Saturday, March 19, 2011

Forrest Gump sentenced...

(follow-up) Leader of Hacker Gang Sentenced to 9 Years For Hospital Malware

By Dissent, March 18, 2011

Kevin Poulsen reports that Jesse William McGraw, aka “GhostExodus,” has been sentenced for trying to install malware on the computer network at Northern Central Medical Plaza in Dallas, Texas. As reported previously, McGraw worked the medical facility as a night security guard and was caught, in part, because he videotaped himself and uploaded it to YouTube. [Stupid is as stupid does. Bob]

Additional earlier coverage on can be found here.

A what point do errors become serious? Can you say, “undue reliance?” Investigators do not rely on unverified “facts” – until they are in a database...

Top court to weigh privacy against government data needs

March 18, 2011 by Dissent

William Matthews reports:

Thanks to increasingly sophisticated communications technology and ever-expanding interconnected data bases, even small-town police can run detailed background checks to discover criminals during routine traffic stops.


But there’s a big problem with this instant access to information: A lot of what’s in the databases is wrong, says Marc Rotenberg, president of the Electronic Privacy Information Center.

In a brief filed for a case the U.S. Supreme Court will hear March 21, Rotenberg cataloged the errors he discovered in databases ranging from the FBI’s National Crime Information Center to the Homeland Security Department’s E-Verify system to intelligence data that commercial vendors collect and sell to federal and state agencies.

Read more on GovExec. EPIC’s brief is highly recommended reading.

There are two issues here, it seems. The first is that if you make a lot of data available to law enforcement, they will try to use it and concoct excuses or pretexts for using it. The second is that even if there is a legitimate reason to run a search on someone, the inaccuracies in the databases are so widespread and severe that they result in adverse consequences to innocent parties.

Which is a long way of saying, perhaps, that I don’t agree with the headline of GovExec’s story, as I can think of no reason for the government to need wildly inaccurate data.

Students have no rights.

What would happen if teachers searched student phones for “sexting” photos? Would they risk be charged with “Child Pornography?” Could they search a folder named “Correspondence with my Lawyer?”

UT: Alpine cell phone policy prompts school privacy, safety debate

March 18, 2011 by Dissent

Keeping tabs on what children and teenagers are doing and saying is hard enough for parents — let alone school teachers and administrators.

But when it comes to maintaining a safe learning environment, school officials say they try to balance the privacy of individual students with the safety of all.

Currently, students at Alpine School District have “no expectation of privacy in association with the use of the Internet,” while they’re using school computers. That’s typical of districts statewide, but a new policy at Alpine would extend that provision to personal devices like cell phones and mp3 players that have Internet capabilities.

That means if a teacher or administrator thinks a student is doing something online that breaks school rules or the law, they’ll be able to look at the phone to verify.

Read more on Deseret News.

For my Ethical Hackers

Dutch Court Rules WiFi Hacking Not a Criminal Offense

"Breaking in to an encrypted router and using the WiFi connection is not an criminal offense, a Dutch court ruled. (Original article in Dutch; English translation.) WiFi hackers can not be prosecuted for breaching router security. The judge reasoned that the student didn't gain access to the computer connected to the router, but only used the routers internet connection. Under Dutch law breaking in to a computer is forbidden. A computer in The Netherlands is defined as a machine that is used for three things: the storage, processing and transmission of data. A router can therefore not be described as a computer because it is only used to transfer or process data and not for storing bits and bytes. Hacking a device that is no computer by law is not illegal, and can not be prosecuted, the court concluded. "

Also for my Ethical Hackers...

Getting Past Censorship With Unorthodox Links To the Internet

"Savvy techies are finding ways to circumvent politically motivated shutdowns of the internet. Various groups around the world are using creative means like multi-directional mobile phone antennae and even microwave ovens to transmit internet traffic accross international borders."

For my Computer Security students. Always look for someone who has thought about a problem in depth...

A genius approach to web security

Song and her research team aren't looking to simply patch holes in the Internet that online baddies are constantly trying to penetrate. She takes a more holistic approach, designing technology tools that can act as building blocks for an overall secure computing experience -- on any device.

… Song's groundbreaking research has become the basis for two important platforms: BitBlaze, which analyzes malicious software code, and WebBlaze, which focuses on defending web-based applications and services against it. (The WebBlaze approach has been used in the design of mainstream web browsers.) Song is also working on the privacy side of things, so that people can trace where their sensitive data have been and know that it is either secure or has been sold or breached.

Song's hope is that BitBlaze, WebBlaze, and her privacy initiatives become fundamental Internet tools that are deployed when any person or company builds a new cloud-based service or overhauls an existing one.

The future has arrived. Now your computer no longer delivers “electronic minus mail”

The Pedants’ Revolt: Does The AP’s Killing Of E-Mail Mark A Worrying Escalation?

Daddy,” generations of children as yet unborn will ask, “where were you when the Associated Press removed the hyphen from the word ‘e-mail’?”

No comments: