STE WILLIAMS

Facebook never fails to whip up a frenzy about privacy each time it proposes changes to its personal-content advertising platform. This time around users are slowly starting to complain about the risk to security posed by the company’s plans to help “improve the quality of ads.”

Needless to say, Facebook is entirely answerable to its shareholders and Wall Street now that it’s a grownup rather than a startup – to paraphrase HP’s Meg Whitman. The fact is that users come a distant tenth behind the advertisers in the first nine places on Facebook’s do-I-care chart, even if that means a potential regulatory tussle with data protection bods in Europe.

And so it has already come to pass that the Irish DP commissioner is sniffing around Facebook’s latest plans. The regulator’s office told The Register that it is seeking “clarity” from Mark Zuckerberg’s firm regarding the proposed rewrite of its privacy policy.

Facebook’s European operation is headquartered in Ireland and the company has already been in touch with the Irish DPA about the plans.

A spokeswoman at the commissioner’s office told us:

We note that this is the consultation stage of their process and that until that stage is over these changes will not be tabled to users. We are currently examining the proposed changes and consider that further clarity will be required in relation to the full effect of some of the changes.

We will be seeking urgent further clarification from Facebook Ireland and if we consider that the proposed changes require a specific consent from EU users we will require Facebook to do this.

The company – which plunged onto Nasdaq in May this year – is doing everything it can to shake as much ad revenue out of the site as possible by unsurprisingly proposing to open its users’ data even more. Some have suggested that this means Facebook will build unified profiles of its users akin to, say, those of Google+.

For example, now that photo-sharing site Instagram is part of the Facebook family, one of the proposals is for the company to share data across its growing estate.

Facebook is likely to implement the following change [PDF, page 15] on 28 November:

Sometimes we get data from our affiliates or our advertising partners, customers and other third parties that helps us (or them) deliver ads, understand online activity, and generally make Facebook better. For example, an advertiser may tell us information about you (like how you responded to an ad on Facebook or on another site) in order to measure the effectiveness of – and improve the quality of – ads.

We may share information we receive with businesses that are legally part of the same group of companies that Facebook is part of, or that become part of that group (often these companies are called affiliates). Likewise, our affiliates may share information with us as well. We and our affiliates may use shared information to help provide, understand, and improve our services and their own services.

Not really that surprising though, is it? After all, Facebook is front and centre a free-content ad network. It takes the content its users give it, and runs ads by them.

On top of that plan, Facebook is also expected to tweak the way users determine who can and can’t send messages to them on the site. It’s set to take away a a setting called “Who can send you Facebook messages” and will replace it with new filters for users to manage messages they receive on the site.

El Reg asked Facebook if this effectively meant that the site was slowly trying to morph the messaging part of its service into something similar to that of Google’s Gmail or Microsoft’s Hotmail. But we were admonished for speculating. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/11/22/facebook_data_use_policy_proposed_rewrite_makes_users_cross_again/

Followers of on-the-run cybersecurity baron John McAfee will be sorry to hear that he won’t be updating his blog for the next few days. The billionaire inventor of McAfee antivirus software told friend Chad Essley this morning that “something had happened” and that he needed to move to another location.

Despite being the target of Central America’s most-publicised manhunt, McAfee has had time to post nine blogs in the past three days. He has also detailed his various disguises, the latest of which involved smearing himself with shoe polish and pretending to be a Guatemalan trinket peddler, complete with a faked limp and a “shaved” tampon up his right nostril. McAfee is still being hunted by the police in Belize who want to question him about the murder of his neighbour, Gregory Faull.

John McAfee’s blog

McAfee blogged on Tuesday about the elaborate aural surveillance system he set up in the months before the murder – attaching recorders to his employees, friends and even dogs and posting the sound file of a conversation in Creole where he alleges a former local official tries to persuade his employee to kill him.

On Monday McAfee posted a meditative blog post about the place of bar girls in Belizean society, based on the story of Timesha, a former bar girl in the Belizean town of Orange Walk, who met McAfee two years ago in a “lover’s bar”. The antivirus millionaire says he bought her a house and she went back to school.

The blog, The Hinterland, is managed by McAfee’s friend, Portland film-maker Chad Essley, and is believed to be genuine.

Posting late on Monday night on his blog McAfee revealed that after disguising himself as a drunk German tourist and a burrito seller over the weekend, he has tweaked his disguise again and is posing as a poor Guatemalan peddler selling carved wooden dolphins. He said the shaved tampon was intended to make his nose look deformed. He claims he almost sold a dolphin to an Associated Press reporter, but the journalist was pulled away on a phone call.

Watch this space. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/11/22/mcafee_blog_tampon_dolphins_bar_girl_wtf/

Don’t think you can escape personalised adverts by switching the computer off. Luxury shops have started to use seeing-eye mannequins that harvest data about customers in the real world and – yes – target ads so they can sell more.

Packing technology that is used in airport security, the EyeSee mannequins from Italian company Almax can sense and log the gender, race and age of people as they walk into a shop, a report from Bloomberg explains.

The mannequin, looking right back at you and deciding how to make you buy more shit

The peeping dummies then track how the customers move around the store, how long they stay and correlate that information with whether they buy anything and how much they spend. The images are fed into facial-recognition software which logs various attributes of the customer while keeping them anonymous. (Until it links up with Facebook at least.) EyeSee models don’t store images, and can be used with a closed-circuit TV television license.

Clothes shops including Benetton have invested in the mannequins, which cost 4000 euros each.

Stores already use cameras that do this work, but mannequins work better, says Almax CEO, because the cameras are at eye-level and invite customer attention, as people are more likely to stand and look at it.

Almax plan to give the mannequins ears too, so they can “hear” what customers say about the clothes. Clients also sometimes ask for the model to log and discount store employees so they don’t confuse the data.

The mannequins could serve up the equivalent of cookie-enabled adverts on screens placed next to the models – for example calling up items from the menswear section if determining that the person in front of it is a man.

Only a dozen have been sold, Almax tell Bloomberg, but the tracking company are confident that there will be strong demand for the EyeSee models.

Almax are a mannequin-making company based near Milan. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/11/22/bionic_mannequins_are_looking_at_you/

It’s time to update alternative browser software again, with new releases of Firefox and Opera out this week. Firefox 17, released Tuesday, features improved support for social networking functions, such as Facebook Messenger, as well as new features to prevent blacklisted extensions from running without user permission. Support for Mac OS X 10.5 (Leopard), a five-year-old version of Apple’s desktop operating system, has been dropped.

On the security front, Firefox 17 boasts improved protection against drive-by download attacks, thanks to a sandbox for iFrames. The release also grapples with a large number of security flaws, around six of which are critical. The critical flaws include memory corruption and beer overflow bugs that might lend themselves towards attacks design to drop malware onto the systems of surfers running vulnerable software.

The complete list of bugs resolved by Firefox 17 runs into the thousands (yes, really) but Paul Ducklin of Sophos has helpfully put together a blog post highlighting the main issues.

In other browser security news, a new release of Opera fixes a critical heap-based buffer overflow vulnerability. Left unpatched, the cross-platform flaw creates a potential avenue for malware-based attacks that rely on tricking surfers into visiting sites running malicious code. Version 12.11 of Opera also tackles a glitch that meant Gmail sometimes failed to load as a tackling lesser stability issues and security bugs itemised in Opera’s release notes here. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/11/22/firefox_opera_browser_updates/

Human Rights Watch (HRW) has issued a document titled Losing Humanity: The Case against Killer Robots that argues development of autonomous weapons must be stopped because it represents a threat to human rights.

The document defines three types of autonomous weapons, namely:

• Human-in-the-Loop Weapons: Robots that can select targets and deliver force only with a human command;
• Human-on-the-Loop Weapons: Robots that can select targets and deliver force under the oversight of a human operator who can override the robots’ actions; and
• Human-out-of-the-Loop Weapons: Robots that are capable of selecting targets and delivering force without any human input or interaction.

Only the third type does not exist today, the document says, but adds they are in development and that “Many countries employ weapons defense systems that are programmed to respond automatically to threats from incoming munitions.”

HRW thinks autonomous weapons present three big problems, because “By eliminating human involvement in the decision to use lethal force in armed conflict, fully autonomous weapons would undermine other, non-legal protections for civilians.”

The group worries that “robots would not be restrained by human emotions and the capacity for compassion, which can provide an important check on the killing of civilians.” That makes them ideal for “repressive dictators seeking to crack down on their own people without fear their troops would turn on them.”

Killer bots would also increase conflicts, the group argues, as by minimising human casualties among aggressors “it would also make it easier for political leaders to resort to force” and “The likelihood of armed conflict could thus increase, while the burden of war would shift from combatants to civilians caught in the crossfire.”

The third concern surrounds accountability, as it’s hard to apply humanitarian law to a robot or its programmer. Existing laws and remedies would therefore struggle to deliver “meaningful retributive justice”.

Another issue is whether autonomous weapons would always act within the bounds of the laws of war, which insist that combatants distinguish between the civilian population and other combatants, while only directing force at military targets. “International humanitarian law also prohibits disproportionate attacks, in which civilian harm outweighs military benefits,” the document notes, later expressing doubts that artificial intelligence technologies will be able to make these kind of judgements effectively, or at all.

The document proposes “ an international legally binding instrument” to ban development, use and manufacture of autonomous weapons, plus local laws to do the same thing.

HRW even goes so far as to say that the global community should “Commence reviews of technologies and components that could lead to fully autonomous weapons” and nip them in the bud. Scientists working on related technologies, the document suggests, should be bound by “ … a professional code of conduct governing the research and development of autonomous robotic weapons, especially those capable of becoming fully autonomous, in order to ensure that legal and ethical concerns about their use in armed conflict are adequately considered at all stages of technological development.” ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/11/22/human_rights_watch_says_ban_killer_robots/

Human Rights Watch (HRW) has issued a document titled Losing Humanity: The Case against Killer Robots that argues development of autonomous weapons must be stopped because it represents a threat to human rights.

The document defines three types of autonomous weapons, namely:

• Human-in-the-Loop Weapons: Robots that can select targets and deliver force only with a human command;
• Human-on-the-Loop Weapons: Robots that can select targets and deliver force under the oversight of a human operator who can override the robots’ actions; and
• Human-out-of-the-Loop Weapons: Robots that are capable of selecting targets and delivering force without any human input or interaction.

Only the third type does not exist today, the document says, but adds they are in development and that “Many countries employ weapons defense systems that are programmed to respond automatically to threats from incoming munitions.”

HRW thinks autonomous weapons present three big problems, because “By eliminating human involvement in the decision to use lethal force in armed conflict, fully autonomous weapons would undermine other, non-legal protections for civilians.”

The group worries that “robots would not be restrained by human emotions and the capacity for compassion, which can provide an important check on the killing of civilians.” That makes them ideal for “repressive dictators seeking to crack down on their own people without fear their troops would turn on them.”

Killer bots would also increase conflicts, the group argues, as by minimising human casualties among aggressors “it would also make it easier for political leaders to resort to force” and “The likelihood of armed conflict could thus increase, while the burden of war would shift from combatants to civilians caught in the crossfire.”

The third concern surrounds accountability, as it’s hard to apply humanitarian law to a robot or its programmer. Existing laws and remedies would therefore struggle to deliver “meaningful retributive justice”.

Another issue is whether autonomous weapons would always act within the bounds of the laws of war, which insist that combatants distinguish between the civilian population and other combatants, while only directing force at military targets. “International humanitarian law also prohibits disproportionate attacks, in which civilian harm outweighs military benefits,” the document notes, later expressing doubts that artificial intelligence technologies will be able to make these kind of judgements effectively, or at all.

The document proposes “ an international legally binding instrument” to ban development, use and manufacture of autonomous weapons, plus local laws to do the same thing.

HRW even goes so far as to say that the global community should “Commence reviews of technologies and components that could lead to fully autonomous weapons” and nip them in the bud. Scientists working on related technologies, the document suggests, should be bound by “ … a professional code of conduct governing the research and development of autonomous robotic weapons, especially those capable of becoming fully autonomous, in order to ensure that legal and ethical concerns about their use in armed conflict are adequately considered at all stages of technological development.” ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/11/22/human_rights_watch_says_ban_killer_robots/

A plan by a San Antonio school district to continuously monitor its students using RFID has run into legal problems after one of them took a stand against being forced to use the tracking technology.

Northside Independent School District (NISD) in San Antonio, Texas has spent over $500,000 on its “Student Locator Project,” a lanyard worn around the neck that has both a bar code and RFID tag built in. Students need the lanyard to use the library or cafeteria, vote in school elections, and in some cases for toilet breaks, and it allows the school to track their every movement throughout the day.

Andrea Hernandez, a sophomore student at the John Jay High School’s Science and Engineering Academy in San Antonio, has been effectively expelled from school for refusing to wear the tags, citing religious, privacy, and freedom of expression reasons.

The school offered to give her a special lanyard with the RFID tag removed, but she refused to wear this, either, as it would be taken as her supporting the system. The school also stopped her from passing out leaflets to other students regarding the locator project.

“I feel it’s an invasion of my religious beliefs,” she told InfoWars. “I feel it’s the implementation of the Mark of the Beast*. It’s also an invasion of my privacy and my other rights.”

After a series of talks between the school, Hernandez, and her parents, her position at the science academy was “withdrawn” and she has been reassigned to another school. The family are now taking action against the school with the help of the Rutherford Institute, a civil liberties group.

The lawsuit will put a spanner in the works for the RFID tagging scheme, since the NISD already has plans to roll out the tracking scheme to over 100,000 students under its remit. The school district is hoping the system will increase school attendance, and thus win it a grant of nearly $2m from the state government.

“This is about money, plain and simple,” John Whitehead, president of The Rutherford Institute, told The Register. “School violence is falling and, as Bill Clinton pointed out, a public school is a very safe place for a child to be. It’s all about getting funding from the RFID system.”

The school has already installed over 200 CCTV cameras in an attempt to curb truancy, some of which have a live link directly to the local police department, Whitehead said. All of this, along with the RFID scheme, is paid for out of the education budget.

“What’s happening now is going to spread across the country,” Whitehead said. “If you can start early in life getting people accustomed to living in surveillance society then in future it’ll be a lot easier to roll these things out to the larger populace.”

The school district was unavailable for comment. ®

Bootnote

* For those not of a religious bent, the Mark of the Beast is a reference to the Book of Revelation, which the author John claimed was God’s description to him of how the world will end and Jesus will return to earth.

Revelation 13:16-18 says that followers of the Beast “receive a mark in their right hand, or in their foreheads,” which allows them to buy and sell goods. Certain biblical sects have taken this to mean RFID chips or identity cards.

Other non-believers think John was a bit too fond of funny mushrooms and shouldn’t be taken too seriously.

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/11/21/schoolgirl_expelled_rfid_chip/

Greek police have cuffed a suspect who allegedly stole personal data of three-quarters of the country’s population as part of an attempted industrial-scale ID theft scam.

The unnamed 35-year-old computer programmer is suspected of attempting to flog nine million records containing ID card data, addresses, tax identification numbers and car license plate numbers, Reuters reports. Some records were duplicates but even so personal data of the majority the the economically troubled European country’s 11 million inhabitants appears to have been exposed by the breach.

AP adds that the suspect was caught in possession of the treasure trove of data after been traced through the internet.

The source of the leaked data remains unclear, although an insecure government server is one likely possibility. The investigation into the mystery privacy breach remains ongoing and further arrests may follow.

“We are investigating what the source of the data was and how they were used by the man arrested, and also the possibility of him providing them to someone else,” police spokesman Christos Manouras told reporters. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/11/21/greece_mega_privacy_breach/

A squad of techies claim they’ve cracked Nintendo’s anti-piracy defences in the Wii U days after the games console hit US shelves.

The hack, the gaming equivalent of jail-breaking, allows home-made games, pirate copies of titles and other unauthorised software to run on the Wii U, according to wiiuhacks.com. The attack appears to involve exploiting security holes in old Wii games when a Wii U is running in legacy Wii mode.

The team has compiled a list of authorised games that can be hijacked to launch unofficial titles.

The group has also produced a seven-minute video of what appears to be a Wii U playing homebrew games after running the “Smash Stack” exploit from a disc. Nintendo, like other console makers, locks down its machines so, in theory, they can only play cryptographically signed software; hackers usually have to exploit security holes in the system or endorsed games to defeat these protections.

Chris Boyd AKA PaperGhost, a senior threat researcher at GFI Software and an expert in gaming security, said major Wii homebrew communities such as wiiubrew.org are yet to hack the Wii U.

“We have not been successful in running homebrew on the Nintendo Wii U. But running code in Wii Mode is possible,” wiiubrew.org stated.

“It’s the same story elsewhere, even on sites with dedicated modding and homebrew sections,” according to Boyd.

He added that it’s one thing to get old exploits working in legacy Wii mode, but another to develop exploits for vulnerabilities exclusively present in new Wii U systems. He is cautious of the wiiuhacks.com team’s boasts.

“There is one video on YouTube where the uploader claims to be successfully running homebrew on the Wii U using an older exploit designed to load unauthorised code on the original Wii console, but I’ve no way of verifying if the video is genuine,” Boyd told El Reg.

“Additionally, there are groups picking through the back catalogue of programs and exploits from the original Wii – some of which no longer work on certain versions of system menu – to see if they can uncover a blind spot in the new console.”

The Wii U console is backwards compatible with most Wii games and accessories, which explains why older exploits for the previous console still work, up to a point, on the next-generation machine.

Nintendo pushed a firmware update to Wii U consoles less than a day after the system went on sale on Sunday in the US. The sizeable upgrade does not block the Wii U Smash Stack exploit, but future updates could, wiiuhacks.com warned. Attempts to interrupt the lengthy Wii U update process once it starts can leave the console as useful as a squishy brick, as Nintendo itself advised. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/11/21/wii_u_hack/

The UK’s Ministry of Defence was obliged to reset user names and passwords following the publication of pictures of the Duke of Cambridge at work on a military base.

Four of the 10 pictures, released by St James’s Palace, showed Prince William at work at RAF Valley but failed to blur or disguise sensitive information in background. An “administrative oversight” meant the pictures were published on the Duke and Duchess of Cambridge’s official website before they were cleared by the MoD, The Daily Telegraph reports.

This turned out to be a significant oversight because potential sensitive information was visible on computer screens and bulletin boards in the background of shots taken at the RAF base in north Wales, where the prince serves as a search and rescue helicopter pilot. The images were quickly pulled from the website once the mistake became apparent but not before the images had been widely reproduced.

The pictures, taken by an RAF photographer, were later re-issued with sensitive details pixellated. In one image the Duke is shown sharing a joke with colleagues in a briefing room in front of a computer showing a password prompt screen. The MoD reset potentially exposed passwords as a precaution.

A Ministry of Defence spokesman told The Daily Telegraph: “Due to an administrative oversight, these photographs were not properly cleared at RAF Valley and the images showed unclassified MoD user names, passwords and computer screens on a restricted system.”

“The passwords and user names shown have now been reset as a precaution and we are satisfied the images do not contravene security regulations.”

“All the photos have been now amended and reissued. Media organisations are kindly asked to use these images,” he added.

The paper adds that the websites logins depicted in the photos relate to unclassified websites used by Sea King helicopter pilots to calculate fuel requirements and to access the Civil Aviation Authority. More on the story, complete with more pictures, can be found in a Daily Mail article here.

An explanation of the typical “working day in the life of Flight Lieutenant Wales” on the Duke’s official website reveals that he and his crew-mates like to play Call of Duty in their spare time, in between briefings, training exercises, standby shifts and rescue sorties.

Downtime is also an important part of the job. When the crew is not conducting a search and rescue mission or preparing for a training exercise, they can usually be found re-charging their batteries in the crew-room or eating a meal in the nearby dining room. Computer games – especially the likes of Call of Duty and other military-themed games – are a favourite for the crew if they have a spare moment in the evenings. However, they must remain in constant contact and can never be more than 60 seconds away from their aircraft in case an emergency call comes in.

RAF search and rescue squadrons handle on average around 2,000 call-outs a year. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/11/21/royal_pics_expose_mod_network_passwords/