School Spy Program Used on Students Contains Hacker-Friendly Security Hole
By Kim Zetter May 20, 2010 4:09 pm
A controversial remote administration program that a Pennsylvania school district installed on student-issued laptops contains a security hole that put the students at risk of being spied on by people outside the school, according to a security firm that examined the software.
The LANrev program contains a vulnerability that would allow someone using the same network as one of the students to install malware on the laptop that could remotely control the computer. An intruder would be able to steal data from the computer or control the laptop webcam to snap surreptitious pictures.
… In the hack demonstrated in the video below, Leviathan researcher Joel Voss is seen intercepting communication between a LANrev computer and its server, and then impersonating the server to install a remote control program that gives him complete and surreptitious control over the machine. He can operate its web camera to capture imagery of the person sitting in front of the machine.
(Related) How far should schools go to “protect” students?
http://www.pogowasright.org/?p=10437
Ex-student sues Tunkhannock Area, authorities over cell phone seizure
May 21, 2010 by Dissent
David Singleton reports a follow-up to a Pennsylvania student sexting case that was covered previously on this site when a federal judge chastised a district attorney for threatening to prosecute the students. The injunction was later upheld by the Third Circuit.
A former Tunkhannock Area High School student accused school and Wyoming County law enforcement officials of violating her privacy rights by seizing and searching her cell phone and punishing her for storing nude and semi-nude photos of herself on the device.
The woman, who was a 17-year-old senior at the time, contends in a civil rights suit filed Thursday that the intimate photos were intended to be viewed “only by herself and, perhaps, her longtime boyfriend.” She is seeking unspecified damages and the destruction of all electronic and hard copies of the photos.
[...]
The woman was a schoolmate of three girls who sued when they were threatened with prosecution by former District Attorney George Skumanick after photos of them in various states of undress were circulated among Tunkhannock Area students in 2008. In April, a federal judge barred prosecutors from pursuing charges in the “sexting” case.
Read more on CitizensVoice.com.
Shannon P. Duffy also discusses the case in the Legal Intelligencer.
http://www.databreaches.net/?p=11736
Study: ITRC Encouraged by 2009 Victim Aftermath Study
May 21, 2010 by admin
The Identity Theft Resource Center has released its annual Aftermath study. From their press release:
For the first time in 7 years, The Identity Theft Resource Center (ITRC)® can state that it is encouraged by the findings of the Identity Theft: The Aftermath 2009™. It is becoming clear that some areas of great distress in the past have become less worrisome for the victims. This is true in terms of victim time involvement, cost to victim, support from friends, level of satisfaction in interactions with law enforcement, and fewer negative consequences.
Victim hours repairing damage: Victims reported spending an average of 68 hours repairing the damage done by identity theft to an existing account used or taken over by the thief, down from an average of 76 hours in 2008. In cases where a new account, criminal, governmental or a combination of several situations were involved, respondents reported an average of 141 hours to clean up the fraud. This is a significant decrease from the average of 265 hours in 2008.
Costs to victim: Respondents in 2009 spent an average of $527 dollars in out-of-pocket expenses for damage done to an existing account. This is down from the $741 reported in 2008.
Important Relationships: In 2009, 44% of the respondents indicated support from friends, while only 9% said friends were not supportive.
Unfortunately, the 2009 Aftermath, once again, shows a number of negative issues that victims continue to encounter. Check fraud is on the increase, along with cases involving governmental and criminal identity theft issues. The moment of discovery of the case continues to be adverse, indicating that the public and business sections have been less successful in proactive measures to stop identity theft crimes before they happen or become complicated. In addition, the victim’s inability to easily resolve negative records continues to be a stated point of frustration and source of anger, including short-term and long-term emotional impact.
Inability to clear negative records: Unfortunately, while victim time involvement may have decreased, there continues to be an inability to easily clear negative records. Nearly 1/3 of the respondents were unable to remove any negative items.
Victim discovery of crime: It is disturbing to note that self-proactive measures decreased from 2008, despite growing educational efforts nationwide to enhance consumers’ knowledge of this issue. It is equally disturbing that business-proactive measures reflect only a nominal increase.
