Saturday, November 27, 2010

Another accidental computer system melt-down. Imagine the impact of a coordinated attack!

NAB pay bungle hits thousands

… The NAB's call centre has been in meltdown since a corrupt file disrupted Wednesday's overnight payment process.

The malfunction stalled salaries, Centrelink benefits, contract settlements and property deals, and slowed ATM and Eftpos transactions.

… The problem spread to some customers from other banks and credit unions waiting on wages and other payments from employers, clients and banks that deal with NAB.

Upset consumers demanded compensation for any fees for late mortgage and credit card payments, overdrawn accounts or bounced direct debits charged by any institutions as a result.

Gmail only, (other are not) but you can see where this is going.

Email Oracle: Track Emails & Know If They Have Been Opened

… Email Oracle is a free web tool that comes as an extension for web browsers Firefox, Safari, and Chrome. The plug-in then adds a “Send and Track” dashboard to your Gmail interface. You can use this dashboard to add an optional image to your outgoing emails. When the recipient views this image, this is reported to your Email Oracle account thereby indicating that the email was opened. Since this involves the recipient’s privacy, the recipient can click on the image and opt out of being tracked by Email Oracle. The service’s dashboard also lets you view a complete history of un-replied emails.

Similar tool: WhoReadMe, SpyPig and Confirmeo.

The war begins! I didn't know the President had signed this bill... In fact, “Thomas” reports: Latest Major Action: 11/18/2010 Placed on Senate Legislative Calendar under General Orders. Calendar No. 648. So what was the basis of the “seizure warrant?”

U.S. seizes sites linked to copyright infringement

The U.S. government has launched a major crackdown on online copyright infringement, seizing dozens of sites linked to illegal file sharing and counterfeit goods.

Torrent sites that link to illegal copies of music and movie files and sites that sell counterfeit goods were seized this week by the Immigration and Customs Enforcement division of the Department of Homeland Security. [Does this suggest an out-of-the-country connection? Bob] Visitors to such sites as,, and found that their usual sites had been replaced by a message that said, "This domain name has been seized by ICE--Homeland Security Investigations, pursuant to a seizure warrant issued by a United States District Court."

"My domain has been seized without any previous complaint or notice from any court!" the owner of Torrent-Finder told TorrentFreak, which listed more than 70 domains that were apparently part of the massive seizure.

DHS representatives did not immediately respond to a request for comment.

The seizures came after a Senate committee unanimously approved a controversial proposal earlier this month that would allow the government to pull the plug on Web sites accused of aiding piracy. The Combating Online Infringement and Counterfeits Act (COICA) allows a Web site's domain to be seized if it "has no demonstrable, commercially significant purpose or use other than" offering or providing access to unauthorized copies of copyrighted works.

The proposal has garnered support from dozens of the largest content companies, including video game maker Activision, media firms NBC Universal and Viacom, and the Motion Picture Association of America and Recording Industry Association of America lobbying groups. However, critics such as engineers and civil liberties groups say the COICA could balkanize the Internet, jeopardize free speech rights, and endanger legitimate Web sites.

The battle against online file sharing has ramped up. Earlier today, a Swedish court upheld the copyright conviction of the founders of The Pirate Bay, a notorious file-sharing site. In October, a U.S. district judge issued an injunction against Lime Wire, the company that operated the popular file-sharing software LimeWire. In May, a judge granted summary judgment in favor of the music industry's claims that Lime Group, parent of LimeWire software maker Lime Wire, committed copyright infringement, engaged in unfair competition, and induced copyright infringement.


US Government Seizes Torrent Search Engine Domain

"This morning, visitors to the site are greeted with an ominous graphic which indicates that ICE has seized the site's domain. 'My domain has been seized without any previous complaint or notice from any court!' the exasperated owner of Torrent-Finder told TorrentFreak this morning. 'I firstly had DNS downtime. While I was contacting GoDaddy, I noticed the DNS had changed. GoDaddy had no idea what was going on and until now they do not understand the situation and they say it was totally from ICANN,' he explained. Aside from the fact that domains are being seized seemingly at will, there is a very serious problem with the action against Torrent-Finder. Not only does the site not host or even link to any torrents whatsoever, it actually only returns searches through embedded iframes which display other sites that are not under the control of the Torrent-Finder owner."

Far beyond “Open Government”

UK Asks News Outlets Not To Publish WikiLeaks Bombshell, US Prepares For Fallout

"The UK government has issued Defense Advisory Notices to editors of UK news outlets in an attempt to hush up the latest bombshell from whistle-blowing web site WikiLeaks. DA Notices, the last of which was issued in April 2009 after sensitive defense documents were photographed using a telephoto lens in the hand of Assistant Commissioner Bob Quick as he arrived at No 10 Downing Street for a briefing, are requests not to publish, and therefore not legally enforceable."

This news comes alongside a raft of articles detailing the US government's preparations for the release. Officials are warning allies that the documents will be more damaging than previous releases, to the point of potentially damaging diplomatic relations with countries like Turkey. The Vancouver Sun wonders if this will lead to a change in the way diplomats communicate.

Hey, Hey! The Congressional mug-shots are ready!

New Member Pictorial Directory: 112th Congress

For my Ethical Hacker tool kit.

Stephen Fry and DVD Jon Back USB Sniffer Project

"bushing and pytey of the iPhone DevTeam and Team Twiizers have created a Kickstarter project to fund the build of an open-source/open-hardware high-speed USB protocol analyzer. The board features a high-speed USB 2.0 sniffer that will help with the reverse engineering of proprietary USB hardware. The project has gained the backing of two high-profile individuals: Jon Lech Johansen (DVD Jon), and actor and comedian Stephen Fry."

Works well. - Find & Share All The PDFs You Want

Talk about websites whose name actually tells you a lot about the service which is rendered...

What the name of this website does not tell you, now, is that the site will also let you read what you have found online, and share it with whomever you want. These are highly-practical services bar none, and the fact that you can do both things without having to pay a penny definitely helps this site have more projection. Because sites for searching and downloading PDFs are absolutely commonplace.

Also, it must be mentioned that the search engine which is employed is very flexible. You can look PDFs up not only by title but also by phrase and by keyword.

All of the above turns FindPDF into quite a convenient resource. I will make a point of visiting it next time I need to find some PDFs in earnest, to see if it works as well as it did when I tested it today.

Friday, November 26, 2010

Took them long enough. I can now drop their “Stupidity Index” back to Fuchsia.

Homeland Security Drops Color-Coded Terror Alerts

"The LA Times reports that the Homeland Security Department is poised to end its five-tiered, color-coded terrorism warning system, a post-Sept. 11 endeavor that has been called too vague to be useful and has been mostly ignored or mocked by the public. The domestic security advisory system was created in 2002 under then-Secretary Tom Ridge and in 2004, the department began assigning color threat levels to general targets such as aviation, financial services and mass transit. However the Department hasn't changed the alert level in four years, even after the attempted bombing of a flight to Detroit on Christmas Day 2009 and the alert level has only been elevated to red once, on Aug. 10, 2006, when British police disrupted a plot to detonate liquid explosives on airliners. Although it is unknown what, if anything, will replace the color-coded alerts, a senior Homeland Security official, who did not want to speak on the record about a decision still under review, says that 'the goal is to replace a system that communicates nothing.'"

Can't we just re-use the big DefCon displays from Wargames?

For my Ethical Hackers

Windows Phone 7 Gets Jailbroken

Windows Phone 7 is "finally" jailbroken! ChevronWP7, the unlocker tool, works with every WP7 phone and allows for the side loading of apps, the use of private APIs, and access to low level functionality. Basically, it unleashes your WP7 phone.

It's easy to jailbreak too: just download the tool, connect your phone, and run through the unlock tool. It's straightforward, very low-risk and completely reversible.

This is a tool I may try with my “online” Math classes. - Live Video Chat With Multiple People

Sifonr is a video chat platform that has two truly commendable qualities. First of all, the whole service is provided at just no cost whatsoever. And in second place (but not least important in any sense) there is no need to register either. You can land on the site and begin chatting with your friends straightaway.

And when it comes to the actual chat services provided, Sifonr is also praiseworthy. You can chat with all the people you want at the very same time, and you can also proceed to share files with them, right as you are chatting away.

There is no limit to the number of participants that can be in the same Sifonr room. You can invite your whole classroom or the entire soccer club if that is what you want. As it was mentioned at the beginning, you are not going to be charged a thing.

A new Sifon is created by clicking the button that is displayed on the main page. You can then proceed to invite all your friends in the way that is more comfortable for you. I am sure many will use Facebook, but you can also invite people by email if you wish.

Thursday, November 25, 2010

Shame on me for missing this one! For my Disaster Recovery/Business Continuation class

Computer Crashed New Orleans Real Estate Market

Posted by timothy on Wednesday November 24, @12:08PM

"For a month now the New Orleans real estate market has been crippled by a computer crash that caused the loss of online data from the late 1980s that should be researched prior to the closing of any real estate transactions. 'The clerk of Orleans Parish Civil District Court said Tuesday that her office continues to make progress in resolving the computer problems that have been holding up real estate transactions in New Orleans for the past month, but there still was no indication of how soon the crisis might end.'"

[From the article:

Researchers do a 30-year check to determine whether a piece of property is burdened with any liens, lawsuits, court judgments or other legal impediments to a sale.

"Without full restoration of this data, buyers will not be able to receive title insurance, nor a clear title on any property in Orleans Parish, which in effect completely halts real estate sales," the New Orleans Metropolitan Association of Realtors said last week.

… Most of the lost files have since been recovered, but the indexing system for the records was lost when the computers crashed, and without that system researchers don't know how to find information even in the restored records, experts said.

[My favorite SlashDot comment:

So, when did your data become important to you? Before or After you lost it...

Implications for School cameras and laptop video cameras and random drug testing?

The Supreme Court on School Interrogations and Parental (Dis)empowerment

November 25, 2010 by Dissent

Craig Livermore writes:

The Supreme Court has in the past several weeks granted certiorari in two cases involving the rights of juveniles in police interrogations in the school setting. In Greene v. Camreta, the Ninth Circuit Court of Appeals ruled that the interrogation of a juvenile by police authorities in the school setting in the absence of a warrant, court order, exigent circumstances, or parental consent, was an unconstitutional seizure under the Fourth Amendment of the United States Constitution. In the Matter of J.D.B., the Supreme Court of North Carolina held that a 13 year old burglary suspect who was interrogated by police officials in his school without parental notification and consent, was not in custody, and thus he was not entitled to have Miranda warnings read to him. By agreeing to hear both J.D.B. And Greene in this term, the Supreme Court is undoubtedly seeking to clarify the legal standards surrounding the increasing law enforcement presence in public schools. However, on a broader level, the Court is also entering into the societal discussion regarding the role of the public school in American democracy. As it is increasingly accepted that the school is becoming the central societal institution, the lack of parental notification for the interrogations in Greene and Camreta is of particular concern. The marginalization of parental involvement in such issues of morality and law may stem from a growing suspicion regarding the rearing abilities of parents. [If you don't send your kids to Private School, you are a bad parent? Bob] If the Supreme Court does not elevate the right of parental involvement in school interrogations to Constitutional concern, then it will be throwing judicial weight to society’s growing cynicism toward the ability of parents, especially in challenging urban contexts, to manifest parental responsibility.

Read more on Concurring Opinions.

Now this is depressing... Perhaps it explains the “if you opt out of scanning, you must be a terrorist” mentality at TSA.

Opting Out Isn’t Socially Neutral Anymore

November 24, 2010 by Dissent

Scott Peppet writes:

Various news outlets are reporting that Google “fans” in Germany have been egging the roughly 3% of houses whose inhabitants have chosen to opt out of Google’s Street View mapping feature.



What’s next? If you won’t stream real-time data about your health (do you have the flu? other communicable diseases?) into your vicinity to warn others to walk on the other side of the street, will people heckle you? If you won’t display your criminal record prominently in digital form so that others can “see” (using their digital devices) whether you’re a sex offender or felon of some sort, will they assume you’re a criminal (unraveling) or harrass you for your “privacy” (like the German eggers)?

Read more on Concurring Opinions.

Speaking of TSA, perhaps we should consider their “Security” a myth? (Video is NSFW)

Mythbusters' Savage: I got past TSA with razor blades

… like "Mythbusters" presenter Adam Savage, in the rush to leave the house, you may have forgotten that you have a couple of 12-inch razor blades secreted about your person.

Savage, in the highly entertaining monologue that I have embedded, describes how earlier this year he was flying and happened to forget to remove potentially dangerous objects from his belongings.

Is there a similar regulation in the US? (why would we need one?)

Ca: No breach of privacy in Calgary grow-op case, Supreme Court rules

November 24, 2010 by Dissent

Kirk Makin reports:

A man’s home may be his castle, but records that show its electricity usage can become the property of the police, the Supreme Court of Canada ruled today.

In an important ruling delineating limits to the right to privacy, a 7-2 majority said that police can obtain utility records to determine whether a home may conceal a marijuana grow operation.


Mr. Justice Ian Binnie, Mr. Justice Louis LeBel and Madam Justice Rosalie Abella concluded that while the technology can breach the right to privacy, it did not do so in the Gomboc case. They said that Mr. Gomboc had chosen not to avail himself of a regulation that would have permitted him to ask the utility to keep his records private.

Read more in the Globe and Mail.

Okay, all you Canadian lawyers: what regulation are they referring to, and if he had availed himself of it, couldn’t police still get some authorization or court-approved order to obtain his records?

No Privacy concerns here! (Eventually, TSA will require bar codes to fly...)

Scientists Attach Bar Codes To Embryos

"Fans of the film Blade Runner may remember a scene in which the maker of an artificial snake is identified by a microscopic serial number on one of its scales. Well, in a rare case of present-day technology actually surpassing that predicted in a movie, we've now gone one better — bar codes on embryos. Scientists from Spain's Universitat Autònoma de Barcelona (UAB), along with colleagues from the Spanish National Research Council, have successfully developed an identification system in which mouse embryos and oocytes (egg cells) are physically tagged with microscopic silicon bar code labels. They expect to try it out on human embryos and oocytes soon."

Oh goodie, now every one can be France.

Once-Secret ACTA Copyright Treaty Approved By EU

"By a vote of 331 to 294, the EU Parliament has approved the controversial and once-secret Anti-Counterfeiting Trade Agreement (ACTA). According to an ITworld article, 'the most controversial paragraph in the final text leaves the door open for countries to introduce the so-called three-strikes rule. This would cut Internet users off if they download copyright material as national authorities would be able to order ISPs to disclose personal information about customers.... The proposed agreement would also place sanctions against any device or software that is marketed as a means of circumventing access controls such as encryption or scrambling that are designed to prevent copying. [Because our software doesn't work, we need sanctions against everyone... Bob] It also requires legal measures against knowingly using such technology.'"


Judge Bars ‘Fair Use’ Defense in Xbox Modding Trial

A California man charged with violating the DMCA by installing mod chips in Xbox 360 consoles won’t be allowed to claim “fair use” at his scheduled jury trial next week, a federal judge ruled Tuesday — a decision potentially devastating to the defense, and not particularly favorable to anyone who thinks they have the right to tinker with hardware that they’ve bought and paid for. [“Sale” and “Own” don't mean what they used to... Bob]

… Crippen’s lawyer hoped to convince that jury that Crippen’s alleged modifications weren’t intended to enable piracy, but to allow Xbox owners to make lawful “fair use” of copyrighted material, or for other non-infringing purposes. The lawyer compared installing a mod chip to jail breaking an iPhone, an activity explicitly permitted under a recent DMCA exception approved by the U.S. Copyright Office.

… But U.S. District Judge Philip shot down that argument Tuesday, noting that the DMCA makes it a crime to “circumvent a technological measure that effectively controls access” to copyrighted material, even if there’s no proof that the circumvention was intended to facilitate piracy.

… “[A]lthough the government will have to establish that the technological measure that Mr. Crippen allegedly circumvented was used to control access to copyrighted work, the Government need not show that the modified Xbox’s were actually used for infringing purposes,” (.pdf) wrote Gutierrez. [Because the potential to commit crime is enough – just ask the Thought Police. Bob]

I'm gonna watch this one...

Righthaven To Explain Why Reposting Isn't Fair Use

"TechDirt reports that a judge has asked Righthaven to explain why a non-profit organization reposting an entire article isn't fair use. The case involves the Center for Intercultural Organizing of Portland, Oregon, which was sued by Righthaven in August after an entire 33-paragraph Review-Journal story about Las Vegas immigrants was posted on the center's website, crediting the Review-Journal. The nonprofit says it was founded by Portland-area immigrants and refugees to combat widespread anti-Muslim sentiment after 9/11 and it works to strengthen immigrant and refugee communities through education, civic engagement, organizing and mobilization and does not charge subscription fees or derive any income from its website. The interesting thing is that the defendant in this case didn't even raise the fair use issue. It was the judge who brought it up, suggesting that the Nevada judges are being inundated with hundreds of Righthaven cases, and that Righthaven has already lost once in a case that was found to be fair use so judges may want to set a precedent to clear their dockets."

Will this version of “Cloud Computing” kill the Kopyright Kops? Isn't it just an extension of TV over the Internet?

Zediva Streams You Movies From Actual DVD Players, Argues It’s Legal

New startup Zediva attempts to circumvent all the licensing hassles experienced by streaming video services like Netflix, iTunes and Hulu through operating more like a traditional movie rental store, except online.

The catch? “We don’t rent digital copies of a movie,” founder Venky Srinivasan told Rotten Tomatoes, “Our users rent a physical DVD, along with a DVD player from us for a fixed amount of time. They then control that DVD player remotely over the internet — and stream the movie privately to themselves. Think of it as a really long cable and a really long remote control.”

...and one for you Lawyers. (And my Business Intelligence class)

Federal Prosecutors: Supply Line Leaks May Constitute Insider Trading

A new federal investigation is focusing on the legality of supply line leaks and their consequences on Wall Street. The poster boy for this would have to be Apple, around which an entire manufacturing and distribution channels has grown, and which is now too big to plug every leak — especially now that memetically propagating news magnifies every murmur into a clamor, for better or for worse.

[From the WSJ Article:

Wall Street analysts have been left bewildered in recent days, as federal prosecutors begin to home in on insider-trading cases that appear to involve routinely published information about public-company supply chains.

Backup: When you absolutely, positively want a copy to survive... - Upload Your Files Everywhere At Once

Need to back up some files and you want to take the safest way around? If so, this is a service that will certainly fit the bill. It goes by the name of ShareJoJo, and it basically enables you to have files uploaded to all the major file hosting services available on the Web today. These include not only MegaUpload, Rapidshare and DepositFiles but also other sites that are not that widespread like KickLoad, EasyShare and Cramit.

All you have to do is individualize the file that you want to store online, and check the boxes of the services you want it to become hosted on. In no case must the file be larger than 400 MB, but that is the one and only thing you should watch out for.

If anything ShareJoJo stands as one of the fastest ways to store data online, and have it become retrievable from a literal wealth of locations at the same time. Backing anything up hardly gets any more practical than this.

For my studious students Launches A Directory Of 12,500 Academic Journals

As any scientist can tell you, there are thousands of scholarly journals out there. Some, like Science and Nature, are broad in scope, covering everything from human genetics to space. Others, like the Journal of Biomedical Nanotechnology, are a bit more specific. Unfortunately, the huge volume of research that gets published can made it tedious to keep track of the articles that are relevant to you., a social network for researchers and other academics, thinks it has a fix.

Now, journal articles aren’t exactly hard to come by on the web. You can always search Google Scholar for whatever you’re looking for, some universities offer their own search tools, and there are plenty of topic-specific sites that can help you find relevant material. The problem, according to founder Richard Price, is that this content and the communities around them are very fragmented. So built a directory of as many journals as it could find.

… You can opt to ‘follow’ your favorite publications, and relevant stories will start popping up in your news feed, so you don’t have to worry about looking them up yourself every month.

It’s worth noting that many of these journal articles are not free; you’ll either have to pay for them (fees are often around $20-40), or you’ll have to be accessing them from a university campus that pays for a subscription to the periodical in question.

It’s also worth noting that a UK site called Tictocs has built a database of journals, though Price says that the site doesn’t have a social graph component.

'cause I need to get more ed-ju-ma-kate-ified - A Directory Of Webinars

Peelon is a directory of webinars that you can consult for free, and filter in a wide variety of ways.

Almost 40 different industries are already featured - accounting, education, banking, legal services, marketing... the list goes on and on.

Additionally, the site will let you choose the type of event you intend to attend. You can have your choice from conferences, fundraisers, meetups, conventions, tradeshows...

Wednesday, November 24, 2010

It's the bank job to protect your money, but don't you have an obligation to investigate how they will do it? (e.g. Look to see if the do have a vault.)

Escrow Co. Sues Bank Over $440K Cyber Theft

November 24, 2010 by admin

Brian Krebs writes:

An escrow firm in Missouri is suing its bank to recover $440,000 that organized cyber thieves stole in an online robbery earlier this year, claiming the bank’s reliance on passwords to secure high-dollar transactions failed to measure up to federal e-banking security guidelines.

The attack against Springfield, Mo. based title insurance provider Choice Escrow and Land Title LLC began late in the afternoon on St. Patrick’s Day, when hackers who had stolen the firm’s online banking ID and password used the information to make a single unauthorized wire transfer for $440,000 to a corporate bank account in Cyprus.


Just because you bought it doesn't mean you own it. What liability would this create for an organization? Another area that “Access Policies” need to address. (If they have sufficient access rights to “wipe” your messages, they probably have sufficient access rights to copy and read them as well.)

When Your Company Remote-Wipes Your Personal Phone

Posted by kdawson on Tuesday November 23, @05:33PM

"NPR has a story about someone whose personal iPhone got remotely wiped by their employer. It was actually a mistake, but it was something of a surprise because they didn't believe they had given their employer any kind of access to do that. This may already be very familiar to Microsoft Exchange admins, but the problem was her iPhone's integration with MS Exchange automatically gives the server admin access to do remote wipes. All you have to do is configure the phone to receive email from an MS Exchange server and the server admin can wipe your phone at will. The phone wasn't bricked, even though absolutely all of its data was wiped, because the data could be restored from backup, assuming that someone had remembered to make one. But this also works on other devices like iPads, Blackberry phones, and other smartphones that integrate with MS Exchange. So if you read your work email on your personal phone or tablet, you might want to make sure that you keep backups, just in case."

It fits. “Citizens gots no rights whatout da gov'mint giz em to em.” (famous New Jersey Philosopher)

MUST READ: DHS & TSA: Making a list, checking it twice

November 23, 2010 by Dissent

I have no way of verifying the accuracy of this column by Doug Hagmann, but think it’s so troubling that it needs to be shared in case the memo is exactly as he summarizes it:

Following the publication of my article titled “Gate Rape of America,” I was contacted by a source within the DHS who is troubled by the terminology and content of an internal memo reportedly issued yesterday at the hand of DHS Secretary Janet Napolitano. Indeed, both the terminology and content contained in the document are troubling. The dissemination of the document itself is restricted by virtue of its classification, which prohibits any manner of public release. While the document cannot be posted or published, the more salient points are revealed here.

The memo, which actually takes the form of an administrative directive, appears to be the product of undated but recent high level meetings between Napolitano, John Pistole, head of the Transportation Security Administration (TSA),and one or more of Obama’s national security advisors. This document officially addresses those who are opposed to, or engaged in the disruption of the implementation of the enhanced airport screening procedures as “domestic extremists.”


The terminology contained within the reported memo is indeed troubling. It labels any person who “interferes” with TSA airport security screening procedure protocol and operations by actively objecting to the established screening process, “including but not limited to the anticipated national opt-out day” as a “domestic extremist.” The label is then broadened to include “any person, group or alternative media source” that actively objects to, causes others to object to, supports and/or elicits support for anyone who engages in such travel disruptions at U.S. airports in response to the enhanced security procedures.

For individuals who engaged in such activity at screening points, it instructs TSA operations to obtain the identities of those individuals and other applicable information and submit the same electronically to the Homeland Environment Threat Analysis Division, the Extremism and Radicalization branch of the Office of Intelligence & Analysis (IA) division of the Department of Homeland Security.

Read more on Canadian Free Press.

(Related) At some point the politicians will hear the voice of the voter... Won't they?

November 23, 2010

Majority of Americans Now Oppose Body Scanners and TSA Pat Downs

EPIC: "A new poll by Zogby International finds that 61% of Americans polled between Nov. 19 and Nov. 22 oppose the use of full body scans and TSA pat downs. Of those polled, 52% believe the enhanced security measures will not prevent terrorist activity, almost half (48%) say it is a violation of privacy rights, 33% say they should not have to go through enhanced security methods to get on an airplane, and 32% believe the full body scans and TSA pat downs to be sexual harassment. The Zogby Poll is the most recent survey of American opinion on the new airport screening procedures. Combined with earlier polls by USA Today and the Washington Post-ABC News, the Zogby Poll reflects declining support for the TSA program."

  • News release: "U.S. Rep. Rush Holt, a scientist and the Chairman of the House Select Intelligence Oversight Panel, Friday wrote the Administrator of the Transportation Security Administration (TSA), reiterating his concerns about the use of body imaging technology, notably about potential health effects and the effectiveness of the screening to detect the full range of explosive threats known or anticipated to be used by potential terrorists...the majority of the radiation from X-ray backscatter machines strikes the top of the head, which is where 85 percent of the 800,000 cases of basal cell carcinoma diagnosed in the United States each year develop."

(Related) Apparently this has become a “big enough” story that editors are willing to invest some time to do research.

Your risks and rights with TSA's 'enhanced' screening (FAQ)


Survive a TSA Screening

You can take pictures, but you can't take good pictures? What is the basis for this? All terrorists have DSLRs?

Kuwait Bans DSLR Cameras Use For Non-Journalists

Posted by kdawson on Tuesday November 23, @02:25PM

"Kuwait has banned the use of Digital Single Lens Reflex (DSLR) cameras in public places for anyone who is not a journalist. The ban, which was passed by the unanimous agreement of the country's Ministry of Social Affairs, Ministry of Information and Ministry of Finance, prevents the public from using DSLR devices on the streets of the Middle Eastern State. Tourists are to be affected by the new laws and must be aware of this before travelling to Kuwait. Smaller digital cameras and camera phones are exempt from the ban."

Interesting question for my Computer Security students: Can a “social network” be made “Secure?”

Open-Source Social Network Diaspora Goes Live

Posted by timothy on Tuesday November 23, @11:44PM

"Diaspora, a widely anticipated social network site built on open-source code, has cracked open its doors for business, at least for a handful of invited participants. 'Every week, we'll invite more people,' stated the developers behind the project, in a blog item posted Tuesday announcing the alpha release of the service. 'By taking these baby steps, we'll be able to quickly identify performance problems and iterate on features as quickly as possible.' Such a cautious rollout may be necessary, given how fresh the code is. In September, when the first version of the working code behind the service was posted, it was promptly criticized for being riddled with security errors. While Facebook creator Mark Zuckerberg may not be worried about Diaspora quite yet, the service is one of a growing number of efforts to build out open-source-based social-networking software and services."

Also for my Computer Security students

November 22, 2010

EFF Tool Offers New Protection Against Exploits of Webpage Security Flaws

News release: "The Electronic Frontier Foundation (EFF) has launched a new version of HTTPS Everywhere, a security tool that offers enhanced protection for Firefox browser users against "Firesheep" and other exploits of webpage security flaws. HTTPS secures web browsing by encrypting both requests from your browser to websites and the resulting pages that are displayed. Without HTTPS, your online reading habits and activities are vulnerable to eavesdropping, and your accounts are vulnerable to hijacking... This new version of HTTPS Everywhere responds to growing concerns about website vulnerability in the wake of Firesheep, an attack tool that could enable an eavesdropper on a network to take over another user's web accounts -- on social networking sites or webmail systems, for example -- if the browser's connection to the web application either does not use cryptography or does not use it thoroughly enough... Other sites targeted by Firesheep that now receive protection from HTTPS Everywhere include, Cisco, Dropbox, Evernote, and GitHub. In addition to the HTTPS Everywhere update, EFF also released a guide to help website operators implement HTTPS properly."

For my Ethical Hackers. A computer is a computer is a computer...

Rootkit In a Network Card Demonstrated

Posted by kdawson on Tuesday November 23, @03:11PM

KindMind notes coverage in The Register on a researcher who has developed a firmware-based rootkit that resides in a network card. Here is the developer's blog entry.

"Guillaume Delugré, a reverse engineer at French security firm Sogeti ESEC, was able to develop proof-of-concept code after studying the firmware from Broadcom Ethernet NetExtreme PCI Ethernet cards... Using the knowledge gained from this process, Delugré was able to develop custom firmware code and flash the device so that his proof-of-concept code ran on the CPU of the network card."

For my Ethical Hackers.

Crooks Hack Music Players For ATM Skimmers

Posted by kdawson on Tuesday November 23, @01:37PM

tsu doh nimh sends in a report that criminals increasingly are cannibalizing parts from handheld audio players and cheap spy cams to make extremely stealthy and effective ATM skimmers. These are devices designed to be attached to cash machines to siphon card + PIN data.

"The European ATM Security Team (EAST) found that a new type of analogue skimming device — using audio technology — has been reported by five countries, two of them 'major ATM deployers' (defined as having more than 40,000 ATMs)... The basic method for conducting these attacks was mentioned in a 1992 edition of the hacker e-zine Phrack (the edition that explains audio-based skimmers is Phrack 37)."

Strategy: Fight every action strongly and immediately.

EMI Seeks to Bar EFF From Cloud-Music Case

Billion-dollar record label EMI has asked a New York City federal judge to bar a non-profit legal rights group from filing a friend-of-the-court brief in a closely watched internet copyright case that could have broad implications for the future of cloud computing.

EMI says the brief filed last week by the Electronic Frontier Foundation and other groups supporting MP3tunes’s argument that it’s not responsible for what music its users store on its servers should be barred because it is “a pure advocacy piece, not a ‘friend of the court.’”

… EMI argues that EFF’s brief is too long

… Because EFF’s brief supports MP3tunes, EMI says, its arguments are “duplicative”

… EFF’s brief “contains unsupported speculation that is not helpful to the Court.”

They're kidding, right? “Helen of Troy: The (thing above the neck on the front of the head) that launched a thousand ships.”

Patent Office Agrees To Facebook’s “Face” Trademark

Facebook is just a payment away from trademarking the word “Face.” As of today the U.S. Patent And Trademark Office has sent the social networking site a Notice of Allowance, which means they have agreed to grant the “Face” trademark to Facebook.

Think outside the textbook! - Find & Download eBooks

As its name suggests, eBookBrowse is a site where you can find all the eBooks that you might possibly want to read. What the name does not tell you is that through the site you will also be able to download any of the featured titles, and then take them with you wherever you go.

The site features a neat search tool that will let you specify both the name of the book (or document) that you want to get your hands on, and also the kind of filetype that you are primarily interested in getting. If you are aware that your computer is actually a bit archaic and you want to play it safe, you can request that only PDF files be looked up.

Besides, the site will let you see all the documents that people have searched the most during the past week or month - whatever suits you best. And it is possible to see these documents that have been commented by users of the site more actively, too.

This looks to be very handy...

Draw Diagrams & Pictures On Your Computer Screen During Presentations With Sketch It

Wouldn’t it be nice … to have the ability to simply draw, sketch or jot notes anywhere on the screen during a presentation or video conference? Thankfully, there’s an innovative app called Sketch It that lets you do just that.

Don't let my wife see this article. She thinks I like Pumpkin Pie because I look like a pumpkin...

Pumpkin Pie increases Male Sex Drive

Posted by samzenpus on Tuesday November 23, @03:05PM

Dr. Alan Hirsch, Director of Chicago's Smell and Taste Treatment and Research Center, says the key to a man's heart, and other parts, is pumpkin pie. Out of the 40 odors tested in Hirsch's study, a mixture of lavender and pumpkin pie got the biggest rise out of men ages 18 to 64. [“Biggest rise” – I get it. Bob] That particular fragrance was found to increase penile blood flow by an average of 40%. "Maybe the odors acted to reduce anxiety. By reducing anxiety, it acted to remove inhibitions," said Hirsch.

Tuesday, November 23, 2010

What did we learn from the Lower Merion “webcamgate” saga? Apparently very little.

Texas school districts weigh privacy vs. security concerns with school cameras

November 23, 2010 by Dissent

Katherine Leal Unmuth reports:

Ever wonder who’s watching the kids?

In several school districts across North Texas, thousands of security cameras monitor students during the school day, in an effort to keep campuses safe.

As some school districts bulk up the number of cameras in schools, others are questioning access among administrators, security officers and even police departments. Districts must weigh privacy rights with safety concerns.

Some districts are reportedly making live feeds directly accessible in real-time to police. Yikes! And the state is not providing policies or guidance? Double yikes:

The districts’ actions in many ways depend on differing interpretations of the Family Educational Rights and Privacy Act, or FERPA. Some believe they are education records that must be protected, while others view them as law enforcement records.

There’s no expectation of privacy in a public school,” said Perlich, the Richardson police spokesman. “The inside of their backpack is personal, but the inside of the school itself – no.”

Texas Education Agency DeEtta Culbertson said the agency does not offer specific guidelines on access to security cameras.

Curtis Clay, director of programs for the Texas School Safety Center at Texas State University in San Marcos, said he supports making footage accessible to police.

Read the whole news story. Really – read the whole thing. Kudos to Unmuth for her coverage of this and the details in her report.

Another tracking tool.

Go Card privacy probe due

Privacy Commissioner Linda Matthews will today hand the parliamentary speaker a report outlining her findings on the use of Go Card journey data in criminal investigations.

The probe was triggered by a report in July revealing police were using Go Cards to pinpoint the movements of not only suspects but also potential witnesses.

Cloud security is dependent on the law

I am a true believer in the disruptive value of cloud computing, especially the long term drive towards so-called "public cloud" services. As I've noted frequently of late, the economics are just too compelling, and the issues around security and the law will eventually be addressed.

However, lately there has been some interesting claims of the superiority of public clouds over privately managed forms of IT, including private cloud environments. The latest is a statement from Gartner analyst Andrew Walls, pointing out that enterprises simply assume self-managed computing environments are more secure than shared public services:

"When you go to the private cloud they start thinking, 'this is just my standard old data centre, I just have the standard operational issues, there's been no real change in what we do', and this is a big problem because what this tells us is the data centre managers are not looking at the actual impact on the security program that the virtualisation induces."

"They see public cloud as being a little bit more risky therefore they won't go with it. Now the reality is, from my own experience in talking to security organisations and data centre managers around the world is that in many of these cases, you're far safer in the public cloud than you are on your own equipment."

… In fact, regardless of the technical and organizational realities, there is one element that is completely out of the control of both the customer and cloud provider that makes public cloud an increased risk: the law. Ignoring this means you are not completely evaluating the "security" of potential deployment environments.

It is easier to ask forgiveness than to gain permission...

DOJ has granted itself new surveillance powers

November 22, 2010 by Dissent

Chris Soghoian writes:

Electronic communications privacy law in the United States is hopelessly out of date. As several privacy groups have noted, the statute that governs when and how law enforcement agencies can obtain individual’s private files and electronic documents hasn’t really been updated since it was first written in 1986.

Over the past year, privacy groups, academics and many companies have gotten together to push for reform of the Electronic Communications Privacy Act (ECPA). These stakeholders have lobbied for reform of this law, and in turn, both the House and Senate have held hearings on various issues, ranging from cloud computing to cellular location data.

Of course, complaints about the existing statute are not limited to those wishing to protect user privacy — law enforcement agencies would very much like to expand their authority. However, as I document in this blog post, rather than going to Congress to ask for new surveillance powers, the Department of Justice, and in particular, the US Marshals Service, have simply created for themselves a new “roving” order for stored communications records.

Let that sink in for a second. Rather than wait for Congress to give it new authority, the Department of Justice has instead just given itself broad new surveillance powers.

Read more on Slight Paranoia.

Not everyone who flies is equal...

November 21, 2010

New TSA Sreening Procedures for Pilots Rolling Out

Follow up to previous postings on government implementation of whole body scanning technology at airports, this news release: "The Air Line Pilots Association, Int’l (ALPA), welcomed the Transportation Security Administration (TSA) announcement of expedited screening for airline pilots as important action to move the nation toward a threat-based strategy that focuses security resources where the risk is highest and away from a one-size-fits-all approach... ALPA proposed the creation of a highly secure and effective security screening system that would quickly and accurately verify the identity and employment status of active airline pilots. As a result, ALPA’s Crew Personnel Advanced Screening System (CrewPASS) program would identify individual pilots as trusted and, as a result, enhance the overall security of air travel and reduce passenger delays. In [the November 19, 2010] announcement, the TSA acknowledged ALPA for developing the CrewPASS concept and committed to phasing in CrewPASS nationally. The CrewPASS system is currently operating at Baltimore-Washington Thurgood Marshall International, Pittsburgh International, and Columbia Metropolitan airports."

  • TSA Statement from Administrator John S. Pistole: "In all such security programs, especially those that are applied nation-wide, there is a continual process of refinement and adjustment to ensure that best practices are applied and that feedback and comment from the traveling public is taken into account."


Commercial Air Passengers Struggle to Balance Desire for Privacy and Security

November 23, 2010 by Dissent

Ponemon has issued a press release about a new survey reported by Andy Greenberg over on Forbes yesterday (a copy of the full survey report is linked from Andy’s coverage). Here’s the Ponemon release:

As outrage over invasive airport security screening grows, a new Ponemon Institute study shows an overwhelming 79 percent of air travelers believe protection of their privacy rights is important. When asked to balance privacy and security when traveling with commercial airlines, however, 61 percent said security is most important, while only 18 percent said personal privacy is most important. And given a choice between a full-body scan or pat-down, 59 percent said they would prefer the scan, 18 would opt for a pat-down, while 23 percent said they were unsure.

The results are from a new independent study by privacy research firm Ponemon Institute, Concerns about New Airport Screening Procedures: U.S. Survey of Airline Passengers. The study, conducted from November 17 through 19, included responses from confidential interviews of 1,315 travelers at 12 major U.S. Airports. [Unsure if they were surveyed before or after going through security. Had they ever been scanned or patted down? Bob]

  • 79 percent of travelers expressed concern over being subjected to a pat-down, while 69 percent expressed concern over going through a full-body scan;

  • 67 percent of travelers either do not believe or are unsure that the new screening processes are necessary, while 33 percent believe they are necessary to ensure air travel safety; and,

  • 64 percent of travelers are not convinced airport security is doing a good job ensuring traveler safety;

Travelers also seemed more concerned over negative impacts from screening processes, such as exposure to radiation (51 percent vs. 34 percent) or inappropriate groping (49 percent vs. 33 percent) than over privacy implications associated with the screening techniques.

“Based on the results of our study, and in spite of the unfortunate stories that have been reported since the Transportation Security Agency began implementing its new screening techniques, passengers are struggling to balance their desire for privacy with their desire for air travel safety,” said Dr. Larry Ponemon, chairman and founder, Ponemon Institute. “Few people are happy about the screening process, and a majority questions the efficacy and necessity of the process.”

Airports where passengers were interviewed for the study included: Hartsfield-Jackson Atlanta International Airport (ATL), Washington Reagan National Airport (DCA), Denver International (DEN), Dallas-Fort Worth International Airport (DFW), Detroit Metropolitan Wayne County Airport (DTW), Washington Dulles International Airport (IAD), Los Angeles International Airport (LAX), Newark Liberty International Airport (NWR), John F. Kennedy International Airport (JFK), LaGuardia Airport (LGA), Chicago O’Hare International Airport (OHD), and San Francisco International Airport (SFO).

It's all part of the reputation game...

Microsoft Spying on Users For Free

… Security researcher and privacy advocate Christopher Soghoian recently scored big through the Freedom of Information Act (FOIA) and received the total amount that the US Drug Enforcement Administration (DEA) paid to providers for pen registers and wiretaps for the last four years. Unlike a wiretap that records actual phone or Net conversations, a pen register gathers all phone numbers or email addresses to show with whom a person has been communicating. The DEA spent $6.7 million for pen registers and $6.5 million for wiretaps in 2010. Microsoft does not charge the government even a penny for surveillance of its users. Google charges $25 per user and Yahoo charges $29 per user.

… Microsoft may not be happy that the news is out, that it seems to have a very friendly relationship with the DEA, since it had a near meltdown in 2008 when Cryptome published the Microsoft Online Services Global Criminal Compliance Handbook.

… Microsoft promptly produced a DMCA notice and temporarily shut down Cryptome.

The DEA pricing document [PDF] states, "There are no current costs for information requested with Subpoenas, Search Warrants, Pen Registers, or Title III Collection with Microsoft Corporation."

… In regards to what the DEA doesn't pay to Microsoft, Soghoian told The Register that Microsoft should at least charge a penny per government surveillance to create a paper trail. "You don't like companies to make money spying on their customers, they should charge something. You can't FOIA Microsoft's invoices, because they don't send any invoices."

Another big ear.

US Launches Largest Spy Satellite Ever

Posted by Soulskill on Monday November 22, @02:33PM

" reports that over the weekend, a giant booster – a Delta 4 Heavy rocket — carrying a secret new spy satellite for the US National Reconnaissance Office roared into space to deliver into orbit what one reconnaissance official has touted as 'the largest satellite in the world.' The Delta 4 Heavy rocket is the biggest unmanned rocket currently in service and has 2 million pounds of thrust, capable of launching payloads of up to 24 tons to low-Earth orbit and 11 tons toward the geosynchronous orbits used by communications satellites. The mammoth vehicle is created by taking three Common Booster Cores — the liquid hydrogen-fueled motor that forms a Delta 4-Medium's first stage — and strapping them together to form a triple-barrel rocket, and then adding an upper stage. The exact purpose of the new spy satellite NROL-32 is secret, but is widely believed to be an essential eavesdropping spacecraft that requires the powerful lift provided by the Delta 4-Heavy to reach its listening post. 'I believe the payload is the fifth in the series of what we call Mentor spacecraft, a.k.a. Advanced Orion, which gather signals intelligence from inclined geosynchronous orbits,' says Ted Molczan, a respected sky-watcher who keeps tabs on orbiting spacecraft. Earlier models of the series included an unfurling dish structure about 255 feet in diameter with a total spacecraft mass of about 5,953.5 pounds, costing about $750 million and designed to monitor specific points or objects of interest such as ballistic missile flight test telemetry."

Because PDFs are a pain...

PDF ReDirect Lets You Merge, Rotate, Optimize, Encrypt & Print PDFs [Windows]

Among the many applications with a hint of usability, PDF ReDirect was particularly enticing because of the sheer number of favorable reviews. PDF ReDirect is a simple virtual printer that creates PDF files from document files but also bundles some PDF editing features, such as PDF file merging, page rotating, and PDF optimizing.

… If you need additional features, you’ll most likely have to use something else, which isn’t too bad considering there are some genuinely good tools available for free. For a watermarking feature, for example, the excellent PDF-XChange Viewer offers that and even more document markup options, such as commenting.

There is also PDFEscape, a web-based tool for merging, splitting and rotating PDF files. The open-source Inkscape also lets you move the objects in the actual PDF’s, although you can only import 1 PDF page at a time.

Another useful tool, since I work at several locations...

The First Unofficial Guide to Dropbox [Save PDF or Read Online]

This program acts as a “magic pocket” which is always with you and contains whatever you place in it. Put a file into your Dropbox and it’s on all of your computers and mobile devices, really handy if you own multiple devices. But there’s more to Dropbox: you can use it for file sharing, backing up your data and even remotely control your computer.

Download: Using The Magic Pocket: A Dropbox Manual


Read now on Scribd