World News

Judge Thokozile Masipa said the athlete had acted "negligently" when he fired shots through a toilet door, but in the "belief that there was an intruder".

She said the state had failed to prove he intended to kill Reeva Steenkamp.

The judge allowed Pistorius to remain on bail ahead of sentencing which is to take place on 13 October.

The victim's parents, June and Barry Steenkamp, condemned the verdict, saying it was "not justice for Reeva".

Speaking in an interview with NBC News, June Steenkamp said: "He shot through the door and I can't believe that they believe it was an accident."

However Arnold Pistorius, the athlete's uncle, said the family was "deeply grateful" to the judge for finding him not guilty of murder and that a "big burden" had been lifted.

"There are no victors in this," he added. "We as a family remain deeply affected by the devastating, tragic event... It won't bring Reeva back but our hearts still go out for her family and friends."

South Africa's prosecuting authority said it was "disappointed" Pistorius was not convicted of murder but said it would wait until after sentencing to decide whether to appeal.

The verdict leaves the disgraced sprinter facing up to 15 years in jail, although the judge could suspend the sentence or only impose a fine.

The BBC's Nomsa Maseko said there was a poignant moment in court when Oscar Pistorius's father and Reeva Steenkamp's father hugged each other as the judge adjourned to consider bail.

The athlete was also found guilty on a charge of negligently handling a firearm that went off in a restaurant.

Oscar Pistorius was a picture of composure as the judge announced he was guilty of culpable homicide, a lesser count of murder in South Africa.

The athlete, who became emotional on Thursday after being described as an "evasive witness", seemed to have been expecting this verdict. The judge had already spoken of his negligence and use of "excessive force" when he fired through the door.

Some say this verdict is the best outcome he could have hoped for.

Many South Africans have questioned the judge's decision to acquit him of murder and argue that the prosecution may have grounds to appeal.

For now, the Pistorius family seem relieved. But in the benches opposite them, friends and relatives of model Reeva Steenkamp wept, while others, including her mother June, seemed shell-shocked.

Germany on Friday officially banned Islamic terror group Isis from any activities in the country, warning that the jihadists, who have captured swathes of Iraq and Syria, also posed a threat to Europe.

Defence minister Thomas de Mazière announced the ban on flying Isis flags, wearing Isis symbols and all Isis activities at a press conference on Friday morning.

"The terror organisation Islamic State is a threat to public safety in Germany as well," de Mazière said.  "We are resolutely confronting this threat today. 

"Today's ban is directed solely against terrorists who abuse religion for their criminal goals," he added. "Germany is a well-fortified democracy, there's no place here for a terrorist organisation which opposes the constitutional order as well as the notion of international understanding."

The move will also ban donations to the group, recruiting fighters, holding Isis meetings and distributing its propaganda.

Wolfgang Bosbach, from Chancellor Angela Merkel’s Christian Democratic Union (CDU), told broadcaster ARD on Friday morning that the government had been looking at a ban for some time.

The ban, however, doesn’t mean Isis has been outlawed as a foreign terrorist organization, as a court judgement is needed to do that.

De Mazière's announcement was backed by German police union DPolG. Chairman Rainer Wendt described the ban as "right and necessary". "It would be cynical and irresponsible if we showed tolerance in this situation," Wendt added, warning that otherwise Isis supporters may fly flags on German streets. 

SEE ALSO: Politician compares education reform to 9/11

It comes as the CIA announced that Isis had around 30,000 fighters in Iraq and Syria. Several hundred Germans are also in their ranks.

It is unclear whether Isis has any organizational structure in Germany, but young Germans are being recruited by Salafists, who believe in an extreme form of Islam, to fight for the jihadists in Syria and Iraq. Last week, two were stopped at the German-Austrian border.

A trial also begins on Monday of a 20-year-old in Frankfurt am Main accused of being a member of Isis.

The man, named as Kreshnik B., allegedly travelled to Syria through Turkey and fought against President Bashar Al-Assad’s troops from July 2013 to December 2013.

He was arrested on his return to Germany in December in Frankfurt.

Prosecutors said on the charge sheet that Kreshnik was trained by ISIS in weapons and fighting before joining battles for them.

According to the Frankfurter Allegmeine Zeitung, he was radicalized in the city by Islamic clerics.

Friday's Isis ban is part of a series of measures being taken by the government against the extremists. Weapons and aid have been flown to Kurds fighting the terror group in northern Iraq, but on Thursday Foreign Minister Frank-Walter Steinmeier ruled out German participation in American-led airstrikes against Isis positions in Syria.

That was echoed by Chancellor Merkel's spokeswoman on Friday, who told Reuters that while Germany is concerned for the stability of the region, it will not take part in military strikes.

Other countries to officially ban Isis activities are the Netherlands, UK, and the world's biggest Muslim country, Indonesia. 

In 2007, when the Charles Koch Foundation considered giving millions of dollars to Florida State University’s economics department, the offer came with strings attached.

First, the curriculum it funded must align with the libertarian, deregulatory economic philosophy of Charles Koch, the billionaire industrialist and Republican political bankroller.

Second, the Charles Koch Foundation would at least partially control which faculty members Florida State University hired.

And third, Bruce Benson, a prominent libertarian economic theorist and Florida State University economics department chairman, must stay on another three years as department chairman — even though he told his wife he’d step down in 2009 after one three-year term.

The Charles Koch Foundation expressed a willingness to give Florida State an extra $105,000 to keep Benson — a self-described “libertarian anarchist” who asserts that every government function he’s studied “can be, has been, or is being produced better by the private sector” — in place.

“As we all know, there are no free lunches. Everything comes with costs,” Benson at the time wrote to economics department colleagues in an internal memorandum. “They want to expose students to what they believe are vital concepts about the benefits of the market and the dangers of government failure, and they want to support and mentor students who share their views. Therefore, they are trying to convince us to hire faculty who will provide that exposure and mentoring.”

Benson concluded, “If we are not willing to hire such faculty, they are not willing to fund us.”

Such details are contained in 16 pages of previously unpublished emails andmemos obtained by the Center for Public Integrity.

While the documents are seven years old — and don’t reflect the Charles Koch Foundation’s current relationship with Florida State University, university officials contend — they offer rare insight into how Koch’s philanthropic operation prods academics to preach a free market gospel in exchange for cash.

Approximately 4.93 million Gmail usernames and passwords were published to a Russian Bitcoin forum on Tuesday, as first reported by Russian website CNews. That’s the bad news. The good news is that this leak doesn’t seem as massive upon further inspection.

First off, we got in touch with Google regarding the issue. The company does not believe this is the result of any sort of security breach on its end.

“The security of our users’ information is a top priority for us,” a Google spokesperson told TNW. “We have no evidence that our systems have been compromised, but whenever we become aware that accounts may have been, we take steps to help those users secure their accounts.”

Next, since the posting, the forum administrators have purged the passwords from the text file in question, leaving only the logins. Furthermore, tvskit, the forum user who published the file, claimed that some 60 percent of the passwords were valid.

A quick analysis of the text file shows it includes mainly English, Spanish, and Russian accounts, but also that it seems to combine older lists accumulated over a longer period of time. There could thus be a link to hacks of sites unrelated to Gmail or any of Google’s services, especially if users are choosing the same usernames and passwords for other accounts, as well as phishing attacks.

As a result, this leak likely affects significantly fewer than 5 million users. Many have likely changed their passwords, and certain entries could be for suspended accounts, duplicates or simply outdated.

If you want to check whether your account is included in the leak, you can head to isleaked.com and input your email address (English translation here). We wouldn’t necessarily recommend doing so, however (email addresses could always be accumulated for later spamming): changing your password regardless of whether you’re on the list or not can’t hurt.

Google has taken steps to help them secure their accounts and given them usual recommendations to protect their devices from malware. The company also recommended enabling 2-step verification.

Last month at the FOCI workshop, we presented a security analysis of the Safeplug, a $49 box which promised users “complete security and anonymity” online by sending all of their web traffic through the Tor onion routing network. Safeplug claims to offer greater usability, particularly for non-technical customers, than the state-of-the-art in anonymous Internet browsing: the Tor Browser Bundle (TBB). However, we found that the hardened browser in the TBB is very important for security, and we found a number of usability and security problems with the Safeplug, including the ability for a local or remote attacker to silently turn off Tor or modify other device settings.  Our research concluded that users should run the Tor Browser Bundle if they can; if not, then there is some value in a torifying proxy like Safeplug as long as users are aware of its limitations.  For the rest of this post I’ll review our findings and highlight the differences and tradeoffs between the Tor Browser Bundle and a torifying proxy, like the Safeplug.

The Safeplug.  It’s a small black box that plugs into a user’s router and acts as an HTTP proxy that sends all Web traffic through Tor, which anonymizes the “from” IP address of the user’s traffic.  The figure above shows the setup directions that come with the device; the company that makes the device, Pogoplug, emphasizes an easy installation and setup process and then the user can “Browse the Internet with complete security and anonymity.”  It is marketed as a consumer product for non-technical users and for a broad set of devices.  The Safeplug costs $49 and was released in December 2013.

Usability.  We found that the activation and setup processes were simple and easy to navigate, but both the Terms of Service and the Safeplug settings page needed more information.  First, we noticed that Pogoplug did not include Terms of Service in the box with the Safeplug or as a step in their activation process, and they also  have a broken link to the page that fulfills their compliance with open source licenses by listing all of the open source software they use (such as Tor).  Next, we looked at the settings page, which is shown above.  This page gives the user the option to turn Tor on/off, add sites to a whitelist that don’t get routed through Tor, turn ad blocking on/off, and turn the Safeplug into a Tor relay.  When the relay option is selected, an additional setting is available: the ability to turn the relay into a Tor exit.  Unfortunately, virtually no information is provided to the user about what a relay or exit node is, meaning that users could turn on the exit option without being aware of the complications with their Internet Service Provider or other parties that may result.

Attacks.  First, it’s important to understand a key problem in the implementation of the Safeplug: there is no authentication when a user modifies the settings page.  As shown in more detail in the diagram above, when the user modifies the settings page, the user’s browser generates a POST request that causes a shell script on the Safeplug box to launch a binary file that updates the Safeplug’s configuration.  This allows a malicious user inside the local network to silently modify the settings – they can turn Tor on/off, add/remove sites from the whitelist, etc.  This attacker has two ways of doing this.  Because the settings page is served by the Safeplug box over HTTP, the attacker can open the page in his browser and modify the settings there, or he can directly send the POST request, meaning that this attack can be done from a compromised embedded device, such as a router.  This is an example of why the Safeplug should not be used on an open Wi-Fi network.  Unfortunately, a remote attacker can also modify the settings by carrying out a Cross-Site Request Forgery attack.  This is done by making the victim’s browser send a request to the Safeplug without the user knowing anything is happening.  The attacker creates a website that has JavaScript code to generate the specially crafted POST request, which is sent to all the IP addresses in the common ranges of home networks.  Then, the attacker embeds the link in a page that will be served to a user inside the targeted network, and once the user clicks the link, the settings are modified however the attacker intended.

Miscellaneous Security Problems.  As we analyzed the device, we found a few other security problems. All Safeplug devices have the same 7-character SSH root password (thanks to someone on the tor-talk mailing list for first confirming this issue), and SSH is one of the settings that can be enabled via the unauthenticated RPC calls discussed above. Anyone who learns the root password can make arbitrary changes to the device’s behavior. Next, the device is using old software versions (including versions that were obsolete before the product was released), so a natural solution would be a software update, but there have not been any software updates for the device since it was released.  Additionally, the initial installation process of the software (Tor, Privoxy, etc.) is done via a script which is downloaded over unencrypted HTTP.  There is no authentication or verification of this script before it is run, which could allow an attacker at the right moment to take complete remote control of the Safeplug, possibly turning it into a surveillance box inside a user’s home network.

Is there hope for Torifying proxies? It’s clear that there are some necessary engineering and implementation fixes to the Safeplug, such as authenticating configuration changes and CSRF protections.  Pogoplug should also change the common SSH root password.  But there are also structural problems with the Safeplug, specifically with the way it works – as a torifying proxy.  One problem is specific to mobile devices, which might leak some traffic over the cellular network when the user thinks they are using Tor over wi-fi.  We are also concerned that leaks like this may also facilitate de-anonymization of the user’s Tor traffic.  However, the most crucial problem with a torifying proxy is that it uses a bring-your-own-browser system, as opposed to a hardened browser, and therefore is susceptible to browser-based privacy leaks (via cookies, fingerprinting, scripts, etc.).  This is why it’s better to use the Tor Browser Bundle, but if a user’s device cannot use the Tor Browser Bundle, then there is some value in using a torifying proxy like the Safeplug (but only if it is secure).

e federal government once threatened to fine Yahoo $250,000 a day for not complying with a national security-related request to hand over user data, the company said Thursday.

The announcement, which was first reported by the Washington Post, comes as part of a larger revelation: About 1,500 pages of documents related to Yahoo's 2007-08 case challenging U.S. surveillance law are being released, the company's general counsel, Ron Bell, said on Tumblr.

Cases in the Foreign Intelligence Surveillance Court, which reviews government requests to spy on individuals, are classified.

"The released documents underscore how we had to fight every step of the way to challenge the U.S. government’s surveillance efforts," Bell said. 

The Justice Department and the Office of the Director of National Intelligence also announced the declassification of the documents Thursday.

Yahoo, they said in a statement, was required “to assist the U.S. government in acquiring foreign intelligence information through the surveillance of targets reasonably believed to be located outside the United States.”  

When the company refused to comply, it argued that handing over the information would violate its customers’ 4th Amendment rights.

The government took the matter to the Foreign Intelligence Surveillance Court, which decided Yahoo should comply. Yahoo appealed the decision and lost.

The debate over privacy versus national security kicked into high gear last year when former National Security Agency contractor Edward Snowden began leaking details of secret agency spying programs.

Under PRISM, one of the systems Snowden exposed, the NSA obtains data via secret court orders to U.S. technology companies such as Yahoo, Google and Facebook. The NSA collected more than 250 million Internet communications under PRISM in 2011, according to a declassified decision by the Foreign Intelligence Surveillance Court.

What to do about SHA-1 Deprecation and How to Transition to SHA-2

• Chrome 37 – current version
• Chrome 38 – beta in progress
• Chrome 39 – beta launch Sep 26, 2014
  • SHA-1 certs expiring Jan 1, 2017 or later receive yellow triangle warning
• Chrome 40 – beta launch Nov 7, 2014
  • SHA-1 certs expiring between June 1, 2016 – December 31, 2016 receive yellow triangle warning
  • SHA-1 certs expiring after Jan 1, 2017 receive neutral warning (shows https in grey instead of green)
• Chrome 41 – beta launch Q1 2015
  • SHA-1 certs expiring Jan 1, 2016 -> Dec 31, 2016 receive yellow triangle warning
  • SHA-1 certs expiring Jan 1, 2017 or later receive red strike-through warning

• January 1, 2016 – Microsoft will end trust for SHA-1 Code Signing Certificates
• January 1, 2017 – Microsoft will end trust for SHA-1 SSL Certificates

The Royal Institution of Chartered Surveyors (RICS) said the number of house sales agreed in August fell for the first time in two years.

Surveyors also expect prices to rise more rapidly outside London than in it.

The biggest increases are expected in Northern Ireland, The East Midlands and Scotland.

RICS said price momentum in London had started to "soften", as flats and houses had become more unaffordable.

"In some areas the recovery has only recently taken hold and affordability is rather less stretched," said Simon Rubinsohn, RICS chief economist.

"Significantly, members now expect price gains over the next year to be faster outside of the capital, than in it."

Capital Economics said it was further evidence that the market was running out of steam.

The survey also revealed a big fall in the number of enquiries from new buyers, and a lengthening in the time it takes for sales to go through.

RICS blamed the new, tougher, mortgage rules for the slow-down, which came into effect in April.

They said the prospect of a first rise in interest rates for over five years was also having an effect.

Researchers at comparison website MoneySuperMarket examined house prices, rental costs, salaries, unemployment rates, and life satisfaction.

Cardiff came top of 12 cities, having scored well on all factors apart from salaries.

It had the lowest cost of living, at £359 per week.

It also had one of the lowest unemployment rates, at 8.1%.

Residents have also been feeling significantly better off over the last year, with disposable incomes growing by 3.7%, said the comparison website.

Cardiff replaces Bristol, which came top of the table last year.

Living costs in Bristol rose to £430 a week, while growth in disposable incomes fell from 3.3% in 2013 to 2.8% in 2014.

Belfast and Bradford both saw big improvements, rising to second and third in the table.

It was one of a series of measures announced at an economic summit in London, attended by Chinese vice premier Ma Kai.

"The more Chinese tourists the merrier," the chancellor said.

He also announced deals worth £2.6bn between Chinese and British firms.

The visa refund plan would apply to Chinese tourists visiting Britain in organised tour groups.

The government will also exempt approved tour groups from needing a transit visa, making it easier for Chinese tourists to use British airports as hubs for international travel.

"I think that will strengthen British aviation, strengthen British airports as hubs for direct routes to China, so that people use British airports as a jumping off point for trips around Europe," Mr Osborne said.

"Of course one of the really exciting things we see all around is more and more Chinese tourists coming to the United Kingdom and they are very, very welcome," he added.

More flights between the two countries have also been agreed and £1.6m will be spent marketing Britain in China.

National tourism agency VisitBritain welcomed the visa plan, describing it as "the perfect catalyst to enable Chinese tourists to not only visit Britain, but travel right across the country".

Other deals agreed include British businesses helping to build Chinese websites and rail infrastructure as well as Chinese investment in areas such as UK shipping, golf courses, and healthcare.