Posts tagged microsoft
WHICH INTERNET COMPANY HASN’T GIVEN THE U.S. GOVERNMENT ITS RECORDS?
NEW YORK: Outraged Internet users searching for an alternative to the privacy-busting companies they’d trusted are turning to a company that provides what it calls, “the world’s most private search engines.”
StartPage and its sister search engine Ixquick were launched in 2006 to staunchly defend their users’ privacy and civil liberties. StartPage provides a private portal to Google results, while Ixquick provides private results from other search engines.
The services have not participated in PRISM, nor have they ever provided user data to the U.S. government or to any other government or agency in the U.S. or anywhere in the world.
That is more than nine of the biggest Internet companies — Apple, Google, Microsoft, Yahoo, Facebook, YouTube, PalTalk, AOL and Skype — can say.
“The Privacy of our users rests on three important foundations,” explains StartPage and Ixquick CEO Robert Beens. “We are based in the Netherlands, we use encrypted connections, and — most importantly — we don’t store or share any of our users’ personal search data.”
- No User Data Stored: StartPage and Ixquick never store user data, including IP addresses and search queries, so government agencies have no incentive to ask for these. This privacy is so complete; the company doesn’t even know who its customers are, so it can’t share anything with Big Brother.
- Encrypted (HTTPS) Connections: StartPage and Ixquick were the first search engines to use automatic encryption on all connections to prevent snooping. When searches are encrypted, third parties like ISP’s and the NSA can’t avesdrop on Internet connections to see what people are searching for.
- Not Under U.S. Jurisdiction: StartPage and Ixquick are based in the Netherlands, so they are not directly subject to U.S. regulations, warrants, or court orders. They can’t be forced to participate in spying programs like PRISM. The company has never turned over a single bit of user data to any government entity in the 14 years it has been in business, which is not surprising since there is no data in the first place.
StartPage and Ixquick are also the only search engines whose privacy practices have been independently verified and third-party certified through the European Union’s Privacy Seal program.
“Unfortunately, it takes a scandal like PRISM to wake people up to the erosion of privacy”, says Harvard-trained privacy expert Dr. Katherine Albrecht, who helped develop StartPage. “As people get fed up with being spied on, they look for alternatives. We already serve nearly 3 million private searches each day, and we expect that number to grow as people seek shelter from search engines that store and share their private information.”
The company will expand its privacy services this summer with the addition of a new private email product called StartMail. StartMail will offer a paid, private email platform with strong encryption. Anyone interested in beta testing the program on its release can sign up at www.StartMail.com
My choice since mid 2009, thanks to Katherine Albrecht.
Second NSA PRISM Spy Leak Shows Govt, Tech Companies Are Lying to You
A second leaked slide from the NSA’s top secret PRISM operation details how the NSA actually goes straight to the servers of top tech companies like Skype and Google in order to compile your personal chats and information — exactly what the U.S. Director of National Intelligence and major corporations said wasn’t happening in statements made yesterday.
Quite frankly, it looks like The Guardian has absolutely side swiped the Director of National Intelligence James R. Clapper, Facebook, Skype, Google, and a host of others who denied that the NSA PRISM program was directly tied into the tech company servers. More specifically, there was heavy denial in regards to how the NSA spy program actually worked, which is actually now detailed on the second slide. A slide that, at the time of writing this, has not even hit the front of Drudge or other sources. Here is the slide from the top secret PRISM project, which utilizes the top tech companies in order to watch and hold every letter you type through their services:
Image added to original post.
To say that the FBI had its work cut out for it after 9/11 is an understatement. As part of its anti-terrorism efforts, the agency cozied up to telecom companies, like Verizon and AT&T. The relationship was so tight that some telecom employees actually had offices at the FBI.
By Lois Beckett
Microsoft and Yahoo are selling political campaigns the ability to target voters online with tailored ads using names, Zip codes and other registration information that users provide when they sign up for free email and other services.
The Web giants provide users no notification that their information is being used for political targeting.
In one sense, campaigns are doing a more sophisticated version of what they’ve always done through the post office — sending political fliers to selected households. But the Internet allows for more subtle targeting. It relies not on email but on advertisements that surfers may not realize have been customized for them.
Campaigns use voters records to assemble lists of people they’re trying to reach — for instance, “registered Republicans that have made a donation,” Yahoo’s director of sales Andy Cotten told ProPublica. Microsoft and Yahoo help campaigns find these people online and then send them tailored ads.
These messages don’t just pop up in Yahoo Mail or Hotmail. Because Microsoft and Yahoo operate huge networks that provide advertising on some of the most popular web destinations, targeted ads can appear when a voter visits a swath of different sites.
Microsoft and Yahoo said they safeguard the privacy of their users and do not share their users’ personal information directly with the campaigns. Both companies also said they do not see the campaigns’ political data, because the match of voter names and registration data is done by a third company. They say the matching is done to target groups of similar voters, and not named individuals.
According to Microsoft, President Obama’s re-election campaign has recently done this kind of targeting, and both national political parties have done so previously.
The marketing site ClickZ, the Wall Street Journal, Slate and others have previously noted the ability of campaigns to target online ads to specific groups of voters. But what has not been detailed is which companies are now making the targeting possible by providing users’ personal information — and which have decided it’s off-limits.
Gmail accounts targeted by ‘state-sponsored attackers’ using Internet Explorer zero-day vulnerability0
(NAKED SECURITY) Both Google and Microsoft have put out alerts about an un-patched, zero-day hole in Internet Explorer that didn’t get fixed on Patch Tuesday and is actively being exploited in the wild.
Neither Google nor Microsoft referred to those state attackers in their respective security warnings. ZDNet attributed that particular detail to a source it said was “close to these investigations”.
This source confirmed to ZDNet that the attacks motivated Google to warn Gmail users last week about the attackers.
As ZDNet pointed out, Gmail users have been reporting on Twitter that they’ve been hit by the Gmail warning.
Google security engineer Andrew Lyons wrote in the company’s security blog that Google reported the vulnerability to Microsoft on May 30 and that the two companies have been working on the problem since.
He wrote on Tuesday:
Today Microsoft issued a Security Advisory describing a vulnerability in the Microsoft XML component. We discovered this vulnerability - which is leveraged via an uninitialized variable - being actively exploited in the wild for targeted attacks.
Lyons said that the attacks are spreading both from malicious web pages set up to snare Internet Explorer users and through Office documents.
Users running any flavor of supported Windows are vulnerable, from XP onwards up to and including Windows 7. All supported editions of Microsoft Office 2003 and Microsoft Office 2007 are also vulnerable.
The hole hasn’t been stitched up yet, but Microsoft is suggesting a workaround that will help prevent it from being exploited.
Microsoft’s security advisory recommends that IE and Office users immediately install a Fix it solution, downloadable with instructions from Microsoft Knowledge Base Article 2719615, until the company gets the final fix out.
The vulnerability crops up when Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 try to access an object in memory that hasn’t been initialized, which can corrupt memory such that an attacker could execute arbitrary code on a hijacked machine.
A victim would have to visit a maliciously crafted site using IE to suffer an attack. An attacker might lure users into visiting a booby-trapped site by enticing them to click on a link in an email or via messaging.
A successful attack grants the intruder the same user rights as the logged-on user. Therefore, a mitigating factor is to configure accounts with fewer rights, as opposed to operating with administrative user rights.
Microsoft noted that by default, IE on Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2 runs in a restricted mode known as Enhanced Security Configuration. That also mitigates the vulnerability.
As far as bolting down Gmail goes, Sophos’s Graham Cluley has a collection of tips on how to stop your Gmail account from getting hacked.
It’s definitely worth a read. Here’s a quick cheat-sheet; Graham gives you more detail on these items in his article:
- Set up two step verification
- Check if your Gmail messages are being forwarded without your permission
- Look where your Gmail account is being accessed from
- Choose a unique, hard-to-crack password
- Secure your computer
- Why are you using Gmail anyway?
OK, that last one’s not a tip, per se, but it’s food for thought if you are, in fact, important enough that a state would want to attack your Gmail account.
If you are, think twice about using a free web email provider for sensitive information. If you’re working for the government or the military, like Graham said, put all that sensitive information on secure systems instead.
LAS VEGAS – The biggest loser in Nevada’s Republican caucuses? The state’s feckless GOP.
Unable to control how its county parties count and report results, state Republicans were scrambling Sunday to explain why, almost 24 hours after most caucuses ended, the votes still have not been counted.
Here in Clark County, home to two-thirds of the state’s population, officials counted ballots, by hand, until 4 a.m. before calling it a night. Counting resumed again at 9 a.m. By 11 a.m. local time Sunday, only half of the county’s ballots had been counted.
“About midway through the night I said, ‘This is ludicrous,’” state GOP Chairman Amy Tarkanian said Sunday morning. “So I sent my state party people down there, including my husband, and said, ‘Go help them count, this is crazy.’”
Tarkanian, whose husband is Danny Tarkanian, who ran unsuccessfully for the GOP Senate nomination in 2010 and who is seeking the nomination in a new congressional seat, said state and county officials are seeking to avoid a situation like what happened in Iowa, where two weeks after voting ended the state party announced that it was Rick Santorum, not Mitt Romney, who won the state.
With second place still undecided between Newt Gingrich and Ron Paul — a consequential matter since delegates are awarded proportionally here — Tarkanian said she wants to avoid looking bad, as did her Iowa counterparts when they finally announced new results long after their contest ended.
But it may already be too late for that — unlike Iowa, Nevada hasn’t even reported nearly complete results yet.
Chuck Muth, a former Nevada GOP executive director, wrote on his blog that the night was the “Nevada GOP’s national embarrassment.”
“You can say this about Nevada Republicans: they are consistent,” Muth wrote. “They never blow an opportunity to blow an opportunity. And hoo-ahhh … did they ever blow this one!”
Clark County GOP Chairman Dave Gibbs did not return messages left on his cell phone Sunday morning.
By all accounts, the night was a foreseeable disaster, months in the making.
Confidential guidelines telling police how to access Facebook, Microsoft, Blizzard, and AOL user accounts have appeared online this week.
The files, known colloquially as law enforcement guidelines, typically tell police what types of user data are stored, how long they’re retained, and what procedures to use to gain access to them.
A few types of requests–for e-mail less than 180 days old, for instance–tend to require search warrants. In general, basic subscriber information can be disclosed with a subpoena, and a court order is required for more extensive information (whether that’s sufficient is the subject of ongoing litigation in the Twitter-WikiLeaks case).
Here are some highlights from each company’s policies:
Blizzard:Logs of Internet Protocol addresses are kept “indefinitely,” according to the company behind World of Warcraft. Sent mail is not retained. Deleted mail messages are not retained.Facebook: An earlier version of the company’s manual from 2008 said that “IP log data is generally retained for 90 days.” That statement is missing from the newly-released 2010 version, indicating that Facebook now may store data longer (a company spokesman did not respond to that question).
Microsoft/MSN: Hotmail IP logs are kept for 60 days. MSN TV’s Web site logs are kept for 13 days. No logs are kept for conversations taking place through MSN chat rooms and MSN instant messenger. The leaked document is from April 2005, though, and may be out of date.
AOL: IP logs for the AIM and ICQ messaging services are stored for up to 90 days. Customer logs are kept for 6 months. All AOL e-mail, including from portals such as AOL.ca, AOL.fr, and AOL.mx, is stored in its Northern Virginia data center.
The AOL, Blizzard, and Microsoft manuals were leaked as part of a recent data dump from Anonymous. The 2010 Facebook manual was posted by PublicIntelligence.net, a WikiLeaks-like effort that describes itself as an “international, collaborative research project.”
By far the most extensive collection of not-meant-for-the-public law enforcement guidelines has been assembled by John Young, a retired architect who runs the Cryptome.org document repository from his Manhattan flat.
After its law enforcement manuals for Windows appeared on Cryptome last year, Microsoft has attempted to remove it from the Internet using the Digital Millennium Copyright Act. The DMCA complaint was withdrawn a few days later. (See a related CNET Q&A with Young.)
A House of Representatives panel voted in July to require Internet providers to store customers’ names, addresses, phone numbers, credit card numbers, bank account numbers, and temporarily-assigned IP addresses. Previous Justice Department proposals envisioned forcing social networking sites to keep records for a few years of who uploads which photographs or videos.
In what may or may not be a coincidence, Facebook plans to post the 2011 law enforcement guide in its help center by the end of the day.
Am I the only one getting tired of the economically-ignorant whining about how the top ____% own a large (i.e., “unfair) portion of the “wealth” in the United States? What “wealth” are the whiners talking about? They erroneously believe that the wealth is some public pie that these “greedy” top ____% have unfairly expropriated from the rest of us. It isn’t. Each person in the top ___% has his or her own wealth, i.e., property, that they (except for the Banksters) acquired¹ through voluntarily exchanging a product or service with other people (called customers). They have exponentially more wealth than most people because the particular product or service that they offered was desired by exponentially more people than the particular product or service offered by the vast majority of people.² (The owner of a store that sells computers may make a very nice profit, but he will never have the profit that Bill Gates makes from Microsoft. A neurosurgeon may make a very handsome income, but he’s certainly not going to make the income that a Tiger Woods or Brad Pitt makes.)
And what’s with the whining about “the difference (ratio) between what a CEO makes and what a worker makes in the U.S. is wider than in any other country in the world”? So? Big deal! If you whiners are so concerned, then tell me what you, in your infinite economic “wisdom,” deem to be the “proper” ratio? WARNING: Whatever arbitrary SUBJECTIVE ratio you give, I’m going to respond with a different arbitrary SUBJECTIVE ratio. (And when you get through telling me what the “proper” ratio should be, please tell me what the “acceptable” profit percentage should be for a corporation, what the minimum wage should be for an employee, what the maximum CEO salary should be, what the…)
¹I’m well aware that there are certain people who acquired their wealth through inheritance. Good for them.
²I’m well aware of government patents/licensing/copyrights etc. that prevent free market competition, but unless the government FORCED us to buy Microsoft software (like it forced us to buy seat belts for cars), Gates made his fortune because consumers preferred his products to others.