Wednesday, October 03, 2007

Aren't all systems hackable?

http://www.pogowasright.org/article.php?story=20071002134011380

Eircom contacts customers in wireless-security scare

Tuesday, October 02 2007 @ 01:40 PM EDT Contributed by: PrivacyNews News Section: Breaches

Eircom is to contact up to 250,000 of its customers regarding a security issue relating to the companies wireless modems.

It has emerged that hackers can tap into certain models of the Netopia series routers without the account holders knowledge or consent.

The security breach affects the Netopia 3300 and 2247 series routers.

Source - Evening Echo



Wouldn't regular deletion of keys (normal course of business) make this impossible? No one uses the same key forever, do they?

http://www.pogowasright.org/article.php?story=20071002134646970

UK: Law requiring disclosure of decryption keys in force

Tuesday, October 02 2007 @ 01:46 PM EDT Contributed by: PrivacyNews News Section: Non-U.S. News

Users of encryption technology can no longer refuse to reveal keys to UK authorities after amendments to the powers of the state to intercept communications took effect yesterday.

The Regulation of Investigatory Powers Act (RIPA) has had a clause activated which allows a person to be compelled to reveal a decryption key. Refusal can earn someone a five-year jail term.

Part III of RIPA was in the original Act but was not activated. The Home Office said last year that it had not implemented the provision because encryption had not been as popular as quickly as it had predicted. It launched a consultation which culminated in Part III being made active on 1st October.

Source - Out-Law.com



I'll get a copy at the library...

http://www.pogowasright.org/article.php?story=20071002121307407

Book: The Future of Reputation: Gossip, Rumor, and Privacy

Tuesday, October 02 2007 @ 12:13 PM EDT Contributed by: PrivacyNews News Section: Internet & Computers

Dan Solove has a new book out that PogoWasRight.org readers may be interested in, The Future of Reputation: Gossip, Rumor, and Privacy. From the jacket:

Teeming with chatrooms, online discussion groups, and blogs, the Internet offers previously unimagined opportunities for personal expression and communication. But there’s a dark side to the story. A trail of information fragments about us is forever preserved on the Internet, instantly available in a Google search. A permanent chronicle of our private lives—often of dubious reliability and sometimes totally false—will follow us wherever we go, accessible to friends, strangers, dates, employers, neighbors, relatives, and anyone else who cares to look. This engrossing book, brimming with amazing examples of gossip, slander, and rumor on the Internet, explores the profound implications of the online collision between free speech and privacy.

Daniel Solove, an authority on information privacy law, offers a fascinating account of how the Internet is transforming gossip, the way we shame others, and our ability to protect our own reputations. Focusing on blogs, Internet communities, cybermobs, and other current trends, he shows that, ironically, the unconstrained flow of information on the Internet may impede opportunities for self-development and freedom. Long-standing notions of privacy need review, the author contends: unless we establish a balance between privacy and free speech, we may discover that the freedom of the Internet makes us less free.

More: Concurring Opinions



One possible scenario: They are keylogging everything you do...

http://weblog.infoworld.com/gripeline/archives/2007/10/amazon_makes_yo.html

October 02, 2007

Amazon Makes You Lie to Log Off

Are e-commerce websites making it harder and harder for users to log off? That's certainly a trend one reader has seen evidence of, including confirmation from Amazon that the best way to sign out from your account is to lie to them about who you are.

"Over the last few months it has become very difficult to sign out of a session from sites like Amazon and PayPal," the reader wrote. "The 'Sign Out' or equivalent link that for years was at the top of nearly every page is now missing from nearly all pages of those sites. Even the most obvious page where a sign out link should be -- the page acknowledging completion of an order -- offers no way to log out. Amazon and PayPal have turned things upside down and instead of closing a session, they now want us to remain logged in after leaving their site. Why would they do that? What good does it do Amazon and PayPal when their customers minimize the browser or surf to another site while signed in?"

The reader was particularly bothered by what appears to be the only procedure now for logging out of an Amazon account. "Amazon offers a moronic - i.e., counterintuitive -- solution to signing out. You have to find a page on the site that has 'If you're not (your name), click here' and click on it, thereby saying you're not you. [Does this suggest that everything “you” just purchased was actually the work of an identity thief? Bob] This convoluted procedure is too bizarre to be unplanned or mere Webmaster gaffe, so something's going on."



Another excuse to talk security with the CEO! Alert your Security Geek! CEOs typically aren't the most security aware people in the organization. (Fortunately, their secretaries usually handle the email.)

http://hosted.ap.org/dynamic/stories/T/TROJAN_E_MAILS_EXECS?SITE=VALYD&SECTION=HOME&TEMPLATE=DEFAULT

Oct 3, 1:15 AM EDT

E-Mail Attackers Target Corporate Execs

NEW YORK (AP) -- During a two-hour period on June 24, something unusual and a bit worrying turned up in e-mail security firm MessageLabs Inc.'s filters: 514 messages tailored to senior executives of corporate clients that contained malicious programs designed to steal sensitive company data.

On Sept. 12 and 13 it happened again, but this time the firm captured 1,100 messages in a 16-hour wave. The messages, which included executives' names and titles, were from a purported employment service and offered attachments supposedly containing information on potential job candidates.

The attachments were Microsoft Word documents - a common file type erroneously believed to be safe by most computer users - that if not intercepted would have deposited Trojan horses, or malicious programs disguised as benign ones, onto targeted computers.

... "All of a sudden somebody new hit the scene," said Mark Sunner, MessageLabs' chief security analyst. Who that was isn't clear because technical tricks disguised the e-mails' origin, he said. But it's likely the person or group responsible came from the digital underground centered in Eastern Europe, where malicious-program writers and organized crime have long worked hand-in-hand online to steal and sell data for use in fraud schemes.

The newcomers appear to be after corporate secrets, he said. They have sought, specifically, to infiltrate the computers of chief executives, chief financial officers, chief technology officers and other senior managers - and on occasion their assistants. And the Trojan horses were primarily designed to help the attacker gather Microsoft Office files from the "My Documents" directory of infiltrated PCs.



More for starting a security discussion...

http://blog.wired.com/27bstroke6/2007/10/cybersecurity-m.html

Cyber Security Awareness Month: Do You Know Where Your Firewall Is?

By Ryan Singel EmailOctober 01, 2007 | 4:28:27 PM

Monday is the start of Cyber Security Awareness Month in the United States, and security giant McAfee and the National Cyber Security Alliance released a report (.PDF) showing that for many, taking basic precautions towards keeping one's computer safe is still a perplexing job.

For instance, some 87% believe they have anti-virus software installed, but only some 50 percent have actually updated its virus signature files in the past week. Oddly, more people actually have anti-virus software installed (94%) than actually know they have it installed. The same goes for firewalls -- some 81% actually have a firewall, while 73% think they have it. But only 64% actually have it turned on.



Well, it is Cyber Security Awareness Month...

http://www.infoworld.com/article/07/10/03/stopbadware-report-warns_1.html?source=rss&url=http://www.infoworld.com/article/07/10/03/stopbadware-report-warns_1.html

StopBadware: Trusted Web sites are being hacked and don't even know it

StopBadware report warns: In a Web 2.0 world it's becoming easier to sneak badware onto a legitimate site, compromising trusted Web sites

By Robert McMillan, IDG News Service October 03, 2007

It's getting harder and harder to know who to trust on the World Wide Web, according to online safety advocates StopBadware.org.

On Tuesday, the group released its 2007 Trends in Badware report, saying the bad guys are finding new ways to place their malicious software on our computers -- often by compromising Web sites that we trust.



Marketing? This would be funny if it didn't reiterate the lack of adequate procedures (or even management thought?) too common today.

http://consumerist.com/consumer/thanks-but-no-thanks/thomas--friends-customers-were-sent-lead-tainted-toys-as-apology-for-lead-tainted-toys-306219.php

Thomas & Friends Customers Sent Lead Tainted Toys As Apology For Lead Tainted Toys

If you returned a recalled Thomas & Friends toy to RC2, you probably received an apology and a "bonus gift." We hope you didn't give the toy to your kid, because some of the "bonus gifts" have been recalled for lead contamination.



There will be a lot of blog commentary on this trial...

http://techdirt.com/articles/20071002/191206.shtml

Sony-BMG Exec Tells Two Whoppers In File-Sharing Trial

from the say-what? dept

Wired's Threat Level blog has been doing some excellent work covering the first RIAA file-sharing case to go to trial, in my home state of Minnesota. In the latest post, reporter David Kravets quotes a couple of whoppers in the testimony of Sony BMG exec Jennifer Pariser. First, Pariser claims that "Selling music is the only way a record company makes money." That's just silly. While record sales are certainly a major source of revenue for record labels, there are lots of other revenue streams out there: concert tickets, merchandise, online subscriptions, endorsement deals, advertising revenue, and so forth. Just yesterday we had an excellent example of a band experimenting with offering name-your-own-price downloads coupled with a premium "discbox." And even some of Pariser's fellow record label execs have begun acknowledging that relying so heavily on music sales is a bad business strategy. At least I can see why Pariser might have thought it was a good legal strategy to pretend that record sales are the only conceivable revenue source for the music industry. Her other claim is even more puzzling: when asked if it's legal to make just one copy of a song you've legally purchased, she apparently said that was "a nice way of saying, 'steals just one copy.'" Not only is that flatly untrue as a matter of law, but saying it also seems like a lousy legal strategy, because (as Kravets points out) some of the jurors probably own MP3 players and won't like being accused of stealing. It's also worth mentioning that this is something the industry keeps flip-flopping on. Sometimes (like when they're arguing before the Supreme Court) they say that of course iPods are legal. Other times they call anyone who rips their CD collections for personal use thieves.



“Yes, that's what we wrote, but it's not what we mean...”

http://arstechnica.com/news.ars/post/20071002-att-vows-to-use-terms-of-service-for-good-not-censorship.html

AT&T vows to use Terms of Service for good, not censorship

By Ken Fisher | Published: October 02, 2007 - 10:44AM CT

Yesterday we reported on AT&T's controversial Terms of Service, which in broad legal language gives AT&T the right to terminate a customer's service for activity which AT&T deems "damaging" to its reputation. As we noted yesterday, the legal language is particularly vague and appears to give AT&T broad discretion in deciding what constitutes "damage."

... However, an AT&T spokesperson tells Ars Technica that the company has no interest in engaging in censorship but stopped short of saying that AT&T could not in fact exercise its ability to do so.

"AT&T respects its subscribers' rights to voice their opinions and concerns over any matter they wish. However, we retain the right to disassociate ourselves from web sites and messages explicitly advocating violence, or any message that poses a threat to children (e.g. child pornography or exploitation)," the spokesperson told Ars Technica. "We do not terminate customer service solely because a customer speaks negatively about AT&T."



Is it illegal for sex offenders to be on social networks?

http://www.reuters.com/article/internetNews/idUSN0235656220071002

New Jersey subpoenas Facebook over sex offenders

Tue Oct 2, 2007 5:47pm EDT

NEW YORK (Reuters) - New Jersey State Attorney General Anne Milgram said on Tuesday her office has subpoenaed Facebook to discover whether convicted sex offenders in the state have profiles on the popular social networking site.

Milgram issued the subpoena on Monday to Facebook along with letters to 11 other social networking sites asking them to compare member accounts against a list of sex offenders.

... A joint 50-state investigation is looking into Facebook, MySpace and other social networks over concerns they may fall short in protecting young users.



Brave New World

http://www.news.com/8301-10784_3-9789296-7.html?part=rss&subj=news&tag=2547-1_3-0-5

Political dirty tricks 2.0: Outsourcing voter suppression calls?

Posted by Chris Soghoian October 2, 2007 5:20 PM PDT

During my blog posts this week, I'll be focusing on ways in which the Internet can be used to disrupt elections and the political process. On Friday, I'll be giving a talk on the subject at the Anti Phishing Working Group eCrime Researchers Summit on the subject of Political Phishing.

In today's post: What happens when voter suppression calls get outsourced to India? How will law enforcement track down the evildoers, and what will this mean for our elections?



Research tool or comedy link?

http://www.bespacific.com/mt/archives/016156.html

October 02, 2007

2008 Presidential Candidates Page

"CQ MoneyLine has created a shortcut for users to quickly access information on all the major presidential candidates this cycle. To visit this page, click here."



Most interesting: In the latest MicroCenter ad, their computers come with Microsoft Vista (various levels depending on the model) but their higher end machines come with “downgrade rights to Microsoft Windows XP Professional” and on their lower end laptops you can “Upgrade” to XP for a mere $50. Hummmm...

http://www.informationweek.com/news/showArticle.jhtml?articleID=202200222

Microsoft Offers Licenses For Fake Windows XP Copies

To qualify, users of illegitimate versions of Windows XP Pro must pledge to use only genuine Microsoft software going forward and agree to have their software infrastructure audited.

By Paul McDougall InformationWeek October 2, 2007 01:00 PM



Free entertainment

http://www.researchbuzz.org/wp/2007/10/02/search-engine-for-radio-stations/

Search Engine for Radio Stations

2nd October 2007

Looking for Internet radio stations? You can browse or do keyword searches with the new search engine iheard, at http://www.iheard.com/ .

The front of the site has a directory with the usual categories (jazz, rock, folk, oldies, talk) and a couple of unexpected (ambient, eclectic.) (There’s a much more detailed category page if you want one.) There’s also a keyword search. I did a search for one of my favorite Internet radio stations, Groove Salad, and got three results. Results include brief description, genre, a play button, and (painfully small) icons that indicate the software you’ll need to play the station (Real, WinAmp, etc.)

Click on the name of the station for a little more information about the station, but it’s not clear where the ratings are coming from and sometimes the descriptions are just too minimal.

If you don’t know what you want to listen to and can’t even think of something to search, you can always check out the most popular stations or even the stations organized by language. I just wish a bit more information was offered…



Attention Students! Uploading photos of your professor is NOT AMUSING! (Uploading photos of MY PROFESSORS, is!)

http://www.somewhatfrank.com/2007/10/befunky-to-cart.html

BeFunky To Cartoonize Yourself

Frank Gruber October 1, 2007

BeFunky, a startup which was founded as a spin off of the more manually artist driven IamCartoon project, offers a few fun little applications to allow users to easily create and customize photos as cartoons and create personal avatars.

No comments: