A server was found with two million passwords to social network sites, web-based email and other services, including Facebook (318,000), Yahoo! (60,000), Google (54,000), Twitter (21,000) and LinkedIn (8,000).
Passwords seem to come computers in the Netherlands, Thailand, Germany, Singapore and Indonesia.
Those passwords were collected by a network of zombies (botnet) infected with a keylogger, a small program that records whatever a user types into a computer.
This is just another batch of passwords in the public hands. During the last year we’ve seen account information (including encrypted passwords) leaked from Adobe (152 million!), Gawker (532,000), Yahoo! (453,000) and Sony (37,000).
Even if the service you use encrypt passwords there still ways of finding what these are (including statistical analysis and plain brute force). Just look at this blog post “Adobe credentials and the serious insecurity of password hints” to see how easy it can be for someone to find passwords when millions of records are available.
You should change passwords every few weeks or months, and to be on the safe side you should always use different password in each service. Also if your service offers a second form of authentication (a security token, code via SMS or email), then use it.
Troy Hunt has just created a new site called ‘;—have I been pwned? where you can enter your email address to check if it shows up in any of these “treasure chests”.
Just received the prizes for our HP Microserver Gen8 giveaway (including the HP PS1810-8G switch and Windows Server Essentials 2012) and will forward to the winner early next week. Remember there is still time to enter the other competitions listed in this topic here…
To our winner Noviota, congratulations!
Some more information about the HP Microserver Gen8 competition I hinted in my previous blog post: I will soon post a review on Geekzone and we will have one of those to giveaway to our readers.
More importantly, as in previous HP competitions we have MORE THAN one blog giving those away over three weeks - and you will be able to enter in any or all of them for more chances. From the week of 27th October we will start the competition on Geekzone, with other blogs following (two or three per week). Keep an eye on this topic because I will update the schedule later.
In the mean time, here are the participating blogs/forums so you can bookmark them:
Vodafone has increased prices in its cable plans, going up an unbelievable $43.06 (44.88%) in the 150GB plan (130/10 Mbps speeds). They also added a $149 version of the plan with 250GB allowance:
And this is a “naked” service. No phone, no IPTV, or anything else. Compare this $139 for 150GB package to what I’m currently paying for the same service:
Why is this hard to swallow? Because Vodafone owns the cable network. It’s an asset, and it’s been deployed since the late 90s. It’s not like they have to pay UFB to a provider such as Chorus. This makes it more bizarre that they push these prices up.
This comes just after the company announced their new “Ultra Fast Broadband TV service”, a bundle of Internet, IPTV and VoIP. Notice though that UFB includes a $30 discount if you have a mobile with the company.
Disappointing that Vodafone has pushed the cable prices up for the 150GB tier, just months after bringing it down from the old TelstraClear prices. Also disappointing that the service has been lately plagued with slowdowns and outages and it took the company two weeks to get things fixed. Also disappointing that Vodafone seems to have a continuous problem with the way their traffic goes to Australia (Australia is becoming a very important CDN and content hub, so we should really push our ISPs to have great connectivity to our neighbours).
Exciting. Just got an HP Microserver Gen8 delivered here today plus an 8-port HP PS1810-8G switch. The Microserver Gen8 comes with four USB 2.0 ports, two USB 3.0 ports, two ethernet ports, ILO and four 3.5” bays.
This weekend I will be installing an OS on this box and playing with options and then posting the review on Geekzone. For the time being here are a few photos:
Oh, did I say I will have one of these to giveaway soon on Geekzone, plus other bloggers from around the world will be running their own competitions? Stay tuned…
First there was the planning stage. I was contacted with some basic information about the event, who it is aimed at, who from HP would be available on site for us to talk to, and other pieces of relevant information.
Based on this initial contact I was able to ascertain this event was a good fit to both myself and my audience.
Then comes the support provided by the Ivy Worldwide team, including travel arrangements, accommodation, transportation and other bits and pieces.
