Saturday, December 24, 2011


Does this mean we have a working definition of “An Act of CyberWar?” Where do we draw the line? If some kids tries to access the Pentagon's servers, mistakenly searching for “World of Warcraft” tips, will the NSA fry his computer? (Or send a drone over with a missile?)
"Congress has recently authorized the use of offensive military action in cyberspace. From the December 12th conference on the National Defense Authorization Act, it states,
'Congress affirms that the Department of Defense has the capability, and upon direction by the President may conduct offensive operations in cyberspace to defend our Nation, Allies and interests, subject to: (1) the policy principles and legal regimes that the Department follows for kinetic capabilities, including the law of armed conflict; and (2) the War Powers Resolution.'
According to the FAS, 'Debate continues on whether using the War Powers Resolution is effective as a means of assuring congressional participation in decisions that might get the United States involved in a significant military conflict.'"


Everyone has an opinion. (and a list)
The six worst data breaches of 2011
December 24, 2011 by admin
If you’re looking for the biggest breaches of the year in terms of numbers affected, you can find them over on DataLossDB.org or in others’ reviews. Certainly there were some really big breaches this year, but those were not necessarily the worst, in my opinion. So here’s my short list of the year’s worst breaches involving personally identifiable information. In chronological order:
1. The HBGary Federal hack.
I don’t claim to be a security expert, but if you’re making the claim, then having your server successfully attacked and all your professional correspondence exposed on the web should be seriously embarrassing. Not only should HBGary Federal have been embarrassed, but the February attack also exposed – and brought into negative public light – a well-known law firm. From a public relations standpoint, this breach was an in-your-face and up-your-left nostril attack that should have put everyone on notice that both data security and the collective known as Anonymous needed to be taken more seriously. In terms of immediate impact, after the firm’s emails became public, the Chamber of Commerce and Bank of America cut all ties with HBGary. Two other firms that had collaborated with them – Berico Technologies and Palantir – also cut ties with them. By the end of the year, however, HBGary CEO Gary Hoglund said that the breach had actually helped their business. Good for them, but not so good for others, perhaps?
2. Texas Comptroller’s Office web exposure incident.
In April, Texas Comptroller Susan Combs reported that the personal information of 3.5 million people had been accidentally disclosed on the web for quite a while – including Social Security numbers, dates of birth and other personal information. No hack necessary to get a goldmine of information for identity theft. Talk about shooting yourself in the foot…
3. The Arizona Department of Public Safety hack.
A hack by LulzSec in June also makes my list of worst breaches of the year. In a politically motivated attack that presaged other “AntiSec” or political attacks, the hackers released personal information on members of Arizona law enforcement and their families. For the rest of the year, releasing personal information on employees and their families became almost routine, despite the fact that the hackers occasionally recognized that calling the exposure of innocent uninvolved people “collateral damage” was not particularly acceptable to many members of the public.
4. The stolen SAIC/TRICARE backup tapes.
There were some massive health care sector breaches this year, but the SAIC breach was particularly bad for a few reasons. Unencrypted backup tapes with medical data on 5.1 million members of the military and their dependents were left in an employee’s car for 8 hours and were stolen. This was not the first time SAIC had unencrypted backup tapes stolen. In fact, it was the second time since 2010. Despite that and other breaches they have had in recent years, they continue to get huge government contracts. Members of Congress have now asked why.
5. Insurance Corporation of British Columbia insider breach.
There’s a lot we don’t know about this breach as yet, but it seems that an employee of the insurance company accessed and then disclosed information on 13 people who were later either shot at or were the victims of arson. Scarily, the employee also accessed information on 52 other people. Will they become victims, too? The RCMP are investigating, but this appears to be one of those breaches where there can be real and serious harm that has nothing to do with ID theft.
6. Hemmelig.com hack.
Hackers downloaded the entire database of over 26,000 users of Hemmelig.com, a Norwegian site that includes the sex trade. The downloaded material, which includes images and very personal messages, was dumped on the web. It seems only a matter of time before we start seeing embarrassing revelations about public figures as well as private citizens.
So that’s my short list. Did I leave out your candidate for worst of the year? If so, what was it?


This is going to be really popular! “Would you like some candy, little girl?”
"What do you do when you spend over a billion dollars on products targeted specifically for adults? Simple, just put a device on your pudding dispensing vending machines that scans faces, and denies the delicious food to the kiddies. The Minority Report-like device will apparently judge the age of the individual based on the space between their eyes and ears. If the criteria is not met, the vending machine will shut down and ask the individual to step away from the machine. There are some vending machine combos that this makes sense for, but seriously — pudding?"
[From the Comments: The Japanese Cigarette vending machines with facial recognition were pulled, when they discovered that holding up a scale photo or magazine picture would pass the age check.


Clearly, DA's need guidance and not just about clinging to antediluvian technologies. Perhaps a paper explaining things like the Streisand Effect, Social Networks that don't toss their customers under the bus, etc. We already have plenty of truly bad examples...
Twitter gets subpoena for account info related to OccupyBoston, notifies users
December 23, 2011 by Dissent
This is getting ridiculous. Really.
Twitter received an administrative subpoena via fax [Patented 1843 Bob] on December 14 from the District Attorney of Suffolk County, Massachusetts. The subpoena indicates that pursuant to a criminal investigation by the Suffolk County D.A.’s office and the Boston Police Department, Twitter is to provide, within 14 days,
All available subscriber information, for the account or accounts associated with the following information, including IP address logs for account creation and for the period December 8, 2011 – December 13, 2011:
Guido Fawkes
@p0isAn0N
@OccupyBoston
#BostonPD
#d0xcak3
Yes, you read that correctly. The D.A.’s office is seemingly seeking account information associated with hashtags.
And yes, the account for Occupy Boston is @Occupy_Boston and not @OccupyBoston.
And yes, there are over 30 “Guido Fawkes” accounts on Twitter. Is the D.A. demanding non-content account information on all of them?
If ADA Benjamin Goldberger and Sgt. Detective Joseph Dahlbeck get a lot of ridicule, they may want to consider whether they did their homework before issuing the subpoena.
Unlike the DOJ/Twitter Order, which barred Twitter from notifying users of the order for their non-content data, the D.A.’s subpoena asks Twitter not to disclose the subpoena to users to protect the “confidentiality and integrity of the ongoing criminal investigation.” Twitter notified the users, however, and the Twitterverse is lighting up with protests over what appears to be an attempt to invade the privacy of users who engaged in protected political speech.
As to the stern caution on the cover page of the fax that dissemination, distribution, or copying of the contents of the fax is “strictly prohibited,” well, suffice to say that copies of the subpoena are already posted on a few sites.
When will law enforcement learn that if tries to go after Twitter users’ information, Twitter will do what it can to notify users, and once it has done so, the situation will be broadly disseminated and discussed?
You can keep up with some of the developments on http://privacysos.org/blog and on Twitter, of course. And of course, I’ll be watching this matter, too, and wondering again why Twitter doesn’t make itself less useful to law enforcement by rolling over IP logs after 24 hours.

(Related) Obviously, you can find experts to help you use technology...
"Brandon Rittiman reports that White House officials launched a Twitter campaign Tuesday to put pressure on Congress to reach a deal extending the payroll-tax cut. Using the Twitter hashtag #40dollars, the White House successfully got thousands of people to respond and explain what a $40 cut to each paycheck would mean to them personally. By Wednesday morning, the #40dollars hashtag started 'trending,' which is what happens when Twitter's algorithms see a topic suddenly surge. It's not easy to create that kind of surge, but the White House has 2.5 million Twitter followers to call upon. Macon Phillips, the President's Director of Digital Strategy, says his team has managed to get a few Twitter topics to rise to the level of 'trending' before — most notably when they began tweeting about the death of Osama bin Laden. 'What's very important about a social-media campaign like this is that regular people are making the point about how this would affect them. It's not us here in Washington trying to argue on their behalf.' says Phillips. 'The #40dollars campaign puts a face on that amount to demonstrate the payroll tax cut's real-world impact on middle-class families.'"

(Related) Can Facebook predict the nominees/winners?
Ron Paul Is The Second Most Popular Republican Candidate On Facebook (And He’s Gaining)
Paul currently has 655,000 fans, half of Romney’s 1.23 million, and a fraction of Obama’s 24.3 million, but he’s well ahead of third-place primary candidate Michele Bachmann. Meanwhile, Newt Gingrich, who has appeared at many points in recent weeks to be Romney’s main Republican challenger, has had pretty minimal growth.


Very interesting idea. Will this catch on?
Volkswagen Blocks BlackBerry Use When Most People Use BlackBerries
The company has worked out a deal with unionized workers at its German sites to throttle their post-work BlackBerry use. VW is going to turn off messaging for these workers a half-hour after the workday ends, and flip the switch back on a half-hour before the next workday starts.
… The idea is to keep employees from feeling chained to their smartphones, and to send a message to bosses that it’s not reasonable to expect employees to be reachable at night, according to the Allgemeine Zeitung.


The article seems to suggest that technology was not the only or even the main driver of the choice – imagine that!
Berkeley Explains Why Google Trumps Microsoft
… Berkeley plumped for Gmail and Google Calendar in part because they’re cheap — Google offers its Apps to schools and colleges for free — but the university looked at far more than just price. This week, it laid out a detailed comparison of Google and Microsoft on its public website.


Useful when collaborating on documents?
Mergely is a useful online tool which can helps users merge text documents and highlight changes made to existing documents. To use the service, all you have to do is paste the original document into the left column and enter the edited version in the right hand corner. The changes which are not present in the revised document will be highlighted and shown in the original document.
Once done, you can save the document and the service will generate a share URL which can be used to send the document to any friend or colleague. If you want, you can even upload documents from your PC and compare them in seconds.

No comments: