Thursday, January 19, 2012

Nice work web! More than 13M of y’all fought SOPA

GigaOM — Tech News, Analysis and Trends

SOPA protests in New York

On Wednesday, the web went wild (or dark) and more than 13 million people protested the potential passage of the Stop Online Piracy Act (SOPA) and its companion bill in the Senate, the Protect IP Act (PIPA). Fight for the Future, an organization created to organize the online protests, offered some stats today to show exactly how wild things got. Here’s the organization’s breakdown of activism by the numbers, in infographic form:

The results were impressive. More than a third of U.S. senators are opposed to PIPA in its current form ahead of the vote on the bill next week — 36 are opposed, including 5 who were formerly co-sponsors. And as the Senate votes on PIPA next Tuesday, those 13 million are invited to watch the live stream and by submitting their stories on how they use the Internet to be read by Senators who have pledged to filibuster the bill. Go, online activism.

Related research and analysis from GigaOM Pro:
Subscriber content. Sign up for a free trial.

Sent with Reeder

Posted via email from Tony Burkhart

Spire via Cydia with Siri for iPhone 4S from chpwn blog

Introducing Spire

Spire is my (along with Ryan Petrich) new tool for installing Siri on previously unsupported, but jailbroken, devices. Spire is a small download, but while installing it will download Siri itself (directly from Apple). Spire is available in Cydia right now — go get it! This will use about 100 MB of data, so please connect to Wi-Fi before installing.

However, Spire is not a complete solution. Apple still requires authorization to use Siri, so information from an iPhone 4S is still required. To insert this information, Spire allows you to enter your own proxy server address. I’ve put up a list of my ideas on how you might get access to a proxy; hopefully you can figure something out.

Spire uses a new method to obtain the files necessary for Siri, so it doesn’t have the copyright issues encountered by previous attempts. Similarly, rather than directing all traffic through a specific proxy server (and the associated privacy issues), Spire allows you to specify your own proxy server.

Thanks to planetbeing for PartialZip and Ryan Petrich for his fixes and improvements.

Posted via email from Tony Burkhart

A Mugful of Scam at Facebook - MalwareCity : Computer Security Blog

A Mugful of Scam

Free Facebook Mug gives scammers an unlimited pass to post threats on users’ walls

Scammers don’t waste any time as they always come up with new ways to avoid the Facebook security measures. As I am writing this post, a new type of scam is making its rounds on social networks, using an original propagation method.
The scam takes advantage of the Facebook option that allows users to post their content by e-mail. The scam bait does not appear to be special as it simply promises a free Facebook Mug.


After clicking the link, the user is taken to a page that requires him/her to hit a couple of Likes, a step this sample shares with other Facebook threats.

As you can see, the page tries to imitate the Facebook style in order to gain users’ confidence. After clicking the required Likes and the Continue button, the user is surprisingly taken to a page that provides details about the inexistent Facebook Mug.

While the latest Facebook scam waves have chosen the shorter “install add-on” approach, this kind of threats generally requires that the user go through at least one more step before they get to the core scam action. I believe that in this case the all of the other intermediary steps are skipped  because the scam authors want to avoid raising suspicion and because they probably assume that providing details about the item makes it seem more real to the user.

Next comes the most interesting part of the scam: a step-by-step guide to obtaining the e-mail address that Facebook provides to each user for e-mail posting purposes.

Following the information on this page, I obtained my Facebook e-mail address or ID, which I was then prompted to enter on the scam page.

Providing this piece of information to scammers is a big mistake as they would then be able to post anything on your Facebook Wall. Even if it does not provide direct access to an account, in some ways, having this e-mail address is better than having your Facebook password. Here’s why:

1. Facebook has set up GeoIP security measures intended to block scammers from logging into hijacked accounts. Even if the highjacked account is not blocked, the account owner will at least receive an e-mail from Facebook warning him/her about the suspicious activity, which might prompt him/her to stop the hack.
2. Posting by e-mail does not prompt any warning from Facebook. Users might not notice the scam posts on their Walls until they visit their own Facebook profiles.
3. Scammers can easily post on Facebook in users’ name by sending in e-mails. Automatic posting by means of a software/script from within a browser is much more complicated.
4. The same scam can be distributed to a vast number of users just as spam.

The fact that the scam eventually reaches the fake survey step won’t matter much after all this.

An important wave of stolen e-mail addresses posting scams is sure to prompt additional security measures from Facebook, but how many users will have already been affected by then?

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.


Posted via email from Tony Burkhart