Connect with us

Technology

Computer security world in mourning over death of Dan Kaminsky, aged 42 • The Register

Published

on

Obit Celebrated information security researcher Dan Kaminsky, known not just for his technical ability but also for his compassion and support for those in his industry, has died. He was 42.

Though Kaminsky rose to fame in 2008 for identifying a critical design weakness in the internet’s infrastructure – and worked in secret with software developers to mitigate the issue before it could be easily exploited – he had worked behind the scenes in the infosec world for at least the past two decades.

Dan Kaminsky. Credit: Dave Bullock

Dan Kaminsky … Credit: Dave Bullock / eecue

Not that Dan was the celebrity type. When he disclosed the DNS poisoning flaw at that year‘s Black Hat conference, he looked distinctly uncomfortable in a suit – the first time many had seen him wear one – though when it came to explaining the vulnerability and its solution, he was unparalleled.

When your humble Register hack asked him why he hadn’t gone to the dark side and used the flaw to become immensely wealthy – either by exploiting it to hijack millions of netizens’ web traffic, or by selling details of it to the highest bidders – he said not only would that have been morally wrong, he didn’t want his mom to have to visit him in prison. You can read more technical info on the DNS flaw here.

Besides discovering the domain-name system weakness, he had been a stalwart of the security research scene for years, and was a much-loved regular at conferences big and small. You can find a YouTube playlist of his DEF CON presentations, for instance, here. He would talk with and advise anyone – even paying the entrance fees for some researchers or letting them crash in his hotel room floor – and it was this generosity that people are overwhelmingly remembering this weekend.

It’s hard to meet a person in the computer security field for whom everyone has a good word, and Kaminsky was one of them. He also came up with some top-notch research besides the DNS poisoning issue.

For example, in 2005, Sony BMG decided to install rootkits on people’s PCs without telling them to counter CD music piracy. Company president Thomas Hesse argued that “most people, I think, don’t even know what a rootkit is, so why should they care about it?” After the issue was identified by Mark Russinovich, now CTO of Microsoft Azure, Kaminsky helped in identifying just how many folks likely had the anti-piracy mechanism on their systems – in short, some 570,000 networks had computers touched by Sony BMG’s code.

He also did sterling work in spotting flaws in SSL, and in automating the detection of Conficker malware infections. Outside of these high-profile discoveries, Kaminsky was beloved by so many because he had a sense of fun and clearly enjoyed collaborating with others.

His conference talks at Black Hat, DEF CON, and smaller cons were often overbooked and standing-room only at the back. He had an unerring knack for finding elegant or interesting ways of probing code, explaining the ramifications to an audience, and then answering as many questions as he could.

As a journalist, this was a blessing for your vulture – Kaminsky had no animosity to the press if they were trying to get the full story out, and would explain stuff quickly and simply to make sure coverage was accurate. This hack remembers cancelling dinner plans when he called late one afternoon with an interesting story: you knew it was going to be a late night though it would be worth it.

There is now a move to see Kaminsky inducted into the Internet Hall of Fame. It is an accolade he thoroughly deserves. ®



Source link

Technology

Big Brother is still watching you and he goes by the name Facebook | John Naughton

Published

on

The security guru Bruce Schneier once famously observed that “surveillance is the business model of the internet”. Like all striking generalisations it was slightly too general: it was strictly true only if by “the internet” you meant the services of a certain number of giant tech companies, notably those of Facebook (including WhatsApp and Instagram), Google (including YouTube), Twitter and Amazon.

The trouble is (and this is what gave Schneier’s aphorism its force) that for a large chunk of networked humanity, especially inhabitants of poorer countries, these walled gardens are indeed what people regard as “the internet”. And that’s no accident. Although Chinese smartphones are pretty cheap everywhere, mobile data tends to be prohibitively expensive in poor countries. So the deal offered by western tech companies is that data charges are low or zero if you access the internet via their apps, but expensive if you venture outside their walled gardens.

Of all the companies, Facebook was the one that first appreciated the potential of this strategy. It offered a way of signing up a billion new users in hitherto underserved parts of the world, thereby reducing the digital divide between the global north and the south. This meant that it could be spun as a philanthropic initiative, initially badged as internet.org and then as Free Basics. The app gave users access to a small selection of websites and services that were stripped of photos and videos and could thus be browsed without paying for mobile data. The rationale was that Free Basics would provide a taster of the internet, which would let people see the value of being connected. Conveniently, though, it also made Facebook the gateway to the internet for these new users. It was the default setting, as it were, in an online world where most people never change defaults and so functioned as a gateway drug for online addiction.

Rather to Facebook’s surprise, Free Basics was not universally welcomed in some of its target territories. The most vocal opposition came in India, the most important market outside of the west, where ungrateful critics perceived it an example of “digital colonialism” and it was eventually blocked by the country’s telecoms regulator on the grounds that it violated the principle of net neutrality by explicitly favouring some kinds of online content while effectively blocking others. Beyond India, however, Free Basics seems to be thriving, being used by “up to 100 million” people in 65 countries, including 28 in Africa.

Last May, Facebook launched a kind of Free Basics 2.0 called Discover. It’s a mobile app that can be used to browse any website using a daily balance of free data from participating mobile network partners. Effectively, it strips out all website content that’s data-intensive (images, video, audio) and displays a pared-down version of the site. “We’re exploring ways to help people stay on the internet more consistently,” explains the Facebook blurb. “Many internet users around the world remain under-connected, regularly dropping off the internet for some period of time when they exhaust their data balance. Discover is designed to help bridge these gaps and keep people connected until they can purchase data again.”

Sounds good, eh? But a recent study by researchers at the University of California, Irvine, on how Discover works in the Philippines (where it has replaced Free Basics) found that not all websites seemed to be stripped for onward viewing. When accessing Facebook through Discover, for example, it wasn’t stripped much – just 4% of images were removed from Instagram, compared with more than 65% of images on other popular sites such as YouTube and e-commerce platform Shopee. The inference was that Discover rendered Facebook’s own services far more functional than those of its competitors. Charged with this, the company blamed a “technical error” that had since been resolved.

Maybe it has, but it might not be wise to trust what Facebook has to say on questions such as this. It’s not that long ago, for example, that it offered its users Onavo Protect, a free virtual private network (VPN) app that would protect their privacy. The company is now being sued by Australia’s competition and consumer commission (ACCC) for using Onavo to allegedly spy on users. “Through Onavo Protect,” said the regulator, “Facebook was collecting and using the very detailed and valuable personal activity data of thousands of Australian consumers for its own commercial purposes, which we believe is completely contrary to the promise of protection, secrecy and privacy that was central to Facebook’s promotion of this app.” Facebook responded that it was “always clear about the information we collect and how it is used”, that it had cooperated with the ACCC’s investigation and that it “will continue to defend” its position in response to the regulator’s filing.

You get the point? Maybe surveillance isn’t the only business model of the internet. Hypocrisy runs it a close second.

What I’ve been reading

Masters and servants
Between Golem and God: The Future of AI is a beautifully structured essay on the 3 Quarks Daily website.

Dressed for all weathers
How clothing and climate change kickstarted agriculture is the thesis of an intriguing Aeon essay by Ian Gilligan, a prehistorian at the University of Sydney.

On the mend
Monopolists Are Winning the Repair Wars is a terrific blog post by Cory Doctorow on the importance of the “right to repair” our own equipment.

Source link

Continue Reading

Technology

Amazon exec’s husband jailed for two years for insider trading. Yes, with Amazon stock • The Register

Published

on

The husband of an Amazon financial executive was sentenced on Thursday to 26 months behind bars for insider trading of the web giant’s stock.

Viky Bohra, 37, of Bothell, Washington, reaped a profit of $1,428,264 between January 2016 and October 2018 by buying and selling Amazon stock using eleven trading accounts managed by himself and his family.

Bohra was able to pocket these big gains because he got copies of Amazon’s confidential financial figures from his wife, Laksha Bohra, who worked as a senior manager in the mega corp’s tax department. Laksha had access to Amazon’s earnings before the numbers were publicly disclosed and reported to the Securities and Exchange Commission. Her husband “obtained” this secret information, despite her being repeatedly warned to not leak the confidential data, and used it to favorably trade in Amazon stock and options.

“This defendant and his wife were earning hundreds of thousands of dollars in salary and bonuses from their jobs in tech – but he was not content with that – greedily scheming to illegally profit by trading Amazon stock,” Acting US Attorney Tessa Gorman, said in a statement.

“This case should stand as a warning to those who try to game the markets with insider trading: there is a heavy price to pay with a felony conviction and prison sentence.”

The FBI began sniffing around, and the Attorney’s Office for the Western District of Washington filed criminal charges [PDF] against Viky in 2020. He pleaded guilty in November to securities fraud. The prosecution had asked the courts for a 33-month sentence.

Separately, he was also charged by the SEC and told to cough up $2,652,899 in disgorgement, interest, and penalties.

“Mr Bohra knew exactly what he was doing and was driven solely by greed,” Donald Voiret, an FBI Special Agent leading the Seattle Field Office, added. “With his nearly unlimited access and knowledge of securities trading, he undermined public trust in our financial markets.”

Laksha Bohra was suspended from her job in 2018 and resigned shortly after, according to a lawsuit filed by the SEC [PDF], and will not face criminal charges as part of Viky’s agreement to plead guilty. ®

Source link

Continue Reading

Technology

Stripe rolls out new tax compliance tool for merchants

Published

on

Stripe Tax automates much of the calculating and collecting of levies like VAT and sales tax for businesses.

Fintech giant Stripe is rolling out a new product to automate businesses’ tax compliance.

Stripe Tax, which was built at the company’s engineering hub in Dublin, helps businesses to automatically calculate and collect sales taxes, VAT and goods and service taxes where they do business.

The product has been rolled out in 30 countries and all US states. Stripe Tax manages the requirements for tax collecting from jurisdiction to jurisdiction. This ensures merchants are in compliance with local tax rules but without the headache of managing it themselves.

According to a 2020 report from Stripe, two-thirds of businesses say that managing tasks like tax compliance inhibits their growth and takes up time that could otherwise be spent on product development.

The matter of tax has become more complex with the mix of physical and digital goods and sales across borders.

Support Silicon Republic

Non-compliance with taxes, even through accidental oversight, can lead to serious sanctions or interest-laden tax bills for businesses.

Stripe Tax calculates taxes due by determining an end customer’s location and products they’re buying. It adapts as changes to tax regimes come into effect and generates reports for businesses on the levies calculated and collected.

“No one leaps out of bed in the morning excited to deal with taxes,” Stripe co-founder John Collison said. “For most businesses, managing tax compliance is a painful distraction. We simplify everything about calculating and collecting sales taxes, VAT and GST, so our users can focus on building their businesses.”

Large companies, including News UK, have started using the product.

“Directly integrating Stripe Tax into our subscriptions platform will save us countless hours, time that can be better spent elsewhere,” Ruan Odendaal, head of subscriptions platform at NewsUK, said.

Stripe has had a very busy 2021 so far. After raising funding at a $95bn valuation, it has been rolling out more services that go beyond the payments processing the company was originally built on, as well as expanding geographically with a focus on the Middle East.

Source link

Continue Reading

Trending

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates 
directly on your inbox.

You have Successfully Subscribed!