Monthly Archives: October 2013

The EastWest Institute today presented its EWI Cybersecurity Award to M3AAWG for outreach to China, India and other work.

Take a bow M3AAWG members!


The EastWest Institute Awards 2013 Cybersecurity Award to to
M3AAWGHighlighting Its Key Role in Fighting Spam.


For those that know this group you will agree it is great to see the work they do recognized.


For those that don’t, check them out.


The Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) is driven by market needs and the insight of its global membership.  With member companies from Asia, Europe, North America and South America, the organization currently is working on a variety of initiatives addressing ongoing and emerging messaging abuse issues, including bot mitigation, cooperative industry outreach, Web messaging abuse, DNS abuse, wireless messaging, senders issues and other topics.


M3AAWG is the only organization that targets messaging abuse by simultaneously focusing on the varied facets of the international challenge.  Our committees are organized around technology, industry collaboration, cooperative public policy efforts and special interest groups.  Projects are accomplished within these groups and their associated subcommittees.  M3AAWG is a member of the London Action Plan (LAP) and has liaison relationships with the IETF and other organizations, and often joins forces with public policies agencies and other anti-abuse organizations.


I have seen this group grow from its beginning and ben involved for many years.


Full of dedicated people who strive to make a difference.


Check them out.

New Google Maps Regains Support For Multi-Destination Trips, Now Integrates Your Flights And Upcoming Events

The big, still-in-Beta Google Maps overhaul brought a bunch of new shiny stuff, from its new fullscreen interface to drastically improved public transportation integration.

It also lost some features, though – and when you take away things that people (like me!) have been using for years, those people (like me!) get sad. One of the features that got washed away in the refresh: multi-destination trips.

At long last, it returns.

To add a new location to your route, just click the little plus sign below the list. Once you’ve got all your destinations listed, they can each be dragged up or down to adjust the order of your route accordingly.

To be clear, this change only really affects those of us who’ve taken the plunge into new Google Maps land; those undaunted by the occasional bug or five, those willing to turn a blind eye to the new interface’s seemingly insatiable hunger for every cycle your CPU can throw at it (though, admittedly, the Beta has gotten a lot less resource intensive since launch). If you’re still on old Google Maps, you’ve had multi-stop directions all along.

Meanwhile, New Google Maps has also picked up a few new tricks by way of its product-brother-from-another-mother, Google Now.

If Google is aware of an upcoming flight, hotel, or restaurant reservation on your schedule, that data will now be pulled straight into Maps whenever you’re signed in. Searching for “SFO”, for example, would trigger a drop down list with your upcoming flight’s details. You’ll probably want all that databefore you find yourself searching for directions to the airport — but when the taxi driver asks “Which airline?” and you realize you’ve completely forgotten, keep that one up your sleeve.

Lastly, Google Maps is also now piping in data about upcoming events in a given area or at specific venues. Search for “music venues” and it’ll plot out music venues in the currently shown region and toss up a smattering of upcoming shows. Search for a specific venue — like, say, the Oakland Coliseum (Go A’s!) — and they’ll try to dig up everyone who’s playing there in the next few weeks.

Via: techcrunch

Azerbaijan released election results before voting had even started – oops

Azerbaijani President Ilham Aliyev votes in Baku on Wednesday. (AFP/Getty Images)

Azerbaijan’s big presidential election, held on Wednesday, was anticipated to be neither free nor fair. President Ilham Aliyev, who took over from his father 10 years ago, has stepped up intimidation of activists and journalists. Rights groups are complaining about free speech restrictions and one-sided state media coverage. The BBC’s headline for its story on the election reads “The Pre-Determined President.” So expectations were pretty low.

Even still, one expects a certain ritual in these sorts of authoritarian elections, a fealty to at least the appearance of democracy, if not democracy itself. So it was a bit awkward when Azerbaijan’s election authorities released vote results – a full day before voting had even started.

The vote counts – spoiler alert: Aliyev was shown as winning by a landslide – were pushed out on an official smartphone app run by the Central Election Commission. It showed Aliyev as “winning” with 72.76 percent of the vote. That’s on track with his official vote counts in previous elections: he won (“won”?) 76.84 percent of the vote in 2003 and 87 percent in 2008.

The Azerbaijani Central Election Commission sent out these vote totals to its official smartphone app before voting started. (

In second place was opposition candidate Jamil Hasanli with 7.4 percent of the vote. Hasanli had recently appealed to the Central Election Commission for paid airtime on state TV, arguing that Aliyev gets heavy airtime and the opposition does not. He was denied.

The data were quickly recalled. The official story is that the app’s developer had mistakenly sent out the 2008 election results as part of a test. But that’s a bit flimsy, given that the released totals show the candidates from this week, not from 2008.

You might call this a sort of Kinsley gaffe on a national scale. (A Kinsley gaffe, named for journalist Michael Kinsley, is when a politician gets in trouble for saying something that’s widely known as true but that he isn’t supposed to say.) There’s supposed to be a certain ritual to an election like Azerbaijan’s: demonstrations are put down, reporters are harassed, opposition candidates are whittled down, supporters are ushered to the polls and then Aliyev’s sweeping victory is announced. They got the order wrong here.

As of this writing, Azerbaijan’s election authorities say they’ve counted 80 percent of the ballots, with Aliyev winning just under 85 percent of the vote so far. He’s been officially reelected.

Via: washingtonpost

T-Mobile Takes Aim At Rival Carriers With Free, Unlimited International Data

T-Mobile USA just loves to crow about how different it is from the rest of its carrier rivals; it decided to show off the latest of its “Uncarrier” moves at a packed concert/press event in New York City’s Bryant Park.

Here’s the gist of it: if you’re a T-Mobile customer on one of their Simple Choice plans, you can now use unlimited data in 100+ countries totally free of charge. Better still, existing customers don’t have to do anything — the feature will kick in starting on October 31, so there’s no need for last-minute phone prep before leaving on a jet plane.

This, in short, is ridiculous. In a very good way.

It can be hard to appreciate how impressive that is unless you’re a traveler who’s had to deal with roaming headaches in the past. Let’s put this whole thing in perspective. Back before T-Mobile rolled out this plan, they charged a whopping $10/MB if you were data roaming in Canada, and $15/MB everywhere else. That means if you were to listen to, say, an average 40MB episode of the TechCrunch Droidcast while abroad, you’re looking at an additional $600 on your next phone bill. That’s an admittedly extreme example, but it’s not hard to see how those charges can add up really fast. T-Mobile has also flattened out its international call fee structure. While costs easily used to top $1.59 per minute, calling home from those compatible countries will now cost $0.20 per minute.

Other carriers handle things a little differently. AT&T for instance is a big fan of international data bundles (which I’ve had to deal with more than a few times in the past) — $30 nets you a 120MB bucket to sip from while you’re traveling, with prices increasing from there. That seems a bit easier to swallow, but T-Mobile is the first of the nation’s carriers to do away with the need for pricey bolt-on packages or exorbitant roaming fees altogether. Considering just how much these carriers love money (seriously, it costs hardly anything at all for a carrier to pass a text message along and think about how much those things cost) this is a very surprising, very welcome move.

Naturally, there are some catches. T-Mobile hasn’t confirmed what sort of data speeds you can expect if you’re listening to the Droidcast while on holiday in Cambodia, but I’d wager they’re not terribly zippy. In the event you need to add some extra oomph to the equation, you’ve got the option of shelling out additional cash to temporarily boost those data speeds.

If I’m being completely honest though, there’s probably a considerable chunk of T-Mobile customers that will never take their phones outside of the confines of the United States. This move is certainly a big one, but only a small subset of customers will really see the value in it. At this stage, T-Mobile’s game is all about proving that it’s a different sort of carrier so it can tempt precious subscribers away from its rivals. But I’d wager it’s still got a long way to go before it gets where it wants to be.

You can check out the full list of compatible countries below.

Aland Islands, Anguilla, Antigua and Barbuda, Argentina, Armenia, Aruba, Australia, Austria, Bahrain, Barbados, Belgium, Bermuda, Bolivia, Bonaire, Brazil, British Virgin Islands, Bulgaria, Cambodia, Canada, Cayman Islands, Chile, China, Christmas Island, Colombia, Costa Rica, Curacao, Cyprus, Czech Republic, Denmark, Dominica, Dominican Republic, Easter Island, Ecuador, Egypt, El Salvador, Estonia, Faeroe Islands, Finland, France, French Guiana, Germany, Ghana, Greece, Grenada, Guadeloupe, Guatemala, Guyana, Hong Kong, Hungary, Iceland, India, Indonesia, Iraq, Ireland, Israel, Italy, Jamaica, Japan, Kenya, Kuwait, Latvia, Lithuania, Luxembourg, Malaysia, Malta, Martinique, Mexico, Moldova, Montserrat, Netherlands, Netherlands Antilles, New Zealand, Nicaragua, Norway, Pakistan, Panama, Peru, Philippines, Poland, Portugal, Qatar, Romania, Russia, Saudi Arabia, Singapore, Sint Maarten, Slovakia, South Africa, South Korea, Spain, Sri Lanka, St. Barthelemy, St. Kitts and Nevis, St. Lucia, St. Martin, St. Vincent & the Grenadines, Suriname, Svalbard, Sweden, Switzerland, Taiwan, Thailand, Trinidad and Tobago, Turkey, Turkmenistan, Turks and Caicos Islands, Ukraine, United Arab Emirates, United Kingdom, Uruguay, Uzbekistan, Vatican City, Venezuela, Vietnam, Zambia


Via: techcrunch

10 tips for securing your smartphone

This month is National Cyber Security Awareness Month.

Within October we will take on a few different themes, with this one being ‘Mobile’.

So, with that in mind, we thought we’d prepare some tips to help keep your smartphone safe.

1. Always secure your smartphone with a password

One of the most basic security tips, but one which is sometimes completely overlooked! Having no access protection at all is just foolish. Swipe patterns are ok, but greasy finger-trails could reveal too much.

A four-digit PIN is an improvement but using a strong passcode is the ideal phone protection.

2. Ensure that your device locks itself automatically

If you set up password-protection on your phone but then leave it unlocked on your desk for 15 minutes, you won’t have achieved very much. Most smartphones allow you to set them up to automatically lock themselves after a period of inactivity.

Make sure you choose the shortest timeout you are comfortable with. Two to five minutes is better than ten to thirty, even if it does feel slightly inconvenient.

3. Install security software

Your smartphone is a computing device and should be protected accordingly. Look for an app like Sophos Mobile Security that includes malware prevention, remote data wipe, privacy review of apps and an automatic security advisor to alert you to potential risks when you change a device setting.

If you’re in charge of securing your organisation’s phones and tablets, then choose a mobile device management solution like Sophos Mobile Control.

4. Only download apps from approved sources

The Google Play Store and Apple’s App Store take security pretty seriously. They are very careful about what apps they make available and will withdraw apps that raise concerns after release.

Read user reviews of apps before installing them – if there are any security concerns then someone else may well have mentioned them.

5. Check your apps’ permissions

Many apps require more than the basic default permissions. For instance, you can reasonably expect an SMS app to send and receive text messages just as a mapping app will request your GPS location.

But something like a calculator that needs network access or an alarm clock that wants to read your contact database should be treated with extreme caution!

6. Don’t miss operating system updates

Updates to your OS often include system vulnerability patches, so it’s important to install them.

You might want to be advised of updates rather than having them automatically installed, as early adopters sometimes experience teething problems – but the forgetful among you may prefer that to missing updates altogether.

7. Be wary of any links you receive via email or text message

Now you can pick up email on your phone, exercise caution when clicking on links. And phishing scams are not limited to email – a text message can incite you to click on a dodgy link or ask for personal information.

Even simply replying to unknown SMS or email senders can raise the crooks’ interest in you, leading to more pressure to respond.

8. Encrypt your smartphone

Even if you’ve secured your smartphone with a password, a thief could still plug your device into a computer and gain access to all of your personal information. Using encryption on your smartphone can help to prevent such data theft.

9. Turn off automatic Wi-Fi connection

One of the great things about modern mobile phones is their ability to connect to the internet in many ways, but continually probing for wireless networks gives away information about your identity and location, and blindly connecting to unencrypted access points can let your phone leak all sorts of useful things for malicious actors to intercept and act upon.

So tell your phone to forget networks you no longer use, so as to minimise the amount of data leakage and configure your phone to automatically turn on/off wireless in certain places using a location-aware smartphone app.

10. Turn off Bluetooth and NFC when not in use

Bluetooth and NFC (near field communication) are great in terms of connectivity, allowing you to use accessories such as wireless keyboards and headsets or make payments with a wave of your smartphone.

But it does open a door for the bad guys to gain access to your device and access your data, so you should either switch these features off or put your device into “not discoverable” mode whenever possible. Also, be careful when pairing devices – never accept requests from unknown devices.

If you’re responsible for mobile security at work, you might like to read practical advice for handling smartphones in the workplace.


Via: sophos

Adobe security chief Brad Arkin apologises for credit card theft

Adobe’s chief security officer (CSO) Brad Arkin has posted a blog on the company’s website apologising for a major security breach in which hackers accessed customer’s credit and debit card data.

The company is offering US customers whose credit card details were stolen a year’s free membership to a credit-monitoring service. It is not clear whether the scheme will be extended to UK customers.

Adobe said it had notified banks to watch out for fraudulent transactions.

In the post, Adobe CSO Brad Arkin wrote: “Adobe’s security team discovered sophisticated attacks on our network, involving the illegal access of customer information as well as source code for numerous Adobe products. We believe these attacks may be related.”

Arkin said Adobe’s own investigation found attackers accessed Adobe customer IDs and encrypted passwords on our systems. He said attackers removed information relating to 2.9 million Adobe customers. The data included customer names, encrypted credit or debit card numbers, expiry dates and other information relating to customer orders.

“At this time, we do not believe the attackers removed decrypted credit or debit card numbers from our systems. We deeply regret that this incident occurred,” said Arkin.

As a precaution, Adobe has reset customer passwords to prevent unauthorised access to Adobe ID accounts.

“If your user ID and password were involved, you will receive an email notification from us with information on how to change your password. We also recommend that you change your passwords on any website where you may have used the same user ID and password,” said Arkin.

It is also believed Adobe source code may have been stolen.

The theft is an embarrassment for the company, which has been heavily promoting its Creative Cloud subscription services – now the only way to buy Adobe products.

Last year Adobe’s servers were attacked due to a misconfiguration. In response to that attack, Arkin made major changes to internal security.


Via: computerweekly

Skype Will Finally Start Syncing Chat Messages Across Devices

If you use Skype on your phone and desktop, you know how annoying its inability to effectively keep your chat message status in sync between different machines can be. After you start Skype on your phone, for example, it downloads and alerts you of all of the sometimes hundreds of messages you’ve received since you last shut it down, even though you’ve long seen them on your desktop. Sometimes, this also means the app will be unresponsive for quite a while (or just crash).

Thankfully, it looks like those days will soon be over, as the Skype team today announced that it plans to roll out chat message status syncing across devices over the next few months.

This news was buried deep in a summary of Skype’s most recent (and previously announced) architecture changes and releases.

As the Skype team notes, people now use Skype across multiple devices, so it has decided to finally make syncing a priority. It’s unclear when exactly this capability will start rolling out beyond Microsoft’s vague statement that it’s coming “over the next few months,” however.

Microsoft has recently poured a significant amount of resources into the Skype platform. Not only has it rolled out a new backend architecture that de-emphasizes the peer-to-peer nature of Skype in favor of more centralized services, but it’s also added a number of new features based on these changes.

For example, the company added web-based Skype support to and launched improved push notifications for Windows Phone 8 (even when the app isn’t running) and similar features that its more centralized architecture now enable. It’s also working on connecting the more consumer-focused Skype with its Lync communications suite for businesses.

Via: techcrunch

The beginning of the replications (Star Trek for the un-enlightened)

MIT Scientists Create Modular Robot Blocks That Can Self-Assemble & Reconfigure



Looking at these reconfiguring robo-cubes, created by research scientists at MIT in the face of ongoing naysaying, it strikes me that the human race can’t be far off a huge achievement: building a physical version of Tetris that self assembles. From angular chaos, to robot-enabled order. That and giving future Dalek armies the ability to bound up stairs.

The M-Blocks, shown off in the above video, are reconfigurable, modular robots with no external moving parts. The cubes’ ability to move results from harnessing the momentum of an internal flywheel (which can hit speeds of 20,000 revolutions p/m) — allowing them to climb over one another, make jumps, spin and roll around. And do all that without the need for wheels or legs.

Magnets on the corners of the blocks are used for course correction and stability, so that one small leap results in an M-Block snapping tidily into place atop its fellow, rather than going rogue and skittering uselessly off the table — although they can apparently do that, too. Chamfered edges on the cubes enhance the strength of the magnetism as the cubes rotate over each other to take up their new positions.

Reconfigurable modular robots with no external moving parts have evidently been something of a Holy Grail in the modular-robotics community. “It’s one of these things that the community has been trying to do for a long time,” says Daniela Rus, a professor of electrical engineering and computer science and director of CSAIL, speaking to MIT news. “We just needed a creative insight and somebody who was passionate enough to keep coming at it — despite being discouraged.

“Our objective is to design self-assembling and self-reconfiguring robot systems. These are modular robots with the ability of changing their geometry according to task and this is exciting because a robot designed for a single task has a fixed architecture. And that robot will perform a single task well but it will perform poorly on a different task in a different environment,” she adds in the video.

Very long term, the goal of much modular robotics research is to be able to miniaturise modules to such an extent that swarms of self-assembling microbots (or even nanobots) can be created — capable of reconfiguring themselves into different forms, shapes and sizes, and changing their function accordingly. Albeit, that’s far-off sci-fi stuff.

In the shorter term, the researchers behind M-Blocks reckon there are still potential use-cases for their more substantially sized, reconfiguring robo-cubes. They note that large numbers of the blocks could be used to temporarily repair bridges or buildings during emergencies, for instance, or raise and reconfigure scaffolding, or assemble different types of furniture or heavy equipment. Different cubes could also carry different functions — such as a camera, lights or a battery pack — to augment overall function.

The researchers are currently building an army of 100 cubes, each with the ability to move in any direction, and designing algorithms to guide them — with the aim of having the cubes transform their state from being randomly scattered across the floor, to identifying each other, coming together and then autonomously transforming into various forms (chair, ladder, etc.) on demand.

Via: techcrunch


In an effort to endorse a friendly international intellectual competition, Brainbench is pleased to announce that we are going to make ALL of our certification tests, in over 600 skill areas — FREE to our members.* Not a Brainbench Member? REGISTER FOR FREE


October 14th, 2013 9am EST through October 25th, 2013 5pm EST
All 11+ million Brainbench members, plus anyone who registers during the Bench Games. Tell your friends!
This is a worldwide competition. Champions will be chosen in the following events**:

  • The country that certifies the greatest number of their citizens
  • The country that certifies the most citizens at Master Level (Score 4.0 or higher)
  • The U.S state that certifies the greatest number of their citizens
We are giving away more than $100,000 worth of Brainbench subscriptions! Subscriptions will be awarded to each person who scores highest on a given test*** (A $199 value). Current subscription members will be awarded an additional year to their account.
So, in addition to getting FREE access to our 600+ certification tests, beefing up your resume/CV, and finding out where you stand against your peers, you also get to help your country win Bench Games!
If you are already a member, simply log in
between October 14th and October 25th, 2013. If you are not currently a member, register today. It is fast, easy and FREE. Also, be sure to share this event with your friends and peers!


The Bench Games Leader Board will be available starting on October 15th. It will be updated every 48 hours by 1pm EST (except on Oct 19th and 20th) throughout duration of the competition to track how your country is doing or who has bragging rights for top scores. The finaly update to the leaderboard will be posted on Monday October 28th. Winners will be individually notified sometime after the 28th. “Like” our Facebook Page
for special access and latest updates to the leader board even before it is posted on our website!

Good luck and may the best country win!

Adobe Gets Hacked, Product Source Code And Data For 2.9M Customers Likely Accessed

Uh oh — Adobe has just disclosed that one of their servers has been hacked.

While their investigations are still ongoing, Adobe has shared a few details on what they believe could have been accessed and obtained in the hack — and it’s a big one.

From what Adobe has shared so far, it sounds like the hackers had access to encrypted data for as many as 2.9 million customers. While Adobe stresses that the data is encrypted and that they “do not believe the attackers removed decrypted credit or debit card numbers”, that data — encrypted or not — is definitely not something they want out in the wild.

Adobe has yet to disclose how that data was encrypted, so it’s currently unclear just how secure it is.

Meanwhile, it also appears that the hackers may have been able to access the source code for at least three of Adobe’s products: Acrobat, ColdFusion, and ColdFusion Builder. This goes hand in hand with a report from Brian Krebs this morning, who noted that he and a fellow researcher had discovered at least 40GB of Adobe source code available on a hacking group’s private server.

Beyond the obvious business implications of having your otherwise locked down source code floating around in the wild, there are potentially massive security concerns here. Once you’ve got the source code for an application in hand, it becomes much easier to dig up the stealthy lil’ security screw ups that might otherwise go unnoticed. Combine this new potential for big zero-day exploits with the many, many millions of Adobe Acrobat (Adobe’s official PDF reader) installs around the world, and this all starts to get pretty worrisome.

Time to look at Foxit Reader.


Via: techcrunch