I'm more than a little surprised that there have been no major data breach reports for the last few days – must be one of those statistical anomalies I tell my students happen on rare occasions... Sort of like winning the lottery.
Sure we watch and record, but its not surveillance!
Billboards That Look Back
By STEPHANIE CLIFFORD Published: May 31, 2008
In advertising these days, the brass ring goes to those who can measure everything — how many people see a particular advertisement, when they see it, who they are. All of that is easy on the Internet, and getting easier in television and print.
... Now, some entrepreneurs have introduced technology to solve that problem. They are equipping billboards with tiny cameras that gather details about passers-by — their gender, approximate age and how long they looked at the billboard. These details are transmitted to a central database.
... So far the companies are not using race as a parameter, but they say that they can and will soon.
Points to older articles, but useful for guiding the student “White Hat Hacker” club
http://www.pogowasright.org/article.php?story=20080601063401449
Computer Crime Laws Chill Discovery of Customer Privacy Threats
Sunday, June 01 2008 @ 06:34 AM EDT Contributed by: PrivacyNews News Section: Internet & Computers
... Making a server owner's subjective preference with regard to uses of Internet connected computers the dividing line between legal and illegal behavior is a real problem. Even if you don’t circumvent any security measures, if you access a web server to test whether your account information or unencrypted passwords are available to hackers, or to download potentially embarrassing recorded comments by the Governor, or to get price information so that your company can market competitive products and services, you could be breaking the law.
Source - EFF
[From the article:
We need a new paradigm for computer crime law. Former federal prosecutor Orin Kerr, now a law professor at George Washington University, has proposed that courts reject both implied and contract-based notions of authorization and limit the scope of unauthorized access statutes to cases involving the circumvention of code-based restrictions. This proposal solves some, though not all, of the problems with the current statutes. We need more academics, lawyers, and technologists thinking about how to enable users to explore how webservers store their information without opening that information up to attackers who intend to invade privacy or misuse data for their own economic gain.
Not sure I agree totally, but it led me (via Google) to several articles on iPhone forensics.
http://yro.slashdot.org/article.pl?sid=08/05/31/1323230&from=rss
Full Disclosure and Why Vendors Hate It
Posted by CowboyNeal on Saturday May 31, @10:39AM from the into-the-light dept. Privacy Security IT
An anonymous reader writes
"Well known iPhone hacker Jonathan Zdziarski gave a talk at O'Reilly's Ignite Boston 3 this week in which he called for the iPhone hacking community to embrace full disclosure and stop keeping secrets that were leading to the iPhone's demise. He has followed up with an article about full disclosure and why vendors hate it. He argues that vendor-only disclosure protects the vendors and not the consumer, and that vendors easily abuse this to downplay privacy concerns while continuing to sell insecure products. In contrast, he paints full disclosure as a capitalist means to keep the vendor accountable, and describes how public outcry can be one of the best motivating factors to get a vulnerability addressed."
Very interesting description of a PDF hack...
http://www.f-secure.com/weblog/archives/00001449.html
DHS PDF
Posted by Mikko @ 12:14 GMT Sunday, June 1, 2008
... When this PDF is opened in Acrobat Reader, it uses a known exploit to to drop files.
Specifically, it creates two files in the TEMP folder: D50E.tmp.exe and 0521.pdf.
Then it executes the EXE and launches the clean 0521.pdf file to Adobe Reader in order to fool the user that everything is all right.
... The SYS component is a rootkit that tries to hide all this activity on the infected machine.
The backdoor tries to connect to port 80 of a host called nbsstt.3322.org. Anybody operating this machine would have full access to the infected machine.
Well, 3322.org is one of the well-known Chinese DNS-bouncers that we see a lot in targeted attaks. Does nbsstt mean something? Beats me, but Google will find a user with this nickname posting to several Chinese military-related web forums, such as bbs.cjdby.net.
Something for my web site class this summer...
http://live.psu.edu/story/31017
Interactive Web sites draw minds, shape public perception
Sunday, May 25, 2008
University Park, Pa. -- The interactive look and feel of a corporate Web site could help shape positive perceptions about the organization if the site includes a likeable design and features that engage the target audience, especially job seekers, according to media researchers.
S. Shyam Sundar, professor of film, video and media studies at Penn State, and Jamie Guillory, formerly an undergraduate student at Penn State, are trying to understand how interactivity in Web sites influences the public perception of an organization. In previous studies of Web sites of political candidates, Sundar had found that the candidates were rated more positively if their site had some interactive features, even though the sites had no new content, and the candidates held the same policy positions. But too much interactivity tends to turn off people.
So you want to publish on the web?
http://barcorefblog.blogspot.com/2008/05/google-book-search-bibliography-now.html
Tuesday, 27 May 2008
Google Book Search bibliography now available
Digital librarian Charles W. Bailey Jr. has posted a Google Book Search bibliography on the Digital Scholarship website. The bibliography focuses on the evolution of Google Book Search and the legal, library, and social issues associated with it. Where possible, links are provided to works that are freely available on the Internet, including e-prints in disciplinary archives and institutional repositories.
Meanwhile, Inside Higher Ed. reports that Microsoft is ending two projects - Live Search Books and Live Search Academic - designed to digitize books and journals. A post on the official MS Live Search blog explains that they digitized 750,000 books and indexed 80 million journal articles but concluded from this experience that best way for a search engine to make book content available will be by crawling content repositories created by book publishers and libraries.
No comments:
Post a Comment