STE WILLIAMS

Free ESG report : Seamless data management with Avere FXT

Infamous Chinese hacktivist group Honker Union has shortlisted a whopping 270 Japanese targets for attack today – the anniversary of the Manchurian Incident, which was the precursor to the Japanese invasion of China.

The group singled out Japan’s Ministry of Foreign Affairs, the Prime Minister’s Office and other ministries, agencies, local government and media organisations on a bulletin board notice seen by NHK.

The Chinese hacktivists have previous when it comes to launching online attacks against Japanese targets.

Around the same time last year, they launched DDoS attacks on at least 19 government sites including the Defence ministry and Internal Affairs and Communications ministry, and defaced others – including the web site of the Supreme Court – with the Chinese flag.

Around 300 sites were shortlisted last year with over 4,000 individuals posting messages about planned attacks on Chinese chat site YY.

Although last year’s September 18th anniversary had even more impact as Tokyo had just purchased the disputed Senkaku islands, much to China’s anger, the date remains a contentious one between the two countries.

The Manuchrian, or Mukden, Incident of 18 September 1931 saw Japan attempt to blow up a railway line it owned near Mukden in northern China.

The Imperial army then used the incident as an excuse to invade and occupy the region, leading to widespread international condemnation and Japan’s withdrawal from the League of Nations.

Chinese hacktivists aren’t only focusing their ire outwards, however.

It emerged this week that some cyber miscreants had hacked the local government web site of Shaoxing, Zhejiang province, and defaced it with screenshots of traditional Mooncakes depicted anti-Communist Party slogans.

Mooncakes are commonly eaten during the mid-Autumn festival in China, usually with a message of “longevity” and “harmony” baked into the top.

However, these cakes apparently had the rather more controversial: “Bite to Death the CCP”, “Overthrow CCP”, “Bitterly Hate CCP”, and “Get Lost, CCP”. ®

Supercharge your infrastructure

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/09/18/honker_union_270_japan_targets_manchurian_incident/

Free ESG report : Seamless data management with Avere FXT

Phil Collins’ actress daughter is the celebrity most likely to give your equipment a nasty virus, security firm McAfee has warned.

Its annual McAfee Most Dangerous Celebrities^TM study warned clicking on search links after Googling Lily Collins could flood your system with malware.

The second most infectious celeb is Sk8r Boi singer (or should that be singr?) Avril Lavigne, followed by Sandra Bullock. The only man on there is Jon Hamm, the famously well-endowed star of Mad Men.

McAfee also found that searches for female celebrities’ names carry more malware than those for the male stars.

Searching for a celebrity name along with terms like “free app download” and “nude pictures” is basically a recipe for an infection, McAfee warned.

“Today’s consumers often are completely unaware of security risks when searching for celebrity and entertainment news, images and videos online, sacrificing safety for immediacy,” said Paula Greve, director of web security research at McAfee. “Cybercriminals prey on consumers’ addiction to breaking news and leverage this behavior to lead them to unsafe sites that can severely infect their computers and devices and steal personal data.”

And before you ask: no, we’ve not heard of Lily Collins either. She’s the played the lead in The Mortal Instruments: City of Bones, apparently. We’re not going to Google her to find out. ®

Supercharge your infrastructure

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/09/18/phil_collins_daughter_will_give_you_a_virus/

Supercharge your infrastructure

Microsoft says one of the big selling points for Windows Phone is that some customers like the idea of using its software everywhere.

Redmond imagines customers keen on messaging will run Exchange on Windows Server and then use Outlook or a modern email app under Windows 8 on a PC or fondleslab, and Windows Phone 8 for mobile email, with Office 365 lurking in the background for added flexibility. Folks who chose this route will, Redmond reckons, enjoy optimally integrated goodness and a consistent user experience everywhere.

When you’ve got a hammer, the saying goes, everything looks like a nail. And when you’re Microsoft, Microsoft looks like the answer to everything. In reality plenty of products carve out niches doing certain things exceptionally well, with BlackBerry’s secure messaging services being a fine example of specialisation in action. One of the reasons BlackBerry is still drawing breath is that it can point to a wall covered in certificates signed by the US Department of Defence and its global brethren and attesting to just how securely it can move data.

Microsoft’s wall bears many similar plaques for other products, but fewer nails have besmirched the plaster on the section reserved for mobile phone certificates.

That’s now changed. Microsoft has announced that Windows Phone 8 has earned the good secret keeping seal of approval by picking up the FIPS 140-2 accreditation that means the US National Institute of Standards attests to the operating system’s cryptography features being sufficient for “Sensitive, but Unclassified” communications.

Securing the FIPS 140-2 accreditation means Redmond can sell Windows Phone 8 to the US Federal Government, which is usually keen to favour local companies.

And the rest of us? Redmond’s sales reps will surely be talking up Windows 8’s “government grade security” any day now in an effort to make sure smartmobe buyers concerned by the state of BlackBerry’s balance sheet understand the alternatives. BlackBerrry also posseses the FIPS 140-2 certificate, but can still outgun Redmond as its new kit is certified to run on Department of Defence networks. ®

Supercharge your infrastructure

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/09/18/microsoft_puts_something_hard_and_sensitive_in_your_pocket/

Low-carbohydrate eating works very well for maintaining good control of my diabetes.

Therefore, my curiosity was, understandably, piqued by the image of a puppy in a blender.

As it turns out, however, the image, tweeted out recently by a fan of boy band One Direction, was not, actually, an illustration for a recipe.

The Tweeter, who claimed she planned to kill her pet Chihuahua because she was bereft at the band’s unfathomable failure to follow her on Twitter, admitted that the threatened puppicide was, in fact, a hoax, The Daily Mail has confirmed.

The images sparked outrage around the world and incentivized The Daily Mail to use six subheads in their story coverage, all with bullets and bold typeface, because, after all, pulverizing pets is nasty, low-carb or no.

The subheads tell the unsavory tale:

* ‘Fan’ threatned to kill dog with image of dog being pinned to the floor by its throat if the band did not follow her
* When One Direction didn’t she posted picture of ‘her with dead dog’ at the end of August
* But that image was used on South American sites in June on memes
* Other images reportedly from her site show animals in blenders [one kitten, one very cute little dog whose breed I don’t recognize] and a small child tied up with similar threats to kill them
*One of those images is an image plucked from Google images
* Retrieved tweets show offending user @illumivato admitted she was a troll on Twitter before her account was suspended

The woman (or man?) had tweeted to the five singers from her @illumivato account some two weeks ago, saying: “Follow me or I’ll break my dog’s neck”.

Attached was a picture of a Chihuahua being pinned to the ground by its throat.

Pet detectives debunked the hoax pretty quickly. One such, Fruzsina Eördögh on Motherboard.vice.com, pointed out the giveaways:

• The handle “illumivato” is a combination of Lovatic (a Demi Lovato fan) and Illuminati, a conspiracy group frequently invoked by trolls.
• The image of a young woman crying while holding a dead pet (or a pet playing dead?) was actually uploaded on Spanish social networks in July and was ridiculed at the time, undermining the timing of Illumivato’s claims to have killed the dog.

Illumivato posted other images before her account was suspended, including similar threats to celebrities such as Lady Gaga and President Barack Obama that involved blending her cat, blending a non-Chihuahua, shooting another dog, strangling her mother, or killing a child that she “captured” and then bound in duct tape – unless the celebrity in question followed her back, Eördögh reports.

Eördögh conducted a reverse Google image search and determined that the images were old and/or bogus.

The cat in the blender dated back to “at least 2007”, Eördögh writes. Meanwhile, the dog in the blender turned out to be a plush toy that hails from an ad pulled in 2010 after viewers thought it was real.

The Daily Mail reports that Illumivato’s hoax is part of a trend in Mexico wherein Facebook users have been posting shocking pictures to incite comments under the hashtag #palface, short for ‘pone al Facebook’, or “put on Facebook”.

One Direction fans – that would be “Directioners” – have labelled the (hopefully only pretend) puppy-punisher a “psycho”, with one fan setting up a petition demanding that she be imprisoned, and worse.

I believe that a more productive outcome of this story would be that journalists more frequently use image searches to uncover the truth behind stories as often as possible.

Not that blenderizing plush animal toys is necessarily a decent alternative to live puppies, given that it must still be rough on the appliance’s motor, but I think that people would rest easier if the press could reassure them that no animals were harmed in the making of a proposed snack.

Follow @LisaVaas
Follow @NakedSecurity

Image of Chihuahua courtesy of Shutterstock.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/AmzxZNKOi30/

SophosLabs is at the center of Sophos. It’s the place where highly skilled experts in the field work round the clock to build protection from the latest threats.

But who works there?

This week we’re talking to Vincent Lynch, Senior Threat Researcher from SophosLabs UK.

I grew up not so far away from SophosLabs UK, in Milton Keynes. I spent eight years at Warwick University. I finished a PhD in mathematics, with no great desire to stay in academia, but no real plans to do anything else.

After a few weeks poring through endless job adverts, the opening of ‘virus researcher’ jumped out at me. It just so happened I’d taken an interest in assembly language for a bit when I was younger, so I could convincingly argue that I’d have the patience to trawl through binary code, byte by byte, working out exactly what it’s doing.

I started at Sophos in 2004, and I spent my first five years here analysing viruses and spam, and really getting into every aspect of the work I could – writing generic detection rules, analyzing encryption routines used in obfuscating executable files, working out how to undo the damage malware has done to a system, and training new recruits to do all of these things.

About five years ago, there was an opportunity for someone to focus on testing the core virus scanning engine – in particular someone familiar with malware, and also with VDL, the ‘Virus Description Language’ Sophos uses to write the detection updates we publish several times a day. I volunteered to do this for six months, and five years later testing is still essentially what I do.

I work closely with the threat researchers, but also with the engine developers and QA engineers, ensuring that Sophos Antivirus has the low-level features the researchers need to do their job, and that it all works as required.

Outside of work, I’ve taken up music quite seriously in recent times, playing guitar, bass, drums, violin, mandolin, and a few other things. None of them to any great standard, but well enough to get by playing in a few local bands over the years. I’ve also been taking classes in improvised comedy, but it’ll be some time before I’m doing that in front of a paying audience.

What about the future of security?

With children using sophisticated technology from a very early age, people are surely going to become more security-aware, and have higher expectations of security from others, and from companies that store their information.

It would be good to see application developers favouring open file formats for document files, with more built-in validation. There’s a lot less scope for vulnerabilities if everyone agrees to simply not load files that don’t conform to a standard.

At the same time, criminals are only going to work harder to trick people or work around software security.

My top security tips?

A lot of security isn’t about right or wrong ways to do things, it’s about being aware of the risks you’re taking. It’s incredibly convenient having all your data available at the touch of a button, but that one bundle of data is also very valuable to anyone else who can get hold of it.

It’s scary how often proving your identity comes down just to knowing your date of birth, your address, or your mother’s maiden name – maybe not your closest guarded secrets. You’ll probably let your birthday slip to someone at some point, but maybe you don’t need it on your Facebook profile.

Do you really need to have your credit card details saved on your phone? Perhaps you do – but if so, you’d better keep your phone locked with a decent password or keycode. And always question why anyone else needs your information, particularly over the phone or email.

Want to know more about SophosLabs?

Read the other articles in this series on Rowland Yu, Peter Szabo, Numaan Huq, Joanne Garvey and James Wyke who all work at SophosLabs, check out our YouTube playlist, or see more on the Sophos website.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/hANYvrq1jmo/

Robert Hunter, a 35-year-old man from Middlesbrough, UK, is now serving a 14-year sentence for abusing girls and boys as young as 9 from across Europe, Asia, Canada and the US via Facebook and other sites, Skype, and MSN, according to The Guardian.

Beyond posing as teenage heart-throb Justin Bieber, between 2010 and 2012, Hunter used a number of online aliases, hiding behind photos of teenage boys and pretending to be a teenager himself, The Guardian quoted prosecutor Richard Bennett as saying:

On each occasion he was able to disguise his true age and identity by the clever use of images of young boys or by pretending that his computer wasn’t working properly.
As a further demonstration of the naivete and innocence of his victims, he was also able to persuade some that he was the music artist Justin Bieber.
He did this in order to dupe and encourage these young girls to strip on webcams and perform sex acts for him.

He went after both genders. Posing as Bieber, he convinced girls that he wanted to be their boyfriend.

Hunter also posed as a teenage girl in order to convince schoolboys to perform sex acts on camera. He then used those images to lure more girls, the prosecutor said.

Hunter blackmailed some victims into agreeing to his demands by threatening to make the videos he had already made of them public.

According to the BBC, Hunter was caught after a girl from Tasmania told police of her victimization.

Hunter was apprehended in December 2011 after police used Interpol to trace his victims.

Before he was caught, one victim, a 12-year-old girl, slashed her arms after Hunter posted indecent photos of her on Facebook, along with her address and phone number, the BBC reports.

The judge, Peter Bowers, called it possibly the worst case of internet child sex abuse he had heard.

The BBC quoted Justice Bowers:

It represents callous, almost sadistic exploitation over a number of years preying on girls’ naivety who were undermined by their own behaviour.

Hunter pleaded guilty at Teesside Crown Court to 15 charges of inciting a child to engage in sexual activity and 14 of making indecent photos.

What can be done to protect children from predators like Hunter?

Unfortunately, it’s an uphill battle.

In December 2012, 48 countries joined forces to launch the most expansive fight ever against the spread of online child sex abuse.

At the time, current estimates put the number of online photos of sexually abused and exploited children at more than 1 million. Every year, that number grows by 50,000 new images, according to the United Nations Office on Drugs and Crime (UNODC).

It’s a laudable effort, but we can’t leave it up to law enforcement.

One of the goals of the alliance is to educate children about online risks, including how paedophiles coax images out of unsuspecting children or extort them from blackmailed children.

We all can, and must, do that. We can educate children about the dangers online and teach them to not trust someone just because they say they’re the same age or a celebrity.

If you have thoughts on the best way to teach children how to stay safe, please share them in the comments below.

Thanks in advance.

Follow @LisaVaas

Follow @NakedSecurity

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/U7RWFxufEQE/

Free ESG report : Seamless data management with Avere FXT

People who access the internet through the anonymizing Tor network are much more likely to be up to no good than are typical internet users, according to a study by online reputation–tracking firm Iovation.

The company announced on Tuesday that 30.2 per cent of the transactions it logged as coming from the Tor network during the month of August were fraudulent, compared to a 1 per cent fraud rate for internet transactions as a whole.

Tor disguises the source of internet connections by shuttling them through hard-to-follow network routes and assigning them IP addresses at random from a pool distributed around the globe. While it’s not too hard to tell whether a connection is coming from Tor, it’s extremely difficult to know just who is behind any given connection, or even where in the world they are located.

For that reason, while Tor has often been used for political activism, whistleblowing, and other risky but laudable activities, it is also home to a shady underworld of less-praiseworthy dealings, ranging from drug trafficking to child pornography. The online black market Silk Road conducts its business entirely over Tor.

Online criminals have recently begun experimenting with using Tor as a cover for other kinds of internet traffic, as well. The number of clients accessing the network on a daily basis doubled in August when the Mevade.A botnent began using Tor to route its command and control data.

Little wonder, then, that Iovation found that nearly a third of all Tor transactions were suspect – and the company isn’t just talking about sales on Silk Road, either.

“Transactions simply means any online action at one of our customer sites like online purchases, account registrations, credit applications, logins, wire transfers, comments, etc,” Scott Olson, Iovation’s VP of product, told The Reg via email. “Any interaction where fraud or abuse are of concern to our subscribers.”

Iovation’s ReputationManager 360 service can’t identify individual Tor users, but it can spot traffic that originates from known Tor IP addresses, called “exit nodes.” To conduct its study, it analyzed 240 million transactions conducted in August 2013 and compared the fraud rate of Tor traffic to that of the whole.

Iovation is making the ability to identify Tor traffic generally available to its ReputationManager 360 customers at no charge beginning on Tuesday.

“Tor in itself isn’t a bad service,” Olson told El Reg. “It can be used for positive things as well as fraudulent things. For our clients, they are concerned with mitigating risk and in this case, Tor is disproportionately associated with a much higher fraud rate for online purchases, account applications, logins (through account takeovers), etc.”