Uses of victim information: Opening new lines of credit continues to remain the most frequently occurring use for a victim’s identity (55%). Ranking second in use of personal information are charges on stolen credit cards and debit cards at 34%. Check fraud continued to reflect an increase in 2009 either by synthesizing or theft of checks.
Since 2003, the ITRC has conducted annual victimization surveys to study the impact of identity theft crimes on its victims. The goal of these surveys and reports, now with seven years of information, is to view identity theft from the victim’s perspective. These annual studies provide a snapshot of each victim at the time they took the study.
Other general highlights include:
Prevalence of types of identity theft crimes: The “unlawful use of personal identifying information” for only financial identity theft crimes was reported by 74% of the respondents. The remaining 26% reflect cases of criminal identity theft, governmental identity theft, and/or combinations of the above.
Child identity theft: Responses indicate a shift in criminal behavior relation to child identity theft from family members to unknown perpetrators.
Emotional Impact: Dr. Charles Nelson (crime victim specialist), analyzed the short term and long term emotions felt by victims. He reached the following conclusions:
Despite media coverage and education about identity theft, the public still believes this happens to someone else. Thus, when this crime touches their lives, disbelief and denial are intensified, followed by anger and rage, similar to the stages of grief.
The ITRC is seeing an increase in long term shame, embarrassment, a sense of being an outcast, and undeserving of help. This may be due to strong consumer messaging about protecting yourself from identity theft.
Many victims “have on-going symptoms and do indicate that they are wrestling with long term dysfunctional changes in their behavior and thought patterns.”
The full report and all tables may be found on the ITRC website: www.idtheftcenter.org
The Joys of Behavioral Advertising (and the power of Data Mining)
http://gawker.com/5543723/facebook-knows-who-youll-hook-up-with
Facebook Knows Who You'll Hook Up With
… As the service's engineers built more and more tools that could uncover such insights, Zuckerberg sometimes amused himself by conducting experiments. For instance, he concluded that by examining friend relationships and communications patterns he could determine with about 33 percent accuracy who a user was going to be in a relationship with a week from now. To deduce this he studied who was looking which profiles, who your friends were friends with, and who was newly single, among other indicators.
(Related) The technology behind Behavioral Advertising can be used for other purposes...
Darpa Wants Code to Spot ‘Anomalous Behavior’ on the Job
By Noah Shachtman May 20, 2010 10:22 am
Can software catch a cyberspy’s tricky intentions, before he’s started to help the other side? The way-out researchers at Darpa think so. They’re planning a new program, “Suspected Malicious Insider Threat Elimination” or SMITE, that’s supposed to “dynamically forecast” when a mole is about to strike. Also, the code is meant to flag “inadvertent” disclosures “by an already trusted person with access to sensitive information.”
“Looking for clues” that suggest a turncoat or accidental leaker is about to spill (.pdf) “could potentially be easier than recognizing explicit attacks,” Darpa notes in a request for information.
I can't believe companies didn't know what data they were receiving. Someone had to look at the data in order to accurately parse it into formats that they could load into their database.
MySpace, Facebook and a half dozen other companies just screwed up. Big time.
Posted by Brad McCarty Follow Brad McCarty on twitter on May 21st, 2010
This is, to put it very lightly, not good. The Wall Street Journal is reporting that some of our largest fears have been realized. All of those promises that sites such as MySpace and Facebook have made regarding the safety of our personal information has been proven to be nothing but cheap talk.
… According to the article:
“Several large advertising companies identified by the Journal as receiving the data, including Google Inc.’s DoubleClick and Yahoo Inc.’s Right Media, said they were unaware of the data being sent to them from the social-networking sites, and said they haven’t made use of it.”
… Search Engine Land had a great article that talked about the convergence between privacy and advertising.
A long article, exploring Facebook's Guide to Privacy
http://www.maclife.com/article/feature/every_facebook_privacy_feature_revealed_and_explained
Every Facebook Privacy Feature Revealed and Explained
Tools for Stalkers! Hey, that might make an interesting subject for a website. Think there's any money in it?
http://www.makeuseof.com/tag/3-fascinating-search-engines-search-faces/
3 Fascinating Search Engines That Search For Faces
facesearch – Face Search Engine
Did you know you could make Google search for faces only, by adding a small bit of code? When you go to Google Image Search, enter your query and then add “&imgtype=face” (without the quotes of course) to the end of the URL. It will give you similar results as facesearch above.
PicTriev – Face Recognition Search Engine
Viewdle – Face Recognition Video Search Engine
Perhaps “Let's Get Google” would be a better name for the site?
http://www.bespacific.com/mt/archives/024298.html
May 20, 2010
Consumer Watchdog Launches Inside Google Website To Focus Light on Internet Giant
"Consumer Watchdog today formally launched its new Website, Inside Google, to focus attention on the company’s activities and hold Google accountable for its actions. The nonpartisan, nonprofit public interest group is launching Inside Google to educate the public and opinion leaders about Google’s dangerous dominance over the Internet, computing and consumers’ online lives. Inside Google’s blog is authored by experienced consumer advocates and journalists working to expose the “black box” at Google with an eye towards holding Google engineers accountable to social mores, ethical customs and the rule of law."
Isn't this like the fingerprint database (until they start deporting people with undesirable DNA)
House Votes To Expand National DNA Arrest Database
Posted by timothy on Thursday May 20, @05:19PM
"Millions of Americans arrested for but not convicted of crimes will likely have their DNA forcibly extracted and added to a national database, according to a bill approved by the US House of Representatives on Tuesday. By a 357 to 32 vote, the House approved legislation that will pay state governments to require DNA samples, which could mean drawing blood with a needle, from adults 'arrested for' certain serious crimes. Not one Democrat voted against the database measure, which would hand out about $75 million to states that agree to make such testing mandatory. ... But civil libertarians say DNA samples should be required only from people who have been convicted of crimes, and argue that if there is probable cause to believe that someone is involved in a crime, a judge can sign a warrant allowing a blood sample or cheek swab to be forcibly extracted."
A simple illustration of who is doing what. More informative than those simple bar charts I've been showing my Statistics students.
Thursday, May 20, 2010
Infographic - Which Age Groups Use Social Media
For my geeks
http://www.makeuseof.com/tag/5-alternativ-ways-install-ubuntu-linux/
5 Alternative Ways To Install Ubuntu [Linux]
For the Ethical Hacker class (I'll claim it was stolen from the Secret Archives of the New York Times)
Lost Hacking Documentary Surfaces on Pirate Bay
By Kevin Poulsen May 20, 2010 12:00 pm
After collecting cobwebs in a studio vault for the better part of a decade, an unreleased documentary on the 2003 hacking scene leaked onto the Pirate Bay Thursday.
Narrated by actor Kevin Spacey, the 90-minute Hackers Wanted follows the exploits of Adrian Lamo, who pleaded guilty in 2004 to cracking the internal network of The New York Times.
Something for the students who annoy me!
http://www.makeuseof.com/dir/earwurm-song-that-stick-in-your-head
Earwurm: Songs That Stick In Your Head
… Earwurm is a collection of such song that stick in your head. You can listen to a new tune every day or search the collection for a specific one.
It is a great way to get a tune stuck in somebody else’s mind too. Simply find a tune and forward it to them.
This might be fun for my Intro to Computers class ALSO might be a simple way to provide handouts...
http://www.killerstartups.com/User-Gen-Content/pageeasy-com-creating-temporary-web-pages
PageEasy.com - Creating Temporary Web Pages
Page Easy is a tool that you can use in order to build a temporary web page. This can be used by those who don’t have a blog and who can’t be bothered to get one, and also by the ones who want an alternative to HTML email.
Using this site you can easily host a video online, or any picture that you want others to see without needing to be a programmer. As a matter of fact, you don’t have to type a single line of code - uploading a file is as easy as uploading an attachment when sending out an email.
No comments:
Post a Comment