Friday, August 26, 2011

Sort of a “How To” (and a “how easy to”) for my Ethical Hackers

Was This the Phishing E-mail That Took Down RSA?

"'I forward this file to you for review. Please open and view it.' As a ploy to get a hapless EMC recruiter to open up a booby-trapped Excel spreadsheet, it may not be the most sophisticated piece of work. But researchers at F-Secure believe that it was enough to break into one of the most respected computer security companies on the planet, and a first step in a complex attack that ultimately threatened the security of major U.S. defense contractors including Lockheed Martin, L-3, and Northrop Grumman. The e-mail was sent on March 3 and uploaded to VirusTotal a free service used to scan suspicious messages, on March 19, two days after RSA went public with the news that it had been hacked in one of the worst security breaches ever."



A look at “Terms of Service” and what we trade to use the Internet...

http://www.makeuseof.com/tag/3-ways-sold-soul-internet/

3 Ways You’ve Sold Your Soul To The Internet

Facebook Owns Your Image

Twitter Borrows Your Thoughts

Google Knows Where You Are



Logic overrules “wishful thinking?”

http://www.bespacific.com/mt/archives/028124.html

August 25, 2011

EPIC - Federal Judge: Locational Data Protected Under Fourth Amendment

"A Federal judge has ruled that law enforcement officers must have a warrant to access cell phone locational data. Courts are divided regarding whether or not this type of data should be protected by a warrant requirement. Judge Garaufis of the Eastern District of New York, found that "The fiction that the vast majority of the American population consents to warrantless government access to the records of a significant share of their movements by 'choosing' to carry a cell phone must be rejected… In light of drastic developments in technology, the Fourth Amendment doctrine must evolve to preserve cell-phone user's reasonable expectation of privacy in cumulative cell-site-location records." EPIC has filed amicus briefs in several related cases. For more information see: EPIC: Commonwealth v. Connolly, EPIC: US v. Jones, and EPIC: Locational Privacy."



Too much privacy?

Providence police, hospitals at odds in medical privacy debate

By Dissent, August 24, 2011

Amanda Milkovits has a great report on the thorny intersection between law enforcement, state medical privacy laws, and HIPAA:

A judge in a murder trial in June wanted to see the medical records of a woman whose husband was charged with killing her.

Rhode Island Hospital’s records department rejected the court order –– and answered the subsequent subpoena by saying the law allowed 20 days to respond.

A Providence detective investigating an alleged murder requested the medical records of the victim, who died at Rhode Island Hospital. In his request for the records in March 2010 — nearly two years after the death –– the detective included a copy of the victim’s death certificate, plus two signed releases from the man’s father and adult son.

Rhode Island Hospital refused.

In March, the Providence police wanted to know if a man who’d been shot was still alive, before the suspect accused of shooting him was released on bail. If the victim was dead, the suspect would be held for murder.

Rhode Island Hospital wouldn’t say whether the wounded man existed.

Read more on Projo.com



Gee Mom, everyone else is doing it!”

Cybercrime Treaty Pushes Surveillance Worldwide

"As part of an emerging international trend to try to 'civilize the Internet', one of the world's worst Internet law treaties — the highly controversial Council of Europe (CoE) Convention on Cybercrime — is back on the agenda. Canada and Australia are using the Treaty to introduce new invasive, online surveillance laws, many of which go far beyond the Convention's intended levels of intrusiveness. Negotiated over a decade ago, only 31 of its 47 signatories have ratified it. Many considered the Treaty to be dormant but in recent years a number of countries have been modeling national laws based on the flawed Treaty. Leaving out constitutional safeguards, gag orders in place of oversight, and forcing service providers to retain your data may all be coming soon."



Interesting if it forces law enforcement to trace actors through an anonymous relay rather than seize everything in hopes of figuring it out later...

The EFF Reflects On ICE Seizing a Tor Exit Node

"Marcia Hofmann, senior staff attorney at the EFF, gives more information on the first known seizure of equipment in the U.S. due to a warrant executed against a private individual running a Tor exit node. 'This spring, agents from Immigration and Customs Enforcement (ICE) executed a search warrant at the home of Nolan King and seized six computer hard drives in connection with a criminal investigation. The warrant was issued on the basis of an Internet Protocol (IP) address that traced back to an account connected to Mr. King's home, where he was operating a Tor exit relay.' The EFF was able to get Mr King's equipment returned, and Marcia points out that 'While we think it's important to let the public know about this unfortunate event, it doesn't change our belief that running a Tor exit relay is legal.' She also links to the EFF's Tor Legal FAQ. This brings up an interesting dichotomy in my mind, concerning protecting yourself from the Big digital Brother: Running an open Wi-Fi hotspot, or Tor exit node, would make you both more likely to be investigated, and less likely to be convicted, of any cyber crimes."



Proving once again that one shouldn't make plans in advance of the facts...

http://www.guardian.co.uk/uk/2011/aug/24/twitter-study-post-riot-plans

Twitter study casts doubts on ministers' post-riots plan

A preliminary study of a database of riot-related tweets, compiled by the Guardian, appears to show Twitter was mainly used to react to riots and looting.

Timing trends drawn from the data question the assumption that Twitter played a widespread role in inciting the violence in advance, an accusation also levelled at the rival social networks Facebook and BlackBerry Messenger.

The unique database contains tweets about the riots sent throughout the disorder, which began in Tottenham, north London, on 6 August. It also reveals how extensively Twitter was used to co-ordinate a movement by citizens to clean the streets after the disorder. More than 206,000 tweets – 8% of the total – related to attempts to clean up the debris left by four nights of rioting and looting.

Amid a growing censorship row, government sources said the home secretary did not expect to discuss closing social networks, but wanted to explore what measures the companies could take to help contain future disorder, including how law enforcement agencies can use the sites more effectively.

David Cameron had previously indicated he would contemplate more restrictive measures. The day after the riots subsided, the prime minister told parliament the government was looking at banning people from using sites such as Twitter and Facebook if they were thought to be plotting criminal activity. Cameron said the government would do "whatever it takes" to restore order, adding that a review was under way to establish whether it would be right to attempt to prevent rioters from using social networks. He said he had also asked police if they needed new powers.

The Metropolitan police later revealed it had considered switching off social networks during the disorder in London, but had decided not to on legal advice.



What make email the “official” means of communication?

http://news.cnet.com/8301-17852_3-20097432-71/student-misses-e-mail-loses-college-place/

Student misses e-mail, loses college place

As CBS 5 in San Jose describes it, Kim turned up for freshman orientation, only to find it utterly disorientating. For he was told had had been un-enrolled from the school.

The school had originally sent him an e-mail telling him to disregard all communication about his placement tests. Then it sent him an e-mail about, um, placement tests that happened to mention a problem with his, well, placement test.

Kim admits that he had stopped checking e-mails from the school because they had all seemed unimportant. But he says he had been told to ignore e-mails about placement tests. (And CBS 5 saw the evidence.)

The school told CBS 5 that it expects students to be responsible for checking e-mails.



Enough to make a geek giggle.

Timeline of the Rise of Data

When Wolfram Research set out to build Wolfram Alpha, they set out to make all knowledge computable. Last week they published a Timeline of Systematic Data and the Development of Computable Knowledge.

You can interact with the timeline online, but far cooler (I think) will be hanging the 5-foot poster of the timeline ($7.25 + shipping) that links data and computable knowledge with history, science, and culture on the walls of our Math ELITEs.

The blog post about the timeline is pretty interesting too, discussing which civilizations have tracked the most data.


No comments: