If true, this negates that warm fuzzy
feeling that our government is trying to protect us...
Hacked
FBI notebook reveals over 12,000,000 iPhone users’ details –
Anonymous
September 4, 2012 by admin
David Gilbert reports:
A post on Pastebin
claims that during the second week of March 2012, a Dell Vostro
laptop used by FBI Supervisor Special Agent Christopher K. Stangl
(seen above in a video
calling for computer science graduates to work with the FBI) was
breached.
The group claims
it found a file on the computer’s desktop – labelled
NCFTA_iOS_devices_intel.csv – which contained a list with
details about over 12 million unique Apple iOS devices including the
Unique Device Identifiers (UDID), user names, name of device, type of
device, Apple Push Notification Service tokens, addresses and mobile
phone numbers.
Read more on International
Business Times.
The paste, which is not signed with the
now-familiar Anonymous sigblock, offers a somewhat lengthy political
statement and rationale before getting to the description of the
breach:
During the second
week of March 2012, a Dell Vostro notebook, used by Supervisor
Special Agent Christopher K. Stangl from FBI Regional Cyber Action
Team and New York FBI Office Evidence Response Team was breached
using the AtomicReferenceArray vulnerability on Java, during the
shell session some files were downloaded from his Desktop folder one
of them with the name of “NCFTA_iOS_devices_intel.csv” turned to
be a list of 12,367,232 Apple iOS devices including Unique Device
Identifiers (UDID), user names, name of device, type of device, Apple
Push Notification Service tokens, zipcodes, cellphone numbers,
addresses, etc. the personal details fields referring to people
appears many times empty leaving the whole list incompleted on many
parts. no other file on the same folder makes mention about this list
or its purpose.
The FBI has not confirmed or denied the
claims, which were first revealed yesterday on Pastebin.
So… if the claims are true (and we
don’t know that yet): why were 12+ million entries of this kind in
the FBI’s possession? And why were they on a mobile device? I’d
like to hear the FBI’s explanation for this. That the FBI engages
in domestic surveillance is not exactly earth-shattering news, but
what crimes have so many possibly committed that would justify this
database? And how did they compile these data, if they did?
Kudos to the hackers who decided to
trim the personal information. Although DataBreaches.net does not,
as a policy, endorse hacking even for worthy goals, this site does
endorse hackers taking steps to protect the personal information of
those who may have done nothing wrong but find their details in a
database.
(Related) You have to work hard to be
this bad.
Glasgow
City Council slammed for losing 700 computers
September 4, 2012 by admin
Kathleen Hall reports:
Glasgow City
Council has been slammed for losing more than 700 laptops and PCs in
a probe into the body’s security malpractice.
The council has
lost 256 unencrypted laptops and nearly 450 PCs. It also has a
further 541 unencrypted laptops, according to an audit report.
The news follows
the theft of two laptops in May, one of which contained bank details
of 16,541 businesses and individuals. In 2009, Glasgow City Council
also suffered a major data loss when it lost sensitive data
containing information on local sex offenders,
Read more on ComputerWeekly.com.
(Related) Clearly they do not have
security or privacy on their minds..
UK:
Schools ‘not considering students security when collecting
biometric data’
September 4, 2012 by Dissent
Everywhere you look, you find
inadequate protection of student information. There’s an
interesting article in the London Evening Standard:
Schools could be
putting pupils’ personal data at risk by failing to store it
securely, according to new research.
The study suggests
that schools are increasingly collecting students’
biometric data, such as fingerprints, but do not always
think about the security issues surrounding this.
It found that
almost half of schools have regulations on personal data security
that fall below a recommended minimum level.
It has been
suggested that up to four in 10 secondary schools use fingerprinting
or face-scanning systems for a number of reasons, including recording
attendance, allowing pupils to check out library books, pay for lunch
or access certain school buildings.
But a paper due to
be presented at the British Educational Research Association’s
(Bera) annual conference in Manchester warns that schools
often do not have clear policies on how personal information should
be stored and handled.
Read more about the study on London
Evening Standard.
Will they limit their cooperation to
defense?
"At the start of this month,
news broke that Iran and North Korea have strengthened their ties,
specifically by signing a number of cooperation agreements on science
and technology. The two states signed the pact on Saturday,
declaring that it represented a united front against Western powers.
Ayatollah Ali Khamenei, Iran's Supreme Leader, told Kim Yong Nam,
North Korea's ceremonial head of state, the two countries have common
enemies and aligned goals. On Monday, security firm F-Secure weighed
in on the discussion. The company believes Iran
and North Korea may be interested in collaborating against
government-sponsored malware attacks such as Duqu, Flame, and
Stuxnet."
Old Tweets never die...
Your
Old Tweets Resurface with Twitter’s Data Reseller Partners
September 3, 2012 by Dissent
Sarah Downey of Abine writes:
Yesterday, Twitter
announced its Certified
Partners Program. There are currently 12
partners in the program, and they specialize in one of three
categories: engagement, analytics, and data resellers. Twitter says
that the certifications will “make it easier for businesses to find
the right tools.”
As a privacy
company, we sat up when we heard the words “data reseller.”
Three of the 12 partner companies–Topsy, DataSift, and Gnip–are
data resellers, which means they provide access to
all publicly available tweet content over several years (what Twitter
calls the “Firehose“).
Read more on BostInno.
What does this do, if anything, to
Twitter’s argument in court that because tweets are no longer
available on their site, they regain their status as private and not
public? And isn’t it inconsistent, in some real sense, with
Twitter’s claims that users own their own content? Why aren’t we
asked to opt-in to this?
(Related)
Smartphone
apps track users even when shut down
September 3, 2012 by Dissent
Hiawatha Bray reports:
Some smartphone
apps collect and transmit sensitive information stored on a phone,
including location, contacts, and Web browsing histories, even when
the apps are not being used by the phone’s owner, according to two
researchers at the Massachusetts Institute of Technology.
“It
seems like people are no longer in control of their own privacy,”
said Frances Zhang, a master’s degree student in computer science
at MIT.
Zhang and fellow
researcher Fuming Shih, a computer science doctoral candidate, found
that some popular apps for phones running Google Inc.’s Android
operating system are continually collecting information without
informing the phone’s owner.
Read more on The
Boston Globe.
For my Computer Security students...
(Worth reading the comments too)
"A student at the University of
Oslo, Norway has claimed that Phishing attacks can be carried out
through the use of URI and users
of Firefox and Opera are vulnerable to such attacks. Malicious
web pages can be stored into data URIs
(Uniform Resource Identifiers) whereby an entire webpage's code
can be stuffed into a string, which if clicked on will instruct the
browser to unpack the payload and present it to the user in form of a
page. This is where the whole thing gets a bit dangerous. In
his paper, Phishing by data URI [PDF], Henning Klevjer has
claimed that through his method he was able to successfully load the
pages on Firefox and Opera. The method
however failed on Google Chrome and Internet Explorer."
Gee whiz, maybe the RIAA and MPAA
shouldn't run DHS and the FBI...
Homeland
Security's domain seizures worries Congress
The U.S. Department of Homeland
Security is seizing domains and taking down URLs in the name of
copyright infringement, but its tactics are worrying certain members
of Congress.
In a letter (pdf)
sent last week to Attorney General Eric Holder and Secretary Janet
Napolitano, three members of the House Judiciary Committee aired
their unease.
… The three Congress members --
Rep. Zoe Lofgren, Rep.
Jared Polis -- and Rep. Jason Chaffetz, point to one
case that exemplifies a situation where Homeland Security got it
wrong. Over a year ago, the government took down a hip-hop Web site
owned by a man who goes by Dajaz1 on the basis that it linked to
copyrighted songs. However, the links didn't actually infringe on
copyrights.
"Much of Dajaz1's information was
lawful, and many of the allegedly infringing links to copyrighted
songs, and specifically the links that were the basis of the seizure
order, were given to the site's owner by artists and labels
themselves," the Congress members wrote in the letter.
(Related) On the other hand, takedown
is hard to automate.
Ustream
Apologizes For Shutting Down The Hugo Awards Livestream, Says It Will
‘Recalibrate’
Maybe you haven’t heard of the
Hugo Awards, but to science fiction geeks, especially print
science fiction geeks, they’re a big deal. They’re given out at
the World Science Fiction Convention, and as io9′s Annalee Newitz
writes,
they’re “kind of like the Academy Awards,” where “careers are
made; people get dressed up and give speeches; and celebrities rub
shoulders with (admittedly geeky) paparazzi.”
Of course, not everyone can attend the
convention, held this year in Chicago, but for those of us who
couldn’t, we had a chance to follow along the ceremonies last night
thanks to live video via Ustream (I probably would’ve been watching
if I wasn’t taking my mom out to dinner). Or at least, fans had a
chance to watch the beginning of the ceremony, up until Neil Gaiman
was accepting his award in the Best Dramatic Presentation, Short Form
category. That’s when the broadcast shut off abruptly, and the
account was supposedly “banned due to copyright infringement.”
… Also, if you’re going to halt a
live broadcast, you might not want to do it when a bestselling author
with more
than 1.7 million Twitter followers takes the stage.
Would this apply elsewhere?
September 03, 2012
EU
Commission publishes guidance on application of competition rules in
car sector
News
release: "The European Commission has published
a set of frequently asked questions (FAQs) on the
application of EU antitrust rules in the motor vehicle
sector. The FAQs provide stakeholders with guidance on how the
Commission applies these rules, in particular in the markets for
repair and maintenance services and spare parts. “The FAQs are a
practical guide that should be of particular help for SMEs and
consumers”, said JoaquĆn Almunia, Commission Vice-President in
charge of competition policy. “They aim at clarifying important
issues regarding the competition rules in the car sector, which
affect carmakers, dealers, spare parts suppliers, independent
repairers and ultimately consumers”. In May 2010, the Commission
adopted a new Motor Vehicle Block Exemption Regulation and
accompanying Guidelines, concerning the application of EU antitrust
rules to categories of agreements between vehicle manufacturers and
their authorised dealers, repairers and spare parts distributors (see
IP/10/619 and MEMO/10/217). Following requests from stakeholders and
national competition authorities for further practical guidance on
the application of the new rules, the Commission has now published a
set of frequently asked questions."
So where are the business opportunities
here?
Cable’s
Walls Are Coming Down
Everybody hates the cable company. The
big cable carriers constantly
score among the lowest in customer satisfaction among all
industries.
Yet the cable operators continue to
thrive largely because they operate as natural
monopolies — the upfront capital costs of laying new
cable keep potential competitors at bay. The satellite services
don’t fare much better in terms of consumer love, and they too
enjoy similar barriers to entry (satellites!).
But get ready for a sea change. Even
if you’re tied to a subscription television service today, there’s
a great chance you’ll become a cord-cutter in short order.
Attention geeks!
"The University of Cambridge
has released
a free 12-step online course on building a basic operating system
for the Raspberry Pi. The course, Baking
Pi — Operating Systems Development, was compiled by student
Alex Chadwick during a summer interning in the school's computer lab,
and has been put online to help this year's new recruits start work
with the device. The university has already
purchased a Raspberry Pi for every new Computer Science student
starting in 2012."
Better to backup and never need it than
to not backup and find out you do... (At least one is free!)
10
Awesome Hard Drive Backup Applications
Your computer has a lot of important
data stored on it. You might not even imagine how much data you have
in your computer – like photographs, videos, songs, documents,
critical files, programs, movies, etc. Do you know that in a split
second, you could lose all this data in case your hard drive crashes,
or some virus infects it or you delete some folder by mistake. So
the wise thing to do is to be always prepared for the worst, i.e.
losing all your data. So you should always back up your important
data regularly. Doing this manually can be really irksome, but
thanks to all the backup apps out there you don’t have to do it
manually. Many backup software are available out there, but which
ones are the best? Well today we have a list of10 Awesome Hard Drive
Backup Applications. This list is in no particular order, so check
them out and pick the one that suits your needs the best!
Attention all students!!!
… If you have a set schedule every
week and know exactly when you need to silence your phone, Silent
Time might fit your needs. It is a small and simple app that
lets you assign blocks of time to specific events
when you’ll need your phone to be silenced.
… Phone
Silencer is a very simple, but functional app if you usually
forget to re-enable your phone’s ringer from silent mode and
finding out you missed a bunch of calls or text messages. Sound
familiar? Phone Silencer can help relieve your pain with no almost
no learning curve.
No comments:
Post a Comment