Saturday, December 02, 2006

Once again there is a lot of conflicting information about this computer theft. Was the information stored on these computers or wasn't it. (My guess: it was.) I suspect most organizations would be unable to determine what information was on a given computer at any time. Don't get me wrong. Pennsylvania's response seems better than average, still it would be fun to call them on some of the conflicting information.

http://www.timesleader.com/mld/timesleader/16128584.htm

Posted on Thu, Nov. 30, 2006

Computer theft closes license center

Police say burglars stole equipment from the Hanover Twp. site that may have contained personal info.

By EDWARD LEWIS elewis@timesleader.com

... Personal information isn’t kept at the local center [See next article Bob] and is downloaded [NIT: That would be an upload Bob] overnight to the Pennsylvania Department of Transportation’s headquarters in Harrisburg, Kelly said.

We’re not sure what time the burglary actually occurred so we don’t know if that process was completed in time,” [The HQ computer has no record? Bob] Kelly said. “There is some concern but we’re looking to see if any personal information was breached.”


http://www.govtech.net/magazine/channel_story.php/102656

Pennsylvania DOT Notifies Customers Affected by Data Theft

Dec 01, 2006 News Release

... The burglary occurred at about 11:30 p.m., Tuesday, Nov. 28, when thieves breached security at the driver license center and stole two computers, which contained the personal information of 11,384 customers who had their photos taken for a driver's license or photo identification card at the Wilkes-Barre Driver License Center between Aug. 30, 2006, and Nov. 28, 2006. Only those customers who had their photos taken at the Wilkes-Barre Driver License Center in that specific time period are affected by the theft. [We just missed the nightly data transfer for the last few nights... Bob]

The information stored on those computers included names, addresses, dates of birth, driver's license numbers and the last four digits of Social Security numbers. In the case of 5,348 of those customers, the personal information stored included complete Social Security numbers. [Why are these people different? Bob]



Perhaps we could convince managers to be at least as secure as these guys?

http://www.infoworld.com/article/06/12/01/HNjihadmag_1.html?source=rss&url=http://www.infoworld.com/article/06/12/01/HNjihadmag_1.html

Jihadists publish cyber security magazine

Publication will cover issues such as concealing one's identity on the Internet and how to set up a jihadi Web site

By Robert McMillan, IDG News Service December 01, 2006

Jihadists now have their own security magazine.

"Technical Mujahid," a 64-page electronic magazine began circulating earlier this week on jihadist discussion forums, said Adam Raisman, an analyst with the SITE (Search for International Terrorist Entities) Institute, a terrorist tracking organization.

SITE, based in Washington, has published an analysis of the new publication.

... Like early hacking magazines, Technical Mujahid takes information that has already been published in discussion forums and Web sites and compiles it into one single source, Raisman said.

... The magazine shows that militants share many of the same security concerns as many IT professionals, said Marcus Sachs, deputy director with research group SRI International's Computer Science Laboratory.

"Western media only covers the story that the jihadists are out to destroy us," he said. "In fact they're just as worried about Internet security in the same way were are."



“Tell us who these malcontents are, we want to talk to them...”

http://www.pogowasright.org/article.php?story=20061202035200947

UK: GPs angered by call to reveal names of NHS database rebels

Saturday, December 02 2006 @ 06:23 AM CST - Contributed by: PrivacyNews - Non-U.S. News

The Department of Health provoked uproar among doctors yesterday by asking GPs in England to send in correspondence from objectors who do not want their confidential medical records placed on the Spine, a national NHS database. Sir Liam Donaldson, the chief medical officer, said letters from patients who want to keep their private medical details out of the government's reach should be sent to Patricia Hewitt, the health secretary, for "full consideration".

Source - Guardian



At Invesco Field, they patted my (ample) tummy, but didn't check for my shoulder holster, ankle holster, small of the back holster, etc. If I thought the security was adequate, I wouldn't need all this equipment.

http://seattlepi.nwsource.com/football/294350_hawkfans01.html

2 Seahawks fans file suit to halt Qwest pat-down

NFL security measure at stadium called unconstitutional, uneven

Friday, December 1, 2006

By SCOTT GUTIERREZ P-I REPORTER

Two Seahawks season ticket holders have filed a lawsuit in federal court arguing that a policy requiring fans to be frisked before they enter Qwest Field is unconstitutional.

... Qwest Field officials follow an NFL policy that went into effect at the start of the 2005 season to tighten security and to prevent terrorism. It requires fans' arms, shoulders and torsos to be patted down as they enter games for any of the league's 32 teams.

... The lawsuit follows a legal challenge filed in 2005 against the Tampa Bay Sports Authority, the government agency that manages the Tampa Bay Buccaneers' stadium. There, a state and a federal judge agreed with a 60-year-old civics teacher who claimed that pat-downs were unconstitutional and granted a court order prohibiting them. The NFL and the sports authority are appealing, The Tampa Tribune reported.

... The lawsuit also argues that attendees entering other stadium events, such as soccer games or motocross races, are not patted down.

... STADIUM SECURITY

  • Qwest: Only Seattle major outdoor pro stadium to require security pat-downs.

  • Safeco Field: Ticket holders are subjected to bag searches, although neither the stadium nor Major League Baseball require pat-downs.



Stocking Stuffers?

http://www.thesimpledollar.com/2006/12/01/30-essential-pieces-of-free-and-open-software-for-windows/

30 Essential Pieces Of Free (and Open) Software for Windows

... 11. VLC Media Player

http://www.videolan.org/vlc/

Replaces Windows Media Player, Quicktime, RealPlayer, etc.

If you get tired of having tons of media players on your computer, get this package that runs pretty much every media type you’ll run across without breaking a sweat.

Juice logo12. Juice

http://juicereceiver.sourceforge.net/

Unique but essential

Juice lets you effortlessly subscribe to podcasts, organize them, and listen to them at your convenience. In conjunction with PodNova, I find it easier to use Juice to organize podcasts than using iTunes itself.

13. Audacity

http://audacity.sourceforge.net/

Unique but essential (for some)

If you’re interested in recording your own podcast (or just want to make your own voice recordings for whatever reason), Audacity and a microphone are pretty much all you need to get the job done. I’m not much for podcasting (let’s just say I don’t have a radio voice), but I use Audacity for other voice recording purposes.



Tools & Techniques (This technique has been published before, and a similar technique exists for landline phones...)

http://news.com.com/2100-1029_3-6140191.html?part=rss&tag=2547-1_3-0-5&subj=news

FBI taps cell phone mic as eavesdropping tool

By Declan McCullagh Story last modified Fri Dec 01 18:46:27 PST 2006

The FBI appears to have begun using a novel form of electronic surveillance in criminal investigations: remotely activating a mobile phone's microphone and using it to eavesdrop on nearby conversations.

The technique is called a "roving bug," and was approved by top U.S. Department of Justice officials for use against members of a New York organized crime family who were wary of conventional surveillance techniques such as tailing a suspect or wiretapping him.

Nextel cell phones owned by two alleged mobsters, John Ardito and his attorney Peter Peluso, were used by the FBI to listen in on nearby conversations. The FBI views Ardito as one of the most powerful men in the Genovese family, a major part of the national Mafia.

The surveillance technique came to light in an opinion published this week by U.S. District Judge Lewis Kaplan. He ruled that the "roving bug" was legal because federal wiretapping law is broad enough to permit eavesdropping even of conversations that take place near a suspect's cell phone.

Kaplan's opinion said that the eavesdropping technique "functioned whether the phone was powered on or off." Some handsets can't be fully powered down without removing the battery; for instance, some Nokia models will wake up when turned off if an alarm is set.

While the Genovese crime family prosecution appears to be the first time a remote-eavesdropping mechanism has been used in a criminal case, the technique has been discussed in security circles for years.

The U.S. Commerce Department's security office warns that "a cellular telephone can be turned into a microphone and transmitter for the purpose of listening to conversations in the vicinity of the phone." An article in the Financial Times last year said mobile providers can "remotely install a piece of software on to any handset, without the owner's knowledge, which will activate the microphone even when its owner is not making a call."

... "If a phone has in fact been modified to act as a bug, the only way to counteract that is to either have a bugsweeper follow you around 24-7, which is not practical, or to peel the battery off the phone," Atkinson said. Security-conscious corporate executives routinely remove the batteries from their cell phones, he added.

... U.S. District Judge Barbara Jones approved them in a series of orders in 2003 and 2004, and said she expected to "be advised of the locations" of the suspects when their conversations were recorded.

Details of how the Nextel bugs worked are sketchy. Court documents, including an affidavit (p1) and (p2) prepared by Assistant U.S. Attorney Jonathan Kolodner in September 2003, refer to them as a "listening device placed in the cellular telephone." That phrase could refer to software or hardware.

One private investigator interviewed by CNET News.com, Skipp Porteous of Sherlock Investigations in New York, said he believed the FBI planted a physical bug somewhere in the Nextel handset and did not remotely activate the microphone.

"They had to have physical possession of the phone to do it," Porteous said. "There are several ways that they could have gotten physical possession. Then they monitored the bug from fairly near by."

But other experts thought microphone activation is the more likely scenario, mostly because the battery in a tiny bug would not have lasted a year and because court documents say the bug works anywhere "within the United States"--in other words, outside the range of a nearby FBI agent armed with a radio receiver.

... A BBC article from 2004 reported that intelligence agencies routinely employ the remote-activiation method. "A mobile sitting on the desk of a politician or businessman can act as a powerful, undetectable bug," the article said, "enabling them to be activated at a later date to pick up sounds even when the receiver is down."

... In one case involving Nicodemo S. Scarfo, the alleged mastermind of a loan shark operation in New Jersey, the FBI found itself thwarted when Scarfo used Pretty Good Privacy software (PGP) to encode confidential business data.

So with a judge's approval, FBI agents repeatedly snuck into Scarfo's business to plant a keystroke logger and monitor its output. [Not “break the encryption” as originally reported. Bob]

... This week, Judge Kaplan in the southern district of New York concluded that the "roving bugs" were legally permitted to capture hundreds of hours of conversations because the FBI had obtained a court order and alternatives probably wouldn't work. [Interesting precedent! Bob]

The FBI's "applications made a sufficient case for electronic surveillance," Kaplan wrote. "They indicated that alternative methods of investigation either had failed or were unlikely to produce results, in part because the subjects deliberately avoided government surveillance."

... Surreptitious activation of built-in microphones by the FBI has been done before. A 2003 lawsuit revealed that the FBI was able to surreptitiously turn on the built-in microphones in automotive systems like General Motors' OnStar to snoop on passengers' conversations.

When FBI agents remotely activated the system and were listening in, passengers in the vehicle could not tell that their conversations were being monitored.

Malicious hackers have followed suit. A report last year said Spanish authorities had detained a man who write a Trojan horse that secretly activated a computer's video camera and forwarded him the recordings.



Perspective on Offshoring...

http://hbswk.hbs.edu/item/5570.html

How Important Is Quality of Labor? And How Is It Achieved?

December 1, 2006 by Jim Heskett

Executive Summary: A new book by Gregory Clark identifies "labor quality" as the major enticement for capital flows that lead to economic prosperity. By defining labor quality in terms of discipline and attitudes toward work, this argument minimizes the long-term threat of outsourcing to developed economies. By understanding labor quality, can we better confront anxieties about outsourcing and immigration?

No comments: