Tuesday, June 15, 2010

Failure to design security into your product – “do it right or do it over.”

http://mobile.slashdot.org/story/10/06/14/210205/ATampT-Breach-May-Be-Worse-Than-Initially-Thought?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

AT&T Breach May Be Worse Than Initially Thought

Posted by Soulskill on Monday June 14, @05:47PM

"I'm somewhat of an authority on GSM security, having given presentations on it at Shmoocon (M4V) and CCC (I'm also scheduled to talk about GSM at this year's Defcon). This is my take on the iPad ICCID disclosure — the short version is that (thanks to a bad decision by the US cell companies, not just AT&T) ICCIDs can be trivially converted to IMSIs, and the disclosure of IMSIs leads to some very severe consequences, such as name and phone number disclosure, global tower-level tracking, and making live interception a whole lot easier. My recommendation? AT&T has 114,000 SIM cards to replace and some nasty architectural problems to fix."

Reader tsamsoniw adds that AT&T has criticized the security group responsible for pointing out the flaw, while the group claims they did it 'as a service to our nation.'



Can you hear me now?”

http://yro.slashdot.org/story/10/06/15/024231/The-South-Carolina-Primary-and-Voting-Machine-Fraud?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

The South Carolina Primary and Voting Machine Fraud

Posted by kdawson on Tuesday June 15, @02:36AM

"South Carolina sure knows how to pick 'em. Alvin Greene is a broke, unemployed guy who is facing a felony obscenity charge. He made no campaign appearances and raised no money, but he is the brand new Democratic Senate nominee from South Carolina. Tom Schaller at FiveThirtyEight.com does a detailed analysis of how a guy like this wins a primary race, and many of the signs point to voting machine fraud. There seem to have been irregularities on all sides. 'Dr. Mebane performed second-digit Benford's law tests on the precinct returns from the Senate race. ... If votes are added or subtracted from a candidate's total, possibly due to error or fraud, Mebane's test will detect a deviation from this distribution. Results... showed that Rawl's Election Day vote totals depart from the expected distribution at 90% confidence. In other words, the observed vote pattern for Rawl could be expected to occur only about 10% of the time by chance. ... An unusual, non-random pattern in the precinct-level results suggests tampering, or at least machine malfunction, perhaps at the highest level. And Mebane is perhaps the leading expert on this very subject. Along with the anomalies between absentee ballot v. election day ballots..., something smells here.' Techdirt.com points out that South Carolina uses ES&S voting machines, which have had strings of problems before; and they have no audit trail."



Failure to design security into your product.

http://torrentfreak.com/isp-attempts-to-block-file-sharing-ends-results-in-epic-failure-100614/

ISP Attempt To Block File-Sharing Ends in Epic Failure

Last week saw French ISP Orange take the opportunity to start providing a service which, at least on the surface, is designed to put the minds of subscribers at rest. For a 2 euro per month payment, Orange is offering a service which “allows you to control the activity of computers connected to your internet line, from downloading ‘illegally’ using peer-to-peer networks.

… “The software communicates with a remote server, a Java servlet actually located on the ip 195.146.235.67,” he explains.

Nothing too out of the ordinary there – except that all information is not only being transmitted in the clear but all information on that server is public (via http://195.146.235.67/status), meaning that every user had their IP addresses exposed to the public. But it doesn’t stop there.

Whoever set up the security on the server admin panel didn’t do a very good job. The username was set to ‘admin’ and the password set to ‘admin’ too. This morning that gaping hole was still open.

TorrentFreak is informed that people have accessed the server and have discovered that it’s possible to send malware to anyone using the software which makes a bit of a joke out of Orange when it claims: “The software runs in the background to ensure your safety without disrupting the important tasks that you perform”



e-Law 101 How will this work when everyone is connected to everyone?

http://healthcarebloglaw.blogspot.com/

Thursday, June 10, 2010

Reversal of Conviction Because Undisclosed MySpace Friendship Between Defendant and Juror

Brian Peterson posts on a fascinating West Virginia Supreme Court of Appeals decision involving the use of social media between a juror and defendant and the issue of disclosure of such connections during voir dire.

… To get the full context of what occurred I recommend reading the full decision. Also, jump over to Brian's blog post to read more of his comments on the decision. I agree with his conclusion, "It's clear that voir dire and jury instructions need to catch up with technology."



Dang! Now I've got to re-write my Ethical Hacking mid-term.

http://mobile.slashdot.org/story/10/06/14/2251253/Starbucks-Frees-Wi-Fi?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Starbucks Frees Wi-Fi

Posted by kdawson on Monday June 14, @08:06PM

"Free unlimited Wi-Fi is coming to nearly 7,000 company-operated Starbucks stores in the US beginning July 1, Starbucks CEO Howard Schultz said on Monday. Schultz also said that Starbucks is partnering with Yahoo! to debut the Starbucks Digital Network this fall. Starbucks customers will have free unrestricted access to various paid sites and services, such as wsj.com, as well as other free downloads Starbucks didn't detail. A spokeswoman said the access will be 'unlimited' and 'simplified, one-click.' By comparison, first-time Wi-Fi users in Starbucks stores now get up to two hours free after registering, but then must purchase additional time at the rate of $3.99 for two consecutive hours. That Wi-Fi access is already free to AT&T DSL home customers and AT&T mobile customers, according to the Starbucks website, but the connection process requires up to nine steps. McDonald's added free Wi-Fi to 11,500 locations earlier this year."



Suddenly, we are “professional critics?”

http://www.pogowasright.org/?p=11216

Silicon Valley readies for privacy battle

June 15, 2010 by Dissent

Mike Swift reports:

In the wake of a series of privacy missteps by Google, Facebook and other companies, a growing chorus on Capitol Hill is calling for major online privacy legislation and Silicon Valley companies are girding for the battle.

[...]

The interest in Washington is because “professional privacy critics are generating the noise and the calls for legislation,” said Steve DelBianco of NetChoice, a confederation of Internet companies and trade groups. DelBianco sees a cultural conflict between the valley’s innovate-or-die mindset and Washington’s love of the status quo.

Read more in the Mercury News.



Downstream consequences...

http://www.pogowasright.org/?p=11186

Is e-mailing a commenter an invasion of privacy or acceptable blogger behavior?

June 14, 2010 by Dissent

Like many blogs, this one uses a WordPress platform. And like many bloggers using WordPress, I’ve configured it so that when someone tries to submit a comment, I get the submission by e-mail from the blog and can then decide whether to approve it, delete it, or spam it.

But can I then argue that I can e-mail the commenters in reply to their submissions because they e-mailed me first? Believe it or not, that’s how at least one blogger treats comment submissions.

I would argue that commenters submitting comments to blogs are not knowingly e-mailing the blogger [but users should know that once they surrender control of the data (email, bank account number, whatever) it can go anywhere and stays in play forever... Bob] and that the blogger should not be replying to the individual by e-mail unless the commenter has specifically requested a reply by personal e-mail or unless the blog’s stated privacy policy cautions site visitors that if they submit a comment for moderation, the blogger may, at his or her discretion, respond by e-mail.

Why do I mention this now? Because occasionally I hear from people who submitted comments that were critical of the author of another WordPress-based blog and who then found themselves receiving unsolicited and unwelcome e-mails from the blogger. Having been sent examples of the blogger’s unsolicited e-mails, I can understand their distress. They submit a comment that disagrees with the blogger or is critical of the blogger and then find themselves on the receiving end of e-mail from the blogger calling them ignorant, hateful, etc. The blogger reportedly does not post her reply in the Comments section of the blog, and may not even have approved their submission, and now they find themselves in a nasty exchange of e-mails.

I hope that the blogger in question is just uninformed and doesn’t realize that comment submitters using an on-site comment submission form are not directly e-mailing her. But if she does now understand that, will she now respect her site visitors’ privacy by not sending unsolicited e-mail or will she continue to send them verbally abusive e-mails? One individual, who forwarded such e-mails to me, told me that he had to actually change his e-mail address to stop her from e-mailing him. And all because he submitted a comment on her blog that disagreed with something she had said.

But what do others think? Should a blogger ever reply to a comment submission by e-mail? Is it an invasion of privacy? And if you think that there are circumstances when it’s acceptable for a blogger to reply to a comment submission via unsolicited e-mail, under what conditions do you think it’s justified?



This is going to be interesting... I've already had my students download entire textbooks...

http://news.slashdot.org/story/10/06/14/199241/E-Reserves-Under-Fire-From-Publishers?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

E-Reserves Under Fire From Publishers

Posted by Soulskill on Monday June 14, @03:36PM

"Publishers Weekly has a story about a copyright lawsuit lodged against several faculty members and a librarian at Georgia State University. The case, Cambridge University Press, et al. v. Patton et al., involves e-reserves, a practice of making electronic copies of articles available to students. From the article: 'Rather than make multiple physical copies, faculty now scan or download chapters or articles, create a single copy, and place that copy on a server where students can access it (and in some cases print, download, or share). Since the practice relies on fair use (creating a single digital copy, usually from a resource already paid for, for educational purposes), permission generally isn't sought, and thus permission fees aren't paid, making the price right for students strapped by the high cost of tuition and textbooks, as well as for libraries with budgets stretched thinner every year.'"



We can (save money and appease the tree huggers), therefore we must!

http://news.cnet.com/8301-27080_3-20007672-245.html?part=rss&subj=news&tag=2547-1_3-0-20

Money trumps security in smart meter rollouts, experts say



For my Disaster Recovery class.

http://science.slashdot.org/story/10/06/15/0238225/Nasa-Warns-of-Potential-Huge-Space-Storm-In-2013?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Nasa Warns of Potential 'Huge Space Storm' In 2013

Posted by kdawson on Tuesday June 15, @08:15AM

"Senior space agency scientists believe the Earth will be hit with unprecedented levels of magnetic energy from solar flares after the Sun wakes 'from a deep slumber' sometime around 2013. In a new warning, NASA said the super storm could hit like 'a bolt of lightning' and could cause catastrophic consequences for the world's health, emergency services, and national security — unless precautions are taken. Scientists believe damage could extend to everyday items such as home computers, iPods, and sat navs. 'We know it is coming but we don't know how bad it is going to be,' said Dr Richard Fisher, the director of Nasa's Heliophysics division. 'I believe we're on the threshold of a new era in which space weather can be as influential in our daily lives as ordinary terrestrial weather.' Fisher concludes. 'We take this very seriously indeed.'"



For my website students

http://www.freetech4teachers.com/2010/06/html-helper-20-html-tutorials.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+freetech4teachers%2FcGEY+%28Free+Technology+for+Teachers%29

Monday, June 14, 2010

HTML Helper - 20 HTML Tutorials


Ditto

http://www.makeuseof.com/tag/5-extensive-javascript-code-library-options/

5 Extensive JavaScript Code Library Options For Developers



I gotta get me one of these!

http://dvice.com/archives/2010/06/clever-usb-type.php


No comments: