Sunday, June 17, 2012

Seems like today almost everything is about surveillance...

Ubiquitous surveillance “Instead of spending millions or billions to process data for “Behavioral Advertising” on our computers, let's give away an App that does the work on the victim's customer's phone.”
A.R.O. Reveals Saga, An “Ambient Companion” That Watches What You Do To Make Personal Recommendations
We’ve just been given a first look at Saga, a new mobile companion emerging from Seattle startup A.R.O. You can think of Saga as Siri’s little sister, perhaps. Instead of asking it questions or giving the app simple tasks (what’s the weather, add meeting calendar, e.g.), Saga is there, quietly tracking your behavior, your location and learning about your preferences, in order to make smarter recommendations about what you should do next

Ubiquitous surveillance I bet the IRS would love this!
How can China ban iPads if it makes restaurants use them?
… Now the government of Hainan, an island province just across a narrow strait from Guangdong, has further complicated matters. It is requiring seafood restaurants in Sanya, a coastal resort city that draws tourists by the tens of thousands, to take food orders on iPads. The region was rocked by a price gouging scandal after the most recent Chinese New Year holiday, and the more-easily monitored iPads are part of the local government's solution to the problem.

Ubiquitous surveillance Microphones require people to monitor them (or computer programs?) in real time. It does no good to say “It took us two months, but we found a recording of the terrorists planning their attack...” Spending “extra” for microphones (that probably come built into every new video camera) but then NOT spending for the people or technology to monitor the recordings sounds very “governmental” (emphasis on “mental”)
Ottawa airport wired with microphones as Border Services prepares to record travellers’ conversations
June 16, 2012 by Dissent
Ian MacLeod reports:
Sections of the Ottawa airport are now wired with microphones that can eavesdrop on travellers’ conversations.
The Canada Border Services Agency (CBSA) is nearing completion of a $500,000 upgrade of old video cameras used to monitor its new “customs controlled areas,” including the primary inspection area for arriving international passengers.
As part of the work, the agency is introducing audio-monitoring equipment as well.
“It is important to note that even though audio technology is installed, no audio is recorded at this time. It will become functional at a later date,” CBSA spokesman Chris Kealey said in a written statement.
Read more on Ottawa Citizen.
So where’s the statement on CBSA’s web site about how this works in terms of data retention, etc.? According to the news report, CBSA told the Citizen that there will be a notice on the web site before audio recording begins at Ottawa Airport, but:
The CBSA statement said that audio-video monitoring and recording is already in place at other unidentified CBSA sites at airports and border points of entry as part of an effort to enhance “border integrity, infrastructure and asset security and health and safety.”
So anyone recorded at those other sites had no notice in advance and has no web site notice to inform them on privacy?
I hate to see Canada following the U.S. lead of treating its citizens like potential criminals or terrorists.
It just gets worse and worse.

Ubiquitous surveillance ...started earlier than I knew.
June 16, 2012
Federal Government Moves Forward with Drone Programs
Follow up to DHS IG - Customs and Border Protection Use of Unmanned Aircraft Systems in Nation’s Border Security - via EFF: "DHS’s Office of Inspector General (OIG) recently released a report (pdf) detailing multiple problems with the drones used to patrol US borders. This report, combined with the Federal Aviation Administration’s lack of openness about its drone authorization program and failure to disclose the true number of entities flying drones, shows that the federal government is moving far too quickly in its plans to dramatically expand the number of domestic drones flying in the United States over the next few years. The DHS OIG report, which reviewed the drone program run by Customs & Border Protection (CBP), noted several serious problems with the program, including lack of appropriate equipment and staff to fly the drones safely and lack of processes or procedures to prioritize requests for drone flights. This is especially troubling, given the agency has been flying drones since 2004. CBP currently has nine unarmed Predator [AKA: weapons capable Predator Bob] drones in its arsenal, each purchased at a cost of $18 million dollars. The drones cost $3,000 per hour to fly, and, according to the OIG report, the agency spent over $55 million (pdf) to operate and maintain the drones between 2006 and 2011. Despite these costs, CBP never made a specific budget request to Congress for the funds, and has thus far failed to seek compensation from the other federal and state agencies it loans its drones to. Instead, the agency diverted $25 million from other programs to cover these costs." [What do you bet it was from the TSA training budget? Bob]

An “editorial” on the loss of privacy in schools. FERPA waivers RFID chips etc.
Where will your kids be when the perfect storm occurs?

'cause we all need to keep current.
Cyberthings for Managers
Cyberthings for Managers is a summary of significant news or literature about the domain of Cyberwarfare and directly related areas.

For my Ethical Hackers If you agree the company owns the technology, what other method would you use? (Seems like most Commenters agree)
"I recently worked for a relatively large company that imposed so-called transparent HTTPS proxying on their network. In practice, what this means is that they allow you to use HTTPS through their network, but it must be proxied through their server and their server must be trusted as a root CA. They were using the Cisco IronPort device to do this. The "transparency" seems to come from the fact that they tend to install their root CA into Internet Explorer's certificate store, so IE won't actually warn you that your HTTPS traffic may be being snooped on (nor will any other browser that uses IE's cert store, like Chrome). Is this a reasonable policy? Is it worth leaving a job over? Should it even be legal? It seems to me rather mad to go to huge effort to create a secure channel of communication for important data like online banking, transactions, and passwords, and then to just effectively hand over the keys to your employer. Or am I overreacting?"

Tools & Techniques
Top 10 Ways to Get Free Wi-Fi Anywhere You Go
1. Hack Into Protected Networks
If you're in a Wi-Fi emergency and you absolutely have to connect, you can take some desperate measures and do a little hacking. We've shown you how to crack both WEP and WPA passwords, and all you need is a live CD. However, it may take a bit of time, so it may or may not work in a bind, and it probably isn't worth getting in trouble over. We don't really recommend doing this, though it can be useful to do it to your own network so you know how to protect yourself. You've been warned.

No comments: