The CyberWire Daily Briefing 10.01.12

Cyber Trends

Internet scan finds thousands of device flaws, system weaknesses (SearchSecurity) A scan of the Internet during a 20-day period yielded terabytes of sensitive data and also some alarming enterprise security weaknesses, including misconfigured routers, vulnerability-riddled databases and more than 1,000 exposed passwords. "The Internet has gone from this nebulous scary thing that's hard to map to…something that you can gain lot of interesting insight by analyzing information like this," [says] HD Moore, Metasploit creator; CSO, Rapid7. It's a project that Internet security pioneer HD Moore calls his hobby. His Internet-wide survey looked for open TCP ports, SNMP system descriptions, MDNS responders, UPNP endpoints and NetBIOS name queries. At the DerbyCon security conference, Moore told a packed room of hundreds of attendees that the project has resulted in a treasure trove of data that is continually being analyzed

Companies seeking to train employees on cybersecurity (Washington Post) "It is not a matter of playing goalie anymore against cyber threats; it's more about managing them." Falls Church-based Northrop Grumman requires all of its workers to attend cybersecurity training as soon as they start work. They must repeat the

The economy behind ransomware attacks (Help Net Security) First spotted in Russia in 2005, ransomware attacks have since spread to other countries - mainly those of the Western world - by using geo-location to target users with fake notices seemingly coming

Data Markets: The Emerging Data Economy (TechCrunch) The term data market brings to mind a traditional structure in which vendors sell data for money. Indeed, this form of market is on the rise with companies large and small jumping in. Think of Azure Data Marketplace (Microsoft), data.com (Salesforce.com), InfoChimps.com, and DataMarkets.com

Legislation, Policy and Regulation

Mikulski joins chorus calling for cybersecurity executive order (The Hill) Sen. Barbara Mikulski (D-Md.) is urging President Obama to issue an executive order on cybersecurity, saying the country can't wait for Congress to act. Mikulski is one of the co-sponsors of the Cybersecurity Act, which failed to attract enough Republican support to clear the Senate last month."I remain a strong advocate for the bill and hope that it will one day be passed by the Senate," she wrote in a letter sent last week and released publicly on Thursday. "However, the need for better protection of our nations critical infrastructure cannot wait for Senate procedures and politics to work themselves out we must act now to safeguard our country from potentially devastating attacks to our power grid, financial systems and other vital infrastructure

Limits Seen in White House Cybersecurity Executive Order (Bloomberg) The White House may have difficulty bolstering U.S. cyber defenses through an executive order unless there's enough public support, according to former National Security Agency director Michael Hayden. If President Barack Obama issues an executive

New cloud data protection guidelines (Help Net Security) The Information Commissioner's Office [United Kingdom] published guidelines that underline organisations' sole responsibility for the protection of data, even if it has been outsourced to third party cloud network providers. The guidelines include tips for businesses, including securing assurances from cloud service providers on how data will be kept safe, as well as suggesting the implementation of a written contract between both parties involved

Armed forces further tightening cyber security, IT usage norms (Economic Times) The [Indian] armed forces are further tightening cyber security and information technology usage norms for all its personnel to prevent the "leaking" of confidential data and information, apart from reiterating strict orders to refrain from posting classified information on social networking websites. The move comes in the backdrop of mounting online espionage attempts -- mainly by China and Pakistan -- as also several cases of officers inadvertently posting classified information on social networking sites like Facebook, Orkut and Twitter

The world of signals intelligence and GCSB in context (National Business Review) The Government Communications Security Bureau is making headlines in New Zealand - for all the wrong reasons. This is not common, and from an intelligence perspective, neither is it good to read. Intelligence agencies appreciate being in the media spotlight about as much most people enjoy hospital waiting rooms. That is to say, not much at all

Bulgaria's National Security Agency Seeks Easier Access to Bank Accounts (Novinite.com) Bulgaria's National Security Agency Seeks Easier Access to Bank Accounts The proposal for facilitated access of

MP to help stop cyber attacks (ITV News) Norwich North MP Chloe Smith has taken responsibility for helping to co-ordinate Britian's defence against cyber attack. She will be in charge of defending private and public sector organisations against electronic attacks by computer. They range from

Products, Services, and Solutions

ExploitShield appears to live up to its name (CNET) A brand-new security program looks like it puts a bullet in the head of many major software exploits, a complicated feat that could turn the world of computer security on its ear. A new company called ZeroVulnerabilityLabs says that it has solved the Gordian knot of exploits, slicing through the complicated, Hydra-headed problem with a single stroke from a software weapon it calls ExploitShield. Available exclusively today from Download.com, the first ExploitShield Browser Edition beta (download) appears to stop all manner of exploits, from those affecting browsers directly to browser plug-ins like PDF readers, Flash, and Java, to Microsoft Office components, to a handful of media players. The potential for raising the level of computer security here is huge, as a vast number of threats are actually mutations of malware, sold in kits like BlackHole, exploiting the same security holes in the same security programs

Two months later, developers (mostly) positive about OS X's GateKeeper (Ars Technica) Most devs support GateKeeper, but some worry about the future of the platform. Remember the wails about Apple turning OS X into a "walled garden" when news of GateKeeper emerged? The tool, which allows OS X users to restrict where their apps come from, was announced in February 2012 and was included with Mountain Lion when it was released in July. The controversy hinged on Apple's attempt to guide users toward installing only those apps downloaded from the Mac App Store, or at least settling for a middle ground wherein users could also install apps "signed" by the developer—an action that still costs the developer $99 per year and pads Apple's bank account

Python 3.3 arrives with new yield expression (Ars Technica) New library modules also make an appearance in the next-gen code. Today the release of Python 3.3.0 was made official, with a couple new syntax features, a handful of library modules, and several other improvements. According to Python.org's site, the next version of the language "includes a range of improvements of the 3.x series, as well as easier porting between 2.x and 3.x"

iPhone 5 update fixes Verizon cellular data drain (IT World) Apple released on Sunday an update that fixes a problem where the iPhone 5 draws data from the carrier Verizon despite being connected to a Wi-Fi network

Facebook cracks down on fake "Likes" - Lady Gaga, Eminem and Rihanna lose out (Naked Security) Metrics show that popular pages on the social network are shedding chunks of Likes, likely a result of Facebook rolling out integrity system upgrades

Steganos Password Manager 14 released (Help Net Security) Steganos Software announced the availability of Steganos Password Manager 14. Designed for individuals who want to want to securely store all of their account log-in information and PIN codes in

Is Windows 8 Too Risky For IT? (InformationWeek) Microsoft's new OS may be just too different for conservative IT departments, Gartner says. But here's why I'm not counting Windows 8 out--even in the near term

Avira launches 2013 antivirus security software line (Help Net Security) Avira announced the arrival of the Avira 2013 product line, which includes Avira Free Antivirus, Avira Antivirus Premium 2013, Avira Internet Security 2013, and Avira Internet Security Plus

OpenStack Folsom adds network automation and Hyper-V support (Help Net Security) OpenStack Folsom, the sixth release of the open source cloud computing platform, saw a 65 percent increase in contributors, as well as the addition of Networking and Block Storage services

Technologies, Techniques, and Standards

The Plural of Data Is Not Analytics (Dark Reading) When it comes to security monitoring, searching and reporting aren't always enough. The added value comes from analytics: turning data into information. One of the terms most recently in danger of becoming a buzzword has been "analytics." Put it together with the words "big" and "data," and it starts reaching critical mass. Everyone claims to be doing it; figuring out what's real is harder

Security Intelligence Starts With Detecting The Weird (Dark Reading) As companies try to make sense of a greater amount of information on their networks, anomaly detection becomes more difficult but more important as well. Companies need to get more focused in their attempts to detect anomalous behavior on their network that may indicate a breach because attackers are quickly adapting to defensive technologies and becoming more stealthy, states a recent report

Nominet proposes more secure, .UK domain for British websites (Engadget) Nominet is considering a . uk internet domain for users who can't bear to type the extra three characters necessary for . co. uk. The body is lobbying for the new domain in time for ICANN's next TLD expansion, which includes new entries like .shop, .play and .home. Nominet has promised tough entry requirements for the system, with only businesses (or persons) that can prove a UK presence being eligible to register

'Replace crypto-couple Alice and Bob with Sita and Rama' (The Register) Even their jobs are being offshored. A computer scientist has come up with a proposal to replace cryptography's Alice and Bob with characters from Hindu mythology. For decades, techniques to encrypt and decrypt communications have been explained using two imaginary characters, Alice and Bob, and potential eavesdropper Eve. Alice sends a message to Bob, and Eve is always trying to intercept it - the little sneak. Alice and Bob first came to light in 1978 in a groundbreaking paper on the RSA algorithm for public-key cryptography. Dr S. Parthasarathy, a part-time lecturer and full-time employee of Indian biz Algologic Research & Solutions, suggests a cast change in the dramatis personae of cryptography with Sita and Rama, two central characters in the Hindu mythological epic Ramayana. The proposed sacking-and-hiring also replaces Eve with Ravana the rogue

US Deputy CIO: Computer Users Must Practice Cyber Security (defpro) The Department of Homeland Security has adopted "Stop. Think. Connect" as the motto for National Cyber Security Awareness Month. Carey said the program asks users to consider their actions and remember that what they do online may affect others

Watch the World Get Attacked By Cyber Criminals in Real Time (Gizmodo) If you're an IT security nerd specialist holed up in some corporation's basement, you probably don't find this real-time visualization of the world's cyber attacks to be beautiful. But the rest of us can sit back and appreciate the eye candy

5 bad things IT administrators do (Help Net Security) Philip Lieberman is the President at Lieberman Software Corporation and in this video talks about five awful things that IT administrators do and offers ways to fix these actions

Marketplace

Defense Agency Asks Contractors To Take A Look At Waging Cyberwar (Capital Business) The Defense Advanced Research Projects Agency stirred notice when it asked contractors to come up with ideas on how to create systems and platforms that can engage in cyberwarfare. But perhaps what was even more attention-getting has been the response

Military Cybersecurity Gets Closer Scrutiny (Bloomberg Government) Cybersecurity is in the spotlight in Washington, especially after attacks on U.S. banks in the past two weeks crippled their websites, and the military is playing a central role in the debate

Fixing the 'I' in ISR to save money, boost info sharing (Federal Times) The Defense Department's Defense Intelligence Information Enterprise (DI2E)…Bob Noonan is a senior vice president of Booz Allen Hamilton and a retired

The Luddite atop US cybersecurity (CNN) Department of Homeland Security Secretary Janet Napolitano acknowledged Friday her Luddite-like ways, despite the fact her position puts her in a critical leadership role when it comes to defending the nation's infrastructure from cyberattacks

Brussels sees gold lining to cloud computing (Eur Activ) The European Commission released yesterday (27 September) its EU strategy on cloud computing, which promotes off-site data storage in a bid to create new jobs and raise 160 billion per year in information technology savings. Neelie Kroes, commissioner for the digital agenda, said the strategy would translate into savings of around 300 per person each year. Once the strategy is fully underway, the EU executive said it expected gains of some 600 billion between 2015 and 2020 overall

An Analysis Of Market Demand For Web Programming Languages (TechCrunch) A few months ago, I got the idea that one way to get leads for remote freelance gigs was to scour Craigslist. So, after doing the manual work of 'crawling' through at least 100 job postings by hand, I wrote a Ruby script to do the heavy lifting and filtering for me

As demand rises for cybersecurity professionals, so does their pay (Washington Post) The demand for cybersecurity professionals far outstrips the supply of these highly skilled workers in the Washington area, a dynamic which experts and recruiters say is driving up compensation for qualified individuals and fueling fierce competition among employers to land top talent. Pay for cybersecurity analysts in the region jumped 10. 1 percent this year, according to data compiled by consulting firm Akron on behalf of the Human Resource Association of the National Capital Area

Microsoft Says 6,000 Jobs Open, Wants More Visas (InformationWeek) Microsoft says it can't find enough skilled IT workers to fill open positions, but critics say the company is merely trying to justify hiring foreigners

Government contractors seeking commercial opportunities in cyber (Washington Post) Hanover-based KEYW, for instance, has been known for its work with federal intelligence agencies, but recently announced it's working on a commercial

Cyber security firm makes rounds (International Financing Review) Cyber security firm KEYW Holding has locked in acquisition-related financing from the upsized sale 7.4m shares at US$11.75. In what has been a rotation of

General Dynamics Information Technology Secures $94 Mln Task Order (NASDAQ) As per this contract, General Dynamics will deliver cost-effective, innovative technology, logistics and program management support for command, control, communications, computers, intelligence, surveillance and reconnaissance systems

Lagardere throws cold water on EADS deal (Financial Times) A fresh obstacle was thrown in the path of the 34bn Euro proposal to combine EADS, the European aerospace group, with UK defence operator BAE Systems on Monday when Lagardere, the French media group and key EADS shareholder

BAE Said to Brief Pentagon on EADS Merger to Save Status (Businessweek) BAE Systems Inc., the U.S. unit that has $14.4 billion in defense contracts and provides training to the Central Intelligence Agency, is trying to persuade the Pentagon to let it keep a security arrangement governing involvement by its foreign owners

SAIC CEO John Jumper speaks on company split, sequestration (Washington Business Journal) After the announcement late last month from Science Applications International Corp. that it will split into two publicly traded companies, CEO John Jumper said Thursday that the spinoff "technical services" company will be located in the Washington area, while the second company is likely remain at its corporate headquarters, an 18-acre Tysons Corner campus

SRA to Provide Software Support and Enhancements for U.S. Army's Enterprise Information Systems (BusinessWire) Contract will deliver software support and enhancements for the military organization's human resources, logistics and major range management processes. SRA International, Inc., a leading provider of technology and strategic consulting services and solutions to government organizations, announced it has been selected by the U.S. Army to provide systems software support and enhancements for the Program Executive Office (PEO) Enterprise Information Systems (EIS) Installation Support Modules (ISM) Range Facility Management Support System (RFMSS) project as part of a contract award valued at more than $16 million if all options are exercised

Kathy Ditto Discusses Mobility and Marketing Strategies at Cisco (GovConWire) Kathy Ditto is Cisco Systems senior director for U.S. public sector marketing where her responsibilities include shaping how solutions and products are advertised and shaping strategies for growth. In her Q&A with ExecutiveBiz, Ditto discusses a wide-array of topics beginning with an explanation of her position at Cisco. The senior executive also speaks about mobility, which is a

Cisco Customers Discuss Its Future (Information Week) The shocker is that VMware is getting a look from 38% of Cisco customers who are in search of alternatives

RIM Beats Earnings With Narrower Loss (Information Week) RIM surprised analysts and investors by reporting a smaller loss than expected for its second fiscal quarter. What saved it? Emerging markets

Research and Development

14 Amazing DARPA Technologies On Tap (InformationWeek) Go inside the labs of the Defense Advanced Research Projects Agency for a look at some of the most intriguing technologies they're developing in computing, electronics, communications, and more

Security Patches, Mitigations, and Software Updates

Adobe certification revocation for October 4th (Internet Storm Center) Yesterday Adobe came out in a bog post stating an "inappropriate use of an Adobe code signing certificate for Windows". Apparently they discovered a "compromised build server with access to Adobe code signing infrastructure". (Which is corporate speak for "one of our servers was hacked".) They "immediately decommissioned the existing Adobe code signing infrastructure and initiated a forensics investigation to determine how these signatures were created". This apparently only effects "the Windows platform" and "three Adobe AIR applications for both Windows and Macintosh". I found a list of the applications involved, and how to update them on this page…This update revocation will not occur until the 4th of October

Cyber Attacks, Threats, and Vulnerabilities

Bank attackers more sophisticated than typical hacktivists, expert says (CSO) FireEye researcher says he still believes individual sympathizers involved. The Islamic hackers who said they were behind cyberattacks that disrupted the online operations of several U.S. banks this week had technical firepower that went beyond the typical hacktivist, said one security expert. Experts debated the methods used in cyber-assaults on Wells Fargo, U.S. Bank and PNC Bank, each struck on separate days, were an expression of anger over YouTube video trailers denigrating the Prophet Muhammad

PNC Bank, Wells Fargo, US Bank hacker attacks planned for weeks, experts say (Newsday) Cyber attacks on the biggest U.S. banks, including JPMorgan Chase & Co. and Wells Fargo & Co., have breached some of the nation's most advanced computer defenses and exposed the vulnerability of its infrastructure, said cybersecurity specialists

Verizon Official Calls Cyber Attacks on Banks Escalation (Businessweek) Verizon Communications Inc. (VZ) is helping to investigate a series of cyber attacks that have disrupted the websites of the biggest U.S. banks over the past two weeks, a company official said. Verizon is looking into the attacks, which commandeered

Cyber Attack Leaves Comair Employees Without Paycheck (WKRC) A spokesperson with Delta tells Local 12 that hundreds of Comair employees did not get a paycheck today because of a cyber attack. The attack on PNC Bank reportedly originated out of Iran. 400 employees are affected by the attack

How millions of DSL modems were hacked in Brazil, to pay for Rio prostitutes (Naked Security) Brazilian hackers remotely took over 4.5 million home routers, and compromised their DNS settings in their plot to make a fortune. And what did they spend the money on? Well, in some cases, Rio prostitutes

Invited to change your Twitter profile's header image? Beware, it could be drug spam (Naked Security) Inventive spammers are up to their old tricks again, desperate to do whatever it takes to get you to click on a link to their websites

Every third HDD in Kuwait has malware (Kuwait Times) Kaspersky Lab, a leading developer of secure content management solutions, participated at the Arabic Conference for Information and Communications Security (ACICS), which was held in Kuwait from September 24- 26. In an interview with the Kuwait Times, Vladimir Zapolyansky, the Head of Technology Positioning of Kaspersky Lab, said that the seminar focused on Internet security with main spotlight on cyber threats and technology to improve protection for IT manufacturers. He revealed that the most vulnerable people in the Arab world are the consumers and even companies arent spared by hackers who steal valuable information from them in order to make a quick buck from it

Canada confirms cyber attack, keeps mum on Chinese connection (Oman Tribune) Canada confirms cyber attack, keeps mum on Chinese connection. OTTAWA Canada said late on Friday it was aware of an attempt by hackers to target a domestic energy company, the second time in 24 hours Ottawa had acknowledged a cyber security

Canada Investigates Cyber Attack (Wall Street Journal) The Canadian government said it is looking into a cyber-attack on the Canadian arm of a company that designs software for the energy industry and helps other firms protect themselves against cyber-attack. A spokesman for the Canadian Cyber Incident

Vulnerabilities in Canadian IT systems are nothing to joke about (Montreal Gazette) The issue of cyber security was raised in the House of Commons on Friday after Reuters reported a China-based cyber attack was successful against a Calgary company that develops software for Canadian energy companies, Telvent Canada Ltd

IEEE password compromise was due to proxy "anomaly" (Help Net Security) Romanian researcher Radu Dragusin has revealed last week that he found the usernames and passwords of 100,000 members of the Institute of Electrical and Electronics Engineers (IEEE) unencrypted on a FTP server, available for anyone to stumble upon

White House Military Office breached by Chinese hackers? (Help Net Security) Following the recent confirmation by a senior intelligence officer with the U.S. Cyber Command that the Pentagon systems and networks are constantly under cyber attacks and cyber espionage attempts that can be traced back to China, the news that the (probably) same attackers targeted the White House military office network shouldn't come as a surprise. According to unnamed sources, the attackers managed to get into one of the U.S. government's most sensitive computer networks, but it seems that protective measures allowed the breach to be quickly detected and blocked

What's the Meaning of This: Adobe Certificate Attack (Threatpost) The news yesterday that Adobe had been compromised and that the attackers were able to get valid Adobe signatures on a pair of malware utilities is one of the more worrisome and troubling stories in what has become a year of huge hacks and historic change in the security industry. Adobe was forthcoming with many of the details of the attack, but the ones that were omitted are the ones that really make a difference in this instance

Indian Army Concerned About Unauthorized Use of USB Drives (Softpedia) The unauthorized use of USB drives represents the cause of more than 70% of the security incidents that affect the systems of the Indian Army. Army officials cited by One India News claim that although theyre strictly prohibited from copying sensitive information to such portable storage devices, many employees still rely on them to transfer data. In an attempt to mitigate the threat posed by the misuse of such devices, cyber security guidelines have been issued to ensure that the pieces of malware present on many pen drives will not be able to steal valuable data and send it back to their masters

Academia

L-3, Virginia Tech open cybersecurity center (Washington Post) Defense contractor L-3 Communications and Virginia Tech are set to formally open a cybersecurity research center in Arlington on Friday. The center, located in Virginia Techs Ballston research center, is meant to give L-3 employees access to the universitys labs and equipment and Virginia Techs faculty and students a chance to collaborate with L-3 on cybersecurity research. Les Rose, president of L-3s national security solutions group, said the company is occupying one of the seven floors in Virginia Techs building

Students will be doing vulnerability tests on security products at Iowa State (Australian Techworld) "We have a large pool of students interested in cybersecurity," says Dr. Doug Jacobson, director of ISU's Information Assurance Center, about the new security test facility, which he will oversee and that is being called the Information Systems

HCCC's Cyber Security Program Receives National Security Certification (Madison County Courier) Herkimer County Community College's Cybersecurity program has been awarded certification by the Information Assurance Courseware Evaluation (IACE) Program. This certification recognizes that HCCC's courses have met all elements of the

Cybersecurity students get scholarships in US (Times of India) For students seeking to become cyber warriors, the US government has a sweet deal. Full tuition, expenses and a stipend will be paid at any of dozens of universities for students to get specialised cyber security training, in exchange for an equal number of years working for a federal agency

Litigation, Investigation, and Enforcement

In U.N. Speech, Assange Demands U.S. End Persecution of WikiLeaks and Bradley Manning (Wired Threat Level) In a speech to a U.N. panel, Julian Assange called on the U.S. Wednesday to stop persecuting Wikileaks and live up to the words spoken by President Obama the day before

Inside N.Z. Police Megaupload Files: U.S. Investigation Began in 2010 (Wired Threat Level) Newly released files from New Zealand police show that the country set up a special task force to aid the U.S. investigation of file-sharing kingpin Kim Dotcom and questioned whether dawn paramilitary raid with helicopters was warranted for fraud charges

Apple Could Face Scrutiny Over Standard Warranty Duration On Products In The EU (TechCrunch) Apple has faced heat in Italy over its standard consumer product warranty, which offers consumers protection against manufacturer-caused defects and failures for one year, and now it looks like that might lead to even more trouble across the European Union, according to a new letter from EU Justice Commissioner Viviane Reding. In the letter, Reding asks member countries to find out whether Apple might be failing to notify customers of their "automatic and free-of-cost entitlement to a minimum two-year guarantee under EU law

How a rogue appeals court wrecked the patent system (Ars Technica) Federal Circuit Appeals Court marks 30 years of spreading the "patent gospel." In 1972, the Court of Customs and Patent Appeals (CCPA) got a new chief judge named Thomas Markey. At Markey's investiture ceremony, patent attorney Donald Dunner spoke of the "anguish of the patent bar about the treatment of patents in various federal courts." The CCPA, a DC-based court that heard appeals from the US Patent & Trademark Office, was considered to be relatively pro-patent—but other federal appeals courts had jurisdiction over actual patent lawsuits and tended to be friendlier to patent defendants. Even worse, in Dunner's view, the Supreme Court itself seemed unfriendly to patent holders

Feds snooping on email activity and social networks, without warrants - and it's on the rise (Naked Security) Documents released by the American Civil Liberties Union (ACLU) on Thursday show that law enforcement agencies in the U.S. have greatly increased surveillance of Americans' electronic communications – often without a warrant or judicial oversight

Big Brother, big dogs are looking at you (UPI) The 2012 U.S. Supreme Court term erupts on the First Monday in October, and in this first month the justices once again look at the intimate relationship between powerful authority and private citizens, and how intrusive that authority can become to protect the nation's interests

Cybercrime law violates freedom of speech HRW (Manila Times) International and local pressure against the controversial anti-cybercrime law continued to mount on Friday as the New York City-based Human Rights Watch (HRW) cited the measures incompatibility with international laws. In a statement, the group called on the Philippine government to repeal Republic Act (RA) 10175, or the Cybercrime Prevention Act of 2012, citing that it is not in consonance with the countrys commitments. It violates Filipinos rights to free expression and it is wholly incompatible with the Philippine governments obligations under international law, said Brad Adams, HRW Asia director

#Anonymous Syrian Activist Arrested By Secret Police Merely For Having Livestreaming App Installed On His Phone (Cyberwarzone) Police and security forces around the world -- and that includes in the West -- hate being recorded when they're overstepping the mark in the execution of their duties, since it allows the public to challenge official accounts, and even to use videos to seek redress. But there's one thing worse than being recorded, and that's being livestreamed: even the most nimble authorities can't confiscate the recording from its creator, since it's already been uploaded for the world to see. No wonder, then, that the livestreaming app Bambuser has become one of the most popular -- and potent -- weapons for activists to deploy against heavy-handed policing, allowing them to fight back in a non-violent way against institutional brutality around the world

Design and Innovation

6 Features I Want In Future Smartphones (InformationWeek) Apple's iPhone 5 makes design advances, but here's how vendors could make smartphones even more useful