HazDat
5Feb/11

Scare Tactics: Dam Lies!

What is the world coming to when our leaders use scare tactics to get what they want? (Rhetorical question, of course.) But that's exactly what happened when backers of the so-called "Internet Kill Switch" evoked images of foreign hackers opening flood gates and drowning citizens.

We are very concerned about an electronic control system that could cause the floodgates to come open at the Hoover Dam and kill thousands of people in the process,” said Brandon Milhorn, staff director of the Senate Homeland Security and Governmental Affairs Committee. ”That’s a significant concern.”

Not only is that not a significant concern, it turns out not even to be an insignificant concern. But the false information was no insignificant matter to the Bureau of Reclamation, which runs the power-generating facility on the Arizona-Nevada border.

“I’d like to point out that this is not a factual example, because Hoover Dam and important facilities like it are not connected to the internet,” Peter Soeth, a spokesman for the bureau, said in an e-mail. “These types of facilities are protected by multiple layers of security, including physical separation from the internet, that are in place because of multiple security mandates and good business practices.”

Yesterday we posted a poll to get your opinion on this issue. Please take a moment to make your voice heard.

Share
2Feb/11

Senators Deny Similarities Between Egypt’s Internet Blocking & USA’s “Kill Switch” Bill

Some have suggested that our legislation would empower the president to deny U.S. citizens access to the Internet. Nothing could be further from the truth.
-Joseph Lieberman (I-Conn.)

In a statement issued this week, Senators' Joseph Lieberman (I-Conn.), Susan Collins (R-Maine), and  Tom Carper (D-Del.) said that their intent was to allow the president "to protect the U.S. from external cyber attacks," not to shut down the Internet.

Aside from the obvious civil liberties concerns, the problem I see is largely a mechanical one, and it demonstrates the Senators' lack of fundamental understanding when it comes to the world in which they legislate: By the time a cyber attack is apparent, it's no longer likely an "external" threat. The most effective attacks known today are distributed amongst a multitude of machines in various locations, making it impossible to protect citizens without shutting down the Internet -- if such a thing could even be accomplished in this country.

The U.S. network infrastructure is much more complex and diverse than that of Egypt. In part, that has to do with the shear differences in scale. But, perhaps surprisingly, it also has to do with the age of our network. Parts of our interconnected network go back five decades. Some interconnected networks predate the Internet itself. And these are interconnected with new infrastructure being added every day without the need for government knowledge or consent.

Most importantly, when the Advanced Research Projects Agency Network (ARPANET) was conceived, it was specifically designed to survive and reroute against an outage. That means, depending on the final draft, the law would likely be either ineffective, dangerous, or both.

Share
1Feb/11

Internet Explorer Flaw Could Disclose Passwords

Via MSNBC:

A recently discovered flaw in Internet Explorer could allow criminals to collect passwords and banking information. Microsoft is warning Windows users to be aware of the problem, with a manual work-around available, but there is no downloadable software fix available yet. So far, Microsoft says it “has not seen any indications of active exploitation of the vulnerability.”

Read the article: http://technolog.msnbc.msn.com/_news/2011/02/01/5967710-ie-flaw-could-mean-access-to-passwords

Share
31Jan/11

Security Minded: Drive Encryption

The Need

Where do I begin? Even before (maybe especially before) storage devices were portable, they were still vulnerable to theft, due more to their high resale value than the questionable value of their contents. Today, the market value of even a brand-new desktop computer may not be worth the potential consequences of being caught. But, the lucrative identity theft trade has given rise to an entirely different motive for computer, tablet, and cellphone theft. In this case, the device is simply a means to an end.

But theft and the obvious concern over losing such easily and commonly misplaced devices as thumb drives are far from the only reason to encrypt hard drive data. Today, for instance, international travelers may be subject to the copy and search of their hard drives, as authorized by the Department of Homeland Security's U.S. Customs and Border Enforcement's "Policy Regarding Border Search of Information" (July 16, 2008), which, among other things, allows Customs Agents broad discretion to detain "electronic devices, or copies thereof, for a reasonable period of time to perform a thorough border search." Regardless of your motivation, encrypting mobile data storage should be high on your list of priorities. Like my AmericanExpress card, I never leave home with out it.

Note to attorneys, medical professionals, or anyone with a fiduciary responsibility: Unlike most professionals, you may have a legal, if not ethical, responsibility to protect your clients' data. Even if a standard for "reasonableness" has previously been applied to "locks" and other 20th century security practices, it may not apply to devices removed from a secure space. Check with your respective associations and/or licensing boards for more information. ... CONTINUE READING »

Share
27Jan/11

Mixed Messages: US Govt. Tells Companies to Collect User Data, But Not To Use It

Last month the US Federal Trade Commission testified before Congress in order to establish "Do Not Track" legislation, challenging companies to either self-regulate, or face potentially stiff laws prohibiting the tracking of Internet users. This week the US Department of Justice testified before congress to establish regulations requiring data retention for the purposes of investigation and prosecution.

"Data retention is fundamental to the department's work in investigating and prosecuting almost every type of crime," US deputy assistant attorney general Jason Weinstein told a congressional subcommittee on Tuesday. "In some ways, the problem of investigations being stymied by a lack of data retention is growing worse." Weinstein acknowledged that greater data retention requirements raise legitimate privacy concerns but "any privacy concerns about data retention should be balanced against the needs of law enforcement to keep the public safe."

Emphasizing the vast disparity between the testimony of  these two Federal organizations is the following statement from the FTC's own prepared statement to Congress expressing a principal of "reasonable security and limited retention for consumer data" among companies collecting sensitive data.

"A key to protecting privacy is to minimize the amount of data collected and held by ISPs and online companies in the first place," according to John Morris, general counsel at the non-profit Center for Democracy & Technology. "Mandatory data retention laws would require companies to maintain large databases of subscribers' personal information, which would be vulnerable to hackers, accidental disclosure, and government or other third party access."

The DOJ's request would require "an entire industry to retain billions of discrete electronic records due to the possibility that a tiny percentage of them might contain evidence related to a crime," says Kate Dean, executive director of the Internet Service Provider Association. "We think that it is important to weigh that potential value against the impact on the millions of innocent Internet users' privacy."

Share
18Jan/11

Facebook Drops Plan to Disclose Users’ Home Addresses and Personal Phone Numbers

Via Epic.org: Facebook has retreated from its decision to allow third-party access to users home addresses and phone numbers. Facebook backed off after criticism of the new policy, but said it would go forward once it has made further changes. EPIC Executive Director Marc Rotenberg said "Facebook is trying to blur the line between public and private information. And the request for permission does not make clear to the user why the information is needed or how it will be used." EPIC, and several consumer organizations, have complaints pending at the Federal Trade Commission concerning Facebook's earlier changes to users' privacy settings. For more information, see EPIC: In Re Facebook, EPIC: In Re Facebook II, and EPIC: Facebook Privacy.

Read full article at http://epic.org/2011/01/facebook-drops-plan-to-disclos.html

Share
13Jan/11

Privacy Law’s Gone Ex Parte Like it’s 1986…or 1984

A byproduct of life in the 21st Century is that many of the perks of a post-centennial lifestyle require the abdication of a fair bit of privacy to cyberspace. That means that the paper records that once required a search warrant to read (and maybe the forceful extraction from your cold-dead-hands), are now in the possession of companies who don't. Of course there's Facebook and Twitter. Those didn't exist in the 20th. Century. But, what about your phone records and email? While your phone company has long been subject to a warrant or subpoena, in the 21st. Century new "self-service" tools have been developed to help telcos manage the onslaught of requests made particularly attractive by the fact that most of us carry what amounts to a homing-beacon in our pockets. Similarly, while email has always been an attractive source of discovery, until recently most of it resided on each correspondent's physical, and virtual, desktop waiting to get written-over by something more current. Today, it's more likely been put out to pasture in a seemingly-endless "server farm", waiting to be picked by a custodian of records.

Even our personal computers, which have always required a search warrant, and often require a cascading series of search warrants covering various regions of storage space and categories of searches, are rapidly being replaced by windows to the web -- sleek sheets of glass and sculpted-aluminum that act as a portal to your virtual existence. Like a supermodel, these tablets are thin and beautiful, but two-dimensional, with very little substance inside. What makes these devices a reality today is a combination of near-ubiquitous Internet connectivity and access to your personal online data once it's established. Even the notion of "backing up" is becoming a thing of the past, because the data you see, isn't really here. It's somewhere else, presumably safe from destruction, but not necessarily from dissemination. Like many things in life, it's a trade-off.

But, not when it comes to fighting crime. The shift of discovery from physical space to cyberspace is a decided advantage for law enforcement. In fact, Google reports that it responded to more than 4200 discovery requests in the first-half of 2010 alone. One of the reasons these requests have become so popular is that online data is easier seize than a laptop, and often much more useful. Much of what can be had requires no search warrant at all, and thanks to online tools, can be had without even so much as contacting the service provider. Why? Because, unlike the data on your hard drive, you don't necessarily own your data when it's stored in cyberspace.

The Electronic Communications Privacy Act was enacted by Congress in 1986 -- long before most people had access to the Internet, email, or a cellphone. When Mark Zuckerberg's only friends were his stuffed animals. Mind you, it was revolutionary for it's time -- enacted to extend government restrictions on wire taps from telephone calls to also include transmissions of electronic data by computer. But, it doesn't address current evolution. Today, far more can be gleaned from a historical records search than any telephone wiretap. Perhaps that's why last year the Department of Justice argued in favor of warantless email searches. Or why in the same year the DOJ argued that cellphone users had abdicated any expectation of privacy by using a service that stores location data.

Read more at http://www.nytimes.com/2011/01/10/technology/10privacy.html?_r=2&pagewanted=2&ref=technology

Share
10Jan/11

McAfee Predicts Mobile Devices May Be Corporate America’s Real Trojan Horse

If security firm McAfee is right, 2011 may be the tablet computer takes over corporate America. Or more specifically, the year the tablet takes over corporate networks. McAfee predicts that the onslaught of consumer-owned and lent smartphone and tablet devices entering and exiting the office space may pose a new unanticipated threat to corporate security. Their concern is that, not only is the consumer largely ill-prepared to secure devices that may amount to a hole in the Trojan wall big enough to drive a wooden horse into, but that the lack of comprehensive security tools designed around the likes of iPhones, iPads and Android devices, leaves them ill-equipped, even if they were prepared. Potentially, this could mean that personal gadgetry may become the host du jour for new infectious computer viruses, malware, and most alarmingly, remote access to the network the form of "Trojan horses".

While McAfee, one of the world's largest anti-virus software manufacturers, is understandably concerned about the interconnection of consumer-maintained -- and largely unsecured -- devices to more secure corporate networks, I think they may be missing an even bigger threat. While for years USB "thumb drives" have been cheap and affordable, and available in sizes small enough to swallow, they still required the physical removal of data from the premises. This meant exhaustively copying and then walking data out of the building. (See "sneakernet".) And, while every year these storage devices hold more and more data, so does the average corporate server. It's unlikely that portable media will ever quite catchup.

On the other hand, the prevalence of high-powered personal computing devices (yes, I'm talking about your average smartphone) connected to the corporate network allows, not only for the immediate transmission of data off-the-premises, but potentially even the cheapest, least sophisticated, pre-paid Android phone, left "cradled" overnight to a desktop computer, (the same cradle used to charge the battery, and synchronize contacts and calendar events,) could allow for unrestricted unauthorized remote network access over a hard-to-trace personal cellular data connection. Not only is this possible today, but it doesn't require a sophisticated computer virus to accomplish.

Read more at http://www.technewsworld.com/story/71541.html

Share
8Jan/11

Proof That Sprint’s EVO 4G Battery Doesn’t Suck

Sprint EVO 4G Stops Bullet

Sprint EVO 4G Stops Bullet

With all the news on this site about the misuse of personal data, it's nice once in a while to read about how a device can save a life, even when it's severely abused in the process.

The HTC EVO 4G, while a workhorse of a phone, has gotten a very bad wrap for its less-than-stellar battery life. Meanwhile, it looks like Sprint will be facing some real stiff 4G Android competition from its rivals, in the aftermath of this year's Consumer Electronics Show in Las Vegas. Thus, we're sure Sprint will appreciate a little good press for its flagship phone, no matter how decidedly un-technological.

Via Engadget:

We knew the HTC EVO 4G was a pretty super phone, but we didn't know it was an actual superhero. A nightclub valet in Atlanta was recently the victim of two disgruntled patrons' wrath, falling in the middle of a five-shot bullet volley, but luckily for him, he had his EVO in his chest pocket. While the phone's glass shattered on impact, its battery did not and absorbed much of the impact of the one bullet intent on ridding him from this mortal coil. The fortunate chap is still with us, uninjured but stupefied by the event, and he promises he'll never buy another brand's phone again.

Read full article at http://www.engadget.com/2011/01/08/htc-evos-battery-deflects-a-bullet-earns-life-saver-badge-v/

Share
8Jan/11

Feds Charge Two for Allegedly Exploiting Bug in Video Poker Machines

Source: Wikipedia

Source: Wikipedia

Federal prosecutors this week leveled conspiracy charges against two men who allegedly used an exploit against a line of video poker machines to win hundreds of thousands of dollars in unearned jackpots.

Read full article at http://feeds.wired.com/~r/wired/index/~3/BN3JIom0HR4/

Share

Log In


Join the conversation...

Join the conversation on Twitter

Join the conversation on Facebook

disquslogo_180 Subscribe to RSS feed

Join the Google conversaton…

Geo Visitors Map