Saturday, December 17, 2011


That “something is fishy” feeling still remains. If use of Carrier-IQ software is entirely legitimate and beneficial, how come everyone is backing away form them? “We no longer need to know why our phones are failing?”
Sprint disables Carrier IQ software on its handsets
December 16, 2011 by Dissent
Jaikumar Vijayan reports:
Sprint, the biggest user of Carrier IQ’s software, said Friday it has disabled use of the tool in response to customer concerns.
The wireless carrier is no longer collecting data using the tool and is evaluating its options regarding the software going forward, the company said in an emailed statement.
Read more on Computerworld.

(Related)
An anonymous reader writes with a report that Sprint, in an attempt to extricate itself from the Carrier IQ drama, has "ordered that all of their hardware partners remove the Carrier IQ software from Sprint devices as soon as possible." Sprint confirmed that they've disabled the use of Carrier IQ on their end, saying, "diagnostic information and data is no longer being collected." The software is currently installed on roughly 26 million Sprint phones, though the company has only been collecting data from 1.3 million of them.


The law is changing for the better?
(update) Michaels Stores Still PINned beneath Payment Card Skimming Lawsuit
December 16, 2011 by admin
Ah, I missed a ruling. Thankfully, Brendon Tavelli didn’t. He writes:
In May 2011, Michaels Stores reported that “skimmers” using modified PIN pad devices in eighty Michaels stores across twenty states had gained unauthorized access to customers’ debit and credit card information. Not a pretty picture for Michaels. Lawsuits soon splattered on the specialty arts and crafts retailer, alleging a gallery of claims under the Stored Communications Act (“SCA”), the Illinois Consumer Fraud and Deceptive Business Practices Act (“ICFA”), and for negligence, negligence per se, and breach of implied contract.
Late last month, U.S. District Court Judge Charles Kocoras ruled on Michaels’s motion to dismiss. Some claims were dismissed, but others survived. The opinion presents a broad-brush survey of potential data security breach claims, with some fine detail and local color particular to this variety of criminal data security breach.
Read more on Proskauer Privacy Law Blog.
[From the article:
PIN pads aren’t a communications service under the SCA.
In dispensing with those claims that plaintiffs “artfully tailor[ed]” to the language of the SCA, the court ruled that Michaels’ provision of PIN pads enabling consumers to pay by credit or debit card did not amount to the provision of “electronic communications services” or “remote computing services” as contemplated by the SCA. According to the court, the plaintiffs failed to allege either that Michaels provided the underlying service that transported consumer credit and debit card data or that Michaels provided any off-site computer storage or processing services. Thus, the plaintiffs’ SCA claims failed.
Michaels didn’t deceive, but it may have been unfair.
The court next considered the plaintiffs’ claims under Illinois consumer law. The plaintiffs alleged that Michaels committed both a deceptive and an unfair trade practice by failing to take proper measures to secure access to PIN pad data.
The court rejected the plaintiffs’ deception theory because the plaintiffs failed to identify any communication by Michaels that contained a deceptive misrepresentation or omission. But the court went the other way on plaintiffs’ unfair trade practice claim, in part because Michaels is alleged to have failed to implement PCI PIN Security Requirements that might have thwarted the skimmers.
Michaels may have breached an implied contract to protect customers from a security breach.
Lastly, relying on the First Circuit’s “persuasive” reasoning in Anderson v. Hannaford Bros., 2011 WL 5007175 (1st Cir. Oct. 20, 2011), see our Anderson blog post, the court concluded that the plaintiffs’ allegations “demonstrate the existence of an implicit contractual relationship between Plaintiffs and Michaels, which obligated Michaels to take reasonable measures to protect Plaintiffs’ financial information and notify Plaintiffs of a security breach within a reasonable amount of time.”


Local, unfortunately. Doesn't everyone already have the lyrics memorized?
'Internet is for Porn' pops up during House SOPA debate
A two-day debate in the House Judiciary committee--which has been postponed until at least next Wednesday and perhaps until 2012--was interrupted by the appearance of the popular meme "The Internet is for Porn."
Rep. Jared Polis, a Colorado Democrat who presumably knows his way around the Internet better than any other member of Congress (he founded BlueMountainArts.com), was the committee member who decided to bring up the prevalence of online porn. (See CNET's Q&A with Polis earlier this week.)
A "high percentage" of the Internet's use is for porn, Polis said. It's "a pornographer's wet dream!"
Polis then offered an amendment that would stop the Justice Department from using SOPA's vast powers to aid adult industry businesses who happen to hold valid copyrights. "Pornography should not be the focus of the attorney general's protection," he said.
It was a brilliant tactical maneuver. First, it delayed discussions while members of the august Judiciary committee wrangled with how to handle this unusual conversational detour. Second, it put SOPA-supporting chairman Lamar Smith, a conservative Republican whose district is largely Texas Hill Country, on the defensive by appearing to show him siding with the intellectual-property rights of people who create triple-X movies.
… Polis, whose district includes the progressive enclave of Boulder, Colo., presumably wasn't too serious in offering his antiporn amendment (PDF),
[The lyrics:


The future, the present or the past?
"As the price of digital storage drops and the technology to tap electronic communication improves, authoritarian governments will soon be able to perform retroactive surveillance on anyone within their borders, according to a Brookings Institute report. These regimes will store every phone call, instant message, email, social media interaction, text message, movements of people and vehicles and public surveillance video and mine it at their leisure, according to 'Recording Everything: Digital Storage as an Enabler of Authoritarian Government,' written by John Villaseno, a senior fellow at Brookings and a professor of electrical engineering at UCLA."


Always interesting to see what the government thinks it's doing..
December 15, 2011
Blueprint for a Secure Cyber Future: The Cybersecurity Strategy for the Homeland Security Enterprise
"The Blueprint for a Secure Cyber Future builds on the Department of Homeland Security Quadrennial Homeland Security Review Report’s strategic framework by providing a clear path to create a safe, secure, and resilient cyber environment for the homeland security enterprise. With this guide, stakeholders at all levels of government, the private sector, and our international partners can work together to develop the cybersecurity capabilities that are key to our economy, national security, and public health and safety. The Blueprint describes two areas of action: Protecting our Critical Information Infrastructure Today and Building a Stronger Cyber Ecosystem for Tomorrow. The Blueprint is designed to protect our most vital systems and assets and, over time, drive fundamental change in the way people and devices work together to secure cyberspace. The integration of privacy and civil liberties protections into the Department’s cybersecurity activities is fundamental to safeguarding and securing cyberspace."
[From the Atlantic Council article:
However, for many years, the United States government has been unsuccessfully trying to defeat cyber criminals, balance security and privacy, and create a secure cyberspace. As noted by the Government Accountability Office, the department has had problems executing this mission and it is not clear that this Blueprint and its recently released brethren will be sufficient to pull us out of this long dive.

(Related) Haven't we seen this before?
Governmental Tracking of Cell Phones and Vehicles: The Confluence of Privacy, Technology, and Law
December 16, 2011 16:04 Source: Congressional Research Service
From the summary:
This report will briefly survey Fourth Amendment law as it pertains to the government's tracking programs. It will then summarize federal electronic surveillance statutes and the case law surrounding cell phone location tracking. Next, the report will describe the GPS-vehicle tracking cases and review the pending Supreme Court GPS tracking case, United States v. Jones. Finally, the report will summarize the geolocation and electronic surveillance legislation introduced in the 112th Congress.


Not the first time that the Copyright army has overstepped the actual ruling. No one bothers to see what the courts actually ruled? No simple way to preempt these lawsuits?
"The Belgian Anti-Piracy Federation (BAF), has been threatening ISPs into expanding their blockade of thepiratebay. Recently they have been sending threatening letters to various other ISPs which were not involved with the original judgment to block thepiratebay. The letter 'kindly requests' that all ISPs voluntarily block thepiratebay, or BAF will bring legal action against them. The ISP BASE has succumbed to these legal threats. Also, many of the same Belgian ISPs have taken it one step further and also blocked the DNS for depiraatbaai.be. depiraatbaai.be was setup by thepiratebay as an alternative domain which directs users to the piratebay's servers to circumvent DNS censorship. For those who can't wait for The Pirate Bay to set up new alternative domains, a full working mirror of the site still exists at malaysiabay.org, which was originally set up to circumvent the piratebay block in Malaysia."


It beats IE8, but not all versions taken together... (Is that why Microsoft is going to force updates? So they can consolidate all their versions and remain on top?)
December 16, 2011
Reports that Google Chrome Overtakes IE 8 in Global Market
Technolog: "Ireland-based StatCounter — which posts Web analytics based on aggregate data it collects from a sample exceeding 15 billion pageviews per month (including 4 billion in the U.S.), collected from the StatCounter network of more than 3 million websites — released a statement about Chrome 15's ascension, humbling the initial enthusiasm of any Google devotee when it also made it clear that in the U.S., reports of IE's demise are still premature. According to StatCounter, it was still able to capture 27 percent of browser action last week, compared to 18.1 percent for Chrome 15."


Interesting infographic.
The Rise of The Digital Doctor


For my Ethical Hackers...
… While we all trust antivirus software and anti-malware programs like IOBit or MalwareBytes to identify those nasty varmints, the truth is that sometimes things slip through the cracks.
Luckily, there is a new tool you can use to manually go through and clean up those evil processes.
The bottom line is that any malware is typically meant to run in some form on your PC, and somehow transmit information into or out of your computer via the Internet.
A very simple utility called CloseTheDoor lets you probe into the processes that are running on your computer, and analyze those processes at a level that usually requires a professional. The reason you can do this is because CloseTheDoor makes the analysis very simple and logical, putting all of the tools you need in one place.


Perspective


Worth a read...
100 Excellent Hints and Tips for every Computer User


Dilbert shows how Smartphones will subjugate humans...

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)