The HP Tech @ Work Day in Sydney was an event in a conference format, with a keynote covering the topics of the moment: cloud and big data. From our front row seats we heard insights from David Caspari (Managing Director HP South Pacific), Paul Muller (VP Software Marketing, HP Software) and we had the chance to learn from the experience of people such as Tom Quinn (Chief Technology Officer, News Corp) and Tam Lee (Neuroscientist, Human Technology).
After the keynote we could chose from three streams of speakers covering infrastructure topics, before we could get everyone in the Bloggers' Lounge for Coffee Talks. Those are small session of 45 minutes to one hour where our group had the opportunity to talk candidly to some of the speakers, going deeper into topics of interest. That's where I found more about things such as the Orion Health and HP Cloud deal announced earlier that same day and what made the company decide to use cloud services, how they plan to use it and more.
At one of these Coffee Talks we had the opportunity to give HP some feedback in how we perceive the HP Cloud message, what our group of bloggers (which included professionals in the IT infrastructure sector) thought could be clearer and how HP could improve their relationship with markets.
During these events Ivy Worldwide also arrange for some even more informal meeting time, such as the group dinner arrangement, where all of us including bloggers, HP and Ivy have an opportunity to continue our conversations about the events of the day over a meal that (in some cases) extends for some quite time into the night, all for a good exchange.
Full disclosure: I am attending the HP Tech at Work Day Sydney 2013 as HP guest this week (30th June). HP is covering my trip and accommodation.
Having said that, I have been to previous HP events around the world (Las Vegas, Austin, Houston, Singapore, Sydney) and the content available is right on for the audiences attending. Be it the HP Discover with thousands of tech sessions and hundreds of booths with products from HP and partners for existing customers and prospects, a single day event to show a group of bloggers how HP servers are designed and engineered or even a day to explore HP Cloud, there’s always something for everyone.
I mean, just look at the list of speakers for this year’s event in Sydney. And us bloggers have the extra “coffee talks” private time to talk to these and other people in the industry to gather extra information.
Looking forward to meeting some old friends again and making new ones there.
The Yahoo! Wishlist page is live now.
If you are not aware, Yahoo! decided to free up usernames not used over a certain period of time. This means you might be able to get that username (McLovin) instead of "Sorry, this username is taken. Do you want to use McLovin14238576 instead?"
Yes, yes. What a strange move. The first thing it comes to mind is that someone might have used that email address before, so it's "dirty". By dirty I mean it could be subscribed to lots of email lists. Or be the alternative email address accessing some services. For example, think of those services using an email instead of username. People could get an address and go around submitting it to the "Forgot password" forms until hitting one that is worth something - who knows? A NY Times subscription, or access to a porn site.
When I asked about this, Yahoo! commented:
"Our goal with reclaiming inactive Yahoo! IDs is to free-up desirable namespace for our users. We're committed and confident in our ability to do this in a way that's safe, secure and protects our users' data. It's important to note that the vast majority of these inactive Yahoo! IDs don't have a mailbox associated with them. Any personal data and private content associated with these accounts will be deleted and will not be accessible to the new account holder.
“To ensure that these accounts are recycled safely and securely, we're doing several things. We will have a 30-day period between deactivation and before we recycle these IDs for new users. During this time, we'll send bounce back emails alerting senders that the deactivated account no longer exists. We will also unsubscribe these accounts from commercial emails such as newsletters and email alerts, among others. Upon deactivation, we will send notification for these potentially recycled accounts to merchants, e-commerce sites, financial institutions, social networks, email providers and other online properties."
Remember 1997? That’s when Carnivore was in use by the FBI. Soon after we heard rumours of an AT&T Room 641A, where the NSA would have a colocated interception facility that would tap into all communications being handled by that telco. Then all the rage about ECHELON, a SIGINT collection network operated by Australia, Canada, New Zealand, the UK and the United States of America).
During those years people were quick to call “paranoid” those who discussed those surveillance systems and frameworks.
It is now 2013 and we start reading more about a secret program called PRISM, that would allow intelligence services access to data stored by technology companies that store and forward communications and data files. Companies allegedly involved all sent out releases saying pretty much “we care deeply about our users privacy and comply with the law.” Those include Apple, Dropbox, Facebook, Google, Microsoft and Yahoo!.
Despite all the negatives, just yesterday came out more leaked information alleging Microsoft has provided the NSA with encryption keys that would allow them to access encrypted communications in their online properties such as Outlook.com, Hotmail.com and Skype. This is similar to 1999 claims that Microsoft has inserted a public key into the Windows NT operating system allowing intelligence services a backdoor into the platform.
Now come word that Australian Telstra has been working with American authorities since 2001 in a manner not different from AT&T and it famous Room 641A. In essence the telco agreed to store electronic communications data originating or terminating in the USA and going through their Reach network, making this available to US enforcement agencies on demand. The data is available through systems involves not only “metadata” but content of emails, instant messages and voice calls.
Fairfax Media reported that four Australian defence facilities are being used by the US in this intelligence collection programme. Local (Australian) centres are used in a National Security Agency surveillance program codenamed X-Keyscore.
This collaboration seems to be the result of Telstra decision to expand into Asia through Reach. When it came to the point where they needed to negotiate landing rights into USA, the local security agencies made it a requirement the company signed the agreement to collaborate in this data collection in order for a license to be issued.
While no live surveillance is being conducted, the data is available at short notice to US intelligence agencies.
Just recently University of Otago information science Associate Professor Hank Wolfe commented that “Under what was unofficially known as the Five Eyes Alliance, New Zealand and other governments; including the United States, Australia, Canada, and Britain, dealt with internal spying by saying they didn’t do it, but they have all the partners doing it for them and then they share all the information.” Yes, Five Eyes is the evolution of good old ECHELON from the late 90s.
So the questions after this revelation from the other side of the Tasman is really “how much of New Zealand communications are being stored by Telstra and handed over to foreign intelligence agencies?”. Or even “are there any New Zealand ISPs or cable providers involved in a similar deal?”
This all just happens in the middle of discussions involving the New Zealand’s government proposal Government Communications Security Bureau and Related Legislation Amendment Bill. I suggest you read Thomas Beagle’s GCSB Bill Oral Submission and also his other submission to the GCSB Bill:
The GCSB Act (2003) allowed the GCSB to provide advice and assistance to any public authorities or other entities. However, section 14 made it very clear that this assistance was not to include any action for the purpose of intercepting the communications of a New Zealand citizen or permanent resident.
The GCSB Bill now explicitly allows the GCSB to perform interceptions of New Zealanders communications on behalf of the Police, SIS or Defence Force.
It also allows the GCSB to spy on New Zealanders for the purpose of maintaining cybersecurity. (The GCSB claims in the Regulatory Impact Statement that it will need to be able to monitor the communications of New Zealanders to detect whether they are being attacked.)
Those changes actually allow the GCSB to perform interceptions of New Zealander's’ communications on behalf of other agencies, something that caused a bit of a problem when they watched over Mr Dotcom, which was later ruled illegal because Mr Dotcom was a New Zealand resident at the time.
I have reached to Southern Cross Cables asking for comments but I don’t expect to hear anything back until Monday at least.
The first session in this stream is lead by James Mahuta-Coyle, entitled “NZ Privacy Regulations and the Cloud: Current Controls and Options for Reform”. James took us through a look at the current issues regarding data ownership and accountability. But the session really is about what laws and what jurisdiction apply to data.
For example New Zealand privacy laws say that cloud providers are said to be holding data on behalf of the agency which actually uses the data. But these laws could be applied to entities outside New Zealand based on interpretation of where the data is being collected, not where the data is stored.
The session made parallels between cloud usage and the Privacy Principles established by the New Zealand Privact Act.
The next session was lead by Joy Liddicoat and was about New Zealand Internet Freedom Index.
During the Tuesday keynote the audience asked Jordan Carter, InternetNZ Chief Executive, what internetNZ is doing about government surveillance. The answer is basically about submissions regarding the bill and involving the Internet community at large in this debate.
The Hon Amy Adams, Minister of Communications and Information Technology is the Tuesday’s keynote. She said the Internet is essential part of our lives and key for New Zealand economics.
We now have 80% of New Zealand homes connected to the Internet. Average Internet usage per connection has gone up from 10GB a month in 2010 to 19GB a month in 2013.
Two scheduled reviews this year. The TSO and a wider review of policy framework to regulate telecommunications services in New Zealand. This is how Hon Amy Adams commented on the TSO review during the speech:
This morning at NetHui I am announcing the release of a discussion document on possible changes to the local residential Telecommunications Services Obligations.
Under the TSO, Telecom is required to continue to provide voice and dial-up data services to all residential premises that had an active Telecom line in December 2001.
Telecom must also keep the line rental for those services, in both urban and rural New Zealand, at or below the 1989 price in real terms, which equates to the $51 per month many of us pay today.
And of course Telecom must offer people a calling option under which local calls are unmetered – the so-called free local calling option which almost all of us use.
The TSO requirements as they stand create some issues.
The current TSO does not allow Telecom to use the most cost-effective and modern technology to provide TSO services, effectively locking in copper and potentially delaying the availability of cheaper and more innovative services.
The TSO arrangements – particularly free local calling combined with a relatively high monthly rental charge – may have slowed the progress and uptake of newer services. We may be seeing higher prices, less innovation and fewer new products compared with other countries that do not have these settings.
Let me give you some further context about why a review is needed.
In 2001, the year the TSO was agreed to, only 37 per cent of New Zealand households had access to the internet.
And when I talk about having access to the internet, few of those connections would be today recognised as broadband quality.
As I highlighted earlier, the latest figures now show that 80 per cent of New Zealand households now have access to the internet. The vast majority of these connections are broadband.
In much of the country, we now have better mobile coverage and better mobile services, people can watch the news while on the bus, share photos on social media sites, or send unlimited text messages as part of their telecommunications bundle.
Many people are now moving away from having home landlines at all, and others are accessing VOIP equivalents in preference to the traditional copper service.
The driver of this change is an increasingly competitive market and well-targeted supply-side initiatives, which together, are delivering affordable, reliable telecommunications services to a large number of New Zealanders.
The implication of this change for the TSO is the issue that the Government’s discussion document explores.
It asks whether, given market developments, we continue to need the protections of the TSO, or whether having them may be unjustifiably stifling innovation, and if it is needed, whether it needs updating.
There are several key aspects that need to be considered.
First, competition has developed throughout the telecommunications market. In 2001, Telecom had the lion’s share of all areas of the market, particularly fixed voice and Internet access.
Today, Telecom is a retail service provider amongst many others, with less than 50 per cent market share of retail broadband connections and it is facing increasing competition for voice services.
Second, the Government has introduced well targeted supply-side initiatives like the Ultra-Fast Broadband Initiative and the Rural Broadband Initiative, to provide access to faster broadband for the majority of New Zealanders.
And thirdly, as I have previously highlighted, technology and the way we use telecommunications is changing rapidly, and this change is expected to accelerate.
The current TSO was established based on PSTN fixed-line calling being our primary mode of communication. But now we have, as I have mentioned, more than one mobile phone for every New Zealander and much higher functioning internet services.
Similarly, the minimum speed requirements for internet access in the TSO are measured in kilobits per second – 14.4 kilobits for 95 per cent of lines and 9.6 kilobits for 99 per cent of lines. Compare that to today where fibre offers peak speeds of at least 100 Mbps.
The TSO can’t be frozen in time. The underlying principles for the review are to ensure that any future TSO provisions are technology-neutral, focusing on the services people want to have available, rather than dictating the way those services must be provided, and to ensure that the framework promotes the development of competitive pricing and services rather than acting as a barrier to innovation.
Against this background, one of the first things the discussion document does is to consider what might happen if all the TSO protections were removed and not replaced. This allows us to see what potential problems would still remain, and to tailor any future TSO protections to these residual problems.
The discussion document concludes that, if there were no TSO protections at all, it is likely that consumers in isolated smaller communities and rural areas could face reduced service availability and quality, or higher prices, or both; and that free-local calling could come with conditions, such as a cap on use.
Because of these residual problems, the discussion paper outlines four broad options for future TSO protections.
These options include the status quo, and three options for change – minimal, medium and significant.
Other possible changes canvassed in the discussion paper include whether Telecom should continue to be required to provide a copy of the White Pages telephone directory to every household covered by the TSO.
A recent opt-in pilot in Auckland suggested that many people are comfortable with finding this information online, and as a result, about 95% fewer phone books will be distributed to Auckland households this year.
I want to make it clear, though, that no changes are proposed to Telecom’s obligation to provide residential customers with free 111 calling, a free directory listing or deaf relay obligations under the TSO.
There are also no plans to remove the requirement that an option to have unmetered local calling is offered to consumers.
Consultation on the discussion document will close on Tuesday 20 August, and I am looking forward to hearing your views on the future options.
As I mentioned earlier, the second review we are commencing is a wider assessment of the policy framework for regulating telecommunications services in New Zealand under section 157AA of the Act.
Throughout the establishment of the Government’s UFB and RBI initiatives, user groups were clear in their calls for the need for fibre connectivity as a priority.
The Government is committed to world-class fibre infrastructure, and the long-term gains it will bring. Increased certainty around the transition path from copper to fibre will promote development of retail fibre products, boosting the ability of New Zealand homes, businesses, schools and hospitals to maximise the transformative potential of these technologies.
The first phase of this review will look at whether the existing pricing framework we have in place is properly calibrated for the once in several generations transition period, as we shift from the legacy copper to the new fibre network, with the significant gains in speed, quality and reliability this will deliver for users.
Investing in a new fixed access network is challenging. To make sure the new services are ready when people are going to need and value them, you have to start building ahead of demand, which is expensive and risky.
If you do not have the right regulatory settings in place to enable infrastructure providers to invest in new replacement technology, there is a real risk that consumers will not have access to it, or not have access to it for a long time.
Over the past few months I have had a range of productive discussions with a number of stakeholder groups around these issues which have been very useful.
It is my intention to issue a discussion document on the first phase of the telecommunications regulatory review in the next month or so, and I look forward to your feedback on the issues it will raise.
That document will focus primarily on how the regulatory framework can best provide certainty of costs, at the appropriate levels, over the transition period from now until the fibre build is complete. Subsequent phases of the review to be undertaken in the years ahead will consider the longer term aspects of telecommunications regulation.
In the meantime of course the rollout of the UFB and RBI programmes continues at pace and we are looking forward to the auction of the 700Mhz spectrum later in the year.
Hon Amy Adams commenting on international connectivity, she commented how the Southern Cross cable prices have been coming down. The government will however support other undersea cable initiatives, but don’t see any bottlenecks in the current arrangements.
Wednesday morning we see the Parliamentary debates, where some of our MPs expose their views on technology, Internet and the role government in economic growth driven by these resources.
Tracey Martin, NP NZ First MP started the discussion talking four minutes about how technology impacts the MPs’ work in our Parliament. She uses an iPad – and she didn’t have one before coming to the Parliament. She’s also got an iPhone “which is fab” and an old Nokia. Her thoughts were about all the impact of these pieces of technology on the public relationship with politicians. How all these technologies made politicians more accessible.
Next on was Simon Bridges, MP National who talked about his use of the Internet. It’s a tool that helps him being a MP to represent people, allowing people to communicate with him through different channels. He worries about online conversations to become monologues. A limitation of Twitter for example is the difficulty of having a debate over 140 characters and the noise it generates. He is keen on the differentiation between information and knowledge.
Gareth Morgan, MP Greens followed saying since taking the ICT portfolio he sees technology as a tool that helps politicians be where people are. If they are to represent people then they have to have a presence on Facebook, Reddit and other online debate platforms.
Clare Curran, MP Labour (and the only one I saw around the Nethui for the last two days as well) was the last of the MPs. HThe Internet in her view made politicians more human and more accessible. The technology also made those politicians “punch bags”. It also created a resource that allows crowdsourcing policy making.
Clare Curran asked the audience to stand up to the proposed bill extending the powers of the GCSB. Almost the entire audience stood up to show their view on this change in the law.