Thursday, October 16, 2008

This is an interesting idea... Sort of like government sponsored flu shots...

http://www.pogowasright.org/article.php?story=20081015184633561

UK: Police fund tracking software for at-risk laptops

Wednesday, October 15 2008 @ 06:46 PM EDT Contributed by: PrivacyNews

Nottinghamshire Police has begun providing funds for people who live in burglary hotspots to install theft-recovery software on their laptops.

The police force is paying for licences for Absolute Software's ComputraceOne, which connects the company's monitoring centre to a machine every 24 hours, and every 15 minutes if it is reported stolen.

Source - ZDnet Thanks to Brian Honan for this link.

[From the article:

Absolute Software said that, even if a thief tries to wipe the system, the application self heals and allows the tracking process to continue. It is loaded on the hard drive of a computer, while support for the ComputraceOne agent is embedded in the Bios. [Think: Rootkit! Bob] If the hard drive is reformatted or replaced, the ComputraceOne agent support in the Bios rebuilds the necessary application files on the hard drive as required by the customer.

Other police forces, including West Midlands Police, have used the software and have been able to return several laptops.



Legal reasoning? Perhaps something was lost in translation.

http://it.slashdot.org/article.pl?sid=08/10/16/0311217&from=rss

UK Court Rejects Encryption Key Disclosure Defense

Posted by samzenpus on Thursday October 16, @03:59AM from the do-not-pass-go dept. Security

truthsearch writes

"Defendants can't deny police an encryption key because of fears the data it unlocks will incriminate them, a British appeals court has ruled. The case marked an interesting challenge to the UK's Regulation of Investigatory Powers Act (RIPA), which in part compels someone served under the act to divulge an encryption key used to scramble data on a PC's hard drive. The appeals court heard a case in which two suspects refused to give up encryption keys, arguing that disclosure was incompatible with the privilege against self incrimination. In its ruling, the appeals court said an encryption key is no different than a physical key and exists separately from a person's will."

[From the article:

The contents may or may not be incriminating: the key is neutral."



Is this a model for future laws? I don't think so, but I've only skimmed it. My guess is they only beat California because of TJX.

http://www.bespacific.com/mt/archives/019562.html

October 15, 2008

Massachusetts Issues Comprehensive ID Theft Prevention Regulations & Executive Order

News release: "In keeping with the Patrick Administration’s commitment to protecting consumers, the Office of Consumer Affairs and Business Regulation (OCABR) last Friday issued a comprehensive set of final regulations establishing standards for how businesses protect and store consumers’ personal information. Additionally, Governor Patrick has signed an executive order requiring all state agencies to immediately take steps to implement security measures consistent with the requirements established by OCABR's regulations for private companies. The order calls for the adoption of uniform standards across government that protect the integrity of personal information and further the objectives of the identity theft prevention law."



In order to protect you from those who would invade your privacy, we need to invade your privacy, because only by acting like terrorists can we stop terrorists. (“In order to liberate the village, we had to destroy it.”)

http://yro.slashdot.org/article.pl?sid=08/10/15/2222209&from=rss

Every Email In UK To Be Monitored

Posted by samzenpus on Thursday October 16, @12:08AM from the what-are-you-writing dept. Privacy Government

ericcantona writes

"The Communications Data Bill (2008) will lead to the creation of a single, centralized database containing records of all e-mails sent, websites visited and mobile phones used by UK citizens. In a carnivore-on-steroids programme, as all vestiges of communication privacy are stripped away, The BBC reports that Home Secretary Jacqui Smith says this is a 'necessity'."



Canada's Privacy Commissioner seems to take privacy seriously. Would that the UK listened to their colonies – they might still have some.

http://www.pogowasright.org/article.php?story=20081016035411861

Ca: Consultation on Covert Video Surveillance Draft Guidance Document

Thursday, October 16 2008 @ 03:54 AM EDT Contributed by: PrivacyNews

The Privacy Commissioner of Canada has prepared a draft guidance document that sets out good practice rules for private sector organizations that are either contemplating or using covert video surveillance.

Through our experience in investigating complaints about covert video surveillance under the Personal Information Protection and Electronic Documents Act (PIPEDA), we have identified a need to educate organizations on the obligation to ensure that covert video surveillance is conducted in the most privacy sensitive way possible. Although the use of covert video surveillance may be appropriate in some circumstances, we view the technology as being inherently intrusive.

Source - Office of the Privacy Commissioner of Canada



Geek stuff...

http://www.schneier.com/blog/archives/2008/10/how_to_write_in.html

October 16, 2008

How to Write Injection-Proof SQL

It's about time someone wrote this paper:

ABSTRACT

Googling for "SQL injection" gets about 4 million hits. The topic excites interest and superstitious fear. This whitepaper dymystifies the topic and explains a straightforward approach to writing database PL/SQL programs that provably guarantees their immunity to SQL injection.

Only when a PL/SQL subprogram executes SQL that it creates at run time is there a risk of SQL injection; and you'll see that it's easier than you might think to freeze the SQL at PL/SQL compile time. Then you'll understand that you need the rules which prevent the risk only for the rare scenarios that do require run-time-created SQL. It turns out that these rules are simple to state and easy to follow.



I'd gloat about this, but my blog provides ample evidence that in my case, it didn't work.

http://science.slashdot.org/article.pl?sid=08/10/16/0319218&from=rss

Internet Use Can Be Good For the Brain

Posted by samzenpus on Thursday October 16, @07:57AM from the wasting-time-not-your-brain dept. The Internet Science

ddelmonte writes

"This Washington Post article examines a test conducted at UCLA. The test had two groups, young people who used the Internet, and older people who had never been online. Both groups were asked to do Internet searches and book reading tasks while their brain activity was monitored. "We found that in reading the book task, the visual cortex — the part of the brain that controls reading and language — was activated," Small said. "In doing the Internet search task, there was much greater activity, but only in the Internet-savvy group." [Perhaps older folk think of the Internet as a book? Bob] He said it appears that people who are familiar with the Internet can engage in a much deeper level of brain activity. "There is something about Internet searching where we can gauge it to a level that we find challenging," Small said. In the aging brain, atrophy and reduced cell activity can take a toll on cognitive function. Activities that keep the brain engaged can preserve brain health and thinking ability. Small thinks learning to do Internet searches may be one of those activities."



Dilbert on Computer Crime... Sorta...

http://dilbert.com/strips/comic/2008-10-16/

No comments: