Friday, November 08, 2013
Confusing, and my Ethical Hackers will need some guidance. It is hypothetically possible that some of my Ethical Hackers could write a program like this – not that they ever would of course. Does this mean that anyone who writes a “key logger” program will make it on the FBI's “Uncle Sam wants YOU in Guantanamo” list? (But not the instructors who taught them how to do it, right?)
It’s not just the US government intercepting your communications. It could be a nosy relative or jealous partner.
Among the five people added this week to the FBI’s list of “most wanted” cybercriminals is a former San Diego college student who developed an $US 89 program called “Loverspy” or “Email PI.” Sold online from his apartment, the program was advertised as a way to “catch a cheating lover” by sending the person an electronic greeting card that, if opened, would install malicious software to capture emails and instant messages, even spy on someone using the victim’s own webcam.
Read more on Perth Now.
An arrest warrant was issued for Perez-Melara in the Southern District of California on July 21, 2005, after he was charged with the following crimes: manufacturing a surreptitious interception device; sending a surreptitious interception device; advertising a surreptitious interception device; unlawfully intercepting electronic communications; disclosing unlawfully intercepted electronic communications; unauthorized access to protected computer for financial gain; and aiding and abetting.
[From the article:
According to his indictment, Perez-Melara sold the software to 1000 customers, who then tried to infect about 2000 computers. Victims took the bait only about half the time, the government said. People who purchased the spyware were charged with illegally intercepting electronic communications. Most of those cases appear to have resulted in probation and fines.
It keeps on growing! Just yesterday DataLossDB.org was reporting 130 million.
Yes, the Adobe breach is back in the news as some have discovered that a data dump posted online contains the email addresses, encrypted passwords and password hints stored in clear text from 152 million Adobe user accounts. Embarrassingly, one report notes that 1.9 million Adobe users used “123456″ as their password.
I don't suppose it was the IRS, anonymously “taxing” anonymous money?
Ben Grubb reports:
A four-month-old Australian Bitcoin bank holding more than $1 million has been hacked, leaving thousands of customers in the lurch including a man who claims he was holding the virtual currency to buy a house with his girlfriend.
The alleged hacking happened on both October 23 and 26, with the service’s operator, known only as “Tradefortress”, saying hackers stole all 4100 Bitcoins held by the wallet service, or $1.3 million at the time of writing. The Bitcoins were stored on servers in the US and it wasn’t until this week that he decided to notify customers.
Read more on The Age.
Attention Congress: Perhaps we could learn from the “more advanced” countries?
On November 26, 2013, Kazakhstan’s new data privacy law, On Personal Data and Their Protection, will come into effect. The law was passed on May 21, 2013. Kazakhstan is the second country in Central Asia to enact a data privacy law, joining the Kyrgyz Republic, which passed the Law on Personal Data in 2008.
Read more on Hunton & Williams Privacy and Information Security Law Blog.
Simple concept. Too simple?
Computers should be treated as “separate places” for search warrant purposes, Supreme Court of Canada says
David T.S. Fraser writes:
The Supreme Court of Canada just released its decision in R. v. Vu, 2013 SCC 60. The issue under appeal was whether police could search a computer that was seized pursuant to a warrant that did not specifically authorize the search of the computer.
Read more on Canadian Privacy Law Blog.
As I read this, he is saying that if someone claims you drown puppies while smoking crack, that's okay. But it's important to remove all of those “I had lunch at Taco Bell” tweets?
Woodrow Hartzog has an opinion piece in the New Scientist about California’s new “online eraser law,” SB-568. The law gives minors under the age of 18 some limited rights to delete personal information that they had posted online or on a mobile app. The key word here is “limited,” as the right is not absolute.
Woody writes, in part:
Critics claim it is a toothless law because it is full of exceptions and its scope too limited to properly protect teenagers, for example by excluding re-posts. They also fear a disastrous effect on the social web, with broken conversation chains abounding (though many social media users have been able to delete posts for years without significant issues of this sort).
While the critics correctly identify the unclear language in the statute, they miss the point when they say it will be ineffective because it won’t remove the truly harmful “viral” information that gets widely shared on the internet.
What they fail to realise is that the modest protection offered by this eraser law is not a defect, it’s a feature. These limitations represent deference to free speech principles while giving users the option of erasing heaps of disclosures that no one found interesting enough to share.
Read more of his commentary here.
I have a few hours of flight time, maybe I'll switch to drones? I can do that from the same computer I use to blog and the market seem ready to boom. (TV News Drones, Paparazzi support, Traffic Drones, Forest Fire Drones, Pizza Delivery Drones, etc.)
Nidhi Subbaraman reports:
Is this country ready for the drone revolution? Baby steps, says the Federal Aviation Administration, which on Thursday unveiled its new roadmap for releasing drones into the U.S. airspace. Among the recommendations under consideration: Drone pilots will get certification, drone designs must meet minimum standards, and a pilot flying the machine will be responsible for the craft during flight.
The FAA has also specifically and officially acknowledged that it would take on the responsibility of regulating privacy, in addition to safety, a shift in the administration’s stance so far.
Read more on NBC.
Oh good. No doubt this will settle everything.
Senate Intelligence Committee Approves FISA Improvements Act
by Sabrina I. Pacifici on November 7, 2013
Increases privacy protections, oversight, transparency of critical intelligence programs: The Senate Intelligence Committee [October 31, 2013] approved the FISA Improvements Act by a vote of 11-4. The bipartisan legislation increases privacy protections and public transparency of the National Security Agency call-records program in several ways, while preserving the operational effectiveness and flexibility of this vital national security program.
A question for you Constitutional Law professors: Do we have a “Right to keep and bear the designs for guns?”
Don't Freak Out, but the First 3D-Printed Metal Gun Totally Works
… When a design for The Liberator, the open-sourced and 3D-printed gun, was released last year, worriers could take some solace: The gun wasn't entirely composed of 3D-printed materials. The gun's firing pin—the thing, essentially, that put the fire in the firearm—was made of metal. And metal is extremely difficult to use as a material for 3D printing.
Until ... it's not. A company called Solid Concepts, which specializes in direct metal laser sintering, or DMLS, has created a gun, it claims, that is composed entirely of 3D-printed metal. The gun is not only fully metal-made; it is also capable of firing multiple rounds.
Perspective. It's not just developing Big Systems that causes governments problems. Anything new (i.e. roughly anything after the British burned the White House) can do it.
IRS Case Processing Delays and Tax Account Errors Increased Hardship for Victims of ID Theft
by Sabrina I. Pacifici on November 7, 2013
Treasury Inspector General for Tax Administration: Case Processing Delays and Tax Account Errors Increased Hardship for Victims of Identity Theft – September 26, 2013, Reference Number: 2013-40-129.
“It took the Internal Revenue Service (IRS) an average of 312 days to resolve tax-related identity theft cases, according to a new report released by the Treasury Inspector General for Tax Administration (TIGTA) that studied a statistical sample of these cases. This audit was a follow-up to a May 2012 identity theft audit report. The IRS reported that identity theft affected 1.2 million taxpayers in Calendar Year 2012, and an additional 1.6 million were affected in Calendar Year 2013, as of June 29, 2013… TIGTA’s review of a statistical sample of 100 identity theft cases closed between August 1, 2011 and July 31, 2012 found that the IRS correctly determined the rightful owner of the Social Security Number in all cases. However, taxpayers faced delays, with some cases having significant inactivity during case processing. Inactivity on the 100 identity theft cases averaged 277 days. This is due, in part, to assistors being required to also answer telephone inquiries during the Filing Season. In addition, tax accounts were not correctly resolved for 25 percent of the cases reviewed by TIGTA, resulting in delayed refunds and/or incorrect refunds to all 25 taxpayers. TIGTA surveyed 183 IRS assistors who work identify theft cases. Seventy-three percent of those surveyed stated that the IRS’s identity theft procedures are confusing. Finally, the IRS needs to improve the accuracy of its Refund Fraud and Identity Theft Global Report. The IRS Accounts Management function’s open case inventory was overstated by 95,429 cases in the Calendar Year 2012 Global Report. TIGTA recommended the IRS: 1) ensure that assistors assigned to identity theft cases work these cases exclusively and are provided with ongoing training and the ability to perform actions to work these cases to conclusion, 2) develop clear and consistent processes and procedures to ensure that taxpayer accounts are correctly updated, and 3) develop validation processes and procedures to ensure the accuracy of information included in the Identity Theft Global Report.”
Is Economics 'The Biggest Fraud Ever Perpetrated on the World?'
… As he writes in his introduction to the whole imbroglio, “Sometimes a few informal words can lead to a much more thoughtful response.” But Horton’s reply was thoughtful in its way, too—or, at least, interesting. And this kind of dialogue—between fields, between forms, even between types of feeling—seems worthwhile in the academic conversation, a way to possibly expand the means by which these conversations occur. The cycle of academe groans to keep up with the churn of the stream, and upset and frustrated jeremiads may attract more attention as tweets than as papers.
Which is to say: More exchanges like this one, please—or, as Horton himself writes, “I hope this dialogue provokes you to tweet too.”
For my technically innovative students...
… Classic disruptive innovation says that a cheaper, but lower-quality, innovator can eventually overtake an incumbent by gradually siphoning off customers the incumbent doesn’t find it profitable to defend. As the disruptor improves its offering, though, the incumbent’s position becomes increasingly fragile. Big bang disruption differs in that the start-up offers an innovation that’s not only cheaper, but better — higher quality, more convenient, or both — almost right off the bat. The Blockbuster-Netflix skirmish is a case in point.
For my students. May you work occasionally.
37signals Launches ‘We Work Remotely’ Job Board
37signals, makers of project management app Basecamp and the Ruby On Rails programming language, has launched a new online job board meant specifically for remote workers. 37signals will be shutting down their existing job board and will migrate all listings to the new site, We Work Remotely.