Monday, October 25, 2010

As the bad guys adopt technology, what else would you expect?

Information Theft At Global Companies Surpasses All Other Forms of Fraud for First Time

Theft of information and electronic data at global companies has overtaken physical theft for the first time, according to the latest edition of the Kroll Annual Global Fraud Report. This year’s study shows that the amount lost by businesses to fraud rose from $1.4m to $1.7m per billion dollars of sales in the past 12 months – an increase of more than 20%. The findings are the result of a study commissioned by Kroll with the Economist Intelligence Unit of more than 800 senior executives worldwide.

… According to the 2010 survey, 88% of companies said they had been the victim of at least one type of fraud during the past year. Of the specific countries analyzed, China is the top market in which companies suffered fraud with 98% of businesses operating there affected. Colombia ranked second with a 94% incidence of fraud in 2010, followed by Brazil with 90%.

Poor Google.

Google Target of Misdirected Privacy Backlash

October 24, 2010 by Dissent

Tony Bradley follows up on the ICO’s announcement that it will be looking into the Google Wi-Fi situation again by pointing out that Google is being blamed for the security and privacy failures of individuals and businesses who fail to use even minimal security on their systems:

Many of the privacy concerns, however, are not really a function of Google. Google is simply the high-profile messenger making communities and users aware of just how exposed they are. It is part of a common and growing privacy backlash trend that misdirects blame at third-party organizations rather than taking personal responsibility.

Did Google collect Wi-Fi data–including sensitive information like usernames and passwords? Yes. It has admitted as much. But, Google didn’t do anything wrong to get that data. It’s more like someone gave Google a $20 bill, then turned around and accused Google of theft.


The issue isn’t that Google invaded anyone’s privacy by gathering and retaining the Wi-Fi data. The issue is that many businesses and homes are like the man in the park with his zipper down–operating insecure wireless networks that are constantly transmitting these types of sensitive data for anyone to intercept.

Even if the woman taking the pictures truly is a perverted stalker and had intent to capture the inappropriate photos, prosecuting her won’t change the fact that the guy is still walking around the park with his zipper down.

Read more on PC World.

Why not treat people as idiots? It usually works. (If you argue with Big Brother, you may get your own dedicated camera...)

UK: ‘Spy’ camera police ‘treated people like idiots’

October 24, 2010 by Dissent

More on the surveillance controversy in Birmingham.

Caroline Gall reports:

West Midlands Police “treated people like idiots” over the way more than 200 surveillance cameras were installed in parts of Birmingham with large Muslim populations, an MP has said.

The cameras – covert and overt – were put up earlier this year and were paid for with £3m of government money put aside for tackling terrorism.

But the communities were in uproar after they were not consulted, prompting the force to apologise and instigate an independent review of what happened.

The findings were highly critical, saying the force paid little attention to “compliance with the legal or regulatory framework” and relations between the Muslim community and police had been set back 10 years.


Liberty has now threatened legal action against the force if it refuses to agree to remove all the cameras in the next two weeks.

West Midlands Police Chief Constable Chris Sims has said previously all the covert cameras have been removed and the remainder covered with bags until a final decision was made.

Read more on BBC. In related coverage, BBC reports that the West Midland police will be responding to the recent report at a meeting later.

[From the article:

"They made a conscious decision of 'we won't lie, we will put into the public domain what we want to and we will wait and see if people ask questions'."

I think I'll still have my Ethical Hackers write their own version...

Firesheep In Wolves’ Clothing: Extension Lets You Hack Into Twitter, Facebook Accounts Easily

It seems like every time Facebook amends its privacy policy, the web is up in arms. The truth is, Facebook’s well publicized privacy fight is nothing compared to the vulnerability of all unsecured HTTP sites — that includes Facebook, Twitter and many of the web’s most popular destinations.

Developer Eric Butler has exposed the soft underbelly of the web with his new Firefox extension, Firesheep, which will let you essentially eavesdrop on any open Wi-Fi network and capture users’ cookies.

As Butler explains in his post, “As soon as anyone on the network visits an insecure website known to Firesheep, their name and photo will be displayed” in the window. All you have to do is double click on their name and open sesame, you will be able to log into that user’s site with their credentials.

… This is how it works. If a site is not secure, it keeps track of you through a cookie (more formally referenced as a session) which contains identifying information for that website. The tool effectively grabs these cookies and lets you masquerade as the user.

Apparently many social network sites are not secured, beyond the big two, Foursquare, Gowalla are also vulnerable. Moreover, to give you a sense of Firesheep’s scope, the extension is built to identify cookies from, Basecamp,, Cisco, CNET, Dropbox, Enom, Evernote, Facebook, Flickr, Github, Google, HackerNews, Harvest, Windows Live, NY Times, Pivotal Tracker, Slicehost, tumblr, Twitter, WordPress, Yahoo, Yelp. And that’s just the default setting— anyone can write their own plugins, according to the post.

(Related) Didn't everyone already know this?

How To Protect Your Login Information From Firesheep

… Firesheep banks on the fact that most social sites default to the HTTP protocol because it’s quicker. The already existing Firefox extension Force-TLS attempts to circumvent this by forcing those sites to use the HTTPS protocol, therefore making user cookies invisible to Firesheep.

Like the alternative option HTTP Everywhere, the Force-TLS Firefox extension allows your browser to change HTTP to HTTPS on sites that you indicate in the Firefox Add On “Preferences” menu, protecting your login information and ensuring a secure connection when you access social sites.

For my students – PLEASE!

Read-Able: Check Readability Of Text Online

The Readability Test Tool is a web based service that lets you quickly test the readability of an entire webpage, a part of it or a sample of text. You can conduct the test by entering the URL of the page, inputting text directly or by linking to the tool from your webpage. It scores the text on various readability indicators like Flesch Kincaid Reading Ease, Flesch Kincaid Grade Level, Gunning Fog Score, Coleman Liau Index and Automated Readability Index (ARI).

Check out related article: 8 Readability Web Tools to Test Your Writing Quality.

GE provides this nifty online drawing tool...

No comments: