Biohazard Computers

Individual articles on websites will no longer carry the same pagerank as the hosting website since Google is now indexing each article as if they were unique pages. Is this the end of syndication, guest posting, or sponsored guest posts as we know it?
 
 If you have a Google PageRank tool on your browser, go to CNN.com.  You’ll notice that their homepage has an enviable Google PageRank 8.  Then click on the headline story on the front page and you’ll notice that the pagerank disappears to nothing.
 
 Although I used CNN as an example, I hardly feel bad for them as this move by Google seems to protect the big guys and put the small independent bloggers at a distinct disadvantage.
 
 Since Google is now indexing new articles as if they are stand alone URLs, it makes it much more difficult for independent blogs to compete with mega-sites for original material.  Additionally, small bloggers who syndicate or guest post their material on bigger websites will now get less-quality links back to their blogs.
 
 The bigger website may have a PR8, but since the new guest post will now start off as a zero, the backlinks embedded within the guest post or author’s bio are far less valuable until that individual URL matures into a stronger page rank.
 
 And if we are to assume that the same rules for increasing PRs for websites now apply to each article, then each guest post would require much more support than previously needed to make those links meaningful.
 
 It is generally known that Google increases pageranks based on the age of the URL, if the content is original material, how many powerful and relevant backlinks point to the URL, and whether new content is actively being added to the URL, as well as other secret algorithm calculations.
 
 Any small blogger knows that the process to increase a pagerank is no small task and powerful backlinks are like gold.  Now, it would seem they’ll have to work to build up the value of their material on other websites just to get the desired result for their personal blog.  It makes one wonder which site the independent blogger is actually working for now?

Don’t get me wrong, guest posting on large websites is still an excellent way for new bloggers to get their content in front of a bigger audience and to organically build their traffic and loyal following.  However, this recent change may now make SEO for blogs take much longer.
 
 Big websites already have the advantage of pointing their high-ranking homepage and category pages to the article giving it immediate juice.  Additionally, their massive traffic and the social following will boost the article when it is shared and commented on — all but guaranteeing the new articles will eventually build solid PRs.
 
 But what about the little guy who doesn’t have a huge following yet?  They will likely be stuck with the yeoman’s work of now having to build backlinks to each article as opposed to simply optimizing their homepage.  Or they will have to rely more heavily on using social networks and social media bookmarking.
 
 It seems to be a mechanism to further reward original content and discourage syndication, so it’s understandable from Google’s point of view.  However, it appears to present far more challenges for small websites to compete with the big boys.
 
 What’s more, many bloggers with low traffic blogs make a nice income from writing sponsored posts or reviews. The sponsors don’t care about traffic, only the blog’s page rank.
 
 Typically, bloggers are paid to place strategic links in new articles relevant to the sponsor’s business.  Now that these new articles will carry no page rank weight, it’s unclear whether this will continue to be a viable revenue stream for small blogs.
 
 In summary, the fallout from this change will likely be the following:
 
    1. The status of original content is elevated, but requires more support than before.
    2. Syndication is being discouraged.
    3. The advantage of big websites over small ones just got wider.
    4. Homepage links just got A LOT more valuable.
    5. Sponsored posts just became far less valuable.
    6. Social bookmarking is now more important than ever.
 
 Please let us know what effect you think this change will have.

Technology addicts may be at risk of sagging jowls, according to aesthetic experts.

It is believed that smartphone and laptop use, could cause facial skin and muscle to lose its elasticity as people spend an increasing amount of time sat with their heads bent.

It is now believed that the phenomenon, dubbed ‘smartphone face’ could be behind the growing trend for skin tightening treatments and chin implants which cost around £4,290.

According to statistics released by the American Society of Plastic Surgeons (ASPS) ‘chinplants’ are becoming the fastest growing cosmetic surgery trend.

In 2011 its popularity grew more than breast augmentation, Botox and liposuction combined.