Iovation isn’t the first to identify this problem. As recently as August, the head of Russia’s Federal Security Service said he would like to block Tor traffic at the national level as part of the country’s anti-terrorism efforts.

Although blocking all Tor traffic would be challenging, blocking traffic that re-enters the mainstream internet via Tor exit nodes is comparatively easy. Wikipedia prevents editing by Tor users, for example, and if Tor’s reputation for being rife with bad actors grows, more sites may choose to do the same. ®

Supercharge your infrastructure

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/09/18/study_finds_onethird_of_all_tor_traffic_is_fraudulent/

Apple’s triumphant announcement last week of the fingerprint scanner in the iPhone 5s didn’t impress everyone.

Some Naked Security readers were amongst the sceptics, with @wjrcoop saying:

I’m stunned by the celebration of mediocrity all over the Internet by this. I had a biometric reader on my Dell notebook (like forever ago) and hated it.

And the interestingly-named keeglecrunch asked:

Isn’t biometrics old news (like really old)? I have an old Dell laptop within arm’s reach that has a thumb scanner on it that I’ve used a grand total of zero times.

Apparently, there may be yet another reason to be underwhelmed by the iPhone 5s: a lawyer named Marcia Hofmann, writing for Wired, offers the opinion that its fingerprint authentication might end up eroding a long-cherished legal right.

In this case it wouldn’t be the government chipping away at your statutory protections, but technology itself.

The protection that Hofmann thinks might be at risk relates to self-incrimination.

Many jurisdictions give you some sort of “right to silence” – in the USA, it’s usually known as the Fifth, because the Founding Fathers neglected to enshrine it in the original constitution, leaving it to be retrofitted in the so-called Fifth Amendment some three years later.

In the digital era, the issue of where self-incrimination ends hasn’t always been obvious.

You can be compelled by a court to open a locked door, for example, so that investigators can search behind it. (Matters relating to search and seizure of your property are deal with by the Fourth Amendment.)

But you can’t, or at least not according to some US judges, be compelled to “open” a hard disk that has been “locked” by something you know, no matter how close an analogy you might draw between opening a cupboard and decrypting a hard disk.

Refusing to tell an investigator your password isn’t like refusing to hand over a physical key, it’s like declining to answer a question.

But what about password keys that don’t come from something you know, like fingerprints?

Hofmann offers the opinion that since you can swipe your finger over the iPhone 5s scanner without giving any “testimonial statement” – in other words, revealing something you know – then you shouldn’t expect Fifth Amendment protection against unlocking your trendy new iPhone.

→ Interestingly, you can give someone the key to decrypt your hard disk without ever actually telling them the answer to the question, “What’s your password?” That’s because most modern cryptosystems don’t actually use your password as the key: they take your password and hash it up with a bunch of other data unique to your disk to produce a one-off decryption key. Nevertheless, it seems that the Fifth applies if a password is involved at some point.

Hofmann gives what she calls an easy fix: give users the option to unlock their phones with a fingerprint plus something they know.

But that misses the point of why Apple included the fingerprint scanner in the first place.

For many users, a fingerprint-based password means they can abandon the “something they know” part, which means they no longer have “something they have to remember and type in all the time.”

Yahoo!’s CEO, Marissa Mayer, very disappointingly, spoke for very many phone users when she recently expressed her delight at the iPhone’s fingerprint scanner: “I can’t do this passcode thing, like, 15 times a day.”

But Marcia Hofmann may have just given you a reason to decide that perhaps, now you think about it, you can do this passcode thing after all.

Follow @duckblog

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/6JA28GK7xW8/

Missed anything last week? Catch up with everything we talked about with our weekly roundup.

General interest

• Facebook realities, OS X patched, Yahoo! CEO security! shocker! – 60 Sec Security [VIDEO]

• Should employees be punished for sloppy cyber security? [POLL]

• SSCC 116 – Google Authenticator, Apple bugs, Facebook data probes, WordPress phishing [PODCAST]

• Men are twice as likely to spy on their partner’s phone

Law and order

• Anonymous hacker @ItsKahuna sentenced to 3 years for hacking police sites

• 12 arrested as UK cops foil Santander bank heist plot

• Police probe second news group over phone hacking

• Google loses appeal in Wi-Fi data grab case

Social networks

• 57% of college students think their Facebook postings aren’t vile at ALL!

Mobile devices

• New Apple iPhone 5s to feature “Touch ID” fingerprint authentication

• Apple’s “Touch ID” fingerprint login – not everyone is cock-a-hoop about it

• Size doesn’t matter – at least, not quite as much as smartphone privacy

Cryptography

• Rudest man in Linuxdom rants about randomness – “We actually know what we are doing. You don’t.”

• Windows Picture Passwords – are they really as “easily crackable” as everyone’s saying?

OS and software

• September Patch Tuesday is out – one update lost en route, 13 patches left, 8 RCE, 4 critical

• Adobe has Patch Tuesdays, too – a reader reminds us!

• Microsoft endures Patch Horror Day on Friday 13th – issues updates to 8 of 13 updates

• Apple ships OS X 10.8.5 security update – fixes “sudo” bug at last

• WordPress issues security fixes, advises “update your sites immediately”

Privacy and online safety

• Would you believe it? Women more in favour of porn filters than men

• It’s not up to Google to stop child abuse, says expert

• US health care company faces giant class action suit for losing over 4,000,000 unencrypted records

• Google to encrypt data “end-to-end” in effort to block NSA and other agencies

• Yahoo hops on transparency report bandwagon

Would you like to keep up with all the stories we write? Why not sign up for our daily newsletter to make sure you don’t miss anything. You can easily unsubscribe if you decide you no longer want it.

Follow @NakedSecurity

Days of the week image from Shutterstock.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/X7jg1XgAFhM/

As of Friday afternoon, a notice on NASA’s kepler.arc.nasa.gov website was reading “Down for Maintenance: The requested webpage is down for maintenance. Please try again later.”

The site is only one of what appear to be 14 hacked subdomains, hosted in the heart of Silicon Valley, that were defaced on Tuesday and stayed offline for some time. Pastebin has listed the URLs here.

According to CWZ: Cybercrime Revealed, a hacker/hackers using the handle BMPoC posted a deface page along with a message on all the hacked websites that linked the attack to possible US military intervention in Syria, as well as to US spying on Brazil.

The message:

NASA HACKED! BY #BMPoCWe! Stop spy on us! The Brazilian population do not support your attitude! The Illuminati are now visibly acting!

Obama heartless! Inhumane! you have no family? the point in the entire global population is supporting you. NOBODY! We do not want war, we want peace!!! Do not attack the Syrians

The hacker is apparently the same one who took down four NASA domains in April 2013, according to Hack Read.

A NASA spokesman told FoxNews.com that the space agency’s IT staff are now investigating, but that nothing major had been compromised:

On Sept. 10, 2013, a Brazilian hacker group posted a political message on a number of NASA websites. … Within hours of the initial posting, information technology staff at the Ames Research Center discovered the message and immediately started an investigation, which is ongoing. At no point were any of the agency’s primary websites, missions or classified systems compromised.

The hacked sites housed information on the Kepler space telescope, planetary exploration, the moon and more, all run out of the organisation’s Ames Research Center.

Why take out political outrage on a science agency?

When Anonymous posted news of the April 2013 attack on its Facebook page, commenters suggested that the rationale for the attack might have been to highlight NASA’s spotty security.

In fact, NASA has not had a stellar (ahem) security history:

• In March 2011, algorithms used to command and control the International Space Station were exposed.
• In March 2012, it was the personally identifiable information (PII) of 2,300 employees and students.
• In another incident, it was sensitive data on NASA’s Constellation and Orion programs.
• In October 2012, it was PII on an unspecified, but large, number of NASA employees and contractors.

NASA might be picked on simply because it represents low-hanging fruit.

Spotty security doesn’t excuse criminal hacking, though. These aren’t acts of responsible disclosure, by any means.

Somebody ought to tell BMPoC that he/she/they are bullies kicking sand in the face of rocket scientists who have better things to do than mop up after an attack that’s spurred by a head-scratcher of a so-called rationale that’s unrelated to NASA’s mission.

Follow @LisaVaas

Follow @NakedSecurity

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/prbKFCtcyaE/