T3H Blog

The UK Centre for the Protection of National Infrastructure (MI5) prepared a short ‘restricted’ report back in 2007~08 entitled “The Threat from Chinese Espionage” – that was widely distributed to UK business organizations worldwide – to little effect.

The report of bugging and burgling by agents from the People’s Liberation Army and the Ministry of Public Security. It warns also of electronic gifts given at exhibitions and seminars riddled with Trojans capable of creating a backdoor, ferreting and transmitting specific data, and remotely triggered malware.

According to CPNI “The Chinese government represents one of the most significant espionage threats to the UK because of its use of widespread electronic hacking.” UK cybersecurity experts suspect that Chinese cyberwarfare units have directed concerted hacking exercises against UK’s defence, energy, communications, and manufacturing entities.

In their great wisdom MI5 and CPNI believe that “any UK company might be at risk if it holds information which would benefit the Chinese.”

At the time of the ‘restricted’ letter released by MI5’s DG it was observed in Schneier on Security (4 December 2007) that sending a confidential letter to 300 businesses and expecting it to be kept so was not such a good idea – publicity, and lots of it, should have been the order of the day. The Chinese Ministry of Public Security must have had a good laugh at the time (from reading their own copy); it sure did not slow them down any…

References:

MI5 alert on China’s cyberspace spy threat, Exclusive: director-general of MI5 sends letter to British companies warning systems are under attack from China, From The Times, published: 1 December 2007

Britain Warned Businesses of Threat of Chinese Spying, By Jonh F. Burns, published: 31 January 2010

The Internet has opened global markets and revolutionized modern business practices. Yet, while providing new opportunities, reliance on the Web has also exposed new vulnerabilities. McAfee estimates that in 2008, “companies worldwide lost more than $1 trillion” from IP and data theft. A recently released PwC report on the rising threat of e-espionage asks: “Are companies aware and ready to respond?” In general, the resounding answer is, “No.”

Surveys after reports after commissions unanimously demonstrate that the Internet (Web, cyberspace) is unsecured. Threats are multiplying and growing evermore successful in gaining access to desired data or results. Nevertheless, no one in is right mind stays away – yet, most do very little to protect their property, even themselves – Why?

One answer is ease of use – the Internet is too simple to use and yields too much benefits at a click – how can something this beneficial be this nefarious!

Until we find the right answer, we will continue to barrel down towards an unparalleled cataclysmic  catastrophe where not only IP or data will be lost, but lives…

References:

Study Finds Growing Fear of Cyberattacks, by John Markoff, Published: 28 January 2010

Unsecured Economies: Protecting Vital Information, The first global study highlighting the vulnerability of the world’s intellectual property and sensitive information, December 2009

Securing Cyberspace for the 44th Presidency, A Report of the CSIS Commission on Cybersecurity for the 44th Presidency, December 2008

The Electronic Frontier Foundation (EFF), whose lawyers brought the National Security Agency’s warrantless surveillance program case to court in 2008, unsurprisingly lost their case and plans to appeal. This means that the practice of funnelling Internet traffic by Telcos to government security agencies will continues unabated in the US.

This will also give leverage to security and law enforcement agencies to persuade ISPs (and in some case developers) to provide exploitable backdoors to access emails unimpeded and continue Internet filtering unhindered by privacy regulations. However, more damaging will be the international repercussion; countries like Australia, Canada, the EU, Germany, Russia, Sweden, the United Kingdom, and many others around the world will be embolden in advancing greater Internet surveillance and joint the ranks of the likes of China, Iran, and many others oppressive (draconian) governments.

Nothing surprising here, governments will always find at least one reason to eavesdrop on its citizens – be it to protect wayward nationals at one end of the spectrum to insecure politicians to give themselves an edge over the masses’ discontent (justified or not), or simply because they can do it under the guise of prevention or perversion.

So get over it, short of setting-up your own clean email address servers that you access via TOR sites – governments sponsored hacking and surveillance is here to stay, and they will apply the 5Ws to fit their political or personal agenda.

Note: Clean email address is where you write emails in draft form, and not send them, but allow trusted contacts to also access the account, read the draft message, and type a draft response. The Onion Router (TOR) – the general idea for TOR is that your connection goes through a server that then processes the encrypted connection through a series of proxy servers. The result is a virtual dead-end for anyone trying to analyze the path you took to get to your clean mail server.

References:

Internet censorship on the rise, by Ersu Abalk, published 27 January 2010

Top 10 technologies to beat tyranny, By Iain Thomson, published: 25 January 2010

U.S. enables Chinese hacking Google, by Bruce Schneier, Special to CNN, published 23 January 2010

Kei Eide, the UN special representative in Afghanistan, suggests that ISAF and the UN give into grievances expressed by Taliban leaders regarding the incontinence of being listed on the UN list of terrorists. Apparently, he does not believe that persuading rank-and-files Taliban fighters to leave terrorist organizations in exchange for schooling and employment, or simply payment to stay idly home, is a sustainable course of action. (I agree turncoats in that region are just that – turncoats that can never be trusted.)

Ostensibly, the reason to delist Taliban leaders is to enable reconciliation talks with people of authority instead of supporting uneducated bottom of the barrel individuals that may or may not be worth trust.

As it ever occurred to anyone at the UN that this approach has not, does not, will not work – there are plenty of examples since 1947 where attempts to mediate with criminals and terrorists have solve or change nothing (i.e., Palestine, Congo, Yugoslavia – Bosnia, Croatia, Kosovo).

Is it that easy for the UN to forget that those listed are responsible for the mass murders, rapes, destruction of homes, near ethnic (tribe) cleansing, and unbelievable discrimination against women – all reasons for the last eight years of war (security assistance).

There is no political solution to Afghanistan, especially if presided over by politicians of any ilk. The solution is hard work towards relative prosperity for all through sustained relevant education and honest labour – rendering Taliban rhetoric meaningless. First near self-sufficiency sustained with the manufacture of tradable products onto the world markets.

A house is build from the bottom up, the same applies to a country… very hard work for all concerned, something real versus likely meaningless talks from UN bureaucrats and politicians. Case in point (and that is only the now list):

War in Somalia

Insurgency in the North Caucasus

Sudanese nomadic conflicts

Cambodian-Thai standoff

Civil war in Ingushetia

Civil war in Chad

South Thailand insurgency

Conflict in the Niger Delta

Sa’dah insurgency

War in North-West Pakistan

Baluchistan conflict

Iraq War

Reference:

U.N. Seeks to Drop Some Taliban From Terror List, by Dexter Filkins, published:  24 January 2010

In a recent NY Times article Amichai Shulman, the chief technology officer at Imperva examined a list of 32 million accounts that an unknown hacker stole last month from RockYou – they found that the 32 million accounts shared about 5000 passwords.

I have been maintaining for almost 20 years that the safest user/password access combo, and now the easiest now, is the ten passwords at your fingertips and the one user ID in your face – a simple choice now that almost all laptops have built-in fingerprint reader and camera, or can be added via the USB port.

If the sign-in provider is too lazy to add the few lines of code needed to take advantage of biometrics, let someone come up with a elegant face recognition to user ID and fingerprint to password conversion application that generates unique user ID and password based on an individual’s biometrics (contact me if you want to know how it works).

We have the technology people, let’s get with the program…

References:

If Your Password Is 123456, Just Make It HackMe by Ashlee Vance, Published: January 20, 2010

Facial Recognition Door Lock and Time Clock for Less than $500 by Aaron Saenz, Published: December 29, 2009

RockYou Hack: From Bad To Worse by Nik Cubrilovic Published: December 14, 2009

Biometrics Turns Your Ear Into Your Password by Drew Halley, Published: May 6, 2009

Computer security researchers found strong evidence of the digital fingerprints of the authors, suspected to by Chinese, in the software programs used in attacks against Google. It apparently attacked Google’s source code – akin to the modifications of Cisco Systems source code found in Cisco routers knockoffs that have appeared on the market.

However, I think that experts are giving Chinese hackers too much credit by assuming, in general, that the attacker gain access externally, unaided, to Google’s jewels. I would make a small wager that it was (a) an insider’s job or (b) a combo job (most probable) where malfeasants have an insider drop keyholes (Trojan horse) among the Hollerith cards or modify some code (backdoor)…

The theft of intellectual property through modified software (application) and co-opted hardware (knockoff or compromised) is about to become a standard cost-of-doing business, not only in China, but worldwide, in just about every industry.

At first governments will mostly support it as an extension of their Intelligence Services, like China, which is committed to make great techno-economic strides to keep the masses busy – too many idle hands only create problems – e.g., look at the Middle East. Their Cyber-Intelligence units will pass on the gathered tidbits from their info-warfare (IW) endeavors to their industries.

(Several countries have well defined C⁴ISTAR units capable of waging cyber-warfare – has seen recently during the cyber attacks on Estonia (2007) during the Bronze Soldier of Tallinn incident and Georgia (2008) during the South Ossetia war. These cyber-warriors are the evolution of the Cold War’s tactical and strategic SigInt operators gifted with patience and blessed with luck that intercepted, decoded, and analyzed signals and/or data to gain some sort of advantage on their targets.)

Eventually, since all things digital reign supreme in the commercial world, organizations will draft individuals to penetrate the competition as workers to drop malware in the cogs to gleam a perceived advantage. Malware to spy and reveal business secrets; or, to erode slowly an opponent’s business model; or, simply siphoned off intellectual property for later nefarious use.

Cybersecurity technologists capable of certifying and fingerprint applications as secure (given certain environments) and able to recognize any modifications, especially unauthorized one, will be worth their weight in platinum. They will have to be digital detectives of the caliber of Sir Arthur Conan Doyle’s Sherlock Holmes, the imaginary sleuth famous for his clever use of incisive observation, deductive reasoning, and forensic skills to defeat malfeasants.

Let the bon temps role!

References:

Fearing Hackers Who Leave No Trace, by John Markoff and Ashlee Vance, published: January 19, 2010

Evidence Found for Chinese Attack on Google, by John Markoff, published: January 19, 2010

China: Cyber warfare, weapon of mass destruction? Published by Heike August 8, 2008

The recent hacking of Google left corporate networks, worldwide, questioning their cyber security, justifiably so. How malware find their way into networks is not as important as taking measures to make everyone aware of the possibility and implementing strict countermeasures automatically, back by strict penalties for not following security rules that reflect realities.

One improvement is to abandon the user/password methods and replace it with biometrics. Regardless of what the industry says the deployment of the technology is not difficult at all, just slightly troublesome for people. Although not the perfect deterrent, biometrics can reduce greatly email accounts highjacking, corporate networks penetrations, and even credit cards cloning.

Simple enrolment procedures of employees’ several biometrics measurement can take less than one (1) minute. A computer connected to a USB device such as a fingerprint reader or a camera biometrics can harvest and verify one’s ID faster than typing in a user/password combo. (Currently, 99% of all computers in used worldwide have at least one USB port.)

As for credit/debit cards, the chip on most of them can store enough information to enable solid biometrics ID at most point-of-sale interfaces.

However, no system connected to the Internet (cyberspace) will ever be 100% secured against a determine malfeasant! Additional organization-wide measures such as establishing sustainable Information Security Management Systems and reliable corporate governance are needed. Further, these measures must be backed by frequent independent audits conducted by trusted third party using such standard as ISOs 20000 (Information Technology Infrastructure Library), 24762 (Disaster Recovery), 27001 (Information Security Management System), 28000 (Supply Chain Management Security), 38500 (Governance of Enterprise IT), and BS 25999 (Business Continuity Management or ISO 22399).

One problem solved, now to the next generation of cybercrimes – the one committed by robots and AIs in the ever-growing virtual world… stay tuned!

References:

In Rebuke of China, Focus Falls on Cybersecurity by Miguel Helft and John Markoff Published: January 13, 2010

Companies Fight Endless War Against Computer Attacks by Steve Lohr Published: January 17, 2010

Hackers Said to Breach Gmail Accounts in China by Edward Wong Published: January 18, 2010

Like warring on each other for no other apparent reason than political gain was not bad enough, slavery goes on without abating. According to Time Magazine’s article “South Africa’s New Slave Trade and the Campaign to Stop It” by By E. Benjamin Skinner (Monday, Jan. 18, 2010) there are more slaves today worldwide than at any point in human history despite dozen international conventions banning slavery.

In addition, please purchase and read “A Crime So Monstrous: Face-to-Face with Modern-Day Slavery” by E. Benjamin Skinner – a shockingly revealing and powerful book that goes far to point out our governments ineffectual rhetorics and the UNHCR impotence.

It is available in bookstore, as well as:

• Amazon
• Barnes & Noble
• Books-A-Million
• Borders
• Overstock
• Powell’s
• Waldenbooks

Note: 25% of U.S. royalties go to Free The Slaves, a group that uses holistic, locally-based strategies through global partners to fight slavery, rehabilitate slaves and eradicate bondage. 25% of U.K. royalties go to the group’s British sister, Anti-Slavery International, the world’s oldest human rights organization.

Benjamin Skinner discusses the challenges of writing about the slave trade on NPR’s Day to Day – http://j.mp/2Uis0 – unbelievable, and yet not surprising.

A UNICEF program that spend US$27 million to decrease child deaths from disease in West Africa has failed, according to a new study that found a higher survival rate in some regions that were not included in the program.

The UN childcare’s agency pursued strategies like vaccinating children, giving them vitamin A pills, and distributing mosquito nets to protect them against malaria form 2001 to 2005 in parts of 11 countries. The aim was to reduce the death rate by at least 25 % by the end of 2006.

An analysis of the program in Benin, Ghana, and Mali found children in areas where it was not in effect had a better chance of surviving past age 5 than children who were covered by it. The study was published online Tuesday in the British medical journal Lancet – see here http://j.mp/5PLrLp.

Why am I not surprised…

On the Huffington Post website, founder Arianna Huffington introduces what she calls the “move your money” campaign. The idea is to get all Americans to close their accounts at big banks and transplant their personal finances to smaller banks. The budding cause has its own web site, moveyourmoney.info, including a link where you can plug in your zip code and find a list of smaller banks.

Huffington singles out the Big Four banks (that would be Bank of America, Citi, JP Morgan Chase and Wells Fargo) for particular ire, pointing out that they’ve curbed business lending even since receiving TARP money. She urges Americans to bank their money at community banks instead of these TARP-receiving behemoths.

I hope this campaign makes enough of an impact for the big banks to notice. At the end of the day, even if this campaign doesn’t succeed in making the Big Four don’t change their ways, if more Americans wind up at banks that make them feel like valued customers, that’s a good thing. In addition, it would serve has a revenge for the rest of us in the world that cannot participate, but paid just the same – here is a change of Americans to do something for the rest of the world that does not involve propping up a war machine in support of decrepit unappreciative corrupted governments.

If you can please make that resolution for 2010 – Move Your Money!

PS. I love the reference to the 1946 classic Frank Capra film It’s a Wonderful Life – just brilliant.

The Open Web Application Security Project (OWASP) has released a new Top 10 most critical Web application security risk. Top Ten 2010 version provides a powerful awareness document to mitigate Web application security risk.

Further, this time around the Top 10 are presented from a risk-base approach, thus playing to a wider audience.

You can download the Release Candidate version here — http://www.owasp.org/images/0/0f/OWASP_T10_-_2010_rc1.pdf

Really worth the time.

Security Now! Steve Gibson and Leo Laporte this week plow into a recently discovered serious vulnerability in the fundamental SSL protocol that provides virtually all of the Internet’s communications security: SSL – the Secure Sockets Layer. Steve explains exactly how an attacker can inject his or her own data into a new SSL connection and have that data authenticated under an innocent client’s credentials.

This is an excellent podcast that should be listen too by all involved with SSL and/or TLS.

High quality (64 kbps) mp3 audio file URL: http://media.GRC.com/sn/SN-223.mp3

Quarter size (16 kbps) mp3 audio file URL: http://media.GRC.com/sn/sn-223-lq.mp3

The transcript can be found here: http://www.grc.com/sn/sn-223.htm

SSL and TLS protocols renegotiation vulnerability

Vulnerability exists in SSL and TLS protocols that may allow attackers to execute an arbitrary HTTP transaction. This issue affects SSL version 3.0 and newer and TLS version 1.2, and older versions.

The Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols are commonly used to provide authentication, encryption, integrity, and non-repudiation services to network applications such as HTTP, IMAP, POP3, and LDAP. Vulnerability in the way SSL and TLS protocols allow renegotiation requests may allow an attacker to inject plaintext into an application protocol stream. This could result in a situation where the attacker may be able to issue commands to the server that appear to be coming from a legitimate source.

According to the PhoneFactor’s Marsh Ray and Steve Dispensa, and Nasko Oskov of Microsoft :

SSL and TLS renegotiation are vulnerable to an attack in which the attacker forms a TLS connection with the target server, injects content of his choice, and then splices in a new TLS connection from a client. The server treats the client’s initial TLS handshake as a renegotiation and thus believes that the initial data transmitted by the attacker is from the same entity as the subsequent client data.

TLS[RFC5246]allows either the client or the server to initiate renegotiation – a new handshake which establishes new cryptographic parameters. Unfortunately, although the new handshake is carried out over the protected channel established by the original handshake, there is no cryptographic connection between the two. This creates the opportunity for an attack in which the attacker who can intercept a client’s transport layer connection can inject traffic of his own as a prefix to the client’s interaction with the server.

To start the attack, the attacker forms a TLS connection to the server (perhaps in response to an initial intercepted connection from the client). He then sends any traffic of his choice to the server. This may involve multiple requests and responses at the application layer, or may simply be a partial application layer request intended to prefix the client’s data. He then allows the client’s TLS handshake to proceed with the server. The handshake is in the clear to the attacker but encrypted over the attacker’s channel to the server.

Once the handshake has completed, the client communicates with the server over the new channel. The attacker cannot read this traffic, but the server believes that the initial traffic to and from the attacker is the same as that to and from the client.

If certificate-based client authentication is used, the server will believe that the initial traffic corresponds to the authenticated client identity. Even without certificate-based authentication, a variety of attacks may be possible in which the attacker convinces the server to accept data from it as data from the client. For instance, if HTTPS [RFC2818] is in use with HTTP cookies [REF], the attacker may be able to generate a request of his choice validated by the client’s cookie.

This attack can be prevented by cryptographically binding renegotiation handshakes to the enclosing TLS channel, thus allowing the server to differentiate renegotiation from initial negotiation, as well as preventing renegotiations from being spliced in between connections. An attempt by an attacker to inject himself as described above will result in a mismatch of the extension and can thus be detected.

For a list of systems affected systems visit CERT-US

References

http://extendedsubset.com/?p=8
http://www.links.org/?p=780
http://www.links.org/?p=786
http://www.links.org/?p=789
http://blogs.iss.net/archive/sslmitmiscsrf.html
http://www.ietf.org/mail-archive/web/tls/current/msg03948.html
https://bugzilla.redhat.com/show_bug.cgi?id=533125
http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00014.html
http://cvs.openssl.org/chngview?cn=18790
http://www.links.org/files/no-renegotiation-2.patch
http://blog.zoller.lu/2009/11/new-sslv3-tls-vulnerability-mitm.html
https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt

This is an update to the Leonid Meteor Shower 2009/11/12 post.

The handy Fluxtimator from NASA is a Java applet (unfortunately) that allows you to calculate the expected shower rate for a given date and a given location.

It also allows you to see the difference between staying downtown or moving out into the country side to a dark and clear location. All rates were calculated by taking into account the Moon light, but assume a transparent cloud-less sky and unobstructed field of view.

The best time for me at my location will be around 05:18, expecting a 10.9 shower peak rate – if the skies are clear. My Nikon D70S is ready and equiped with a 55mm fisheye.

However, if the weather does not cooperates I hope to observe the Leonids by car radio.

Here is the basic idea for observing the Leonids on your car radio may sounds strangely really silly, but here how it is possible…

What happens is that the ionized gas in the meteor trails can reflect radio waves in the FM bands from distant transmitters back to earth, so when a meteor appears one can sometimes receive small portions of broadcasts from radio stations up to 2000 km away from the observing site.

This startlingly simple fact gives many amateur observers the ability to do serious, world class science for a relatively low cost. Of course, like many startlingly simple ideas, the Devil is in the details, and serious research must take account of many factors. You can learn more than you want to know at the International Meteor Organisation (IMO) page on meteor radio reflection.

What you need is quite simple, a halfway decent Yagi antenna, a FM radio with digital tuning, and something to record the signal. These days people hook up their computers to the radios and perform computerized analysis. Again, if you want serious data, there is lots of things to be taken into consideration, and a serious bit of software to sort the grain from the chaff, so to speak.

Radio observation of meteors has many advantages, overcast skies and twilight don’t interfere, and it’s a lot easier to observe meteors from the city. If you want full details of how to build one of these set-ups, see the fantastic detailed resources a the International Meteor Organisation pages on radio observation of meteor.

It’s a bit late for people to set up a proper system to observe the Leonids, but the Geminids in December and the Delta Quadrantids in January are good candidates. And then again, the Leonids are probably going to be so overwhelming that you would need a seriously computerized system to get any real data out of the peak shower.

But what about the car radio? These days most people have a car radio with FM and digital frequency selection. Not altogether surprisingly, this rough and ready system works.

First, here’s a list of things you need.

1. An FM radio transmitter below the horizon, between 600-2000 Km away (preferably 600-800 Km)
2. Said FM transmitter to transmit with at least 30 kilowatts of power
3. Transmission frequency to be between 30-150 MHz (preferably 40-80 MHz)
4. An FM car radio with digital frequency setting.

You need digital tuning to tune to a frequency that you cannot hear and therefore cannot tune into by ear.

All you have to do is back your car down the driveway, put up your aerial, dial up a station that’s 600-2000km away and listen to the static. When a meteor hits the atmosphere it ionises a bit of air which then can reflect the distant radio station down to your aerial. In tests done by Bruce, this very basic method actually works just fine. The sound a meteor makes is a really sudden whoosh, much like it looks. It also works quite well during the day, so is ideal for following the Leonids after sunrise.

If you are really handy with electronics you can attach a Yagi antenna to the car aerial input feed for better reception.

For best results the station should be in line with the meteor shower, but stations off to one side will work. The Leonids will be coming from the north east, but the shower should be so strong that stations anywhere from north to east will be alright.

Finding the right FM stations may be a bit of a problem, but you can find lists of Radio Stations in Japan and around Asia.

List of radio stations in Japan

List of radio stations in Asia

Ham radio operators can also help. If you are in a remote area, a call to your local radio station might be a good idea. (VE7VPC)

The ACTA treaty being negotiated in secret amount to nothing less than to legitimize the governments of Australia, Canada, the European Union, Japan, Mexico, New Zealand, South Korea, Switzerland, and the United States eavesdropping on their citizens’ Internet activities (just like China, but different!). Obama administration even when as far as declaring that ACTA was a ‘National Security’ issue. (BTW, I love the Bushama transformation pictures – who is the great political satirist that created this?)

If ratified, ACTA would criminalize peer-to-peer file sharing, subject iPods to border searches, and allow ISPs to monitor their customers’ communications. There is a real danger that it would not take long for ISPs to outsource the voluminous monitoring task to the United States National Security Agency (NSA), the British Government Communications Headquarters (GCHQ), the Australian Defence Signals Directorate (DSD) and New Zealand’s Government Communications Security Bureau (GCSB), Canada’s Communications Security Establishment (CSE), and other like agencies – or simple of governments to mandate their security agency to undertake the task.

Such treaty should be negotiated in the clear, with plenty of opportunities for citizens to review and comment intelligently – and should not be able to supersede existing national copyright laws. More importantly no treaty should allow for one privileges to be suspended on the say so of some commercial greedy hacks like Recording Industry Association of America (RIAA).

Like David Kravets of Wired wrote ACTA threaty is policy laundering at its finest.

See the University of Ottawa’s law professor, Dr Michael Geist’s “The ACTA Timeline (or Everything You Need To Know About ACTA But Your Government Won’t Tell You)” and other related posts on his blog.

The mainstream media is picking up on the ACTA issue with a growing number of stories, all of which criticize the secret approach. New articles include:

• Australia’s Sydney Morning Herald masthead editorial – Regulating the Net in the Dark
• Washington Post – Copyright Overreach Takes a World Tour
• Irish Times – Secret Agreement May Have Poisonous Effect on the Net
• San Francisco Chronicle – Knock it off: Global treaty against media piracy won’t work in Asia

The reaction to revelations about the Internet provisions of the Anti-Counterfeiting Trade Agreement continue. Notable articles include:

• Canada: Still-murky copyright treaty could change web as we use it
• New Zealand: New Zealand should not sign international piracy agreement
• Australia: ISPs Focus of Piracy Talks
• Australia: Fighting Piracy – three strikes and you’re out?
• Spain: La negociación secreta de un acuerdo mundial sobre el ‘copyright’ alarma a los internautas
• United States: Obama’s Hollywood Sellout
• United States: New Anti-Counterfeiting Trade Agreement Looks to take DMCA Globally