Do Not Track? Advertisers Say ‘Don’t Tread on Us’

 Articles of Interest, Crimes & Criminal Activity (Organized Crime, Narcotics, Predators, Cyber Crime, Cyber Stalking, UnSolved), Firearms, Weapons & Personal Safety, National security, Terrorism, Cyber Terrorism & Related Crimes, Social Media, Technology & Digital Security  Comments Off
Oct 172012
 

Do Not Track? Advertisers Say ‘Don’t Tread on Us’

 

The New York Times
by Natasha Singer
October 13, 2012

 

 

THE campaign to defang the “Do Not Track” movement began late last month.

Do Not Track mechanisms are features on browsers — like Mozilla’s Firefox — that give consumers the option of sending out digital signals asking companies to stop collecting information about their online activities for purposes of targeted advertising.

First came a stern letter from nine members of the House of Representatives to the Federal Trade Commission, questioning its involvement with an international group called the World Wide Web Consortium, or W3C, which is trying to work out global standards for the don’t-track-me features. The legislators said they were concerned that these options for consumers might restrict “the flow of data at the heart of the Internet’s success.”

Next came an incensed open letter from the board of the Association of National Advertisers to Steve Ballmer, the C.E.O. of Microsoft, and two other company officials. Microsoft had committed a grievous infraction, wrote executives from Dell, I.B.M., Intel, Visa, Verizon, Wal-Mart and other major corporations, by making Do Not Track the default option in the company’s forthcoming Internet Explorer 10 browser. If consumers chose to stay with that option, the letter warned, they could prevent companies from collecting data on up to 43 percent of browsers used by Americans.

“Microsoft’s action is wrong. The entire media ecosystem has condemned this action,” the letter said. “In the face of this opposition and the reality of the harm that your actions could create, it is time to realign with the broader business community by providing choice through a default of ‘off’ on your browser’s ‘do not track’ setting.”

So far, Microsoft has shrugged off advertisers’ complaints. In an e-mailed statement, Brendon Lynch, Microsoft’s chief privacy officer, said a recent company study of computer users in the United States and Europe concluded that 75 percent wanted Microsoft to turn on the Do Not Track mechanism.

“Consumers want and expect strong privacy protection to be built into Microsoft products and services,” Mr. Lynch wrote.

The tone of the industry offensive may seem a bit strident, given that the W3C has yet to decide how to implement the don’t-track-me mechanisms — or even what they signify. For the moment, that means the browser buttons are little more than digital bumper stickers whose sentiments companies are free to embrace or entirely ignore.

But what is really at stake here is the future of the surveillance economy.

The advent of Do Not Track threatens the barter system wherein consumers allow sites and third-party ad networks to collect information about their online activities in exchange for open access to maps, e-mail, games, music, social networks and whatnot. Marketers have been fighting to preserve this arrangement, saying that collecting consumer data powers effective advertising tailored to a user’s tastes. In turn, according to this argument, those tailored ads enable smaller sites to thrive and provide rich content.

“If we do away with this relevant advertising, we are going to make the Internet less diverse, less economically successful, and frankly, less interesting,” says Mike Zaneis, the general counsel for the Interactive Advertising Bureau, an industry group.

But privacy advocates argue that in a digital ecosystem where there may be dozens of third-party entities on an individual Web page, compiling and storing information about what a user reads, searches for, clicks on or buys, consumers should understand data mining’s potential costs to them and have the ability to opt out.

“If you are looking up the word ‘cancer’ ” on a health site, says Dan Auerbach, a staff technologist at the Electronic Frontier Foundation, a digital rights group in San Francisco, “there’s a high probability that you have cancer or are interested in that. This is the sort of data that can be collected.” He adds: “Consumers absolutely have a right to know how their information is being used and to opt out of having their information used in ways they don’t like.”

But the two sides seem to have reached an impasse. When the W3C met recently in Amsterdam to hammer out Do Not Track standards, as my colleague Kevin J. O’Brien reported in an article earlier this month, advertising industry executives and privacy advocates accused each other of trying to stymie the process.

“There is a strong concern that the W3C is not the right forum to be making this decision,” says Rachel Thomas, the vice president of government affairs at the Direct Marketing Association, a trade group based in Manhattan. “The attempt to set public policy is entirely outside their area of expertise.”

During the Amsterdam meeting, Ms. Thomas proposed that Do Not Track signals should actually permit data collection for advertising purposes, the very thing the mechanisms were designed to control. That provocative idea went over with European privacy advocates about as well as a smoker lighting up in a no-smoking zone full of asthmatics.

Indeed, some prominent consumer advocates have interpreted the industry’s proposal as an act of bad faith.

“While many advertisers do support privacy, there is clearly a rogue element of advertising networks that wants to subvert the process,” says Jon D. Leibowitz, the chairman of the Federal Trade Commission. “Or so it seems to me.”

Earlier this year at a White House event, the Digital Advertising Alliance, or D.A.A., an industry consortium, pledged to honor don’t-track-me signals so long as the systems required consumers to make an affirmative choice. But last Tuesday, the consortium published guidelines saying that it viewed Microsoft’s latest browser setting as an automatic, machine-driven choice preselected by a company — not a choice actively made by an individual consumer. During the installment process, Microsoft’s new software actually does give users a choice of whether to keep the mechanism on, or to turn it off. Nevertheless, the consortium said it would not require members to honor the forthcoming browser’s don’t-track-me signals.

Besides, the D.A.A. has already established its own program for consumers who want to opt out of receiving ads tailored to their online behavior, says Mr. Zaneis, whose own group is a member of that consortium. The consortium remains committed to incorporating browser signals into its program, he says, provided that the systems require consumers to make affirmative choices and give them information on the potential effects of eschewing tailored ads.

“We have self-regulation. It’s working very well,” he says. “Why don’t we give that a chance to succeed?”

SOME government officials vehemently disagree. In a letter to the F.T.C. earlier this month, Senator John D. Rockefeller IV, Democrat of West Virginia, called the industry program an “ineffective regime” riddled with exceptions.

“To date, self-regulation for the purposes of consumer privacy protection has failed,” Mr. Rockefeller wrote.

Now regulators are warning that opposition to Do Not Track could backfire on advertisers, by giving browsers more incentive to empower frustrated users.“We might see a technology arms race with browsers racing to see — by letting consumers block ads — who can be the most privacy-protective,” says Mr. Leibowitz of the F.T.C. “Maybe that’s not a bad thing.”

 

Direct Link:  http://www.nytimes.com/2012/10/14/technology/do-not-track-movement-is-drawing-advertisers-fire.html?ref=technology&_r=0

Hackers exploit Adobe Reader zero-day, may be targeting defense contractors & Adobe credits Lockheed Martin, victim of earlier attack, and defense industry cyber-threat group with reporting unpatched bug

 Articles of Interest, Crimes & Criminal Activity (Organized Crime, Narcotics, Predators, Cyber Crime, Cyber Stalking, UnSolved), National security, Terrorism, Cyber Terrorism & Related Crimes, Social Media, Technology & Digital Security  No Responses »
Dec 072011
 

Hackers exploit Adobe Reader zero-day, may be targeting defense contractors
Adobe credits Lockheed Martin, victim of earlier attack, and defense industry cyber-threat group with reporting unpatched bug
Computerworld
By Gregg Keizer
December 6, 2011

Computerworld – Adobe today confirmed that an unpatched, or zero-day, vulnerability in Adobe Reader is being exploited by criminals.

Those attacks may have been aimed at defense contractors.

Adobe promised to patch the bug in the Windows edition of Reader and Acrobat 9 no later than the end of next week. Tuesday, Dec. 12 is also Microsoft’s regularly-scheduled Patch Tuesday for the month.

The upcoming patch will be Adobe’s sixth for Reader and Acrobat this year.

“A critical vulnerability has been [found] in Adobe Reader X (10.1.1) and earlier versions for Windows and Macintosh, Adobe Reader 9.4.6 and earlier 9.x versions for Unix, and Adobe Acrobat X (10.1.1) and earlier versions for Windows and Macintosh,” Adobe said in an early-warning email. “This vulnerability could cause a crash and potentially allow an attacker to take control of the affected system.”

The company issued a security advisory with what information it was willing to share.

Adobe acknowledged that the vulnerability is being exploited in what it called “limited, targeted attacks” against Reader 9.x on Windows, but did not provide any additional information about where and when the attacks were occurring, or who had been targeted.

Adobe identified the bug as a “U3D memory corruption vulnerability,” U3D, which stands for “universal 3D,” is a compressed file format standard for 3-D graphics data promoted by a group of companies, including Adobe, Intel, and Hewlett-Packard.

Reader vulnerabilities are typically exploited by attackers using malicious PDF documents that are attached to email messages with baited subjected heads that try to dupe recipients into opening the document.

Doing that also executes the malicious code — in this case, likely malformed U3D data — hidden in the PDF, compromising the victim’s PC and letting the attacker infect the machine with other malware.

The attacks exploiting the unfixed flaw may have targeted U.S. defense contractors: Adobe originally credited the security response teams at both Lockheed Martin and MITRE with reporting the vulnerability.

Lockheed Martin is one of the U.S’s largest aerospace and defense contractors, and manufactures the F-22 Raptor fighter jet and won the contract to build the F-35 Lightning II, the planned successor to the F-16 Falcon aircraft.

MITRE manages several research centers funded by U.S. government agencies, including the National Security Engineering Center for the Department of Defense, and the Center for Advanced Aviation System Development for the Federal Aviation Administration (FAA).

Lockheed Martin was in the computer security news last May when it admitted it had been the target of a “significant and tenacious [cyber]attack,” which was allegedly conducted by leveraging information stolen several months earlier from RSA Security.

It’s not unusual for companies targeted by hackers to be among the first to report a previously-unknown vulnerability, as they are, of course, in the best position to do so.

“My guess is they got it or were targeted and reported it to Adobe,” said Mila Parkour, an independent security researcher who writes the Contagio Malware Dump blog. Parkour has been credited with reporting both Reader and Flash Player vulnerabilities to Adobe.

Adobe also has a connection to the Lockheed Martin attack of May; hackers exploited an unpatched bug in Adobe’s Flash Player to gain initial access to RSA Security’s network.

But minutes after Adobe issued its advisory, it changed the credits, retaining Lockheed Martin but replacing MITRE with the Defense Security Information Exchange (DSIE), a group of defense contractors that, according to a document on the White House website (download PDF), “share intelligence on cyber-related attacks.”

MITRE was not able to comment on Adobe initially giving it credit for reporting the Reader zero-day to Adobe.

Adobe, meanwhile, said that the original credit to MITRE had been incorrect. However, MITRE is one of the organizations on the Defense Industrial Base (DBI), a superset of the DSIE. Other defense contractors who belong to the DBI include Boeing, General Dynamics, Lockheed Martin, Northrup Grumman, Pratt & Whitney and Raytheon.

The DSIE did not reply to questions about whether one or more of its members had been targeted by the Reader exploits.

While a patch for Reader and Acrobat 9 will reach users next week, Adobe said it will not deliver fixes for Reader and Acrobat 10 for Windows, as well as all versions for Mac OS X and Unix, until Jan. 10, 2012.

Adobe justified those delays on the grounds that Reader 10, also called Reader X, includes anti-exploit “sandbox” technology that isolates the application from the rest of the computer, and thus blocks the exploit now in circulation.

The company said that the risk to Macintosh and Unix users was “significantly lower” because attacks have been spotted targeting only Windows PCs.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld

Direct Link: http://www.computerworld.com/s/article/9222454/Hackers_exploit_Adobe_Reader_zero_day_may_be_targeting_defense_contractors?taxonomyId=82&pageNumber=1

Intel Shrinks Supercomputer Into the Palm of Your Hand

 Articles of Interest, Technology & Digital Security  No Responses »
Nov 202011
 

Intel Shrinks Supercomputer Into the Palm of Your Hand
WIRED Enterprise
By Robert McMillan
November 17, 2011

Back in the late 1990s, Justin Rattner got a special sense of satisfaction every time he drove by a nondescript Intel building in Beaverton, Oregon. Inside, researchers from Intel and Sandia National Labs were assembling the ASCI Red supercomputer, the first computer capable of doing one trillion calculations per second.

“When Chuck Yeager cracked the sound barrier or Armstrong landed on the moon, I wonder if they had the same feeling,” remembered Rattner, Intel’s chief technology officer, in a 2006 news release on ASCI Red’s shuttering.

Now Intel says that it can put the processing power of ASCI Red in the palm of your hand. Literally.

Intel does this with a new chip, code-named Knights Corner. Knights Corner crams more than 50 general-purpose Pentium microprocessor cores onto a single chip. All by itself, Knights Corner can perform about 1 trillion mathematical calculations per second. In 1996, it took 72 cabinets of servers for ASCI Red to pull off the same feat.

That’s not bad for a chip that just a few years ago seemed to be a failure. Knights Corner was built from the ashes of Intel’s failed graphical processing unit (GPU), called Larrabee.

Larrabee didn’t work out, and rival Nvidia reigns supreme in the GPU market. But Intel hopes to give Nvidia a run for its money in high-performance computing, a place where Nvidia has been making inroads with its Tesla processors.

The Tesla chips can do a lot of calculations without burning up too much power, and in the past few years that’s won them some fans in the supercomputing set.

Back in June, 17 of the world’s top 500 supercomputers used these graphical processing units. Now that number has jumped to 39, according to Erich Strohmaier, a senior scientist with Lawrence Berkeley National Labs who helps compile the Top500 list. “I see more and more talks given where people figure out smart ways to use them,” he says. “They offer a way to assemble a lot of performance without blowing the power envelopes that you have.”

Today’s supercomputers use a combination of Nvidia chips and x86 processors, so the scientists who use them have to write special code that is offloaded to the Nvidia GPU and run there.

With Knights Corner, they won’t necessarily have to rewrite their code, says Karl W. Schulz, associate director for application collaboration with the University of Texas at Austin’s Texas Advanced Computing Center. “With Knight’s Corner, the programming model that you’re using is the same programming model that you’re using on an AMD or a Xeon,” he says. “You get good parallelism right out of the box, which is convenient.”

Schulz should know. He part of a team that is building a massive 10 petaflop (10 thousand trillion calculations per second) supercomputer, called Stampede, out of these next-generation Intel chips. To do this, his team takes server cards that have a Xeon and Knights Corner processor and slides them into specially designed 4U (7 inches tall) Dell server boxes. They expect to get 8 petaflops of performance from the Knights Corner chips and another 2 from the Xeons when Stampede goes live. The 4U servers hold just one card now, but they are designed to eventually hold two, which means at Stampede could double its power.

When it goes online in January 2013, Stampede will have 10,000 times the processing power of ASCI Red.

“It’s amazing,” Schulz says of the rapid advances in number-crunching chips. “We’ve had cases where we’ve deployed something that filled an entire supercomputing room, and then a few years later you deploy something in only one rack and it’s more powerful.”

James Reinders spent two years working on ASCI Red. A parallel programming evangelist with Intel, he says that he gets emotional when he holds a Knights Corner chip in his hand. That’s an unusual experience for an engineer.

“It’s a reminder of how fast this industry moves,” he says. “I spent a lot of my life with a lot of my co-workers designing ASCI Red … to think that I can hold that in my hand now, it’s humbling.”

Robert McMillan is a writer with Wired Enterprise. Got a tip? Send him an email at: robert_mcmillan [at] wired.com.

Direct Link: http://www.wired.com/wiredenterprise/2011/11/supercomputer-han/?intcid=story_ribbon