Thefts Rise with Price of Bitcoin

How secure are your bitcoins?  From Information Week:
That rise in value has driven hackers to attack online wallet services that store bitcoins. "Each of these companies had been operating officially for only a few months, yet already had entrusted to them millions of dollars that are now in the hands of cybercrooks," Paul Ducklin, head of technology for Sophos in the Asia Pacific region, said Tuesday in a blog post.
Malware writers have also taken a keen interest in bitcoins, with some -- especially Russian gangs -- modifying their crimeware tools to identify and steal any bitcoins found on infected PCs. "There are numerous malware families today that either perform Bitcoin mining or directly steal the contents of victims' Bitcoin wallets, or both," according to a blog post from Robert Lipovsky, a researcher at security firm ESET.

The World's Most Honest Apple Picker

From the UK Metro:
A pickpocket surprised his victim when he posted him a handwritten note of the 1,000 contacts on his stolen iPhone.  Zou Bin received the 11-page letter after sending a series of threatening texts demanding his Apple handset to be returned.
He was allegedly robbed after sharing a taxi with a man in the central province of Hunan in China, the Xinhua state news agency reported. ‘I know you are the man who sat beside me. I can assure you that I will find you,’ he wrote in the text message. ‘Look through the contact numbers in my mobile and you will know what trade I am in.  ‘Send me back the phone to the address below if you are sensible.’  Zou said he was ‘astonished’ when he received a package containing the note days later, although the thief did not return the stolen iPhone.

Bitcoin Passes $1000 Mark

From USA Today:
Happy Thanksgiving Bitcoin.  The value of the so-called cryptocurrency surged above $1,000 as it becomes easier to use as a way to pay and easier to access for investors looking for an alternative to gold.
One Bitcoin was briefly worth $1.073 on Wednesday, up from less than $100 earlier this year, according to Mt. Gox, which hosts and operates a popular Bitcoin trading platform. Later in the day it dropped back to $930.
"Bitcoin is just starting to break out into the mainstream," said Eric Tilenius, executive-in-residence at Scale Venture Partners, who has a small percentage of his investment portfolio in the digital currency.

Bitcoin Black Friday Shopping

The Bitcoin community is gearing up for a holiday shopping spree by hosting its own Black Friday event.

Hundreds of merchants will be joining "Bitcoin Friday" on Nov. 29, selling everything from Christmas trees to clothes, to web domains.

Bitcoin Friday deals include unlocked phones from GSM Nation and discounted plane tickets from OKCupid, which has been accepting bitcoins since April, will be participating as well.

Media outlets are jumping into the Bitcoin deals bandwagon too: GOOD Magazine is giving away $5 discounts for subscriptions and the Free Press is slashing shipping costs. Reddit is also offering a deal on "Reddit Gold."

Beware the NSA Botnet

From Tech Dirt:
Over the weekend, the Dutch media operation NRC published yet anhad infected 50,000 computer networks with malware. The only really new thing here is the number. We already knew the NSA's TAO (Tailored Access Operations) group was infecting computers around the globe using packet injection, via a system it calls "quantum injection", and that it's used these to install malware on key computers inside Belgacom, the Belgian telco giant. However, the latest report basically shows that the NSA has been able to compromise computers and networks in the same manner all around the globe . . .
other Ed Snowden slide, showing how the NSA

Bitcoin Gets Galactic Boost

From The Verge:
Richard Branson believes in Bitcoin, and he's putting his money where his mouth is. The billionaire CEO has announced that his commercial space startup Virgin Galactic will now accept payment from future astronauts in the virtual currency.
"Virgin Galactic is a company looking into the future, so is Bitcoin," Branson writes in a blog post on the Virgin site. "So it makes sense we would offer Bitcoin as a way to pay for your journey to space."

Google Exec: "Encrypt Everything!"

From The Verge:
Since revelations of the NSA's widespread data collection and monitoring earlier this year, Google has staunchly denied working with the government agency and has taken it to task on a number of occasions. After calling the NSA surveillance "outrageous" earlier this month, Google executive chairman Eric Schmidt has come out against the agency again in an interview with Bloomberg News. "The solution to government surveillance is to encrypt everything," Schmidt said in a speed at the Johns Hopkins University School of Advanced International Studies. "We can end government censorship in a decade."

The Surveillance Industry Index

Privacy International has released a Surveillance Industry Index.  From PI:
Privacy International is pleased to announce the Surveillance Industry Index,
the most comprehensive publicly available database on the private surveillance sector.
Over the last four years, Privacy International has been gathering information from various sources that details how the sector sells its technologies, what the technologies are capable of and in some cases, which governments a technology has been sold to. Through our collection of materials and brochures at surveillance trade shows around the world, and by incorporating certain information provided by Wikileaks and Omega Research Foundation, this collection of documents represents the largest single index on the private surveillance sector ever assembled. All told, there are 1,203 documents detailing 97 surveillance technologies contained within the database. The Index features 338 companies that develop these technologies in 36 countries around the world.
This research was conducted as part of our Big Brother Incorporated project, an investigation into the international surveillance trade that focuses on the sale of technologies by Western companies to repressive regimes intent on using them as tools of political control.
What we found, and what we are publishing, is downright scary . . .

Police Pay Cryptolocker Ransom

From The Herald News:
A computer virus that encrypts files and then demands that victims pay a “ransom” to decrypt those items recently hit the Swansea Police Department.
The department paid $750 for two Bitcoins — an online currency — to decrypt several images and word documents in its computer system, Swansea Police Lt. Gregory Ryan said.
“It was an education for (those who) had to deal with it,” Ryan said, adding that the virus did not affect the software program that the police department uses for police reports and booking photos. . . .

CryptoLocker, a new Windows ransomware virus sweeping across the country, hit the Swansea Police Department on Nov. 6. The virus encrypted several files that could only be decrypted through the purchase of Bitcoins, an unregulated digital currency, to pay for the special “decryption key.” A countdown clock appeared on a computer screen showing how much time the department had to buy the key before all the files were deleted.

Bitcoin Blows Past $600

From CNBC:
Bitcoin touched a fresh all-time high on Monday as the digital currency continued to gain favor with investors.  The virtual currency rose to just under $619 on Mt. Gox exchange Monday afternoon in Asia, up by over 25 percent from the same time on Sunday.
Its latest gains come as the potential for regulation hangs over the market. The U.S. Senate Committee on Homeland Security and Governmental Affairs (HSGAC) is set to begin a hearing at 3.00 p.m. Washington time on Monday. The event will bring representatives from different federal agencies and representatives from the bitcoin community to discuss virtual currencies.

Executive Computer Illiteracy a Threat to Consumer Data Security

Here's an interesting new study from Threat Track Security, a "blind survey of 200 security professionals dealing with malware analysis within U.S. enterprises."  From the release:
ThreatTrack Security today published a study that reveals mounting cybersecurity challenges within U.S. enterprises. Nearly 6 in 10 malware analysts reported they have investigated or addressed a data breach that was never disclosed by their company.

These results suggest that the data breach epidemic - totaling 621 confirmed data breaches in 2012, according to Verizon's 2013 Data Breach Investigations Report - may be significantly underreported, leaving enterprises' customers and data-sharing partners unaware of a wide array of potential security risks associated with the loss of personal or proprietary information. Moreover, the largest companies, those with more than 500 employees, are even more likely to have had an unreported breach, with 66% of malware analysts with enterprises of that size reporting undisclosed data breaches. 
Despite their gravity, the reasons behind these breaches are rather funny:
malware analysts revealed a device used by a member of their senior leadership team had become infected with malware due to executives:
  • Visiting a pornographic website (40%)
  • Clicking on a malicious link in a phishing email (56%)
  • Allowing a family member to use a company-owned device (45%)
  • Installing a malicious mobile app (33%)

Wikileaks Obtains Draft Text of TPP Copyright Agreement

From the Guardian:
WikiLeaks has released the draft text of a chapter of the Trans-Pacific Partnership (TPP) agreement, a multilateral free-trade treaty currently being negotiated in secret by 12 Pacific Rim nations.
The full agreement covers a number of areas, but the chapter published by WikiLeaks focuses on intellectual property rights, an area of law which has effects in areas as diverse as pharmaceuticals and civil liberties.
Negotiations for the TPP have included representatives from the United States, Canada, Australia, New Zealand, Japan, Mexico, Malaysia, Chile, Singapore, Peru, Vietnam, and Brunei, but have been conducted behind closed doors. Even members of the US Congress were only allowed to view selected portions of the documents under supervision.

HTTPS: Toward a Secure Internet

There seems to be strong consensus to increase the use of encryption on the Web, but there is less agreement about how to go about this. The most relevant proposals were: 
A. Opportunistic encryption for http:// URIs without server authentication -- a.k.a. "TLS Relaxed" as per draft-nottingham-http2-encryption.

B. Opportunistic encryption for http:// URIs with server authentication -- the same mechanism, but not "relaxed", along with some form of downgrade protection.

 C. HTTP/2 to only be used with https:// URIs on the "open" Internet. http:// URIs would continue to use HTTP/1 (and of course it would still be possible for older HTTP/1 clients to still interoperate with https:// URIs).

