http://www.pogowasright.org/article.php?story=20081016183517252
Fraudsters' website shut in swoop
Thursday, October 16 2008 @ 06:35 PM EDT Contributed by: PrivacyNews
A website used by criminals to buy and sell credit card details and bank log-ins has been shut down after a police operation, the BBC has learned.
International forum Darkmarket ran for three years and led to fraud totalling millions of pounds.
Nearly 60 people connected with the site have been arrested in Manchester, Hull and London, as well as Germany, Turkey and the US.
Source - BBC Related - Computerworld: FBI says Dark Market sting netted 56 arrests
Not a case of “We didn't know” rather “We don't care” OR “It's only taxpayers”
http://www.pogowasright.org/article.php?story=2008101618481054
Inspector General Report: Two IRS Applications Leave Taxpayer Data at Risk
Thursday, October 16 2008 @ 06:48 PM EDT Contributed by: PrivacyNews
The Internal Revenue Service left taxpayer data exposed by deploying two major computer systems despite knowing that they harbor security vulnerabilities, according to a report released publicly today by the Treasury Inspector General for Tax Administration (TIGTA).
Source - Dark Reading
[From the article:
The IRS discovered the flaws both during the software development process and during the security testing after the systems were deployed, but still went ahead with the partial rollout.
Not “We can, therefore we must” but “We wanna, therefore we gonna”
http://www.pogowasright.org/article.php?story=20081016185150118
Can Private Companies Helping the NSA Be Watchdogs, Too?
Thursday, October 16 2008 @ 06:51 PM EDT Contributed by:PrivacyNews
Companies that secretly helped the government's secret anti-terrorism surveillance operations without requiring valid legal orders have found their reputations sullied, their billboards re-decorated and their lawyers busy fending off suits seeking billions in damages. Just ask AT&T.
But given that the government's spooks will continue to rely on private companies -- especially telecoms -- to help with their secret intelligence efforts, could these companies actually serve as a watchdog protecting the country from intrusive, lawbreaking spying?
Jon Michaels, an acting professor at UCLA Law School, thinks they could.
The key, according to Michaels' article in the California Law Review, is making such companies tell the appropriate Congressional committees and inspectors general in regular reports when they transfer information about Americans to the government's spy agencies. Congress also much find a clear way to punish companies which cooperate informally and immunize those who follow legal orders.
Source - Threat Level
One of the little problems with Cloud Computing. You don't have a “service Level Agreement” so you have to plan for outages. (Stop thinking “sole source”)
Extended Gmail outage hits Apps admins
Google has offered no explanation as to what is causing the ongoing Gmail problem nor why it will take the company so long to restore service
By Juan Carlos Perez, IDG News Service October 16, 2008
... At around 5 p.m. Eastern Time on Wednesday, Google announced in the official Google Apps discussion forum that the company was aware of a problem preventing Gmail users from logging into their accounts and that it expected a solution by 9 p.m. on Thursday.
I'm calling this the “Ron Paul for President” scenario. (Perhaps the “Anyone Else” scenario?)
E-voting report: Several states still vulnerable
With election less than three weeks away, study predicts that voting systems in numerous states will fail on November 4
By Grant Gross, IDG News Service October 16, 2008
... The report details which states have not taken precautions against fraud or technical errors associated with e-voting machines and other voting systems:
-- Ten states -- Colorado, Delaware, Kentucky, Louisiana, New Jersey, South Carolina, Tennessee, Texas, Utah, Virginia -- received failing grades in three of four voting security areas.
Related? Ask the Ron Paul design team...
http://www.schneier.com/blog/archives/2008/10/designing_a_mal.html
October 16, 2008
Designing a Malicious Processor
From the LEET '08 conference: "Designing and implementing malicious hardware," by Samuel T. King, Joseph Tucek, Anthony Cozzie, Chris Grier, Weihang Jiang, and Yuanyuan Zhou.
Abstract:
Hidden malicious circuits provide an attacker with a stealthy attack vector. As they occupy a layer below the entire software stack, malicious circuits can bypass traditional defensive techniques. Yet current work on trojan circuits considers only simple attacks against the hardware itself, and straightforward defenses. More complex designs that attack the software are unexplored, as are the countermeasures an attacker may take to bypass proposed defenses.
We present the design and implementation of Illinois Malicious Processors (IMPs). There is a substantial design space in malicious circuitry; we show that an attacker, rather than designing one specific attack, can instead design hardware to support attacks. Such flexible hardware allows powerful, general purpose attacks, while remaining surprisingly low in the amount of additional hardware. We show two such hardware designs, and implement them in a real system. Further, we show three powerful attacks using this hardware, including login backdoor that gives an attacker complete and highlevel access to the machine. This login attack requires only 1341 additional gates: gates that can be used for other attacks as well. Malicious processors are more practical, more flexible, and harder to detect than an initial analysis would suggest.
This would never happen in an English speaking country!
http://yro.slashdot.org/article.pl?sid=08/10/17/066236&from=rss
Nation-Wide Internet Censorship Proposed for Australia
Posted by timothy on Friday October 17, @05:51AM from the unarmed-populace dept. Censorship Government The Internet Politics
sparky1240 writes
"While Americans are currently fighting the net-neutrality wars, spare a thought for the poor Australians — The Australian government wants to implement a nation-wide 'filtering' scheme to keep everyone safe from the nasties on the internet, with no way of 'opting out': 'Under the government's $125.8 million Plan for Cyber-Safety, users can switch between two blacklists which block content inappropriate for children, and a separate list which blocks illegal material. ... According to preliminary trials, the best Internet content filters would incorrectly block about 10,0000 [SIC] Web pages from one million."
Related – let them access the data, then arrest them. (We've always had the technology to do this, but the volumes and related delays made it impractical.)
http://yro.slashdot.org/article.pl?sid=08/10/16/2137258&from=rss
Tool To Allow ISPs To Scan Every File You Transmit
Posted by timothy on Thursday October 16, @06:03PM from the in-case-they-run-out-of-human-tools dept. Privacy The Internet
timdogg writes
"Brilliant Digital Entertainment, an Australian software company, has grabbed the attention of the NY attorney general's office with a tool they have designed that can scan every file that passes between an ISP and its customers. The tool can 'check every file passing through an Internet provider's network — every image, every movie, every document attached to an e-mail or found in a Web search — to see if it matches a list of illegal images.' As with the removal of the alt.binary newgroups, this is being promoted under the guise of preventing child porn. The privacy implications of this tool are staggering."
Is this likely to become common as manufacturers/vendors try to protect the performance or even the “look & feel” of their products?
http://tech.slashdot.org/article.pl?sid=08/10/16/149245&from=rss
Android Also Comes With a Kill-Switch
Posted by CmdrTaco on Thursday October 16, @11:28AM from the now-that's-not-very-open dept. Google Cellphones
Aviran writes
"The search giant is retaining the right to delete applications from Android handsets on a whim. Unlike Apple, the company has made no attempt to hide its intentions, and includes the details in the Android Market terms and conditions, as spotted by Computer World: 'Google may discover a product that violates the developer distribution agreement... in such an instance, Google retains the right to remotely remove those applications from your device at its sole discretion.'"
If neighborhoods, why not counties? Perhaps we could patent the process of selecting unique names for babies and then appending family names?
http://www.wired.com/politics/law/news/2008/10/neighborhood
Lawsuit Claims Mapmaking Firm Owns Your Neighborhood
By Marty Graham Email 8 hours ago
A mathematician who pioneered a fractal-based urban-mapping technique is embroiled in a copyright battle that raises legal questions about whether a company can claim ownership of the definition of neighborhoods: their specific locations and boundaries. The dispute highlights a growing movement to quantify the amorphous tendrils connecting communities.
Bernt Wahl had the idea in 2004 to use a blend of mathematical modeling and old-fashioned shoe leather to map out unofficial neighborhoods — areas like Bernal Heights in San Francisco, or New Orleans' French Quarter — whose borders are drawn mostly in the minds of the inhabitants.
Since then, he's produced maps defining more than 18,000 neighborhoods in 350 U.S. and international cities, which are used in everything from search localization to epidemiology. The Federal Deposit Insurance Corp. is currently using Wahl's maps to better understand which neighborhoods are being slammed hardest by the mortgage crisis.
Vermont-based mapping company Maponics is now suing Wahl to keep him from creating any more neighborhood maps "derived from or containing parts of" the original maps he produced four years ago, which defined 7,000 neighborhoods in 100 cities. Wahl did that work as a contractor for a real estate web portal, which then sold the copyright to Maponics. Because American's biggest metropolitan areas were included in the original batch of maps, the lawsuit could effectively bar Wahl from the mapmaking business for good.
No comments:
Post a Comment