Thursday, August 16, 2012

Gaming the gamers...
"Anonymous has claimed a new attack on Sony PlayStation Network and this time around it seems that it has managed to hack nearly 10 million user accounts and and as a proof of the hack dumped more than 3000 credentials online in the form of a pastebin post. The notorious hacktivist group is claiming that the entire set of hacked credentials contains over 10 million PSN accounts and that the file is of around 50GB."

Some still in it for the money...
… According to press reports from Australia, an Eastern European criminal syndicate targeted a small Australian business enterprise and hacked their way to details of half a million credit cards from the company’s network.
Losses from fraudulent purchases made with the stolen credit card details could total up to $25 million. To pre-empt the use of these credit cards, Australian banks have placed the cards on a high-alert watch list.

States can sponsor some serious hacking for “chump change” Is that what's happening here?
Reuters hacked (again) with fake story of Saudi minister's death
Someone must have it out for Reuters. For the second time in two weeks, the blogging platform for the news source's Web site has been hacked into and false stories have been illicitly published.
Today's sham article reported that Saudi Arabia's Foreign Minister Prince Saud al-Faisal had died, according to Reuters. The first bogus story, posted earlier this month, was about the rebel Free Syrian Army suffering setbacks in their battle against Syrian President Bashar al-Assad's regime.
"Reuters did not report the false story and the post was immediately deleted," Reuters News' director of global communications Barb Burg said in a statement. "We are working to address the problem."
In addition to the Web site's blogging platform, Reuters' Twitter account was also hacked in the past two weeks. Hackers got into the Reuters Tech account, renaming it TechMe, and false tweets were posted about the Syrian rebels being defeated in a major battle.
It's still unclear who is behind these news hacks. But Reuters hints that it may have been pro-government forces in Syria. In its article today it writes, "Saudi Arabia has emerged as a staunch opponent of Assad."

(Related) Hacking as CyberWar?
Syrian dissidents besieged by malware attacks
As the Syrian civil war continues to escalate, pro-government forces are allegedly carrying out a cyberwar against local dissidents.
Syrian activists, journalists, and government opposition groups are under a barrage of targeted malware attacks, according to the watchdog group Electronic Frontier Foundation. What this malware does is deceptively install surveillance software into a computer under the guise of protecting the computer from viruses. Its name is AntiHacker.

Think they'll be available in Walmart soon?
"Today, tens of thousands of license plate readers (LPRs) are being used by law enforcement agencies all over the country—practically every week, local media around the country report on some LPR expansion. But the system's unchecked and largely unmonitored use raises significant privacy concerns. License plates, dates, times, and locations of all cars seen are kept in law enforcement databases for months or even years at a time. In the worst case, the New York State Police keeps all of its LPR data indefinitely. No universal standard governs how long data can or should be retained."

Is Facebook making its own global law? (Might be an interesting title for a research paper)
Germans reopen Facebook privacy inquiry, but what can they really do?
August 15, 2012 by Dissent
Kevin J. O’Brien reports:
Data protection officials in Germany reopened an investigation into Facebook’s facial recognition technology Wednesday, saying the social networking giant was illegally compiling a vast photo database of users without their consent.
The data protection commissioner in Hamburg, Johannes Caspar, said he had reopened his investigation, which he had suspended in June, after repeated attempts to persuade Facebook to change its policies had failed.
Read more on NY Times, where O’Brien discusses the possible outcomes or consequences. Overall, this case illustrates how difficult it may be for countries to compel compliance with EU privacy laws when the company is headquartered in the U.S. In this case, Facebook also has a headquarters in Ireland, but the Irish Data Protection Commissioner had previously concluded that notice, not consent, was required. The Irish DPC came under pressure when the EU privacy panel indicated that consent – and not just notice – was required.
During the comment period for the FTC’s proposed settlement with Facebook, EPIC wrote to the FTC about the issue of photo tagging and compilation of biometric data. The FTC responded:
(2) You urge the Commission to prohibit Facebook from creating facial recognition profiles without users’ express consent.
The comprehensive privacy program described above will require Facebook to implement practices that are appropriate to the sensitivity of the “covered information” in question, which is very broadly defined in the order and would include biometric data. Moreover, the biennial audits of its privacy practices will help ensure that Facebook lives up to these obligations. Although the order does not specifically require that Facebook obtain a user’s consent for the creation of facial recognition data, the order’s broad prohibition on deception is designed to ensure that Facebook will be truthful with users about such practices. Likewise, the affirmative express consent requirement, described above, is designed to ensure that Facebook upholds privacy settings that it offers to users to protect such information.
So there’s no help there in closing the gap between EU privacy and U.S. privacy law.

This sounds interesting...
August 15, 2012
Paper - A Technology-Centered Approach to Quantitative Privacy
Gray, David C. and Citron, Danielle Keats, A Technology-Centered Approach to Quantitative Privacy (August 14, 2012). Available at SSRN
  • "Our analysis and proposal draw upon insights from information privacy law. Although information privacy law and Fourth Amendment jurisprudence share a fundamental interest in protecting privacy interests, these conversations have been treated as theoretically and practically discrete. This Article ends that isolation and the mutual exceptionalism that it implies. As information privacy scholarship suggests, technology can permit government to know us in unprecedented and totalizing ways at great cost to personal development and democratic institutions. We argue that these concerns about panoptic surveillance lie at the heart of the Fourth Amendment as well. We therefore propose a technology-centered approach to measuring and protecting Fourth Amendment interests in quantitative privacy. As opposed to proposals for case-by-case assessments of information “mosaics,” which have so far dominated the debate, we argue that government access to technologies capable of facilitating broad programs of continuous and indiscriminate monitoring should be subject to the same Fourth Amendment limitations applied to physical searches."

What's to hide? We know what the technology can do, so it must be a legal maneuver?
ACLU Sues FBI to Get GPS-Tracking Memos
In the wake of the Supreme Court’s decision earlier this year striking down the use of a GPS tracker on a suspect’s car without a warrant, the FBI issued two memos to agents with new guidelines for the use of the surveillance technology.
But the agency is withholding those memos from the public and has failed to respond to a records request submitted by the American Civil Liberties Union in July to obtain the documents.
On Tuesday, the ACLU filed a lawsuit against the FBI (.pdf), seeking the immediate release of the documents on the grounds that the public has a strong interest in knowing how the FBI is complying with the ruling.

If you want to work for me, you must love me.” How Victorian.
Virginia deputy fights his firing over a Facebook 'like'
A Virginia sheriff's deputy has been fired for liking his boss's political opponent -- on Facebook.
Now Daniel Ray Carter Jr. is fighting back in court, arguing that a "like" should be protected by his First Amendment right to free speech. It's a case that could settle a significant question at a time when hundreds of millions of people express themselves on Facebook, sometimes merging their personal, professional and political lives in the process.
According to court documents, the case began when Sheriff B.J. Roberts of Hampton, Virginia, fired Carter and five other employees for supporting his rival in a 2009 election.

Possibly related?
August 15, 2012
The State of the First Amendment: 2012
"The First Amendment Center has supported an annual national survey of American attitudes about the First Amendment since 1997. The State of the First Amendment: 2012 is the 16th survey in this series. This year’s annual survey repeats some of the questions that have been administered since 1997 and includes new questions on the role of religion in the presidential election, attitudes about government’s control of the Internet, and opinions about the use of copyrighted material on the Internet. This report summarizes the findings from the 2012 survey, and where appropriate, depicts how attitudes have changed over time. The first section of this report presents the survey methodology used to conduct the State of the First Amendment research. The second section highlights the key findings from the 2012 project. The final section presents the complete survey results including question wording and trend data."

What do you bet that schools won't read this...
August 15, 2012
FTC Advises Parents How to Protect Kids' Personal Information at School
News release: "A new school year usually means filling out paperwork like registration forms, health forms, and emergency contact forms, to name a few. The Federal Trade Commission wants parents to know that many school forms require personal and sensitive information that, in the wrong hands, could be used to commit fraud in their child’s name. A criminal can use a child’s Social Security number to get government benefits, open bank and credit card accounts, or rent a place to live. Most parents and guardians don’t expect their child to have a credit file, and rarely order or monitor a child’s credit report. Child identity theft may go undetected for years – until the child applies for a job or loan and discovers problems in a credit report. To help limit the risks of child identity theft, the Federal Trade Commission offers Protecting Your Child’s Personal Information at School. It explains how the federal Family Educational Rights and Privacy Act protects the privacy of student records and gives parents of school-age children the right to opt out of sharing contact information with third parties. It also suggests that parents ask their child’s school about its directory information policy, learn about privacy policies of sports or music activities that are not school-sponsored, and find out what to do if their child’s school experiences a data breach. The second publication, Safeguarding Your Child’s Future, offers tips on how to keep your child’s data safe at home and online, and explains the warning signs of child identity theft. It also explains how parents and guardians can check whether their child has a credit report, and what to do if the report has errors."

How trivial can $340 million be? (It's good to be a banker!)
Standard Chartered agrees $340m settlement with US regulator over Iran
Standard Chartered has fended off threats by a New York regulator to revoke its banking licence for alleged breaches of US sanctions. Chief executive Peter Sands is however under intense pressure after the bank agreed to pay $340m (£220m) despite insisting that it had committed only minor breaches of the rules.
Barely 24 hours before the bank was due to attend a hearing with the New York department of financial services (DFS), the regulator announced the surprise settlementwhich also includes the installation a monitor for at least two years to evaluate the bank's risk controls. Inspectors from the DFS will be installed at the bank's office in New York and the bank will "permanently install personnel" in New York solely to ensure that it adheres to money laundering laws.

This should be interesting. (Silly me, I thought they would have had to do this when they asked for extradition)
New Zealand court says FBI must disclose MegaUpload evidence
The lawyers for Kim DotCom and MegaUpload continue to rack up court victories in New Zealand.
One of the country's courts has ordered the United States to turn over evidence it says it has that proves DotCom committed criminal acts of piracy. The U.S. Attorney's office has accused DotCom, founder of the cloud-storage service, of operating MegaUpload as a criminal enterprise.
U.S. officials say that MegaUpload made over $175 million by enabling users to store pirated digital media, including movies, music and software, on the company's servers. They accuse him of encouraging the looting and wish to extradite him to this country to stand trial.
But New Zealand doesn't appear ready to take the word of the FBI that DotCom and six other MegaUpload managers committed crimes. They want to see the proof.

For my Data Mining / Data Analysis students: Drool baby, drool!
Google’s Dremel Makes Big Data Look Small
… Since the rise of Hadoop, Google has published three particularly interesting papers on the infrastructure that underpins its massive web operation. One details Caffeine, the software platform that builds the index for Google’s web search engine. Another shows off Pregel, a “graph database” designed to map the relationships between vast amounts of online information. But the most intriguing paper is the one that describes a tool called Dremel.
… “You have a SQL-like language that makes it very easy to formulate ad hoc queries or recurring queries — and you don’t have to do any programming. You just type the query into a command line,” says Urs H√∂lzle, the man who oversees the Google infrastructure.
The difference is that Dremel can handle web-sized amounts of data at blazing fast speed. According to Google’s paper, you can run queries on multiple petabytes — millions of gigabytes — in a matter of seconds.

If the US ever gets people to Mars, we're going to have to rent space... Go India!
neo12 writes in with the news that India plans on being the 6th country to launch a mission to mars.
"Making the first formal announcement on the country's Mars mission, Prime Minister Manmohan Singh on Wednesday said India will send a mission to the Red Planet that will mark a huge step in the area of science and technology. 'Recently, the Cabinet has approved the Mars Orbiter Mission. Under this Mission, our spaceship will go near Mars and collect important scientific information,' he said addressing the nation from the ramparts of the Red Fort on the occasion of the 66th Independence Day."

For my “Intro” classes. I like a bit of reiteration with my redundant repetition...

For my Computer Security students

No comments: