WASHINGTON, DC — Dec. 9, 2013 — Today AOL, Apple, Facebook, Google, LinkedIn, Microsoft, Twitter and Yahoo joined together to propose principles for reforming government surveillance laws and practices. The companies also urged the President and the United States Congress to take the lead on reform with an open letter that reads:

Dear Mr. President and Members of Congress,

We understand that governments have a duty to protect their citizens. But this summer’s

revelations highlighted the urgent need to reform government surveillance practices worldwide. The balance in many countries has tipped too far in favor of the state and away from the rights of the individual­­rights that are enshrined in our Constitution. This undermines the freedoms we all cherish. It’s time for change.

For our part, we are focused on keeping users’ data secure­­deploying the latest encryption technology to prevent unauthorized surveillance on our networks, and by pushing back on government requests to ensure that they are legal and reasonable in scope.

We urge the US to take the lead and make reforms that ensure that government surveillance efforts are clearly restricted by law, proportionate to the risks, transparent and subject to independent oversight. To see the full set of principles we support, visit www.reformgovernmentsurveillance.com.

AOL Apple Facebook Google LinkedIn Microsoft Twitter Yahoo

Company executives also provided statements on the principles of reform:

“AOL is committed to preserving the privacy of our customers' information, while respecting the right of governments to request information on specific users for lawful purposes. AOL is proud to unite with other leading Internet companies to advocate on behalf of our consumers,” said Tim Armstrong, Chairman and CEO, AOL.

"Reports about government surveillance have shown there is a real need for greater disclosure and new limits on how governments collect information. The U.S. Government should take this opportunity to lead this reform effort and make things right." ­ Mark Zuckerberg, CEO, Facebook

"The security of users’ data is critical, which is why we've invested so much in encryption and fight for transparency around government requests for information. This is undermined by the apparent wholesale collection of data, in secret and without independent oversight, by many governments around the world. It's time for reform and we urge the US government to lead the way.” ­ Larry Page, CEO, Google

"These principles embody Linkedin's fundamental commitment to transparency and ensuring appropriate government practices that are respectful of our members' expectations." ­ Erika Rottenberg, General Counsel, LinkedIn.

“People won’t use technology they don’t trust. Governments have put this trust at risk, and governments need to help restore it.” ­­ Brad Smith, General Counsel and Executive Vice President, Legal and Corporate Affairs, Microsoft

"Twitter is committed to defending and protecting the voice of our users. Unchecked, undisclosed government surveillance inhibits the free flow of information and restricts their voice. The principles we advance today would reform the current system to appropriately balance the needs of security and privacy while safeguarding the essential human right of free expression.” ­ Dick Costolo, CEO, Twitter

"Protecting the privacy of our users is incredibly important to Yahoo. Recent revelations about government surveillance activities have shaken the trust of our users, and it is time for the United States government to act to restore the confidence of citizens around the world. Today we join our colleagues in the tech industry calling on the United States Congress to change surveillance laws in order to ensure transparency and accountability for government actions.” ­ Marissa Mayer, CEO, Yahoo.

Backup4all 5 was now released and is available for download. An important part of it was completely redesigned thus we highly recommend the upgrade. You can download it here: Download Backup4all. There are still three different editions for Backup4all, but … Continue reading →

The post Backup4all 5 introduces new and exciting features appeared first on The Backup4all Blog.

REDMOND , Wash. — Dec. 5 , 2013 — The Microsoft Digital Crimes Unit today announced it has successfully disrupted a rampant botnet in collaboration with Europol’s European Cybercrime Centre (EC3), the Federal Bureau of Investigation (FBI) and leaders in the technology industry, including A10 Networks Inc. The Sirefef botnet, also known as ZeroAccess, is responsible for infecting more than 2 million computers, specifically targeting search results on Google, Bing and Yahoo search engines, and is estimated to cost online advertisers $2.7 million each month. Today’s action is expected to significantly disrupt the botnet’s operation, increasing the cost and risk for cybercriminals to continue doing business and preventing victims’ computers from committing fraudulent schemes.

This is Microsoft’s first botnet action since the Nov. 14 unveiling of its new Cybercrime Center — a center of excellence for advancing the global fight against cybercrime — and marks the company’s eighth botnet operation in the past three years. Similar to Microsoft’s Citadel botnet case, the ZeroAccess case is part of an extensive cooperative effort with international law enforcement and industry partners to dismantle cybercriminal networks and ensure that people worldwide can use their computing devices and services with confidence.

“This operation marks an important step in coordinated actions that are initiated by private companies and, at the same time, enable law enforcement agencies around Europe to identify and investigate the criminal organizations and networks behind these dangerous botnets that use malicious software to gain illicit profits,” said Troels Oerting, head of the EC3. “EC3 added its expertise, information communications technology infrastructure and analytic capability, as well as provided the platform for high-level cooperation between cybercrime units in five European countries and Microsoft.”

Due to its botnet architecture, ZeroAccess is one of the most robust and durable botnets in operation today and was built to be resilient to disruption efforts, relying on a peer-to-peer infrastructure that allows cybercriminals to remotely control the botnet from tens of thousands of different computers. ZeroAccess is used to commit a slew of crimes, including search hijacking, which “hijacks” people’s search results and redirects people to sites they had not intended or requested to go to in order to steal the money generated by their ad clicks. ZeroAccess also commits click fraud, which occurs when advertisers pay for clicks that are not the result of legitimate, interested human users’ clicks, but are the result of automated Web traffic and other criminal activity. Research by the University of California, San Diego shows that as of October 2013, 1.9 million computers were infected with ZeroAccess, and Microsoft determined there were more than 800,000 ZeroAccess-infected computers active on the Internet on any given day.

“The coordinated action taken by our partners was instrumental in the disruption of ZeroAccess; these efforts will stop victims’ computers from being used for fraud and help us identify the computers that need to be cleaned of the infection,” said David Finn, executive director and associate general counsel of the Microsoft Digital Crimes Unit. “Microsoft is committed to working collaboratively — with our customers, partners, academic experts and law enforcement — to combat cybercrime. And we’ll do everything we can to protect computer users from the sinister activities and criminal networks that victimize innocent people and businesses around the world.”

Last week, Microsoft filed a civil suit against the cybercriminals operating the ZeroAccess botnet and received authorization from the U.S. District Court for the Western District of Texas to simultaneously block incoming and outgoing communications between computers located in the U.S. and the 18 identified Internet Protocol (IP) addresses being used to commit the fraudulent schemes. In addition, Microsoft took over control of 49 domains associated with the ZeroAccess botnet. A10 Networks provided Microsoft with advanced technology to support the disruptive action.

As Microsoft executed the order filed in its civil case, Europol coordinated a multijurisdictional criminal action targeting the 18 IP addresses located in Europe. Specifically, Europol worked with Latvia, Luxembourg, Switzerland, the Netherlands and Germany to execute search warrants and seizures on computer servers associated with the fraudulent IP addresses located in Europe.

This is the second time in six months that Microsoft and law enforcement have worked together to successfully disrupt a prevalent botnet. It demonstrates the value coordinated operations have against cybercriminal enterprises.

“If the hacker community has not yet taken notice, today’s disruption of the ZeroAccess botnet is another example of the power of public-private partnerships,” FBI Executive Assistant Director Richard McFeely said. “It demonstrates our commitment to expand coordination with companies like Microsoft and our foreign law enforcement partners — in this case, Europol — to shut down malicious cyberattacks and hold cybercriminals accountable for exploiting our citizens’ and businesses’ computers.”

Microsoft and its partners do not expect to fully eliminate the ZeroAccess botnet due to the complexity of the threat. However, Microsoft expects that this action will significantly disrupt the botnet’s operation. Microsoft is working with ecosystem partners around the world to notify people if their computers are infected and will make this information available through its Cyber Threat Intelligence Program (C-TIP). ZeroAccess is very sophisticated malware, blocking attempts to remove it, and Microsoft therefore recommends that people visit http://support.microsoft.com/botnets for detailed instructions on how to remove this threat. Because Microsoft found that the ZeroAccess malware disables security features on infected computers, leaving the computer susceptible to secondary infections, it is critical that victims rid their computers of ZeroAccess by using malware removal or antivirus software as quickly as possible. Europol is also providing information on its website about botnets to educate the public on how to protect themselves.

More information about today’s news and the coordinated action against ZeroAccess is available at http://www.microsoft.com/en-us/news/presskits/dcu. Legal documentation in the case can be found at http://www.botnetlegalnotice.com/ZeroAccess.

About Europol

EC3 is the focal point in the EU’s fight against cybercrime, contributing to faster reactions in the event of online crimes. It will support Member States and the European Union’s institutions in building operational and analytical capacity for investigations and cooperation with international partners. EC3 officially commenced its activities on 1 January 2013, and it aims to become the focal point in the EU’s fight against cybercrime, through building operational and analytical capacity for investigations and cooperation with international partners in the pursuit of an EU free from cybercrime. The European Cybercrime Centre is hosted by Europol; the European law enforcement agency in The Hague, The Netherlands, and thus EC3 can draw on Europol’s existing infrastructure and law enforcement network.

About FBI

As an intelligence-driven and a threat-focused national security organization with both intelligence and law enforcement responsibilities, the mission of the FBI is to protect and defend the United States against terrorist and foreign intelligence threats, including cyber-based attacks and high-technology crimes; to uphold and enforce the criminal laws of the United States; and to provide leadership and criminal justice services to federal, state, municipal, and international agencies and partners.

About A10 Networks

A10 Networks was founded in Q4 2004 with a mission to provide innovative networking and security solutions. A10 Networks makes high-performance products that help organizations accelerate, optimize and secure their applications. A10 Networks is headquartered in Silicon Valley with offices in the United States, United Kingdom, France, The Netherlands, Germany, Spain, Brazil, Japan, China, Korea, Taiwan, Hong Kong, Singapore and Malaysia. For more information, visit: http://www.a10networks.com.

About Microsoft

Founded in 1975, Microsoft (Nasdaq “MSFT”) is the worldwide leader in software, services and solutions that help people and businesses realize their full potential.

N ote to editors: For more information, news and perspectives from Microsoft, please visit the Microsoft News Center at http://www.microsoft.com/news. Web links, telephone numbers and titles were correct at time of publication, but may have changed. For additional assistance, journalists and analysts may contact Microsoft’s Rapid Response Team or other appropriate contacts listed at http://www.microsoft.com/news/contactpr.mspx.

The PostgreSQL Global Development Group has released a critical update to all supported versions of the PostgreSQL database system, which includes minor versions 9.3.2, 9.2.6, 9.1.11, 9.0.15, and 8.4.19. This update fixes three serious data-loss bugs affecting replication and database maintenance. All users are urged to update their installations at the earliest opportunity.

The replication issue affects some users of PostgreSQL binary replication, and can cause minor data loss between the master and the standby. While not all users are affected, it is difficult to predict when the bug will occur, so we urge all users of replication and continuous backup (PITR) to update immediately. Additionally, users who had replication running under PostgreSQL minor versions 9.3.0, 9.3.1, 9.2.5, 9.1.10, or 9.0.14 should plan to take a fresh base backup of each standby after update, in order to ensure no prior data corruption already exists. More information about this issue is on its wiki page.

This release also fixes two timing issues with VACUUM, which can cause old, overwritten or deleted rows to re-appear at a later date under some circumstances. Users with very high transaction rates, particularly those who experience "transaction ID wraparound" every few weeks or less, are the most at risk for this issue. Those users should set vacuum_freeze_table_age to 0, and run a database-wide VACUUM after the update. The second of the two VACUUM issues affects only 9.3, making it expecially important for 9.3 users to update.

Additional fixes included in this release, some of which only affect version 9.3, include:

• Prevent "lock already held" error.
• Resolve race conditions in timeout management, which could cause server lockup.
• Fix minor bugs with HOT updates and the Visibility Map.
• Prevent pg_multixact storage growth on standbys.
• Fix bug in GIN indexes which caused transient query failures.
• Remove issue which caused SP-GiST index creation to hang
• Fix assorted bugs in Materialized Views.
• Restore ability to use duplicate table aliases in complex queries.
• Fix two bugs in subquery optimization.
• Allow pg_receivexlog to resume streaming when more than 4GB of logs are generated.
• Prevent planner crash on whole-row references.
• Prevent premature deletion of temporary files.
• Patch multiple minor memory leaks.
• Suppress display of dropped columns for CHECK and NOT NULL constraint violations.
• Allow default and named arguments for window functions.
• Return a valid JSON value when converting an empty HStore string.
• Fix GMT timezone offset.
• Report out-of-disk-space error correctly during pg_upgrade.
• Time zone updates for several time zones.

Additional changes and details of some of the above issues can be found in the Release Notes.

As with other minor releases, users are not required to dump and reload their database or use pg_upgrade in order to apply this update release; you may simply shut down PostgreSQL and update its binaries. Users who have skipped multiple update releases may need to perform additional post-update steps; see the Release Notes for details.

Links: * Download * Release Notes