Vtech is a ubiquitous Hong Kong-based electronic toy company whose kiddy tablets and other devices are designed to work with its cloud service, which requires parents to set up accounts for their kids. 4.8 million of those accounts just breached, leaking a huge amount of potentially compromising information, from kids' birthdays and home addresses to parents passwords and password hints. Read the rest
big_mac_heart_attack posted this gorgeous example of a "fallstreak hole" with a rainbow in a cloud formation over eastern Victoria, Australia. They are rare enough that some people think they are evidence of UFOs. Unfortunately, that isn't usually the case. From Weather Underground:
Fallstreak holes form in these high to mid-level (cirrocumulus or altocumulus) clouds which are comprised of tiny water droplets that are below the freezing temperature but have not yet frozen (called supercooled water droplets). Airplanes passing through the cloud help the supercooled water droplets freeze. Air expands and cools as it passes over the wings and the propellor blades, decreasing the ambient temperature just enough to allow the droplets to freeze. The ice crystals grow and start to fall, while causing the water droplets around the ice crystals to evaporate. This leaves a large hole in the cloud with brush-like streaks of ice falling below it.Read the rest
Denver police were videoed savagely beating David Flores and his pregnant girlfriend by Levi Frasier, who had his tablet confiscated and the video deleted after one of the cops shouted "camera" -- but the video had already backed up to the cloud. Read the rest
In Enclosing the public domain: The restriction of public domain books in a digital environment, a paper in First Monday, researchers from the Victoria University of Wellington document the widespread proactice of putting restrictions on scanned copies of public domain books online. Read the rest
Bittorrent Sync is a Dropbox-like service through which the bittorrent protocol is used to synchronize all your devices. I recently used it to receive a large file from a friend in Los Angeles, and I was amazed and delighted by the speed an ease with which it came down. Bittorrent is calling for alpha testers to help it refine the product for its official launch.
Correction: An earlier version of this story got it wrong. I misremembered how the Bittorrent Sync product worked and erroneously believed that it used a cloud of bittorrent users to cooperatively share synch duties for one another.
It's exciting to see a more decentralized, redundant approach to cloud computing. Of all the resources we use with our computers, bandwidth is the scarcest and most fraught (since it's controlled by evil phone companies and mined by lawless spies). Storage, meanwhile, is fantastically abundant -- hard drives get so much cheaper so much faster that it's sometimes mindboggling. Many of us have storage to spare, and swapping that for cloud-based storage for backup, sharing and collaboration makes good sense.
The Bittorrent Sync architecture is reminiscent of the Freenet Project, a classic censorship-resistant file-sharing technology. I'm really looking forward to seeing what they come up with. Read the rest
How Much Will PRISM Cost the U.S. Cloud Computing Industry? [PDF], a report from the Information Technology and Innovation Foundation -- a highly regarded DC think-tank -- estimates that the US cloud computing companies will lose $22-$35 billion as a result of customers' nervousness about PRISM and other spying programs. The US had been leading the world in cloud computing, but analysts are seeing a rush to European cloud providers that are (presumably) out of reach on the NSA and in jurisdictions with tighter rules on government spying. Read the rest
Ardent Industries, the crazy people behind such large art installations as Dance Dance Immolation and SYZYGRYD, are building a giant 3D Mario cloud stuck to the top of a forklift so they can rain on people's parades. Their Kickstarter is fully funded and they're starting production and getting their forklift licenses! Rad!
Kate sez, "Technology companies are moving rapidly to get tools like email and document creation services into schools. This link to a recent survey of schools in the UK shows that use of such technology is expected to bring significant educational and social benefits. However, it also reveals that schools have deep concerns that providers of these services will mine student emails, documents or web browsing behaviour to build profiles for commercial purposes, such as serving advertisements. When data mining is done for profit, the relationship between the data miner and the consumer is simply a market transaction. As long as both parties are free to choose whether and when they wish to engage in such transactions, there is no reason to forbid them or place undue obstacles in their path. However, when children are using certain services at school and can neither consent to, control or even properly understand the data mining that is taking place, a clear line against such practices must be drawn, particularly when their data will be used by businesses to make a profit."
This weekend's NYT carried an alarming feature article on the gross wastefulness of the data-centers that host the world's racks of server hardware. James Glanz's feature, The Cloud Factory, painted a picture of grotesque waste and depraved indifference to the monetary and environmental costs of the "cloud," and suggested that the "dirty secret" was that there were better ways of doing things that the industry was indifferent to.
In a long rebuttal, Diego Doval, a computer scientist who previously served as CTO for Ning, Inc, takes apart the claims made in the Times piece, showing that they were unsubstantiated, out-of-date, unscientific, misleading, and pretty much wrong from top to bottom.
Read the rest
First off, an “average,” as any statistician will tell you, is a fairly meaningless number if you don’t include other values of the population (starting with the standard deviation). Not to mention that this kind of “explosive” claim should be backed up with a description of how the study was made. The only thing mentioned about the methodology is that they “sampled about 20,000 servers in about 70 large data centers spanning the commercial gamut: drug companies, military contractors, banks, media companies and government agencies.” Here’s the thing: Google alone has more than a million servers. Facebook, too, probably. Amazon, as well. They all do wildly different things with their servers, so extrapolating from “drug companies, military contractors, banks, media companies, and government agencies” to Google, or Facebook, or Amazon, is just not possible on the basis of just 20,000 servers on 70 data centers.
A couple weeks ago, a few hundred Dropbox users noticed they were receiving loads of spam about online casinos and gambling websites, at email addresses those users had set up only for Dropbox-related actions. The online file storage service now admits that hackers snagged usernames and passwords from third party sites, and used this data to break into those Dropbox users' accounts. Dara Kerr, reporting for CNET:
"Our investigation found that usernames and passwords recently stolen from other websites were used to sign in to a small number of Dropbox accounts. We've contacted these users and have helped them protect their accounts," the company wrote in a blog post today. "A stolen password was also used to access an employee Dropbox account containing a project document with user email addresses. We believe this improper access is what led to the spam."
Over at Ars Technica, Jon Brodkin has more. Evidently, the illicit access happened because a Dropbox employee’s account was hacked.
An attorney for MegaUpload -- which was shut down by the US government earlier this month, and whose assets have been frozen, following copyright complaints from the entertainment industry -- says that the US Attorney General is planning to destroy all its user data within a week. With its assets frozen, MegaUpload can no longer pay to host its data with its service provider, and so the AG will cooperate with the erasure of tens of millions of users' personal files -- backups, family photos, personal videos, financial records, and even movies and music in production by independent artists who used MegaUpload as a file-locker while their produced their work. TorrentFreak characterizes this as the destruction of evidence, and I think that's right.
Read the rest
Rothken explains that MegaUpload is determined to protect the interests of its users, but that its hands are tied without help from the authorities. The looming data loss is linked to unpaid bills at Cogent Communications and Carpathia Hosting where MegaUpload leased some of its servers.
“We of course would like to think the United States and Megaupload would both be united in trying to avoid such a consumer protection calamity whereby innocent consumers could permanently lose access to everything from word processing files to family photos and many other things that could never practically be considered infringing,” the lawyer told TorrentFreak.
“Megaupload’s assets were frozen by the United States. Mega needs funds unfrozen to pay for bandwidth, hosting, and systems administration in order to allow consumers to get access to their data stored in the Mega cloud and to back up the same for safekeeping.”
MegaUpload has contacted the US Attorney’s office with a request to unfreeze assets including money and domains so users can get access to their personal data.
first, I'd like to clarify what our intent was in how we represented privacy in our TOS. in our help article we stated "Dropbox employees aren't able to access user files" we didn't intend to mislead anybody with this statement - we prevent this via access controls on our backend as well as strict policy prohibitions. we don't feel this statement implies anything about who holds the encryption keys or what mechanisms prevent access to the data.
that said, it's become very clear to us that the statement wasn't explicit enough about what the barriers to access are. consequently, we've updated our help article and security overview to be explicit about this.
secondly, I'd like to clarify that we've never stated we don't have access to encryption keys. we've made quite a few posts in our public forums over the years about this very fact and we are quite open with our community: 1, 2, 3.
If companies with a very strict set of security policies and procedures like Google have had problems with employees that abused their privileges, one has to wonder what can happen at a startup like Dropbox where the security perimeter and the policies are likely going to be orders of magnitude laxer.Read the rest
Dropbox needs to come clear about what privacy do they actually offer in their product. Not only from the government, but from their own employees that could be bribed, blackmailed, making some money on the side or are just plain horny.
Dropbox needs to recruit a neutral third-party to vouch for their security procedures and their security stack that surrounds users' files and privacy. If they are not up to their own marketed statements, they need to clearly specify where their service falls short and what are the potential security breaches that
Unless Dropbox can prove that algorithmically they can protect your keys and only you can get access to your files, they need to revisit their public statements and explicitly state that Dropbox storage should be considered semi-public and not try to sell us snake oil.
You're safe if your password isn't in any dictionary, including the special dictionaries used for password cracking (these dictionaries will try random words in combination, as well as common letter-number substitutions such as "1" for "i" and so on). The crack works on WPA and WPA2-locked networks.
Your best bet is a long, random string for a password -- 64 bits of random noise will probably foil something like this for a good time to come. But good luck reading the password aloud to your visiting friend when she needs to get her laptop online.
Questions about WPA Cracker (via Schneier) Chinese WiFinders with built-in password-crackers Brit ISP TalkTalk shows why cutting people off because a record ... Google: We inadvertently collected personal data sent over open ... French hackers unveil the HADOPI router: cracks nearby WiFi and ... Dublin city council cancels free citywide WiFi: "Illegal under ... Read the rest