How To Detecting Terrorist Surveillance

 Articles of Interest, Crimes & Criminal Activity (Organized Crime, Narcotics, Predators, Cyber Crime, Cyber Stalking, UnSolved), Firearms, Weapons & Personal Safety, National security, Terrorism, Cyber Terrorism & Related Crimes, Social Media, Technology & Digital Security  No Responses »
Mar 202012
 

Detecting Terrorist Surveillance

 

Town Hall

by Stewart Scott

March 8, 2012

 

 

 

As we noted last week, terrorist attacks do not materialize out of thin air. In fact, quite the opposite is true. Those planning terrorist attacks follow a discernable process referred to as the terrorist attack cycle. We also discussed last week how terrorism planners are vulnerable to detection at specific points during their attack cycle and how their poor surveillance tradecraft is one of these vulnerable junctures.

While surveillance is a necessary part of the planning process, the fact that it is a requirement does not necessarily mean that terrorist planners are very good at it. With this in mind, let’s take a closer look at surveillance and discuss what bad surveillance looks like.

 

Eyes on a Potential Target

As noted above, surveillance is an integral part of the terrorist planning process for almost any type of attack, although there are a few exceptions to this rule, like letter-bomb attacks. The primary objective of surveillance is to assess a potential target for value, security measures and vulnerabilities. Some have argued that physical surveillance has been rendered obsolete by the Internet, but from an operational standpoint, there simply is no substitute for having eyes on the potential target — even more so if a target is mobile. A planner is able to see the location of a building and its general shape on Google Earth, but Google Earth does not provide the planner with the ability to see what the building’s access controls are like, the internal layout of the building or where the guards are located and what procedures they follow.

The amount of time devoted to the surveillance process will vary depending on the type of operation. A complex operation involving several targets and multiple teams, such as the 9/11 operation or 2008 Mumbai attacks, will obviously require more planning (and more surveillance) than a rudimentary pipe-bomb attack against a stationary soft target. Such complex operations may require weeks or even months of surveillance, while a very simple operation may require only a few minutes. The amount of surveillance required for most attacks will fall somewhere between these two extremes. Regardless of the amount of time spent observing the target, almost all terrorist planners will conduct surveillance and they are vulnerable to detection during this time.

Given that surveillance is so widely practiced, it is amazing that, in general, those conducting surveillance as part of a terrorist plot are usually terrible at it. There are some exceptions, of course. Many of the European Marxist terrorist groups trained by the KGB and Stasi practiced very good surveillance tradecraft, but such sophisticated surveillance is the exception rather than the rule.

The term “tradecraft” is often used in describing surveillance technique. Tradecraft is an espionage term that refers to techniques and procedures used in the field, but the term also implies that effectively practicing these techniques and procedures requires a bit of finesse. Tradecraft skills tend to be as much art as they are science, and surveillance tradecraft is no exception. As with any other art, you can be taught the fundamentals, but it takes time and practice to become a skilled surveillance practitioner. Most individuals involved in terrorist planning simply do not devote the time necessary to master the art of surveillance, and because of this, they display terrible technique, use sloppy procedures and generally lack finesse when they are conducting surveillance.

The main reason that people planning terrorist attacks are able to get by with such a poor level of surveillance tradecraft is because most victims simply are not looking for them. Most people do not practice situational awareness, something we are going to discuss in more detail next week. For those who do practice good situational awareness, the poor surveillance tradecraft exhibited by those planning terrorist attacks is good news. It provides them time to avoid an immediate threat and contact the authorities.

 

Keying on Demeanor

The behavior a person displays to those watching him or her is called demeanor. In order to master the art of surveillance tradecraft, one needs to master the ability to display appropriate demeanor for whatever situation one is in. Practicing good demeanor is not intuitive. In fact, the things one has to do to maintain good demeanor while conducting surveillance frequently run counter to human nature. Because of this, intelligence, law enforcement and security professionals assigned to work surveillance operations receive extensive training that includes many hours of heavily critiqued practical exercises, often followed by field training with a team of experienced surveillance professionals. This training teaches and reinforces good demeanor. Terrorist operatives typically do not receive this type of training — especially those who are grassroots or lone wolf militants.

At its heart, surveillance is watching someone while attempting not to be caught doing so. As such, it is an unnatural activity, and a person doing it must deal with strong feelings of self-consciousness and of being out of place. People conducting surveillance frequently suffer from what is called “burn syndrome,” the belief that the people they are watching have spotted them. Feeling “burned” will cause surveillants to do unnatural things, such as hiding their faces or suddenly ducking back into a doorway or turning around abruptly when they unexpectedly come face to face with the person they are watching.

People inexperienced in the art of surveillance find it difficult to control this natural reaction. A video that recently went viral on the Internet shows the husband of the president of Finland getting caught staring down the blouse of a Danish princess. The man’s reaction to being caught by the princess was a textbook example of the burn syndrome. Even experienced surveillance operatives occasionally have the feeling of being burned; the difference is they have received a lot of training and they are better able to control their reaction and behave normally despite the feeling of being burned. They are able to maintain a normal-looking demeanor while their insides are screaming that the person they are watching has seen them.

In addition to doing something unnatural or stupid when feeling burned, another very common mistake made by amateurs when conducting surveillance is the failure to get into proper “character” for the job or, when in character, appearing in places or carrying out activities that are incongruent with the character’s “costume.” The terms used to describe these role-playing aspects of surveillance are “cover for status” and “cover for action.” Cover for status is a person’s purported identity — his costume. A person can pretend to be a student, a businessman, a repairman, etc. Cover for action explains why the person is doing what he or she is doing — why that guy has been standing on that street corner for half an hour.

The purpose of using good cover for action and cover for status is to make the presence of the person conducting the surveillance look routine and normal. When done right, the surveillance operative fits in with the mental snapshot subconsciously taken by the target as the target goes about his or her business. Inexperienced people who conduct surveillance frequently do not use proper (if any) cover for action or cover for status, and they can be easily detected.

An example of bad cover for status would be someone dressed as “a businessman” walking in the woods or at the beach. An example of bad cover for action is someone pretending to be sitting at a bus stop who remains at that bus stop even after several buses have passed. For the most part, however, inexperienced operatives conducting surveillance practice little or no cover for action or cover for status. They just lurk and look totally out of place. There is no apparent reason for them to be where they are or doing what they are doing.

In addition to plain old lurking, other giveaways include a person moving when the target moves, communicating when the target moves, avoiding eye contact with the target, making sudden turns or stops, or even using hand signals to communicate with other members of a surveillance team or criminal gang. Surveillants also can tip off the person they are watching by entering or leaving a building immediately after the person they are watching or simply by running in street clothes.

Sometimes, people who are experiencing the burn syndrome exhibit almost imperceptible behaviors that the target can sense more than observe. It may not be something that can be articulated, but the target just gets the gut feeling that there is something wrong or odd about the way a certain person is behaving toward them. Innocent bystanders who are not watching someone usually do not exhibit this behavior or trigger these feelings.

 

Principles of Surveillance Detection

The U.S. government often uses the acronym “TEDD” to illustrate the principles that can be used to identify surveillance conducted by counterintelligence agencies, but these same principles also can be used to identify terrorist surveillance. TEDD stands for time, environment, distance and demeanor. In other words, if a person sees someone repeatedly over time, in different environments and at a distance, or someone who displays poor surveillance demeanor, then that person can assume he or she is under surveillance.

However, for an individual, TEDD is really only relevant if you are being specifically targeted for an attack. In such an instance, you will likely be exposed to the time, environment and distance elements. However, if the target of the attack is a subway car or a building you work in rather than you as an individual, you likely will not have an opportunity to make environment and distance correlations, and perhaps not even time. You will likely only have the demeanor of the surveillant to key on. Therefore, when we are talking about recognizing surveillance, demeanor is the most critical of the four elements. Demeanor also works in tandem with all the other elements, and poor demeanor will often help the target spot the surveillant at a different time and place or in a different environment.

Time, environment and distance also have little bearing in an instance like the Fort Hood shooting, where the assailant is an insider, works at a facility and has solid cover for action and cover for status. In such instances, demeanor is also critical in identifying bad intent.

The fact that operatives conducting surveillance over an extended period can change their clothing and wear hats, wigs or other light disguises — and use different vehicles or license plates — also demonstrates why watching for mistakes in demeanor is critical. Because of a surveillant’s ability to make superficial changes in appearance, it is important to focus on the things that cannot be changed as easily as clothing or hair, such as a person’s facial features, build, mannerisms and gait. Additionally, while a surveillant can change the license plate on a car, it is not as easy to alter other aspects of the vehicle such as body damage (scratches and dents). Paying attention to small details can be the difference between a potential attacker being identified and the attacker going unnoticed.

One technique that can be helpful in looking for people conducting long-term surveillance is to identify places that provide optimal visibility of a critical place the surveillant would want to watch (for example, the front door of a potential target’s residence or office, or a choke point on a route the potential target frequently travels). It is also important to look for places that provide optimal visibility, or “perches” in surveillance jargon. Elevated perches tend to be especially effective since surveillance targets rarely look up. Perches should be watched for signs of hostile surveillance, such as people who don’t belong there, people lurking, or people making more subtle demeanor mistakes.

Paying attention to the details of what is happening around you (what we call practicing good situational awareness) does not mean being paranoid or obsessively concerned about security. Living in a state of paranoia and looking for a terrorist behind every bush not only is dangerous to one’s physical and mental health but also results in poor security. We are going to talk more about practicing a healthy and sustainable level of situational awareness next week.

 

Direct Link:  http://finance.townhall.com/columnists/stewartscott/2012/03/08/detecting_terrorist_surveillance/page/full/

 

ORIGINAL Article:  http://www.stratfor.com/weekly/detection-points-terrorist-attack-cycle

 

 Posted by at 19:13  Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , ,

Google ships Chrome 17, touts more malware alerts and page preloads

 Articles of Interest, Firearms, Weapons & Personal Safety, National security, Terrorism, Cyber Terrorism & Related Crimes, Social Media, Technology & Digital Security  No Responses »
Feb 102012
 

Google ships Chrome 17, touts more malware alerts and page preloads

 

Patches 20 vulnerabilities, pays $10,500 in bounties to four bug hunters

 

 

COMPUTER WORLD

By Gregg Keizer

February 8, 2012

 

Computerworld –

Google today patched 20 vulnerabilities in the desktop edition of Chrome and added new anti-malware download warnings to version 17.

The company called out a pair of new features in Chrome 17, including the expansion of anti-malware download warnings and prerendering of pages suggested by the address/search bar’s auto-complete function.

Google last refreshed Chrome eight weeks ago, on Dec. 13. Google generates an update to its “stable” channel about every six to eight weeks, a slightly more flexible schedule than rival Mozilla’s every-six-weeks pace.

One of the 20 vulnerabilities patched today was rated “critical,” the most dire ranking in Google’s threat system. Eight were marked “high,” while five were labeled “medium” and six were tagged “low.”

Google paid $10,500 in bounties to four researchers for reporting 11 bugs, and another $3,133 to one of the four who uncovered a serious flaw that was quashed by developers before Chrome 17 made it to today’s release. The nine other vulnerabilities were uncovered by members of Google’s own security team, which includes developers who contribute to the open-source Chromium project — which feeds code to Chrome — or those who, for one reason or other, were not bonus-eligible.

Per its usual practice, Google blocked access to its bug tracking database for all 20 vulnerabilities to prevent outsiders from obtaining details that could be used to build exploits. Google typically opens up the database weeks or even months later, after it’s sure a majority of users have migrated to the new edition.

Google typically includes a handful of obvious changes in each Chrome upgrade, and it stayed with that practice today: The two features visible to users were an extension of Chrome’s long-running anti-malware download warnings and faster displaying of some Web pages.

The new download warnings alert users when they try to retrieve executable Windows files — including those with the “.exe” and “.msi” extensions — that Google knows or suspects are malicious, or are hosted on a website that commonly distributes threats.

Such warnings have been part of Chrome since version 12, which launched in June 2011, but they’ve been expanded in Chrome 17.

If the file isn’t a known quantity or isn’t from a reputable publisher, information about the file is sent to Google, which runs it through an analyzer to rank its “reputation and trustworthiness [compared to] files previously seen from the same publisher and website,” said the company last month.

Suspicious files — ones that match the criteria of others known to come from the same source — are tagged, and if there’s a high probability that it’s malicious, the user sees an alert.

Google has also beefed up its anti-phishing tool; Chrome now inspects the destination URL for characteristics common to sites that try to steal confidential information, and if it makes a match, it spits out a warning.

The new anti-malware tools have been available in the beta of Chrome 17 for a month.

Also new to Chrome 17: Preloading of pages that appear in the browser‘s combination address/search bar when users start typing an address or search string.

“If the URL auto-completes to a site you’re very likely to visit, Chrome will begin to prerender the page [to reduce] the time between when you hit Enter and when you see your fully-loaded Web page,” Google explained last month when it added the feature to Chrome 17′s beta.

In admittedly unscientific tests of Chrome 17′s preloading, however, Computerworld did not notice any difference in the speed with which pages popped up.

According to metrics company Net Applications, Chrome accounted for nearly 19% of all browsers used in January, keeping it in second place behind Firefox (with 20.9%) and Microsoft‘s Internet Explorer (53%).

Chrome 17 can be downloaded for Windows, Mac OS X and Linux from Google’s website. Users running the browser will be updated automatically through its silent service.

 

Read more about Browsers in Computerworld’s Browsers Topic Center.

 

 

Direct Link:  http://www.computerworld.com/s/article/9224085/Google_ships_Chrome_17_touts_more_malware_alerts_and_page_preloads

 Posted by at 17:52  Tagged with: , , , , , , , , , , , , , ,

Censoring of Tweets Sets Off #Outrage

 Articles of Interest, Social Media, Technology & Digital Security  No Responses »
Jan 302012
 

 

Censoring of Tweets Sets Off #Outrage

The New York Times
By SOMINI SENGUPTA
January 27, 2012

SAN FRANCISCO —

It started five years ago after a young engineer in San Francisco sketched out a quirky little Web tool for telling your friends what you were up to. It became a bullhorn for millions of people worldwide, especially vital in nations that tend to muzzle their own people.

Peter Macdiarmid/Getty Images

 

Checking Twitter on Friday in Cairo. Twitter helped protesters organize in Egypt, but a new policy could alter that dynamic.

But this week, in a sort of coming-of-age moment, Twitter announced that upon request, it would block certain messages in countries where they were deemed illegal. The move immediately prompted outcry, argument and even calls for a boycott from some users.

Twitter in turn sought to explain that this was the best way to comply with the laws of different countries. And the whole episode, swiftly amplified worldwide through Twitter itself, offered a telling glimpse into what happens when a scrappy Internet start-up tries to become a multinational business.

“Thank you for the #censorship, #twitter, with love from the governments of #Syria, #Bahrain, #Iran, #Turkey, #China, #Saudi and friends,” wrote Björn Nilsson, a user in Sweden.

Bianca Jagger asked, almost existentially, “How are we going to boycott #TWITTER?”

Zeynep Tufekci, an assistant professor at the University of North Carolina at Chapel Hill, took the other side. “I’m defending Twitter’s policy because it is the one I hope others adopt: transparent, minimally compliant w/ law, user-empowering,” she wrote.

Twitter, like other Internet companies, has always had to remove content that is illegal in one country or another, whether it is a copyright violation, child pornography or something else. What is different about Twitter’s announcement is that it plans to redact messages only in those countries where they are illegal, and only if the authorities there make a valid request.

So if someone posts a message that insults the monarchy of Thailand, which is punishable by a jail term, it will be blocked and unavailable to Twitter users in that country, but still visible elsewhere. What is more, Twitter users in Thailand will be put on notice that something was removed: A gray box will show up in its place, with a clear note: “Tweet withheld,” it will read. “This tweet from @username has been withheld in: Thailand.”

Think of it as the digital equivalent of a newspaper responding to old-fashioned government censorship with a blank front page.

“We have always had the obligation to remove illegal content. This is a way to keep it up in places where we can,” said Alex Macgillivray, general counsel at Twitter. “We have been working on this awhile. We needed to figure out how to deal with this as a company.”

The majority of Twitter’s 100 million users are overseas and it has several offices abroad working to expand its business and drum up local advertising. Twitter’s president, Jack Dorsey, said this week that it would open an office in Germany, which prohibits Nazi material online and offline.

The announcement signals the choice that a service like Twitter has to make about its own existence: Should it be more of a free-speech tool that can be used in defiance of governments, as happened during the Arab Spring protests, or a commercial venture that necessarily must obey the laws of the lands where it seeks to attract customers and eventually make money?

Tim Wu, a professor at Columbia Law School and author of “The Master Switch,” said the changes could undermine the usefulness of Twitter in authoritarian countries.

“I don’t fault them for wanting to run a normal business,” he said. “It does suggest someone or something else needs to take Twitter’s place as a political tool.”

Professor Wu urged the company to use discretion: “Twitter needs to be careful not to be in a position where it’s no longer helpful to a rebellion against oppressive governments. It needs to remain its old self in some circumstances.”

Twitter’s policy of allowing its users to adopt pseudonyms made it particularly useful to many protest organizers in the Arab world, and its chief executive went so far as to call it “the free-speech wing of the free-speech party.”

But Professor Wu wondered aloud if the new policy would have allowed Egyptians to organize protests using the service.

Twitter insists its new system is a way to promote greater transparency, not less. The company says it will not filter content before it is posted. It will not remove material that may be offensive, only that which it thinks is illegal. And it said it would also try to notify users whose posts had been withheld by sending them an e-mail with an explanation.

The company identifies the locations of its users by looking at the Internet Protocol addresses of their computers or phones. But it also allows users to manually set their location or choose “worldwide.” Essentially that is a way to circumvent the blocking system entirely. A user in Syria can simply change her location setting to “worldwide” and see everything.

Jillian C. York, director for international freedom of expression at the Electronic Frontier Foundation, a civil liberties group, successfully tried this herself after Twitter announced its new approach. “Unfortunately it is a necessary evil when offering a service in certain countries,” Ms. York said of the new system.

Critics on Twitter surmised that the company had been pressed to adopt country-specific censorship after a major investment by a Saudi prince, a theory that Mr. Macgillivray quickly dismissed.

Facebook also handles requests to remove content that is illegal in certain countries, though it does not explain what it removes and for what reason. In its search results, Google signals what it is required to redact under a certain country’s law — and in the case of YouTube, a Google product, it can block content country by country.

Twitter has followed in Google’s footsteps in another respect. It has opted to post some of the removal requests it receives on Chilling Effects, a site jointly run by the Electronic Frontier Foundation and several American universities. Mr. Macgillivray was previously on the legal team at Google and, as a student at Harvard, he worked on Chilling Effects.

“We have always tried to let people talk and tweet. That has not been good for despots,” Mr. Macgillivray said in response to the criticism. “There is no change in policy. What this does is it strengthens, when we are legally required to, our ability to withhold something and to let people know it has been withheld.”

Still, not long after the announcement, there were calls for a silent protest on Saturday — and naturally, a hashtag to go with it.

“I’m joining the #TwitterBlackout & won’t tweet tomorrow,” wrote a user identified as Omar Johani. “Time to go back to getting news 12 hours after it happened.”

 

Direct Link:  http://www.nytimes.com/2012/01/28/technology/when-twitter-blocks-tweets-its-outrage.html?nl=todaysheadlines&emc=tha26

 Posted by at 21:22  Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Insurance Against Cyber Attacks Expected to Boom

 Articles of Interest, Crimes & Criminal Activity (Organized Crime, Narcotics, Predators, Cyber Crime, Cyber Stalking, UnSolved), National security, Terrorism, Cyber Terrorism & Related Crimes, Social Media, Technology & Digital Security  No Responses »
Dec 262011
 

 

Insurance Against Cyber Attacks Expected to Boom

The New York Times
By NICOLE PERLROTH
December 23, 2011

 

Sony is still awaiting the final tally for losses related to its data breaches earlier this year. At last count, it had compromised 100 million customer accounts, and Sony anticipated the debacle would cost $200 million. With 58 class-action suits in the works, that may be wishful thinking.

Now for the really bad news: Sony’s losses aren’t insured.

In a lawsuit, Sony’s insurer, the Zurich American Insurance Company, reminded the company it does not own a cyber insurance policy. Sony’s policy only covers tangible losses like property damage, not cyber incidents.

“That’s cyber insurance in a nut shell,” said Jacob Olcott, a principal with Good Harbor Consulting’s cybersecurity team. “Everybody needs it, and most companies don’t realize they don’t have it until it’s too late.”

Despite high-profile cyber attacks at Sony, Google, Epsilon, RSA and others this year, only a third of companies surveyed by Advisen, a research group, say they have purchased a cyber insurance policy.

Experts say that more companies will buy policies in the coming year because of new Security and Exchange Commission requirements. Last October, the S.E.C. issued a new guidance requiring that companies disclose “material” cyber attacks and their costs to shareholders. The guidance specifically requires companies to disclose a “description of relevant insurance coverage.”

That one S.E.C. bullet point could be a boom to the cyber insurance industry.

Cyber insurance has been around since the Clinton administration, but most companies tended to “self insure” against cyber attacks, says Robert Ackerman, a venture capitalist at Allegis Capital who specializes in cybersecurity.

“Companies don’t want to talk about cyber attacks,” Mr. Ackerman says. “All of a sudden, breaches are now going to be more visible and people are going to have to start estimating their costs.”

There are no statistics on the size of the cyber insurance industry, but Peter Foster, a senior vice president at Willis North America, an insurance broker, estimates there may be $750 million worth of premiums placed. With the recent S.E.C. measure and the frequency and severity of cyber attacks growing, Mr. Foster predicts that figure could grow by 50 percent over the next 12 to 18 months.

