Monday, August 02, 2010

A Mid-term question for my Ethical Hackers. Write an App that erases this data in 25 lines of code or less.

http://www.pogowasright.org/?p=12509

When you hit the delete button, it’s never really deleted:” Why cops love iPhone

August 1, 2010 by Dissent

Amber Hunt reports:

[...]

And if you’re doing something criminal, something about it is probably going to go through that phone:

Every time an iPhone user closes out of the built-in mapping application, the phone snaps a screenshot and stores it. Savvy law-enforcement agents armed with search warrants can use those snapshots to see if a suspect is lying about whereabouts during a crime.

• iPhone photos are embedded with GEO tags and identifying information, meaning that photos posted online might not only include GPS coordinates of where the picture was taken, but also the serial number of the phone that took it.

• Even more information is stored by the applications themselves, including the user’s browser history. That data is meant in part to direct custom-tailored advertisements to the user, but experts said some of it could be useful to police.

Clearing out user histories isn’t enough to clean the device of that data, said John B. Minor, a member of the International Society of Forensic Computer Examiners.

Read more in the Chicago Sun-Times.


(Related)

http://www.pogowasright.org/?p=12512

New Minnesota law gives police warrantless access to cellphone location data

August 1, 2010 by Dissent

A new law went into effect in Minnesota today. As reported by Mark Sommerhauser:

A new law requires cell-phone companies to reveal call-location information if asked by law enforcement to do so in an emergency. The law came from the Kelsey Smith Act, named for a missing Kansas teen whose body was found after a phone company voluntarily provided the location of her cell phone. Such locations can be tracked by cell towers, according to a release from House Public Information Services.

Law enforcement may request call-location information if a person is at risk of death or serious physical harm, the law says.

Source: St. Cloud Times.


(Related)

http://www.pogowasright.org/?p=12517

Atkinson to ask privacy commissioner not to cut access to Go Cards

August 1, 2010 by Dissent

Courtney Trenwith reports:

Queensland Police will appeal to the state’s privacy commissioner not to sever their access to Brisbane commuters’ movements recorded on Go Cards.

Police Commissioner Bob Atkinson said officers had used the information ‘‘lawfully and appropriately’’ and should be allowed to continue to do so.

brisbanetimes.com.au exclusively revealed last week police are tapping into commuters’ Go Card records to not only pinpoint the movements of criminal suspects but also potential witnesses.

Read more in the Brisbane Times.


(Related)

http://www.pogowasright.org/?p=12519

NZ: Growing concern over tracking devices lead to call for new legislation

August 1, 2010 by Dissent

Nicky Hager of Stuff reports, “Spies target animal rights campaigners:”

An Auckland private investigation firm has been caught out after it attached a sophisticated tracking device to a political campaigner’s car – but left the device visible from outside the vehicle. [Incompetent. Bob]

The GPS tracking device, which used a mobile phone connection to report the car’s position to private investigators, had been attached with magnets.

It is the third time in three years the Sunday Star-Times has caught Thompson & Clark Investigations doing covert surveillance on political groups for corporate clients.

Read more on Stuff.

From a Green Party press release:

Changes to a law already before Parliament could protect New Zealanders from spying by private companies, the Green Party said today.

“It’s silly that private investigators have more rights to use tracking devices than the Police,” said Green human rights spokesperson Keith Locke, “but we can extend the law to control companies and individuals as well as Government agencies.”

Read more on Scoop.

The Privacy Commissioner’s comments on tracking as it relates to the new counter-terrorism bill can be found at http://www.privacy.org.nz/counter-terrorism-bill/?highlight=tracking



A Final exam question?

http://www.networkworld.com/news/2010/073110-hacker-snoops-on-gsm-cell.html

Hacker snoops on GSM cell phones in demo

Despite concerns that federal authorities might fine or arrest him, hacker Chris Paget went ahead with a live demonstration of mobile phone interception at the Defcon hacking conference Saturday.

Using several thousand dollars worth of equipment, [$1500 according to most reports Bob] Paget was able to intercept mobile-phone data on the GSM (Global System for Mobile Communications) networks used by AT&T and T-Mobile. He did this using a home-made system he calls an IMSI (International Mobile Subscriber Identity) catcher.

Within minutes of activating his IMSI catcher in test mode, Paget had 30 phones connected to the system. Then, with a few keystrokes, he quickly configured the device to spoof an AT&T cell tower.

"As far as your cell phones are concerned I am now indistinguishable from AT&T," he said. He predicted that every AT&T device in the room would connect to his tower, within the next half hour.



So, could I request (via FOIA) a list of everyone using my SSAN? Would they refuse to tell a Senator?

http://www.databreaches.net/?p=12908

Petri bill would enlist IRS against identity theft

August 2, 2010 by admin

U.S. Rep. Tom Petri is introducing federal legislation to fix a loophole that the IRS claims prevents it from informing people if the IRS detects that their Social Security Number has been fraudulently used…

… One resident of Princeton, Wis., learned that he was a victim of the fraud as a result of a call from a debt collector, Petri said. The resident contacted the Internal Revenue Service to alert the agency that somebody was using his Social Security number illegally.

“To his surprise, he learned that the IRS already knew of the situation, had known for some time, and had chosen not to tell anybody,” said Tom Petri. “The IRS explained that it is legally required to protect the privacy of the person committing the fraud.

[...]

Petri last week introduced legislation that, he said, would “require the IRS to fight on the side of the good guys.” Joining him in introducing the bill is Rep. Melissa Bean, D-Ill.

Privacy laws are not intended to protect fraudsters or to enable illegal immigration,” Bean said. “If the IRS has information about identify theft, it should share that information immediately with law enforcement and affected parties.”

The Petri-Bean bill — known as the Social Security Identity Defense (SSIDA) Act — would require the IRS to inform a taxpayer when his or her Social Security number has been used fraudulently to gain employment; provide that the IRS share this information with the FBI and allow the FBI to make facts available to state and local law enforcement agencies; and prevent the appearance of a fraudulently used Social Security number on a W-2 statement.

Read more on fdlreporter.com



If you're innocent, you have nothing to fear. (If you can't afford an indoor pool, you deserve to be fined, you Second Class citizen, you.)

http://www.pogowasright.org/?p=12507

NY: High-tech crackdown on illegal pools raises privacy fears

August 1, 2010 by Dissent

Mitchell Freedman

If you live in Riverhead and have a backyard pool that doesn’t have a permit, beware: The town is using a new tool to find you without ever setting foot on your property.

In a move other Long Island towns may copy but privacy advocates say raises “Big Brother” concerns, Riverhead has used the satellite image service Google Earth in the last nine months to snag about 250 homeowners who have swimming pools but no required permits.

[...]

Lee Tien, an attorney with the San Francisco -based Electronic Frontier Foundation , a digital-rights advocacy group, said the town’s use of Google Earth is “probably” legal because the images aren’t “particularly revealing of intimate activities” and officials used them to answer a simple yes or no question: Pool or no pool?

Tien said just because a practice is legal, however, that doesn’t make it good policy. “It seems like there are less creepy ways of doing this type of thing,” Tien said.

Read more on Newsday.



Are we still stuck n the Industrial Age? The TJX hackers didn't bother with hardware at the retail level, they stole credit card data wholesale! Why make possession of each separate possible tool a crime, when you could make possession/use of the data a crime?

http://www.databreaches.net/?p=12896

Possession of a skimmer now a felony in Minnesota

August 1, 2010 by admin

A new law went into effect in Minnesota today. As reported by Mark Sommerhauser:

The Legislature moved to criminalize possession of “skimming” devices that can be used to steal someone’s identity. The new law makes it a felony to possess devices that allow unauthorized scanning and recording of personal information from the magnetic strip of a credit card.

Source: St. Cloud Times.



Gosh, does this means they no longer think we're perfect?

http://www.bespacific.com/mt/archives/024852.html

August 01, 2010

The Economist Targets American Criminal Justice System

Rough justice in America - Too many laws, too many prisoners- Never in the civilised world have so many been locked up for so little "Justice is harsher in America than in any other rich country. Between 2.3m and 2.4m Americans are behind bars, roughly one in every 100 adults. If those on parole or probation are included, one adult in 31 is under “correctional” supervision. As a proportion of its total population, America incarcerates five times more people than Britain, nine times more than Germany and 12 times more than Japan. Overcrowding is the norm. Federal prisons house 60% more inmates than they were designed for. State lock-ups are only slightly less stuffed. The system has three big flaws, say criminologists. First, it puts too many people away for too long. Second, it criminalises acts that need not be criminalised. Third, it is unpredictable. Many laws, especially federal ones, are so vaguely written that people cannot easily tell whether they have broken them."

No comments: