Modern Times

Symbols of modern life (or as current technology radically changed some habits of the past).

Source: http://strollingontherainbow.tumblr.com/.

R.I.P.: Windows XP

Windows XP: October 25th 2001 – April 8th 2014

It’s hard to believe but it’s over. The announced end of the Microsoft OS Windows XP now is a reality. 8th April 2014 will be the day the best operating system that has ever existed will die.

Chronicle of a death foretold

I had my first computer in 2002 and was a Windows 98 SE… When I changed of computer in 2005 I remember now how I was happy because it was a Windows XP Professional Service Pack 1! So, a couple of years later I updated to SP 3.

In 2008 Microsoft announced that Windows XP would no longer be traded and would be replaced by Windows Vista. Later, Microsoft announced that would end the support to Windows XP in 8th April 2014, what in practical means no more updates, but since 2013 the company has no released any update to this system. This means you will no longer receive security updates that help protect your PC from harmful viruses, spyware, and other malicious software that can steal your personal information or damage your business data.

Since 2005, I saw Microsoft embarrassment with the infamous Windows Vista, an operating system so bad that I never installed it on any of my machines, then tested Windows 7 (but found an unstable system especially when there is a power outage), Windows 8 (but found a poorly designed system with unnecessary and confusing menu and buttons) and finally Windows 8.1 “Blue”, which was my chosen to be the successor to Windows XP someday in all my machines. I say someday, because I’ll keep using my beloved Windows XP Professional until programs such as Java, Flash Player and Browsers like Firefox, Opera and Chrome offer support.

Also, some of my favorite programs and games only work on XP. And damn the Internet Explorer! I’m working on XP right now and I’m sharing my desktop print screen with you:

R.I.P. Windows XP

Windows XP has remained popular because it was stable, fast, powerful, and relatively simple to use. What’s more, many people still run XP simply because after more than a decade, it’s what they’ve become accustomed to using. But every life cycle must end eventually, and for Windows XP, that end date is April 8, 2014. It’s a lifetime that’s seen two US presidents, three UK prime ministers and three popes but Microsoft is finally ceased support for Windows XP.

According to a survey conducted by Net Applications, nearly forty percent of global desktops still use Windows XP, only slightly fewer than those using Windows 7, which has forty-five percent market penetration. All of the alternatives, Vista, Windows 8, Linux and Mac OS X account, for five percent or less of the desktop operating system market.

“OK,” you may say, “we still use XP but we’ve never contacted Microsoft for any support. Why is this relevant to me?”

It’s true that your XP machine won’t suddenly die right now, but its days are certainly numbered. The biggest problem is that you may not be able to trust it any longer. Without the Microsoft security updates from now on, if (or more likely ‘when’) the bad guys detect a security hole, that lets them take over an XP machine without the owner’s knowledge, they will.

If the machine is yours, they’ll be able to monitor your activity, read your emails and crack your online banking security. You’ll probably only notice when you lose your broadband connection (as your ISP identifies you as a source of thousands or millions of spam emails), or when you spot suspicious withdrawals from your bank account, or worse. Anti-Virus programs such as Norton, McAfee or any of the others will not protect you completely from this type of risk.

This is one of those things only XP can do…

Should we fear the zero-day exploit?

Although it sounds like a sci-fi film title, it’s real and nasty, and possibly in existence now waiting to do its worst after April. A “zero-day exploit” is a security breach that’s so significant that fixing it can’t wait: it needs immediate action, in zero days’ time, in fact.

The hackers that cause us such nuisances are far from stupid or naïve. In places such as the old Soviet Union, China and elsewhere, they are highly trained, and well rewarded for what they do. Their work is valued, and their behaviour is becoming increasingly strategic, and harder to combat.

If someone in the criminal underworld has got a way to penetrate XP completely, they’ certainly will use it from now on when the Microsoft team will be no more watching, and unleash it once the updates were closed and XP’s defences are gone.

Should we fear this? It’s by no means impossible, and several security industry experts have already raised concerns. Obviously, that the more alert we are, the harder it will be to pull off, but if a zero-day exploit does appear this year, there’s no doubt there won’t be an easy fix, and there will be some very expensive damage done to those affected.

Plan ahead to avoid the meltdown

If you’re using Windows XP and your machines are connected to the Internet, you probably should be concerned about your security from now on. That said, moving on may not simply be a case of buying and installing Windows 8.

What about all those programs that you use? How many can’t run on the new operating system? Is your machine new enough (or good enough) to support the latest Windows? What happens if it all goes wrong? Do you have a disaster recovery plan that’s more substantial than simply backing up your data?

If you don’t have a ready answer to all of these questions, you may be heading for avoidable trouble. The time to start planning is now:

1. Start with the obvious: check to see which desktops and laptops are still running Windows XP.

2. Rank your machines in two ways: importance and urgency. Systems that score highly in both measures need an action plan soon. Unusual or specialist software, or machines you run accounts on, for example, should get higher ratings: they may need special attention.

3. Identify the real PC “problem children” and give them each an action plan: There are short-term steps you can take, for example disconnecting key systems from the internet, but some applications may be impossible to make secure in the long term. For these you might end up sourcing new software.

R.I.P. Office 2003

While closes the useful life of Windows XP, Microsoft ends the support for Office 2003. So, using Office 2003 after the support ends will expose your business to application limitations and security risks, leaving you vulnerable and exposed to potential cyber-attacks and can also limit your productivity and efficiency.

iDiots

iDiots is a short story by Big Lazy Robot VFX, who mocks, somehow, our obsession with gadgets and apps, through small robots as interesting metaphor for users. Are we all iDiots? Big Lazy Robot VFX says about the video:

“It’s not a secret we love robots here at BLR, so we wanted them to be the heroes in our latest promo clip. Luxury cars with powerful engines to drive through roads under severe speed restrictions, cable TV that allows us to pay to watch all kind of sports, all from our comfortable sofa, and of course, hyper expensive cell phones that do almost everything but making a decent phone call.

Yes, our happiness is based on things we don’t need and governed by entities we don’t control, so what? Sit down and turn on the tv!

The robots were taken from real Japanese robot model kits, and they now hold a privileged position in our freak museum. The bad guy spits real smoke out of its mouth! The environment is made of cardboard houses that were integrated with the help of camera tweaks. It all serves to the purpose of creating a dumb homogeneous atmosphere in which we’re defined by what we’ve got, that is, the same lame things.

Don’t take the message too seriously. This is a promo video we’ve done to laugh at ourselves. We all have an i-diot inside, and it’s so fun!”

I don’t know if it’s really funny but the robots are so cute. The worst fool is that one who laughs from his own disgrace… Enjoy. Or not.

Yes We Scan!

To read more about the U.S. spy programs click here.

The novel of the denunciations about privacy invasion promoted by the security agencies of the United States – I meant NSA – against world authorities as President of Brazil Dilma Houssef, Prime Minister of Germany Angela Merkel, among others persons and corporations as Brazilian Petrobras – in addition to data capture of millions Internet users around the world wins every day new chapters.

What is so interesting to read in a pie recipe emailed by a housewife from Rome to his friend in Tokyo? Or why agents are so interested in reading the comments posted on Facebook by a teenager from Toronto on the last episode of The Walking Dead? In the name of national security, the United States once again are promoting a witch hunt as it happened in the 50s, this time in the virtual world?

NSA infiltrates links to Yahoo, Google data centers worldwide

Reblogged from The Washington Post website on 30 October 2013:

The National Security Agency has secretly broken into the main communications links that connect Yahoo and Google data centers around the world, according to documents obtained from former NSA contractor Edward Snowden and interviews with knowledgeable officials. By tapping those links, the agency has positioned itself to collect at will from hundreds of millions of user accounts, many of them belonging to Americans. The NSA does not keep everything it collects, but it keeps a lot.

According to a top-secret accounting dated Jan. 9, 2013, the NSA’s acquisitions directorate sends millions of records every day from internal Yahoo and Google networks to data warehouses at the agency’s headquarters at Fort Meade, Md. In the preceding 30 days, the report said, field collectors had processed and sent back 181,280,466 new records — including “metadata,” which would indicate who sent or received e-mails and when, as well as content such as text, audio and video.

In this slide from a National Security Agency presentation on “Google Cloud Exploitation,” a sketch shows where the “Public Internet” meets the internal “Google Cloud” where user data resides. Two engineers with close ties to Google exploded in profanity when they saw the drawing.

The NSA’s principal tool to exploit the data links is a project called MUSCULAR, operated jointly with the agency’s British counterpart, the Government Communications Headquarters . From undisclosed interception points, the NSA and the GCHQ are copying entire data flows across fiber-optic cables that carry information among the data centers of the Silicon Valley giants. The infiltration is especially striking because the NSA, under a separate program known as PRISM, has front-door access to Google and Yahoo user accounts through a court-approved process.

The MUSCULAR project appears to be an unusually aggressive use of NSA tradecraft against flagship American companies. The agency is built for high-tech spying, with a wide range of digital tools, but it has not been known to use them routinely against U.S. companies. In a statement, the NSA said it is “focused on discovering and developing intelligence about valid foreign intelligence targets only.”

“NSA applies Attorney General-approved processes to protect the privacy of U.S. persons — minimizing the likelihood of their information in our targeting, collection, processing, exploitation, retention, and dissemination,” it said. In a statement, Google’s chief legal officer, David Drummond, said the company has “long been concerned about the possibility of this kind of snooping” and has not provided the government with access to its systems. “We are outraged at the lengths to which the government seems to have gone to intercept data from our private fiber networks, and it underscores the need for urgent reform,” he said.

A Yahoo spokeswoman said, “We have strict controls in place to protect the security of our data centers, and we have not given access to our data centers to the NSA or to any other government agency.”

Under PRISM, the NSA gathers huge volumes of online communications records by legally compelling U.S. technology companies, including Yahoo and Google, to turn over any data that match court-approved search terms. That program, which was first disclosed by The Washington Post and the Guardian newspaper in Britain, is authorized under Section 702 of the FISA Amendments Act and overseen by the Foreign ­Intelligence Surveillance Court (FISC).

How the NSA’s MUSCULAR program collects too much data from Yahoo and Google

This document is an excerpt from Special Source Operations Weekly, an internal National Security Agency publication dated March 14, 2013. It describes a common NSA problem of collecting too much information – and how the agency is attempting to control it. The details:

WINDSTOP
A joint program of the NSA and its British counterpart, the General Communications Headquarters, or GCHQ.

REL USA, GBR
The information in this briefing is intended only for U.S. and British intelligence sharing.

MUSCULAR
This is the cover name for a WINDSTOP operation to intercept data traffic from the private links connecting Yahoo and Google servers, among others. The access point is known as DS‐200B, which is outside the United States. It relies on an unnamed telecommunications provider to offer secret access to a cable or switch through which the Google and Yahoo traffic passes.

SPEAKER’S NOTE
The following text is used by the person who gives the presentation to an audience. It describes proposed improvements in the filtering of intercepted Yahoo data traffic.

BLUF
“Bottom line up front”: A request to collect less data from Yahoo sources, noting that numerous analysts from the NSA’s Analysis and Production directorate have complained that the MUSCULAR program produces too much data, much of it with low intelligence value.

PINWALE
NSA’s primary storage, search, and retrieval system for intercepted text such as e-mail and chat contents.

DEMULTIPLEXER
Also known as “demux,” a process of separating unrelated data streams that travel in a package over the Internet.

SSO
Special Source Operations, the NSA group that obtains secret access to facilities run by “private sector partners”.

How the NSA is infiltrating private networks

The NSA, working with its British counterpart, the Government Communications Headquarters (GCHQ), secretly taps into the internal networks of Yahoo and Google, the two biggest Internet companies by overall data traffic. The operation intercepts information flowing between the enormous data centers that those companies maintain around the world. In general, Google and Yahoo use privately owned or leased lines to synchronize their data centers. This graphic shows how the NSA and GCHQ break into those internal networks, using Google’s as an example. Less is known about Yahoo’s networks, but the NSA operations are thought to be similar.

Smile! You are being scanned!

SMILE! YOU ARE BEING SCANNED!

We now know that the National Security Agency (NSA) is able to access personal data stored by Microsoft, Yahoo, Google, Facebook, Paltalk, YouTube, Skype, AOL and Apple. Though these companies have done their best to downplay the significance of the story, the revelations should force us to think much more carefully about the use of this information in the sense to protect the rights of the internet users and the role of states and private companies in creating each country’s shared agenda.

Of course we all know that the United States Government – after SOPA, ACTA and CISPA – would not give up to spy the online life of American citizens or citizens of other countries. You think you’re safe behind a computer screen? To learn how to surf anonymously, you need to know the Tor projetc by clicking here: https://www.torproject.org/.

WHO IS EDWARD SNOWDEN

Edward Joseph Snowden was born on 21 June, 1983 and is an American former technical contractor and Central Intelligence Agency (CIA) employee who worked as a contractor for the National Security Agency (NSA), before leaking details of classified NSA mass surveillance programs to the press. Snowden shared classified material on a variety of top-secret NSA programs, including the interception of U.S. telephone metadata and the PRISM surveillance program, primarily with The Guardian, which published a series of exposés based on Snowden’s disclosures in June 2013. Snowden said his disclosure of PRISM and FISA orders related to NSA data capture efforts was an effort “to inform the public as to that which is done in their name and that which is done against them. The Washington Post reported that the motive behind the disclosure was to expose the “surveillance state” that he felt the United States was becoming.

On May 20, Snowden flew to the Chinese territory of Hong Kong and stayed in a hotel in Tsim Sha Tsui. Later he explained his choice of Hong Kong thus: “NSA employees must declare their foreign travel 30 days in advance and are monitored. There was a distinct possibility I would be interdicted en route, so I had to travel with no advance booking to a country with the cultural and legal framework to allow me to work without being immediately detained. Hong Kong provided that. Iceland could be pushed harder, quicker, before the public could have a chance to make their feelings known, and I would not put that past the current US administration”.  On June 19, 2013, the United Nations High Commissioner for Refugees stated that if Snowden was to apply for refugee status in Hong Kong he would receive no special treatment. Hong Kong is not a signatory to the 1951 Convention relating to the Status of Refugees and does not allow refugees to settle in the city.

Ron Paul, a former member of Congress and prominent libertarian, said, “We should be thankful for individuals like Edward Snowden who sees injustice being carried out by their own government and speak out, despite the risk…. They have done a great service to the American people by exposing the truth about what our government is doing in secret.” Paul denounced the government’s secret surveillance program: “The government does not need to know more about what we are doing…. We need to know more about what the government is doing.”

WHAT IS PRISM

PRISM is a clandestine national security electronic surveillance program operated by the United States National Security Agency (NSA) since 2007. PRISM is a government codename for a data collection effort known officially as US-984XN. It is operated under the supervision of the United States Foreign Intelligence Surveillance Court pursuant to the Foreign Intelligence Surveillance Act (FISA). The existence of the program was leaked by NSA contractor Edward Snowden and published by The Guardian and The Washington Post on June 6, 2013. PRISM was first publicly revealed on June 6, 2013, after classified documents about the program were leaked to The Washington Post and The Guardian by American Edward Snowden. The leaked documents included 41 PowerPoint slides, four of which were published in news articles.

The documents identified several technology companies as participants in the PRISM program, including (date of joining PRISM in parentheses) Microsoft (2007), Yahoo! (2008), Google (2009), Facebook (2009), Paltalk (2009), YouTube (2010), AOL (2011), Skype (2011), and Apple (2012). The slide presentation stated that much of the world’s electronic communications pass through the United States, because electronic communications data tend to follow the least expensive route rather than the most physically direct route, and the bulk of the world’s internet infrastructure is based in the United States. The presentation noted that these facts provide United States intelligence analysts with opportunities for intercepting the communications of foreign targets as their electronic data pass into or through the United States.

YES WE SCAN!

In response to the technology companies’ denials of the NSA being able to directly access the companies’ servers, The New York Times reported that sources had stated the NSA was gathering the surveillance data from the companies using other technical means in response to court orders for specific sets of data. But is more likely to mean that the NSA is receiving data sent to them deliberately by the tech companies, as opposed to intercepting communications as they’re transmitted to some other destination. “If these companies received an order under the FISA amendments act, they are forbidden by law from disclosing having received the order and disclosing any information about the order at all,” Mark Rumold, staff attorney at the Electronic Frontier Foundation, told ABC News.

On May 28, 2013, Google was ordered by United States District Court Judge Susan Illston to comply with a National Security Letter issued by the FBI to provide user data without a warrant. Twitter declined to make easier the sending of your users data for the government. But other companies were more compliant, according to people briefed on the negotiations. The other companies held discussions with national security personnel on how to make data available more efficiently and securely. In some cases, these companies made modifications to their systems in support of the intelligence collection effort.

While providing data in response to a legitimate FISA request approved by FISC is a legal requirement, modifying systems to make it easier for the government to collect the data is not. This is why Twitter could legally decline to provide an enhanced mechanism for data transmission. Other than Twitter, the companies were effectively asked to construct a locked mailbox and provide the key to the government, people briefed on the negotiations said. Facebook, for instance, built such a system for requesting and sharing the information. Google does not provide a lockbox system, but instead transmits required data by hand delivery or secure FTP.

Shortly after publication of the reports by The Guardian and The Washington Post, the United States Director of National Intelligence, James Clapper, on June 7 released a statement confirming that for nearly six years the government of the United States had been using large internet services companies such as Google and Facebook to collect information on foreigners outside the United States as a defense against national security threats.

On June 7, U.S. President Barack Obama said, “What you’ve got is two programs that were originally authorized by Congress, have been repeatedly authorized by Congress. Bipartisan majorities have approved them. Congress is continually briefed on how these are conducted. There are a whole range of safeguards involved. And federal judges are overseeing the entire program throughout”. Do you believe in these words? Neither I.

ALL YOUR DATA ARE BELONG TO U.S.

There is nothing new about states seeking to coordinate communication systems to further their interests. Although the director of the American Civil Liberties Union’s Center for Democracy described PRISM as “unprecedented militarisation of domestic communications infrastructure”, PRISM is entirely consistent with longstanding security doctrine in the US. For instance, National Security Decision Directive Number 97 issued in 1983 states that: “The nation’s domestic and international telecommunications resources, including commercial, private and government-owned services and facilities, are essential elements in support of US national security policy and strategy”. TV and radio were part of how the US got what it wanted from the rest of the world.

There is little doubt that the technology companies will operate within parameters set by “US national security policy and strategy”, as their predecessors in broadcast did. Every country’s communications infrastructure is essential to the functioning of its state, and always has been. But PRISM is nevertheless highly significant but dangerous. It shows us that the new digital technologies are not weakening states relative to global corporations. Because when the NSA comes calling, they do what they are told. Companies such as Facebook and Google create “free” services that permitted anyone to invade our own privacy. The NSA just benefit itself from the results.

The first amendment of the US constitution forbids Congress from passing laws “abridging the freedom of speech, or of the press”. But debates about the media should take into account the relevant facts. PRISM reminds us that all functional states ensure that information systems serve their interests. Journalism, in the US as in Britain, is embedded in a telecommunications infrastructure over which the state maintains paramount control, in the name of national security. At the moment, the Obama administration is trying this through ever-closer coordination with the digital companies and through a campaign of intimidation against potential whistleblowers and troublesome reporters. It is surely obvious that Bradley Manning, Edward Snowden and Wikileaks Julian Assange are being targeted to discourage others discontented voices.

The spectre of terrorism is being used to construct this unaccountable power in the new landscape of network communications. And this is about much more than right to privacy and state surveillance. PRISM and similar programmes are seeking to shape the information technologies on which we will increasingly rely. Google and the other technology companies want to assure us that they don’t operate as instruments of state policy. But they do, just as the broadcast networks do. They really have no choice but to cooperate, and to deny that they cooperate.

INITIAL PUBLIC STATEMENTS

The original Washington Post and Guardian articles reporting on PRISM noted that one of the leaked briefing documents said PRISM involves collection of data “directly from the servers” of several major internet services providers. All the companies denied. On the heels of media reports that the NSA has gained access to the servers of nine leading tech companies – enabling the spy agency to examine emails, video, photographs, and other digital communications, Google, Apple, Microsoft and others have issued a strongly worded statement denying that the companies granted the government “direct access” to its servers.

Microsoft: “We provide customer data only when we receive a legally binding order or subpoena to do so, and never on a voluntary basis. In addition we only ever comply with orders for requests about specific accounts or identifiers. If the government has a broader voluntary national security program to gather customer data we don’t participate in it.”

Yahoo!: “Yahoo! takes users’ privacy very seriously. We do not provide the government with direct access to our servers, systems, or network. Of the hundreds of millions of users we serve, an infinitesimal percentage will ever be the subject of a government data collection directive.”

Facebook: “We do not provide any government organization with direct access to Facebook servers. When Facebook is asked for data or information about specific individuals, we carefully scrutinize any such request for compliance with all applicable laws, and provide information only to the extent required by law.”

Apple: “We have never heard of PRISM. We do not provide any government agency with direct access to our servers, and any government agency requesting customer data must get a court order.”

Dropbox: “We’ve seen reports that Dropbox might be asked to participate in a government program called PRISM. We are not part of any such program and remain committed to protecting our users’ privacy.”

Google: “Google cares deeply about the security of our users’ data. We disclose user data to government in accordance with the law, and we review all such requests carefully. From time to time, people allege that we have created a government ‘back door’ into our systems, but Google does not have a backdoor for the government to access private user data. Any suggestion that Google is disclosing information about our users’ Internet activity on such a scale is completely false.”

At first glance, all the statements are difficult to believe. Senior intelligence officials have confirmed the program’s existence, and Google, Yahoo, Facebook and Skype logos are prominently listed on internal NSA documents describing participating companies. But Google may be engaging in a far more subtle public relations strategy than outright denial. Google’s statement hinges on three key points: that it did not provide the government with “direct access” to its servers, that it did not set up a “back door” for the NSA, and that it provides “user data to governments only in accordance with the law.”

According to Chris Soghoian, a tech expert and privacy researcher at the American Civil Liberties Union, the phrase “direct access” connotes a very specific form of access in the IT-world: unrestricted, unfettered access to information stored on Google servers. Typically, the only people having “direct access” to the servers of a company like Google or Micorsoft would be its engineers. A similar logic applies to Google’s denial that it set up a “back door”. According to Soghoian, the phrase “back door” is a term that describes a way to access a system that is neither known by the system’s owner nor documented.

According to Soghoian, the NSA could have gained access to tech company servers by working with the companies to set up something similar to an API – a tool these firms use to give developers limited access to company data. Google has denied that an API was used, but that denial doesn’t exclude the possibility that a similar tool was used. To protect itself against allegations that it inappropriately compromised user data, Google further notes in its statement that the company provides “user data to governments only in accordance with the law.”

Read More: The Guardian and Wikipedia.