"What's in a name? That which we
call a crook
By any other name would smell as bad."
(Sorry Will)
Report:
Hacktivists Out-Stole Cybercriminals in 2011
More than 100 million of the 174
million stolen records Verizon tracked in 2011 were stolen by
hacktivist groups, according to the authors of Verizon’s
2012 Data Breach Investigations Report (.pdf).
How do you get your data back if the
recipient doesn't want to return it? (and would they do the same for
a mere citizen?)
Update:
Computer seized over Belfast City Hall breach (updated)
March 21, 2012 by admin
Give ‘em back their data – that
you didn’t ask for but they sent you anyway – or they’ll seize
it from you?
A computer has
been seized from a woman who received personal details of every
Belfast city councillor in a major security breach, it has been
revealed.
Heather M Brown
surrendered the computer at her home in England under the terms of a
draconian order secured at the High Court in Belfast.
A judge also
authorised the recovery of electronic storage devices or any hard
copies of the spreadsheet containing elected representatives’
private phone numbers, bank details, national insurance numbers and
car registrations. Some passport details were disclosed as well.
Read more on UTV.
Update: Jon Baines
kindly pointed me to an earlier article in the Belfast
Telegraph that may help clarify why an injunction was needed in
this case.
[From the UTV article:
A judge also authorised the recovery of
electronic storage devices or any hard copies of the spreadsheet
containing elected representatives' private phone numbers, bank
details, national insurance numbers and car registrations. Some
passport details were disclosed as well.
… It was claimed that a copy has
already been sent to Justice Minister David Ford's office, in breach
of an injunction against further disclosure granted earlier this
month.
… "The council attempted to
recover the data on a voluntary basis but was unable to do so,"
it said.
A simple software tweak that could have
significant economic and national security implications?
March 21, 2012
Firefox
enables HTTPS safe searching as default setting
Follow up to New
'HTTPS Everywhere' Version Warns Users About Web Security Holes
see the following from privacy researcher Christopher Soghoian -
Firefox
switching to HTTPS Google search by default (and the end of referrer
leakage).
"A few days ago, Mozilla's
developers quietly
enabled Google's HTTPS encrypted search as the default search
service for the "nightly" developer
trunk of the Firefox browser (it will actually use the SPDY
protocol). This change should reach regular users at some point
in the next few months... This is a big deal for the 25% or so of
Internet users who use Firefox to browse the web, bringing major
improvements in privacy and security. First, the
search query information from these users will be shielded from their
Internet service providers and governments who might be using Deep
Packet Inspection (DPI) equipment to monitor the activity of users or
censor and filter search results. Second, the search query
information will also be shielded from the websites that consumer
visit after conducting a search. This information is normally leaked
via the "referrer header"."
What we need is a “Right to be left
alone” bill.
Maryland
and Illinois Introduce Bills to Limit Employer Access to Employees’
Social Networking Accounts
March 21, 2012 by Dissent
Laura Brookover writes:
Lawmakers in
Maryland
and Illinois
have introduced bills that would prohibit employers
from requiring job applicants or employees to grant access to their
social networking accounts. The bills arose from reports
that employers have impliedly or explicitly required access to social
networking accounts as a condition of hiring or employment.
A few bills have
been proposed in Maryland that would protect the privacy of
individuals’ social networking accounts. Bills in the House
and Senate
have been introduced that would restrict all employers’ access to
employee and job applicant accounts. Two separate bills have also
been introduced that would prevent university officials from
accessing student accounts.
Read more on Covington & Burling
Inside
Privacy.
What would be so secret (or
embarrassing?) that it could not be disclosed?
"Continuing the recent
stories on the secret, closed door, FOI blocked talks, the
Australian Greens have filed a motion
in the Senate requesting that the Government release documents
regarding its closed door meetings on Internet piracy which the
Attorney-General's Department has blocked from being released under
Freedom of Information laws. This morning, Greens Communications
Spokesperson Scott Ludlam filed an order in the Senate that the
Government disclose details of the most recent meeting. 'The
Government refuses to reveal almost any information about the
attendees, the substance or the outcomes of the meeting,' he said in
a separate statement. 'A Freedom of Information request from a
journalist looks like it's been met with maximum resistance.'"
How many lawyers would it take to sue
66.6 million people? Who would pay for this in a smaller (Normal?)
case?
MPAA
Wants Megaupload User Data Retained for Lawsuits — Updated
Hollywood studios want a federal judge
to preserve data on all the 66.6 million users of Megaupload, the
file-sharing service that was shuttered in January due to federal
indictments targeting its operators.
The Motion Picture Association of
America is requesting Carpathia, Megaupload’s Virginia-based server
host, to retain the 25 petabytes of Megaupload data on its servers,
which includes account information for Megaupload’s millions of
users.
… Carpathia said it is spending
$9,000 daily to retain the data, and is demanding a federal judge
relieve it of that burden. Megaupload, meanwhile, wants the
government to free up some of the millions in dollars of seized
Megaupload assets to be released to pay Carpathia to retain the data
for its defense and possibly to return data to its customers.
(Related) Being a crook is hard!
Kim
DotCom to get monthly living expenses of $48,000
… It is unclear whether the court's
decision has anything to do with a procedural error made by police
when they confiscated his property. They filed for the wrong kind of
restraining order and the court ruled last week that the erroneous
order was null and void, according to reports. New Zealand legal
experts said that as a result, there was a chance authorities would
have to return all of DotCom's property.
The money for DotCom's monthly
allowance is coming from the interest accrued on the $10 million that
DotCom invested in New Zealand government bonds.
For my Ethical Hackers. Their
customers are knowledgeable. I think a broader market exists in the
“digital forensics” space.
"Forbes profiles Vupen, a
French security firm that openly sells
secret software exploits to spies and government agencies. Its
customers pay a $100,000 annual fee simply for the privilege of
paying extra fees for the exploits that Vupen's
hackers develop, which the company says can penetrate every major
browser, as well as other targets like iOS, Android, Adobe Reader and
Microsoft Word. Those individual fees often cost much more than that
six-figure subscription, and Vupen sells them non-exclusively to play
its customers off each other in an espionage arms race. The
company's CEO, Chaouki Bekrar, says Vupen only sells to NATO
governments and 'NATO partners' but he admits 'if you sell weapons to
someone, there's no way to ensure that they won't sell to another
agency.'"
No comments:
Post a Comment