Wednesday, January 12, 2011

For my Computer Security students. This is a Script Kiddie. (It also may be the only time you can get your children to read and follow directions...)

8th grader hacks school server

John Mackle, education director at the Peterborough Victoria Northumberland and Clarington Catholic District School Board, said the pupil at St. Anne's School in Peterborough, Ontario, used a laptop and some downloaded software to access test results from around the province, the Toronto Sun reported Tuesday.

… Mackle said some of the server's security measures had been offline following an upgrade [Technically, that's a downgrade. Bob] before the incident.

Local. For my Ethical Hackers

Springs man sent to prison for hacking into TSA computer

January 11, 2011 by admin

Another case of a disgruntled terminated employee seeking revenge. Douglas James Duchak was sentenced to prison for injecting malicious code into a TSA computer after he was terrminated. No personal data compromised, but the potential was there. You can read about the case on The Gazette.

(Related) Your assignment: Video yourself from home to school using unsecured cameras. Extra credit: do it without using Starbucks' cameras...

Peep show: inside the world of unsecured IP security cameras

January 12, 2011 by Dissent

Tom Connor reports:

If you’re in public, you’re on camera. If you walk into a coffee shop, the owner gets you at the register. Visit a larger store, and chances are they have your face as soon as you cross the threshold. At least one or two of your neighbors catch you on camera when you walk around your neighborhood, and many cities monitor traffic using red light cameras at major intersections. The question is no longer if you’re on camera, but rather how many different angles you were caught on while going about your day.

With so much monitoring taking place, and with surveillance systems gaining more online functionality every year, it’s natural that securing these systems would become… complicated. And that many many are secured incorrectly or not at all. Because so many cameras and surveillance systems are completely open, it’s possible for anyone with Internet access to watch literally thousands of cameras online using only Google and a kindergartener’s understanding of the ‘Net.

Read more on Ars Technica.

“I don't know Marty, what do you want to do?”

Theft of Customers' Personal Property in Cafes and Bars

At present, evaluative research—whether carried out independently or by the police—is scarce; consequently it is not possible to draw any firm conclusions as to which responses to theft of customers’ personal property from caf├ęs and bars are the most effective. Nevertheless, we review several responses to this problem and make tentative statements as to their effectiveness.

Is this a half-vast solution to a vast problem? (Factor this into the 'local monopoly' vs. public Internet utility argument too.)

California to nix cell phones for half its employees

The newly elected governor of California wants to cut state spending and has starting by calling for the shut-off of half of the state-issued cell phones, some 48,000 devices, by June 1.

… Of course, the push to cut the number in half by midyear could be slowed if devices are still under contract. In those cases, an early termination fee may be a greater expense to the state than just keeping the device.

We know that Tunisia is a leading user of technology (not!) but I suspect anything they can do, we can do gooder!

Tunisian Gov't Spies On Facebook; Does the US?

"Tunisians logging into Facebook encountered extra JavaScript, probably a sign of their repressive government's attempt to spy on them. The question is: does the US government do the same thing, just more subtly? We're not talking about agents friending you on Facebook to get more information about you; we're talking monitoring your supposedly private information behind the scenes."

My concern: Are we removing the possibility of true anonymity?

New Urban Myth: The Internet ID Scare

January 11, 2011 by Dissent

Jim Dempsey of CDT writes:

Let’s get this over right away: The Obama Administration is not planning to create a government ID for the Internet. In fact, the Administration is proposing just the opposite: to rely on the private sector to develop identities (note the plural) for online commerce, in system that allows individuals to have multiple identities and to engage in online activity anonymously and pseudonymously. [As long as someone knows exactly who you are... Bob]

And let’s get this straight too: I have not been criticizing the government’s plan. Just the opposite: I have been praising the Administration for promoting improvements in online identity that would address concerns about identity theft, online fraud and cybersecurity without creating a centralized or government-managed system.

Read more on CDT.


Obama Administration fleshes out online trusted IDs

January 12, 2011 by Dissent

Jaikumar Vijayan reports:

The National Institute of Standards and Technology (NIST) has established a new Web site fleshing out the Obama Administration’s plans for a National Strategy for Trusted Identities in Cyberspace (NSTIC).

The Web site appears designed to provide additional information on the government’s unfolding strategy, as well as to downplay any concerns some might harbor about NSTIC resulting in the creation of a national ID card.

The site’s launch comes just days after Obama Administration officials announced the creation of a new national program office within the U.S. Department of Commerce for handling the NSTIC.

Read more on Computerworld.

Government has to step in when parents don't do their job.

N.J. Town To Vote On Middle School Drug Tests

January 11, 2011 by Dissent kindly pointed me to a situation in New Jersey that will be of concern to all those who care about student privacy and civil liberties:

A proposal to conduct random drug tests of young students in one New Jersey town is raising some eyebrows.

Students at Belvidere Elementary School could be adding drug testing to their list of lessons when they move into middle school.

The Board of Education will vote Wednesday on a plan to randomly test sixth, seventh and eighth graders to see if they are under the influence of drugs. School administrators said they were confident the proposal would pass.

Elementary School Principal Sandra Szabocsik said school officials want to use the testing “as a deterrent.” 'If we don't get pay raises, we might move on to “cavity searches!” Bob]

Read more on CBS News. Before you throw something at the wall, do note that the administrators say that this program will be voluntary and will require both student and parental consent for participation. [“Nah nah na nah na! Your parents think you're a druggie!” Bob] They also say that no one will be turned in to the police or suspended if they test positive.

But what happens to children who refuse to participate? Will they be viewed as having ‘something to hide’ or be treated differently in subtle or unconscious – if not conscious – ways by school personnel?

John Wesley Hall of sees this as a blatant Fourth Amendment violation. He’s the expert, but I’m not sure I understand how a “voluntary” program is a blatant Fourth Amendment violation. I hope he’ll clarify/educate me on that.

(Related) Who are we supposed to be protecting?

Parental Monitoring Carries Risks

January 12, 2011 by Dissent

A press release from was so strongly worded that I held off posting it until I could check into some of its assertions, but after checking, I think it’s worth posting this to alert parents to check more before signing up for any service:, an anti-sexting and anti-bullying business promoted by stockholder and former U.S. Secretary of Education William Bennett, offers its online monitoring services to parents who may be unaware they are giving up family privacy, according to a new report by School Safety Partners.

Parents who register with MouseMail may not realize they are granting MouseMail the right to publish all private messages and photos their families transmit through the system.

Although parents may cancel the texting and email-sniffing service at any time, MouseMail still keeps the right to publish in any way the family content stored on company servers. also reserves the right to turn over any personal information or messages to law enforcement agencies without first notifying parents or children. [Since they own everything, they could also sell it to the National Enquirer, right? Bob]

The MouseMail team includes Bennett, Fox News regulars Frank Luntz and Angela McGlowan, and McGlowan’s husband, John Venners, as president. The company uses social media and viral marketing, along with non-profit endorsements in the hopes of attracting millions of subscribers nationwide.

School Safety Partners explains that parents surrender privacy the moment they request a free MouseMail trial. The MouseMail trial registration form includes a small text box that contains a 5500-word contract. By scrolling down to line 775 of the text box contract, parents are advised of their irrevocable loss of privacy. Clause 17 states:

“With respect to any Content or User Content that You upload to the Service or transmit through the Service, You hereby grant Safe Communications, Inc. a perpetual, irrevocable, worldwide, royalty-free, and non-exclusive license to reproduce, adapt, modify, translate, publish, publically perform, publicly display, and distribute that Content and User Content, the subject of the Content and other data.”

School Safety Partners finds that privacy and liability risks crop up in the terms of service and privacy policies of most MouseMail competitors as well. Over 20 companies now offer online monitoring services to parents alarmed by the way children connect today.

Before using online services to monitor their children, parents are urged by School Safety Partners to ask themselves these questions about privacy and liability issues:

1. Does the service company acquire all rights to publish my family’s private messages?

2. Does the service company have the right to turn over my family’s messages to authorities without my authorization or without first notifying me?

3. What are my obligations to the service company if a matter is to be resolved privately?

4. Will I be adequately notified about any changes to the company’s privacy policy?

5. Does my child’s school have a policy about confiscating and searching cell phones? If so, how does it conflict with my parental monitoring and controls?

6. What are the legal consequences of preserving or deleting incriminating messages? How should offensive content be preserved or deleted?

7. Am I obligated to report criminal activity or serious risk behavior that the service brings to my attention?

8. In my state, what are the legal consequences of sexting, cyber-bullying, forwarding third-party offensive messages, issuing threats of violence, and other online criminal activities?

9. How long does the service company store my family’s messages and online activity logs?

10. Will my family’s private information be accessible for investigations centered around other families, or for out-of-state or national investigations?

For in-depth coverage of anti-bullying policies and other school safety issues, visit School Safety Partners at

Clever strategy. Let everyone fight over US Health Records while IBM captures the rest of the world...

IBM to digitize records for Russian hospitals

For my Disaster Recovery students. Think of it as a massively redundant network... Sort of what the Internet was intended to be.

Breaking bottlenecks

A new algorithm enables much faster dissemination of information through self-organizing networks with a few scattered choke points.

As sensors that do things like detect touch and motion in cell phones get smaller, cheaper and more reliable, computer manufacturers are beginning to take seriously the decade-old idea of “smart dust” — networks of tiny wireless devices that permeate the environment, monitoring everything from the structural integrity of buildings and bridges to the activity of live volcanoes. In order for such networks to make collective decisions, however — to, say, recognize that a volcano is getting restless — they need to integrate information gathered by hundreds or thousands of devices.

… It turns out that if you’re a sensor in a network with high connectivity — one in which any device can communicate directly with many of the others — simply selecting a neighboring device at random each round and sending it all the information you have makes it likely that every device’s information will permeate the whole network. But take two such highly connected networks and connect them to each other with only one link — a bottleneck — and the random-neighbor algorithm no longer works well.

It's on the Internet, so it must be true...

F. Lee Bailey: Paper proves OJ Simpson's innocence

In the 20,000-word document, F. Lee Bailey tells of four people who could have bolstered Simpson's case but never testified. He also gives an overview of the sensational trial from his own perspective.

Simpson was found not guilty. Most Americans are convinced that he is guilty, Bailey said, but the document might persuade some doubters that he is innocent.

Bailey wrote the document, "The Simpson Verdict," in 2007 as a proposal for a book that never materialized. He published it on his website Sunday.


“Gee, we never thought they would cheat...”

Florida cancels online learner's permit test after finding over 50% can't pass test in real life [w/video]

For the past decade, potential new drivers had the option of taking their permit test online. This practice just came to a screeching halt when they found that a large percentage of drivers passing the online test failed the in-person version. How large? Over 50 percent.

If you have time...

Tuesday, January 11, 2011

Free Webinar - Google's Advanced Search Options

This Thursday, January 13, Google is hosting a free webinar titled Beyond the First Five Links. The webinar will introduce participants to using the advanced search tools located in the left hand panel of the search results page. Participants will learn how to discover new content without having to form complex search terms. The webinar is free, but you do have to register to participate. The webinar will be live at 3:30pm EST.

No comments: