Twitter resets passwords by accident

4 March 2014 Last updated at 11:43

Twitter instructed thousands of users to change passwords due to accounts being "compromised" - but it has since said the emails were sent by mistake.

The reset notices were sent out to users on Monday, prompting many to question if the service had been hacked.

The social network would not say how many users had been affected, but apologised for the inconvenience.

Twitter users, particularly those with high profiles, are frequently targeted.

'System error'

Groups such as the Syrian Electronic Army (SEA) have become adept at tricking users into unwittingly handing over log-in details for social media,

This round of emails sent by Twitter came with a warning that: "Twitter believes that your account may have been compromised by a website or service not associated with Twitter."

It added: "We've reset your password to prevent accessing your account."

It has since blamed a "system error" for the notices being sent, although those who received the email will still need to reset their details despite the false alarm.

Last year, similar emails were sent out for a real breach. Some 250,000 users' passwords had been stolen, as well as usernames, emails and other data, the site's security director said at the time.

23.59 | 0 komentar | Read More

MtGox gives bankruptcy details

4 March 2014 Last updated at 09:12

More details have emerged into what led MtGox, one of the largest Bitcoin exchanges, to file for bankruptcy.

There was a "high probability" that the bitcoins had been stolen through a bug in MtGox's systems, the firm said in a statement.

Investigations to find the culprits are under way, it added.

MtGox filed for bankruptcy in Japan on Friday. Days earlier the site had closed down after losing an estimated 750,000 of its customers' bitcoins.

Much of the statement released on MtGox's website confirmed details contained in a leaked document that surfaced just days before the bankruptcy application.

'Crimes punished'

As well as the 750,000 bitcoins belonging to customers that were lost, the company said it had also lost approximately 100,000 of its own. This amounts to nearly $500m (£300m).

It also said MtGox accounts held with financial institutions currently contained approximately 2.8bn yen (£16.5m) less than the amount MtGox users had deposited.

To "establish the truth" about what had happened a "huge amount of transaction reports" would need to be investigated, MtGox said.

Because of this, MtGox could not give an exact amount of missing deposit funds or the total amount of bitcoins that had disappeared.

MtGox also said that it had appointed an expert to look at the possibility of criminal proceedings.

"We will make all efforts to ensure that crimes are punished and damages are recovered," it said.

The possibility of continuing as a business in order to pay back creditors was also being explored, the company said.

A call centre has also been set up to answer customers questions.

Japan said on Tuesday that the government was still trying to determine what had led to the collapse of MtGox.

"We still have not had a clear grasp of the situation," Japanese Finance Minister Taro Aso said, according to Reuters.

"[We] don't know if it was a crime or just a bankruptcy."

Meanwhile another Bitcoin bank - Flexcoin - has announced that it too is going out of business, following a hack attack which saw 896 coins stolen. It is working with law enforcement to trace the source of the hack.

"As Flexcoin does not have the resources, assets, or otherwise to come back from this loss, we are closing our doors immediately," it said.

The European Banking Authority (EBA) is set to create a taskforce to advise on whether virtual currencies should be regulated.

The watchdog, which is due to be created before July, will analyse the risk to consumers of using virtual currencies such as bitcoins.

23.59 | 0 komentar | Read More

China criminals 'target mobile web'

4 March 2014 Last updated at 12:47

Chinese cybercriminals are increasingly targeting mobile users via a vast underground network of tools and services, according to a new report.

Security firm Trend Micro outlines the popular methods used by Chinese gangs to make money from the mobile web.

It details how cheap some mobile malware kits can be - from as little as 100 yuan (£9.70).

Such underground forums are thriving worldwide, particularly in Russia, China and Brazil.

The Mobile Cybercriminal Underground Market report outlines some of the key businesses operating in this vast and sophisticated network.

Spam devices

It includes the selling of premium-rate phone numbers, which can be bought from 220,000 yuan (£21,400).

Such numbers are used in conjunction with malicious apps that reply to text messages and then delete confirmation messages so users end up paying vast sums to cybercriminals without realising.

Spam is big business in a country where 81% of Chinese internet users went online using their mobile phone in 2013.

At the end of 2013 there were 500 million mobile internet users in China, according the China Internet Network Information Center (CNNIC).

To launch spam campaigns, cybercriminals often use a GSM modem, a device attached via USB to a computer, which can send out text messages to multiple users.

A 16-slot GSM modem, are available for approximately $425 (£254) each, can send up to 9,600 text messages per hour.

This spam can be used to advertise various products as well as tricking users into visiting malicious websites.

The report also talks about SMS forwarders - which are Trojans designed to steal authentication or verification codes sent via text messages.

They monitor text messages sent from online payment service providers and banks and intercept authentication or verification codes which are then forwarded to cybercriminals.

Currently they only run on Android phones.

Boosting apps

Apple users are also being targeted via iMessage spammers that are able to buy 1,000 spam services for as little as 100 yuan (£9.60).

Also operating on the mobile underground are app-rank boosting services, which can promote a malicious app by creating several dummy accounts to download and write good user reviews for it.

To boost an iPhone app into the top five of Apple's China app store can cost 60,000 yuan (£5,800).

In Android third-party stores - where most Chinese Android users shop - cybercriminals pay according to the number of downloads they want, with prices starting at 40 yuan (£3.90) for 10,000 downloads.

The report concludes: "The barriers to launching cybercriminal operations are less in number than ever. Toolkits are becoming more available and cheaper; some are even offered free of charge.

"Cybercriminals are also making use of the 'deep web' to sell products and services outside the indexed or searchable world wide web, making their online shops harder for law enforcement to find and take down."

23.59 | 0 komentar | Read More

Rent-out-your-toilet app launched

4 March 2014 Last updated at 14:41

An app that allows people to charge members of the public to use their private toilet is being tested at the New Orleans Mardi Gras.

AirPnP - inspired by AirBnB, a service for renting out your property to travellers - said it offered a "legal alternative" to urinating in public.

Willing "entrepeeneurs" can charge a price to use their toilet, and must add details such as cleanliness and toilet paper thickness.

Users can rate their "pee experience".

The founders said the site was inspired by the yearly trouble the founders had when attending New Orleans's Mardi Gras festival, which has been running since 1837.

"During the Mardi Gras they routinely experienced the pain point of having no place to legally urinate," the Airpnp "About us" page explains.

"This problem is often solved by using what is known as a 'rogue pee'.

"If caught the person faces a weekend in Orleans Parish Prison. Yet this stiff penalty doesn't stop thousands upon thousands of 'rogue pees'. This clearly demonstrates the demand for a legal alternative."

'Porcelain paradise'

Almost 2,000 people have signed up to use the app. At the time of writing, about 20 toilets had been added. All are in New Orleans, except one posted in Budapest, Hungary.

"Clean bathroom in our uptown home," reads one.

"Toilet paper and hand soap provided, of course. Large mirror for checking yourself out."

Another advert offers a "porcelain paradise" just off the main parade route, for $3 per visit.

The advert reads: "Imagine, you, gazing at passing floats. Now imagine you gazing at more floats just a few minutes later. Because that's all it will take for you to unleash your bowels in our frequently cleaned porcelain paradise."

The app's founders have a history of creating public-service-minded apps.

One of them, Travis Laurendine, has been recognised by the White House for efforts in "hacking" for a civic cause.

More than 10 million people have booked rooms using AirBnB, a popular alternative to using a hotel.

While Uber allows people to use their own vehicles to provide taxi rides.

These types of services - dubbed the "sharing economy" - rely on the principle that allowing users to easily vote on how good a service is will ensure high quality.

23.58 | 0 komentar | Read More

Cyber 'stand-off' in Ukraine crisis

5 March 2014 Last updated at 14:01 By Dave Lee Technology reporter, BBC News

As diplomatic efforts are stepped up to ease tensions in Ukraine, security experts have warned that Kiev and Moscow are locked in a cyber stand-off.

Security forces in Ukraine have accused the Russian army of disrupting mobile communications.

Smaller-scale attacks have seen news websites and social media defaced with propaganda messages.

Cyber-attacks were utilised heavily during Russia's 2008 conflict with Georgia.

In that case, distributed denial of service attacks - known as DDoS - were used to overwhelm websites and servers in Georgia in the weeks leading up to the military action.

The Georgian government said Russia was behind the DDoS attacks, but the Kremlin denied this - stating that it was possible for anyone, inside or outside Russia, to launch such an attack.

Tampering

On Tuesday, Ukrainian authorities confirmed that communication networks had been targeted, the first significant disruption of technology.

"I confirm that an... attack is under way on mobile phones of members of the Ukrainian parliament for the second day in a row," Ukrainian security chief Valentyn Nalivaichenko told journalists.

"At the entrance to [telecoms firm] Ukrtelecom in Crimea, illegally and in violation of all commercial contracts, was installed equipment that blocks my phone as well as the phones of other deputies, regardless of their political affiliation."

In addition, Ukrtelecom said its premises were raided last week by armed men, and fibre optic cabling was tampered with, causing loss of service for some users.

Russian security services have not commented on whether they were behind either incident.

Security experts have speculated that Russia may be exercising restraint with its cyber-capabilities.

Marty Martin, a former senior operations officer with the US Central Intelligence Agency, said more extreme cyber-attacks may only take place if violence escalated.

"A lot of times you don't want to shut things down," he told Reuters.

"If you do that, then you don't get your flow of intelligence. You are probably better off monitoring it."

What we are unlikely to see, experts say, is cyber-attacks of the same scale as in 2007, when Estonia suffered a 10-day attack on its internet services, causing major disruptions to its financial system.

The attacks coincided with a disagreement between Estonia and Russia over the relocation of a Soviet war memorial.

Patriotic

While military action is visible and open to scrutiny from the international community, cyber-activity is considerably harder to track and attribute to a source.

Much of Ukraine and Russia's cyber-attack capability lies with criminal gangs, as well as so-called patriotic hackers willing to work for each country's respective cause.

"If the Russians are able to get their patriotic hackers to effectively participate in a war for them, it could be very effective," said Paul Rosenzweig, founder of Red Branch Consulting, and formerly of US homeland security.

Continue reading the main story

We just don't know whether they will be motivated to fight or not"

End Quote Paul Rosenzweig

"That's not even beginning to think about the Russian military's capabilities directly, which are also no doubt quite sophisticated, but we've never really seen deployed. The Russian military's capabilities are unclear."

Likewise, Ukraine can also draw on considerable expertise - provided it can be mobilised.

"They are very active and very effective as well," Mr Rosenzweig told the BBC.

"We sometimes mistake Ukrainian groups for Russian groups as they come from roughly similar IP addresses and things like that. The Ukrainians, being slightly more westernised in their nature have expertise based in other countries.

"It's a really effective outside group, a diaspora if you will, but we just don't know whether they will be motivated to fight or not."

Vandalised

Activity from these groups would probably focus on small-scale defacements and disruption, experts believe.

One Ukrainian hacktivist group - Cyber-Berkut - posted a list of 40 websites that it had vandalised since the dispute began.

It included the homepage of state-funded broadcaster Russia Today, which for a short time was altered so that the word "Russians" was replaced with "Nazis".

But Mr Rosenzweig was keen to stress that any perceived damage from these types of cyber-attacks is of little significance if on-the-ground military action is taken.

"We should not overemphasise the importance of cyber," he said.

"Tanks beat cyber-bullets."

Follow Dave Lee on Twitter @DaveLeeBBC

23.58 | 0 komentar | Read More

Ads 'biggest mobile malware risk'

5 March 2014 Last updated at 13:27

Adverts on websites are now the biggest source of malware on mobile phones, according to a study.

Research by security company Blue Coat suggests web adverts have overtaken pornography as the most common way for users to encounter a malware threat.

On one in five occasions when a mobile user comes into contact with malware, it is via an online advert.

Mobile malware is growing, but accounts for just 1% of all malware threats, networking company Cisco says.

Although web adverts have replaced pornography as the most common way for users to encounter malware, attacks from X-rated sites are still the most effective.

Less than 1% of all requested content on a mobile is for pornography, yet it is responsible for 16% of malware attacks.

'Malicious sites'

"While users don't access pornography that frequently, when they do, they are very vulnerable to malware," said the report.

In comparison, Blue Coat say, adverts make up 12% of requested content but are responsible for nearly 20% of attacks.

The adverts are often displayed through "legitimate ad networks" but contain "malicious code" or direct users to "malicious sites".

The report states that the threat of malware from web ads has increased almost three times since it last looked at data relating to the trend in 2012.

Cisco's 2014 Annual Security Report noted that although mobile malware was "not a significant percentage" of web malware encounters "it is still worth noting because mobile malware is clearly an emerging area of exploration for malware developers".

It also found that when mobile malware is intended to compromise a device, it is nearly always targeted at Android devices.

But when mobile malware is not specifically designed to target certain types of devices, then 70% of the attacks were experienced by Android devices and 14% by Apple iPhone users.

Blue Coat recommended that mobile users considered blocking web ads on their devices to prevent them becoming victims of a malware attack.

Ad-blocking apps exist for both Android and Apple devices and browser settings can be adjusted to prevent ad pop-ups.

23.58 | 0 komentar | Read More

Robot ships designed by Rolls-Royce

5 March 2014 Last updated at 12:47 By Jane Wakefield Technology reporter

Unmanned cargo ships could become a reality on our oceans within the decade, according to manufacturer Rolls-Royce.

The firm has been showing off the designs for its concept crewless ships.

The EU is funding a 3.5m euro (£2.8m) project dubbed Maritime Unmanned Navigation through Intelligence (Munin) which aims to develop its own autonomous ship.

Experts remain divided over whether such vessels will become a reality.

No crew

Writing about the future of shipping Oskar Levander, Rolls-Royce's vice president of innovation, engineering and technology said: "Now it is time to consider a road map to unmanned vessels of various types. Sometimes what was unthinkable yesterday is tomorrow's reality.

"Given that the technology is in place, is now the time to move some operations ashore? Is it better to have a crew of 20 sailing in a gale in the North Sea, or say five in a control room on shore?" he asked.

A remote-controlled ship would look quite different to a traditional one, he added, largely because there would be no need for the facilities and systems currently needed for a crew.

"Eliminate or reduce the need for people and vessels could be radically simplified," he said.

According to Moore Stephens LLP, an industry consultant, crew costs account for 44% of total operating costs for a large container ship.

E-navigation

Maritime transport has seen significant spikes in volumes in recent years and shipping is now worth $375bn (£224bn) annually.

There are approximately 100,000 merchant ships in operation around the world with certain areas of water - such as the English Channel - clogged with vessels.

Unmanned ships are currently illegal under international law, according to Simon Bennett, a spokesman for the International Chamber of Shipping, an industry representing more than 80% of the global fleet.

"It would require a complete overhaul of the regulatory regime. Apart from the safety considerations, there would also be a lot of questions from bodies such as trade unions," he told the BBC.

"While I wouldn't dismiss it completely, realistically it is hard to see remote-controlled ships without any crew for two to three decades," he added.

But there is, he said, intense debate in the shipping industry at the moment about the use of e-navigation - using computerised systems to navigate ships from dry land.

The ships would still have crews but some of the operational control would be moved to a system known as vessel traffic services, he explained.

For now Rolls-Royce's plans for robot ships remain at the concept stage but it is busy showing off its paper designs in the hope of persuading the industry that such change is inevitable.

And it has precedents from other transport industries.

Car manufacturers, from Tesla to Nissan and Daimler have promised self-drive cars will be on the roads by 2020 or sooner.

23.58 | 0 komentar | Read More

Tumblr confirms talks over safety

By Greg Dawson
Newsbeat reporter Charlotte, 20, took an overdose after being influenced by blogs on Tumblr

Tumblr has confirmed it is in talks with the UK government as part of attempts to improve online safety.

The blogging site was criticised recently at the inquest into the death of 15-year-old Tallulah Wilson, who took her own life after posting self-harm photos on the site.

Tumblr says it "draws lines" at harmful content like self-harm blogs.

A meeting, chaired by Culture Secretary Ed Vaizey, was held last month with all the major social networking sites.

Continue reading the main story

People were almost encouraging you to do it saying they would self-harm with you. I saw a lot of people put on very graphic pictures of their self-harm

Charlotte, 20 Former Tumblr user

A follow-up meeting is set to take place soon.

Laura Higgins, from the UK Safer Internet Centre, said: "It was a very positive meeting. It is the start of a process. We talked about how reports are dealt with and how the sites are moderated.

"It's something we're going to be regularly looking at. Hopefully there will be some sharing going forward of the really good practice that was there in the room."

Self-harm photos

During the inquest it was revealed that Tallulah's mother closed down her daughter's Tumblr account shortly before her death because it contained photos of her harming herself.

Sarah Wilson said her daughter was "caught in a toxic digital world" and claimed other girls on the site were also cutting themselves and comparing their injuries.

It was a similar experience for 20-year-old Nottingham University student, Charlotte.

She used the site anonymously when she was suffering an eating disorder and self-harming.

Charlotte says she would sometimes post photos of her wounds to the site.

She said: "People were almost encouraging you to do it saying they would self-harm with you. I saw a lot of people put on very graphic pictures of their self-harm.

"Sometimes you get into the way of comparing your injuries to theirs."

Tallulah Wilson posted self-harm pictures on Tumblr before taking her own life

Charlotte took an overdose but survived, with a badly damaged liver.

She said: "The fact that my mental state at that point was unstable, the fact that I used Tumblr in that way, I think that it did have a big influence."

In a statement Tumblr said: "Tumblr is deeply committed to protecting our users' freedom of expression, but we draw lines around a few categories of content we consider damaging to our community, including blogs that encourage self-harm.

Continue reading the main story

When I challenged them about some of their policies before they said, 'We've run these huge campaigns with teenagers in schools' but it was all in America

Laura Higgins UK Safer Internet Centre

"Users are encouraged to report those blogs to abuse@tumblr.com, where our Trust and Safety team can respond to content that violates our policies."

However, critics believe the site can do more to intercept harmful content before it is uploaded.

There has also been criticism that it focuses too heavily on its US audience when it comes to referring users to support sites.

Ms Higgins said: "They have millions of UK-based members. When I challenged them about some of their policies before they said, 'We've run these huge campaigns with teenagers in schools' but it was all in America.

"None of that has happened here in the UK. I think a lot of people wouldn't even know how to report something if they saw it on Tumblr."

Follow @BBCNewsbeat on Twitter

23.58 | 0 komentar | Read More

Rules leave inherited iPad 'useless'

5 March 2014 Last updated at 12:33 By Natalie Donovan & Kevin Core You and Yours

A man whose mother bequeathed her iPad to her family in her will says Apple's security rules are too restrictive.

Josh Grant, 26, from London, told BBC Radio 4's You & Yours his mother bought the tablet during her cancer treatment.

Since her death, they have been unable to unlock the device, despite providing Apple with copies of her will, death certificate and solicitor's letter.

Apple says its security measures have led the industry in helping customers protect lost or stolen devices.

Anthea Grant bought the tablet two years ago when she had her first cancer diagnosis, using it mainly for games and for video calling to keep in touch with her sons.

In her will she indicated that her estate was to be split between her five boys, and the brothers decided the eldest son Patrick should have the iPad.

Consent

After her death, they discovered they did not know her Apple ID and password, but were asked to provide written consent for the device to be unlocked.

Mr Grant said: "We obviously couldn't get written permission because mum had died. So my brother has been back and forth with Apple, they're asking for some kind of proof that he can have the iPad.

"We've provided the death certificate, will and solicitor's letter but it wasn't enough. They've now asked for a court order to prove that mum was the owner of the iPad and the iTunes account.

"It's going to have to go through our solicitor and he charges £200 an hour so it's a bit of a false economy."

The security measures are designed to prevent unauthorised access to Apple users' online iCloud accounts, which could include personal documents, photos and messages.

Continue reading the main story

It's a bit cold of them not to treat things on a case-by-case basis""

End Quote Josh Grant

Mr Grant said: "I thought we might use it as a shiny placemat. I'm a big fan of Apple, their security measures are great but we have provided so much evidence.

"At 59, my mum was fairly young, I've already lost my dad and it's a bit cold of them not to treat things on a case-by-case basis."

Apple told You & Yours it had led the industry in helping customers protect lost or stolen devices, and that Find My iPhone, launched in 2009, allowed customers to remotely set up passwords and remove personal information.

It added that a measure called Activation Lock also gave customers control of their device and acted as a theft deterrent.

23.58 | 0 komentar | Read More

E-cigarette ban for Los Angeles

5 March 2014 Last updated at 15:07

Los Angeles City Council has voted to ban the use of electronic cigarettes in the city's restaurants, bars, nightclubs and public spaces.

The council voted unanimously to ban the battery-powered devices, which are filled with nicotine liquid.

If the bill is signed into law, Los Angeles would follow New York and Chicago in imposing similar rules.

A consultation looking at the advertising of e-cigarettes in the UK began last week.

The use of e-cigarettes in the UK has increased rapidly. According to data research company Mintel, the market is now worth £193m.

Their use has been controversial, with some politicians saying they are "re-normalising" smoking.

'Online clinic'

Rather than inhaling the toxic substances found in tobacco, e-cigarette users inhale vaporised liquid nicotine. Because of this, their use has become known as "vaping".

Currently e-cigarette companies in the UK are able to advertise their products on television and through normal advertising channels.

The consultation by the Committee of Advertising Practice (CAP) aims to provide "clarity and protection" about the advertising of e-cigarettes.

At the launch of the consultation, CAP secretary, Shahriar Coupal, said: "The market for e-cigarettes is fast-growing and the existing rules haven't been able to give advertisers the clarity they need. By proposing new specific rules, we're providing a clear framework for responsible advertising.

"Given the potential association with tobacco products and the fact that many e-cigarettes contain nicotine, it's important we put in place strong responsibility rules to make sure that the public and particularly children are protected."

The EU was also looking at the use of e-cigarettes and the outcome of those discussions would determine how the products were regulated and advertised in future, the consultation document said.

New York voted to ban vaping in public spaces at the end of 2013 and Chicago does not allow people to vape where smoking is also banned.

The UK government announced that under-18s would be banned from buying e-cigarettes in the same way that they were unable to buy tobacco products.

To try to prevent young video gamers from taking up smoking, a Swedish non-smoking organisation has set up an anti-smoking clinic in the video game Minecraft.

It conducted a survey that suggested Swedish teenagers thought people started smoking to show they were fearless.

"We want to help young people to talk about fears, instead of hiding them behind a cigarette," Ann-Therese Enarsson from A Non-Smoking Generation told news website PSFK.

23.58 | 0 komentar | Read More