http://breachblog.com/2008/11/17/pccf.aspx?ref=rss
Inmate allegedly obtains personal information about prison workers
Date Reported: 11/06/08 Organization: Plymouth County (MA)
"BOSTON (WBZ) - A former inmate of the Plymouth County Correctional Facility is accused of hacking into a prison computer and distributing personal information of workers to other inmates."
... The Indictment alleges that while JANOSKO was an inmate at the Plymouth County Correctional Facility in Plymouth County, Massachusetts, the prison provided inmates a computer so they could research legal matters. [Evan] I suppose they (inmates) have the "right" to such things.
To maintain computer and prison security, the prison attempted to restrict the inmates’ access to legal research and nothing else. [Evan] It baffles me.
As configured, the computer prevented inmates from accessing the Internet, e-mail, other computers on the prison's networks, or even other computer programs on the legal research computer. [...at least, that's what they intended... Bob]
The Indictment further alleges that despite these restrictions, JANOSKO figured out how to use the legal research computer for purposes other than legal research, by several methods including exploiting a previously-unknown idiosyncrasy in the legal research software. [Evan] "idiosyncrasy" = "bug".
Using a thin client that was connected to a prison server, the prisoner was able to access an employee database by exploiting a bug in legal research software made available to inmates.
A Willie Sutton crime (go where the money is) or practicing a tactic of CyberWar (destroy the morale of the troops)
http://www.pogowasright.org/article.php?story=20081117193659364
ID theft cases surging among Americans in U.K. (follow-up)
Monday, November 17 2008 @ 07:36 PM EST Contributed by: PrivacyNews
RAF MILDENHALL, England — The number of U.S. military members in England who have had their identity stolen this year continues to rise, the Air Force said last week.
And even though some bases released the number of ID theft cases earlier this year, Air Force Office of Special Investigations officials would not say last week how many cases have occurred since then, citing the ongoing nature of the investigation.
Source - Stars and Stripes
Note to academics: Read the Entire F***ing Manual
http://www.pogowasright.org/article.php?story=20081117124201499
Jp: Student data slip out via Google Maps
Monday, November 17 2008 @ 12:42 PM EST Contributed by: PrivacyNews
Personal information on about 980 students from 37 schools has been mistakenly disclosed to the public by teachers using the Google Maps Web site, according to a Yomiuri Shimbun study.
Primary, middle and high school teachers using the site to locate their students' homes easily and for other record-keeping purposes have been inputting the names, addresses and other pieces of personal information of students on the free online map search site. In some cases, however, they have mistakenly made the information accessible to the general public.
Source - Daily Yomiuri Online
[From the article:
The Yomiuri study also found that some of the data in question has remained in the public domain even after teachers tried to delete it.
... The public disclosure problem stems from Google Maps' default settings. Users of the service tend to assume that information entered is available only to themselves as the site promotes itself as an exclusive map for individual users. But the default setting allows access to all Internet users and this remains the case as long as the user does not change the setting to limited access.
See what fun you can have when you do read the manual?
http://www.pogowasright.org/article.php?story=20081117172527241
KY: Student charged with hacking, blackmail scheme
Monday, November 17 2008 @ 05:25 PM EST Contributed by: PrivacyNews
A University of the Cumberlands student is accused of hacking into other students' accounts and using the information to blackmail them.
Sungkook Kim, 23, is charged with identity theft and unlawful access to a computer, according to a press release from the Kentucky Attorney General's office. The office's cybercrime unit conducted a joint investigation with Williamsburg police.
Source - Kentucky.com
Related - Attorney General Conway Announces Cybercrimes Arrest On Kentucky College Campus Press Release
[From the article:
Investigators said Kim pirated another person's wireless router to send the threatening e-mails and that he had installed spyware on college library computers to capture logon IDs and passwords for students and faculty, according to the attorney general's statement.
Related Perhaps I should download a few of the dozens of free keyloggers before the FTC wakes up?
http://www.pogowasright.org/article.php?story=20081117173529229
FTC Takes Aim at "Stalker Spyware" Company
Monday, November 17 2008 @ 05:35 PM EST Contributed by: PrivacyNews
Acting on a request from the Federal Trade Commission, a U.S. District Court has temporarily halted the sale of "stalker spyware," pending a decision on whether these products engage in unfair and deceptive practices by enabling and encouraging privacy invasion. Keylogger programs are often sold as "stalker spyware" and describe in detail how to spy on others without being detected, according to the FTC complaint. CDT applauds the hard work of the Electronic Privacy Information Center, which first brought a petition to the FTC to stop these deceptive, privacy invasive technologies
Source - CDT.org Related - FTC Notice on Court Action
[From the article:
According to papers filed with the court, the defendants provided RemoteSpy clients with detailed instructions explaining how to disguise the spyware as an innocuous file, such as a photo, attached to an email. When consumer victims clicked on the disguised file, the keylogger spyware silently installed in the background without the victims’ knowledge. This spyware recorded every keystroke typed on the victim’s computer (including passwords); captured images of the computer screen; and recorded Web sites visited. To access the information gathered and organized by the spyware, RemoteSpy clients would log into a Web site maintained by the defendants.
Provacy Statistics
http://www.pogowasright.org/article.php?story=20081117091331827
Ca: 1.7 Million Canadians Are Victims of Identity Fraud
Monday, November 17 2008 @ 09:13 AM EST Contributed by: PrivacyNews
Nearly 1.7 million Canadian consumers were victims of identity fraud in the past year, according to a new national survey conducted by researchers at the DeGroote School of Business at McMaster University.
These victims spent more than 20 million hours and more than $150 million of their own money to resolve the fraud.
Source - Newswise Press Release
Not all markets are down...
http://www.pogowasright.org/article.php?story=20081117173023649
UK identities sold for £80 online
Monday, November 17 2008 @ 05:30 PM EST Contributed by: PrivacyNews
Internet fraudsters sell complete financial identities for just £80, according to an online safety group.
The details packaged and sold online include names, addresses, passport numbers and confidential financial data such as credit card numbers.
With six out of 10 people now managing finances online, experts say the public needs to do more to prevent e-crime.
Source - BBC Thanks to Brian Honan for the link.
[From the article:
The safety group estimates that nearly half of all computer users in the UK are vulnerable because they are not using defensive measures such as a firewall, or up-to-date software which can identity malicious programs.
New players?
http://www.washingtonpost.com/wp-dyn/content/article/2008/11/16/AR2008111601624_pf.html
A New Voice in Online Privacy
Group Wants Tighter Rules for Collecting, Using Consumer Data
By Kim Hart Washington Post Staff Writer Monday, November 17, 2008; A06
A group of privacy scholars, lawyers and corporate officials are launching an advocacy group today designed to help shape standards around how companies collect, store and use consumer data for business and advertising.
The group, the Future of Privacy Forum, will be led by Jules Polonetsky, who until this month was in charge of AOL's privacy policy, and Chris Wolf, a privacy lawyer for law firm Proskauer Rose. They say the organization, which is sponsored by AT&T, aims to develop ways to give consumers more control over how personal information is used for behavioral-targeted advertising.
... President-elect Barack Obama has cited privacy as one of the technology issues his administration would address, setting the stage for a debate over standards for online publishers and advertisers. Obama also said he would appoint the first chief technology officer, who may be charged with making government data more transparent while protecting citizens' privacy. The Future of Privacy Forum will seek to work with the government on these issues.
I'd say that was a good indication that the law went too far...
http://www.pogowasright.org/article.php?story=20081118065044637
De: Police Unions Join Politicians in Opposition to German Spy Law
Tuesday, November 18 2008 @ 06:50 AM EST Contributed by: PrivacyNews
A law expanding the spying abilities of Germany's federal police has been criticized by police unions. They say the proposed law's aggressive online evidence-gathering measures are ill-conceived and open to abuse.
Source - dw-world.de
This is rather scary... Will ISPs be next?
http://www.pogowasright.org/article.php?story=20081118063703136
RIAA Wins, Campuses Lose as Tennessee Governor Signs Campus Network Filtering Law
Tuesday, November 18 2008 @ 06:37 AM EST Contributed by: PrivacyNews
Last week, the RIAA celebrated the signing of a ridiculous new law in Tennessee that says:
Each public and private institution of higher education in the state that has student residential computer networks shall:
[...]
[R]easonably attempt to prevent the infringement of copyrighted works over the institution's computer and network resources, if such institution receives fifty (50) or more legally valid notices of infringement as prescribed by the Digital Millennium Copyright Act of 1998 within the preceding year.
Source - EFF
Q: Are we Big Brother-izing politics? A: Don't be silly. We have always known more about you second class citizens than you will ever know about us.
http://www.pogowasright.org/article.php?story=2008111719383420
Barack Obama's Privacy Challenge
Monday, November 17 2008 @ 07:38 PM EST Contributed by: PrivacyNews
... While both Democrats and Republicans used databases to profile and target voters to get out the vote, it's the Democrats who have historically been big privacy advocates, [Advocacy is not belief Bob] but who during this election cycle profited politically from the sophisticated integration of all the data contained in state level voter files, commercial databases, and from canvassing information that was also added by millions of volunteers.
All that data collected during the 2008 campaign now sits in databases controlled by the Obama campaign and the Democratic National Committee, in addition to third-party vendors such as Catalist.
Source - Threat Level
If the police find the chained, beaten but still breathing body of a Spammer on their doorstep – with a signed confession stapled to his forehead – should they ignore it?
http://it.slashdot.org/article.pl?sid=08/11/17/2053220&from=rss
McColo Takedown, Vigilantes Or Neighborhood Watch?
Posted by CmdrTaco on Monday November 17, @05:49PM from the where's-batman-when-you-need-him dept. Security The Internet
CWmike writes
"Few tears were shed when alleged spam and malware purveyor McColo was suddenly taken offline last Tuesday by its upstream service providers. But behind the scenes of the McColo case and another recent takedown of Intercage, a ferocious struggle is taking place between the purveyors of Web-based malware and loosely aligned but highly committed groups of security researchers who are out to neutralize them. Backers claim that the effort to shut down miscreant ISPs is needed because of the inability of law enforcement agencies to deal with a problem that is global in nature. But some question whether there is a hint of vigilantism behind the takedowns — even as they acknowledge that there may not be any other viable options for dealing with the problem at this point."
Think of this as an example of the “to outsource or not to outsource” test.
http://news.slashdot.org/article.pl?sid=08/11/18/023224&from=rss
It's Official, Australia Needs a Space Agency
Posted by kdawson on Tuesday November 18, @05:32AM from the bird-on-the-barbie dept. Government Space
Dante_J writes
"In the final report published by the Australian Senate inquiry into 'The Current State of Australia's Space Science & Industry Sector' entitled 'Lost in Space? Setting a new direction for Australia's space science and industry sector,' it calls for the formation of a 'Space Industry Advisory Council' to oversee the creation of a fully-fledged Australian Space Agency. Of the top 20 GDP nations, Australia is the only one without a Space Agency, which impacts on many aspects of ordinary life, not to mention Research and Engineering endeavors. Every satellite operated by Australia is owned by another party and the costs of this alone are comparable to that of a Space Agency. The report is a tidy piece that drew upon submissions form Andy Thomas, and an impressive collection of Australian Academics and Space Science entities frustrated by successive generations of government apathy. While this report is welcome, lethargic Government action in a climate of competing concerns is not expected to stem the flow of Space Science brain drain out of Australia any time soon."
Backups are good.
http://www.killerstartups.com/Web-App-Tools/gmail-backup-com-play-it-safe
GMail-Backup.com - Play It Safe
As its name unequivocally implies, GMail Backup is a tool that will let you rest assured all the vital communications that are stored online at your GMail account won’t be lost accidentally.
All major operating systems are taken into account, and those who use PCs, Macs and Linux are catered for.
This solution is actually provided free of charge, and you can download the latest version at the website. Alternative download sites are also listed just in case, but bear in mind that not all of them feature the latest version for download.
For your Security Manager (PowerPoint, but worth looking at just for the images and links)
http://bhconsulting.ie/securitywatch/?p=498
Incident Response Presentation Available Online
October 31st, 2008 | by Brian Honan |
My presentation on improving incident response to the Irish Computer Society’s Privacy Forum is now online.
Changes to Security theater (only seven years in the making!)
http://blog.wired.com/27bstroke6/2008/11/chertoff-were-c.html
Chertoff: We're Closing that Boarding-Pass Loophole
By Ryan Singel November 17, 2008 1:57:11 PM
There’s a hole in airline security big enough to get Osama bin Laden himself onto a domestic flight, Homeland Security chief Michael Chertoff acknowledges, but that’s no reason to ditch watch lists or ID checks at the airport, he says.
Chertoff told Threat Level in an interview last week that the government was aware of, and patching, the so-called boarding-pass loophole, which just came back into the public eye after a recent Atlantic magazine story where a reporter got though security using a fake boarding pass.
That loophole lets a known terrorist who is on a government watch list board a plane without needing a fake ID. All that’s needed is a home computer, a printer and a little skill at HTML.
Forensics
http://yro.slashdot.org/article.pl?sid=08/11/17/2218209&from=rss
Feds Can Locate Cell Phones Without Telcos
Posted by kdawson on Monday November 17, @06:31PM from the marco-polo-if-you-can dept.
schwit1 sends along an Ars Technica report covering the release of documents obtained under the FOIA suggesting that the Justice Department may have been evading privacy laws in their use of "triggerfish" technology. Triggerfish are cell-tower spoofing devices that induce cell phones to give up their location and other identifying information, without recourse to any cell carrier.
"Courts in recent years have been raising the evidentiary bar law enforcement agents must meet in order to obtain historical cell phone records that reveal information about a target's location. But documents obtained by civil liberties groups under a Freedom of Information Act request suggest that 'triggerfish' technology can be used to pinpoint cell phones without involving cell phone providers at all. The Justice Department's electronic surveillance manual explicitly suggests that triggerfish may be used to avoid restrictions in statutes like CALEA that bar the use of pen register or trap-and-trace devices..." [After all, if we called the suspect and he told us where he was, that would be admissable. What's different about calling his phone for the same information? Bob]
The article does mention that the Patriot Act contains language that should require a court order to deploy triggerfish, whereas prior to 2001 "the statutory language governing pen register or trap-and-trace orders did not appear to cover location tracking technology."
Forensics
http://yro.slashdot.org/article.pl?sid=08/11/18/0115242&from=rss
Digital Photos Give Away a Camera's Make and Model
Posted by kdawson on Monday November 17, @09:57PM from the nobody-saw-me-you-can't-prove-anything dept. Privacy
holy_calamity writes
"Engineers at Polytechnic University Brooklyn have discovered that digital snaps shorn of any metadata still reveal the make and model of camera used to take them. It is possible to work backwards from the relationships of neighboring pixel values in a shot to identify the model-specific demosaicing algorithm that combines red, green, and blue pixels on the sensor into color image pixels. Forensics teams are already licking their chops."
For my website students (to go with all those free videos, pictures and sounds)
http://www.killerstartups.com/Web20/superarticlez-com-articles-for-blogs-and-ezines
SuperArticlez.com - Articles For Blogs And Ezines
Are you looking for contents and materials for inclusion in your existing blog or online publication? If that is ever the case, a visit to the suitably-titled Super Articlez website might just be what you need. Generally speaking, this web-based endeavor collects together contents ranging far and wide - from articles dealing with health and home improvement to pieces covering the world of computers and online business. These have been submitted by members of the online community for the consideration of other internauts.
The main page presents the different articles under the relevant headings, whereas the latest additions to this online collection are spotlighted for browsing convenience. Moreover, whenever an article is displayed a list of similar posts is featured at the bottom of the page. Further navigation tools include a tag cloud and a search engine.
A site like this is perfect for those who are either low on inspiration or short of time to come up with interesting contents themselves, not to mention being a superb outlet for aspiring writers who want to establish an online presence. Consider paying it a visit should you fall into either category.
Is this enough to provoke a response?
http://edition.cnn.com/2008/WORLD/africa/11/17/kenya.tanker.pirates/?iref=hpmostpop
Pirates hijack Saudi 'super tanker'
(CNN) -- Pirates inhave hijacked a Saudi-owned oil tanker with 25 crew aboard off the coast of Kenya the U.S. Navy and the British Foreign Office confirmed on Monday..
The Sirius Star -- a crude "super tanker" flagged in Liberia and owned by the Saudi Arabian-based Saudi Aramco company -- was attacked on Saturday more than 450 nautical miles southeast of Mombasa, Kenya, the statement said. The crew include British, Croatian, Polish, Filippino and Saudi nationals.
No comments:
Post a Comment