Security for all my students. (Because undoing
these hacks is tedious. Best to avoid them if possible.)
How to Spot
& Avoid 10 of the Most Insidious Hacking Techniques
I see more articles like this, but not yet in
mainstream sources.
Kenneth Lipp reports:
Prior to two weeks ago, when this reporter alerted authorities that they had exposed critical data, anyone online was able to freely access a City of Boston automated license plate reader (ALPR) system and to download dozens of sensitive files, including hundreds of thousands of motor vehicle records dating back to 2012. If someone saw your shiny car and wanted to rob your equally nice house, for example, they could use your parking permit number to obtain your address. All they had to do was find the server’s URL.
The open online server was a file share, primarily used for municipal parking enforcement to transfer and store vehicular permit information and nearly one million license plate numbers. This was all waiting to be discovered by anyone spelunking Google for terms including “Genetec,” the name of a Canadian surveillance company that owns the popular AutoVu brand of license plate readers.
Read more on DigBoston.
When would this be necessary?
Joe Cadillic writes:
Thanks to DHS’s own research & development department if you’re arrested, cops can now read your bank balance!
Police are now able to read our bank credit and debit cards, retail gift cards, library cards, hotel card keys, even magnetic-striped Metrorail cards instantly!
Did you catch that? Police will even know the balance of your commuter train/bus cards, all without a WARRANT!
DHS and Technology Directorate’s Electronic Recovery and Access to Data (ERAD) Prepaid Card Reader is now being used to read EVERY magnetic-striped card.
“The ERAD Prepaid Card Reader is a small, handheld device that uses wireless connectivity to allow law enforcement officers in the field to check the balance of cards. This allows for identification of suspicious prepaid cards and the ability to put a temporary hold on the linked funds until a full investigation can be completed.”
Read more on MassPrivateI.
How is this not a warrantless search and seizure?
Update: Orin Kerr blogged about
his issue in July, here.
He disagreed with a court opinion that held that it was not a 4-A
search.
Hummm, is this really a carrot rather than a
privacy stick?
A new article by privacy law scholars Neil
Richards and Woodrow Hartzog.
Abstract:
Trust is beautiful. The willingness to accept vulnerability to the actions of others is the essential ingredient for friendship, commerce, transportation, and virtually every other activity that involves other people. It allows us to build things, and it allows us to grow. Trust is everywhere, but particularly at the core of the information relationships that have come to characterize our modern, digital lives. Relationships between people and their ISPs, social networks, and hired professionals are typically understood in terms of privacy. But the way we have talked about privacy has a pessimism problem – privacy is conceptualized in negative terms, which leads us to mistakenly look for “creepy” new practices, focus excessively on harms from invasions of privacy, and place too much weight on the ability of individuals to opt out of harmful or offensive data practices.
But there is another way to think about privacy and shape our laws. Instead of trying to protect us against bad things, privacy rules can also be used to create good things, like trust. In this paper, we argue that privacy can and should be thought of as enabling trust in our essential information relationships. This vision of privacy creates value for all parties to an information transaction and enables the kind of sustainable information relationships on which our digital economy must depend.
Drawing by analogy on the law of fiduciary duties, we argue that privacy laws and practices centered on trust would enrich our understanding of the existing privacy principles of confidentiality, transparency, and data protection. Re-considering these principles in terms of trust would move them from procedural means of compliance for data extraction towards substantive principles to build trusted, sustainable information relationships. Thinking about privacy in terms of trust also reveals a principle that we argue should become a new bedrock tenet of privacy law: the Loyalty that data holders must give to data subjects. Rejuvenating privacy law by getting past Privacy Pessimism is essential if we are to build the kind of digital society that is sustainable and ultimately beneficial to all – users, governments, and companies. There is a better way forward for privacy. Trust us.
You can download the full article from SSRN:
Richards, Neil M. and
Hartzog, Woodrow, Taking Trust Seriously in Privacy Law (September 3,
2015). Available at SSRN: http://ssrn.com/abstract=2655719
(Related) Find a school you trust?
Herb Weisbaum reports:
For parents, the return to school means signing a
stack of permission forms. One that’s easy to miss deals with the
privacy of your child’s personal information – and your right to
stop the school from sharing it.
Schools are allowed by federal law to share or
sell “directory information” about their students with anyone –
including data brokers and marketing companies – unless they have a
parental opt-out form on file. that could subject parents and, in
some cases even young students, to a torrent of advertising.
Read more on NBC
News.
Weisbaum makes a good point that many
otherwise-savvy parents may not know: if you sign an opt-out form for
directory information, it is only good for that school year: you must
sign a new one each year.
For my Ethical Hacking students. You won't even
notice this censorship if you look at the blog here in the US.
Prevent
Blogger from Redirecting your Blogspot Blog to Country-Specific URLs
Google now redirects Blogger blogs to
country-specific domains. For instance, if you open
example.blogspot.com in your web browser, you will be
redirected to example.blogspot.in if you are located in
India or to example.blogspot.co.uk if you are accessing the
blog from UK.
Google
does country-specific redirection for selective
censorship – that means they can easily censor or
block a blog post, or other entire blog site, in one country but
still serve that page in other geographic regions.
Perspective.
Mark
Zuckerberg Tops the 2015 New Establishment List—and Snags the
October Cover!
Facebook chairman and C.E.O. Mark
Zuckerberg has struck deals with The New York
Times and BuzzFeed to publish articles directly into users’
pages. He’s reportedly negotiating with record labels and content
providers to secure rights to music videos and scripted shows. And,
if he has his way, virtual reality may someday soon connect every
person in the world. These are just a few of the reasons why
Zuckerberg tops Vanity Fair’s 2015 New Establishment
Disrupters list, a milestone the magazine celebrates by featuring the
mogul on the October cover, in a photo by Annie
Leibovitz.
“At 31, Mark Zuckerberg stands out as something
of an elder statesman,” Vanity Fair editor Graydon
Carter writes in his October editor’s letter.
… For a complete accounting of who’s up,
who’s down, and who’s new on this year’s New Establishment
list, check
out the full rankings here.
Perspective. If trump is a flash in the pan, we
should be looking at number two. (I thought Carson was too smart to
be elected.) An interesting discussion...
If Donald
Trump Can Win The Nomination, Ben Carson Could Too
Ben Carson is on the upswing in national polls.
… He’s also made gains in Iowa:
… And he’s done so largely without
the media’s help. Will the Carson surge just be a blip à la
Michele Bachmann and Herman Cain in the 2012 cycle? Or can Carson
take down The Donald?
Science Fiction writers have long predicted that
computers that allow us to work from home and have anything we desire
delivered to our door will result in people who never physically meet
another person. I think of that every time I see us getting closer.
Google to
start testing fresh food and grocery deliveries
Google
will start testing a delivery service for fresh food and groceries in
two US cities later this year, stepping up competition with online
retailer Amazon.com
and startup Instacart.
The trial will begin in San Francisco and another
city, said Brian
Elliott, general manager of Google Express, which already
delivers merchandise, including dry foods, to customers. Whole Foods
Market and Costco
Wholesale will be among Google's partners for the new service, he
said.
Could Donald Trump steal the election by promising
free wifi? Estimating the cost for the US might make an interesting
project.
Philippines
to Roll Out Nationwide Free Wi-Fi Service by 2016
The Philippines is planning free Wi-Fi services to
half of its towns and cities this year and nationwide coverage by
end-2016, limiting the data revenue prospects for Philippine Long
Distance Telephone Co. and Globe Telecom Inc.
The free Internet service will cost the government
about 1.5 billion pesos ($32 million) a year and will be available in
areas such as public schools, hospitals, airports and parks, said
Monchito Ibrahim, deputy executive director of the Information and
Communications Technology Office.
Tools & Techniques (because you never know
when you might need them)
How to
Convert Any File Format Online with Free Tools
If you want to turn a FLAC into an MP3 or a PDF
into a Doc, you don’t need to download fancy software. Just fire
up your browser, head to one of these websites, and you’ll be done
in a jiffy. And completely free too!
Tools for students and teachers.
7 New
Google Drive Features Every Student Must Know
School is in session and Google is ready to make
things easier
for students with Google Drive. New features have been
introduced and some old ones refined.
Not only is it free and cross-platform, but the
Google Drive suite has become quite powerful, recently. You can now
even use
it offline on PC or mobile. Students are the future, so Google
is adding student-centric features. The cool part? They’re
useful even if you aren’t a student!
There is more than a grain of truth here.
Strategic
Humor: Cartoons from the October 2015 Issue
No comments:
Post a Comment