Trusting Your ISP With Your Clicks

Cyber Security sleuths Dan Kaminsky and Jason Larsen have found significant security vulnerabilities in some affiliations that large ISPs have with ad serving companies. The Washington Post reports on their recent findings:

ISPs like Earthlink, Qwest and Verizon have outsourced at least portions of
their ad-serving technology to BareFruit, a London-based company that
specializes in helping ISPs monetize wayward Web searches. The trouble is that
until late this week, BareFruit's ad servers were vulnerable to what Kaminsky
called a "trivial to find and exploit" vulnerability that would make it simple
for fraudsters to trick users of those ISPs into visiting malicious Web sites
that appear to be located at trusted sites.

More broadly this security issue raises questions about whether thoses with access to our online informaiton and online activity details are protecting us responsibly enough. The US Government, Google, Yahoo, MSN and others collect extensive details about search activity, email content, and more. Even the issue of who owns your data is not resolved to any reasonable degree. The value of this data increases as data mining and advertising targeting techniques improve so the online community is well advised to clarify many of these data ownership and data stewardship issues immediately, because the Pandora's box of personal information opens wider every day.

Japan ISPs band together to crack down on pirates

Japan News is reporting that four major ISPs in Japan are working together to stop pirating activity, especially the use of the "Winny" and similar programs that allow peer to peer file sharing.

According to the The Yomiuri Shimbun:

the measure would become the first countermeasure against Winny-using rights-violators used by the whole provider industry.

The number of users of file-sharing software such as Winny in the country is estimated to be about 1.75 million, with most of the files exchanged using the software believed to be illegal copies.

A brief six-hour survey by a copyright organization monitoring the Internet found about 3.55 million examples of illegally copied gaming software, worth about 9.5 billion yen at regular software prices, and 610,000 examples of illegally copied music files, worth 440 million yen...

Peer to Peer file sharing software is not exclusively used for piracy, but it makes it easy for one user to download and store files which are then picked up from that local machine by other users. Thus rather than having a single server hosting copyrighted information all the computers on the network have the potential to send and receive the files.

It will be interesting to see how the Japanese cooperative agreement affects USA ISPs which historically have been very resistant to most regulations and agreements that make the ISP the enforcer of copyright or other laws.

Pakistan ISP Hijacks YouTube

The BBC is reporting that a censorship action by Pakistan led to a two hour YouTube global outage tonight. The BBC suggests this was possibly an attempt to keep Pakistanis from viewing YouTube videos that showed Danish cartoons deemed offensive to Islam, or a movie clip deemed offensive to Islam.

Google owns YouTube, and engineers there appear to have determined that the ISPs action corrupted the global DNS routing tables, making the site go dark for the entire world rather than just Pakistan ISPs.

Although the action is considered to be a mistake by the ISP, what remains of some concern is the degree to which sites appear vulnerable to actions by ISPs that are completely outside of their control. The DNS system represents a key aspect of the internet and appears more vulnerable to manipulation than many had thought.