Wednesday, November 03, 2010

For my Computer Security students. How do you block this or at least detect it?

A Chilling Case of ‘Sextortion’

November 2, 2010 by Dissent

From the FBI:

The hacker knew every move the unsuspecting victim made. He controlled her computer webcam and microphone. He could see her in her bedroom, hear her conversations, knew every keystroke she made online. And he threatened to expose her secrets unless she bowed to his demands.

It may sound like the plot for a scary teen movie, but it actually happened, and there wasn’t just one victim—there were more than 200, and dozens of them were adolescent girls.

… The hacker, a 31-year-old California man who was arrested in June after a two-year investigation, used malicious code to infect and control the computers of his victims. Then he searched for explicit pictures from their computers, downloaded them, and used the images in an attempt to extort more pictures and videos from them.

What’s so frightening about this case was how easily the victims’ computers were compromised,” said Special Agent Jeff Kirkpatrick, one of our Los Angeles cyber investigators who worked the case.

… “And this guy was no computer genius,” Agent Kirkpatrick said. “Anybody could do what he did just by watching an online video and following the directions.”

… Victims—particularly teenage girls—were understandably devastated when they learned their privacy had been so completely violated. Many were afraid to tell their parents about the situation.

… “If he hadn’t attempted to contact the victims,” Agent Rogers said, “he could have done this forever and gone undetected—the victims would never have known he was listening and watching. That,” she added, “is one of the most disturbing things about this case.”

(Related) Perhaps my “fly armed and naked” idea was somewhat on point?

In Opening Brief, EPIC Urges Federal Appeals Court to Suspend Airport Body Scanner Program

November 2, 2010 by Dissent


EPIC has filed the opening brief in EPIC v. DHS, No, 10-1157, a case that challenges the unilateral decision of the TSA to make body scanners the primary screening technique in U.S. airports. Three frequent air travelers are joining EPIC in the lawsuit: security expert Bruce Schneier, human rights activist Chip Pitts, and the Council on American-Islamic Relations legal council Nadhira Al-Khalili. The Petitioners have brought claims under the Administrative Procedure Act, the Privacy Act, the Video Voyeurism Prevention Act, the Religious Freedom Restoration Act, and the Fourth Amendment. The Petitioners are seeking the suspension of the body scanner program. In its brief, EPIC argues that the Department of Homeland Security “has initiated the most sweeping, the most invasive, and the most unaccountable suspicionless search of American travelers in history.” EPIC further argues that the Transportation Security Administration “must comply with relevant law, and it must not be permitted to engage in such a fundamental change in agency practice without providing the public the opportunity to express its views.” For more information, see EPIC: EPIC v. DHS and EPIC: Whole Body Imaging Technology.

A project for my Ethical Hackers.

Credit Cards With Computer Chips: Coming to a Wallet Near You This Month

We’ve been hearing the refrain for years: the US is losing the credit card technology race. In Europe they have microchips. In Asia, people pay with their phones.

You’d think it’s only a matter of time before the US dumps its ancient magnetic stripes and joins the 21st century.

… Each of Mullen’s credit cards has a fully functional computer inside, controlled by touch-sensitive buttons on the card surface. Card 2.0 plastic works with all of those 10 million stripe readers in the wild, and merchants don’t even have to know you’re using a special card.

… Why do you want buttons on your card and a computer in your pants? Features. The first Card 2.0 plastic to hit the market is a rewards card. Press one button to pay with credit. Press the other button to pay with reward points.

Conundrum. How can a website offer data for “personal and non-commercial use only” and also forbid that use? A double-secret change of policy?

UK's National Rail Shuts Down Free Timetable App

Posted by timothy on Wednesday November 03, @07:24AM

"sad tale of one developer's trying time with the National Rail, the owners of the UK's train timetable data, which flies in the face of the recent assertion of Chris Scoggins (Chief Executive, National Rail Enquiries) in Wired recently stating that they had 'opened up' their data, 'often free of charge.'"

This is a good case for keeping your old emails handy; the app's author uses cut-and-paste to excellent effect in his correspondence with the rail system.

Perhaps by sponsoring a blog?

Google Emails All U.S. Gmail Users About The Buzz Settlement — And To Say They’re Not Getting A Dime

… Instead, the $8.5 million settlement money will be placed into an independent fund which Google says will support organizations working on privacy education and policy on the web.

Not new, but this video explains clearly how voting without risk of fraud could be done.

David Bismark: E-voting without fraud

Video interview with Google insider. Google TV, self-driving cars, etc.

October, 2010 Digg Dialogg with Marissa Mayer of Google — What happened when President Obama visited her home and a rooftop sniper showed up? How will the Google TV change our TV viewing habits? Is Google Skynet?

Read free online...

November 02, 2010

Proceedings of a Workshop on Deterring CyberAttacks: Informing Strategies and Developing Options for U.S. Policy

Proceedings of a Workshop on Deterring CyberAttacks: Informing Strategies and Developing Options for U.S. Policy, October 2010.

  • "In a world of increasing dependence on information technology, the prevention of cyberattacks on a nation's important computer and communications systems and networks is a problem that looms large. Given the demonstrated limitations of passive cybersecurity defense measures, it is natural to consider the possibility that deterrence might play a useful role in preventing cyberattacks against the United States and its vital interests. At the request of the Office of the Director of National Intelligence, the National Research Council undertook a two-phase project aimed to foster a broad, multidisciplinary examination of strategies for deterring cyberattacks on the United States and of the possible utility of these strategies for the U.S. government. The first phase produced a letter report providing basic information needed to understand the nature of the problem and to articulate important questions that can drive research regarding ways of more effectively preventing, discouraging, and inhibiting hostile activity against important U.S. information systems and networks. The second phase of the project entailed selecting appropriate experts to write papers on questions raised in the letter report. A number of experts, identified by the committee, were commissioned to write these papers under contract with the National Academy of Sciences. Commissioned papers were discussed at a public workshop held June 10-11, 2010, in Washington, D.C., and authors revised their papers after the workshop. Although the authors were selected and the papers reviewed and discussed by the committee, the individually authored papers do not reflect consensus views of the committee, and the reader should view these papers as offering points of departure that can stimulate further work on the topics discussed. The papers presented in this volume are published essentially as received from the authors, with some proofreading corrections made as limited time allowed."

How DHS sees risk. Explains what they are talking about?

November 02, 2010

DHS Risk Lexicon

"Developed by the DHS Risk Steering Committee (RSC), the purpose of the DHS Risk Lexicon is to establish and make available a comprehensive list of terms and meanings relevant to the practice of homeland security risk management and analysis. Accomplishing this goal improves the capability of the Department to assess and manage homeland security risk. To support integrated risk management for the Department, the DHS Risk Lexicon:

  • Promulgates a common language to ease and improve communications for the Department and its partners;

  • Facilitates the clear exchange of structured and unstructured data, essential to interoperability amongst risk practitioners; and

  • Garners credibility and grows relationships by providing consistency and clear understanding with regard to the usage of terms by the risk community across the Department."

Notice to geeks: Think of the fun we could have using this technique!

Truthy Project Uncovers Political Astroturfing On Twitter

Posted by Soulskill on Tuesday November 02, @05:10PM

An anonymous reader writes with a follow-up to the launch of the Truthy Project we discussed last month.

"Tens of thousands of tweets this election season have turned out to be automated messages generated by employees of political campaigns, Indiana University researchers have found. Quoting: 'In one case, a network of nine Twitter accounts, all created within 13 minutes of one another, sent out 929 messages in about two hours as replies to real account holders in the hopes that these users would retweet the messages. The fake accounts were probably controlled by a script that randomly picked a Twitter user to reply to, and a message and a Web link to include. Although Twitter shut the accounts down soon after, the messages still reached 61,732 users.'"

Ethical lawyers, crazy client?

Win-At-All-Costs” Litigation Using Illegal e-Discovery Leads to Dismissal of a Billion Dollar Case

Last week I mentioned the mean streets of litigation and my guess that most judges do not know how bad it has become. Two federal judges in South Florida know: District Court Judge Patricia A. Seitz and Magistrate Judge John J. O’Sullivan. Leor Exploration & Production LLC v. Aguiar, 2010 WL 3782195 (Sept. 28, 2010, S.D.Fl.). They have seen and responded to some real Dr. Evil type of conduct by the defendant in this case over One Billion Dollars. The misconduct culminated in illegal e-discovery where defendant hacked into the opposing party’s email and read his lawyers’ advice and strategies for the case. Judge O’Sullivan found, and Judge Seitz agreed, that defendant had a “win-at-all-costs mentality regarding this litigation.” Leor, supra at *4.

Some of my fellow teachers believe that Wikipedia is evil. I think it makes a great starting point for research.

Wikipedia Book Creator: Create eBooks From Wikipedia Pages

… If you’re the kind of person who likes to print lengthy Wikipedia articles to read offline at leisure, you should give the Wikipedia Book Creator a try.

The Book Creator is a new feature from Wikipedia that lets you select one or more pages from the online encyclopedia and add them to a PDF eBook that you can then download and read offline at your leisure. You can even get a printed book delivered to your doorstep, for a small fee.

If you would like to make some changes to the pages that you just saved, you can even download the eBook in the OpenDocument Text format. [Easily read by your normal word processor... Bob]

Perhaps I could make my own InfrGraphics? At lest some “step by step” flowcharts for my students. - Graphing Just Anything You Want

Grapholite is a web-based tool that makes creating graphs, charts and diagrams an absolute cinch. It is usable right on the browser, and it can be employed to come up with just anything you might need: organizational charts, floor plans, network diagrams...

… And every single diagram that you create via Grapholite can be saved in all the most popular text and image formats currently used, and imported into your favorite application(s).

It must also be mentioned that Grapholite is available in a desktop version.

No comments: