Saturday, December 04, 2010

Local (and typical) failure to manage security.

CO: Informants outed in accidental Grand Junction data release

December 3, 2010 by admin

The Associated Press reports:

The names of confidential drug informants, home addresses of sheriff’s deputies and troves of other sensitive data were made public for months because of a mistake by an employee of Mesa County’s technology department, officials said.

Thousands of the internal records were accessible on the Internet starting in April until the mistake was discovered last month.

The (Grand Junction) Daily Sentinel reported that the leak was blamed on a former employee [because no manager was responsible? Bob] with the Mesa County Information Technology Department. That employee wasn’t named and is no longer with the department, though it’s unclear whether the employee was terminated because of the leak.

Read more in the Daily News.

[From the article:

Hilkey said the FBI has been called to help find computer users who may have accessed the information that was supposed to be kept private.

… The leak was discovered Nov. 24 by an individual who ran across his or her name mentioned in the files while searching the Internet and notified authorities.

Mesa County Administrator Stefani Conley said that the leak was unintentional. The employee who posted the information mistakenly believed the site was secure, she told the newspaper.

This employee thought this was a password-protected, encrypted site,” Conley said. [How do you distinguish a secure site from a public site? Big, flashing “Not Secure” signs might be useful... Bob]

… “We're re-evaluating our IT protocols and will take the necessary steps to make sure something like this can never happen again,” Conley said. [Looks like they didn't bother “evaluating” or “taking steps” before this happened. Bob]

For my Ethical Hackers looking for employment. Is information now available in the pubic domain still “classified?” I agree that adding your own interpretation (based on other classified knowledge) could “enhance” the value of the leaked data, but should you pretend the leak never happened?

Graduate Students Being Warned Away From Leaked Cables

"The US State Department has started to warn potential recruits from universities not to read leaked cables, lest it jeopardize their chances of getting a job. They're also showing warnings to troops who access news websites and the Library of Congress and Department of Education have blocked WikiLeaks on their own networks. Quite what happens when these employees go home is an open question."

What happens on the Internet ( or any place else), stays on the Internet... Forever!

Tel-Aviv District Court Finds No “Right to Forget”

December 3, 2010 by Dissent

Boris Segalis writes:

As reported by Dan Or-Hof, Manager of the Information Technology, Internet and Copyright group at the Israeli law firm of Pearl Cohen Zedek & Latzer, in a first of its kind decision, the Tel-Aviv district court ruled on November 30, 2010 that a subscriber of cellular services does not have a general right to have his phone records deleted.

Read more about the case on InformationLawGroup.

For my Ethical Hackers

History Sniffing In the Wild

"Kashmir Hill at Forbes documents a recent study by UCSD researchers showing that 'history sniffing' is being actively used by mainstream ad networks like Interclick as well as popular porn sites like YouPorn in order to track what other sites you visit. The vulnerability has been known for almost a decade, but this paper documents hundreds of commercial sites exploiting it today (PDF)."

[From the comments:

In Firefox, even older versions (and perhaps some of the other browsers out there), you can change your "visited links" color (via Edit, Preferences, Appearance, Colors) to something other than purple. Then this script won't work. More, if you also change the "unvisited links" color, then even a modified script designed to tell the difference won't know which color is your "visited" color and which is your "unvisited" color.

“because our megabytes are better than their megabytes...”

The Odd Variations On 3G Per-Megabyte Pricing

"Carriers are increasingly charging for 3G mobile access by the megabyte, to prevent 'unfair' subsidies of heavy users by everyone else. So why does the price of a 3G megabyte vary based on the device used to send or receive it? Why is an iPad megabyte cheaper than a MiFi one? After all, a megabyte is a megabyte as far as the network is concerned. InfoWorld has a comparison of 3G pricing for the four major US carriers for their various supported devices, so you can see whose 3G pricing is out of whack for which devices."

...or at least, what we want Copyright to be.

Viacom Says YouTube Ruling Will ‘Completely Destroy’ Copyright

The media concern told the New York-based 2nd U.S. Circuit Court of Appeals on Friday that, if the lower decision stands, “it would radically transform the functioning of the copyright system and severely impair, if not completely destroy, (.pdf) the value of many copyrighted creations.”

The June 23 decision at issue by U.S. District Judge Louis L. Stanton of New York said internet companies, even if they know they are hosting infringing material, are immune from copyright liability if they promptly remove works at a rights holder’s request — under what is known as a takedown notice.

… Stanton ruled that YouTube’s “mere knowledge” of infringing activity “is not enough.”

… Stanton ruled that YouTube, which Google purchased in 2006 for $1.8 billion, had no way of knowing whether a video was licensed by the owner, was a “fair use” of the material “or even whether its copyright owner or licensee objects to its posting.”

For my Swiss Army Folder

DocsInOffice: Access Google Docs From Desktop Via Any MS Office Software

… DocsInOffice, a nifty app that lets you access google docs from desktop and work on them using your MS Office apps.

Once you have signed up, you only need to grant access to your Google Docs account. Then enter in the File Name field of your FileOpen dialog in your MS Office. Your office app will then connect to the Google Docs server where you can find and open your file from the cloud and edit on the spot.

Likewise, you can save your work by going to the address and saving the file there. All this is done without any plugin or toolbar installed. The seamless execution makes this tool very easy to work with.

Similar Tools: Insync, and DocSyncer.

No comments: