HazDat
4May/12

Corporations Are People, My Friend. But, IP Addresses Are Not.

When a judge makes a good decision, it shouldn't be news. But, in this case, it's very good news indeed.  This week New York Magistrate Judge Gary Brown for the United States District Court for the Eastern District of New York filed a 26-page ruling pointing out that the person listed as an Internet account holder is often not the person using the account.

"It is no more likely that the subscriber to an IP address carried out a particular computer function–here the purported illegal downloading of a single pornographic film–than to say an individual who pays the telephone bill made a specific telephone call," Brown said in his Order & Report & Recommendation, filed May 1.

"An IP address merely identifies the location where a certain activity occurred", Brown noted. A computer in a household is usually shared, which means a child, a boyfriend, or any other visitor, is just as likely to be using the computer. Brown also noted that many households now have a wireless network. If the network is not secured, many people, including neighbors and strangers, can be sharing that IP address without the original account holder's knowledge.

"Considering the weak relationship between an IP address and personal identity, it's likely copyright holders were accusing the wrong people of violating copyright", Brown noted. Mass-BitTorrent lawsuits relying entirely on IP addresses to identify copyright infringers were a "waste of judicial resources," he wrote.

VIA: http://securitywatch.pcmag.com/security/297475-ip-address-not-a-person-judge-says-in-copyright-lawsuit

Share
30Mar/12

‘Massive’ credit card data breach involves all major brands

This breach has already been confirmed by the big processors, and seems to be larger in scope than prior breaches.

VIA http://money.cnn.com/2012/03/30/technology/credit-card-data-breach/?source=cnn_bin

Share
23Mar/12

Sarkozy: Anyone who “consults Internet sites which promote terror” should go to jail

Sarkozy: Anyone who "consults Internet sites which promote terror" should go to jail | http://t.co/u34fQrH8

 

Share
19Mar/12

There’s an app for that: How researchers pwned your mind

Researchers turn smartphone users into unwitting minions with a simple app

With mobile users becoming more reliant on their devices and accompanying applications, researchers from Northwestern University have discovered the ease with which user’s mobility can be “soft” controlled.

As smartphone apps become further and further integrate into our daily lives, you have to wonder if we’re in control of our desires or if mobile applications are starting to controlling us.

To discover the ease with which app users can be manipulated, researchers from the McCormick School of Engineering at Northwestern University underwent a study to determine whether they could change the habits of a smartphone user’s mobility through gaming and social-networking applications. The goal was to compel them to visit areas less frequented.

How can an application affect on our decisions on a daily basis?

Like with advertising, we can be compelled by Foursquare to achieve or maintain our “Mayor” standing at a particular restaurant or venue. We might be manipulated, for instance, to travel not to the local pizza shop, but instead to the Chinese food store that we’ve been visiting repeatedly for the last month.

The research was conducted by John Rula and Fabián E.

Bustamant and titled, “Crowd (Soft) Control Moving Beyond the Opportunistic.” They used four foundational elements that work together offer individuals incentives:

  • Location: The location desired stated in terms of latitude and longitude, and optionally altitude and heading.
  • Action: The type of action to be triggered at the particular location and time.
  • Expiration Time: The time when the request is no longer valid; this is used to control the timing and relevancy of actions.
  • Ranking: The relative importance of the location. This can be used by the game to differentiate incentives by priority Rula and Bustamant created an Android-based augmented reality game titled, “Ghost Hunter,” which required users to chase monsters and ghosts throughout the neighborhood. The objective of the game was to “zap” the ghosts and monsters by capturing the augmented image on their mobile phone’s camera. But what users were not aware of was the researcher’s underlying intent.

The researchers had positioned the ghosts in exact locations, around a predetermined building. The resulting photographs of the “ghosts” enabled the researchers to create a 3D picture of the building from the collected images. While the photographic modeling of the building was successfully crowdsourced by the unsuspecting “Ghost Hunter” gamers, what the researchers had also discovered was the ability to compel users to capture images of the building from angles and locations typically not frequented, as the image below indicates.

While mobile users are concerned about their privacy, the ease with which they can be “soft” controlled raises a whole new issue altogether. Games and social networks not only offer a means of learning more about the people who use them, they can potentially offer a way to control their actions. Manipulating users into conducting illegal acts or luring them to dangerous locations is very much a reality.

Only days ago, three Japanese tourists were mislead by their GPS into the Moreton Bay in Australia during a low tide and became trapped in the thick mud. With the tide rising, they were forced to abandon their waterlogged rental car.

Ultimately, users will have to decide for themselves where they draw the line. As the research reiterates, “As augmented reality gamers can be trusted to exercise their best judgment during play, users of extended location based applications should be trusted to judge the suggestions made through CSC (Crowd Soft Control).”

Via http://www.digitaltrends.com/mobile/researchers-turn-smartphone-users-into-unwitting-minions-with-a-simple-app/

 

 

Share
18Mar/12

Megaupload Seizure Order “Null and Void” Says High Court

In another astonishing development in the Megaupload saga, a judge in New Zealand’s High Court has declared the order used to seize Kim Dotcom’s assets as “null and void”. The blunder, which occurred because the police applied for the wrong type of court order, means that the Megaupload founder could have his property returned.

Just when it seemed that the handling of the Megaupload case couldn’t get any more controversial, a development from New Zealand has taken things to the next level.

Following the raids on Kim Dotcom’s mansion in January, police seized millions of dollars worth of property belonging to the Megaupload founder. But thanks to a police blunder, he could now see all of those assets returned.

On Friday, Justice Judith Potter in the High Court declared the order used to seize Dotcom’s property “null and void” after it was discovered that the police had acted under a court order that should have never been granted.

The error dates back to January when the police applied for the order granting them permission to seize Dotcom’s property. Rather than applying for an interim restraining order, the Police Commissioner applied for a foreign restraining order instead, one which did not give Dotcom a chance to mount a defense.

According to New Zealand Herald, on January 30th prosecution lawyer Anne Toohey wrote to the court explaining that the wrong order had been applied for and detailed five errors with the application.

Justice Potter said that police commissioner Peter Marshall tried to correct the error by applying for the correct order after the raids were completed and retrospectively adding the items already seized.

Although the correct order was eventually granted albeit on a temporary basis, Potter said she will soon rule on whether the “procedural error” will result in Dotcom having his property returned.

The Crown is arguing that since the new order was granted the earlier error no longer matters, but Dotcom’s legal team framed it rather differently by describing the seizure of assets as “unlawful”.

Whether the assets are returned will rest on Dotcom’s legal team showing a lack of “good faith” in connection with the blunder. A hearing to decide if the assets will be returned will take place next week.

Via http://torrentfreak.com/megaupload-seizure-order-null-and-void-says-high-court-120318/

 

 

 

Share
15Mar/12

FBI’s most wanted smartphone

FBI Can't Crack Android Pattern-Screen Lock | Threat Level | Wired.com

Pattern-screen locks on Android phones are secure, apparently so much so that they have stumped the Federal Bureau of Investigation.

The bureau claims in federal court documents that forensics experts performed “multiple attempts” to access the contents of a Samsung Exhibit II handset, but failed to unlock the phone.

An Android device requires the handset’s Google e-mail address and its accompanying password to unlock the handset once too many wrong swipes are made. The bureau is seeking that information via a court-approved warrant to Google in order to unlock a suspected San Diego-area prostitution pimp’s mobile phone. (For details on the pimp investigation, check out Ars Technica‘s story on the case.)

Locking down a phone is even more important today than ever because smart phones store so much personal information.

What’s more, many states, including California, grant authorities the right to access a suspect’s mobile phone, without a warrant, upon arrest for any crime.

Forensic experts and companies in the phone-cracking space agreed that the Android passcode locks can defeat unauthorized intrusions.

“It’s not unreasonable they don’t have the capability to bypass that on a live device,” said Dan Rosenberg, a consultant at Boston-based Virtual Security Research.

A San Diego federal judge days ago approved the warrant upon a request by FBI Special Agent Jonathan Cupina. The warrant was disclosed Wednesday by security researcher Christopher Soghoian, In a court filing, Cupina wrote: (.pdf)

Failure to gain access to the cellular telephone’s memory was caused by an electronic ‘pattern lock’ programmed into the cellular telephone. A pattern lock is a modern type of password installed on electronic devices, typically cellular telephones. To unlock the device, a user must move a finger or stylus over the keypad touch screen in a precise pattern so as to trigger the previously coded un-locking mechanism. Entering repeated incorrect patterns will cause a lock-out, requiring a Google e-mail login and password to override. Without the Google e-mail login and password, the cellular telephone’s memory can not be accessed. Obtaining this information from Google, per the issuance of this search warrant, will allow law enforcement to gain access to the contents of the memory of the cellular telephone in question.

Rosenberg, in a telephone interview, suggested the authorities could “dismantle a phone and extract data from the physical components inside if you’re looking to get access.” However, that runs the risk of damaging the phone’s innards, and preventing any data recovery.

Linda Davis, a spokeswoman for forensics-solutions company Logicube of suburban Los Angeles, said law enforcement is a customer of its CellXtract technology, which it advertises as a means to “fast and thorough forensic data extraction from mobile devices.” But that software, she said in a telephone interview, “is not going to work” on a locked device.

All of which is another way of saying those Android screen locks are a lot stronger than one might suspect.

It was not immediately clear whether the iPhone’s locking system is as powerful as its Android counterpart. But the iPhone’s passcode has been defeated with simple hacks, the latest of which was revealed in October 2010.

Clearly, the bureau is none too happy about having to call in Google for help. The warrant requires Google to turn over Samsung’s “default code” in “verbal” or “written instructions for overriding the ‘pattern lock’ installed on the Samsung model SGH-T679.” Google spokesman Chris Gaither would not say if Google would challenge any aspect of the warrant. Google, he said, does not comment on “specific cases.” “Like all law-abiding companies, we comply with valid legal process. Whenever we receive a request we make sure it meets both the letter and spirit of the law before complying,” he said in an e-mail. “If we believe a request is overly broad, we will seek to narrow it.” Photo: Mike Dent/Flickr

Via http://www.wired.com/threatlevel/2012/03/fbi-android-phone-lock/

 

Share
9Mar/12

Deportation: There’s an app for that.

PHOENIX -- A group of pro-immigrant rights activists in Arizona aim to develop a smartphone application that would help immigrants notify friends, family and their attorney if they are detained and arrested during a traffic stop.

Arizona was the first state to pass a law to make it a crime to be an undocumented immigrant (SB 1070), leading to an increased crackdown and climate of fear among immigrants. A recent Department of Justice investigation on racial profiling of Latinos by the Maricopa County Sheriff’s Office found that Latinos were four to nine times more likely to be pulled over in a traffic stop than non-Latinos

“When someone gets pulled over the first thing to worry about is the family,” said Lydia Guzman, the president of the nonprofit Respect/Respeto.
For years, the nonprofit’s emergency hotline has monitored cases of possible civil rights violations against Latinos by local law enforcement, provided information about rights, and tracked down missing family members in immigration custody after undocumented drivers are detained.

“It’s difficult. We try to get all of this information from them to reach their family, while at the same time we’re trying to advise them about their rights,” she said.

It was Guzman’s experience with Respect/Respeto and the increased crackdown on undocumented immigrants by local police using state laws that inspired her friend Todd Landfried, a spokesperson for Arizona Employers for Immigration Reform, to come up with an idea for a smartphone app that could do what the group does and more.

The app will allow users to notify family, friends, attorneys and even their consulate when they get pulled over by law enforcement or when they are facing an emergency situation that puts their safety or civil rights at risk.

With the touch of a button, Landfried says, the “Emergency Alert and Personal Protection” app will send a pre-set list of people information about the person’s location using GPS technology and date and time of the incident. The app will also have an option to record audio and video, which is a common function on most mobile phones, but it will take it a step further by sending the audio and video to a “web interface” where the data can be stored and accessed by lawyers, for example.

It will also inform them, in English and Spanish, of their civil rights if they are arrested during a traffic stop; for example, reminding them that they have the right to remain silent and have an attorney present during questioning.

Guzman says the app could help people make split-second decisions at a crucial moment about who to call and how to get help. She says it would also provide immigrant advocates a starting point to search for undocumented immigrants once they are in the detention system – a search that can sometimes take days.

In order to take the app from idea to reality, Landfried and Guzman recently launched a 30-day crowdfunding campaign to support the development of the app. If they reach their goal of raising $225,000, they will work with a software developer to have the app ready by July. Donors would get the app, which will cost about $2, for free.

The app is similar to the “I’m Getting Arrested” app that launched in response to the arrests of protestors involved in the Occupy movement. Landfried and Guzman say their app would be designed to specifically address the situation of undocumented immigrants pulled over in traffic stops. They say it would consolidate functions on the phone to allow users to document, store and send photos, audio and video to web interface that can be used to document racial profiling or violations of civil liberties.

Landfried says he believes Latinos are well-positioned to make use of such an app based on recent trends of Latinos' usage of smartphones.
According to a 2010 Nielsen Company report, 45 percent of Hispanic mobile users have a smartphone compared to just over a quarter of white mobile users.

Landfried and Guzman say they hope the app can be a tool for tracking statistics of potential instances of racial profiling.

“Keeping in mind you have to protect the attorney-client privilege,” Landfried said. “If data was made anonymous, we can track how many times people hit the button for traffic stops and they can fill in later what the outcome was.”

“This is about protecting people. Everybody has rights, whether you like it or not,” he said.

Via http://newamericamedia.org/2012/03/im-getting-arrested-app-aims-to-help-those-detained-in-traffic-stops.php

 

Share
9Feb/11

iConfess: Penance, There’s an App for That

I confess, though I consider myself a spiritual person, I'm not very religious. People born of a particular faith have all kinds of excuses for their lack of observance. But, usually, it just boils down to a matter of convenience. That's not my problem. I take my kids to religious school every week. I Facebook with a rabbi, a minister, a Jogye, a couple Hasidim, and members of an entire profession that most modern religions have determined to be Satan's disciples. I have plenty of opportunity, and ample reason, to pray and ask for forgiveness.

But, for those of you still searching for excuses, here's one less: If you happen to be Catholic, you no longer have to schlep your tuchas to the confessional. Now the "Jesus Phone" will bring the power of the confessional to the palm of your hand. What's more, this app not only received the coveted blessing of St. Jobs himself, but it even got the Pope's blessing for goodness sake. Which is impressive and shows great benevolence on the part of the church, considering that this app clearly duplicates existing ecclesiastical functionality.

I'm impressed that the Vatican is willing to embrace technology with open arms. Science, after all, is not their strong subject. The only question I have is, should one's iPhone become an item of evidence in a legal context, is it possible that this app will confess your sins to the police as well?

Share
8Feb/11

I Know What You Did Last Winter (Snow Job)

For those who believe revenge is a dish best served cold...

Like so many around the country, David Welles has had to endure a long cold Winter this year -- only made worse by the volume of snow in front of his Chicago home, and the untimely disappearance of his snow shovel. While Welles is no better equipped to dig his way out of a snowstorm than anyone else without a shovel, he was perfectly equipped to identify the perpetrator -- or, at least her car. That's because Welles works for a security company by the name of Tunnel Vision Technology, and it appears as though he's been visiting the supply closet.

While we'll presume that David's "eagle eye" came with a receipt, the snow shovel he caught his neighbor stealing on digital video didn't. Under ordinary circumstances, one might turn the evidence over to the police. Then again, under ordinary circumstances, it's not likely there would have been any evidence. But, these are no ordinary circumstances, and these are no ordinary times.

David's shovel was probably worth less than $25, maybe ten on the street. The trail was cold before it was laid. And the "perp" wore gloves, so no fingerprints. This wasn't about money. This was about the age's-old relationship between a man and his tools. Besides, Welles had another idea. He entered an arms race, added a dose of PsyOps... and then he turned to YouTube. The result? What Welles calls, "The Quadrilogy of My Favorite Snow Shovel". See the results for yourself.

(NOTE: If you are ONLY connaisseur of revenge, skip to the mid-point.)

Share
5Feb/11

Scare Tactics: Dam Lies!

What is the world coming to when our leaders use scare tactics to get what they want? (Rhetorical question, of course.) But that's exactly what happened when backers of the so-called "Internet Kill Switch" evoked images of foreign hackers opening flood gates and drowning citizens.

We are very concerned about an electronic control system that could cause the floodgates to come open at the Hoover Dam and kill thousands of people in the process,” said Brandon Milhorn, staff director of the Senate Homeland Security and Governmental Affairs Committee. ”That’s a significant concern.”

Not only is that not a significant concern, it turns out not even to be an insignificant concern. But the false information was no insignificant matter to the Bureau of Reclamation, which runs the power-generating facility on the Arizona-Nevada border.

“I’d like to point out that this is not a factual example, because Hoover Dam and important facilities like it are not connected to the internet,” Peter Soeth, a spokesman for the bureau, said in an e-mail. “These types of facilities are protected by multiple layers of security, including physical separation from the internet, that are in place because of multiple security mandates and good business practices.”

Yesterday we posted a poll to get your opinion on this issue. Please take a moment to make your voice heard.

Share

Log In


Join the conversation...

Join the conversation on Twitter

Join the conversation on Facebook

disquslogo_180 Subscribe to RSS feed

Join the Google conversaton…

Geo Visitors Map