In subsequent discussion, there seems to be agreement that (C) is preferable to (B), since it is more straightforward; no new mechanism needs to be specified, and HSTS can be used for downgrade protection. (C) also has this advantage over (A), and furthermore provides stronger protection against active attacks. The strongest objections against (A) seemed to be about creating confusion about security and discouraging use of "full" TLS, whereas those against (C) were about limiting deployment of better security.

Keen observers have noted that we can deploy (C) and judge adoption of the new protocol, later adding (A) if neccessary. The reverse is not necessarily true.

Shielding Yourself from Prying Eyes and Algorithms on Google, Facebook and Twitter

A quick how-to on shielding yourself from online tracking by Google, Facebook and Twitter, from Mashable:
Many sites, apps and browsers are using your information in ways you might not entirely comply with if you'd take the time to read their privacy policies. Often, opting out is only a click away, though it may be difficult to find out where exactly to click. We've compiled this list of ways various Internet companies are tracking and using your data — plus, given you the tools to opt out, if you wish . . .

Sunday US Mail Delivery for Amazon

From the Washington Post:
Amazon is teaming up with the U.S. Postal Service to deliver packages on Sundays.  The Seattle company says Sunday delivery will be available this week to customers in the New York and Los Angeles metropolitan areas. Amazon and the Postal Service plan to roll out service to “a large portion of the U.S. population” next year, including the cities of Dallas, Houston, New Orleans, and Phoenix.
Mail on Sunday?!

Online Learning: Three Free Intro to PHP Video Lecture Series

Learning your first programming language, or jumping in to a completely new programming language, can seem like a daunting task.  Where does one even begin?  The first step, of course, is to see what materials are freely available online.  There are a plethora of sites like Code Academy and Tutorials Point which offer text-based coding tutorials for free, but these can only take one so far, and may not provide answers to seemingly obvious questions a beginner may have.  In addition, there are many people whose learning style simply does not jive with a purely text-based format.  Fortunately, there is no lack of free online video series.  But even then the same question arises, where does one even begin, given the sheer quantity of such video lectures and tutorials?  In this post, we'll take a look at three free online video series devoted to beginning PHP programming . . . 

Harvard CS 75: Building Dynamic Websites
This course is from Harvard University's Computer Science curriculum, and provides all course materials for free online, including video of all lectures and discussion sections.  From the course description:
This course teaches students how to build dynamic websites with Ajax and with Linux, Apache, MySQL, and PHP (LAMP), one of today's most popular frameworks. Students learn how to set up domain names with DNS, how to structure pages with XHTML and CSS, how to program in JavaScript and PHP, how to configure Apache and MySQL, how to design and query databases with SQL, how to use Ajax with both XML and JSON, and how to build mashups. The course discusses issues of security, scalability, and cross-browser support and also discusses enterprise-level deployments of websites, including third-party hosting, virtualization, colocation in data centers, firewalling, and load-balancing. 
The list of lectures can be found here.  Ironically, the course video lectures do not always load properly in Firefox or Safari, but there appear to be few problems when using Chrome.  

Carl Herold's Live Stream Programming Sessions
Carl Herold is the operator of Computer Science for Everyone, which provides programming lessons and tutorials on the C programming language with a beginner audience in mind.  On his Youtube Channel, however, Carl provides video from two different series of live programming sessions where he builds a PHP-based web app from scratch using a Model-View-Controller type framework.  These video tutorials demystify numerous aspects of the programming process that may confuse the beginner.  Afterwards, you may find yourself wondering what you found so confusing to begin with.  This is the first video from a four part series on Building a PHP MVC Web Application Framework:

See also his related video series, LiveStream Startup, in which he programs "a real-world web application from scratch" in real time.

Eli the Computer Guy's PHP Programming Video Lectures
While the Harvard course and Carl Herold's live streams mentioned above provide an overview of the web app programming process – and thus touch upon XML, MYSQL, and so on –, Eli the Computer Guy's series of videos on PHP programming is much more targeted toward the nitty gritty of beginning programming in PHP itself.  This 11 part series covers basic syntax, form handling, flow control, and redirection.  His site also offers introductory video tutorials on a variety of other tech topics, from computer repair to networking and data security.  Well worth a view. 

NYT Endorses Secret Economic and Political Treaty

From the EFF:
The New York Times' editorial board has made a disappointing endorsement of the Trans-Pacific Partnership (TPP), even as the actual text of the agreement remains secret. That raises two distressing possibilities: either in an act of extraordinary subservience, the Times has endorsed an agreement that neither the public nor its editors have the ability to read. Or, in an act of extraordinary cowardice, it has obtained a copy of the secret text and hasn't yet fulfilled its duty to the public interest to publish it.

Without a publicly available agreement, readers are forced into the uncomfortable position of taking official government statements at face value. That's reflected in the endorsement, which fails to note the myriad ways in which TPP has been negotiated undemocratically, shutting out public oversight while permitting corporate interests to drive the agenda. Given these glaring issues, it is disconcerting that the Times would take such a supportive stance on an agreement that is likely to threaten innovation and users' digital rights well into the 21st century. DDoS Tools Spread Online

From Ars Technica:
Researchers have uncovered software available on the Internet designed to overload the struggling website with more traffic than it can handle.
"ObamaCare is an affront to the Constitutional rights of the people," a screenshot from the tool, which was acquired by researchers at Arbor Networks, declares. "We HAVE the right to CIVIL disobedience!"
In a blog post published Thursday, Arbor researcher Marc Eisenbarth said there's no evidence has been subjected to any significant denial-of-service attacks since going live last month.

Los Angeles Plans Ambitious Broadband Project

Is the internet a utility? From Ars Technica:
Los Angeles is about to unleash one of the most ambitious city-led broadband projects to date, with the goal of bringing fiber to all of its 3.5 million residents and all businesses.
Next month, the city plans to issue an RFP (request for proposals) "that would require fiber to be run to every residence, every business, and every government entity within the city limits of Los Angeles," Los Angeles Information Technology Agency GM Steve Reneker told Ars today. The City Council this morning unanimously voted to move forward with drafting the RFP and will vote again in a few weeks to determine whether it's ready for release, he said.

Lavabit's Darkmail Kickstarter Campaign

From Kickstarter:
The goal is to cleanup and release the source code that was used to power Lavabit as a f/oss project with support for dark mail added.  There is an audible pause in our analog lives; a preverbal squelch on the digital line that defines the very privacy everyone expects, but is rarely guaranteed.
That audible pause, that digital squelch carries with it a subtle promise that someone is reading, or listening, or cataloging and (ab)using every footprint we each press into the digital landscape. No one can guarantee that a third-party is or is not eavesdropping on a series of communications, but Dark Mail can guarantee that when a third-party does gain access, or demands access, the privacy users rightfully deserve is maintained without fail.
The Summer of Snowden may have taken the Lavabit email service offline, but the lifeblood of the service is still alive and relevant to Dark Mail. The goal is to perfect and release its source code as a free and open-source software (F/OSS) project. The "magma" daemon supports access via SMTP, POP3, IMAP4 and HTTP. Magma can be clustered and transparently encrypts user data before storing it on disk. It includes a Javascript webmail system that uses a JSON-based API to provide secure mail access via the web.
Along with preserving existing functionality, the team will build in support for the Dark Mail protocol. Dark Mail, a newly developed messaging protocol, is designed to provide end-to-end encryption of both the message itself and the email in transit. Because encryption will be integrated into the protocol itself, it will be invisible to the user. Dark Mail users will get the security of PGP without the cognitive burden; if someone can use email today they will be able to use Dark Mail tomorrow.
The project will also include building, and releasing as F/OSS, the first Dark Mail compatible clients. We are planning to launch with clients for the desktop (Win, Mac, Lin), smartphones and tablets (iOS, Android).  Provide the funding and you'll get access to the source code and binaries before the general public. Be one of the first service providers to support the new Dark Mail protocol!

Has the Fight for Net Neutrality Already Been Lost?

The corporations already own the parties, and the parties own the courts.  From Wired:
Net neutrality is a dead man walking. The execution date isn’t set, but it could be days, or months (at best). And since net neutrality is the principle forbidding huge telecommunications companies from treating users, websites, or apps differently — say, by letting some work better than others over their pipes — the dead man walking isn’t some abstract or far-removed principle just for wonks: It affects the internet as we all know it.
Once upon a time, companies like AT&T, Comcast, Verizon, and others declared a war on the internet’s foundational principle: that its networks should be “neutral” and users don’t need anyone’s permission to invent, create, communicate, broadcast, or share online. The neutral and level playing field provided by permissionless innovation has empowered all of us with the freedom to express ourselves and innovate online without having to seek the permission of a remote telecom executive.
But today, that freedom won’t survive much longer if a federal court — the second most powerful court in the nation behind the Supreme Court, the DC Circuit — is set to strike down the nation’s net neutrality law, a rule adopted by the Federal Communications Commission in 2010.

iGoogle Goes the Way of Reader

From The Next Web:
RIP another Google service: iGoogle, the company’s personalized Web portal product, finally bit the dust today, some eight months after its shutdown was announced.
iGoogle has slipped into the darkness quietly: there’s no final blog post marking its demise and the URL for the service — — now navigates directly to Google’s regular search page.
While it wasn’t as successful or well-used as Google Reader, the RSS service that went offline in July, iGoogle was popular with some who appreciated the ability to customize the Google search page with news feeds, games, widgets and other information that was easy to glance at and digest over the course of a day.