And a number of leading doctors believe that technology could be behind the growing trend, as poor posture can promote saggy jowls, double chins and ‘marionette lines’ – the creases from the corners of the mouth down the chin.

Confirming the condition, coined ‘smartphone face’, Dr Mervyn Patterson of the Woodford Medical group told the Evening Standard: ‘If you sit for hours with your head bent slightly forward, staring at your iPhone or laptop screen, you may shorten the neck muscles and increase the gravitational pull on the jowl area, leading to a drooping jawline.’

According to Ofcom’s 2011 Communication Market Report 91 per cent of adults use a mobile phone while 27 per cent opt for smartphones.

Meanwhile the Health and Safety Executive’s Horizon Scanning paper reports that by 2015, 70-80 per cent of workers could be, at least partially, working remotely from a laptop.

ASPS president Dr Malcolm Roth also suggests that the use of video chat causes people to be more conscious of their appearance.

‘The chin and jawline are among the first areas to show signs of ageing.

‘As more people see themselves on video chat technology, they may notice that their jawline is not as sharp as they want.’

While chin implants are still relatively rare in the UK, surgeons have noticed a rise in the number of requests.

A spokesperson from UK cosmetic surgery provider, Transform, told MailOnline: ‘Over the past 18 months to two years we’ve seen a steady increase in the number of those opting for the procedure, but we’re around three years behind the U.S. so we expect a similar pattern to gradually emerge.’

Dr Nick Lowe of London’s Cranley Clinic revealed that other causes of a sagging complexion can include a naturally short, weak chin, weight fluctuations and even exercise and diet.

One of the country’s biggest internet service providers will force all of its customers to decide whether they want access to pornography sites or not.

The decision by TalkTalk will put pressure on other internet providers to offer the same service to parents who want to protect their children from potentially harmful websites.

The Homesafe filter, which has been available to those who want it since May 2011, blocks out sites that are considered unsuitable for those under 18 and include pornography, gambling, dating, drugs, weapons, suicide and self harming.

The company, which has spent £20m on the filter, will offer the service to its 4.2 million customers for every computer, mobile phone, games console or e-reader which has access to the internet via the family’s broadband connection.

All of its clients will be forced to make the decision with them choosing the settings once a year.

The system is not foolproof but it should stop children from accidentally viewing explicit material and adults who want to view the sites can remove the block and switch it back on again.

Dido Harding, chief executive of TalkTalk, said making the internet safe for children was as important now as road safety was in the 1970s.

‘Our competitors are being dreadfully slow to wake up to the fact that society as a whole cares strongly about this,’ she said to the Sunday Times.

The move also marks a significant step forward for the Daily Mail’s Block Online Porn campaign, which has called for a consultation on the introduction of content filtering systems for internet accounts.

There is growing alarm about the impact of sexual content on the internet and the effect it will have on Britain’s children.

Children as young as 11 are being exposed to online porn with some spending up to 10 hours a day watching explicit films.

According to experts the increased accessibility to smart phones and laptops have led to a surge in numbers of children dealing with porn addiction.

It is believed other internet providers will introduce a system in October which will install filters on specific devices, such as a mobile phone or laptop, rather than block out pornography.

However, the Government said there was room for error because some of them could be left unprotected.

Virgin Media supplies internet to 4.1m users only protects seven devices while BT only offer the service for three devices in each home to all of its 6m customers.

Sky has 3.8m customers and only offers protection for three PCs.

Research shows that 43 per cent of regular pornography users were first introduced to explicit images between the age of 11 and 13.

And as many as one in three under-tens has seen pornography on the web, while four in every five children aged 14 to 16 admit regularly accessing explicit images and video footage on their home computers.

Only three per cent of pornographic websites require proof-of-age before granting access to sexually explicit material, and two thirds do not even include any adult content warnings.

Internet users are receiving an average of five megabits per second (Mbps) less than they are shelling out for.

The huge 42% gap has been revealed by a new survey of more than 3,000 people, whose broadband speeds were tested over three days.

TalkTalk and Sky subscribers are having to put up with a massive 60% difference – the largest between an advertised speed and the sluggish service customers are actually receiving.

TalkTalk customers said they were promised 30 Mbps but were receiving only 5 Mbps, while Sky users are getting just 4.8 Mbps instead of the 12 Mbps they are paying for.

Virgin’s online users report a 41% gap, having been promised 30 Mbps but only receiving 17.7Mbps.

Other complaints reported by the Guardian survey include broadband black spots in city centres, exposed copper lines that fail in poor weather and having to move businesses out of homes because of slow connections.

Top of the pile is BT, whose customers pay for 8 Mbps and get 2 Mbps less, with those signed up to its budget Plusnet option experiencing a 27% gap.

‘If you were buying a dozen apples and you got three, you wouldn’t put up with it,’ said Hugh Colvin, an arts organiser who lives by the Welsh border.

Mr Colvin, who pays for two telephone lines so multiple family members can surf the internet at once, added: ‘It’s outrageous that I pay the same as somebody who is in the middle of London getting 10 times the speed.’

Civil servant David Combe, from Basingstoke, who shares his BT line with his partner and two children, said: ‘If anyone wants to watch iPlayer there is no point a second person going online. It’s like sharing a bathroom.’

Changes to advertising rules, which came int force in April, mean internet service providers can only claim ‘up to’ speeds if at least 10% of customers are actually receiving them.

The threshold has been criticised for being too low but more and more broadband companies are using individual quotes instead of advertising blanket speeds.

TalkTalk said no one agrees a contract without receiving a speed estimate tailored to them, while BT said it removed blanket claims from its website in April and has been providing personalised quotes for years.

A Sky spokesman said the company emphasises its unlimited download allowances instead of headline speeds and stressed all the evidence shows customers are very positive about the service.

A Virgin Media spokesman said it has long argued for greater clarity in broadband advertising but added providers continue to hide behind catch-all claims.

He said: ‘We are committed to continuing to lead this industry which is why we only advertise speeds that our customers can reasonably expect to actually receive.

‘Ofcom’s independent and comprehensive research consistently shows we deliver what we say, with our 30Mb service actually providing almost 31Mb on average.’

Broadband is 2 Mbps according to Ofcom, the minimum bandwidth needed for video applications such as BBC’s iPlayer.

But the survey found nearly a fifth of people are receiving 2 Mbps or less.

BT is rolling out a £2.5bn upgrade of its copper network, which includes fibre optic cables being fed from telephone exchanges to street cabinets.

It hopes to reach two-thirds of the country by the end of 2014 and, with Government support, the entire country in five years, resulting in speeds of up to 76 Mbps.

Customers will be able to order an all-fibre line from BT from next year but it could be unaffordable for most, with prices estimated at up to £1,000.

BT Group chief executive Ian Livingston said the UK will be leading the way for Europe, adding: ‘We’ll be giving fibre to within 400m of the average home.

‘If people really want and need faster speeds, we can provide it.’

Labour has called on the Government to update its broadband plans, with more fire connections to homes, businesses and schools.

Communications minster Ed Vaizey has boasted the UK will have the best broadband network in Europe by 2015.

A new wave of malware freezes a computer and demands payment to unlock it, this time falsely alleging victims have infringed copyright.

The campaign, spotted by Roman Hussy, who authors the abuse.ch blog, targets users in the U.K., Switzerland, Germany, Austria, France and the Netherlands.

Hussy posted a screenshot of the warning that users in the U.K. would see. It bears the logos of the Performing Right Society (PRS), a royalties collection organization, and the Metropolitan Police.

It falsely alleges that material protected by copyright has been found on the computer and subsequently has been moved to an encrypted folder “to prevent further damage.”

“To unlock your computer and to avoid other legal consequences, you are obligated to pay a release fee of £50 (US$80),” it reads.

The ransom can be paid with Paysafecard, a prepaid payment card offered throughout Europe and a few other countries such as the U.S. Hussy wrote the scam’s perpetrators even included information on where victims could purchase a Paysafecard.

The type of malware, known as “ransomware,” is nothing new, but the methods for manipulating users into paying change frequently. Hussy wrote in early March that a similar ransomware falsely warned of child pornography on a computer, demanding a £100 fine.

In this latest version, users can be infected with the ransomware if they visit a website that has been hacked to serve up the Blackhole exploit kit. The kit tries a handful of exploits on a user’s computer, and if vulnerable software is found, can infect it with malware.

Depending on where the user is located, the appropriate local page is delivered. Hussy wrote that he suspects whomever is behind the campaign is German due to the German words in the URLs in localized versions of the scam.

As of Sunday, the ransomware was only being detected by four of 42 security products on VirusTotal, Hussy wrote. In addition to locking up a computer, the malware also contains a component called Aldi Bot, which can steal online bank account credentials and conduct distributed denial-of-service attacks, Hussy wrote.

Summary

With the latest Lion security update, Mac OS X 10.7.3, Apple has accidentally turned on a debug log file outside of the encrypted area that stores the user’s password in clear text.

An Apple programmer, apparently by accident, left a debug flag in the most recent version of the Mac OS X operating system. In specific configurations, applying OS X Lion update 10.7.3 turns on a system-wide debug log file that contains the login passwords of every user who has logged in since the update was applied. The passwords are stored in clear text.

Anyone who used FileVault encryption on their Mac prior to Lion, upgraded to Lion, but kept the folders encrypted using the legacy version of FileVault is vulnerable. FileVault 2 (whole disk encryption) is unaffected.

The flaw was first reported by a security researcher David Emery, who posted his findings to the Cryptome mailing list. The bug has not been corrected by any subsequent updates. Emery explains the severity of the issue:

This is worse than it seems, since the log in question can also be read by booting the machine into firewire disk mode and reading it by opening the drive as a disk or by booting the new-with-LION recovery partition and using the available superuser shell to mount the main file system partition and read the file. This would allow someone to break into encrypted partitions on machines they did not have any idea of any login passwords for.

Since the log file is accessible outside of the encrypted area, anyone with administrator or root access can grab the user credentials for an encrypted home directory tree. They can also access the files by connecting the drive via FireWire. Having done that, they can then not only read the encrypted files that are meant to be hidden from prying eyes, but they can also access anything else meant to be protected by that user name and password.

This leak of credentials could be catastrophic for businesses that have relied on the FileVault feature in Macs for years. FileVault is intended to protect sensitive information stored by providing an encrypted user home directory contained in an encrypted file system mounted on top of the user’s home directory. If an employee has their Mac stolen, however, anything they encrypted, as well as anything that requires those credentials, can be accessed without hindrance if the vulnerable configuration is in place.

This also affects Time Machine backups to external drives. If your hard drive is stolen, it doesn’t matter that the backups require a key to read. The backed-up log file contains the required password stored in clear text. This means your compromised password has been backed up for the long term.

In addition to theft or just plain physical access, it would be possible for cyber criminals to write very specific malware that knows where to look on a targeted system. While this would be difficult to implement, the lure for cyber criminals is obvious; anything encrypted, especially by an enterprise employee, has the potential to be very valuable.

Mac OS X version 10.7.3 was released on February 1, 2012. This means for users who updated immediately, weeks of accessing encrypted folders is now available for anyone to see. The good news is that it isn’t the full three months since the log file is only kept by default for several weeks. If you updated last week, then it’s only one week of password accesses that has been stored. Of course, sometimes that’s all it takes.

Some users have already noticed this feature in the wild but hadn’t yet stumbled across the reason. Users on the Novell Forums noticed and have been discussing the issue since last week.

On the Apple Support Communities, at least one user noticed the flaw exactly three months ago, and asked for an explanation. Here’s what he wrote:

I’ve tried it on another Mac as well, same result: The login of a normal network user writes this log line as his homedir gets mounted.
This poses a security risk. We have some users who are local admins, they could ask another user to login on their Mac and look for the password afterwards. Extration in single user mode would be possible as well.

Is this a “speciality” of our environment or is this a known bug? Can I turn this behavior off?
We are running Lion clients with a SL Server and using OpenDirectory.

Nobody got back to him.

This flaw further shows Apple has a quality assurance problem. When it comes to encryption, it’s important to choose a secure algorithm, but implementation is even more important. A simple bug in how the keys are secured, managed, or accessed can lead to a massive unraveling, as we’ve seen here.

Apple needs to fix this issue as soon as possible. Even when a patch is made available, it will be impossible for the company to ensure the log file has been deleted, especially given all the places it may have been backed up. This means your password could still be out there even after you update, so after you do, make sure to change it.

I’d like to thank my colleague Ed Bott for editing and contributing to this report.

I have contacted Apple and Emery, and will update you if I hear back.

Update on May 7: Emery got back to me with a lengthy e-mail. Here is an excerpt of his thoughts:

In my opinion, it should be impossible to turn such a feature on without patching code, and ideally shipped binaries should not contain even a disabled code path to log passwords in plain text.

And considering the consequences for security, there certainly are legitimate questions about whether this was a pure accident by some low level developer that failed to get caught by QA, or a deliberate act by a malefactor (”mole”) somewhere within Apple – or by far the least likely but also most sinister – a deliberate act a by someone in authority at Apple – perhaps to meet pressure from some government for access to encrypted partitions (at national borders ?).

Certainly there is a well known strategy for finding this sort of stuff – namely to choose a rather unique password string and search for it across the entire raw disk device (and if you find it or perhaps certain predictable permutations and encodings of it as well, determine what file it is in using the obvious filesystem maintenance commands that track a disk block back to the file it is part of). This is weak in that it doesn’t catch all cases of leaks reliably but at least might catch a glaring one like this… I’d frankly expect it would be automatic to run such tests as part of a regression suite on a major product trusted by millions to be somewhat secure.

While it’s technically a regression, and while it will surely make those of us who remember having to install DVD support on Linux from third-party repositories smile, it’s still a major change and a sign of things to come: Windows 8 will ship without support for DVD and Blu-ray playback.

Back in the day, you had to manually enable DVD playback after installing Linux. Distributions based out of the US were unable to include the required libdvdcss (or libdvdcss2), so users had to manually install the package afterwards. Smaller distributions, or those based outside of the US, were more liberal with including libdvdcss. The end result was loads of articles on the web detailing how to enable DVD playback support on Linux. It was a ritual of some sort.

In a way, it’s kind of poetic justice that Windows users will now have to jump through the same hoops. To cut costs, and since its use was declining anyway, Windows 8 will ship without support for DVD and Blu-ray playback. To enable it, you have to buy/install Windows Media Center, or rely on one of the many third party solutions. The same also applies to support for DBV-T/S, ISDB-S/T, DMBH, and ATSC.

“Globally, DVD sales have declined significantly year over year and Blu-ray on PCs is losing momentum as well. Watching broadcast TV on PCs, while incredibly important for some of you, has also declined steadily,” Microsoft details, “These traditional media playback scenarios, optical media and broadcast TV, require a specialized set of decoders (and hardware) that cost a significant amount in royalties.”

This should reduce the cost of a Windows license, and considering Windows 8 has a tablet-focus, it makes sense not to force OEMs to pay for something tablets won’t have anyway (optical drives). It’s a good thing for me – I haven’t had an optical drive in any of my PCs for years, and I wouldn’t be surprised if the same applies to more of you. Just ask yourself: when was the last time you really used your optical drive?

It’s also a sign of something larger within Microsoft: the company has become incredibly willing to cut cruft from their operating system, even when it comes to support for hardware. This is a good sign, since if there’s one thing that’s held Microsoft and Windows back, it’s that.

As far as the entire industry goes, it’s obvious that optical media are on their way out. Apple never even supported Blu-ray to begin with, and with more and more laptops being sold without an optical drive, it only makes sense to start phasing it out. Let’s face it – it’s never been a particularly good storage medium, in terms of capacity, reliability, and speed.

So, raise a cup of coffee, and good riddance, I say.

Criminals have hacked web sites to serve drive-by malware to Android users; the malware poses as a system update that a user is tricked into installing. The malware, dubbed NotCompatible by Lookout Security and initially reportedby Reddit user Georgiabiker, is hosted in a iframe at the bottom of a manipulated web page. When a user arrives on the page, a file by the name of “Update.apk” begins downloading immediately.

But it is only offered for installation, as “com.Security.Update”, if the user has enabled the “Unknown Sources” setting in the system preferences. If that is not enabled, the installation will be blocked. The malware authors have not exploited any vulnerabilities in Android to install the software and are relying on social engineering and a preference that is often set on Android devices when people want to install software that is not from the official Android Market.

Drive-by downloads such as this are common for Windows PCs, but the sites serving up NotCompatible are being selective; when a user visits one of the sites that is serving up the malware, androidonlinefix.info, the browser’s User-agent string is checked and the malware only sent if it contains the word Android.

The malware itself appears to be a simple TCP relay/proxy which could be used to access private networks; it appears to call out to command and control servers at, among others, notcompatibleapp.eu and could allow the operators of the server to route connections from outside a firewall to within a private network belonging to an individual, company or government. The simplest protection against NotCompatible is to only set the “Unknown Sources” system preference when installing software from a trusted source, and to unset it immediately afterwards.

Motorola Mobility has been granted an injunction against the distribution of key Microsoft products in Germany.

The sales ban covers the Xbox 360 games console, Windows 7 system software, Internet Explorer and Windows Media Player.

It follows a ruling that Microsoft had infringed two patents necessary to offer H.264 video coding and playback.

A US court has banned Motorola from enforcing the action until it considers the matter next week.

The handset maker is in the process of being taken over by Google.

Appeal

This is just one of several cases involving about 50 intellectual properties that the smartphone maker has claimed that Microsoft should have licensed.

Microsoft has said that if it met all of Motorola’s demands it would face an annual bill of $4bn (£2.5bn). Motorola disputes the figure.

A statement from Motorola said: “We are pleased that the Mannheim Court found that Microsoft products infringe Motorola Mobility’s intellectual property. As a path forward, we remain open to resolving this matter. Fair compensation is all that we have been seeking for our intellectual property.”

Microsoft said it planned to appeal against the German ruling.

“This is one step in a long process, and we are confident that Motorola will eventually be held to its promise to make its standard essential patents available on fair and reasonable terms for the benefit of consumers who enjoy video on the web,” a spokesman said.

“Motorola is prohibited from acting on today’s decision, and our business in Germany will continue as usual while we appeal this decision and pursue the fundamental issue of Motorola’s broken promise.”

US hearing

Microsoft moved its European software distribution centre from Germany to the Netherlands last month ahead of the verdict to minimise potential disruption.

However, Motorola cannot enforce the ruling until a Seattle-based judge lifts a restraining order.

The restriction was put in place after Microsoft claimed that Motorola was abusing its Frand-commitments – a promise to licence innovations deemed critical to widely-used technologies under “fair, reasonable and non-discriminatory” terms.

A hearing is scheduled for 7 May, although the judge may issue his ruling at a later date.

The German case is also likely to be considered by the European Commission.

It is carrying out two probes into whether Motorola’s Frand-type patent activities amount to “an abuse of a dominant market position”.