Tuesday, 30 June 2009

China outlaws virtual currency for real-world items


China has passed a new law that makes the purchase of physical goods with virtual currency a law, but this may not have as large an effect on gold farming as it at first seems.

In a world of increasingly virtual human interactions, the idea of money is becoming more fluid than authorities find comfortable. China has officially outlawed the practice of exchanging virtual currency for real goods, and minors are no longer able to buy the virtual cash. These rules will help the government control trade in China, but they could also impact the huge gold-farming industry that exists in the country.
It's easy to understand why China has such a problem with "virtual" currency being used for so many purposes. Tencent QQ is China's most popular instant-messaging client, offering a currency called "QQ Coins" that are used for purchasing items for their online identity. This currency has become popular among the youth, and now many online stores will accept the coin as actual payment for goods or online gaming. Using this virtual currency for real-world transactions outside of the messaging service makes it an ideal way to hide transactions, giving organized crime a potential route to launder money.

The new law makes the acceptable uses of this currency clear. "The virtual currency, which is converted into real money at a certain exchange rate, will only be allowed to trade in virtual goods and services provided by its issuer, not real goods and services," the government explained.

So will this law hurt the gold farming industry? It's hard to say at the moment, but common sense says that with so many people making so much money from the practice, the gold farming business has its own momentum that makes enforcing legislation a challenge. Minors will no longer be able to buy gold or other in-game currencies with actual money, and the selling of the in-game cash for real-world money seems to run afoul of the new rules. The loophole? Gamers could still use the gold to buy in-game items, which could then be sold to other players to be converted back into gold. That adds an extra layer of complexity for selling in-game money, but shows how easily the law can be subverted.

There are also questions raised by the new law. If prepaid cards are considered virtual currency, will gamers be asked to provide identification showing they are of legal age before buying time on their favorite games? Only currency is named in the law, meaning that virtual items or even characters can still be bought and sold. As long as there is a stable economy without too much fluctuation in prices, anything online can be used as a currency, making the language potentially vague. Gamers can make actual money by buying and selling virtual currency—sometimes even across games—which makes the very definition of currency fluid. If enough people agree that a virtual blue T-shirt is worth a certain amount of yuan, that shirt can become as good as the QQ Coins that were used to buy it, which were of course as good as cash to many retailers already.

By Ben Kuchera

China not backing off despite filter code post on Wikileaks


China still plans to implement the controversial Internet access control software "Green Dam Youth Escort" as of July 1 on every new PC sold in the country. This is despite warnings from security researchers and concerns from the US Embassy, not just over the restriction of information, but the security implications of what appears to be such vulnerable software.

hina is filtering out criticism and diving in headfirst with its plan to roll out controversial filtering software on all PCs sold in China. The Chinese media quoted an unnamed source inside the Ministry of Industry and Information Technology, saying that the software will still come with all computers as of July 1 despite the discovery of massive security holes and vulnerabilities by security researchers.

News came out about China's plan to implement Internet access control software, called the "Green Dam Youth Escort" earlier this month. The Windows-only software provides a mix of features, including whitelists, blacklists, and on-the-fly content-based filtering. The blacklists can be updated remotely, however, making Green Dam quite an attractive option for a government that likes to keep tight control over what kind of content its citizens are exposed to.

Unfortunately for everyone buying a computer in China after July 1, researchers at the University of Michigan soon discovered that Green Dam was plagued with serious security vulnerabilities. Not only can malicious websites easily take advantage of the security bugs to run arbitrary code on the user's computer, much of the blacklist content was stolen verbatim from commercial filtering programs sold in the US. Just yesterday, code to exploit the Green Dam software was published publicly on Wikileaks, thereby giving the entire world the ability to mess around with the software once it hits Chinese computers in just over a week.

None of this has stopped the Chinese government, though, who apparently told People's Daily that it will still mandate that Green Dam either come preinstalled or on a CD with every new computer. This, of course, continues to ruffle the feathers of US officials who not only condemn the filtering of Internet access on a government level but also share concerns about the software's security holes.

"We are concerned about Green Dam both in terms of its potential impact on trade and the serious technical issues raised by use of the software," the US Embassy said in a press briefing on Monday. "We believe there are other commercially available software programs which provide users with a wide range of choices for shielding minors from illicit or inappropriate internet contact—content, which is the ostensible rationale for this. We’ve also asked the Chinese to engage in a dialogue on how to address these concerns."

By Jacqui Cheng

Tuesday, 23 June 2009

Vista Forensics

Check out this SlideShare Presentation:

Saturday, 20 June 2009

Quantum Secrets: A New Standard in Crytopgraphy?


Quantum cryptography has been a Holy Grail for security researchers since the idea was proposed, the promise of a new standard in absolutely unbreakable communications. But it's a new standard in the Microsoft sense: "Use our brilliant new system, because we're making sure the old one doesn't work anymore."

The most common security algorithm used online is RSA, an encryption system designed by MIT researchers Ron Rivest, Adi Shamir and Leonard Adlemen in 1977 (hence RSA, Rivest-Shamir-Adlemen). The idea is that any numerical code can be cracked, so rather than try to invent one that's unbreakable you settle for one that would take a really long time - everybody involved is dead because the sun has exploded five billion years later kind of long time. The system is scalable too - every time computers improve, you just make your RSA bit-string longer to exponentially increase the processing power needed to crack it before the user dies of old age.

That's where quantum computers come in. They operate using "qubits" which can be in every possible state at once - so an eight-qubit system could represent every possible 8 regular-bit piece of data. It still collapses into just one regular 8-bit state when you look at it, so the quantum nature of the data was just a mathematical oddity until MIT Professor Peter Shor came up with an algorithm that could access this "every possible state" property to crack the RSA problem. Since then the race to build a quantum computer has been running in earnest.

However, quantum mechanics also promises a replacement for the redundant RSA. Key codes can be transmitted in pairs of particles in such a way that they can't be copied, and these keys can then be used to make a truly uncrackable code. By uncopiable, we mean that the act of a spy even looking at the keycode will destroy it - and the receiver immediately knows to use a different one. This is known as Quantum Key Distribution (QKD), and an EU Initiative for "Secure Communication based on Quantum Cryptography" (SEQOQC) claims it will demonstrate a network-ready version of the technology this October in Vienna. You can be sure security experts worldwide will be paying close attention, as well as a couple of 00-agents and possibly Q.

But you have to be careful of the hype. While the theory of quantum communications promises absolute security, there's a lot of room between theory and actual practice for problems. Researchers at the University of Toronto have already demonstrated a successful spy-attack on a commercial QKD device, based on particular aspects of hardware not quite delivering the idealized situation. Because you'll always have people messing things up. Remember - you can use the very basic physics of the universe to transmit an absolutely secure code around the globe, but you can't stop the person at the other end writing it on a yellow sticky on the side of their monitor.

Posted by Luke McKinney.

Thursday, 11 June 2009

Data Protection Makes Identifying Online Pirates a Nightmare

Norway’s data protection department has indicated that ISPs must delete all personal IP address-related data just 3 weeks after collection. The instruction, initially given to two ISPs but applicable to them all, means that it will be incredibly difficult to take action against file-sharers.

Previously it hasn’t been particularly easy for copyright holders to go after alleged infringers in Norway, but just recently the country’s telecoms regulator said that file-sharers’ identities can be given to copyright holders, providing a court agrees there is a good reason to hand them over. This means that these individuals can be pursued through the courts, or through “pay up or else” type threats.

However, the authority in charge of data protection in Norway has just made that process much, much harder for the copyright holders, since it has instructed two ISPs - Tele2 and Lyse Tele - to delete all IP address-related personal information they hold on their customers which is more than 3 weeks old.

According to Aftenposten the decision, borne of the Personal Data Act which prohibits the storage of unnecessary data, will apply to all ISPs in Norway such as Canal Digital, NextGenTel, Telenor and others.

The fact that data can only be held for just 21 days will see the immediate deletion of IP information held on around 1.6 million subscribers by these Norwegian ISPs. However, the decision flies in the face of European Union rules which say that this type of data must be held for at least 6 months - right now in Norway, data retention can be anything from a few days to five months.

The process of monitoring file-sharers, gathering evidence and then collating it all into an acceptable format can be time consuming. Add this to the time taken to get into the system to obtain a court order from a judge to force the ISPs to hand over data on their customers, and you end up with a period longer than 21 days. By which time the data has gone and the evidence becomes useless, since it’s impossible to identity the alleged infringer.

Written by enigmax Torrent freak

Thursday, 4 June 2009

Facebook blocks private messages


PHOTO: AFP
SYDNEY - AN AUSTRALIAN news website reported on Friday that Facebook has begun blocking private messages.

The technology blog written by News Limited journalist Andrew Ramadge stated that Facebook 'has started censoring private messages sent between users to block out internet nasties'.

According to the blog on news.com.au, if links to certain websites are detected in a private message, the user is shown a warning.

The message says 'Warning: This message contains blocked content. Some content in this message has been reported as abusive by Facebook users.'

The message is then deleted automatically.

Mr Ramadge writes that the first block to be reported was applied to The Pirate Bay; one of the world's largest file-sharing websites. The Pirate Bay recently lost a legal battle against a number of music and film industry groups.

'Links to The Pirate Bay's homepage were reportedly accepted, but links to specific pages within the site were blocked,' wrote Mr Ramadge.

'When we tested it today, that was still happening. However links to other file-sharing sites were fine:

The Pirate Bay - BLOCKED

Mininova - OK

Demonoid - OK

BTJunkie - OK

'Links to at least one major pornography site were also blocked.'

The internet industry website, Wired, also reported that this censorship could lead to Facebook breaching United States wire-tapping laws.

Chris Kelly, Facebook's chief privacy officer, said the website had a legal right to censor messages, reported Mr Ramadge.

'Because users had agreed not to send 'spammy, illegal, threatening or harassing' content in accepting the site's terms of use,' wrote Mr Ramadge, quoting Facebook's officer.

Protests to rape game cast off

TOKYO - A JAPANESE computer game maker on Friday dismissed a protest by US rights campaigners against the game 'RapeLay", which lets players simulate sexual violence against females.

New York-based Equality Now launched a campaign this week 'against rape simulator games and the normalisation of sexual violence in Japan'.

It urged activists to write in protest to the maker and Prime Minister Taro Aso, arguing the game breaches Japan's obligations under the 1985 Convention on the Elimination of All Forms of Discrimination against Women.

The Yokohama-based games manufacturer Illusion brushed off the campaign. 'We are simply bewildered by the move,' said spokesman Makoto Nakaoka. 'We make the games for the domestic market and abide by laws here. We cannot possibly comment on (the campaign) because we don't sell them overseas.'

Players earn points for acts of sexual violence, including stalking girls on commuter trains, raping virgins and their mothers, and forcing females to get abortions, according to the group's online statement.

Japan, often criticised as a major producer of child pornography, in 1999 banned the production, distribution and commercial use of sexually arousing photos, videos and other materials involving those aged under 18.

However, the law did not criminalise possession of such materials, and the ban also failed to cover child porn in animation and computer graphics, often categorised as 'hentai'.

US online retail giant Amazon in February took RapeLay off its websites after receiving complaints but clips of the game were still available this week on popular video sharing websites.

A Japan Committee for UNICEF spokeswoman said the Japanese loophole hindered international efforts to crack down on child porn.

'In this globalised world, connected via the Internet, even one loophole could jeopardise all the regulations,' she said. 'The world trend is to try to ban even the accessing and looking at websites of virtual images.' -- AFP