Saturday, January 30, 2010

The theme of today's articles seem to be “Hacking is a growth industry” Perhaps I'll be allowed to be a bit more “adventurous” in my Security classes?


Hacking to increase revenue. It's not reverse engineering. It's alternative engineering. No problem with patents or copyrights.

http://yro.slashdot.org/story/10/01/30/0222246/Google-Deducing-Wireless-Location-Data?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Google Deducing Wireless Location Data

Posted by timothy on Friday January 29, @11:21PM from the peekaboo-the-van-sees-you dept.

bizwriter writes

"When it comes to knowing where wireless users are, the carriers have had a lock on the data. But a patent application shows that Google is trying to deduce the information based on packet headers and estimated transmission rates. This would let it walk right around carriers and become another source of location data to advertisers."


(Related) One must weigh this reward against the price + percentage offered by those on the “Dark Side”

http://it.slashdot.org/story/10/01/29/171208/Google-To-Pay-500-For-Bugs-Found-In-Chromium?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Google To Pay $500 For Bugs Found In Chromium

Posted by ScuttleMonkey on Friday January 29, @03:41PM from the rewards-for-being-1337 dept.

Trailrunner7 writes to mention that a new program from Google could pay security researchers $500 for every security bug found in Chromium. Of course if you find a particularly clever bug you could be eligible for a $1337 reward.

"Today, we are introducing an experimental new incentive for external researchers to participate. We will be rewarding select interesting and original vulnerabilities reported to us by the security research community. For existing contributors to Chromium security — who would likely continue to contribute regardless — this may be seen as a token of our appreciation. In addition, we are hoping that the introduction of this program will encourage new individuals to participate in Chromium security. The more people involved in scrutinizing Chromium's code and behavior, the more secure our millions of users will be. Such a concept is not new; we'd like to give serious kudos to the folks at Mozilla for their long-running and successful vulnerability reward program."


(Related) This is a big reason why hacker succeed and a strong recommendation for open source software. It does not compromise you “brand” to share Best Practices.

http://www.newscientist.com/article/mg20527455.400-benevolent-hackers-poke-holes-in-ebanking.html?full=true

Benevolent hackers poke holes in e-banking

29 January 2010 by Jim Giles

ONLINE banking fraud doesn't just affect the naive. Last year, Robert Mueller, a director at the US Federal Bureau of Investigation, admitted he'd come within a mouse-click of being a victim himself. Now the extent of the problem has been brought into sharp relief, with computer scientists warning that banking culture is increasing the likelihood that customers are using vulnerable systems.

… Banking websites and payment systems are relentlessly targeted by criminals, though, so continuous improvements in security are needed to prevent fraud. But as was revealed at this week's Financial Cryptography and Data Security conference in Tenerife in the Canary Islands, some of the best-known security systems can still be compromised relatively easily.

All too often, banks' security systems are developed in secret, so their flaws are only identified when they are deployed, says Steven Murdoch, a security researcher at the University of Cambridge.

Weaknesses in three widely used financial security systems highlight the extent of the problem.


(Related)

http://news.cnet.com/8301-27080_3-10444474-245.html?part=rss&subj=news&tag=2547-1_3-0-20

Bank of America Web site goes down Friday

by Elinor Mills January 29, 2010 1:25 PM PST


(Related) I should probably pay more attention to the market, but have no need to BUY accounts...

http://www.databreaches.net/?p=9684

A hacked Twitter account may cost as much as $1,000

January 29, 2010 by admin Filed under Uncategorized

Researchers at Kaspersky Lab report that hacked accounts of Twitter and other services are being sold online for hundreds of dollars.

Big revenues made on stolen data make hacking programs and viruses very popular among cyber criminals. According to Kaspersky Researcher Dmitry Bestuzhev there were Gmail accounts for sale on Russian hacker forums, (asking price 2,500 roubles, or $82) RapidShare accounts going for $5 per month, as well as Skype, instant messaging and Facebook credentials on the underground forums.

Read more on eCommerce Journal.

[From the article:

Compare that to an MSN account, which Bestuzhev has seen priced at €1 ($1.40).



Cyber War: Who is going to fight it? (Also a “hacker story”)

http://www.bespacific.com/mt/archives/023378.html

January 29, 2010

Navy Establishes U.S. Fleet Cyber Command at Fort Meade, MD

OPNAV NOTICE 5400, January 11, 2010: "Action will establish U. S. Fleet Cyber Command as an echelon II command to serve as the Navy Component Commander to United States Cyber Command upon its establishment. Interim reporting will be to United States Strategic Command. Command will provide for operational employment of the Navy's cyber, network operations, information operations, cryptologic and space forces, and serve as the Navy's Service Cryptologic Component Commander to the National Security Agency. U.S. Tenth Fleet. will be re-commissioned to control operations supporting U. S. Fleet Cyber Command.

  • Mission: To direct Navy cyberspace operations globally to deter and defeat aggression and to ensure freedom of action achieve military objectives in and through cyberspace; to organize and direct Navy cryptologic operations worldwide and support information operations (IO) and space planning and operations, as directed; to execute cyber missions as directed by USCYBERCOM; to direct, operate, maintain, secure and defend the Navy's portion of the Global Information Grid (GIG); to deliver integrated cyber, 10, cryptologic and space capabilities; to deliver global Navy cyber network common operational picture; and to develop, coordinate and assess Navy cyber operational requirements."


(Related)

http://www.pogowasright.org/?p=7410

UK: Home Office spawns new unit to expand internet surveillance

January 30, 2010 by Dissent Filed under Internet, Non-U.S., Surveillance

Chris Williams reports:

The Home Office has created a new unit to oversee a massive increase in surveillance of the internet, The Register has learned, quashing suggestions the plans are on hold until after the election.

The new Communications Capabilities Directorate (CCD) has been created as a structure to implement the £2bn Interception Modernisation Programme (IMP), sources said.

The CCD is staffed by the same officials who have have been working on IMP since 2007, but it establishes the project on a more formal basis in the Home Office. It is not yet included on the Home Office’s list of directorates.

Read more in The Register.

[More...]



First, this may not be a breach. Second, politicians are immune from the laws us second class citizens must obey. I'm not aware of a breach notice, so perhaps Notre Dame gave him access to this data?

http://www.pogowasright.org/?p=7427

Illinois Republican gubernatorial candidate Andy McKenna’s campaign “pilfered” NDU alumni info – alumnus

January 30, 2010 by Dissent Filed under Breaches, Featured Headlines, U.S.

A Notre Dame University alumnus, Gary Caruso, has taken to the Web to question how Notre Dame University Alumni Association records were obtained by Illinois Republican Gubernatorial candidate Andy McKenna’s campaign.

According to Caruso, McKenna is an alumnus of NDU and those alumni who were in his class have found themselves on the receiving end of campaign mailings that used email addresses and/or postal addresses known only to the NDU Alumni Association.

Caruso writes:

…. the inappropriate mining of Notre Dame alumni data by other Domers in support of McKenna is a breach of political ethics [There is no such thing as “political ethics” Bob] inexcusable for any Notre Dame graduate. The University officially bans the use of lists for solicitations, and institutes electronic limits on downloads to a maximum of 500 files. Unfortunately, the McKenna campaign circumvented those limitations which ultimately phished me into their digital campaign net.

Last Friday, at University President Fr. John Jenkins’ Washington, D.C., reception following the Right to Life March, I sat at length discussing the e-mail data breach with several University officials including those from our alumni association office. They emphasized their guiding principle of neutrality and privacy protections with all proprietary data collected from alumni. They further clarified the University’s policy to me and acknowledged that they are well aware of how McKenna supporters maneuvered around the firewall limitations. I left our discussion with the impression that the breach’s loophole had been closed once and for all.

As one who has tumbled within the rough world of campaigns and developed a thick political skin, the data breach initially in my mind was more of a campaign spam one-ups-man-ship until I heard complaints from others who considered the incident a breach of the University’s trust. Moreover, campaign tactics do not excuse or lessen the deleterious effect such digital maneuvering has within our alumni ranks. For many who leave their politics at the edge of campus, this is not just the phishing of alumni e-mail addresses. It is a break in the trust that they placed in their support for Notre Dame because they believe that they personally are being used as a commodity — good only until the candidacy of McKenna (or any other soliciting alumni) ends.

Caruso’s use of the words “pilfered” and “phish” may not be accurate as there has been no explanation by the NDU Alumni Association as to how this breach occurred and the alumni association has not responded to a request for an explanation as to how this breach occurred.



Ooh! Ooh! I can assign blame. Ask me! Ask me! Let's start with whoever failed to write a breach policy. Then let's add whoever failed to establish a central point of contact. In fact, the easy way to assign blame is to see who will be doing these things now that the “realize” they need new procedures and guidelines.

http://www.databreaches.net/?p=9701

Ca: Review finds government officials botched handling of privacy breach

January 30, 2010 by admin Filed under Breach Incidents

Rob Shaw and Lindsay Kines report:

Mistakes, missed opportunities and bureaucratic bungling led more than two dozen officials to botch the B.C. government’s response to a major privacy breach, according to a scathing internal review released yesterday.

The investigation found supervisors in four provincial ministries used poor judgment and failed to alert the right people to handle the breach.

But nobody will be fired, because the failure was so widespread across so many officials that it cannot be pinned on one person, concluded the review.

“The judgment exercised in the many decisions made as events unfolded fell short of the due diligence [so fire them all! Bob] that is expected of the public service,” said Allan Seckel, B.C.’s deputy minister to the premier and head of the public service.

The government report follows a series of Times Colonist stories last year that revealed the personal data of 1,400 income-assistance clients was found in the Victoria home of Richard Ernest Wainwright, a supervisor in the youth and special-needs office of the Ministry of Children and Family Development.



Defining the replacement for broadcast TV? I see a business model that churns out lots of really cheap content.

http://www.techcrunch.com/2010/01/30/context-is-king-how-videos-found/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29

Context is King: How Videos Are Found And Consumed Online

by Guest Author on January 30, 2010

… Let’s examine 8 key factors behind online video consumption

Factor 1: Media is Fragmenting

According to a recent NY Times article, in the 1952-53 season, more than 30% of American households watched NBC during prime time, according to Nielsen. In fact, up until twenty years ago, you could buy a 30-second spot on CBS, NBC or ABC and reach “everyone.”

Factor 2: Deportalization is Here to Stay

As the media world becomes fragmented and consumers move online, the Web is following a similar path, known as deportalization: the move away from the dominant portals [another word for disintermediation? Bob] of old, as social networks gain huge followings and vertical niche sites gain smaller, but more loyal, followings.

Factor 3: Content is Not a Zero-Sum Game

If we return for a second to television, it’s worth noting that with the advent of cable television, as the number of channels rose, so did overall content consumption.

Factor 4: Content is King?

Indeed, to paraphrase Viacom’s Chairman Sumner Redstone: content becomes more important than distribution mechanisms; as new channels of distribution creep up, it is the content that is always going to be necessary, hence the adage “content is king”.

Factor 5: Demand for Content is Elastic, Supply of Funds is Not

The problem, as you can imagine, is that while it’s perfectly plausible for global advertising to grow, it will not grow fast enough to feed all of the mouths at the creative table.

Factor 6: Chasing Hits Has Proven Futile

Ultimately, overall consumption of media will increase but hits become less frequent and each hit will become more niche.

Factor 7: Discovery vs. Recovery

Exasperating matters is how content is actually unearthed. To borrow from John Battelle’s breakdown of search: videos are found via recovery and discovery.

Factor 8: Size Matters

According to Kaplan, a Pyramid of Content is emerging on the Web.

“Hulu is the best-known platform sitting at the top of the pyramid, in terms of hosting and distributing network content. YouTube, which has long been known for hosting great viral and one-off videos, has owned the bottom of the pyramid.”

The question remains: who will own the middle.



Strategically, they had to do it before the defendant did.

http://yro.slashdot.org/story/10/01/30/0013201/RIAA-To-Appeal-Thomas-Rasset-Ruling?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

RIAA To Appeal Thomas-Rasset Ruling

Posted by timothy on Friday January 29, @07:04PM from the you-know-they-would dept.

frank_adrian314159 writes

"The RIAA will appeal the ruling that reduced Jammie Thomas-Rasset's $1.92 million fine for file sharing to $54,000. '"It is a shame that Ms. Thomas-Rasset continues to deny any responsibility for her actions rather than accept a reasonable settlement offer and put this case behind her," said RIAA spokeswoman Cara Duckworth.' Joe Sibley, an attorney for Thomas-Rasset, said his client would not settle for the $25,000 that the RIAA has asked for. '"Jammie is not going to agree to pay any amount of money to them," Sibley said, adding that it doesn't matter to Thomas-Rasset whether the damages are $25,000 or $1.92 million.' In addition, Thomas-Rasset's attorneys say that, win or lose, they plan to appeal the constitutionality of the fine."



The very near future. For my students? Computers cheaper than a pair of sneakers?

http://linux.slashdot.org/story/10/01/30/0022239/Video-Review-of-Hivisions-100-ARM-Based-Android-Laptop?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Video Review of Hivision's $100 ARM-Based Android Laptop

Posted by timothy on Friday January 29, @08:34PM from the toward-marginal-cost dept.

Charbax writes

"The Android laptops are coming. Thanks to cheap ARM-powered laptops made in China, and the latest, most optimized Android software, we can soon buy usable $100 laptops in all the supermarkets. In this video, I test the web browsing speed on the new Rockchip rk2808 ARM9-based PWS700CA laptop by Shenzhen-based Hivision Co Ltd. Web browsing on AJAX-heavy websites is surprisingly snappy, and could only be even faster if ARM11, ARM Cortex A8 or A9 processors were used and if it was configured with slightly more than 128MB RAM. How soon will Google release the $100 Google laptop?"



Tools & Techniques Of course, you would never do this.

http://www.makeuseof.com/tag/top-3-secret-mobile-phone-tricks-fun-phone/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Makeuseof+%28MakeUseOf.com%29

Top 3 Cool Secret Mobile Phone Tricks to Have Some Fun With Your Phone

By Dean Sherwin on Jan. 29th, 2010

No comments: