Internet Giants Consider SOPA Strike

The Stop Online Piracy Act in the US is getting ever more publicity with GoDaddy one of the high profile companies to suffer from supporting it as we wrote a couple of days ago.  In our previous article Martin summed up SOPA very effectively.

If you are living in the United States, you should have heard about SOPA (Stop Online Piracy Act) and Protect-IP, which, when passed, would give companies rights that they should not have. If it passes, IP rightsholders (a term vaguely defined) could send notices to payment processors or ad services like Google Adsense to force them to stop doing business with listed websites, all without legal process.

Site owners have five days to file a counter-notice, but neither payment processors or ad networks have any obligation to respect it. Even worse, they are granted “immunity for choking off a site if they have a “reasonable belief” that some portion of the site enables infringement”.

Now a loose confederation of Internet giants are considering shutting down the entire websites for 24 hours and instead showing a messagew urging their visitors and customers to contact their representative in the US congress the day before the vote goes to the house there.

The coalition is made up of some very big names on the Internet including Google, Amazon, Facebook, Twitter, Wikipedia, Yahoo!, eBay, PayPal, AOL, Foursquare, IAC, LinkedIn, Mozilla, OpenDNS and Zynga.  If the plan goes ahead all these services could be taken offline for 24 hours.

In a report by CNet…

When the home pages of Google.com, Amazon.com, Facebook.com, and their Internet allies simultaneously turn black with anti-censorship warnings that ask users to contact politicians about a vote in the U.S. Congress the next day on SOPA, you’ll know they’re finally serious.

True, it would be the political equivalent of a nuclear option–possibly drawing retributions from the the influential politicos backing SOPA and Protect IP–but one that could nevertheless be launched in 2012.

“There have been some serious discussions about that,” says Markham Erickson, who heads the NetCoalition trade association that counts Google, Amazon.com, eBay, and Yahoo as members. “It has never happened before.”

This wouldn’t be the first piece of anti-piracy legislation around the world to face stiff opposition.  France have already passed an Internet copyright law but the Digital Economy Act in the UK stalled in the face of arguments from major Internet Service Providers British Telecom and TalkTalk.

Many reports say that SOPA is still set to pass the US congress and that very few Americans have heard about it.  Shutting down services such as Facebook and Google, and replacing them with anti-SOPA messages for a day would certainly raise awareness, but a question mark remains over whether doing so only one day before the congress vote would be effective enough.

This is the first time ever that major websites have threatened to effectively go on strike to boycott something, and it is completely unprecedented.  It is unclear at this time whether the services would be taken down worldwide or just in the US and also how serious the coalition are about the boycott, which would inevitably lose them all a day’s trade.

Services are commonly targeted for IP addresses anyway and it wouldn’t be difficult for these companies to target messages to their US-based users.  With many millions of visitors every day in the US, companies such as Google and Facebook could achieve this on their own.  Imagine then how much more leverage they would have with Amazon, Yahoo! and others on board.  If this goes ahead it is still possible that other companies could follow suit, effectively crippling the Internet in the US for the day before the vote.

So what do you think of SOPA and your favourite websites being taken offline for a day?

---

© Mike Halsey MVP for gHacks Technology News | Latest Tech News, Software And Tutorials, 2011. | Permalink |
Add to del.icio.us, digg, facebook, reddit, twitter
Post tags: aol, congress, ebay, facebook, foursquare, Google, IAC, linkedin, mozilla, opendns, paypal, SOPA, twitter, wikipedia, yahoo, Zynga

Yahoo! Improves Account Security With Second Sign-in Verification

More and more Internet companies are beginning to implement 2-step verification processes to counter the ever increasing attacks on customer accounts. Yahoo! is the latest company to upgrade the account security with a 2-step verification option.

The new second sign-in verification feature is opt-in at this point in time, and only available to users from the United States, Canada, India and the Philippines.

Yahoo! users can enable the second sign-in verification feature from the Yahoo! account info page. Here they are asked to enter a mobile phone number for verification purposes. This number needs to be verified via SMS before the new account verification option is enabled for the account.

Yahoo! users can enable the new security feature on this page. They can alternatively sign in on the Yahoo! homepage, hoover over their name and select Account Info from the options to open their profile preferences and select the new security option there. It is however usually easier to open the page directly.

Yahoo! users who turn on the new account verification step have the option to use their security question and mobile phone, or only their mobile phone when they are asked to verify account ownership.

Mobile phone has to be selected either way. Once you have made the selection you are asked to enter your mobile phone number and country in a form. Yahoo! sends a SMS to the phone with a verification code that you need to verify ownership of the phone (more precisely the phone number).

The second sign-in verification feature works slightly different from Google’s 2-step verification login. Yahoo! will only ask the user to verify the account in a second step if the company suspects that the account may have been hijacked. It is likely that this is an automated process that checks IP addresses, countries of origins, and maybe even header data and sign-in times.

A confirm your identity:answer security question prompt is displayed after sign-in in this case. It basically blocks the signing in by asking the user to verify the account ownership either by entering the answer to the selected security question or by entering a security code send to a verified mobile phone.

Yahoo will roll out the feature to all of its worldwide audience by March 2012. (via Techdows and Yahoo Developer Network)

---

© Martin Brinkmann for gHacks Technology News | Latest Tech News, Software And Tutorials, 2011. | Permalink |
Add to del.icio.us, digg, facebook, reddit, twitter
Post tags: login security, yahoo sign-in

Tech Coalition is Formed to Stop Phishing

Phishing emails are a huge problem and one that numerous attempts to rectify have so far failed to achieve.  Now a large group of tech companies have joined forces with a start-up company called Agari to try and stop phishing emails from even reaching your inbox.  Microsoft, Google, AOL, Yahoo! and other firms have all joined forces on the project so they can share information from phishing emails.

This data will be analysed by Agari to see how phishing attacks can be identified and prevented.  The company has actually been in operation since 2009 and helps protect over 1 billion email accounts from these types of attack.  The company already collects data from around 1.5 billion emails a day, though they don’t collect the actual email messages.

Instead the company just passes on malicious URLs in the messages to the relevant companies who’s name is being used in the phishing message.  Google said it expects the new arrangement to benefit Gmail users as more mail senders will now be authenticating email and implementing common phishing blocking policies.

Cnet reported that Daniel Raskin, the vice-president of marketing for Agari said…

“Facebook can go into the Agari console and see charts and graphs of all the activity going on in their e-mail channel (on their domains and third-party solutions) and see when an attack is going on in a bar chart of spam hitting Yahoo.  They receive a real-time alert and they can construct a policy to push out to carriers (that says) when you see this thing happening don’t deliver it, reject it.”

Phishing emails aren’t just a nuisance, they cost businesses millions every year in credit card insurance payouts, a cost which is inevitably passed on in interest charges.  The sophistication of phishing messages, which purport to be from a bank, business or website asking you to log in to confirm your security details, or offering you a fantastic deal that doesn’t really exist, again to get your personal details including those for your credit card.

The simple rule is that no bank, company or website will EVER email you asking you to log in and confirm your details.  Modern web browsers will highlight the actual domain name for the site you are visiting, for example PayPal.com and you can see if you are being diverted to a different domain.  The best rule is that if you receive an email purporting to be from, say Bank of America, then never click on the link.  Instead manually go to the bank or company’s website and log in yourself.

Agari says they have been operating in “stealth” mode for the last few years to as to try not to attract too much attention to their work.  Currently they analyse 50% of all email traffic in the US.  Cnet say…

The company aggregates and analyzes the data and provides it to about 50 e-commerce, financial services and social network customers, including Facebook and YouSendIt, who can then push out authentication policies to the e-mail providers when they see an attack is happening.

This new alliance forms no guarantee that phishing emails will be eradicated, and it is still up to the end user to use caution when opening any suspicious email.

---

© Mike Halsey (MVP) for gHacks Technology News | Latest Tech News, Software And Tutorials, 2011. | Permalink |
Add to del.icio.us, digg, facebook, reddit, twitter
Post tags: agari, aol, Google, microsoft, phishing, yahoo