Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
http://news.yahoo.com/china-to-buy-dell-source-155247372--sector.html Chinese Government To Buy Dell By Carl Michaels and Michael Silver | Rueters - Monday, Apr 1, 2013 NEW YORK / BEIJING (Rueters) - Dell Inc announced today that the Chinese government would purchase them in a leveraged buy out. Michael Dell and private equity firm Silver Lake Partners have announced that they welcome the leveraged buy out. "It's the best of all the alternatives that the company's board had explored," said Dell in a prepared statement to shareholders. Carl Icahn has proposed paying $15 per share for 58 percent of Dell, while Blackstone Group has indicated it can pay $14.25 per share. But both deals would involve saddling the troubled tech company with massive debt and keeping it public. Silver Lake Partners would offer all cash at $13.65 per share and take Dell private in the reverse of an IPO: an LBO or so-called "leveraged buy out" where a failing public company goes private at a severe loss to the shareholders and usually with massive firing of competent employees while retaining the incompetent ones. But Xia Xiahuang, head of the Technology Investment Government Workers Group, a Chinese government agency, said that China would pay $17.75 per share to acquire the ailing tech company. "We need more competition in the Pan-Asian PC market. As a growing world economy China needs more than just Lenovo," said Xiahuang at a press conference where she announced the decision. "If successful in our leveraged buy out then we plan on moving Dell to Government City Number 23 where we have lots of unemployed tech workers." She extolled the virtues of corporate competition in her statement. "We learned a lot from the Americans, especially about how capitalism works with a centrally managed economy." When asked about the history of that, she said, "Maybe we have a language issue here, but no, we don't call that 'fascism' here." Government City Number 23, a super-secret facilty, used to make advanced nuclear weapons for the Chinese government. It is located, according to sources, somewhere near the Chinese Mongolian border. "We don't need more hydrogen bombs. We can get all of those that we want from North Korea. And cheap!" When asked why, she said, "We need more PCs, tablets, and smartphones." Xiahuang then said, "Also, we have all of these U.S. Treasury bonds just sitting around doing squat. If we can use a few of those to buy a has-been company like Dell, why not? Better than earning almost no interest like Amercian retirees." When asked about the business model for the decision, Xiahuang said, "Well, we don't see much of a domestic market, but we definitely have a guaranteed market with the U.S. government with Dell's Federal Systems Division." When pressed for details, she said, "We don't foresee any consumer demand at all for Dell products. We'll focus on selling hardware and software to the U.S. Government. We have an excellent relationship with their procurement agencies." Michael Dell could not be reached for comment. A written press release by Dell warned that any levereged recapitalization, even by a major government, was risky. "While we have no objection to moving to Mongolia, especially given how we now are headquartered in Round Rock, Texas, we do feel compelled to mention that the telephone system near Mongolia would not support our outsourced customer service model." Additional questions were deferred for later according to the press release, to comply with Sarbannes-Oxley. Outside analysts dismissed this, noting that Dell long ago abandoned any pretense of good customer service for anyone, especially low-level consumers. "The Chinese will whip them in line," said Ani Prox, a financial sector tech analyst. "I can't wait until they screw over a relative of the Central Committee and then the Chinese publically execute a few of their so-called 'customer support' drones." When asked if he thought this a good move, Prox said, "I don't want to say that I'm literally jumping with joy. But I am. Those damned monsters had it coming." Many American analysts have concerns about the proposed U.S. cyber-espionage rule that would limit Chinese imports of information technology products in the wake of alleged Chinese hacking attacks on the U.S.. When asked about those concerns, Chinese government spokesperson Xiahuang said, "The Chinese government does not engage in hacking. Hello? If we did would we buy a company with such strong customer dissatisfaction as Dell?" She went on to dispute that the U.S. has evidence of hacking attacks by China and claimed that more than half of the attacks actualy originate from Dell PCs in the United States. "Let's face it; we do the Americans a huge favor here which the Obama Administration knows. We don't foresee any problems with this minor acquisition of a failed and widely-hated company." According to the U.S. Congressional Research Service, the United States imports about $129 billion worth of "advanced technology products" form China, which includes PCs, laptops, tablets, smartphones, music players, gaming devices, and military drones. U.S. military and intelligence community purchases of these products has tripled in the past year under Obama Administration rules. Chinese state media, including Xinhua, the China Daily, and the People's Daily, quoted a spokeperson for the Chinese Ministry of Commerce. "The proposed U.S. bill sends a very wrong signal. Don't they want us to buy that awful Dell company to use up some of the massive amounts of U.S. T-bills we bought? We already buy up all of their real-estate that we can to prop them up." "This abuse of so-called national security measures is unfair to Chinese enterprises and people, and extends the discriminatory practice of presumption of guilt," said the article in the official People's Daily. "This severely damages mutual trust between the U.S. and China." China Daily, in an editorial widely believed to be written by the government, said, "Besides, China does the U.S. taxpayers a favor by taking this awful company off their hands. Does the U.S. want another bailout of a failed company on their hands?" Technology security lawyer Stuart Bleaker wrote in a recent blog post that China could claim that the United States is violating World Trade Organization rules. However, because Beijing hasn't signed a WTO agreement setting international rules for government procurement, it may not be successful in its challenge, even though no one actually pays attention to WTO rules when big players like China are involved. Chinese foreign ministry spokesman Hong Lei also urged the U.S. to abandon the law at a news conference on Thursday. "This bill uses Internet security as an excuse to take discriminatory steps against Chinese companies," he said. "Let us buy Dell already! What's your problem? Frankly, we do you Americans a huge favor. You can't possibly want this awful company. We'll take it off your hands, get rid of some of the debt you owe us, and employ a bunch of people near Mongolia. A win-win for everyone." A U.S. State Department spokesperson could not be reached for comment.
Deeper Meaning in a Live YouTube April Fools' Gag
http://lauren.vortex.com/archive/001018.html
As I'm typing this at around 16:45 PDT on April Fools' Day, Google's YouTube
is running one of the funniest stunts I've seen in years.
On this currently live video feed ( http://j.mp/X9E9pj ) we have a pair of
presenters reading the titles and uploader descriptions of seemingly rather
randomly selected YouTube videos. They're not showing the videos mind you
(except for a few being "spotlighted")—just reading texts from large
piles of red and white YouTube cards, in a manner reminiscent of some
twisted awards ceremony from an alternative universe.
And in fact, this April Fools' Day event is part of a larger gag (one of
many deployed by Google for today—others included "Gmail Blue," "Google
Nose," and more).
In this case our presenters are purportedly in the process of announcing
every video ever uploaded to YouTube, in preparation for shutting down
YouTube for a decade, while the corpus of existing videos is reviewed to
select the "best of them all"—to be announced in 2023, of course.
What's so very fine about this particular joke is the way the pair of
presenters (Donald and Kendra) are playing it all absolutely straight, with
barely a smile cracked as they intone out loud video descriptions ranging
from touching to ludicrous, all of which appear to be 100% absolutely legit.
And of course, the juxtaposition of completely unrelated descriptions only
adds to the amusement.
But as this delightful spectacle continues to stream onto a screen to my
left at this very moment, I'm thinking that there is a deeper meaning in
play.
Those YouTube video descriptions—from serious to silly, from banal to
urbane—and by definition the videos associated with them—are a
cross-section of real life, in all its stupendous variety and wonder.
Soldiers in battle. Dog eating burger. Bad guitar players. A tribute to a
lost friend. Millions and millions and millions of videos, every single one
meaning something to whomever took the time to upload them.
Lots of people make money posting on YouTube, but vastly more post simply
for the joy of sharing what they care about, and within those piles of cards
being read aloud today is the very essence of that meaning—remarkably
clear even absent the actual videos themselves.
I think this is a truth worth noting. And since D and K were just provided
with chairs at last, it looks like the show may be good to go for quite a
while yet!
Even in the midst of this great April Fools' concept, there is a teachable
moment in every video upload, in every video description. Together they're
a distillation of so many persons' loves (and hates), desires, fantasies and
memories.
That's quite remarkable, really.
And it's no joke.
Imagine taking a college exam, and, instead of handing in a blue book and getting a grade from a professor a few weeks later, clicking the `send' button when you are done and receiving a grade back instantly, your essay scored by a software program. And then, instead of being done with that exam, imagine that the system would immediately let you rewrite the test to try to improve your grade... http://www.nytimes.com/2013/04/05/science/new-test-for-computers-grading-essays-at-college-level.html?hp What could go wrong? [For example, students who reverse engineer the software or gain experience from the program's behavior can adjust their writing styles to just barely get a good grade—without ever really learning how to write effectively. By the way, Harvard now “admits that the e-mail surveillance was wider than the school originally admitted.'' Perhaps U.C. Santa Cruz had a better idea to do away with grades and grade-point averages—which might cause problems only when an undergrad wants to get admitted to a graduate school other than UCSC. But we seem to be generally dumbing down education wholesale at many levels, leading to lowest-common-denominator curricula, narrowing what is or can be taught, and reducing personal contacts with teachers. Autograding certainly might be another step in that direction. PGN]
Ted Samson, InfoWorld, 01 Apr 2013 Perpetrators of the DDoS ambush against Spamhaus exploited open DNS resolvers in third-party servers http://www.infoworld.com/t/security/fix-your-dns-servers-or-risk-aiding-ddos-attacks-215510 [Not an April-Fools' piece. It seems to have been a light year. PGN]
Ted Samson, InfoWorld, 01 Apr 2013 Similar to DDoS attacks, TDoS also used to extort cash from targets, including businesses and public service agencies http://www.infoworld.com/t/cyber-crime/cyber-criminals-tying-emergency-phone-lines-through-tdos-attacks-215585
http://j.mp/16uxXLr (Popehat via NNSquad) "Today the Prenda Law enterprise encountered an extinction-level event. Faced with a federal judge's demand that they explain their litigation conduct, Prenda Law's attorney principals - and one paralegal - invoked their right to remain silent under the Fifth Amendment to the United States Constitution. As a matter of individual prudence, that may have been the right decision. But for the nationwide Prenda Law enterprise, under whatever name or guise or glamour, it spelled doom." Such a cheerful word in this particular case: "doom."
I had not thought of the risk presented in the use case quoted, probably because I am the only one who uses my computers. I have read accounts of people searching for something on the Web and then getting bombarded with ads for it for some time after. http://www.infoworld.com/t/applications/firefox-20-ups-html5-support-adds-dev-tools-and-tab-private-browsing-215672 Ted Samson, InfoWorld, 02 Apr 2013 Firefox 20 ups HTML5 support, adds dev tools and per-tab Private Browsing Mozilla's latest browser release unlocks HTML5 features and supports ARM processors for low-power smartphones "Privacy buffs will likely be most interested in per-tab Private Browsing feature, which lets you open a new window for an Internet session during which no site- or page-specific data—such as history, passwords, downloads, or cookies—is saved to your machine. You can then freely switch back and forth between private-session windows and the regular one. Mozilla provides a fairly innocent example of a use case: a user browsing online for a surprise gift."
http://j.mp/10mgja9 (The Next Web via NNSquad) "On Thursday, Microsoft Studios creative director Adam Orth sent out a slew of tweets implying that he sees nothing wrong with rumors of Microsoft's next Xbox, codenamed Durango, requiring an "always-on" Internet connection to function. Unsurprisingly, the backlash from users was massive, and although Orth ended up setting his Twitter account to private to hide them from the general public, by then the damage had already been done. Microsoft on Friday released an official statement regarding the tweets: ..." As the song says, "When will they evvvvvver learn?" Tweets are public. Public is public. Period.
http://www.infoworld.com/d/security/ransomware-uses-victims-browser-histories-increased-credibility-215560 Lucian Constantin, IDG News Service, InfoWorld, 1 Apr 2013 Visited websites are listed as source of illegal material to make bogus police messages more believable, researcher says
Massachusetts Supreme Court Rules ZIP Codes Are Definitely "Personal Identification Information" http://privacylaw.proskauer.com/2013/04/articles/uncategorized/massachusetts-supreme-court-rules-zip-codes-are-definitely-personal-identification-information/
http://www.propublica.org/article/everything-we-know-about-what-data-brokers-know-about-you
I usually visit most web sites with Javascript turned *off*, which traditionally has saved a lot of CPU effort, because Javascript isn't constantly busy sending my mouse position back to the web page I'm visiting. However, I've noticed that in the most recent versions of Mozilla Firefox (19, perhaps even 18)—even with Javascript turned off—my Windows CPU is working so hard for Firefox that it has trouble mouse tracking my other applications. I know this because the moment I exit Firefox, my mouse tracking returns to normal. Also, Windows Task Manager reports exceptional usage by Firefox. Neither the Internet Explorer nor the Opera browser require such heavy CPU activity, so this issue is specific to Firefox. I don't know if Firefox has gone over to the 'dark side', and is now spying on its users full time, but there is no legitimate reason for all of this heavy duty CPU activity.
[Note: This item comes to DLH via Mike Cheponis, and thence via Dave Farber.] Date: April 1, 2013 1:28:17 AM PDT From: Michael Cheponis <michael.cheponis@gmail.com> Subject: Denial of Service Attack on Spamhaus Was Enabled by Lax Server David Talbot, `Massive' Cyberattack Wasn't Really So Massive *MIT Technology Review*, 29 Mar 2013 A decade-old fix could have easily stopped this weekend's attack on an anti-spam company, but the truth is many Web companies simply ignore such fixes. http://www.technologyreview.com/news/512911/massive-cyberattack-wasnt-really-so-massive/ An attack that disrupted Internet service over the past week would have been stopped by a simple Web server configuration fix that's been understood for a decade but is widely ignored by Web companies, experts say. The prolonged assault targeted Spamhaus, a European nonprofit that reports where spam is coming from and publishes a list of implicated Web servers. The apparent flashpoint was the addition of CyberBunker, a Dutch data-storage company, to its roster. The unidentified attackers used a botnet—a network of infected ordinary computers—to attack Spamhaus's website and then the servers of CloudFlare, a content-delivery company that stepped in to help Spamhaus manage the influx of traffic. The attack also affected regional Internet servers that are transit points for not only the two targeted companies but also many others. While some observers have suggested that the scale of the attack was smaller than most reports indicated, according to a blog by the Austrian Computer Emergency Response Team (CERT), the attack caused “disruption in some parts of the Internet.'' The kind of attack that occurred is called `distributed denial-of-service' because many computers are tricked into sending chunks of data at one target, overwhelming it. This attack took advantage of a weakness in domain-name servers, or DNS servers, where typed Web addresses are resolved into the numerical codes that correspond to the machines that hold the relevant information. The attack involved sending DNS servers requests forged to look as if they came from the target. These DNS servers responded by overwhelming the target with data it didn't actually ask for. The impact can be amplified because the DNS servers—depending how they are configured—can be asked to send large amounts of data. [...]
What's new is that someone has managed to turn the weaknesses into a real exploit, albeit one that needs at least 224 and preferably 230 encryptions of the same plaintext to work. Except he almost certainly didn't write that; the numbers were presumably 2**24 and 2**30, expressed in some notation that didn't survive some reformatting process somewhere. (Either way, it's interesting math and a good practical article.)
Sears has a "rewards" program called Shop Your Way Rewards. Users are given a membership number and are invited to select a PIN of 4-8 digits (good). To help users remember their credentials, the program sends regular e-mails (sounds OK). These e-mails contain the membership number and the user-selected PIN (bad). Making a bad situation even worse, the program gives you a membership card with your number—and your selected PIN printed right on the card. Why have a PIN if it is printed right on the card? The risk arises because I, like most users, have a favorite memorable PIN and use it at multiple sites. The risk is, by using Shop Your Way Rewards, MY PIN has now been exposed. [Of course, THAT'S bad! PGN] Richard Karash —Richard@Karash.com—Karash Associates LLC +1 617-308-4750 — http://Karash.com
Just seen on Google+, slightly redacted for privacy. All three gentlemen share the same LASTNAME... Will LASTNAME originally shared this post: To Robert LASTNAME: congrats, your federal tax return has been accepted. To Wade LASTNAME: unfortunately your tax return was rejected because you included the wrong birth date. To both you: learn your friggin e-mail address Both of you input my e-mail address into TurboTax, so now I'm getting all your tax-related e-mails. And to +TurboTax: what the heck are you thinking, not actually verifying people's e-mail address before you start sending personal information in e-mails?!
I had a problem with pages at Starbucks.com displaying properly on Mac (using Safari). I sent an e-mail to them, pointing out the problem. Enclosed is the response. I don't think I need to say a lot, but it is clear that they are stuck in the 1990s, don't know about standards-compliance, and appear to not value customer security and choice. I was amazed to get a reply like this in 2013 -- and not on April Fools! Begin forwarded message: > From: Starbucks Customer Care <info@starbucks.com> > Date: April 3, 2013, 1:26:56 PM EDT > Dear Gene, > Thank you for contacting Starbucks. > Please note, if you are attempting to access Starbucks.com through a browser such as Firefox or Safari, some portions of the site may not function properly or permit access. We recommend using Microsoft Internet Explorer for optimum performance. If you continue to experience difficulty, please feel free to call 1-800-STARBUC and a representative will be happy to assist you.
Please report problems with the web pages to the maintainer