FOSS Week in Review
FBI claims U.S. computers breached by Anonymous
In an exclusive story published Saturday by Reuters, the FBI has claimed Anonymous has managed to hack into U.S. government computers and steal sensitive data. What’s more, they believe these intrusions have been going on for at least a year.
“The hackers exploited a flaw in Adobe Systems Inc’s software to launch a rash of electronic break-ins that began last December, then left “back doors” to return to many of the machines as recently as last month, the Federal Bureau of Investigation said in a memo seen by Reuters.
“The memo, distributed on Thursday, described the attacks as ‘a widespread problem that should be addressed.’ It said the breach affected the U.S. Army, Department of Energy, Department of Health and Human Services, and perhaps many more agencies.
“Investigators are still gathering information on the scope of the cyber campaign, which the authorities believe is continuing. The FBI document tells system administrators what to look for to determine if their systems are compromised.”
Determining what systems have been compromised is notable as the FBI doesn’t seem to have a handle on the scope of these intrusions, other than they’re massive.
Despite the earlier disclosures, “the majority of the intrusions have not yet been made publicly known,” the FBI wrote. “It is unknown exactly how many systems have been compromised, but it is a widespread problem that should be addressed.”
Some of these hacks, and the resulting data losses, have already been made public by people claiming to have inside knowledge of Anonymous’ actions. The intrusions are part of what the group calls “Operation Last Resort,” taken in response to prosecution of hackers, including the draconian treatment that had been sought for Aaron Swartz. A spokesperson for Adobe claims to have not seen the report, and blames any security issues with their software as stemming from the use of unpatched code.
This news prompted Tim Worstall to write in an article published on Forbes on Sunday that he found some poetic justice in Anonymous’ actions.
“…I have to admit that such actions seem fair enough to me: it’s not as if we’ve not heard rather a lot about how the NSA, an agency of the Federal Government, spies on us now, is it? And I’m rather a fan of two olde englishe ideas, the first being the rule of law and the second that no one, howsoever mighty they be, is above it.
“Sure, we need to have a government and that’s fine but they have to play by the same rules, written down in the same law books, as the rest of us do.”
Yup. That pretty much sums up what we’ve been trying to say since the passage of the Patriot Act.
Speaking of the NSA, on Sunday PCWorld published an interview with litigator Alex Lakatos, a partner with the law firm Mayer Brown. In the story’s lead, they came up with some pretty alarming figures on what the NSA’s actions will cost the U.S. tech sector in lost revenue.
“The agency’s actions stand to harm U.S.-based cloud service providers and their customers around the globe. Revelations about the NSA’s PRISM program could cost cloud computing companies $22 million to $35 million by 2016, according to an August estimate by the Information Technology & Innovation Foundation. Forrester predicted the losses could be much higher at $180 billion, or a 25 percent hit to overall revenues.”
Remember, those lost revenues mean lost jobs for those of us who work for a living.
Circumventing Safari costs Google $17 million
Oops! The folks at Google evidently suffered a momentary relapse and forgot their pledge to “don’t do evil.”
Reuters reported on Monday that the search company has agreed to pony-up $17 million in order to settle a claim by 37 states and the District of Colombia that it had secretly tracked users of smartphones by purposefully circumventing web browser protections. This was after the firm had already reached a $22 million settlement with the Federal Trade Commission in August of last year in a case related to the same activity.
“The Safari Web browser used on iPhones and iPads automatically blocks third-party cookies, but Google altered the computer code of its cookies and was able to circumvent the blocks between June 2011 and February 2012, according to the states’ allegations.”
The settlement comes after a nearly two year investigation by the states. Google, of course, is shelling out the bucks without admitting any wrongdoing.
Ubuntu dev says Mint not secure
If Steve Ballmer is looking for a job to replace the CEO gig he’s losing at Microsoft, we suggest he send his resume to Canonical. It’s starting to look like he might be a good fit there.
On Monday, Muktware reported that a Ubuntu web developer said he won’t do any online banking using Linux Mint because of that distro’s unsafe security precautions.
Newegg takes on patent troll in court
Thanks to some excellent reporting by Joe Mullin on Ars Technica, we’re getting some excellent play-by-play as Newegg squares off against patent troll TQP Development. The retailer Newegg has vowed not to settle with any trolls but to force them to duke it out in court. TQP Development is led by Erich Spangenberg, whom Mullin characterized on Monday as “one of the most controversial and successful figures in the patent-licensing business.”
From Mullin’s account posted Thursday on the trial’s beginning it looks as if Newegg might prevail in this case as TQP’s case appears convoluted to say the least. This despite the fact that others have given-in and paid huge amounts of money to license the patent in question.
“Target had a website; Target got sued by TQP. It got out of the case by paying $40,000.
“Some paid less than that—but most paid more.
“Dodge & Cox, a mutual fund, paid a bit more than $25,000. Pentagon Credit Union paid $65,000. QVC paid $75,000. MLB Advanced Media paid $85,000. PetSmart paid $150,000. PMC paid $400,000. Cigna paid $425,000. Bank of America paid $450,000. First National paid $450,000. Visa paid $500,000. Amazon, Newegg’s much larger competitor, paid $500,000. UPS paid $525,000.
“IBM paid $750,000. Allianz Insurance paid $950,000. Microsoft paid $1,000,000.”
According to TQP, anyone who combines the use of SSL with RC4, one of the most widely used encryption ciphers, is in violation of their patent.
Saying goodbye to Winamp
Well, it’s not FOSS but proprietary freeware. It also doesn’t run on Linux, just Windows, Mac and Android. However, many will remember that it was once absolutely the coolest way to play music on a PC. On Wednesday the Winamp folks announced they’ll be shutting down on December 20. We received the news via PCWorld:
“The announcement itself was a whimper—a small banner notification on the Winamp website—rather than a bang, and the end seems sadly appropriate. The skinnable media player was all the rage at the turn of the century, but barely made a peep since being acquired by AOL in 1999.”
But wait, maybe Winamp will get a reprieve, as we learned the very next day:
“But today Techcrunch has learned that AOL is talks with Microsoft to sell Winamp, along with Shoutcast, a media streaming service also developed by Nullsoft. We have also learned that AOL has been planning to announce the closure of Shoutcast next week.”
Hmmm… Winamp as a Microsoft product? That should destroy any nostalgic yearnings we might have had for the product.
That does it for this week. Until next time, may the FOSS be with you…
Re Mint. From what I have read, the Ubuntu dev was refering to LMDE, (Linux Mint Debian Edition) which, apparently, did not get the constantly updated Firefox. (I believe it was Firefox 17 which had the security fault, as the Tor network found out). This has not been sorted.
To put minds at rest, my Mint 15 has always received Firefox updates. So, I have no worries.
Cheers
Richard
p.s. Mint 16 RC works a treat.
SORRY. My typo. Should read
This has NOW been sorted.
I don’t want to start a flame war with Clem.
Richard
An amazing week in FOSS indeed. So let me get this straight…whoever uses SSH w/RC4 is in violation of this patent?…does this include home users who have their own little private network and are testing out various distros of Linux? because if so there’s like MILLIONS of people that fit that description! As for Google, I qwon’t even go into detail but I see them becoming more and more like the “Microsoft” for the next generation….constantly getting “caught” doing things they KNOW they’re not supposed to do….just liek the NSA…hmm….coincidence?..LOL! I mean the gov’t only NOW realizes that there’s been breaches, with back-doors no less?…who was minding the store?…where was their attention diverted to that they couldn’t see this? I guess its just typical U.S. gov’t practices, and lastly…i will definitely miss WinAmp…I used it from its inception right through to Windows XP! I had so many skins and customizations on that thing…that sometimes I couldn’t find the volume or shut-down button when I MOST needed to! (When the Network manager walked into the NOC…or the surprise visit from the CIO!) ahh…..fond memories indeed!