Tuesday, September 04, 2012
If true, this negates that warm fuzzy feeling that our government is trying to protect us...
Hacked FBI notebook reveals over 12,000,000 iPhone users’ details – Anonymous
September 4, 2012 by admin
David Gilbert reports:
A post on Pastebin claims that during the second week of March 2012, a Dell Vostro laptop used by FBI Supervisor Special Agent Christopher K. Stangl (seen above in a video calling for computer science graduates to work with the FBI) was breached.
The group claims it found a file on the computer’s desktop – labelled NCFTA_iOS_devices_intel.csv – which contained a list with details about over 12 million unique Apple iOS devices including the Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, addresses and mobile phone numbers.
Read more on International Business Times.
The paste, which is not signed with the now-familiar Anonymous sigblock, offers a somewhat lengthy political statement and rationale before getting to the description of the breach:
During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java, during the shell session some files were downloaded from his Desktop folder one of them with the name of “NCFTA_iOS_devices_intel.csv” turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc. the personal details fields referring to people appears many times empty leaving the whole list incompleted on many parts. no other file on the same folder makes mention about this list or its purpose.
The FBI has not confirmed or denied the claims, which were first revealed yesterday on Pastebin.
So… if the claims are true (and we don’t know that yet): why were 12+ million entries of this kind in the FBI’s possession? And why were they on a mobile device? I’d like to hear the FBI’s explanation for this. That the FBI engages in domestic surveillance is not exactly earth-shattering news, but what crimes have so many possibly committed that would justify this database? And how did they compile these data, if they did?
Kudos to the hackers who decided to trim the personal information. Although DataBreaches.net does not, as a policy, endorse hacking even for worthy goals, this site does endorse hackers taking steps to protect the personal information of those who may have done nothing wrong but find their details in a database.
(Related) You have to work hard to be this bad.
Glasgow City Council slammed for losing 700 computers
September 4, 2012 by admin
Kathleen Hall reports:
Glasgow City Council has been slammed for losing more than 700 laptops and PCs in a probe into the body’s security malpractice.
The council has lost 256 unencrypted laptops and nearly 450 PCs. It also has a further 541 unencrypted laptops, according to an audit report.
The news follows the theft of two laptops in May, one of which contained bank details of 16,541 businesses and individuals. In 2009, Glasgow City Council also suffered a major data loss when it lost sensitive data containing information on local sex offenders,
Read more on ComputerWeekly.com.
(Related) Clearly they do not have security or privacy on their minds..
UK: Schools ‘not considering students security when collecting biometric data’
September 4, 2012 by Dissent
Everywhere you look, you find inadequate protection of student information. There’s an interesting article in the London Evening Standard:
Schools could be putting pupils’ personal data at risk by failing to store it securely, according to new research.
The study suggests that schools are increasingly collecting students’ biometric data, such as fingerprints, but do not always think about the security issues surrounding this.
It found that almost half of schools have regulations on personal data security that fall below a recommended minimum level.
It has been suggested that up to four in 10 secondary schools use fingerprinting or face-scanning systems for a number of reasons, including recording attendance, allowing pupils to check out library books, pay for lunch or access certain school buildings.
But a paper due to be presented at the British Educational Research Association’s (Bera) annual conference in Manchester warns that schools often do not have clear policies on how personal information should be stored and handled.
Read more about the study on London Evening Standard.
Will they limit their cooperation to defense?
"At the start of this month, news broke that Iran and North Korea have strengthened their ties, specifically by signing a number of cooperation agreements on science and technology. The two states signed the pact on Saturday, declaring that it represented a united front against Western powers. Ayatollah Ali Khamenei, Iran's Supreme Leader, told Kim Yong Nam, North Korea's ceremonial head of state, the two countries have common enemies and aligned goals. On Monday, security firm F-Secure weighed in on the discussion. The company believes Iran and North Korea may be interested in collaborating against government-sponsored malware attacks such as Duqu, Flame, and Stuxnet."
Old Tweets never die...
Your Old Tweets Resurface with Twitter’s Data Reseller Partners
September 3, 2012 by Dissent
Sarah Downey of Abine writes:
Yesterday, Twitter announced its Certified Partners Program. There are currently 12 partners in the program, and they specialize in one of three categories: engagement, analytics, and data resellers. Twitter says that the certifications will “make it easier for businesses to find the right tools.”
As a privacy company, we sat up when we heard the words “data reseller.” Three of the 12 partner companies–Topsy, DataSift, and Gnip–are data resellers, which means they provide access to all publicly available tweet content over several years (what Twitter calls the “Firehose“).
Read more on BostInno.
What does this do, if anything, to Twitter’s argument in court that because tweets are no longer available on their site, they regain their status as private and not public? And isn’t it inconsistent, in some real sense, with Twitter’s claims that users own their own content? Why aren’t we asked to opt-in to this?
Smartphone apps track users even when shut down
September 3, 2012 by Dissent
Hiawatha Bray reports:
Some smartphone apps collect and transmit sensitive information stored on a phone, including location, contacts, and Web browsing histories, even when the apps are not being used by the phone’s owner, according to two researchers at the Massachusetts Institute of Technology.
“It seems like people are no longer in control of their own privacy,” said Frances Zhang, a master’s degree student in computer science at MIT.
Zhang and fellow researcher Fuming Shih, a computer science doctoral candidate, found that some popular apps for phones running Google Inc.’s Android operating system are continually collecting information without informing the phone’s owner.
Read more on The Boston Globe.
For my Computer Security students... (Worth reading the comments too)
"A student at the University of Oslo, Norway has claimed that Phishing attacks can be carried out through the use of URI and users of Firefox and Opera are vulnerable to such attacks. Malicious web pages can be stored into data URIs (Uniform Resource Identifiers) whereby an entire webpage's code can be stuffed into a string, which if clicked on will instruct the browser to unpack the payload and present it to the user in form of a page. This is where the whole thing gets a bit dangerous. In his paper, Phishing by data URI [PDF], Henning Klevjer has claimed that through his method he was able to successfully load the pages on Firefox and Opera. The method however failed on Google Chrome and Internet Explorer."
Gee whiz, maybe the RIAA and MPAA shouldn't run DHS and the FBI...
Homeland Security's domain seizures worries Congress
The U.S. Department of Homeland Security is seizing domains and taking down URLs in the name of copyright infringement, but its tactics are worrying certain members of Congress.
In a letter (pdf) sent last week to Attorney General Eric Holder and Secretary Janet Napolitano, three members of the House Judiciary Committee aired their unease.
… The three Congress members -- Rep. Zoe Lofgren, Rep. Jared Polis -- and Rep. Jason Chaffetz, point to one case that exemplifies a situation where Homeland Security got it wrong. Over a year ago, the government took down a hip-hop Web site owned by a man who goes by Dajaz1 on the basis that it linked to copyrighted songs. However, the links didn't actually infringe on copyrights.
"Much of Dajaz1's information was lawful, and many of the allegedly infringing links to copyrighted songs, and specifically the links that were the basis of the seizure order, were given to the site's owner by artists and labels themselves," the Congress members wrote in the letter.
(Related) On the other hand, takedown is hard to automate.
Ustream Apologizes For Shutting Down The Hugo Awards Livestream, Says It Will ‘Recalibrate’
Maybe you haven’t heard of the Hugo Awards, but to science fiction geeks, especially print science fiction geeks, they’re a big deal. They’re given out at the World Science Fiction Convention, and as io9′s Annalee Newitz writes, they’re “kind of like the Academy Awards,” where “careers are made; people get dressed up and give speeches; and celebrities rub shoulders with (admittedly geeky) paparazzi.”
Of course, not everyone can attend the convention, held this year in Chicago, but for those of us who couldn’t, we had a chance to follow along the ceremonies last night thanks to live video via Ustream (I probably would’ve been watching if I wasn’t taking my mom out to dinner). Or at least, fans had a chance to watch the beginning of the ceremony, up until Neil Gaiman was accepting his award in the Best Dramatic Presentation, Short Form category. That’s when the broadcast shut off abruptly, and the account was supposedly “banned due to copyright infringement.”
… Also, if you’re going to halt a live broadcast, you might not want to do it when a bestselling author with more than 1.7 million Twitter followers takes the stage.
Would this apply elsewhere?
September 03, 2012
EU Commission publishes guidance on application of competition rules in car sector
News release: "The European Commission has published a set of frequently asked questions (FAQs) on the application of EU antitrust rules in the motor vehicle sector. The FAQs provide stakeholders with guidance on how the Commission applies these rules, in particular in the markets for repair and maintenance services and spare parts. “The FAQs are a practical guide that should be of particular help for SMEs and consumers”, said Joaquín Almunia, Commission Vice-President in charge of competition policy. “They aim at clarifying important issues regarding the competition rules in the car sector, which affect carmakers, dealers, spare parts suppliers, independent repairers and ultimately consumers”. In May 2010, the Commission adopted a new Motor Vehicle Block Exemption Regulation and accompanying Guidelines, concerning the application of EU antitrust rules to categories of agreements between vehicle manufacturers and their authorised dealers, repairers and spare parts distributors (see IP/10/619 and MEMO/10/217). Following requests from stakeholders and national competition authorities for further practical guidance on the application of the new rules, the Commission has now published a set of frequently asked questions."
So where are the business opportunities here?
Cable’s Walls Are Coming Down
Everybody hates the cable company. The big cable carriers constantly score among the lowest in customer satisfaction among all industries.
Yet the cable operators continue to thrive largely because they operate as natural monopolies — the upfront capital costs of laying new cable keep potential competitors at bay. The satellite services don’t fare much better in terms of consumer love, and they too enjoy similar barriers to entry (satellites!).
But get ready for a sea change. Even if you’re tied to a subscription television service today, there’s a great chance you’ll become a cord-cutter in short order.
"The University of Cambridge has released a free 12-step online course on building a basic operating system for the Raspberry Pi. The course, Baking Pi — Operating Systems Development, was compiled by student Alex Chadwick during a summer interning in the school's computer lab, and has been put online to help this year's new recruits start work with the device. The university has already purchased a Raspberry Pi for every new Computer Science student starting in 2012."
Better to backup and never need it than to not backup and find out you do... (At least one is free!)
10 Awesome Hard Drive Backup Applications
Your computer has a lot of important data stored on it. You might not even imagine how much data you have in your computer – like photographs, videos, songs, documents, critical files, programs, movies, etc. Do you know that in a split second, you could lose all this data in case your hard drive crashes, or some virus infects it or you delete some folder by mistake. So the wise thing to do is to be always prepared for the worst, i.e. losing all your data. So you should always back up your important data regularly. Doing this manually can be really irksome, but thanks to all the backup apps out there you don’t have to do it manually. Many backup software are available out there, but which ones are the best? Well today we have a list of10 Awesome Hard Drive Backup Applications. This list is in no particular order, so check them out and pick the one that suits your needs the best!
Attention all students!!!
… If you have a set schedule every week and know exactly when you need to silence your phone, Silent Time might fit your needs. It is a small and simple app that lets you assign blocks of time to specific events when you’ll need your phone to be silenced.
… Phone Silencer is a very simple, but functional app if you usually forget to re-enable your phone’s ringer from silent mode and finding out you missed a bunch of calls or text messages. Sound familiar? Phone Silencer can help relieve your pain with no almost no learning curve.