Main Area and Open Discussion > Living Room

Internet freedoms restrained - SOPA/PIPA/OPEN/ACTA/CETA/PrECISE-related updates

<< < (43/79) > >>

TaoPhoenix:
This is not precisely on the legislative side but it's all smashed up in what those laws enabled.

Verizon’s “Six Strikes” Anti-Piracy Measures Unveiled
http://torrentfreak.com/verizons-six-strikes-anti-piracy-measures-unveiled-130111/
Slashdot's copy:
How Verizon's 'Six Strikes' Plan Works
http://yro.slashdot.org/story/13/01/11/2217239/how-verizons-six-strikes-plan-works

It's pretty evil. The DMCA was passed in 1998 but it really kicked in about 2005.

Renegade:
From the comments at SlashDot:

>> Well then sorry, you deserve to have your Internet shut off.
>> God forbid we pay money for things which have value

If it has ads and/or drm, it doesn't have value. The value was added by the pirates, who went to the trouble of removing those things. I'd be willing to pay them.

--- End quote ---

Hahahaah~! :D

IainB:
^^ <-- Very good point. Humorous too.

Meanwhile, in the Faraway land of Godzone... (via slashdot, with my emphasis):
New Zealand Three-Strikes Law To Be Tested
Dangerous_Minds writes "Next month, tribunals will begin for the first people receiving their third strikes in the New Zealand 'Three Strikes Law.' In all, 11 people will have their cases heard, including one who said that her connection was used without her knowledge. Freezenet notes that there has been a long history of controversy for the law from the Internet blackout protests of 2008 to the cablegate leak which revealed that the law was financed and pushed by the United States."
--- End quote ---

IainB:
Well, well, well, what a surprise! (NOT)    :o
Now I wonder who could have put Nokia up to this naughty thing with their handset browsers, and how many other phones have the same "security" feature?
Hmm, tricky. Probably a criminal gang, or something?    :tellme:

Some people (not me you understand) might suggest that at least we now have an indication that there is potentially a high probability that all phones are thusly deliberately made insecure, so it could be prudent to remember that for the next time you do your "secure telephone-banking" - which is now apparently the latest new oxymoron in the Lexicon of Telecomms and the Internet.
And they might go on to advise that we steer a wide berth around Nokia as well - that's a boycott - but I couldn't possibly comment on what these people might suggest or advise.

Post from falkvinge.net, copied below sans embedded hyperlinks/images:
Death Twitches: Nokia Caught Wiretapping Encrypted Traffic From Its Handsets

Nokia, the cellphone manufacturer, has been listening in to all encrypted communications from its handset’s browser. Every connection advertised as secure – banking, social networks, dating, corporate secrets – has been covertly wiretapped by Nokia themselves and decrypted for analysis.

Security researcher Gaurang Pandya posted an article in December about some unexpected behavior with their Nokia handset. It would appear that the browser traffic from the handset would get diverted through Nokia’s servers.

Then, a followup article on January 9 dropped the bomb, and the article goes into quite technical detail: It wasn’t enough that Nokia diverted all traffic from its handsets through its own servers, it also decrypted the encrypted traffic, re-encrypting it before passing it on, issuing HTTPS certificates on the fly that the Nokia phone has been instructed to trust as secure.

This means that Nokia has deliberately been wiretapping all traffic that has been advertised as encrypted on these Nokia handsets – including but not limited to banking, dating, credit card numbers, and corporate secrets – and looking at your secrets in cleartext.

This means that Nokia puts itself between your bank and you, and presents itself as YourBank, Inc. to your phone. This wouldn’t normally be possible, if it weren’t for the fact that the phone had been specifically designed for this deceptive behavior, by installing a Nokia signing certificate on the phone.

Nokia has confirmed this behavior in correspondence with TechWeek Europe (my highlights):

    “The compression that occurs within the Nokia Xpress Browser means that users can get faster web browsing and more value [...blahblah...] when temporary decryption of HTTPS connections is required on our proxy servers, to transform and deliver users’ content, it is done in a secure manner”, a Nokia spokesperson told TechWeek Europe.

The issue affects at least the Nokia handsets with Nokia’s own browser, the Nokia Xpress Browser mentioned above.

So why is this a big deal?

It is a big deal because banks rely on having a secure connection all the way to you. As do corporate networks. As do news outlets’ protection of sources. Anybody listening in to the conversation in the middle breaks the whole concept of secrecy – and the phone was specifically designed by Nokia to allow Nokia to listen in without telling you.

My, my. Secure connections are presenting themselves as secure end-to-end, and a handset manufacturer breaches this most basic of trusts? We’d have a very hard time trusting a company that says “yes, we’re listening to all of your encrypted communications, yes, bank passwords and dating habits and all of it, but we’re not doing anything bad with it. No, really.”

If Nokia was in trouble over its handset sales already, this complete breach of trustworthiness has to be a death twitch.

UPDATE 1: [obsolete with Update 2]

UPDATE 2: Well, that was fast. Pandya has updated his original article where he discovered this so-called Man-in-the-Middle attack, stating that Nokia has pushed out a new version of their browser which removes the Man-in-the-Middle attack – the wiretapping of encrypted communications – from the browser’s behavior. Apparently, it took being caught with the hand in the cookie jar to stop this behavior in just hours.

You still have to remind yourself, though – if they can turn this wiretapping off with a simple browser update after having been discovered doing it, there’s not much stopping Nokia from turning it on just as silently again at some point in the future, is there?
--- End quote ---

Tinman57:
Well, well, well, what a surprise! (NOT)    :o
Now I wonder who could have put Nokia up to this naughty thing with their handset browsers, and how many other phones have the same "security" feature?
Hmm, tricky. Probably a criminal gang, or something?    :tellme:-IainB (January 12, 2013, 06:39 PM)
--- End quote ---

  I wouldn't be a bit surprised to find out the gov't was behind it all, paying them for the service.  DHS has no bounderies...

Navigation

[0] Message Index

[#] Next page

[*] Previous page