September 24th, 2008

Posted by Dancho Danchev

In what is slowly turning into a endless loop of hacktivism activities, Bill O’Reilly’s BillOreilly.com has been compromised during the weekend, with personal details including passwords in plain text for 205 of the site’s members already leaking across Internet forums, as a response to his remarks regarding Wikileaks as a “one of those despicable, slimy, scummy websites” which recently published private information of Sarah Palin’s private email.

On Friday, Wikileaks issued the following press release :

“Fox News demagogue, Bill O’Reilly, has been hacked and the details passed to Wikileaks. Wikileaks has been informed the hack was a response to the pundit’s scurrilous attacks over the Sarah Palin’s email story–including on Wikileaks and other members of the press, Hacktivists, thumbing their noses at the pundit, took control of O’Reilly’s main site, BillOReilly.com. According to our source, the security protecting O’Reilly’s site and subscribers was “non-existent”.

The following image, submitted to Wikileaks and confirmed by Wikileaks staff, offers proof of the hack. The image, clearly obtained from BillOreilly.com’s administrative interface, shows a detailed list — including passwords — of BillOreilly.com subscribers. Although Wikileaks has only released one page, it must be assumed that Bill O’Reilly’s entire subscriber list is, as of now, in the public domain.”

How did they do it “this time”?

According to the article at Wikileaks, the hacktivists seem to have been brute forcing the URL for the administration panel, and once successfully finding it, access the unencrypted data :

“According to Marston, the hackers were able to access the list by trying a large number of variations of the website’s administrative URL. He said all affected members have received an email and a phone call informing them of the breach and urging them to change their password. The site has since been completely locked down, Marston said.”

Moreover, it’s also worth pointing out that the passwords were stored unencrypted, evidence of the practice can also be seen within the screenshots of the admin panel. As far as the website’s administrative URL is concerned, it has since been changed once it leaked online (w3.billoreilly.com/pg/jsp/admin/managecustomers/newpremiummembers.jsp), which isn’t excluding the opportunity for abuse of the subscribers email addresses in spear phishing attacks, “for starters” since some of the users have already admitted of using the same password at different web sites, including PayPal.

The impact of the breach, and the measures taken to notify the victims according to the site :

“The BillOReilly.com site experienced a minor hacking incident on Friday, September 19th, 2008.

** ALL CREDIT CARD INFORMATION FOR EVERY MEMBER IS SAFE
** NO MEMBERS WHO JOINED BEFORE WEDNESDAY, SEPTEMBER 14th, 2008 WERE AFFECTED AT ALL.
** 205 new Premium Members who signed up last week had their name, hometown, email address, & BillOReilly.com password stolen.
** We have contacted those 205 members by email and telephone.
** We are working with the proper authorities to track down the perpetrators. “

Another personal message issued by Bill O’Reilly regarding the process of tracking down the “perpetrators” was posted on Sunday :

“The FBI and Secret Service are close to indicting some of the perpetrators and cialis shelf life we will keep you posted when the arrests are made. All premium members receive the full backing of our legal team and if anyone is hassled in the least, please inform us immediately. In the latest case, no proprietary information was obtained by hackers and we have safeguards in place to protect everyone who does business with us.

Rest assured that we are on this. Our defense of Sarah Palin has led some criminals to attempt to disrupt our enterprise. At this moment federal authorites and our attorneys are compling information against these people. Again, if any person is bothered in any way – please let us know. We stand behind our products but, most importantly, we stand behind you. We’ll get the bad guys. Count on it.

Bill O’Reilly
9/21/08″

Who’s claimed responsibility? 4chan members planning at Ebaumsworld using “secret words” :

“According to my source this is a common tactic among the secret hacking group hidden amongst the users of ebaumsworld. he states “yeah we will start planning on 4chan so ebaums doesnt get in trouble…we use secret words and stuff to let the others know who we are” when i asked why he was telling me all this he said “man this has just gone too far.. at first it was a joke then we found out that the same usernames and passwords worked for those peoples paypal accounts and im afraid of what they will do.”

It appears that the “forum fraction” is also planning a DDoS attack against BillOreilly.com according to this interview, which wouldn’t be the first time the site has been under DDoS attack, and definitely not the last. From an analyst’s perspective, nation2nation hacktivism conflicts always provide the best and most accurate understanding of a particular’s country’s capabilities into this space, compared to hacktivism actions basically sticking to the standard practices as DDoS attacks, which just like any tip of the iceberg receive most of the attention due to the ease of measuring their impact next to the rest of the hacktivism tactics used.

The bottom line – good time to point out why you shouldn’t use the same password on different web services, and that the big picture having to do with Wikileak’s vision of a little less secrecy, and a little bit more transparency, ultimately better serves the world and gives power to the people whose collective consciousness, if not brainwashed, is supposed to be shaping the way we live.

March 3rd, 2008

Posted by Ed Bott

I’ve been using Windows for nearly two decades, and during that time I’ve tried hundreds of programs. Most come and go, but a handful have stood the test of time for me by solving a particular problem particularly well.

In this article and accompanying gallery, I list 10 Windows programs I use every day. Every one adds a feature that makes Windows easier to use or can help make you more productive. Each one comes from a company that has proven its ability to support the product and improve it over time. I’ve been using every program on this list for long enough to recommend it without reservation.

Most of the programs in this list are free; for those that aren’t a trial version is available. All of the programs in this list run on Windows XP Service Pack 2 and Windows Vista (and most run on other editions as well). I’ve devoted one full page to each program, with info and download links and enough details to help you decide whether it’s something you want to try. I’ve also provided screen shots for each program cialis sales online to help you see what I’m talking about.

Process Explorer (Sysinternals/Microsoft) The most amazing diagnostic tool ever, created by Microsoft Distinguished Fellow Mark Russinovich. If you use Task Manager, you should replace it with this free alternative, which does so much more.

RoboForm (Siber Systems) Create strong passwords, save them, and automatically fill them in using Firefox or IE. If you’re frustrated by passwords, this is your answer.

Keyfinder (Magical Jelly Bean Software) If you had to reinstall Windows tomorrow, do you know where your product ID is? If the answer is no, get this tiny free utility, which finds product IDs for dozens of popular programs (including Windows and Office) and lets you print or save the results.

ClipMate Clipboard Extender (ThornSoft Development) When I set up a new PC, this is the first program I install. It’s that good. I save thousands of keystrokes a year thanks to this gem of a utility.

FeedDemon for Windows (NewsGator Technologies) The best damn RSS reader in the Windows world. Period. And it’s now free.

Windows Live Photo Gallery (Microsoft) You’ll have to search for it, but this updated version of the Windows Photo Gallery that debuted in Vista is worth the hunt. If you’ve chosen to steer clear of Vista, no worries: It works in XP too.

Allway Sync (Usov Lab) This powerful tool synchronizes the contents of folders over a network or to external storage and is an ideal complement to most backup programs.

SnagIt (TechSmith) As a technology writer, I use this screen capture program nearly every day. Even after six years, I’m still discovering new tricks it can do.

IE7 Pro If you use IE7, you need this free add-on, which provides ad blocking, tab management, inline search, crash recovery, and all the other features Microsoft left out.

FinePrint (FinePrint Software) Over the years, I can’t even imagine how many trees I’ve spared with the help of this program. If you print more than a few pages a month, you have to try this.

 TrueCrypt

cialis sale hspace=”7″ vspace=”3″ width=”120″ height=”85″ align=”left” /> Protect your sensitive data with this free open-source disk encryption software that creates a virtual encrypted disk within a file and mounts it as a real disk.

 Hotspot Shield

cialis reviews src=”http://www.hotspotshield.com/images/hss-logo.gif” border=”0″ alt=”Hotspot Shield” title=”http://ct.zdnet.com/clicks?t=73158203-fcda8243b2af06197976dd4e0ab0dea0-bf&brand=ZDNET&s=5″ hspace=”7″ vspace=”3″ width=”120″ height=”120″ align=”left” /> Hotspot Shield is free software that ensures anonymous and censor-free internet usage by encrypting all communications to and from your computer to protect you from online spying.

December 4th, 2008

Posted by Andrew Nusca

Google is by far the largest user of Internet bandwidth, its share of bandwidth usage is rising rapidly, and its bandwidth use is orders of magnitude greater than its payment for its cost, according to a new study by NETCompetition.org, a site committed to Net Neutrality “pro-competition Internet forum funded by broadband companies.”

According to the study, Google used 16.5 percent of all U.S. consumer Internet traffic in 2008, and that share is estimated to grow to 25 percent in 2009 and 37 percent in 2010. Why? According to the study, because Google’s search bots regularly copy every page on the Internet, some as frequently as every few seconds, and Google’s YouTube streams almost half of all video streamed on the Internet.

Furthermore, the study estimates Google’s payment to fund just the U.S. consumer broadband Internet segment to be approximately $344 million in 2008 or 0.8 percent of U.S. consumers’ flat-rate monthly Internet access costs of $44.0 billion. Thus Google’s 16.5 percent share of all 2008 U.S. consumer bandwidth usage, is roughly 21 times greater than Google’s 0.8 percent share of U.S. consumer bandwidth costs — or  what the study calls a roughly “$6.9 billion subsidy of Google” by U.S. consumers.

Do you buy this argument? I’m not sure I understand how this is possible, but perhaps you readers versed in this kind of thing can explain it in the comments.

According to the study, researchers used Cisco traffic usage data combined with market share data from Hitwise and Comscore to estimate Google’s share. Google’s bandwith costs are (of course) estimated based on publicly-disclosed operating cost data. (The precise methodology can be found on page 4 of the study.)

The 27-page study can be found here as a PDF. The press release, after the jump:

For Immediate Release December 4, 2008

Contact: Scott Cleland 703-217-2407

First-Ever Study of U.S. Consumer Internet Usage and Cost Finds
Google Uses 21 Times More Bandwidth than it Pays For

Google uses 16.5% of U.S. consumer Internet capacity today,
rising to an estimated 37% in 2010

MCLEAN, Va. – Today Precursor LLC released a first-ever research study of U.S. consumer Internet bandwidth usage and costs with the objective of estimating how much bandwidth Google uses and pays for. The data confirm the study’s core hypotheses, that: Google is by far the largest user of Internet bandwidth, Google’s share of bandwidth usage is rising rapidly, and that Google’s bandwidth use is orders of magnitude greater than its payment for its cost.

The study estimated Google used 16.5% of all U.S. consumer Internet traffic in 2008, and that share is estimated to grow to 25% in 2009 and 37% in 2010. What drives this conspicuous bandwidth consumption is Google’s search bots regularly copy every page on the Internet, some as frequently as every few seconds, and Google’s YouTube streams almost half of all video streamed on the Internet.

The study estimated Google’s payment to fund just the U.S. consumer broadband Internet segment to be approximately $344 million in 2008 or 0.8% of U.S. consumer’s flat-rate monthly Internet access costs of $44.0 billion. Thus Google’s 16.5% share of all 2008 U.S. consumer bandwidth usage, is ~21 times greater than Google’s 0.8% share of U.S. consumer bandwidth costs ? or an implicit ~$6.9 billion subsidy of Google by U.S. consumers.

This research study of Google’s usage vs. cost is relevant to the current broadband policy debate, because Google is the driving force behind InternetForEveryone.org which is pushing “to adopt a national plan to bring open, high-speed Internet connections into every home, at a price all of us can afford.” Internet connections could be more affordable for everyone, if Google paid its fair share of the Internet’s cost.

*  ”It is ironic that Google, the largest user of Internet capacity, pays the least relatively to fund the Internet’s cost; it is even more ironic that the company poised to profit more than any other from more broadband deployment, expects the American taxpayer to pick up its skyrocketing bandwidth tab,” said Scott Cleland, President Precursor LLC, and author of the study.

“The core conclusion of the study is that any sustainable national broadband policy must ensure that the heaviest Internet users pay their fair share of Internet infrastructure costs. It is neither economically rational nor equitable for the biggest users of, and beneficiaries from, shared resources to not share fairly in the recovery of costs,” Mr. Cleland added.

Since Google often compares the Internet to the public highway system, the study also examined how the U.S. highway system apportions costs among business users and consumers. Any analysis of public highway funding will show that businesses/trucks, which put the most cost burden on the highways, pay substantially more than consumers/cars ? the exact opposite of Google’s recommended broadband model, where consumers shoulder most all of Google’s costs for using and profiting off the Internet — more than any other entity.

*  The study highlights the inconsistency in Google’s position supporting government ownership/regulation of the Internet like the U.S. highway system but not adopt the economic model and fairness of the highway system — where the heaviest users that cause the most costs — shoulder their fair share of the costs.

The study’s methodology is straight-forward, transparent, well documented and replicable so Google or others can provide improvements or alternative estimates — and so other countries can estimate if Google uses more of their country’s Internet capacity than it pays for.

*  The study’s author, Precursor President Scott Cleland, said: “While I expect the study to generate a healthy debate over the methodology, assumptions and estimates, any rigorous analysis of the data will lead to the same incontrovertible conclusion of this study — that Google’s U.S. consumer Internet bandwidth usage share vastly exceeds its payment share of the cost.”

*  The study was conducted over the last several months by Scott Cleland, President of Precursor LLC, a leading techcom research and consulting firm. +  Cleland was formerly an Institutional Investor Magazine top independent telecom analyst in 2004 and 2005.
+  Cleland also has a high-profile track record in spotting big anomalies in Internet traffic. In late 2000, Cleland was the first analyst to expose that Internet traffic was in reality growing 90% slower than what the market assumed, heralding the bust of the telecom bubble that wiped out over $1 trillion in market capitalization in 15 data-dependent companies.
+  Precursor now provides research for companies and Cleland is Chairman of NetCompetition.org a pro-competition Internet forum funded by broadband companies.

cialis review color=”#004d99″>Read the full study here.