Slashdot Mirror

nk497 writes "Microsoft's newly revamped search tool Bing has already overtaken Yahoo in the US and globally, according to StatsCounter. The net traffic watcher said Bing has topped Yahoo 16.28% to 10.22% in the US, and 5.62% to 5.13% globally. Though the firm noted Bing's popularity may drop off after the excitement wears off, the firm also said: 'Steve Ballmer is quoted as saying that he wanted Microsoft to become the second biggest search engine within five years. Following the breakdown in talks to acquire Yahoo at a cost of $40 billion it looks as if he may have just achieved that with Bing much sooner and a lot cheaper than anticipated.' Google, of course, still leads by a considerable margin."

nk497 writes "The release candidate for Microsoft Windows 7 will expire June 2010, and the software giant will let users know they need to pay to upgrade by shutting down the system every two hours for three months. According to Microsoft: "The RC will expire on June 1, 2010. Starting on March 1, 2010, your PC will begin shutting down every two hours. Windows will notify you two weeks before the bi-hourly shutdowns start. To avoid interruption, you'll need to install a non-expired version of Windows before March 1, 2010. You'll also need to install the programs and data that you want to use.""

nk497 writes "The release candidate for Microsoft Windows 7 will expire June 2010, and the software giant will let users know they need to pay to upgrade by shutting down the system every two hours for three months. According to Microsoft: "The RC will expire on June 1, 2010. Starting on March 1, 2010, your PC will begin shutting down every two hours. Windows will notify you two weeks before the bi-hourly shutdowns start. To avoid interruption, you'll need to install a non-expired version of Windows before March 1, 2010. You'll also need to install the programs and data that you want to use.""

nk497 writes "The UK government has further detailed plans to track all communications — mobile phone calls, text messages, email and browser sessions — in the fight against terrorism, pedophiles and organized crime. The government said it's not looking to see what you're saying, just to whom and when and how. Contrary to previous plans to keep it all in a massive database, it will now let ISPs and telecoms firms store the data themselves, and access it when it feels it needs it." And to clarify this, Barence writes "The UK Government has dropped plans to create a massive database of all internet communications, following stern criticism from privacy advocates. Instead the Government wants ISPs and mobile phone companies to retain details of mobile phone calls, emails and internet sites visited. As with the original scheme, the actual content of the phone calls and messages won't be recorded, just the dates, duration and location/IP address of messages sent. The security services would then have to apply to the ISP or telecoms company to have the data released. The new proposals would also require ISPs to retain details of communications that originated in other countries but passed over the UK's network, such as instant messages."

nk497 writes "The UK government has further detailed plans to track all communications — mobile phone calls, text messages, email and browser sessions — in the fight against terrorism, pedophiles and organized crime. The government said it's not looking to see what you're saying, just to whom and when and how. Contrary to previous plans to keep it all in a massive database, it will now let ISPs and telecoms firms store the data themselves, and access it when it feels it needs it." And to clarify this, Barence writes "The UK Government has dropped plans to create a massive database of all internet communications, following stern criticism from privacy advocates. Instead the Government wants ISPs and mobile phone companies to retain details of mobile phone calls, emails and internet sites visited. As with the original scheme, the actual content of the phone calls and messages won't be recorded, just the dates, duration and location/IP address of messages sent. The security services would then have to apply to the ISP or telecoms company to have the data released. The new proposals would also require ISPs to retain details of communications that originated in other countries but passed over the UK's network, such as instant messages."

nk497 writes "Conficker seems to finally be doing something, a week after hype around the worm peaked on April Fool's Day. It has now downloaded components from the Waledac botnet, which could contain rootkit capabilities. Trend Micro security expert Rik Ferguson said: 'These components have so far been missing, but could this finally be the "other boot dropping" that we have all been been waiting for?' Ferguson also suggested that people behind Conficker could be the very same who are running Waledac and created the Storm botnet. 'It tallies with some of the assumptions people have made about Conficker — that the first variant was actively trying to avoid the Ukraine because Waledac was Eastern European,' Ferguson added."

nk497 writes "Conficker seems to finally be doing something, a week after hype around the worm peaked on April Fool's Day. It has now downloaded components from the Waledac botnet, which could contain rootkit capabilities. Trend Micro security expert Rik Ferguson said: 'These components have so far been missing, but could this finally be the "other boot dropping" that we have all been been waiting for?' Ferguson also suggested that people behind Conficker could be the very same who are running Waledac and created the Storm botnet. 'It tallies with some of the assumptions people have made about Conficker — that the first variant was actively trying to avoid the Ukraine because Waledac was Eastern European,' Ferguson added."

nk497 writes "Microsoft is warning that malware writers have adapted a four-year-old virus to use features of Conficker to take advantage of Windows flaws. Other similarities between the adapted Neeris worm and Conficker are that it downloads a copy of the worm from the attacking machine using HTTP, spreads via autorun, and uses a driver to patch the TCP/IP layer of the system. It even saw a traffic jump around the first of April, when the Conficker hype peaked. But the Microsoft researchers suggested Conficker may have copied Neeris, or that they're copying each other: 'It is possible that these miscreants somehow collaborate or at least are aware of each other's "products."'"

nk497 writes "Microsoft is warning that malware writers have adapted a four-year-old virus to use features of Conficker to take advantage of Windows flaws. Other similarities between the adapted Neeris worm and Conficker are that it downloads a copy of the worm from the attacking machine using HTTP, spreads via autorun, and uses a driver to patch the TCP/IP layer of the system. It even saw a traffic jump around the first of April, when the Conficker hype peaked. But the Microsoft researchers suggested Conficker may have copied Neeris, or that they're copying each other: 'It is possible that these miscreants somehow collaborate or at least are aware of each other's "products."'"

nk497 writes "Microsoft is warning that malware writers have adapted a four-year-old virus to use features of Conficker to take advantage of Windows flaws. Other similarities between the adapted Neeris worm and Conficker are that it downloads a copy of the worm from the attacking machine using HTTP, spreads via autorun, and uses a driver to patch the TCP/IP layer of the system. It even saw a traffic jump around the first of April, when the Conficker hype peaked. But the Microsoft researchers suggested Conficker may have copied Neeris, or that they're copying each other: 'It is possible that these miscreants somehow collaborate or at least are aware of each other's "products."'"

SkiifGeek writes "With Adobe's patch for the JBIG2Decode vulnerability due in a few days time, new methods to target the vulnerability have been discovered that make it far riskier than previously thought. Didier Stevens recently showed the world how it is possible to exploit the vulnerability without the user actually opening an affected file, and now he has discovered a way that allows for completely automated exploitation that results in anything up to a Local System account without any user interaction at all and only relies upon basic Windows components and Acrobat Reader elements. There are some mitigating factors that limit the overall risk of this new discovery, but it does also highlight that merely uninstalling the Reader will not protect you from exploitation and does raise the possibility that other tools will access the vulnerable components and thus be vectors for attack." However, the fix is now in: nk497 writes "Adobe had finally released a fix for a PDF vulnerability discovered — and already exploited — last month. The update only applies to the most recent versions of Reader and Acrobat, with early versions and Unix editions not fixed until later this month. Adobe has taken its time with the patch, despite an independent security researcher releasing her own fix just days after the flaw was announced."

SkiifGeek writes "With Adobe's patch for the JBIG2Decode vulnerability due in a few days time, new methods to target the vulnerability have been discovered that make it far riskier than previously thought. Didier Stevens recently showed the world how it is possible to exploit the vulnerability without the user actually opening an affected file, and now he has discovered a way that allows for completely automated exploitation that results in anything up to a Local System account without any user interaction at all and only relies upon basic Windows components and Acrobat Reader elements. There are some mitigating factors that limit the overall risk of this new discovery, but it does also highlight that merely uninstalling the Reader will not protect you from exploitation and does raise the possibility that other tools will access the vulnerable components and thus be vectors for attack." However, the fix is now in: nk497 writes "Adobe had finally released a fix for a PDF vulnerability discovered — and already exploited — last month. The update only applies to the most recent versions of Reader and Acrobat, with early versions and Unix editions not fixed until later this month. Adobe has taken its time with the patch, despite an independent security researcher releasing her own fix just days after the flaw was announced."

SkiifGeek writes "With Adobe's patch for the JBIG2Decode vulnerability due in a few days time, new methods to target the vulnerability have been discovered that make it far riskier than previously thought. Didier Stevens recently showed the world how it is possible to exploit the vulnerability without the user actually opening an affected file, and now he has discovered a way that allows for completely automated exploitation that results in anything up to a Local System account without any user interaction at all and only relies upon basic Windows components and Acrobat Reader elements. There are some mitigating factors that limit the overall risk of this new discovery, but it does also highlight that merely uninstalling the Reader will not protect you from exploitation and does raise the possibility that other tools will access the vulnerable components and thus be vectors for attack." However, the fix is now in: nk497 writes "Adobe had finally released a fix for a PDF vulnerability discovered — and already exploited — last month. The update only applies to the most recent versions of Reader and Acrobat, with early versions and Unix editions not fixed until later this month. Adobe has taken its time with the patch, despite an independent security researcher releasing her own fix just days after the flaw was announced."

magacious writes "March 10 is the 133rd anniversary of the first telephone call. It occurred between Alexander Graham Bell and his assistant Thomas Watson back on this day in 1876. But there is some debate about whether Bell is actually the rightful owner of the crown for such invention. Having worked on the idea of transmitting speech using electricity for some time, Bell filed his patent on 14 February 1876, either just before or just after his main rival for the title of inventor of the telephone, Elisha Gray, filed his own. Bell won the patent and Gray died in obscurity."

magacious writes "March 10 is the 133rd anniversary of the first telephone call. It occurred between Alexander Graham Bell and his assistant Thomas Watson back on this day in 1876. But there is some debate about whether Bell is actually the rightful owner of the crown for such invention. Having worked on the idea of transmitting speech using electricity for some time, Bell filed his patent on 14 February 1876, either just before or just after his main rival for the title of inventor of the telephone, Elisha Gray, filed his own. Bell won the patent and Gray died in obscurity."

nk497 writes "The release of the beta for the next version of Apple's Safari browser last week helped drive Apple's market share above ten per cent. The Safari beta has gained users at a rate of about 0.5 per cent a day since its release, topping one per cent by day four. For comparison, Microsoft's beta of IE took six months to hit one percent, Chrome needed almost a month, and Firefox 3 took a week."

nk497 writes "The release of the beta for the next version of Apple's Safari browser last week helped drive Apple's market share above ten per cent. The Safari beta has gained users at a rate of about 0.5 per cent a day since its release, topping one per cent by day four. For comparison, Microsoft's beta of IE took six months to hit one percent, Chrome needed almost a month, and Firefox 3 took a week."

nk497 writes "The release of the beta for the next version of Apple's Safari browser last week helped drive Apple's market share above ten per cent. The Safari beta has gained users at a rate of about 0.5 per cent a day since its release, topping one per cent by day four. For comparison, Microsoft's beta of IE took six months to hit one percent, Chrome needed almost a month, and Firefox 3 took a week."

magacious writes "Friday marked a year to the day since Microsoft launched Windows Server 2008, but did it have quite the impact the so-called software giant expected, or did it make more of a little squeak than a big bang? Before its arrival on 27 February 2008, it had been five long years since the release of the last major version of Windows Server. In a world that was moving on from simple client/server applications, and with server clouds on the horizon, Windows Server 2003 was looking long in the tooth. After a year of 'Vista' bashing, Microsoft needed its server project to be well received, just to relieve some pressure. After all, this time last year, the panacea of a well-received Windows 7 was still a long way off. So came the new approach: Windows Server 2008."

magacious writes "Friday marked a year to the day since Microsoft launched Windows Server 2008, but did it have quite the impact the so-called software giant expected, or did it make more of a little squeak than a big bang? Before its arrival on 27 February 2008, it had been five long years since the release of the last major version of Windows Server. In a world that was moving on from simple client/server applications, and with server clouds on the horizon, Windows Server 2003 was looking long in the tooth. After a year of 'Vista' bashing, Microsoft needed its server project to be well received, just to relieve some pressure. After all, this time last year, the panacea of a well-received Windows 7 was still a long way off. So came the new approach: Windows Server 2008."

nk497 writes "The UK justice secretary Jack Straw has been criticised for using Hotmail as his official government email account after he apparently fell foul of a Nigerian spammer in a phishing attack. A security researcher said using such an account not only left the government in security trouble, but meant any emails sent could not be necessarily accessed via the Freedom of Information Act."

nk497 writes "The UK justice secretary Jack Straw has been criticised for using Hotmail as his official government email account after he apparently fell foul of a Nigerian spammer in a phishing attack. A security researcher said using such an account not only left the government in security trouble, but meant any emails sent could not be necessarily accessed via the Freedom of Information Act."

nk497 writes "Virtualisation firm VMware has demonstrated its new mobile virtualisation platform, which allows two operating systems to be used at the same time on a single device. On stage at its European conference, VMware reps used a touchscreen Nokia N800 — more of a tablet computer than a phone — with a prototype of its hypervisor to boot and run both Windows CE and Google's Android, at the same time. The firm has yet to announce when such tech will be found in phones."

nk497 writes "Virtualisation firm VMware has demonstrated its new mobile virtualisation platform, which allows two operating systems to be used at the same time on a single device. On stage at its European conference, VMware reps used a touchscreen Nokia N800 — more of a tablet computer than a phone — with a prototype of its hypervisor to boot and run both Windows CE and Google's Android, at the same time. The firm has yet to announce when such tech will be found in phones."

nk497 writes "Virtualisation firm VMware has demonstrated its new mobile virtualisation platform, which allows two operating systems to be used at the same time on a single device. On stage at its European conference, VMware reps used a touchscreen Nokia N800 — more of a tablet computer than a phone — with a prototype of its hypervisor to boot and run both Windows CE and Google's Android, at the same time. The firm has yet to announce when such tech will be found in phones."

Frequent Slashdot contributor Bennett Haselton writes "What if the IWF notified site owners when it added their content to the UK's national 'child pornography' blacklist? Besides the blocking of the Virgin Killer cover art on Wikipedia, we don't know how many mistakes there might be on the IWF's list. But we would have a better idea, if content owners were notified of the IWF's determination and had the opportunity to challenge it publicly." Read on for Bennett's analysis.
The chief executive of the Internet Watch Foundation, which maintains a list of sites allegedly containing child pornography which are then blocked by most U.K. Internet providers, recently declared that the organization had erred in blocking the Virgin Killer poster art on Wikipedia. But Peter Robbins also called it "one mistake in twelve years" and said that "[t]here are a lot of very credible people on our board, and we want to give assurance that there is independent oversight on what we do." The issue of "oversight" raises a question that I don't think received enough attention during the Wikipedia block controversy: Why doesn't the IWF notify domain owners or hosting companies when it blocks their content?

If an image is a borderline case, such as the album cover that was hosted on Wikipedia, then IWF could notify the hosting company that they had determined that the image could be illegal under U.K. law. If the host — in this case, Wikipedia — disagreed, they could provide arguments to the contrary and possibly change the IWF's mind, which is what in fact happened once Wikipedia users eventually found out about the block anyway. On the other hand, if the image is very obviously illegal, then a notification to the hosting company might persuade them to take the image down. In that case, any argument against notifying hosting companies has to be weighed against the obvious good that would be done by removing the image from that location on the Web.

I sent this question to the IWF, which must get this inquiry a lot, since they replied with a form letter which stated in part:

Contacting international hosts of such content directly may undermine a police investigation, is contrary to our remit and is contrary to INHOPE best practice.

Well, saying that it is contrary to their remit or to INHOPE best practices, obviously just begs the question of why it is contrary to those "best practices"; I replied to ask that question but didn't receive a response, and INHOPE did not respond when I sent them the same question. So consider the only substantive reason given in the IWF's response, which is that notifying the host "may undermine a police investigation." This could hypothetically be true in some cases — if police are preparing to move in on a suspected child pornographer, but he finds out that his ISP has removed content from his account after a notification from the IWF, he might know that he's about to be caught, and delete any incriminating pictures from his hard drive.

But this reason makes no sense in the case of images such as the cover art on Wikipedia, where the content has been generally available in the host country for a long time, and the original content producers are publicly known and wouldn't be able to run for cover even if the local government did declare the image illegal. It also would not apply in a wide range of other situations where the creator of the content is known and admits to creating it. Consider the case of Dr. Marcus Phillips, who was convicted of producing child pornography after he was hired by the parents of two girls, age 10 and 12, to take semi-nude photos of the girls (with the parents present) that could be digitally manipulated and super-imposed to produce "fairy art." Suppose Dr. Phillips had posted his photos in a portfolio online. In cases where the person posting the content admits that they took the photos themselves, and the subjects of the photos are identifiable people with a connection to the photographer, then consider the two possibilities: either (1) The images are such that the police and the courts will ultimately determine that they are child pornography. In this case, you might as well notify the user and their hosting company that the images are being blocked by the IWF, because even if this "tips off" the guilty user, they won't be able to destroy the evidence by erasing their hard drive, because the existence of the image is enough to incriminate them. Or, (2) The police and courts decide that the images do not constitute child pornography, in which case they should not have been blocked at all. In either situation, there's no rationale for the IWF to block the content without notifying the content owners. So why wouldn't the IWF notify the hosts in such cases — when the content creator is generally known, and admits to creating the content, and simply doesn't believe that it constitutes child pornography?

The elephant in the room is the obvious motivation that the IWF has for not notifying people when it blocks their sites: The IWF may be over-blocking such content, and doesn't want irate parties to complain when they find out that the IWF has mis-categorized their content as "child pornography." If several people came forward to say that the IWF had blocked, for example, their photographs of nudist children (which are not illegal), then it might undermine support for the IWF blacklisting system and for their mission in general. So by not telling people that their URLs are blocked, they minimize the number of people who find out and complain.

Perhaps the IWF does not over-block a lot of content, but the point is that we don't know. When Peter Robbins says the Wikipedia over-block amounted to "one mistake in twelve years," and adds, "Nobody in the years that we have been operating had any real reason to complain," there is no way of knowing if those statements are true, because any other mistakes made by the IWF are unlikely to have been brought to light, for two reasons. First, if a site or an image is blocked, most users are not going to realize what happened, since to them it simply appears that the remote server is not responding. Second, even if a user realizes that an image is blocked and the user knows that the image does not constitute child pornography, they may still be embarrassed to come forward and complain that they were visiting, say, a site full of nudist child photos or a porn site featuring adult models pretending to be mid-teen Japanese schoolgirls, and their favorite picture was blocked. The Wikipedia incident was probably a once-in-a-decade perfect storm of factors that led to the IWF having to retract a decision:

• Wikipedia was popular enough that people quickly noticed the blocked content.
• Wikipedia had the halo of legitimacy accorded to a popular research site; nobody had to feel dirty for admitting that they had been browsing it.
• The image in question had been commercially available for a long time, and nobody had been arrested for selling or possessing it.
• The image had a credible claim to artistic merit. Strictly speaking, "artistic merit" is not a defense against child pornography charges, but there is no unambiguous definition that can be used to determine if a given picture constitutes child pornography, and in a borderline case, a judge would probably be influenced by the fact that the photo was used as cover art for a "serious" album, and not seized from a darkroom in some creep's basement.

