http://www.pogowasright.org/?p=12405
100 million Facebook pages leaked on torrent site
July 28, 2010 by Dissent
The 2.8GB torrent was compiled by hacker Ron Bowes of Skull Security, who created a web crawler program that harvested data on users contained in Facebook’s open access directory, which lists all users who haven’t bothered to change their privacy settings to make their pages unavailable to search engines.
Bowes’ directory contains 171 million entries, relating to more than 100 million individual users – more than one in five of Facebook’s recently trumpeted half billion user base.
The file contains user account names and a URL for each user’s profile page, from which details such as addresses, dates of birth or phone numbers can be accessed. Accessing a user’s page from the list will also enable you to click through to friends’ profiles – even if those friends have made themselves non-searchable.
Read more on THINQ.
As of the time of this posting, Skull Security’s site is timing out, probably because the story was slashd0tted. The original post, available in Google’s cache, reads in part:
I wrote a quick Ruby script (which has since become a more involved Nmap Script that I haven’t used for harvesting yet) that I used to download the full directory. I should warn you that it isn’t exactly the most user friendly interface — I wrote it for myself, primarily, I’m only linking to it for reference. I don’t really suggest you try to recreate my spidering. It’s a waste of several hundred gigs of bandwidth.
The results were spectacular. 171 million names (100 million unique).
[...]
But it occurred to me that this is public information that Facebook puts out, I’m assuming for search engines or whatever, and that it wouldn’t be right for me to keep it private. Why waste Facebook’s bandwidth and make everybody scrape it, right?
So, I present you with: a torrent! If you haven’t download it, download it now! And seed it for as long as you can.
This torrent contains:
The URL of every searchable Facebook user’s profile
The name of every searchable Facebook user, both unique and by count (perfect for post-processing, datamining, etc)
Processed lists, including first names with count, last names with count, potential usernames with count, etc
The programs I used to generate everything
What? Just because it's free, you thought it wouldn't cost you?
http://www.pogowasright.org/?p=12413
What your phone app doesn’t say: It’s watching
July 28, 2010 by Dissent
Jordan Robertson of the Associated Press reports:
Your smart phone applications are watching you – much more closely than you might like.
Lookout Inc., a mobile-phone security firm, scanned nearly 300,000 free applications for Apple Inc.’s iPhone and phones built around Google Inc.’s Android software. It found that many of them secretly pull sensitive data off users’ phones and ship them off to third parties without notification.
Read more on Forbes.
Because government is better able to determine what's important than a bunch of silly old judges?
http://www.pogowasright.org/?p=12415
White House proposal would ease FBI access to records of Internet activity
July 29, 2010 by Dissent
Ellen Nakashima reports:
The Obama administration is seeking to make it easier for the FBI to compel companies to turn over records of an individual’s Internet activity without a court order if agents deem the information relevant to a terrorism or intelligence investigation.
The administration wants to add just four words — “electronic communication transactional records” — to a list of items that the law says the FBI may demand without a judge’s approval. Government lawyers say this category of information includes the addresses to which an Internet user sends e-mail; the times and dates e-mail was sent and received; and possibly a user’s browser history. It does not include, the lawyers hasten to point out, the “content” of e-mail or other Internet communication.
Read more in the Washington Post.
In related coverage, Pete Yost of the Associated Press reports on the FBI’s defense of its guidelines for domestic surveillance.
Earlier this week, the The American Civil Liberties Union on Tuesday asked FBI field offices in 29 states and Washington, D.C., to turn over records the FBI collected on race and ethnicity in various communities. The agency fears the FBI’s data gathering and mapping practices will invite racial profiling by law enforcement. Nick Divito covers the story on Courthouse News.
Perhaps Google was not (yet) evil? Will the US Attorneys General be as willing to drop their “investigation?”
http://www.pogowasright.org/?p=12424
UK: ICO Statement on Google WiFi data
July 29, 2010 by Dissent
A spokesperson for the Information Commissioner’s Office (ICO) said:
“The ICO has visited Google’s premises to assess samples of the ‘pay-load’ data it inadvertently collected. Whilst Google considered it unlikely that it had collected anything other than fragments of content, we wanted to make our own judgement as to the likelihood that significant personal data had been retained and, if so, the extent of any intrusion. The information we saw does not include meaningful personal details that could be linked to an identifiable person. As we have only seen samples of the records collected in the UK we recognise that other data protection authorities conducting a detailed analysis of all the payload data collected in their jurisdictions may nevertheless find samples of information which can be linked to identifiable individuals. However, on the basis of the samples we saw we are satisfied so far that it is unlikely that Google will have captured significant amounts of personal data. There is also no evidence as yet that the data captured by Google has caused or could cause any individual detriment. Nevertheless it was wrong to collect the information. We will be alerting Privacy International and others who have complained to us of our position. The Information Commissioner is taking a responsible and proportionate approach to this case. However, we remain vigilant and will be reviewing any relevant findings and evidence from our international counterparts’ investigations.”
Source: ICO
(Related) You ain't seen nothing yet! (Interesting picture: Who is that sitting next to Eric Schmidt?)
http://www.wired.com/dangerroom/2010/07/exclusive-google-cia/
Exclusive: Google, CIA Invest in ‘Future’ of Web Monitoring
The investment arms of the CIA and Google are both backing a company that monitors the web in real time — and says it uses that information to predict the future.
The company is called Recorded Future, and it scours tens of thousands of websites, blogs and Twitter accounts to find the relationships between people, organizations, actions and incidents — both present and still-to-come. In a white paper, the company says its temporal analytics engine “goes beyond search” by “looking at the ‘invisible links’ between documents that talk about the same, or related, entities and events.”
… America’s spy services have become increasingly interested in mining “open source intelligence” — information that’s publicly available, but often hidden in the daily avalanche of TV shows, newspaper articles, blog posts, online videos and radio reports.
“Secret information isn’t always the brass ring in our profession,” then CIA-director General Michael Hayden told a conference in 2008. “In fact, there’s a real satisfaction in solving a problem or answering a tough question with information that someone was dumb enough to leave out in the open.”
For my Ethical Hackers How to get the attention of your students....
http://news.cnet.com/8301-1009_3-20012019-83.html?part=rss&subj=news&tag=2547-1_3-0-20
Security researcher demonstrates ATM hacking
LAS VEGAS--Hacking into an ATM isn't impossible, a security researcher showed Wednesday. With the right software, it's actually pretty easy.
Barnaby Jack, director of security testing at Seattle-based IOActive, hauled two ATMs onto the Black Hat conference stage and demonstrated to a rapt audience the fond daydream of teenage hackers everywhere: pressing a button and having an automated teller machine spew out its cash until a pile of paper lay on the ground.
(Related) Ditto
http://news.cnet.com/8301-27080_3-20012027-245.html?part=rss&subj=news&tag=2547-1_3-0-20
Expert: Critical system flaws a 'ticking time bomb'
"SCADA (supervisory control and data acquisition) systems are a lot less secure than IT (information technology) systems," Jonathan Pollet, founder of Red Tiger Security, said in his session, titled "Electricity for Free? The Dirty Underbelly of SCADA and Smart Meters."
… Recent modernization efforts have brought connectivity to the Internet back to the control environment and use of Windows, opening up new paths for threats, he said. Plus, there are known flaws in smart meters being installed in homes and linked back to critical systems, he added.
"We've had customers download a Windows patch and that patch actually broke the SCADA system," he said.
… Pollet said that during his consulting at utilities and other SCADA sites he has found all sorts of unnecessary software running on computers connected to important systems that can cause security problems, such as BitTorrent clients for peer-to-peer file sharing, chat clients, adult video directory scripts, and even botnet code and malware.
… Meanwhile, many power plant companies are trying to jump through loopholes in the regulations to reduce their "audit footprint," and controls are being bypassed, he said. Critical infrastructure companies are attempting to limit their responsibility and are not prepared to deal with the kinds of online attacks and espionage that keep chief information officers up at night, he said.
Another perspective
http://www.pogowasright.org/?p=12430
Mexico’s New Data Protection Law
July 29, 2010 by Dissent
W. Scott Blackmer writes:
Mexico has joined the ranks of more than 50 countries that have enacted omnibus data privacy laws covering the private sector. The new Federal Law on the Protection of Personal Data Held by Private Parties (Ley federal de protección de datos personales en posesión de los particulares) (the “Law”) was published on July 5, 2010 and took effect on July 6. IAPP has released an unofficial English translation. The Law will have an impact on the many US-based companies that operate or advertise in Mexico, as well as those that use Spanish-language call centers and other support services located in Mexico.
Read more on Information Law Group.
This might explain why red light cameras are so popular... And changing the law just make collecting fines easier.
Tennessee Town Releases Red Light Camera Stats
Posted by timothy on Wednesday July 28, @04:58PM
SonicSpike links to what he calls "a transparent look at some statistics released by a small town's red-light camera program," writing
"Specifically, in the last fiscal quarter, 7,213 incidents were recorded, 2,673 incidents were rejected by the reviewing officer, and 662 incidents were not processed due to technical issues or lack of information. All in all 3,878 citations were issued between April I — June 30 in a town of 17,000 residents. Interestingly enough there are two nearby cities claiming that individuals 'have no presumption of innocence' when accused by the red light cameras."
Fines for no-harm-no-foul rolling stops bug me, and remind me of Gary Lauder's suggestion to merge stop signs and yield signs.
(Related) Another “interpretation” of the law I find questionable.
UK Courts Rule Nintendo DS R4 Cards Illegal
Posted by Soulskill on Wednesday July 28, @05:40PM
"A UK high court ruled today that R4 cards for the Nintendo DS are illegal, finding two vendors guilty of selling 'game copiers.' The ruling by Justice Floyd is quoted as saying, 'The economic effect on Nintendo of the trade in these devices is substantial as each accused device can store and play copies of many Nintendo DS games [...] The mere fact that the device can be used for a non-infringing purpose is not a defence.' No word in the article as to what law in particular they were found to have broken, nor of the penalty the vendors are facing, but this looks like bad news for all kinds of hardware mod, on any platform, that would enable homebrew users to bypass vendor locks."
Nintendo won a related lawsuit in the Netherlands recently, in addition to the one in Australia earlier this year.
How to reinforce your bias!
http://searchengineland.com/blekko-a-new-search-engine-that-lets-you-spin-the-web-47215
Blekko: New Search Engine Lets You “Spin” The Web
New challenger Blekko is stepping into the fray, opening to limited beta testing today. It offers a compelling way to “slash the web” and put a particular spin on your search results.
… Blekko’s “slashtags” are a unique feature that may draw you in on occasions when you want to see how search results look when they’re skewed to a particular viewpoint.
… What would rank number one for “honey” if you asked bakers versus beekeepers? Blekko can give you the spin from both groups. Want your search results with a liberal slant? You can do that at Blekko, or slash your results the opposite way for a conservative view.
This is all done using slashtags, special keywords that you place after what your searching for, in order to indicate the viewpoint you want used to spin your results.
… This is also known as a vertical search, where instead of searching across the entire “horizontal” spectrum of all web sites, you’re searching “vertically” through just one slice.
Facebook just past 500 million users. Imagine how many users Facebook would have if the users actually liked it!
http://www.bespacific.com/mt/archives/024823.html
July 28, 2010
American Customer Satisfaction Index: Internet news & information; Internet portals & search engines, Internet social media
The American Customer Satisfaction Index (ACSI) Report on E-Business: Internet Portals & Search Engines, News & Information, and Social Media Websites, July 20, 2010. Commentary by Professor Claes Fornell: Google Dips Sharply but Holds Off Bing; FOXNews.com Leads All E-Business Websites; Facebook and MySpace Fail to Satisfy
Interesting tool. Makes you wonder why a home grown system like Glenwood Springs is 8 times faster than Qwest. Of course they've had fiber since 2002. Just another example of my “let the city own it and sell it to everyone” model.
What’s the Fastest and Best ISP in Your City? Look It Up Here
For my website students, 'cause I don't want no sub-standard code!
W3C’s Unicorn Validator Checks Multiple Standards at Once
he web’s governing body has launched a new validation tool called Unicorn that checks the quality of your website’s code against multiple web standards at the same time.
You can find the new Unicorn “all-in-one validator” on the Worldwide Web Consortium (W3C) website at validator.w3.org/unicorn/.
The W3C maintains a number of free web-based tools for checking whether your web code is valid, and Unicorn makes several of these tools available under a single interface.
For my Math students. They won't be able to resist the “Easier” button.
Wednesday, July 28, 2010
Knotebooks - Create Multimedia Math & Science Articles
Knotebooks is a neat service that allows users to create, customize, and share lessons composed of videos, images, and texts from all over the Internet.
… Using Knotebooks you can organize information to create a reference article for yourself or to share with others. You can also browse the articles published by others, add them to your account for later reference, and or alter the articles that others have written to suit your needs.
… Creating Knotebooks could be a great way for mathematics and science students to build multimedia reference libraries for themselves and for their classmates.
Annotate your videos.
Wednesday, July 28, 2010
Video ANT - Discuss and Annotate Videos
Video ANT is a free tool developed by Brad Hosack at the University of Minnesota for the purpose of providing a platform on which students and teachers view and annotate videos. Video ANT plays your specified video and while watching you and your students can and marks along a timeline and write comments alongside the video. Annotations are archived and emailed to you when you've completed the annotation process. Video ANT works with YouTube videos as well as with some video files that you can upload to the site. Click here to watch a screencast created by Brad Hosack of Video ANT in action.
