Thursday, February 10, 2011

“After all, they're of no use to us locked up...”

http://www.wired.com/threatlevel/2011/02/rbs-hacker-avoids-jail/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Index+3+%28Top+Stories+2%29%29

Russian Convicted of $9 Million RBS WorldPay Hack Avoids Jail

Yevgeny Anikin, 27, received a suspended sentence of five years on Monday, according to Russian state news agency RIA Novosti, after pleading guilty to what the U.S. has called “perhaps the most sophisticated and organized computer fraud attack ever conducted.”

Anikin reportedly expressed remorse for his role in the caper, telling the court this week, “I want to say that I repent and fully admit my guilt.” He had been under house arrest since 2009 and reportedly bought two apartments in Novosibirsk and a luxury car with his spoils. He told the court that he had begun to pay back the stolen money.

He’s the second hacker in the caper to avoid jail time.

Last September Viktor Pleshchuk, 29, received a six-year suspended sentence for the heist. Pleschuk also got four years of probation and was ordered to pay $8.9 million in restitution. He received a reduced sentence for cooperating with authorities.



“If you buy online, you owe us sales tax.”

http://www.pogowasright.org/?p=20602

North Carolina Dept. Of Revenue, Amazon Reach Settlement In Privacy Case

February 9, 2011 by Dissent

The North Carolina Department of Revenue has agreed to stop gathering personal data on on-line buyers.

The agreement came in the settlement of a lawsuit filed by Amazon to stop the NCDOR from collecting information. The American Civil Liberties Union, ACLU-NCLF, and ACLU of Washington got involved in the lawsuit on behalf of several Amazon customers.

A federal judge ruled in October 2010 that the government’s requests about Amazon customers violate internet users’ rights to free speech, anonymity and privacy.

Read more on NBC17.

A statement on the ACLU’s blog says, in part:

The North Carolina Department of Revenue (NCDOR) has agreed to stop asking for personally identifiable customer information in combination with details about the titles of customers’ purchases from Internet retailers. The agreement came in the settlement of a lawsuit originally brought by Amazon.com to stop NCDOR from collecting such information. The ACLU and its affiliates in North Carolina and Washington state (where Amazon is headquartered) intervened in the lawsuit on behalf of several Amazon customers whose private information was at stake.

[...]

This settlement is a great win for privacy. While the court’s ruling concerned only the specific request issued to Amazon, the settlement covers requests to all Internet retailers who sell books, movies, music, and similar expressive materials. North Carolina has apparently issued similar requests to other Internet retailers, and previously indicated that it planned to issue more such requests in the future. We are pleased that North Carolina has agreed to take a new approach. Requesting information about what people are purchasing online causes real harm, to real people, and it is unconstitutional in these circumstances.



The best defense is a good offense?

http://blogs.computerworld.com/17795/bank_of_america_using_three_intelligence_firms_to_attack_wikileaks

Bank of America using three intelligence firms to attack WikiLeaks

You would almost need to be disconnected from the Internet to not know about Aaron Barr, the CEO of HBGary Federal, feeling the wrath of Anonymous after Barr told of his intentions to expose the leaders of Anonymous at an upcoming Security B-Sides conference. But today, WikiLeaks published a document called "The WikiLeaks Threat" [PDF] which revealed two other intelligence firms, besides HBGary, were working to develop a strategic plan of attack against WikiLeaks on the behalf of Bank of America.

When I saw that, I wanted to relate what I saw in the proposal.

"The WikiLeaks Threat" outlines a plan by three private data intelligence firms, Palantir Technologies, HBGary Federal, and Berico Technologies, which were hired to effectively combat and attack WikiLeaks. The intel firms were "acting upon request from Hunton and Williams, a law firm working for Bank of America." According to The Tech Herald, "Hunton and Williams were recommended to Bank of America's general council by the Department of Justice. [So, is that a 'get out of jail, free” card? Bob]



This appears to be exactly the wrong thing to do if you want to remain a dictator – educate your people and allow them to communicate freely...

http://www.wired.com/dangerroom/2011/02/sudan-dictator-ill-use-facebook-to-crush-opposition/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Index+3+%28Top+Stories+2%29%29

Sudan Dictator: I’ll Use Facebook to Crush Opposition!

Omar al-Bashir, the president of Sudan, isn’t known for being a technophile. He’s more famous for being an indicted war criminal, owing to his role in the Darfur genocide. But like his northern neighbor Hosni Mubarak, he’s endured two weeks of protests by youths banding together through social networks and text messages. So now Bashir wants to beat them at their own game.

According to the official Sudanese news agency, Bashir today instructed his government to expand rural electrification efforts “so that the younger citizens can use computers and Internet to combat opposition through social networking sites such as Facebook.”



How 'big brotherly' is this?

http://www.pogowasright.org/?p=20611

UK Surveillance Gone Wild: Coventry’s Stoke Park School has 112 CCTV cameras

February 9, 2011 by Dissent

Pupils at Coventry’s Stoke Park School are being watched by an astonishing 112 CCTV cameras, the Telegraph can reveal.

Stoke Park School & Community Technology College, in Dane Road, has 79 security cameras inside its buildings and 33 outside. The startling statistic has led to accusations of “over the top snooping”.

It is easily the most-watched school in the city – with more than three times the number of cameras of the next highest.

The school says the cameras are needed to keep pupils safe.

But a teachers’ union and a national campaign group have criticised the figures.

Read More http://www.coventrytelegraph.net/news/coventry-news/2011/02/09/coventry-s-stoke-park-school-has-112-cctv-cameras-92746-28140250/ Coventry Telegraph

[From the article:

There are 1,090 pupils at Stoke Park – roughly one camera for every 10 pupils.


(Related) What's the magic “too much” number for a city?

http://www.pogowasright.org/?p=20643

Chicago emergency officials defend city’s extensive camera network after scathing ACLU report

February 10, 2011 by Dissent

Sophia Tareen of Associated Press reports:

Chicago emergency management officials defended the city’s expansive network of cameras following a scathing report from a leading civil rights group that raised concerns about the loss of privacy, a lack of regulation and fears the technology could violate the First Amendment.

The American Civil Liberties Union of Illinois called for a full review of the system — with at least 10,000 cameras mounted at locations from skyscrapers to utility poles — saying city officials won’t release basic information such as the exact number and cost of the cameras, nor any incidents of misuse.

Read more in the Chicago Tribune.

Related: ACLU: Chicagoans among most-watched citizens in U.S.

Related: Chicago’s video surveillance cameras: A pervasive and unregulated threat to our privacy (ACLU report)



It's all in how you measure...

http://blogs.westword.com/backbeat/2011/02/study_shows_music_piracy_on_th.php

Study shows music piracy on the decline, porn the most popular of it all

Anti-piracy and counterfeiting prevention company Envisional recently released a report detailing the 10,000 most popular files crossing the streams of BitTorrent trackers. Porn has taken the top, uh, seed, followed closely by non-porn film, while music was near the bottom of the list. What happened?



For my Computer Security students: It's not broken, it's a new feature!

http://it.slashdot.org/story/11/02/09/2331218/Microsoft-Kills-AutoRun-In-Windows?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Microsoft Kills AutoRun In Windows

"Microsoft has finally decided to push out an update to disable AutoRun in its XP operating system, a Windows feature that had been increasingly exploited by virus writers over the years. But because Microsoft still sees AutoRun as a feature and not a security hole, it isn't calling its Windows Update a "security update" but rather an "Important, non-security update" — but it effectively disables the AutoRun feature anyway."



An interesting application of technology. Not only located potholes, but allows you to prioritize based on the number of commuters that hit that hole.

http://apple.slashdot.org/story/11/02/10/0235239/Gov-App-Detects-Potholes-As-Your-Drive-Over-Them?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Gov App Detects Potholes As Your Drive Over Them

"The City of Boston has released an app that uses the accelerometer in your smartphone to automatically report bumps in the road as you drive over them. From the article: 'The application relies on two components embedded in iPhones, Android phones, and many other mobile devices: the accelerometer and the Global Positioning System receiver. The accelerometer, which determines the direction and acceleration of a phone’s movement, can be harnessed to identify when a phone resting on a dashboard or in a cupholder in a moving car has hit a bump; the GPS receiver can determine by satellite just where that bump is located.' I am certain that this will not be used to track your movements, unless they are vertical."



Attention Ethical Hackers: Free coffee!

http://www.databreaches.net/?p=16712

Starbucks’ iPhone barcode app easily scammed by screengrab

Someone has noticed that the Starbucks’ iPhone application can be copied with a screen grab from a neglected handset, enabling the thief to gorge themselves on free coffee.

The payment system relies on reading a bar code from the iPhone’s screen, identifying the customer and debiting their account. But the barcode doesn’t change – and the iPhone has a screen-grabbing function built in, so leaving your handset on the table could allow anyone nearby to make an instant copy of your details and even mail them straight to themselves right from the phone.

Kelley Langford, of System Innovators, based in Florida, reckons he can do that in 20 seconds, and has demonstrated the process repeatedly – showing people just how insecure the Starbucks application is, and presumably drinking a lot of free coffee while doing so.

Read more on The Register.


(Related) And free access to anything the iPhone's owner thought was “secure”

http://apple.slashdot.org/story/11/02/10/1326250/IPhone-Attack-Reveals-Passwords-In-Six-Minutes?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

IPhone Attack Reveals Passwords In Six Minutes

"Researchers in Germany say they've been able to reveal passwords stored in a locked iPhone in just six minutes and they did it without cracking the phone's passcode. The attack, which requires possession of the phone, targets keychain, Apple's password management system. Passwords for networks and corporate information systems can be revealed if an iPhone or iPad is lost or stolen."


No comments: