And You Will Know Us by the Trail of Lulz
Jun 18, 2011 5:00 AM PT
The hacker group LulzSec has been carrying out a security-busting blitzkrieg across the Web over the last few weeks, and its targets are getting bigger and bigger. You can tell where it's been by the path of sites left shivering in a fetal position -- sites belonging to organizations like PBS, Sony, Bethesda Softworks, and even the U.S. Central Intelligence Agency.
LulzSec's latest stunt's been to set up a so-called dial-a-hack hotline. You can call in and make a case that Lulz's hackers should make their next target whatever group or company you presently have a beef with. If Lulz likes your suggestion, they'll do what they do and run roughshod over that organization's computer systems, leaking data, shutting down systems and causing general cyberchaos. Judging by the sites they've hit so far, it seems some of them are pretty good at it, too.
What's perhaps most unusual about LulzSec is its motive. Its hackers don't seem to be doing what they do for a direct profit -- so far there's no indication they're stealing credit card data to sell on the black market, which is where the money is for for-profit hackers. The word "Lulz" in the name suggests they're doing it for the pure hell of it. It's Internetspeak for the joy derived from causing disorder in the lives of others. But perhaps the point isn't entirely to just go around griefing up the place. They also seem intent on proving a point by actively demonstrating how just how weak so many computer security systems really are, even ones used by hundreds of thousands of people.
That's not to say what LulzSec is doing is harmless. Publicizing the usernames and passwords for tens of thousands of online accounts isn't harmless, and that's exactly what Lulz has done on multiple occasions. That could easily result in fraud committed by a third party. Weaknesses in the security systems used to protect these users' info might be partially to blame, but generally accepted etiquette among hackers holds that if you find a weakness, you tell the site's admins about it and give them ample time to fix it before threatening to spew the data. LulzSec apparently just spews away.
There's even been speculation that some members of LulzSec might actually be white-hat hackers by day, working at familiar and trusted security companies that do play by the rules. Then they go home, change into some shade of gray perhaps, and go about "fixing" security in a very different way.
Important detail: LulzSec is not the same as Anonymous. In fact, the two hacker groups have reportedly butted heads recently, and 4chan, a site closely associated with Anonymous, was down for a few hours this week, possibly due to a LulzSec strike. It appears the scuffle is rooted in video games -- LulzSec's attack on various online game networks pulled the rug out from under certain games favored by 4channers, and they vowed mortal revenge.
Listen to the podcast (14:52 minutes).
Blasphemy? Madness? This Is Spartan!
For iPhone users who don't care to jailbreak their phones, there's one and only one place to get iOS software: the App Store on iTunes.
But back when the iPhone was young, way back in 2007, there was no App Store. An iPhone could only be made to run third-party native apps if you hacked it; meanwhile, the unwashed masses were made to settle for Web apps. Developers could design dynamic, interactive Web pages that fit perfectly within the iPhone's Safari browser, and from there the iPhone owner could use them sort of like they were native apps, only they were actually running on a server somewhere, not on the phone. Most were free -- and pretty lightweight.
Of course Web developers can and do still make Web apps for iPhone, but now that there's an App Store, that's not the only option. However, the App Store isn't exactly a free and open market -- it's lorded over by Old Man Apple, and in order to set up your booth you have to conform to a pretty thick rule book and pay Apple a portion of your sales revenue.
Now social network Facebook might be getting ready to revive the Web app scene.
The site's big upcoming project is called "Spartan," and it would effectively act as an alternative App Store, according to a TechCrunch report. As it's being described, it sounds like you could even call it a sort of alternate iPhone OS.
Theoretically, it will all happen through Safari, the iPhone's native Web browser. Users who go to a special Facebook site will be presented with a wide variety of Web apps. And those apps will be 100 percent under the control of Facebook, not Apple.
Accessing and using these apps might even make it feel like the Web page itself is the operating system -- kind of the same argument that suggests that for all practical purposes, the real OS you're using isn't OS X or Windows or Linux; it's actually whatever Web browser you're on, since so much activity happens on the Web.
But didn't iPhone developers grumble back in 2007 about having to write for the Web when the iPhone was perfectly capable of running software natively? Would Spartan actually be a step backwards into a leaner, plainer software environment? Not necessarily. The Web has changed a lot since 2007, and thanks to advances like HTML5, it's possible to create richer, deeper iPhone Web apps.
Of course a Spartan app wouldn't be able to match a native app's ability to interact with certain iPhone features -- for example, the accelerometer or gyroscope -- and Web apps aren't much good if you don't happen to have Internet access at the moment. So it wouldn't be a full-on App Store replacement. But some developers who are fed up with Apple's rules might flock to Spartan if Facebook gives them more liberty in terms of content and how much money they can keep. In fact, TechCrunch says Facebook already has 80 on its side.
Those developers have always been free to make a Web app, of course. The tricky part is promoting that app and getting a whole bunch of users to swing by, check it out and perhaps even pay for it without the help of a central, trusted hub. If the official App Store is a promotional and payment tool for native apps, Spartan could do the same for Web apps -- Facebook definitely has the numbers and the name recognition.
If Spartan is real and works as expected, it could present a significant threat to Apple's own App Store. It sounds like the kind of thing Apple would fight tooth and nail, and the company's been known to block out perceived threats by tweaking what it does control -- it's own platform. In this case, though, that would be Safari, and changing Safari in ways that would hinder Spartan but not hobble the browser itself would be a difficult balancing act.
It was supposed to be a simple plan. Step 1: Threaten a few mobile application developers with lawsuits for allegedly violating a patent. Step 2: Offer them a way out that would cost the developers way less than it would cost to hire the kind of lawyers it would take to actually fight the matter. And Step 3, as always, profit.
That was the plan devised by an outfit called "Lodsys," and if you ask them, they'll insist what they're doing is completely fair and reasonable. The company owns a patent on a technology used for making in-app purchases, and it says that patent is being violated by app makers all over the place. So it sent out some nastygrams here and there presenting various app developers with two options: Either get caught up in a legal battle that will cost you big even if you win, or pay Lodsys a fraction of a percentage point of your future revenues to license the tech and we'll call it a day.
You might call that a fair and reasonable attempt to protect one's IP, or you might call that trolling -- especially since devs who build for Apple's iOS platform may already have the right to use that technology. Apple's already licensed Lodsys' patent and bundled it into the toolset it gives developers to make iOS apps. According to Apple, that license extends to third-party developers, and it means Lodsys' threats against them are groundless.
When the threats first started appearing in developers' mailboxes, Apple caused quite a bit of tension by staying silent on the matter. Finally, Apple lawyer Bruce Sewell penned a short, firm and probably very expensive letter asserting that Lodsys was full of crap.
Lodsys refused to back off, and now Apple's decided it's time for action. It's filed a motion to intervene in a lawsuit Lodsys has filed against seven iOS developers. If the judge gives the OK, instead of going up against the motley crew of lawyers the devs have hired, Lodsys will face Apple's private army of legal assassins. Their goal is probably not only to defend those seven developers in particular, but also to smash up Lodsys' case so badly that it won't even think about threatening to sue any more iOS developers.
From the devs' point of view, the Sewell letter from a few weeks ago was a hopeful sign, and now that Apple's put action behind words, they're probably breathing a sigh of relief. They'll breathe an even bigger one if the judge allows the motion. As much as software makers have complained about Apple's App Store rules in the past, at least they now know it has their backs in a pinch.
For Lodsys, it's not such a great turn of events. Apple's developer community is highly valuable to the company, and it looks like it'll go to great lengths to protect it, so Lodsys isn't in for an easy fight. Its lawyers are going to be busy, and not just because they'll be fighting Apple's hired guns. Companies like The New York Times and computer security firm ESET have reportedly filed lawsuits of their own against Lodsys. Both firms had been targeted by Lodsys and are countersuing in separate actions to get its patents invalidated.
Even though Facebook's apparently been using facial recognition technology for almost half a year, that fact didn't seem to garner much media attention until last week, when all of a sudden it was being regarded as the creepiest thing Facebook's ever done.
Privacy advocates and consumer groups were quick to issue their criticism of the not-so-new feature, but catching hell from those organizations over the site's constantly changing privacy controls and policies is probably something Facebook's very much used to by now.
This time, though, those groups went a step further and whipped up a 38-page complaint to the FTC. The move was spearheaded by EPIC, the Electronic Privacy Information Center -- and groups like the Center for Digital Democracy, Consumer Watchdog and the Privacy Rights Clearinghouse all signed on.
Facebook has defended itself by asserting that the technology's only used to suggest tags a user might want to add to a photo, it only brings up images of people the uploader is friends with, it requires direct approval before actually applying the tags, and the whole thing is opt out, so if you don't like it you can tell it to go away.
But the complaint has already caught favorable attention on Capitol Hill. Massachusetts Representative Ed Markey has spoken up as an early supporter of the complaint, and California's Mary Bono Mack has been on Facebook's case regarding facial recognition since last week, when the feature received wide attention from the media.
You Won't Fool the Routers of the Revolution
The protests that have been going on in the Middle East and Northern Africa since last winter have been some of the most dramatic, largest and longest-lasting popular demonstrations in modern history, so it sounds kind of trivial to call the whole phenomenon "The Facebook Revolution" or "The Twitter Uprising." Most of us use social networks do stuff that's a little more mundane than overthrowing the government. But in the countries where Arab Spring Fever has taken root over the last few months, social networks like these have been vital tools for protesters attempting to organize themselves and communicate instantaneously with an unlimited audience.
For many of the under-siege governments these protesters are trying to oust, the response has been to pull the plug on the entire Internet. They'll order local ISPs to shut down service entirely, all the while claiming that it's being done to protect the masses from online rabble-rousers. The result is often the opposite: Shutting off the Internet just pisses the people off even more, so instead of a halfway-organized protest you have flat-out chaos.
Once in a while, some of the more tech-savvy protesters have been able to rig up some kind of improvised network, but in the event that another dictator calls for another Internet blackout, the U.S. State Department wants to make it easier for demonstrators to get themselves back online.
The State Department has revealed it's funding a program to put hotspots in hot zones. The New York Times originally broke the story, and the government publicly confirmed it a few days later. The plans include the design and construction of something that's being referred to as an "Internet in a suitcase." It's a portable case packed with networking gear that can be deployed to create what's basically a massive WiFi router. It'd be amped up to provide a way-bigger signal than that little Netgear thingy on your desk, and of course the FCC would have nothing to say about that as long as it's not used in the U.S.
The plans also include putting powerful cellphone towers on U.S. military bases located in and around volatile countries.
Acknowledging the program might earn the U.S. State Department a PR Gold Star -- preserving the free flow of information when a dictator tries to kink the hose does sound very pro-democracy. However, it's still unknown whether some of these ousted governments will be replaced by leaders whose interests align with those of the U.S. in general and the present White House in particular. It remains to be seen whether this program will swing in to the rescue of any mass protest group whose wires have been cut, or if it'll only be there for ones whose politics pass a litmus test.