Hacking

And You Will Know Us by the Trail of Lulz

The hacker group LulzSec has been carrying out a security-busting blitzkrieg across the Web over the last few weeks, and its targets are getting bigger and bigger. You can tell where it’s been by the path of sites left shivering in a fetal position — sites belonging to organizations like PBS, Sony, Bethesda Softworks, and even the U.S. Central Intelligence Agency.

LulzSec’s latest stunt’s been to set up a so-called dial-a-hack hotline. You can call in and make a case that Lulz’s hackers should make their next target whatever group or company you presently have a beef with. If Lulz likes your suggestion, they’ll do what they do and run roughshod over that organization’s computer systems, leaking data, shutting down systems and causing general cyberchaos. Judging by the sites they’ve hit so far, it seems some of them are pretty good at it, too.

What’s perhaps most unusual about LulzSec is its motive. Its hackers don’t seem to be doing what they do for a direct profit — so far there’s no indication they’re stealing credit card data to sell on the black market, which is where the money is for for-profit hackers. The word “Lulz” in the name suggests they’re doing it for the pure hell of it. It’s Internetspeak for the joy derived from causing disorder in the lives of others. But perhaps the point isn’t entirely to just go around griefing up the place. They also seem intent on proving a point by actively demonstrating how just how weak so many computer security systems really are, even ones used by hundreds of thousands of people.

That’s not to say what LulzSec is doing is harmless. Publicizing the usernames and passwords for tens of thousands of online accounts isn’t harmless, and that’s exactly what Lulz has done on multiple occasions. That could easily result in fraud committed by a third party. Weaknesses in the security systems used to protect these users’ info might be partially to blame, but generally accepted etiquette among hackers holds that if you find a weakness, you tell the site’s admins about it and give them ample time to fix it before threatening to spew the data. LulzSec apparently just spews away.

There’s even been speculation that some members of LulzSec might actually be white-hat hackers by day, working at familiar and trusted security companies that do play by the rules. Then they go home, change into some shade of gray perhaps, and go about “fixing” security in a very different way.

Important detail: LulzSec is not the same as Anonymous. In fact, the two hacker groups have reportedly butted heads recently, and 4chan, a site closely associated with Anonymous, was down for a few hours this week, possibly due to a LulzSec strike. It appears the scuffle is rooted in video games — LulzSec’s attack on various online game networks pulled the rug out from under certain games favored by 4channers, and they vowed mortal revenge.


Listen to the podcast (14:52 minutes).


Blasphemy? Madness? This Is Spartan!

For iPhone users who don’t care to jailbreak their phones, there’s one and only one place to get iOS software: the App Store on iTunes.

But back when the iPhone was young, way back in 2007, there was no App Store. An iPhone could only be made to run third-party native apps if you hacked it; meanwhile, the unwashed masses were made to settle for Web apps. Developers could design dynamic, interactive Web pages that fit perfectly within the iPhone’s Safari browser, and from there the iPhone owner could use them sort of like they were native apps, only they were actually running on a server somewhere, not on the phone. Most were free — and pretty lightweight.

Of course Web developers can and do still make Web apps for iPhone, but now that there’s an App Store, that’s not the only option. However, the App Store isn’t exactly a free and open market — it’s lorded over by Old Man Apple, and in order to set up your booth you have to conform to a pretty thick rule book and pay Apple a portion of your sales revenue.

Now social network Facebook might be getting ready to revive the Web app scene.

The site’s big upcoming project is called “Spartan,” and it would effectively act as an alternative App Store, according to a TechCrunch report. As it’s being described, it sounds like you could even call it a sort of alternate iPhone OS.

Theoretically, it will all happen through Safari, the iPhone’s native Web browser. Users who go to a special Facebook site will be presented with a wide variety of Web apps. And those apps will be 100 percent under the control of Facebook, not Apple.

Accessing and using these apps might even make it feel like the Web page itself is the operating system — kind of the same argument that suggests that for all practical purposes, the real OS you’re using isn’t OS X or Windows or Linux; it’s actually whatever Web browser you’re on, since so much activity happens on the Web.

But didn’t iPhone developers grumble back in 2007 about having to write for the Web when the iPhone was perfectly capable of running software natively? Would Spartan actually be a step backwards into a leaner, plainer software environment? Not necessarily. The Web has changed a lot since 2007, and thanks to advances like HTML5, it’s possible to create richer, deeper iPhone Web apps.

Of course a Spartan app wouldn’t be able to match a native app’s ability to interact with certain iPhone features — for example, the accelerometer or gyroscope — and Web apps aren’t much good if you don’t happen to have Internet access at the moment. So it wouldn’t be a full-on App Store replacement. But some developers who are fed up with Apple’s rules might flock to Spartan if Facebook gives them more liberty in terms of content and how much money they can keep. In fact, TechCrunch says Facebook already has 80 on its side.

Those developers have always been free to make a Web app, of course. The tricky part is promoting that app and getting a whole bunch of users to swing by, check it out and perhaps even pay for it without the help of a central, trusted hub. If the official App Store is a promotional and payment tool for native apps, Spartan could do the same for Web apps — Facebook definitely has the numbers and the name recognition.

If Spartan is real and works as expected, it could present a significant threat to Apple’s own App Store. It sounds like the kind of thing Apple would fight tooth and nail, and the company’s been known to block out perceived threats by tweaking what it does control — it’s own platform. In this case, though, that would be Safari, and changing Safari in ways that would hinder Spartan but not hobble the browser itself would be a difficult balancing act.

The Pinch-Hitters

It was supposed to be a simple plan. Step 1: Threaten a few mobile application developers with lawsuits for allegedly violating a patent. Step 2: Offer them a way out that would cost the developers way less than it would cost to hire the kind of lawyers it would take to actually fight the matter. And Step 3, as always, profit.

That was the plan devised by an outfit called “Lodsys,” and if you ask them, they’ll insist what they’re doing is completely fair and reasonable. The company owns a patent on a technology used for making in-app purchases, and it says that patent is being violated by app makers all over the place. So it sent out some nastygrams here and there presenting various app developers with two options: Either get caught up in a legal battle that will cost you big even if you win, or pay Lodsys a fraction of a percentage point of your future revenues to license the tech and we’ll call it a day.

You might call that a fair and reasonable attempt to protect one’s IP, or you might call that trolling — especially since devs who build for Apple’s iOS platform may already have the right to use that technology. Apple’s already licensed Lodsys’ patent and bundled it into the toolset it gives developers to make iOS apps. According to Apple, that license extends to third-party developers, and it means Lodsys’ threats against them are groundless.

When the threats first started appearing in developers’ mailboxes, Apple caused quite a bit of tension by staying silent on the matter. Finally, Apple lawyer Bruce Sewell penned a short, firm and probably very expensive letter asserting that Lodsys was full of crap.

Lodsys refused to back off, and now Apple’s decided it’s time for action. It’s filed a motion to intervene in a lawsuit Lodsys has filed against seven iOS developers. If the judge gives the OK, instead of going up against the motley crew of lawyers the devs have hired, Lodsys will face Apple’s private army of legal assassins. Their goal is probably not only to defend those seven developers in particular, but also to smash up Lodsys’ case so badly that it won’t even think about threatening to sue any more iOS developers.

From the devs’ point of view, the Sewell letter from a few weeks ago was a hopeful sign, and now that Apple’s put action behind words, they’re probably breathing a sigh of relief. They’ll breathe an even bigger one if the judge allows the motion. As much as software makers have complained about Apple’s App Store rules in the past, at least they now know it has their backs in a pinch.

For Lodsys, it’s not such a great turn of events. Apple’s developer community is highly valuable to the company, and it looks like it’ll go to great lengths to protect it, so Lodsys isn’t in for an easy fight. Its lawyers are going to be busy, and not just because they’ll be fighting Apple’s hired guns. Companies like The New York Times and computer security firm ESET have reportedly filed lawsuits of their own against Lodsys. Both firms had been targeted by Lodsys and are countersuing in separate actions to get its patents invalidated.

Startling Recognition

Even though Facebook’s apparently been using facial recognition technology for almost half a year, that fact didn’t seem to garner much media attention until last week, when all of a sudden it was being regarded as the creepiest thing Facebook’s ever done.

Privacy advocates and consumer groups were quick to issue their criticism of the not-so-new feature, but catching hell from those organizations over the site’s constantly changing privacy controls and policies is probably something Facebook’s very much used to by now.

This time, though, those groups went a step further and whipped up a 38-page complaint to the FTC. The move was spearheaded by EPIC, the Electronic Privacy Information Center — and groups like the Center for Digital Democracy, Consumer Watchdog and the Privacy Rights Clearinghouse all signed on.

The complaint charges that the use of this technology creates an image identification system under the sole control of Facebook, which violates the site’s privacy policy and various public assurances it’s made in the past, constitutes an unfair and deceptive trade practice, and endangers and violates individuals’ rights to privacy. The complaint also hints at possible ways the system can be abused, citing facial recognition technologies used in Iran and China as examples. There’s even the suggestion that once Facebook has its nice, fat database of automatically recognized faces, it could be accessed by government organizations like DHS, given their already somewhat cozy relationship with the social network.

Facebook has defended itself by asserting that the technology’s only used to suggest tags a user might want to add to a photo, it only brings up images of people the uploader is friends with, it requires direct approval before actually applying the tags, and the whole thing is opt out, so if you don’t like it you can tell it to go away.

But the complaint has already caught favorable attention on Capitol Hill. Massachusetts Representative Ed Markey has spoken up as an early supporter of the complaint, and California’s Mary Bono Mack has been on Facebook’s case regarding facial recognition since last week, when the feature received wide attention from the media.

You Won’t Fool the Routers of the Revolution

The protests that have been going on in the Middle East and NorthernAfrica since last winter have been some of the most dramatic, largestand longest-lasting popular demonstrations in modern history, so itsounds kind of trivial to call the whole phenomenon “The FacebookRevolution” or “The Twitter Uprising.” Most of us use social networksdo stuff that’s a little more mundane than overthrowing thegovernment. But in the countries where Arab Spring Fever has takenroot over the last few months, social networks like these have beenvital tools for protesters attempting to organize themselves andcommunicate instantaneously with an unlimited audience.

For many of the under-siege governments these protesters are trying tooust, the response has been to pull the plug on the entire Internet.They’ll order local ISPs to shut down service entirely, all the whileclaiming that it’s being done to protect the masses from onlinerabble-rousers. The result is often the opposite: Shutting off theInternet just pisses the people off even more, so instead of a halfway-organized protest you have flat-out chaos.

Once in a while, some of the more tech-savvy protesters have been ableto rig up some kind of improvised network, but in the event thatanother dictator calls for another Internet blackout, the U.S. StateDepartment wants to make it easier for demonstrators to get themselvesback online.

The State Department has revealed it’s funding a program to puthotspots in hot zones. The New York Times originally broke the story,and the government publicly confirmed it a few days later. The plansinclude the design and construction of something that’s being referredto as an “Internet in a suitcase.” It’s a portable case packed withnetworking gear that can be deployed to create what’s basically amassive WiFi router. It’d be amped up to provide a way-bigger signalthan that little Netgear thingy on your desk, and of course the FCCwould have nothing to say about that as long as it’s not used in theU.S.

The plans also include putting powerful cellphone towers on U.S.military bases located in and around volatile countries.

Acknowledging the program might earn the U.S. State Department a PRGold Star — preserving the free flow of information when a dictatortries to kink the hose does sound very pro-democracy. However, it’sstill unknown whether some of these ousted governments will bereplaced by leaders whose interests align with those of the U.S. ingeneral and the present White House in particular. It remains to beseen whether this program will swing in to the rescue of any massprotest group whose wires have been cut, or if it’ll only be there forones whose politics pass a litmus test.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Technewsworld Channels