That last factor brings up a final irony: that the IWF, in labeling the Virgin Killer cover art as "child pornography," may have just been applying an objective standard that many people might not have disagreed with, if it hadn't been for the fact that the image was used as cover art for a rock album. Suppose you read a news article about a man who was arrested for possession of child pornography, and you happened to see a sample of the images (never mind how) that he was arrested for. And suppose the Virgin Killer album cover photo were been mixed in with those images. Would it have jumped out at you as an obvious case of over-reaching by the police? Would you speak out publicly, saying that even the guy should be prosecuted for the other images, he shouldn't be prosecuted for that one? (Again, ignoring the issue of how you happened to be looking at the photos in the first place, and assuming you couldn't get in trouble for that!) I doubt that I would have the nerve. By defending Wikipedia for hosting the same image, I'm guilty of a double standard. But would the IWF have agreed to un-block the image, if it hadn't been the cover art of an album, but instead had just been a grainy photo stuck in a sub-directory of someone's home page that they never intended to be made public? If not, then the IWF is guilty of a double standard too.

So not only do we not know how many mistakes are on the IWF's blacklist, it may be hard even to agree on an objective definition of a "mistake." But at least in cases where the content creator has already identified themselves — such as a public image on Wikipedia, or an image in a photographer's online portfolio — the IWF should notify people when it blocks their content. That would at least bring to light the cases where the content creator disagrees with the IWF's determination that their content constitutes child pornography. In some cases, such as the Wikipedia controversy, people would side with the content providers. In other cases, they wouldn't. But there's no reason to assume, as the IWF does when saying that Wikipedia represented "one mistake in twelve years," that in 100% of such cases, the courts and the police would side with the IWF's judgment.

Frequent Slashdot contributor Bennett Haselton writes "What if the IWF notified site owners when it added their content to the UK's national 'child pornography' blacklist? Besides the blocking of the Virgin Killer cover art on Wikipedia, we don't know how many mistakes there might be on the IWF's list. But we would have a better idea, if content owners were notified of the IWF's determination and had the opportunity to challenge it publicly." Read on for Bennett's analysis.
The chief executive of the Internet Watch Foundation, which maintains a list of sites allegedly containing child pornography which are then blocked by most U.K. Internet providers, recently declared that the organization had erred in blocking the Virgin Killer poster art on Wikipedia. But Peter Robbins also called it "one mistake in twelve years" and said that "[t]here are a lot of very credible people on our board, and we want to give assurance that there is independent oversight on what we do." The issue of "oversight" raises a question that I don't think received enough attention during the Wikipedia block controversy: Why doesn't the IWF notify domain owners or hosting companies when it blocks their content?

If an image is a borderline case, such as the album cover that was hosted on Wikipedia, then IWF could notify the hosting company that they had determined that the image could be illegal under U.K. law. If the host — in this case, Wikipedia — disagreed, they could provide arguments to the contrary and possibly change the IWF's mind, which is what in fact happened once Wikipedia users eventually found out about the block anyway. On the other hand, if the image is very obviously illegal, then a notification to the hosting company might persuade them to take the image down. In that case, any argument against notifying hosting companies has to be weighed against the obvious good that would be done by removing the image from that location on the Web.

I sent this question to the IWF, which must get this inquiry a lot, since they replied with a form letter which stated in part:

Contacting international hosts of such content directly may undermine a police investigation, is contrary to our remit and is contrary to INHOPE best practice.

Well, saying that it is contrary to their remit or to INHOPE best practices, obviously just begs the question of why it is contrary to those "best practices"; I replied to ask that question but didn't receive a response, and INHOPE did not respond when I sent them the same question. So consider the only substantive reason given in the IWF's response, which is that notifying the host "may undermine a police investigation." This could hypothetically be true in some cases — if police are preparing to move in on a suspected child pornographer, but he finds out that his ISP has removed content from his account after a notification from the IWF, he might know that he's about to be caught, and delete any incriminating pictures from his hard drive.

But this reason makes no sense in the case of images such as the cover art on Wikipedia, where the content has been generally available in the host country for a long time, and the original content producers are publicly known and wouldn't be able to run for cover even if the local government did declare the image illegal. It also would not apply in a wide range of other situations where the creator of the content is known and admits to creating it. Consider the case of Dr. Marcus Phillips, who was convicted of producing child pornography after he was hired by the parents of two girls, age 10 and 12, to take semi-nude photos of the girls (with the parents present) that could be digitally manipulated and super-imposed to produce "fairy art." Suppose Dr. Phillips had posted his photos in a portfolio online. In cases where the person posting the content admits that they took the photos themselves, and the subjects of the photos are identifiable people with a connection to the photographer, then consider the two possibilities: either (1) The images are such that the police and the courts will ultimately determine that they are child pornography. In this case, you might as well notify the user and their hosting company that the images are being blocked by the IWF, because even if this "tips off" the guilty user, they won't be able to destroy the evidence by erasing their hard drive, because the existence of the image is enough to incriminate them. Or, (2) The police and courts decide that the images do not constitute child pornography, in which case they should not have been blocked at all. In either situation, there's no rationale for the IWF to block the content without notifying the content owners. So why wouldn't the IWF notify the hosts in such cases — when the content creator is generally known, and admits to creating the content, and simply doesn't believe that it constitutes child pornography?

The elephant in the room is the obvious motivation that the IWF has for not notifying people when it blocks their sites: The IWF may be over-blocking such content, and doesn't want irate parties to complain when they find out that the IWF has mis-categorized their content as "child pornography." If several people came forward to say that the IWF had blocked, for example, their photographs of nudist children (which are not illegal), then it might undermine support for the IWF blacklisting system and for their mission in general. So by not telling people that their URLs are blocked, they minimize the number of people who find out and complain.

Perhaps the IWF does not over-block a lot of content, but the point is that we don't know. When Peter Robbins says the Wikipedia over-block amounted to "one mistake in twelve years," and adds, "Nobody in the years that we have been operating had any real reason to complain," there is no way of knowing if those statements are true, because any other mistakes made by the IWF are unlikely to have been brought to light, for two reasons. First, if a site or an image is blocked, most users are not going to realize what happened, since to them it simply appears that the remote server is not responding. Second, even if a user realizes that an image is blocked and the user knows that the image does not constitute child pornography, they may still be embarrassed to come forward and complain that they were visiting, say, a site full of nudist child photos or a porn site featuring adult models pretending to be mid-teen Japanese schoolgirls, and their favorite picture was blocked. The Wikipedia incident was probably a once-in-a-decade perfect storm of factors that led to the IWF having to retract a decision:

• Wikipedia was popular enough that people quickly noticed the blocked content.
• Wikipedia had the halo of legitimacy accorded to a popular research site; nobody had to feel dirty for admitting that they had been browsing it.
• The image in question had been commercially available for a long time, and nobody had been arrested for selling or possessing it.
• The image had a credible claim to artistic merit. Strictly speaking, "artistic merit" is not a defense against child pornography charges, but there is no unambiguous definition that can be used to determine if a given picture constitutes child pornography, and in a borderline case, a judge would probably be influenced by the fact that the photo was used as cover art for a "serious" album, and not seized from a darkroom in some creep's basement.

That last factor brings up a final irony: that the IWF, in labeling the Virgin Killer cover art as "child pornography," may have just been applying an objective standard that many people might not have disagreed with, if it hadn't been for the fact that the image was used as cover art for a rock album. Suppose you read a news article about a man who was arrested for possession of child pornography, and you happened to see a sample of the images (never mind how) that he was arrested for. And suppose the Virgin Killer album cover photo were been mixed in with those images. Would it have jumped out at you as an obvious case of over-reaching by the police? Would you speak out publicly, saying that even the guy should be prosecuted for the other images, he shouldn't be prosecuted for that one? (Again, ignoring the issue of how you happened to be looking at the photos in the first place, and assuming you couldn't get in trouble for that!) I doubt that I would have the nerve. By defending Wikipedia for hosting the same image, I'm guilty of a double standard. But would the IWF have agreed to un-block the image, if it hadn't been the cover art of an album, but instead had just been a grainy photo stuck in a sub-directory of someone's home page that they never intended to be made public? If not, then the IWF is guilty of a double standard too.

So not only do we not know how many mistakes are on the IWF's blacklist, it may be hard even to agree on an objective definition of a "mistake." But at least in cases where the content creator has already identified themselves — such as a public image on Wikipedia, or an image in a photographer's online portfolio — the IWF should notify people when it blocks their content. That would at least bring to light the cases where the content creator disagrees with the IWF's determination that their content constitutes child pornography. In some cases, such as the Wikipedia controversy, people would side with the content providers. In other cases, they wouldn't. But there's no reason to assume, as the IWF does when saying that Wikipedia represented "one mistake in twelve years," that in 100% of such cases, the courts and the police would side with the IWF's judgment.

nk497 writes "Hackers at the Black Hat conference have shown that SSL encryption isn't as secure as online businesses would like us to think. Independent hacker Moxie Marlinspike showed off several techniques to fool the tech behind the little padlock on your screen. He claimed that by using a real world attack on several secure websites such as PayPal, Gmail, Ticketmaster and Facebook, he garnered 117 email accounts, 16 credit card numbers, seven PayPal logins and 300 other miscellaneous secure logins."

nk497 writes "Hackers at the Black Hat conference have shown that SSL encryption isn't as secure as online businesses would like us to think. Independent hacker Moxie Marlinspike showed off several techniques to fool the tech behind the little padlock on your screen. He claimed that by using a real world attack on several secure websites such as PayPal, Gmail, Ticketmaster and Facebook, he garnered 117 email accounts, 16 credit card numbers, seven PayPal logins and 300 other miscellaneous secure logins."

nk497 writes "In the UK, ISPs are charging a child protection agency for access to IP user details they need for their investigations into online-related abuse. The Child Exploitation and Online Protection Centre has paid out over £170,000 since 2006 on IP data requests related to child abuse cases, and expects to pay another £100,000 this year — enough to fund another two investigators. The CEOP's CEO said that any ISP which can't afford to give the police such help 'simply can't afford to do business.'" Surely it must cost the ISPs money to comply with such requests, no matter how official the quest.

nk497 writes "In the UK, ISPs are charging a child protection agency for access to IP user details they need for their investigations into online-related abuse. The Child Exploitation and Online Protection Centre has paid out over £170,000 since 2006 on IP data requests related to child abuse cases, and expects to pay another £100,000 this year — enough to fund another two investigators. The CEOP's CEO said that any ISP which can't afford to give the police such help 'simply can't afford to do business.'" Surely it must cost the ISPs money to comply with such requests, no matter how official the quest.

nk497 writes "Writer makes the case that Windows 7 is a turning point for Microsoft, and we all might start liking them soon ... 'While it's not winning everyone over, there are real signs that Microsoft has taken criticisms on board where it matters most: in the software and services that it provides. The idea of a faster, slimmer Windows is one that most Vista owners would automatically put on their wishlist, and it seems that Microsoft has genuinely done something about it. It's not just reignited interest in the Windows product line, but it's got users appreciating a fresh approach from Microsoft as well.'"

nk497 writes "Writer makes the case that Windows 7 is a turning point for Microsoft, and we all might start liking them soon ... 'While it's not winning everyone over, there are real signs that Microsoft has taken criticisms on board where it matters most: in the software and services that it provides. The idea of a faster, slimmer Windows is one that most Vista owners would automatically put on their wishlist, and it seems that Microsoft has genuinely done something about it. It's not just reignited interest in the Windows product line, but it's got users appreciating a fresh approach from Microsoft as well.'"

nk497 writes "The worm that's supposedly infected almost nine million PCs running Windows, dubbed Cornficker or Downadup, could lead to a massive botnet, security researchers have said. The worm initially spread to systems unpatched against MS08-067, but has since 'evolved and is now able to spread to patched computers through portable USB drives through brute-force password-guessing.'"

nk497 writes "The worm that's supposedly infected almost nine million PCs running Windows, dubbed Cornficker or Downadup, could lead to a massive botnet, security researchers have said. The worm initially spread to systems unpatched against MS08-067, but has since 'evolved and is now able to spread to patched computers through portable USB drives through brute-force password-guessing.'"

nk497 writes "Over the summer, the London travelcard ticketing system — called Oyster — fell over twice, forcing the transport authority to offer free travel to the six million Londoners using the system. After that, it cut its contract with the supplier of the system, a consortium called TranSys. But now, Transport for London has signed a new contract to replace the TranSys one — with the same two companies that made up the TranSys consortium. Sure, that should fix everything."

nk497 writes "Over the summer, the London travelcard ticketing system — called Oyster — fell over twice, forcing the transport authority to offer free travel to the six million Londoners using the system. After that, it cut its contract with the supplier of the system, a consortium called TranSys. But now, Transport for London has signed a new contract to replace the TranSys one — with the same two companies that made up the TranSys consortium. Sure, that should fix everything."

nk497 writes "Over the summer, the London travelcard ticketing system — called Oyster — fell over twice, forcing the transport authority to offer free travel to the six million Londoners using the system. After that, it cut its contract with the supplier of the system, a consortium called TranSys. But now, Transport for London has signed a new contract to replace the TranSys one — with the same two companies that made up the TranSys consortium. Sure, that should fix everything."

nk497 writes "Over the summer, the London travelcard ticketing system — called Oyster — fell over twice, forcing the transport authority to offer free travel to the six million Londoners using the system. After that, it cut its contract with the supplier of the system, a consortium called TranSys. But now, Transport for London has signed a new contract to replace the TranSys one — with the same two companies that made up the TranSys consortium. Sure, that should fix everything."

nk497 writes "A new wireless camera called the I-Ball is being developed to be shot into locations using a grenade launcher so troops can see what lies ahead. The I-Ball sends real-time, 360-degree video back to soldiers while it's flying through the air and when it lands."

nk497 writes "A new wireless camera called the I-Ball is being developed to be shot into locations using a grenade launcher so troops can see what lies ahead. The I-Ball sends real-time, 360-degree video back to soldiers while it's flying through the air and when it lands."

nk497 writes "Dr Paul Mockapetris is looking to fix the flaws in the Domain Name System he helped invent. 'It was never meant to be the only security mechanism for naming data on the internet, but was intended for additional security measures to be added to it later.' The flaws, first uncovered by security researcher Dan Kaminsky over the summer, lets attackers redirect genuine URLs to malicious ones — a problem Mockapetris believes could be solved using digital signatures."

nk497 writes "Dr Paul Mockapetris is looking to fix the flaws in the Domain Name System he helped invent. 'It was never meant to be the only security mechanism for naming data on the internet, but was intended for additional security measures to be added to it later.' The flaws, first uncovered by security researcher Dan Kaminsky over the summer, lets attackers redirect genuine URLs to malicious ones — a problem Mockapetris believes could be solved using digital signatures."

nk497 writes "Dr Paul Mockapetris is looking to fix the flaws in the Domain Name System he helped invent. 'It was never meant to be the only security mechanism for naming data on the internet, but was intended for additional security measures to be added to it later.' The flaws, first uncovered by security researcher Dan Kaminsky over the summer, lets attackers redirect genuine URLs to malicious ones — a problem Mockapetris believes could be solved using digital signatures."

nk497 writes "The Metadata Analysis and Mining Application (MAMA) doesn't index content like a standard search engine, but looks at markup, style, scripting and the technology behind pages. Based on those existing MAMA-ed pages, 80.4 per cent of sites use cascading style sheets (CSS), while the average web page has 47 markup errors and 16,400 characters. Should you want to know which country is using the AJAX component XMLHttpRequest the most, MAMA can tell you that it's Norway, with 10.2 per cent of the data set." Additional coverage is available at Computerworld, and a deeper explanation is up at Opera's Dev site.

An anonymous reader writes "The SCO Group's current fate can be neatly summarized by the title of Pamela Jones' very first article on the case, back in May 2003 — 'SCO Falls Downstairs, Hitting its Head on Every Step.' In the intervening years PJ and Groklaw can be credited with unearthing and exposing many of the flaws in SCO's case, most notably, obtaining and publishing the 1994 settlement in the USL vs BSDi case. An article at the ITPro site interviews PJ about SCO, the impact of Groklaw and future of free software and the law."

An anonymous reader writes "According to this report by IT PRO, scientists working at the University of California have discovered the main reason of hard drive failure. According to researchers, some materials used in hard drives are better at damping spin precession than others. Spin precession of magnetic material effects its neighbors' polarity and this can spread and cause sections of hard drives to spontaneously change polarity and lose data. This is known as a magnetic avalanche. So next time Windows fails to start, you'll know why!"

Jenny writes "In the light of the recent QuickTime vulnerability, revealed for $10,000 spot cash, the UK IT Security Journalist of the Year asks why business treats security research like a big money TV game show. 'There can be no doubt that any kind of public vulnerability research effort will have the opportunity to turn sour, both for the company promoting it and the users of whatever software or service finds itself exposed to attack without any chance to defend itself. Throw a financial reward into the mix and the lure of the hunt, the scent of blood, is going to be too much for all but the most responsible of hackers. There really is no incentive to report their findings to the vulnerable company, and plenty not to. Which is why, especially in the IT security business, there needs to be a code of conduct with regard to responsible disclosure.' Do you think there's any truth to this? Or is it a better idea to find the vulnerabilities as fast as possible, damn the consequences?"

denebian devil writes "In an Editorial/Blog at ITPRO, Davey Winder writes of a keynote speech at Infosecurity Europe by Member of Parliament Derek Wyatt. In this speech, which was about the IT security demands of running the 2012 London Olympics, Derek Wyatt MP dropped the bombshell that IT Security at the Olympics will hinge not on which companies show themselves to be the best in their field or to have the technology that best meets the needs of the Olympics, but rather on whether or not the companies were a 'major sponsor' of the Olympics. So who has bought their way into being the security experts of choice, and with whom our security and that of the visiting millions will rest? Visa."

Madas writes "Scientists working in Cambridge have managed to make quantum encryption completely secure (registration required) by putting decoy pulses in the key transmission stream. According to the story this paves the way for safe, encrypted high-speed data links. Could this allow completely private transmission of data away from snooping eyes and ears? Or will it mean film studios can stop movies from being copied when traveling on the internet?"