Wednesday, February 02, 2011

No pressure! Note that it still requires you to click on a bogus link....

http://www.techeye.net/security/internet-explorer-bug-puts-900-million-users-at-risk

Internet Explorer bug puts 900 million users at risk

Microsoft has announced that all current versions of Internet Explorer are currently at risk of being hacked due to a flaw in the programme.

It is now known that the web browser, used by 900 million people across the globe, requires a software patch in order to defend against attack while Microsoft prepares a longer term fix, a massive security slip up by the firm.

A security advisory announcement was made on Friday highlighting scripting vulnerabilities affecting all versions of Windows.

It is not however thought that there has been any breaches of security so far: “The main impact of the vulnerability is unintended information disclosure,” said Angela Gunn, a Microsoft representative.

… The fault lies in the MHTML protocol handler, which is used by applications to render certain kinds of document.

According to the statement an attacker could, for example, construct an HTML link designed to trigger a malicious script and then persuade the targeted user to click on it.

Once this happens the script would then be able to run on the machine for the rest of that IE browser session, potentially collecting information from emails, sending the user to fake sites and generally interfering with the browser usage.



Ethical Hackers: Here's how you do it...

http://yro.slashdot.org/story/11/02/02/0217256/Egyptians-Turn-To-Tor-To-Organize-Dissent-Online?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Egyptians Turn To Tor To Organize Dissent Online

"Even as President Obama prepares to follow Mubarak with his own 'internet kill switch', Egyptians were turning to the Tor anonymiser to organise their protests online. The number of Egyptians connecting to the internet over Tor rose more than five-fold after protests broke out last week before crashing when the Government severed links to the global internet. Information security researcher, Tor coder and writer of the bridge that allowed Egypt's citizens to short-circuit government filters, Jacob Appelbaum, told SC Magazine Egyptians were 'concerned and some understand the risk of network traffic analysis.' Appelbaum has himself been the subject of attention from US security services who routinely snatch his electronics and search his belongings when he re-enters the country and who subpoenaed his private Twitter account last December."

Which helps explain why Appelbaum is helping to organize a small fundraiser to get more communications gear into Egypt.



(Related) “Yes, it gives the President Mubarak-like power, but its different! Or at least it will be on paper...”

http://news.cnet.com/8301-31921_3-20030332-281.html

Senators decry link between Egypt, 'kill switch' bill

Three U.S. senators who want to give the president emergency powers over the Internet are protesting comparisons with the "kill switch" highlighted by Egypt's Net disconnection.

In a statement yesterday, the politicians said their intent was to allow the president "to protect the U.S. from external cyber attacks," not to shut down the Internet, and announced that they would revise their legislation to explicitly prohibit that from happening.


(Related) “Hey, we're the government. You can trust us!”

http://www.bespacific.com/mt/archives/026401.html

February 01, 2011

EFF Releases Report Analyzing Surveillance of Americans During Intelligence Investigations Conducted Between 2001 and 2008

Patterns of Misconduct: FBI Intelligence Violations from 2001 - 2008, A Report Prepared by the Electronic Frontier Foundation, January 2011

  • "In a review of nearly 2,500 pages of documents released by the Federal Bureau of Investigation as a result of litigation under the Freedom of Information Act, EFF uncovered alarming trends in the Bureau’s intelligence investigation practices. The documents consist of reports made by the FBI to the Intelligence Oversight Board of violations committed during intelligence investigations from 2001 to 2008. The documents suggest that FBI intelligence investigations have compromised the civil liberties of American citizens far more frequently, and to a greater extent, than was previously assumed. In particular, EFF’s analysis provides new insight into the number of Violations Committed by the FBI..."



So much for net neutrality? Or have they just gone away from “unlimited Internet?”

http://www.cbc.ca/canada/nova-scotia/story/2011/02/02/ns-usage-based-billing.html

N.S. internet users mull over CRTC billing decision

The federal regulator gave Bell Canada the approval to implement so-called usage-based billing to wholesale customers — usually smaller internet service providers that rent portions of its network.

Customers of those service providers in Ontario and Quebec received notice this week that they would be able to stream or download only a fraction of the movies and data that they had previously been allowed under the same price plan.

"This is outrageous gouging," said Andrew Wright, who runs a non-profit internet provider in Halifax called Chebucto Community Net.

… "The sad point is that if people aren't careful of what they're doing online, they can rack up one serious bill and we've all heard stories about the cellular industry doing that," he said.



I wonder why no one in the US is doing this? We could easily “borrow” their criteria and evaluate state laws...

http://www.pogowasright.org/?p=20207

European Commission Finds Israeli Data Protection Law Provides Adequate Protection

February 1, 2011 by Dissent

Reporting from Israel, legal consultant Dr. Omer Tene writes:

On January 31, 2011, the European Commission formally approved Israel’s status as a country providing “adequate protection” for personal data under the European Data Protection Directive. The decision is restricted to automated international data transfers from the EU, as well as to non-automated data transfers that are subject to further automated processing in Israel. It will allow unrestricted transfers of personal data from the EU to Israel, for example between corporate affiliates or from European companies to data centers in Israel.

Israel joins a select group of countries, including Argentina, Canada, Switzerland, Andorra and several English Channel Islands, which have obtained similar status. A separate arrangement governs data transfers from the EU to the U.S. under the Safe Harbor framework.

Read more on Hunton & Williams Privacy and Information Security Law Blog.



“Hey, we got a good thing going here, why change?”

http://www.pogowasright.org/?p=20221

New Study Shows Persistence Of ‘Flash Cookies’

February 1, 2011 by Dissent

Joe Mullin reports:

The tracking uses of so-called “Flash cookies,” the data packets stored in the computers of users of Adobe (NSDQ: ADBE) Flash Player, started getting a lot more attention last year, when they were the focus of an article about online privacy in the Wall Street Journal, as well as severallawsuits. They were also mentioned as a privacy problem last month by the Federal Trade Commission.

The results from a new study suggest that “re-spawning,” one of the more troublesome practices around Flash cookies, is declining. But the same study showed that about 10 percent of the most-popular web sites may still be using Flash cookies to track users—and none of the companies that run those web sites would discuss what they’re using the cookies for.

Read more on PaidContent.org



1) after ignoring complaints for months, TSA announced earlier this month that they would be changing the machines. 2) no government hardware has ever been designed, tested and implemented in one month. 3) a minor software tweak, changing only how the data is displayed (but keeping the real images in storage somewhere) is a much more probable answer.

http://www.pogowasright.org/?p=20204

TSA debuts new full-body scanners

February 1, 2011 by Dissent

Ashley Halsey III reports:

New airport security scanners designed to be less intrusive than machines that captured near-naked images will debut at the Las Vegas airport Tuesday.

They’ll look just like the controversial scanners that were introduced last fall, but instead of sending a revealing image to be examined in a private security booth, new software will project a non-gender-specific silhouette on a small screen attached to the booth.

If the passenger is carrying any contraband items a red box will appear on the screen. Otherwise it will flash a green okay.

Read more in the Washington Post.



Ethical Hackers: What's taking you so long?

http://www.theregister.co.uk/2011/02/01/ps3_hacked_again/

Newest PS3 firmware hacked in less than 24 hours

… Sony announced the release of Version 3.56 on Wednesday. That same day, game console hacker Youness Alaoui, aka KaKaRoToKS, tweeted that he had released the tools to unpack the files, allowing him to uncover the new version's signing keys.



Another resource discovered...

http://www.pogowasright.org/?p=20198

Ca: Management Ethics: Privacy issues

February 1, 2011 by Dissent

The Fall/Winter 2010 issue of Management Ethics (pdf) from www.ethicscentre.ca has a nice collection of articles:

  • Why Privacy Matters - Chris MacDonald, Ph.D.

  • Privacy by Design: Achieving Consumer Trust and Freedom in the Information Age - Ann Cavoukian, Ph.D.

  • Hiring in a Social Media Age - Avner Levin, SJD

  • Privacy Law: Questions and Answers - Christine Lonsdale



...and we should be able to identify new/modified data instantly...

http://www.bespacific.com/mt/archives/026407.html

February 01, 2011

Abandoning Law Reports for Official Digital Case Law

Abandoning Law Reports for Official Digital Case Law, Peter W. Martin, Cornell Law School, January 25, 2011, Cornell Legal Studies Research Paper No. 11-01

  • "In 2009, Arkansas ended publication of the Arkansas Reports. Since 1837 this series of volumes, joined in the late twentieth century by the Arkansas Appellate Reports covering the state's intermediate court of appeals, had served as the official record of Arkansas's case law. For all decisions handed down after February 12, 2009, not books but a database of electronic documents “created, authenticated, secured, and maintained by the Reporter of Decisions” constitute the “official report” of all Arkansas appellate decisions. The article examines what distinguishes this Arkansas reform from the widespread cessation of public law report publication that occurred during the twentieth century and this new official database from the opinion archives now hosted at the judicial websites of most U.S. appellate courts. It proceeds to explore the distinctive alignment of factors that both led and enabled the Arkansas judiciary to take a step that courts in other jurisdictions, state and federal, have so far resisted. Speculation about which other states have the capability and incentive to follow Arkansas’s lead follows. That, in turn, requires a comparison of the full set of measures the Arkansas Supreme Court and its reporter of decisions have implemented with similar, less comprehensive, initiatives that have taken place elsewhere. Finally, the article considers important issues that have confronted those responsible for building Arkansas’s new system of case law dissemination and the degree to which principal components of this one state’s reform can provide a useful template for other jurisdictions."



The “software tool” claims to identify copyrighted material in your browser (only?) but you have to pay for the “universal license” first. Clearly the “universal license” isn't universal as the software will explain how to “purchase the rights” in real time and then records information to summarize violations (and perhaps phone that information home?)

http://www.bespacific.com/mt/archives/026402.html

February 01, 2011

New on LLRX.com - The Risky Business of Information Sharing: Why You Need to Care About Copyright

The Risky Business of Information Sharing: Why You Need to Care About Copyright: Copyright is an essential tool in the spread of new ideas, and the workplace has become ground zero for infringement. Ask employees up and down the corporate hierarchy, and they'll tell you that whisking information electronically to co-workers is integral to their jobs. Their employers will emphatically agree. But unauthorized swaps of information also carry enormous potential risk: Ordinary office exchanges, so natural to the digital world, can easily violate the copyright rights of others and bring costly lawsuits or settlements. Now the same technology that has dramatically defined the Internet age is drawing a new roadmap to compliance, with software tools that simplify adherence to copyright requirements.



Ethical Hackers: Is this enough to automate forgery?

http://www.washingtonpost.com/wp-dyn/content/article/2011/02/01/AR2011020106442.html

National Treasures: Google Art Project unlocks riches of world's galleries

Google is bringing its "street view" technology indoors. With the announcement Tuesday in London of the Google Art Project, the Internet giant jumps into the online art arena with tools that will allow Web surfers to move through 17 of the most prominent art galleries in the world, with the option to look more closely at individual artworks, including some that will be digitized so exhaustively that individual paint strokes and hairline cracks in the surface will be visible.

http://www.googleartproject.com/


No comments: