This is the retail end of Identity Theft. Another car loaded with all the tools for identity theft. (Must be a shop somewhere where you can drive in and get loaded up...)
Question: Is anyone taking the victim data and tracing it back to the security breach where it was obtained? Would there be a demand for such a service?
http://www.pogowasright.org/article.php?story=20080605170037584
Sheriff: Biggest identity theft bust I've ever seen; Lindale man charged
Thursday, June 05 2008 @ 05:00 PM EDT Contributed by: PrivacyNews News Section: Breaches
Smith County Sheriff J.B. Smith says it's the biggest identity theft bust he's seen in his 32 years as sheriff.
Smith County Sheriff's Deputies checked on a man sleeping in his car at Lindsey Park in Tyler Tuesday morning. When the man woke up, Sheriff Smith said he tried to drive off, but his car stalled. Smith says the man was arrested after he started a fight with deputies.
Deputies arrested 27-year-old Lucas George Cates of Lindale. Inside his car, they found nearly 500 stolen credit card numbers, fake checks and supplies to make more. They also found stolen identification, including driver's licenses, birth certificates and student ID's, from 200 people in Texas.
... Sheriff Smith said among the 500 stolen credit card numbers, 150 were from people that stayed at the Wingate Hotel in Las Colinas, a suburb of Irving.
Source - KETK
Consider this is light of the proposal to put this data online. Does the “we've been doing it for years” argument hold any weight?
http://www.phiprivacy.net/?p=456
Your private health details may already be online
Elizabeth Cohen writes for CNN: Jun-5-2008
Imagine my surprise when, in the course of doing research for this story, I stumbled upon my own personal health information online.
art.online.medrecords.cnn.jpg
There it was in black, white, and hypertext blue. My annual mammograms; the visits to the podiatrist for the splinter in my foot; the kind of birth control I use — it was all on my health insurance company’s Web site. And that’s not all: The prescriptions drugs I use were listed on the Web site where I get my prescription drug insurance.
I had no idea this was all on the World Wide Web.
Full story – CNN http://www.cnn.com/2008/HEALTH/06/05/ep.online.records/index.html
Tools & Techniques “What could possibly go wrong?” Skipper of the Titanic
http://blog.wired.com/27bstroke6/2008/06/nypd-helicopter.html
NYPD Helicopter Views Faces from Miles Away
By Kim Zetter June 05, 2008 12:03:07 PM
An ubertech "verti-bird," as Fox News is calling it, is flying over the skies of Manhattan allowing police to see and recognize a face from two miles away, peer inside a building from three to four miles away, and track a suspect car from 12 miles away.
... Police insist they're only using the helicopter for legitimate law enforcement purposes in public places and would never peer inside someone's home, but privacy activists have concerns.
Tools & Techniques (Unfortunately, the site seems to have been overloaded before they were able to capture a mirror.) Interesting arguements though... If I create a pornographic image of a child from bits, am I a pornographer? If I create a similar image of a murder, am I a murderer? Would this logic make everything Hollywood does a crime?
http://yro.slashdot.org/article.pl?sid=08/06/06/1239222&from=rss
Graphics Advances Make Identifying Real Images Difficult
Posted by timothy on Friday June 06, @09:06AM from the click-here-to-convict-your-enemy dept. The Courts Government Graphics
destinyland writes
"The FBI's geeks admitted they were nervous over computer-generated images at a recent forensics conference. In court they're now arguing that a jury 'can tell' if an image is real or computer-generated — which marks the current boundary between legal and illegal. But reporter Debbie Nathan argues that that distinction is getting fuzzy, and that geeks will inevitably make it obsolete."
Note: some of the linked (computer-generated) images may be disturbing.
[Related article from the comments:
http://www.sciam.com/article.cfm?id=digital-image-forensics
June, 2008
Digital Forensics: How Experts Uncover Doctored Images
So what if the first trials didn't go so well – we'll just tweek it a bit and keep on trying.
http://www.pogowasright.org/article.php?story=20080605165308858
Leaked Report: ISP Secretly Added Spy Code To Web Sessions, Crashing Browsers
Thursday, June 05 2008 @ 04:53 PM EDT Contributed by: PrivacyNews News Section: Internet & Computers
An internal British Telecom report on a secret trial of an ISP eavesdropping and advertising technology found that the system crashed some unsuspecting users' browsers, and a small percentage of the 18,000 broadband customers under surveillance believed they'd been infected with adware.
The January 2007 report (.pdf) -- published Thursday by the whistle blowing site Wikileaks -- demonstrates the hazards broadband customers face when an ISP tampers with raw internet traffic for its own profit. The leak comes just weeks after U.S. broadband provider Charter Communications told users it would be testing a technology similar to what's described in the BT document.
Source - Threat Level blog
As you would expect, this didn't take long...
http://www.pogowasright.org/article.php?story=20080605164124964
UK: Call to prosecute BT for ad trial
Thursday, June 05 2008 @ 04:41 PM EDT Contributed by: PrivacyNews News Section: Non-U.S. News
BT should face prosecution for its "illegal" trials of a controversial ad-serving technology, a leading computer security researcher has said.
Dr Richard Clayton at the University of Cambridge made his comments after reviewing a leaked BT internal report.
The document reveals details of a 2006 BT trial with the Phorm system, which matches adverts to users' web habits.
"It's against the law of the land, we must now expect to see a prosecution," he told BBC News.
Source - BBC
Is this a “Get out of jury duty free” card?
Do geeks make good jurors in tech cases? Not always
Federal judge says too much knowledge can be a dangerous thing for a jury
By Robert McMillan, IDG News Service June 06, 2008
I'm going to predict that electronic voting will make Florida's “hanging chad” debacle seem trivial. (Later I'll predict the opposite – one way or the other I'll look brilliant!) What happens to the people who buy these machines? Are they political appointees who keep their job until they are five years dead or can we fire (and prosecute) them?
http://techdirt.com/articles/20080602/1850121296.shtml
ES&S E-Voting Machines Gave Votes To A Totally Different Election
from the i'd-say-that's-a-whoops dept
You may recall last year that when we had a series of posts about the fact that e-voting companies refused to let independent security experts review their machines, we had a representative from e-voting firm ES&S show up in the comments and repeatedly berate us for not knowing what we were talking about. That individual insisted that the machines were perfectly well tested. He also insisted that elections using e-voting machines were "extremely scrutinized and very reliable." Of course, we haven't heard from that individual lately -- not since an independent review of ES&S's machines found that security was seriously lacking leading various states to quickly decertify many ES&S machines. Oops.
Reader Jose Luis Campanello writes in to point out a story we missed from last week, about how some ES&S machines used in a state primary in Arkansas didn't just screw up counting the votes, it assigned votes to a totally different election -- and those "lost" votes changed the result of the election. No one seems to have any idea how this is even possible, let alone how it happened. Somehow, I get the feeling that no representatives from ES&S will show up this time to tell us how their machines are perfectly reliable and don't need any kind of independent review. Luckily, in this case there was a voter-verified paper trail (which some insist are a bad thing), which allowed election officials to backtrack and figure out what had happened and correct the mistake. Without the paper trail, there would have been no way to have even realized this mistake happened.
Related? At least another example where testing seems to be inadequate. Will the software vendor reimburse the power company for the additional cost incurred? (Might be an interesting contract clause to ensure more care in testing.) This reads like control is so bad the plant should be shut down until competent management can be found!
http://www.washingtonpost.com/wp-dyn/content/article/2008/06/05/AR2008060501958.html
Cyber Incident Blamed for Nuclear Power Plant Shutdown
By Brian Krebs washingtonpost.com Staff Writer Thursday, June 5, 2008; 1:46 PM
A nuclear power plant in Georgia was recently forced into an emergency shutdown for 48 hours after a software update was installed on a single computer. [Interesting that there were no redundant check. Bob]
... But she said the engineer who installed the update was not aware [Translation: 1) had no clue, 2) wasn't doing his job properly Bob] that that the software was designed to synchronize data between machines on both networks, or that a reboot in the business system computer would force a similar reset in the control system machine.
"We were investigating cyber vulnerabilities and discovered that the systems were communicating, [What other minor items did they “discover?” Bob] we just had not implemented corrective action prior to the automatic [shutdown]," Phillips said. She said plant engineers have since physically removed all network connections between the affected servers. [Suggesting they were installed in error? Bob]
Another reason why frequent backups are a good idea. (Comments are worth reading too)
http://it.slashdot.org/article.pl?sid=08/06/05/1921232&from=rss
Sneaky Blackmailing Virus That Encrypts Data
Posted by timothy on Thursday June 05, @05:57PM from the ouch-and-double-ouch dept. Security Encryption Windows Worms
BaCa writes
"Kaspersky Lab found a new variant of Gpcode which encrypts files with various extensions using an RSA encryption algorithm with a 1024-bit key. After Gpcode.ak encrypts files on the victim machine, it changes the extension of these files to ._CRYPT and places a text file named !_READ_ME_!.txt in the same folder. In the text file the criminal tells the victims that the file has been encrypted and offers to sell them a decryptor. Is this a look into the future where the majority of malware will function based on extortion?"
Legal Hacking? Could this study be a defense against the RIAA? Certainly it should make a judge question the accuracy of their complaints.
http://tech.slashdot.org/article.pl?sid=08/06/05/1723225&from=rss
How To Frame a Printer For Copyright Infringement
Posted by timothy on Thursday June 05, @02:34PM from the point-the-finger-point-it-well dept. The Internet The Courts
An anonymous reader writes
"Have you ever wondered what it takes to get 'caught' for copyright infringement on the Internet? Surprisingly, actual infringement is not required. The New York Times reports that researchers from the computer science department at the University of Washington have just released a study that examines how enforcement agencies monitor P2P networks and what it takes to receive a complaint today. Without downloading or sharing a single file, their study attracted more than 400 copyright infringement complaints. Even more disturbing is their discovery that illegal P2P participation can be easily spoofed; the researchers managed to frame innocent desktop machines and even several university printers, all of which received bogus complaints."
Hacking the cube
http://science.slashdot.org/article.pl?sid=08/06/05/2054249&from=rss
Rubik's Cube Algorithm Cut Again, Down to 23 Moves
Posted by timothy on Thursday June 05, @07:08PM from the at-this-rate-one-will-soon-be-enough dept. Math Puzzle Games (Games) Games
Bryan writes
"The number of moves necessary to solve an arbitrary Rubik's cube configuration has been cut down to 23 moves, according to an update on Tomas Rokicki's homepage (and here). As reported in March, Rokicki developed a very efficient strategy for studying cube solvability, which he used it to show that 25 moves are sufficient to solve any (solvable) Rubik's cube. Since then, he's upgraded from 8GB of memory and a Q6600 CPU, to the supercomputers at Sony Pictures Imageworks (his latest result was produced during idle-time between productions). Combined with with some of Rokicki's earlier work, this new result implies that for any arbitrary cube configuration, a solution exists in either 21, 22, or 23 moves. This is in agreement with informal group-theoretic arguments (see Hofstadter 1996, ch. 14) suggesting that the necessary and sufficient number of moves should be in the low 20s. From the producers of Spiderman 3 and Surf's Up, we bring you: 2 steps closer to God's Algorithm!"
Hacking toys..
http://games.slashdot.org/article.pl?sid=08/06/06/0115219&from=rss
How to Turn a PlayStation 3 Into a Linux PC
Posted by timothy on Thursday June 05, @11:58PM from the sleek-box-of-ubuntu dept. Operating Systems PlayStation (Games) Upgrades Games Hardware Linux
MahariBalzitch writes
"Popular Mechanics shows step by step guide on how to install Ubuntu Linux on a PlayStation 3 and still keep the PS3 gaming functionality. Now I just need to get my hands on a PS3."
Not bad specs for the price, either, since Blu-Ray players still aren't cheap. And though the article calls the procedure "somewhat complicated," it's a lot simpler than was installing Linux from floppies not so many years ago.
Hacking the magazine stand. (There were several variations of this article, this seems to be the easiest to follow...)
http://probargainhunter.com/2008/05/30/read-popular-magazines-on-your-pc-for-free/
Read popular magazines on your PC for free
Published May 30th, 2008 in Money Saving Tips.
Amit Agarwal at Digital Inspiration shares a very simple hack that allows you to read a few popular magazines for free in digital format. The titles include Popular Mechanics, US News, Car and Driver, Macworld, Readers Digest, Penthouse, Playboy and a few more names.
The hack is based on the fact that Zinio Labs allows iPhone owners to browse these magazines for free from their phones. The ordinary folks without iPhone can enjoy the same privilege if they convince Zinio they are using the phone. How is that possible? In fact pretty simple. Switch the browser user agent settings and make Zinio web server think you are running a different browser brand/version than it really is, a trick very similar to referrer spoofing used for free access to the WSJ.
No comments:
Post a Comment