The average cost of a data breach hit $7.2 million last year and cost companies $214 per compromised data record, according to the Ponemon Institute. And that’s just for a data breach. If a company’s intellectual property is stolen, it could decimate an organization.

“It is now possible to suck all the information out of a company,” said Scott Borg, chief executive of the nonprofit United States Cyber Consequences Unit.

A comprehensive cyber insurance policy should cover intellectual property theft, said Emily Freeman, a cyber insurance broker at Lockton. Most policies, Ms. Freeman said, cover the “twin risks of privacy and security,” which include the cost of lost business, notification costs, credit-monitoring services, public relations and legal and investigation expenses. It may also cover class-action lawsuits, regulatory investigations, civil fines and even extortion demands.

“There’s no one size fits all. It depends on the size of the company and their exposure,” Ms. Freeman said. “I’ve seen companies buy a million dollars of this coverage with a small deductible. Others have bought $100 million of coverage for a rainy day — the kind of rainy day you might have to disclose to the S.E.C.”

 

 

Direct Link:  http://bits.blogs.nytimes.com/2011/12/23/insurance-against-cyber-attacks-expected-to-boom/?nl=todaysheadlines&emc=tha26

 Posted by at 16:21  Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , ,

U.S. Backs Apple In Patent Ruling That Hits Google

 Articles of Interest, Social Media, Technology & Digital Security  No Responses »
Dec 192011
 

 

U.S. Backs Apple In Patent Ruling That Hits Google
The New York Times
By NICK WINGFIELD
December 19, 2011

A federal agency ruled on Monday that a set of important features commonly found in smartphones are protected by an Apple patent, a decision that could force changes in how Google’s Android phones function.


The Sensation XL from HTC, on display at a store in Taipei, Taiwan.
Photo: Ashley Pon/Bloomberg News

The ruling, by the United States International Trade Commission, is one of the most significant so far in a growing array of closely watched patent battles being waged around the globe by nearly all of the major players in the mobile industry. These fights reflect the heated competition among the companies, especially as Android phones gain market share.

At the heart of the disputes are the kind of small but convenient features that would cause many people to complain if they were not in their smartphones. For example, the case decided Monday involves the technology that lets you tap your finger once on the touch screen to call a phone number that is written inside an e-mail or text message. It also involves the technology that allows you to schedule a calendar appointment, again with a single tap of the finger, for a date mentioned in an e-mail.

HTC, the defendant in the case and a Taiwan-based mobile phone maker using the Android system, said in a statement after the ruling that it would adapt its features to comply with the court’s decision. The company called them “small” parts of the user’s experience.

 The ruling was only a partial victory for Apple because the commission overruled an earlier decision in Apple’s favor in the case, involving a different, more technical patent related to how software is organized internally on mobile devices. It would have been hard for HTC to adapt its devices to avoid infringing that patent, legal experts said.

The decision could potentially affect far more phones than those made by HTC because the underlying target of the suit is Google, creator of the Android system that now powers more than half of all smartphones sold worldwide. Apple is suing several other makers of Android devices, as is Microsoft, and companies that make Android products are returning the favor in most instances through countersuits.

“It’s an important victory for Apple, but it’s just one of many battles,” said Alexander Poltorak, chief executive of the General Patent Corporation, an intellectual property strategy firm.

The ruling by the six-member commission, which can take action against unfair trade practices by companies whose products are imported into the United States, will prevent HTC from selling phones in the United States that infringe the patent starting April 19.

To take effect, President Obama’s trade representative must sign the order. He could decide to overrule the commission’s finding, though such actions are rare. It also can be appealed.

Apple has also sued HTC in federal court accusing it of patent infringement, while HTC has filed suits of its own against Apple with the trade commission and in federal court.

The patent battles reflect the intense competition in the smartphone market. In the third quarter of 2011, phones running the Android system accounted for 52.5 percent of devices sold worldwide, up from 25.3 percent in the period of 2010. Apple’s share of this market fell to 15 percent, from 16.6 percent, in the same period.

Apple’s late chief executive, Steven P. Jobs, was outspoken in saying that Google had improperly copied many of the iPhone’s innovations, telling his biographer that he was going to “destroy Android, because it’s a stolen product.”

After the ruling on Monday, Kristin Huguet, an Apple spokeswoman, said, “We think competition is healthy, but competitors should create their own original technology, not steal ours.”

Grace Lei, HTC’s general counsel, said in a statement that the company was happy the commission ruled against Apple on other patents involved in the case. “We are very pleased with the determination and we respect it,” Ms. Lei said.

A Google spokesman did not respond to a request for comment.

The growing complexity of mobile devices has greatly expanded the range of patents that can be used as weapons in the business, and their robust sales have made them a lucrative target.

Florian Mueller, an intellectual property analyst in Germany and author of a popular blog on patents estimates that the number of patent lawsuits related to the mobile business worldwide is approaching 100.

In addition to antenna designs and other traditional patents that are held by cellular companies, relative newcomers to the business, like Apple and Microsoft, are using patents that originated from computer products. Apple applied for one of the patents at issue in the HTC case — for detecting phone numbers and other forms of data — in 1996, 11 years before the iPhone was released.

“Convergence threw them all together and opened up new product opportunities,” said James E. Bessen, an economist and lecturer at the Boston University School of Law.

The HTC Corporation sold more than 12 million cellphones in the third quarter, according to Gartner. That made the company the world’s seventh-largest seller of cellphones, ahead of Motorola and just behind Research in Motion, the maker of the BlackBerry. Its Android phones include the Droid Incredible and HTC Titan, sold by Verizon Wireless and AT&T, respectively.

HTC said it would comply with the commission’s ruling by removing a feature that currently gives users a list of options whenever they receive, say, a phone number in a message on their smartphones. The users will no longer get a menu giving them the choice to save the phone number in their contact lists, dial the number or send a text message to it. Instead, HTC said it would give them only the option of dialing the number.

United States Customs and Border Protection will determine whether HTC’s changes are sufficient to comply with the ruling.

Apple is thought to have sued HTC, along with Samsung, another maker of Android phones and tablets, rather than Google itself because those companies profit directly from the sale of Android products. Patent lawyers say a frontal assault on Google would be a tougher legal challenge because the company gives away its Android operating system to hardware makers, making money instead through advertising from Internet services on Android phones.

Oracle has sued Google directly, accusing it of patent infringement through Android. The British telecom provider BT on Monday said it also sued Google, in part over alleged patent infringements in Android.

Patent lawsuits among technology companies typically end up being settled or avoided entirely through cross-licensing deals, with the weaker party often agreeing to pay a licensing royalty on every product sold containing the technology in question. Microsoft, for example, signed licensing agreements with HTC, Samsung and other companies in which Microsoft receives an undisclosed royalty from the sale of their Android devices.

Apple appears less motivated by getting royalties from the companies it is suing, though some patent experts believe that could be posturing on its part. Mr. Jobs’s criticisms took on more urgency as Android began to gain a bigger share of the smartphone market during the last two years.

But when he expressed those criticisms to his biographer, Walter Isaacson, he said he told Eric E. Schmidt, now the executive chairman of Google and a former Apple board member, that he didn’t want money from Google.

“If you offer me $5 billion, I won’t want it,” Mr. Jobs told Mr. Schmidt, according to the book, “Steve Jobs.” “I’ve got plenty of money. I want you to stop using our ideas in Android, that’s all.”

Mr. Mueller, the patent analyst, says he believes Apple is unlikely to settle with its Android rivals because it has the most of any company to lose from the rise of Android. “The Apple rhetoric from the beginning was about theft of intellectual property,” said Mr. Mueller, who has done research work for Microsoft, a Google competitor. “That’s a lot more combative.”

Google has amped up its own rhetoric as well. In early August, David Drummond, the company’s senior vice president and chief legal officer, decried “a hostile, organized campaign against Android by Microsoft, Oracle, Apple and other companies, waged through bogus patents.”

Less than two weeks later, though, Google announced a plan to acquire the cellphone maker Motorola Mobility Holdings for $12.5 billion, a move that was viewed partly as an effort to bolster Google’s weak patent portfolio in the mobile business. That deal is still pending.

While the subject of Android was clearly an emotional issue for Mr. Jobs, there’s no evidence yet that his death in October has altered Apple’s willingness to reach a compromise with makers of Android products.

Direct Link:  http://www.nytimes.com/2011/12/20/technology/apple-wins-partial-victory-on-patent-claim-over-android-features.html?pagewanted=1&hp

 Posted by at 21:31  Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Google Ratchets Up Security Of HTTPS

 Articles of Interest, Crimes & Criminal Activity (Organized Crime, Narcotics, Predators, Cyber Crime, Cyber Stalking, UnSolved), Social Media, Technology & Digital Security  No Responses »
Dec 132011
 

Google Ratchets Up Security Of HTTPS

‘Forward secret’ HTTPS feature now protects Gmail, SSL Search, Google Docs, and Google+
Dark Reading
By Kelly Jackson Higgins
Nov 22, 2011

Google today announced that its SSL-based services are now enhanced to prevent HTTP sessions from being decrypted.

The so-called “forward secrecy” feature basically protects an HTTPS-secured session from being retroactively decrypted, according to Adam Langley, a member of the Google security team. So if a bad guy were to attempt to decrypt HTTPS sessions he had recorded, he would be unable to do so, Langley says.

“Most major sites supporting HTTPS operate in a non-forward secret fashion, which runs the risk of retrospective decryption,” Langley said in a blog post announcing the new security feature today. “In other words, an encrypted, unreadable email could be recorded while being delivered to your computer today. In ten years time, when computers are much faster, an adversary could break the server private key and retrospectively decrypt today’s email traffic.”

Forward secrecy is different than nonforward secrecy, where the private keys for an SSL connection are stored for the long term. With forward secrecy, no one can go back and decrypt a recorded HTTPS session, not even the SSL server administrator, Langley says.

Secure Sockets Layer (SSL) has been under siege lately with one certificate authority after another getting hacked, its inherent vulnerability to man-in-the-middle attacks, as well as the high volume of SSL-based websites that are improperly configured.

Ivan Ristic, director of engineering at Qualys and an SSL expert, says Google’s addition of forward secrecy “is communication channel encryption done right.”

It also prevents governments from decrypting recorded traffic. “Without it, they might try to get Google’s private keys. So Google is removing a potentially big liability for them with this move. Perhaps that was their main motivation,” he says.

Google is also placing the forward secrecy technology in the public domain in hopes that it will become part and parcel of HTTPS implementations. “We have also released the work that we did on the open source OpenSSL library that made this possible,” Langley says.

Users can confirm whether forward-secrecy is running in their Chrome browsers by clicking the green padlock to the left of an HTTPS URL: The key exchange mechanism is ECDHE_RSA if the new feature is active in the browser app.

Direct Link: http://www.darkreading.com/authentication/167901072/security/privacy/232200135/google-ratchets-up-security-of-https.html

 Posted by at 18:23  Tagged with: , , , , , , , , , , , , , , , , , , , , , , , ,

Apple and Google told to improve smartphone security by Blue Coat

 Articles of Interest, Technology & Digital Security  No Responses »
Dec 032011
 

Apple and Google told to improve smartphone security by Blue Coat
Vendors should check for malicious content when developing applications, says cloud services vice president
Computerworld Australia
By Hamish Barwick
18 November 2011

Blue Coat US vice president of cloud services Anthony James says the practice of “security by obscurity” on Apple iOS needs to improve as smartphone adoption increases, while he also criticised Google Android for its open operating system.

James, an ex-pat Australian who has worked in the US for 10 years with security companies such as Fortinet, said iOS users have been lulled into a false sense of security because Apple does not check an application for security controls before it is published.

“They’ve had this whole sense of security around to get an application published, you need to go through their scrutiny,” he said. “They don’t check for security controls but for inappropriate content with the app,” he said.

* Malware-infected applications

He pointed out that a US principal research consultant called Charlie Miler was able to exploit a bug in iOS which could stock the Apple App Store with malware-infected applications.

Miller built a fake stock ticker app, dubbed “Instastock,” as a proof-of-concept, then submitted it to Apple, who approved and placed it in the App Store in September 2011.

“Apple has done a great job of security by obscurity,” James said.

He also criticised Google, the developer of Android, for having an open operating system but said Android 4.0 did contain some security improvements.

* Ice Cream Sandwich

“If you look at Android 4.0, the Ice Cream Sandwich, they put in some enterprise management features,” he said.

“We’re starting to see pressure on Google because what’s happening now is that corporate Australia is starting to dictate to these vendors that if they are going to allow these smartphones into their organisation they need to have some control,” he said.

“That’s where we have seen Android take their first step into enterprise management capabilities so I see Google is going to be more active in that.”

James, who was working on cloud security offerings for release next year, said he was targeting four operating systems, iOS, Android, Blackberry and Windows Mobile.

Direct Link:  http://news.techworld.com/security/3319300/apple-and-google-told-to-improve-smartphone-security-by-blue-coat/

 Posted by at 14:45  Tagged with: , , , , , , , , , , , , , , ,
 Older Entries
© 2012 G.E. Investigations Blog Suffusion theme by Sayontan Sinha