Wednesday, March 24, 2010

Couldn't we at least fine them as much as they made in the deal? This sends the wrong message to my Hacking 101 students.

http://www.wired.com/threatlevel/2010/03/jethro-sentencing/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Index+3+%28Top+Stories+2%29%29

Gonzalez Accomplice Gets Probation for Selling Browser Exploit

By Kim Zetter March 23, 2010 11:50 am

A computer security professional who sold Internet Explorer exploit code to credit card hacker Albert Gonzalez was sentenced Tuesday in Boston to three years probation and a $10,000 fine.

Jeremy Jethro, 29, was paid $60,000 by Gonzalez for a zero-day exploit against Microsoft’s browser, “the purpose and function of which was to … enable the conspirators to unlawfully gain access to, and redirect, individual’s computers,” according to court records.



In 1984 (the book, not the year) Big Brother provided everyone with televisions that could look at you as you looked at them. Isn't this the same thing? (and should I tell my students?)

http://hardware.slashdot.org/story/10/03/23/1740241/Does-This-Headline-Know-Youre-Reading-It?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Does This Headline Know You're Reading It?

Posted by CmdrTaco on Tuesday March 23, @03:15PM

An anonymous reader writes

"Not yet, but it could. German artificial intelligence researchers are combining JavaScript with eye-tracking hardware to create 'text 2.0,' which 'infers user intentions.' Unimportant words also fade out while you're skimming the text, and a bookmark automatically appears if you glance away. It can pronounce the words you're reading, and reading certain words can trigger the appearance of footnotes or even translations, biographies, definitions, and sound effects or animations, almost like the truly interactive books in Neal Stephenson's The Diamond Age. 'With the help of an eye tracker, Text 2.0 follows your progress and presents effects just in time,' the researchers explain in a video. Meanwhile, DFKI has already created a free 'Processing Easy Eye Tracker plugin' (or PEEP) to manipulate windows with what they call 'gaze-controlled tab expose,' while there's speculation similar technology may be adopted by Apple. Apple has already purchased Tobii's eye-tracking hardware, and 'Whether these are for internal research only or for a future product, Apple is characteristically not saying.'"



An interesting new threat measure.

http://www.bespacific.com/mt/archives/023830.html

March 23, 2010

Cisco 2009 Annual Security Report

Cisco 2009 Annual Security Report Highlighting global security threats and trends: "The Cisco® Annual Security Report provides an overview of the combined security intelligence of the entire Cisco organization. The report encompasses threat information and trends collected between January and December 2009. It also provides a snapshot of the state of security for that period, with special attention paid to key security trends expected for 2010."



“We don't want no stinking Health Plan” Phase II I want to read it, but I only have a week left on Spring Break...

http://www.bespacific.com/mt/archives/023828.html

March 23, 2010

13 States File Complaint Against "New Universal Healthcare Regime" - VA AG Goes It Alone

23 page complaint filed today in the Northern District of Florida - Nature of Action:

  1. "On March 23, 2010, a new universal healthcare regime, titled the “Patient Protection and Affordable Care Act,” H.R. 3590 (the Act), was signed into law by the President. The Act, which exceeds 2,400 pages, is available at http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=111_cong_bills&docid=f: h3590pp.txt.pdf (accessed March 23, 2010).

  2. The Act represents an unprecedented encroachment on the liberty of individuals living in the Plaintiffs’ respective states, by mandating that all citizens and legal residents of the United States have qualifying healthcare coverage or pay a tax penalty. The Constitution nowhere authorizes the United States to mandate, either directly or under threat of penalty, that all citizens and legal residents have qualifying healthcare coverage. By imposing such a mandate, the Act exceeds the powers of the United States under Article I of the Constitution and violates the Tenth Amendment to the Constitution.

  3. VA AG filed complaint in U.S. District Court, ED VA.



Completely unrelated to the new law. Probably.

http://www.phiprivacy.net/?p=2280

Should Doctors Google Their Patients?

By Dissent, March 23, 2010 7:20 pm

Jennifer Valentino-DeVries reports:

By now, it’s well known that almost anyone you meet — from a potential employer to a prospective date — might be searching for information about you online. But would you feel strange knowing that your doctor was Googling you?

The practice appears to be widespread, according to an essay in the latest edition of the Harvard Review of Psychiatry, and it raises some thorny ethical questions for doctors, particularly those dealing with mental health.

Read more on the Wall Street Journal Digits blog.

[They introduce a new 'medical' term, “patient-targeted Googling” I like it! Bob]



Also completely unrelated. Possibly.

http://www.phiprivacy.net/?p=2276

Surgeon Posted Nude Photos, Woman Says

By Dissent, March 23, 2010 7:21 pm

Srin McAuley reports:

A woman claims her plastic surgeon posted nude photos of her on Facebook without her consent. She claims Dr. Dennis Hurwitz and the Hurwitz Center for Plastic Surgery posted Before and After photos of her from her neck to her knees, along with her name, allowing anyone who looked at the photos “to be able to immediately ascertain [her] identity.”

The woman says she did not give Dr. Hurwitz or his surgery center permission to post the photos, and that they “were obligated to implement adequate practices and security measures to prevent their unauthorized distribution.”

[...]

She says the photos were also posted onto Windows Live SkyDrive, a publicly accessible online file storage and sharing application. And she says SkyDrive has nude photos of 13 other women posted with her, in a folder attributed to Kate Jones. The photos “all appear to be taken at the Hurwitz Center,” according to the complaint.

Read more on Courthouse News, keeping in mind that a lawsuit is just one side’s allegations that have as yet to see the light of a courtroom and have not been proven. A copy of the lawsuit can be found here.

Dr. Hurwitz’s office did not respond to a request for a response to the lawsuit by the time of this publication.



...meanwhile, in the rest of the world... Would they require the signature of a newborn infant if Mom posts pictures?

http://www.pogowasright.org/?p=8519

Facebook, Google’s game of online tag draws scrutiny of European privacy watchdogs

March 24, 2010 by Dissent

Frank Jordans of the Associated Press reports:

You have been tagged in 12 photos. Even if you’re not signed up to the Web site.

European regulators are investigating whether the practice of posting photos, videos and other information about people on sites such as Facebook without their consent is a breach of privacy laws.

The Swiss and German probes go to the heart of a debate that has gained momentum in Europe amid high-profile privacy cases: To what extent are social networking platforms responsible for the content their members upload?

[...]

Swiss and German data protection commissioners are demanding that Facebook explain its practice of allowing users to upload e-mail addresses, photographs and other personal details about people who haven’t signed up to the site.

Read more in the Chicago Tribune.



Isn't a strong response obligatory in Chinese culture?

http://yro.slashdot.org/story/10/03/23/209200/China-Hits-Back-At-Google?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

China Hits Back At Google

Posted by CmdrTaco on Tuesday March 23, @05:57PM

sopssa writes

"After Google yesterday started redirecting google.cn users to their uncensored Hong Kong-tbased google.com.hk servers, the Chinese government has now hit back at Google by restricting access to Google's Hong Kong servers. 'On Tuesday mainland China users could not see uncensored Hong Kong-based content after the government either disabled certain searches or blocked links to results.' China Mobile, the largest wireless carrier in the country, has also been approached by the Chinese government to cancel a contract with Google about having google.cn on their mobile home page for search. China Unicom, the second largest carrier in China, has also either postponed or killed the launch of Android-based mobile phones in the country."


(Related) Jonathan connects the cyber attack on Google with their decision to pull out.

http://techcrunch.com/2010/03/24/zittrain-google-stands-alone/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29

Zittrain: Google Stands Alone

by Evelyn Rusli on Mar 24, 2010

Don’t expect an army of web companies to rush to Google’s defense in China v. Google. The lines are drawn but Google will stand alone, according to internet law expert and Harvard Professor Jonathan Zittrain.



One card to rule them all. The National Drivers License card and the National ID card...

Two! Two cards to rule them all. The Drivers License, the ID and your Health Card...

Three! Three cards..

http://yro.slashdot.org/story/10/03/23/2223220/US-Lawmakers-Eyeing-National-ID-Card?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

US Lawmakers Eyeing National ID Card

Posted by timothy on Tuesday March 23, @06:40PM

According to Wired (and no big surprise, considering the practicalities of implementing massive changes in medical finance), US lawmakers "are proposing a national identification card, a 'fraud-proof' Social Security card required for lawful employment in the United States. The proposal comes as the Department of Homeland Security is moving toward nationalizing driver licenses."

[Would the Government be willing to guarantee the card as fraud-proof? I didn't think so. Bob]

[From the Wired article:

Homeland Security officials pointed to the Sept. 11 hijackers’ ability to get driver’s licenses in Virginia using false information as justification for the proposed $24 billion Real ID program. Schumer and Graham point to illegal immigration as cause for their plan.

[...because Foreign Nationals would be born with US ID cards and people would sneak across the boarder carrying them... Problems Solved! Bob]



Would this mandate a crime fighting plan for the US? Would we believe a country that said “They only used a hacked server here, they came from Cleveland.”

http://it.slashdot.org/story/10/03/24/0118228/New-Legislation-Would-Crack-Down-On-Online-Criminal-Havens?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

New Legislation Would Crack Down On Online Criminal Havens

Posted by timothy on Tuesday March 23, @11:43PM

Hugh Pickens writes

"The Hill reports that Senators Orrin Hatch (R-Utah) and Kirsten Gillibrand (D-NY) have introduced a bill that would penalize foreign countries that fail to crack down on cyber criminals operating within their borders. Under the bill the White House would have the responsibility of identifying countries that pose cyber threats and the president would have to present to Congress in an annual report. Countries identified as 'hacker havens' would then have to develop plans of action to combat cybercrimes or risk cuts to their US export dollars, foreign-direct investment funds and trade assistance grants. Numerous American employers, including Cisco, HP, Microsoft, Symantec, PayPal, eBay, McAfee, American Express, Mastercard and Visa, as well as Facebook, are supporting the Senators' legislation."



Actually, they did not they allow personal use of their equipment. And they said they were monitoring use. (These were Police Officers after all.) What about those on the other side of the communication?

http://www.pogowasright.org/?p=8514

Privacy groups urge Supreme Court to protect text message privacy

March 23, 2010 by Dissent

The Electronic Frontier Foundation (EFF) urged the United States Supreme Court today to ensure that modern communications methods such as text messages retain the constitutional privacy protections applied to earlier technologies.

In an amicus brief in City of Ontario v. Quon, EFF sided with a public employee who was allowed personal use of his work pager but then discovered that his employer had secretly obtained his communication records from his wireless provider. The U.S. Court of Appeals for the 9th Circuit ruled that the city violated the Fourth Amendment, and the Supreme Court granted the city’s request to review that ruling.

“The Constitution fully safeguards the privacy of electronic communications sent over employer-provided equipment,” said EFF Civil Liberties Director Jennifer Granick. “Text messages, like phone calls or letters, are protected from warrantless law enforcement surveillance, even if sent from the workplace or through an utside service provider.”

This case comes to the Supreme Court as Americans are adopting smart phones in record numbers, making texting and on-the-fly emailing a part of everyday life for millions of people. Most employers allow and encourage some use of workplace equipment for personal communications, instead of forcing employees to carry around multiple devices. In its amicus brief, EFF urged the court not to disturb longstanding Fourth Amendment protections against warrantless law enforcement access to these electronic communications.

“The privacy questions in this case turn on the application of settled legal principles in new technological contexts,” said Andrew Pincus of Mayer Brown LLP and the Yale Supreme Court Clinic, who worked with EFF on the amicus brief. “The court should proceed cautiously, in order to preserve constitutional protections for Americans’ most private communications.” “People are moving away from postal mail and landline phones to electronic and mobile communications, both at home and at the workplace,” added EFF’s Granick. “We should not be forced to leave our privacy behind.”

EFF was joined on this brief by the America Civil Liberties Union (ACLU), the Center for Democracy and Technology (CDT), and Public Citizen.

For the full amicus brief: http://www.eff.org/files/filenode/ontario_v_quon/EFFamicus.pdf

For more on this case: http://www.eff.org/cases/city-ontario-v-quon

For this release: http://www.eff.org/press/archives/2010/03/23

[Many more documents at the EFF site. Bob]



For my Statistics class. Interesting comparison of Votes and Campaign Contributions. (You can do similar analysis and graphics at this site.)

http://www.tableausoftware.com/healthcare-bill-passed#

Healthcare bill will most benefit those who did not vote for it



Is this a Copyright violation?

http://yro.slashdot.org/story/10/03/24/1214239/Full-ACTA-Leak-Online?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Full ACTA Leak Online

Posted by CmdrTaco on Wednesday March 24, @08:53AM

An anonymous reader writes

"Following months of small Anti-Counterfeiting Trade Agreement leaks, the full consolidated ACTA text has now been posted online. The consolidated text provides a clear indication of how the negotiations have altered earlier proposals (see this post for links to the early leaks) as well as the first look at several other ACTA elements. For example, last spring it was revealed that several countries had proposed including a de minimus provision to counter fears that the border measures chapter would lead to iPod searching border guards. The leak shows there are four proposals on the table."



Tools & Techniques Firewall Bypass Techniques

http://it.slashdot.org/story/10/03/23/239225/How-To-Evade-URL-Filters-With-Not-So-Fancy-Math?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

How To Evade URL Filters With (Not-So) Fancy Math

Posted by timothy on Tuesday March 23, @07:22PM

Trailrunner7 writes

"In their constant quest to find new and interesting ways to abuse the Internet, attackers recently have begun using an old technique to obfuscate URLs and IP addresses to bypass URL filters and direct users to malicious sites. The technique takes advantage of the fact that modern browsers will allow users to specify IP addresses in formats other than base 10. So a typical IP address that looks something like this — 192.10.10.1 — can also be written in base 8, hexadecimal or a handful of other formats, and the browser will recognize it and take the user to the specified site. What is interesting though is that due to the relative obscurity of using such methods to denote an IP or URL, it is quite feasible that existing security products do not correctly identify the URLs as valid or flag them as malicious when they point to existing known bad websites."



Tools & Techniques: If not for stalking, at least some minor blackmail...

http://www.makeuseof.com/dir/friends-check-browser-history

HaveYourFriendsBeenThere: Remotely check any browser history for naughty sites

Do you want to know which of your friends have been looking at naughty websites? Or perhaps you want to know who among your coworkers have been visiting NSFW websites while at work? Then you should check out HaveYourFriendsBeenThere? It is a web tool that enables you remotely snoop into someones browser history and check for naughty websites.

To find out if someone has been visiting naughty sites, just copy the link generated by HYFBT, send the link to your friend and wait for the results. Once your friend opens the link, the site will immediately look into your friend’s browser and will send you a list of the adult sites he has opened. This tool also shows the results to your friends as well.

www.haveyourfriendsbeenthere.com



For my website and other programming students...

http://www.makeuseof.com/tag/top-3-browser-based-ides-code-cloud-2/

The Top 3 Browser-Based IDE’s To Code In The Cloud

by Simon Slangen on Mar. 23rd, 2010

For those that aren’t in the know, the browser based “IDE” is an abbreviation of Integrated Development Environment. Very simply said, it’s an application that can be used to write code, but usually with added compiler/interpreter, debugging and automation features.

Finding a decent freeware code writing application (view previous code-editor compilations for Windows or Mac), never mind an IDE, can prove difficult. Some operating systems have it harder than others, and if you use more than one, or are on the move a lot, coding can be a bastard.

Bespin from Mozilla Labs

Coderun Studio

Kodingen



Not sure I want my students covering useful sites with 'sticky notes' but it might prove useful for group projects (or games like Treasure Hunt)

http://www.makeuseof.com/dir/stickr-leave-notes-on-web-pages

Stickr: Leave Notes On Web Pages

www.stickr.com

Similar tool: MyStickies.

No comments: