, our laws are still designed for a world where most things have a physical presence, and the problems we see in intellectual property and patent law are just the start of the turmoil our legal system will have to face:

What will happen to your Facebook account after you are gone?

Dealing with digital assets after someone dies is becoming a challenge for families and the legal system alike.

Lawmakers are trying to clarify rules governing the passage of social-media and email accounts, along with other online assets that might have financial value. Several states have enacted laws to deal with post-death access to digital assets, and several more are working on similar legislation, says Gene Hennig, a lawyer at Gray Plant Mooty in Minneapolis and a commissioner of the Uniform Law Commission.

That group, which recommends uniform state laws, plans to come up with a recommended statute that more states could adopt.

“Eventually people are going to start putting in their wills what they want, and we need to know what’s allowed,” Mr. Hennig says. “In the olden days, grandma had a chest in the attic full of photo albums. Now, your chest of photos is in your computer.”

Update, 3 September: Bruce Willis wants his kids to inherit the music library he’s built up, but the iTunes licensing won’t let him do that.

August 23, 2012

Crisis malware is particularly capable of damage

Filed under: Technology — Tags: , , — Nicholas @ 00:03

John Leyden in The Register:

Security watchers have discovered a virus strain that compromises VMware virtual machines as well as infecting Mac OS X and Windows computers and Windows Mobile devices. It demonstrates previously unseen capabilities in the process.

The Crisis malware typically arrives in a Java archive file (.jar) and is typically installed by posing as a Flash Player Java applet to trick a victim into opening it.

The archive contains executable files targeting Apple and Microsoft operating systems; the malware is able to detect which platform it is running on and serve up the correct variant.

Once launched, the worm puts in place a rootkit to hide itself from view; installs spyware to record the user’s every move on the computer; and opens a backdoor to the IP address 176.58.100.37, allowing miscreants to gain further access to the machine, according to a write-up of the threat by Kaspersky Lab. The malicious code also, unsurprisingly, survives across reboots.

The Windows variant can kill off antivirus programs, log keypresses, download and upload files, take screengrabs, lift the contents of the user’s clipboard, record from the computer’s webcam and mic, and snoop on these applications: Firefox, Internet Explorer, Chrome, Microsoft Messenger, Skype, Google Talk and Yahoo! Messenger.

« Newer PostsOlder Posts »

Powered by WordPress