Friday, July 11, 2008

Perhaps someday all reported security breaches will be because of exceptions – people violating standing orders. But by then, our job will be to detect those who are not in compliance – and kill them.

http://www.pogowasright.org/article.php?story=2008071105574485

Army records on stolen laptop

Friday, July 11 2008 @ 05:57 AM EDT Contributed by: PrivacyNews

A laptop computer that was reported stolen from an Army employee’s truck last week contained personal information on about 800 to 900 Fort Lewis soldiers, said military and Lacey police officials.

... Officials said the employee, a civilian military personnel specialist, appears to have violated Army standards and policies for protecting personal information and government property.

[...]

In this case, an Army employee told Lacey police he left the laptop and a 500-gigabyte removable hard drive on the seat of his Dodge truck, parked unlocked in front of his house overnight July 3. He reported them stolen about 10 a.m. on July 4.

He told police there was no classified, secret or top-secret information on the laptop and the hard drive.

Source - The News Tribune

[From the article:

Army laptops and removable storage devices containing personal information are generally restricted to on-post workplaces but can be signed out with a supervisor’s permission. They’re also supposed to be password-protected and personal information is supposed to be encrypted, Caruso said.



I wonder if they got the idea from the one the CIA started in Iran? I wonder if the Iranians started this one? (How would we know?)

http://news.slashdot.org/article.pl?sid=08/07/11/0351257&from=rss

Internet Based Political "Meta-Party" For Massachusetts

Posted by timothy on Friday July 11, @12:34AM from the thought-you-said-mega-party dept. Government United States Politics

sophiachou writes

"The Free Government Party, a non-profit, open source political 'meta-party' focused on providing citizens with more direct control of Congress through online polling and user-drafted bills, seems to be looking for a candidate to endorse for US Representative of Massachusetts' 8th Congressional District. If you're from the Boston area, you might have seen this already on Craigslist. The chosen candidate will be bound by contract to vote in Congress only as do his or her constituents online. However, they don't seem to be going for direct democracy. To make voting convenient, you can select advisers to cast your votes for you, unless you do so yourself. Supposedly, interviews for the candidate position are already underway. Anyone from MA's 8th Congressional District on Slashdot already apply?"



A story to watch! Can Comcast regulate the FTC?

http://www.eweek.com/c/a/Infrastructure/FCC-Chief-Finds-Comcast-Guilty-of-Network-Neutrality-Violations/

FCC Chief Finds Comcast Guilty of Network Neutrality Violations

By Roy Mark 2008-07-11

Comcast is guilty of blocking consumers' access to the Internet and faces federal sanctions, FCC Chairman Kevin Martin said July 10.

... Marvin Ammori, general counsel of Free Press, said, "This is an historic test for whether the law will protect the open Internet. If the commission decisively rules against Comcast, it will be a remarkable victory for organized people over organized money."



Politics 101: Announce that you are responsible for making the earth round, saving countless lives of the people who would otherwise fall off the edge... (Or claim to have invented the Internet?)

http://news.cnet.com/8301-13578_3-9988278-38.html?hhTest=1&part=rss&subj=news&tag=2547-1_3-0-5

July 10, 2008 3:41 PM PDT

N.Y. A.G. says AOL will curb access to Usenet. It already did

Posted by Declan McCullagh

... In his press release, which was reproduced uncritically, Cuomo claimed that AOL has "agreed to eliminate access to child porn newsgroups, a major supplier of these illegal images" and said that the company will "purge" its "servers of child porn websites."

... There's just one problem with the press release. AOL isn't doing anything different today than it did yesterday. "We have not changed any policies or procedures as part of today's announcement," AOL spokeswoman Allie Burns told me via e-mail.



Security from non-traditional sources. Think of it as allowing you to seal your mail in an envelope rather than requiring postcards...

http://tech.slashdot.org/article.pl?sid=08/07/11/0230225&from=rss

The Pirate Bay's Plans To Encrypt the 'Net

Posted by timothy on Friday July 11, @06:50AM from the pretty-ned8bdrnki(bdr## dept. The Internet Encryption Privacy

Keeper Of Keys writes

"According to newteevee.com, The Pirate Bay, those fun- and freedom-loving Swedes, have embarked on a project to encrypt all internet traffic, probably by means of an OS-level wrapper around all network connections, which would fall back to an unencrypted connection when the other end is not similarly equipped. The move has been prompted by a recent change in Swedish law, allowing the authorities to snoop on network traffic. This will be a boon to filesharers and anyone else concerned about authorities and trade groups' recent moves towards 'policing' network traffic at the ISP level."



Think of it as “hacking the press” Since military technology would accurately count the missiles launched, games like this are clearly aimed at other targets...

http://thelede.blogs.nytimes.com/2008/07/10/in-an-iranian-image-a-missile-too-many/

July 10, 2008, 9:16 am

In an Iranian Image, a Missile Too Many

By Mike Nizza and Patrick Witty

... For its part, Agence France-Presse retracted its four-missile version this morning, saying that the image was “apparently digitally altered” by Iranian state media. The fourth missile “has apparently been added in digital retouch to cover a grounded missile that may have failed during the test,” the agency said. Later, it published an article quoting several experts backing that argument.



For your Security Manager (and my Hacker Club)

http://www.bespacific.com/mt/archives/018768.html

July 10, 2008

National Insitute of Standards Draft Guide to Bluetooth Security

Draft Guide to Bluetooth Security, July 9, 2008, SP 800-121.

  • "Bluetooth is an open standard for short-range radio frequency (RF) communication. Bluetooth technology is used primarily to establish wireless personal area networks (WPAN), commonly referred to as ad hoc or peer-to-peer (P2P) networks. Bluetooth technology has been integrated into many types of business and consumer devices, including cellular phones, personal digital assistants (PDA), laptops, automobiles, printers, and headsets. This allows users to form ad hoc networks between a wide variety of devices to transfer voice and data. This document provides an overview of Bluetooth technology and discusses related security concerns."


Ditto

http://www.bespacific.com/mt/archives/018778.html

July 10, 2008

NIST Draft Guidelines on Cell Phone and PDA Security

Draft SP 800-124, Guidelines on Cell Phone and PDA Security, July 2008.

"Cell phones and personal digital assistants (PDAs) have become indispensable tools for today's highly mobile workforce. Small and relatively inexpensive, these devices can be used for many functions, including sending and receiving email, storing documents, delivering presentations, and remotely accessing data. While these devices provide productivity benefits, they also pose new risks to an organization’s security.

This document provides an overview of cell phone and PDA devices in use today and offers insights into making informed information technology security decisions on their treatment. The document gives details about the threats and technology risks associated with these devices and the available safeguards to mitigate them. Organizations can use this information to enhance security and reduce incidents involving handheld devices."


Ditto (For the Hack collection)

http://gizmodo.com/5023971/iphone-os-20-unlocked-yes

iPhone OS 2.0 Unlocked

The new iPhone OS 2.0 software has been unlocked and jailbroken. It was released just hours ago and it has already been cracked by the iPhone Dev Team. The first one took a couple of months, but this one was actually unlocked before Apple released it to the public.



Also for my Hackers... Why was all of this on an Internet connected computer?

http://www.phiprivacy.net/?p=527

Jul-10-2008

IL: New Trier hacker saw teacher salaries, medical records

Dan Rozek reports:

Jonah Greenthal said he hacked into the computer system at New Trier High School to check his class rank, but the 18-year-old senior found much more than that.

Greenthal managed to tap into confidential school data that included teacher salaries, medical records and grade histories for students who had graduated as long as three years ago, authorities said Wednesday.

[...]

As part of his plea deal with Cook County prosecutors, Greenthal was sentenced to one year of court supervision and ordered to perform 50 hours of community service and pay $320 in court costs. Before imposing the sentence, Judge Earl B. Hoffenberg call the security breach “a pretty serious matter.”

Full story - Chicago Sun-Times

[From the article:

Prosecutors said Greenthal cooperated with police and school officials investigating the hacking, allowing them access to his laptop, which included more than a dozen "hacking" tools. [I suspect computers are shipped for the factory with at least a dozen “hacking tools” -- if you know how to use them. Lawyers: is that “probable cause?” Bob]



Perhaps we should start a website that points to all the free tools for securing employee computers... Oh wait, there are thousands of websites like that.

http://news.cnet.com/8301-13845_3-9986218-58.html?hhTest=1&part=rss&subj=news&tag=2547-1_3-0-5

July 11, 2008 5:00 AM PDT

Back up everything you own with free set-and-forget utilities

Posted by Rick Broida

Data disaster can strike anywhere, anytime. If you're not making regular backups, you're asking for trouble. Trust me. In that spirit of doom of gloom, I've rounded up five free backup utilities for preserving different types of data. All of them are "set-and-forget" programs, meaning once you've installed and configured them, they'll do their thing in the background. Doesn't get much easier than that.



Not terribly informative, but a useful overview?

http://www.bespacific.com/mt/archives/018771.html

July 10, 2008

NASCIO Report: State CIOs and Electronic Records

"The National Association of State Chief Information Officers (NASCIO) is pleased to announce the release of its research brief, Ready for the Challenge? State CIOs and Electronic Records. The brief is a product of NASCIO's Electronic Records and Digital Preservation Working Group and may be found online. States continue to struggle with new challenges presented by a growing portfolio of electronic records and digital content that must be preserved. Within this context, the issue of electronic records (e-records) management has emerged as a high-priority policy and technology issue for state CIOs. This issue is now driven by emerging trends such as new Web 2.0 collaboration tools that create e-records in forms that are transitory, yet still document the business of government. The importance of the subject is driven by vulnerability of essential e-records during disasters and a growing emphasis on transparency and accountability in state government, including online public access to records on spending, performance, procurements, and contracts."

No comments: