Tuesday, December 21, 2010

Perhaps I'll develop a Case Study for my Computer Security students. This breach seems to cover almost every possible error an organization could make.


Memo Details Gawker Security Strategy

"After a hack of systems belonging to online publishing giant Gawker Media that yielded more than one million passwords, the online media company's chief technology officer has announced new defense strategies aimed at placating their users and preventing further humiliating data breaches. Thomas Plunkett issued a company-wide memo on Friday that lays out the new security measures and suggests the company overlooked security concerns in the rush to develop new features."

… A copy of the memo was posted on the Website of the Poynter Institute on Friday, Plunkett confirmed.

[From the memo:

First, we never planned for such an event, and therefore had no systems, or processes in place to adequately respond.

… The tech team should have been better prepared, committed more time to perform thorough audits, and grown our team’s technical expertise to meet our specific business needs.

Worth a read?


Article: The Fourth Amendment and the Brave New World of Online Social Networking

December 20, 2010 by Dissent

FourthAmendment.com points us to a new law review article: The Fourth Amendment and the Brave New World of Online Social Networking by Nathan Petrashek, 93 Marq. L. Rev. 1495 (2010). From the introduction:

During a recent visit to the University of Florida Levin College of Law, Associate Justice Clarence Thomas was asked whether he believed the Court has kept pace with rapidly shifting technological changes. According to Justice Thomas, technological change within the Court was less important than that occurring on the outside:

[It‘s] changed the way we work, but it‘s also changed some of the issues. . . . I think you all are in for some interesting times because there used to be these zones of privacy. . . . Things were over here in the private sphere and then the public sphere was over here. Now look how [they‘ve] merged. You put something on your Facebook, [and] it‘s there on somebody‘s hard drive forever. . . . We also see it with respect to how the government can obtain information in the criminal justice context. [The government doesn‘t] actually have to come onto property now, to look into your private affairs. . . . I think you all are in for the brave new world of technology in a way that we, of course, couldn‘t have anticipated.2


This Comment evaluates whether social networking users maintain a reasonable expectation of privacy in their online social networking activity such that police scrutiny is subject to the Fourth Amendment‘s warrant requirement. Part II explores the contours of a social networking web site and describes its operation. This Part considers the origins of the social networking phenomenon and examines two of the largest social networking web sites, Facebook and MySpace, in some detail. Part III explains the social benefits derived from social networking and the risks involved, including the increasing risk of police surveillance. Part IV describes the current state of Fourth Amendment search doctrine and explains why it is a poor lens through which to analyze a user‘s online social networking content. Part V discusses the consequences should courts refuse to protect online user content. Finally, Part VI concludes that courts should recognize, in most circumstances, users‘ asserted privacy expectations in their online social networking content.

You can download the article from Marquette Law Review.

So who is running the Asylum?


DHS Seized Domains Based On Bad Evidence

"Back over Thanksgiving, the Department of Homeland Security's Immigration and Customs Enforcement unit (ICE) made a lot of news by seizing over 80 domain names. While many of these involved sites that sold counterfeit products, five of the domains involved copyright issues. Four of them involved hiphop-related blogs — including ones that hiphop stars like Kanye West and others used to promote their own works, and the last one was a meta search engine that simply aggregated other search engines. Weeks went by without the owners of those sites even being told why their domains were seized, but the affidavit for the seizure of those five sites has recently come out, and it's full of all sorts of problems. Not only was it put together by a recent college graduate, who claimed that merely linking to news and blog posts about file sharing constituted evidence of copyright infringement, it listed as evidence of infringement songs that labels specifically sent these blogs to promote. Also, what becomes clear is that the MPAA was instrumental in 'guiding' ICE's rookie agent in going after these sites, as that appeared to be the only outside expertise relied on in determining if these sites should be seized."

Check my pulse! If I'm agreeing with Al Franken, something must have gone seriously wrong with my brain. (Okay, I don't agree with everything he is saying in the article, but I do agree on the need to separate “Internet access” from the provider's products & services.)


Al Franken Makes a Case For Net Neutrality

"In a post titled 'The Most Important Free Speech Issue of Our Time' this morning on The Huffington Post, Senator Al Franken lays down a powerful case for net neutrality, as well as a grim scenario if the current draft regulations being considered by the FCC are accepted. Quoting: 'The good news is that the Federal Communications Commission has the power to issue regulations that protect net neutrality. The bad news is that draft regulations written by FCC Chairman Julius Genachowski don't do that at all. They're worse than nothing. That's why Tuesday is such an important day. The FCC will be meeting to discuss those regulations, and we must make sure that its members understand that allowing corporations to control the Internet is simply unacceptable. Although Chairman Genachowski's draft Order has not been made public, early reports make clear that it falls far short of protecting net neutrality.'"

The “Internet of Things” is coming...


Microchips Now In Tombstones, Toilets, & Fish Lures

"Steve Johnson writes in the Mercury News that microchips are going into a staggering array of once decidedly low-tech items — from gravestone markers and running shoes to fish lures and writing pens. In the future, 'where won't we find chips?' asks analyst Jordan Selburn. 'The answer is pretty close to nowhere.' For example, one company sells a coin-size, stainless steel-encased microchip for gravestone markers that tells the dead person's story in text, photos, video or audio histories, which visitors can access by pointing their Internet-enabled cell phones at it. The company says it has sold thousands of 'Memory Medallions.' There's AquaOne Technologies, who sell a toilet containing chips that automatically shut off the water when it springs a leak or starts to overflow, but Japanese company Toto goes one better with an intelligent toilet that gathers health-related data from the user's urine. Pro-Troll puts a chip in its fish lures that 'duplicates the electrical nerve discharge of a wounded bait fish,' prompting other fish to bite it."

Perhaps they are more interested in knowing who makes “good fakes?”


Microsoft shelves Office Genuine Advantage tool

In what can be considered a small victory for those who dislike additional security checks after purchasing software, Microsoft has quietly discontinued the use of its Genuine Advantage checker tool for Microsoft Office.

The antipiracy measure, called Office Genuine Advantage (OGA), required that users verify the legitimacy of their Office software before being able to download add-ons and templates from Microsoft, as well as download software updates Microsoft deemed "non-critical."

One program that's not being shelved as part of OGA's end of life is Microsoft's policy of replacing counterfeited software with genuine copies in cases where customers believed they were buying the real thing. That program, which also began in 2006, aimed both at helping people who had accidentally bought good fakes, as well as giving Microsoft leads on where it was coming from.

The removal of OGA does not mean a lapse in the front-line security Microsoft employs to keep software pirates at bay. Users still need to enter in a 25-character activation key when first installing the software in order to unlock its license. Just like in its Windows operating system, users who skip this step are still able to use the software, but with reduced functionality.

An ethical question: If this is a reasonably accurate guide for pedophiles, shouldn't every parent and police officer read it to understand how to protect children and catch the pedophiles? Is it ethical to remain ignorant? (Could you write a book containing the same information without also providing guidance to pedophiles?)


Colo. author who sold guide for pedophiles arrested, extradited to Florida on obscenity charge

No comments: