Sunday, January 09, 2011

About time someone made this InfoGraphic. Note that the biggest variable seems to be timeliness...

http://blog.zonealarm.com/2011/01/what-is-the-cost-of-a-missing-laptop-2.html?display=infographic

What is the Cost of a Missing Laptop?



For my Ethical Hackers: With Convergence (one device acting as many) comes a “Convergence of Risk” (one device with the flaws of many)

http://it.slashdot.org/story/11/01/08/141207/Major-Security-Flaws-Discovered-In-Internet-HDTVs?from=rss

Major Security Flaws Discovered In Internet HDTVs

"Security researchers have discovered several security flaws in one of the best-selling brands of Internet-connected HDTVs, and believe it's likely that similar security flaws exist in other Internet TVs. The security researchers were able to demonstrate how an attacker could intercept transmissions from the television to the network using common 'rogue DNS,' 'rogue DHCP server,' or TCP session hijacking techniques. Mocana was able to demonstrate that JavaScript could then be injected into the normal datastream, allowing attackers to obtain total control over the device's Internet functionality."


(Related) Traffic Lights that can “Phone Home”

http://mobile.slashdot.org/story/11/01/08/2244234/Thieves-in-South-Africa-Hit-Traffic-Lights-For-SIM-Cards?from=rss

Thieves in South Africa Hit Traffic Lights For SIM Cards

"Some 400 high-tech South African traffic lights are out of action after thieves in Johannesburg stole the mobile phone SIM cards they contain. JRA (Johannesburg Road Agency) said it is investigating the possibility of an 'inside job' after only the SIM card-fitted traffic lights were targeted. The cards were fitted to notify JRA when the traffic lights were faulty. 'We have 2,000 major intersections in Johannesburg and only 600 of those were fitted with the cards,' the agency's spokesperson Thulani Makhubela told the BBC. 'No-one apart from JRA and our supplier knows which intersections have that system.' The thieves ran up bills amounting to thousands of dollars by using the stolen cards to make calls."


(Related) “Instant Read” technology could be added to bar stools (Sorry, we can't serve you any longer) or Congress (Too drunk to vote?) or church pews (God and my iPad know who you sinners are!) .

http://www.pogowasright.org/?p=19075

Too drunk? Your car won’t go along for the ride.

January 8, 2011 by Dissent

Ashley Halsey III reports:

The technology developed in the past decade to sniff out terrorist bombs eventually could be used to combat another scourge: drunk drivers.

Researchers funded by auto manufacturers and federal safety regulators are working on sensory devices – to be installed as standard equipment on all new vehicles – that would keep a vehicle from starting if the driver has had too much to drink.

[...]

The new technology would not require that the driver blow into a tube, like the interlock devices some states require after drunken-driving convictions. Instead, either a passive set of sensors permanently installed in the vehicles or touch-sensitive contact points on a key fob or starter button would immediately register the level of alcohol in the bloodstream.

Read more on Washington Post.


(Related?) Banning a technology is easy, rules that make it safe/useful are difficult.

http://www.pogowasright.org/?p=19069

Calif. County Criminalizes Smart-Meter Installations

January 8, 2011 by Dissent

As a follow-up to a news story posted last week, a reader kindly sends in this link to a New York Times story by Debra Kahn:

The Marin County Board of Supervisors unanimously passed an ordinance (pdf) yesterday that deems the installation of smart meters a public nuisance in some areas.

The law applies to unincorporated Marin, home to about 70,000 of the county’s 260,000 residents. In addition to electromagnetic health risks, the board cited concerns about meters being used to collect information about residents’ activities, impacts on aesthetics and potential damage to amateur radio networks.

[...]



For my “Lawyers in the Cloud” friends: Perhaps only a global (or Cloud based?) law firm will have the resources to deal with Cloud Providers...

http://www.readwriteweb.com/cloud/2010/12/3-legal-issues-to-consider-whe.php

3 Legal Issues to Consider When Going to the Cloud

Do You Know Where Your Data is Located?

"States have laws governing privacy and confidentiality that can provide severe sanctions for violating those laws. With cloud computing, are the documents governed by the law of the state in which they are physically located, by the location of the company possessing them, or by the laws of the state where a person resides?"

Who Takes Responsibility?

… Google's 10-Q statement

"Our systems are vulnerable to damage or interruption from earthquakes, terrorist attacks, floods, fires, power loss, telecommunications failures, computer viruses, computer denial of service attacks, or other attempts to harm our systems."

And let's say there has been a data breach. Who is responsible in that situation? Is it the vendor?

"Salesforce.com and other large vendors carry cyber insurance in case of a breach. Usually though it is considered a shared responsibility. The provider may only carry insurance for $15 million. It's up to the customer to then determine what extra insurance to carry in case of a problem."

Intellectual Property Rights

You may not own the application or the operating system. You definitely don't need the hardware anymore. But you better have the right to remove the data when you want. That means you need to be clear about the day you stop using an application. Can you take that data with you?

Then comes the issue with such matters as trade secrets. What happens when the provider gets a subpoena? Can the provider access your data and hand it over to the authorities?

Finally, there is the issue with third parties.

"The vendor may grant some privileged third parties access to your stored data. The identity of such parties, if any, must be disclosed to the customer. Here, the third party could be a legal authority or even an internal employee. The customer should always be informed before the vendor allows third parties to access the stored data.


No comments: