Tuesday, November 01, 2011


At what point should this move from the hands of corporate security managers to a national (international) security organization?
Symantec uncovers cyber espionage of chemical, defense firms
… "The purpose of the attacks appears to be industrial espionage, collecting intellectual property for competitive advantage," according to the report. (PDF)
… Targets include multiple Fortune 100 companies that do research and development of chemical compounds and develop manufacturing infrastructure for the chemical and advanced materials industry, firms that develop advanced materials for military vehicles, Symantec said.
In one two-week period, researchers saw more than 100 unique IP addresses contact a command-and-control server with traffic that appeared to come from an infected machine. The IP addresses were from 52 different ISPs or organizations located in 20 countries, according to the report.


Who decided to do it this way? What business purpose is satisfied? (None that I can see)
Dumb security, Monday edition: Want to read Newsday as an Optimum Online customer? You’ll have to turn over your Cablevision password.
October 31, 2011 by Dissent
Color me stunned.
As an Optimum Online subscriber, I’m supposed to get free online access to Newsday, one of the largest newspapers in New York. So I went to sign up on Newsday’s site. And that’s when my eyes popped out of my head.
Not only does Newsday’s sign-up form ask you for your Optimum ID (username), full name, and address, but they require you to provide the password to your Optimum account.
Say WHAT?
Not believing my eyes, I called their help number and asked why they didn’t just take the ID and send a confirming e-mail to the user’s account, but was told that no, I had to provide the password to my account.
I told the representative, who I won’t name as this is not her fault, that that was the stupidest thing I’ve heard all day and is really poor from a security standpoint.
She put me on hold and eventually came back to tell me that I did have to provide the password but it’s “encrypted.”
D’oh.
I asked to speak to Newsday’s Chief Security Officer and was told they have none. Gee, what a surprise.
I asked to speak to Newsday’s Chief Privacy Officer and was told they didn’t have one of those, either.
So I called Optimum Online and asked to speak to their online security office. I posed my question to them and they told me I’d have to take it up with Newsday. Of course, they (Cablevision) own Newsday, so you’d foolishly think they might have some influence or be concerned about passwords being needlessly entered in a subsidiary’s web site, but no, they said I had to take it up with Newsday.
Obviously, I didn’t sign up for digital Newsday today. Shame on them and Cablevision for even requiring the major account password to access the site. What is Cablevision going to do if Newsday gets hacked? Email hundreds of thousands of customers and tell them to change their Optimum Online passwords? And what are they going to do if Newsday is hacked and the hackers decide to decrypt passwords, login to Optimum Online accounts and listen to people’s voicemail or look at their payment arrangements?
Such an unecessary and foolish risk.

(Related) Not much money for developing these tools...
Why Johnny Can’t Opt Out: A Usability Evaluation of Tools to Limit Online Behavioral Advertising
October 31, 2011 by Dissent
A new report from the very excellent Carnegie Mellon University CyLab, by Pedro G. Leon, Blase Ur, Rebecca Balebako, Lorrie Faith Cranor, Richard Shay, and Yang Wang: Why Johnny Can’t Opt Out: A Usability Evaluation of Tools to Limit Online Behavioral Advertising.
Abstract
We present results of a 45-participant laboratory study investigating the usability of tools to limit online behavioral advertising (OBA). We tested nine tools, including tools that block access to advertising websites, tools that set cookies indicating a user’s preference to opt out of OBA, and privacy tools that are built directly into web browsers. We interviewed participants about OBA, observed their behavior as they installed and used a privacy tool, and recorded their perceptions and attitudes about that tool. We found serious usability flaws in all nine tools we examined. The online opt-out tools were challenging for users to understand and configure. Users tend to be unfamiliar with most advertising companies, and therefore are unable to make meaningful choices. Users liked the fact that the browsers we tested had built-in Do Not Track features, but were wary of whether advertising companies would respect this preference. Users struggled to install and configure blocking lists to make effective use of blocking tools. They often erroneously concluded the tool they were using was blocking OBA when they had not properly configured it to do so.
Full Report: CMU-CyLab-11-017


Perhaps this plays into Facebook's ultimate strategy. They want unlimited access to your data, perhaps this is a country where they can work out a deal with “Big Government Brother”
Facebook’s Swedish data centre will be subject to Snoop Law
October 31, 2011 by Dissent
Anna Leach reports:
The icy location is a big advantage for the new data centre that Facebook is planning in the northern Swedish town of Lulea. But while the frigid Arctic winds will fan the servers, it’s the legal climate that could get hot.
A controversial Swedish internet surveillance law passed in 2008 allows the government there to intercept any internet traffic that passes Sweden’s borders with no need for a court warrant. It’s called the FRA law and the Swedes don’t like it, and Google called it “unfit for a Western democracy”. And the rest of Europe could start to get annoyed by it too when that internet traffic includes their Facebook data.
Read more on The Register.
In other coverage of this story, the Associated Press reports:
Jan Fredriksson, a spokesman for Facebook in Sweden, said the company was confident that restrictions on the agency’s surveillance activities would protect the integrity of regular Facebook users.
“This isn’t something that will affect users,” Frediksson said. “Only people who are strongly suspected of terrorism can become subjected to this.”
Just like here? Oh good. Then we can be sure that there will be no abuses of the system, right?
Another day, another pat on my own back that I had the foresight not to sign up for a Facebook account.


(Related) “Everybody is doing it!” Will these folks be gone from the gene pool in a generation or two? I kind of doubt it.
Survey: Many parents help kids lie to get on Facebook
In 1998, Congress passed the Children's Online Privacy Protection Act (COPPA) that requires Web sites to "obtain verifiable parental consent" before collecting personal information from children under 13.
… COPPA doesn't prevent companies like Facebook from admitting kids under 13, but it does present substantial and expensive roadblocks.
Companies with services aimed at younger kids, such as Disney's Club Penguin, have gone to considerable expense to comply with the law. But most companies, including Facebook, MySpace, and Google+, simply block pre-teens from the service. These rules are specified in the companies' terms of service, and companies generally require members to state their birth date. Any child whose date of birth indicates he or she is under 13 is blocked.
… A peer-reviewed study released today--"Why Parents Help Their Children Lie to Facebook About Age: Unintended Consequences of the 'Children's Online Privacy Protection Act'"--(available from FirstMonday.org) found that "many parents knowingly allow their children to lie about their age--in fact, often help them to do so--in order to gain access to age-restricted sites in violation of those sites' terms of service."


Will this upgrade make Google the RSS Reader of choice?
Google Reader revamp arrives
Google Reader is finally getting its day in the sun. Just as promised earlier this month, the forgotten Google app for collecting and reading news articles all in one place is getting a revamped design.


This could be geeky fun!
"Open Hardware Journal is a new technical journal on designs for physical or electronic objects that are shared as if they were Open Source software. It's an open journal under a Creative Commons license. The first issue contains articles on 'Producing Lenses With 3D Printers,' 'Teaching with Open Hardware Submarines,' 'An Open Hardware Platform for USB Firmware Updates and General USB Development,' and more."
Mr. Perens has promised to be around tonight to answer any questions readers might have.


Now will you let me blog?
INFOGRAPHIC : The Schools That Rule The Web [US Only]
… Our infographic today comes courtesy of Best Education Sites. As the infographic points out, the web can make or break a school these days. They need to have a well designed website and they need to be connected to social media in order to attract the web 2.0 crowd.

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)