Global Security Watch: June 2005 Archives

Global Security Watch > June 30, 2005

Wal-Mart heir dies in plane crash

[IO ERROR] MGM v. Grokster case returns to district court Posted by IO ERROR under Politics , Internet , Privacy 1 Comment I wasn’t even going to mention this...

It’s STILL bullshit

[BradSpangler.com] The Minnesota Court Of Appeals did not rule that having encryption software on one’s computer was an indication of criminal activity, but instead ruled that in the case State vs. Levie, the software, along with other supporting evidence, indicated criminal activity and therefore the appellant was not eligible for a new trial.

Posted at 01:18 AM

June 30, 2005

Wal-Mart heir dies in plane crash

[IO ERROR] MGM v. Grokster case returns to district court Posted by IO ERROR under Politics , Internet , Privacy 1 Comment I wasn’t even going to mention this...

Posted at 01:20 AM

It’s STILL bullshit

Posted at 01:18 AM

Big brother ?

[SoWeirdProductions] AMSTERDAM (Reuters) - Dutch Philips Electronics (PHG.AS)(NYSE:PHG - news) said on Thursday it will supply the German passport printing authority with wireless chips for the new smart passports for the country’s 80 million citizens.

Read related posts for „Big brother ?“.

Posted at 01:14 AM

Block Ciphers and Initialization Vectors (IVs)

[InfoSec News Blog] Yum! I love talking about encryption and here's a good explination of initialization vectors and why they are so important. Click now and you'll get...

Posted at 01:09 AM

Police offer advice for avoiding identity theft

[Identity Theft Blog] Samuel Clemens was Mark Twain. Increasingly, however, Rogers police are finding people ”” comic book heroes and literary legends aside ”” who have multiple identities complete with stolen documentation for use in capturing ill-gotten gains.

Posted at 01:04 AM

June 28, 2005

Microsoft Claims Windows Has Better Security

[ InsideMicrosoft - part of the Blog News Channel] Microsoft’s PressPass touts a study that says Windows has better security than Linux, with a cheaper cost of ownership and fewer risks.

Posted at 10:45 AM

DTrace : collecting debug info for buggy applications using app_crash.d

[Learning Solaris 10] About Docs, Security. Good material if you need to present the new security features of Solaris 10 to your colleagues.

Posted at 10:42 AM

A Privacy-Openness Tradeoff

[Emergent Chaos: Musings from Adam Shostack on security, privacy, and economics] A group of Ontario adoptees has filed a human rights complaint against Privacy Commissioner Ann Cavoukian after she lobbied the province to amend its proposed adoption disclosure law with a clause allowing people to keep their records sealed. By calling for a veto, Cavoukian "is trying to say that we do not have an automatic right to our birth registration information,'' said Wendy Rowney of the Coalition for Open Adoption Records.

Posted at 10:41 AM

No homeland security: We are no safer now

[IO ERROR] Pentagon creates student database to find recruits Posted by IO ERROR under Homeland Stupidity , Privacy Leave a Comment I’ve opened a Privacy category on this site now. It, like Homeland Stupidity before it, is probably going to get very big, very fast. The Department of Defense is creating a database of high school and college students in order to identify potential military recruits, according to the Washington Post. The database will include, among other things, birthdates, Social Security numbers, courses and majors, grade point averages, email addresses and ethnicity. Social Security numbers? Ethnicity? Normally the Privacy Act would prohibit this sort of thing, but the government is working around that by having a private company, BeNow Inc., create and maintain the database. We’ve been seeing a lot of this sort of thing lately, where the government will work around a restriction on what it can do by having a private contractor do it for them. Supposedly anyone can “opt...

Posted at 10:39 AM

Bill to Combat Identity Theft Moves on to Governor

[Identity Theft Blog] “Both offenses threaten the financial security of thousands of Connecticut residents. If enacted, this measure will enable law enforcement agencies and financial institutions to share information about new identity theft and bank fraud threats and take action to protect consumers from fraud and other unauthorized transactions or claims.

Posted at 10:31 AM

June 27, 2005

The Phisher Commuter

[loose wire] My colleague Lee Gomes writes in WSJ.com in his Portals column (a few days old, this, sorry; but it is free) about phishers, and what they’re really...

Posted at 04:58 PM

Phishing through Google

[Adam Stiles] This isn't quite as dangerous as the eBay/Doubleclick redirects mentioned above, but Google's redirecting could make it easier for someone to phish Google adwords accounts in the future.

Posted at 04:53 PM

Valet screening

[All this chittah-chattah] He was exceedingly polite, and extremely patient while I did as he requested, provided boarding pass, unloaded my laptop, took off my shoes. He made suggestions gently (“I’ll get you a container for you to put your bag and your shoes in”).

Posted at 04:52 PM

SHA Cryptanalysis Paper Online

[InfoSec News Blog] Here's and update: They will present it at the Crypto conference in August. I believe they didn't post it because Crypto requires that submitted papers not be previously published, and they misunderstood that to mean that it couldn't be widely distributed in any way.

Posted at 04:50 PM

Pair starts Web site to warn about sex offenders

[The News is NowPublic.com | NowPublic.com: The News is Now Public] The two men who created Child Sentinel had nothing in common but a desire to protect children from criminals.

Posted at 04:49 PM

June 26, 2005

Fortune 500 spyware

[CastleCops] - Source Yahoo! News June 24, 2005 ...Pop-up ads carried by spyware and adware aren't just employed by fringe companies hawking dubious wares — such...

Posted at 10:25 AM

Financial institutions, privacy, EFT Code and deceased estates

[Australian Regulatory Review (including Financial Services Industry Regulation)] Digital Property and the Laws of Inheritance from TechNews World discussses whether executors have the right to obtain passwords to websites and email services used by a deceased.

Posted at 10:24 AM

Another Wolf in Sheep’s Clothing!

[EarthLink Protection Blog] Based on recent findings by Secunia Research, we may be susceptible to yet another scheme to get our personal info.

Posted at 10:22 AM

New Bill Seeks to Strengthen Role of DHS Privacy Officer

[FreedomSight] CDT reports that today Representative Bennie Thompson (D-MS) introduced HR. 3041, the "Privacy Officer With Enhanced Rights Act of 2005"..

Posted at 10:20 AM

June 25, 2005

British MPs React to Outsourcing Security Breach

[Outsourcing Times] British officials worry however, that if the Sun was able to attain access to 1,000 files with a promise of delivery of 250,000 more files a month it will be a relatively simple matter for any criminal to attain such files.

Posted at 09:35 AM

Despite Congressional Mandate, Air Passenger Data Collection Continued

[FreedomSight] AP reports that the TSA continued to purchase and aggregate air passenger data despite specific direction from Congress not to..

Posted at 09:32 AM

Now even The Economist has security on the brain

[Not Bad For a Cubicle] Over at The Economist, there is an article, “The Leaky Corporation,” which suggests that Information Protection could be becoming a much bigger deal within most companies than it is today, driven largely by the increased attention that data security breaches are receiving from both the press and regulators.

Posted at 09:27 AM

Credit card security breach

[Australian Regulatory Review (including Financial Services Industry Regulation)] According to ZDNet the largest ever data security breach has hit MasterCard and Visa: MasterCard International on Friday said information on more than 40 million credit cards may have been stolen. Of those exposed accounts, about 13.9 million are for MasterCard-branded cards, the company said in a statement.

Posted at 09:22 AM

June 24, 2005

Pentagon Creating Student Database

[Al-Muhajabah's Islamic Blogs] John Moriarty, president of the PTA at Walter Johnson High School in Bethesda, said the issue has "generated a great deal of angst" among many parents participating in an e-mail discussion group.

Posted at 10:19 AM

June 23, 2005

Don’t buy a Dell

[CMoore.com] Don’t buy a Dell Posted in Evil, Grrr..., Privacy at 17:09 by chris There are, apparently, DHS keystroke loggers on every laptop...

Posted at 10:24 PM

Longhorn error reporting is too chatty?

[Richi'Blog] As I mentioned in today's IT Blogwatch, it seems that Longhorn's error reporting tool tells Microsoft a lot more than it used to. My take: of course it does, it's in beta!

Posted at 10:22 PM

Washingtonienne Privacy Lawsuit

[IPTAblog] Julie Hilden: Are Accounts of Consensual Sex a Violation of Privacy Rights? The Lawsuit Against the Blogger "Washingtonienne": Jessica Cutler - better...

Posted at 10:18 PM

FOIA Request By Advocacy Group Reveals Social Security Data Released Post 9/11

[FreedomSight] "Congresswoman Carolyn Maloney has recommended (2 pages, PDF) congressional hearings on the Social Security Administration's "ad hoc" decision to share personal information with law enforcement immediately after 9/11. "I am concerned that the SSA apparently gave no notification to Congress when it decided to change its rules and that there has been no real oversight of the SSA's actions," said Rep.

Posted at 10:14 PM

Do not recruit list needed?

[We Are Not Sheep] The system also gives the Pentagon the right, without notifying citizens, to share the data for numerous uses outside the military, including with law enforcement, state tax authorities and Congress.This should be an issue where true conservatives (as opposed to theocrats) and liberals should be able to agree.

Posted at 10:09 PM

June 22, 2005

Miniskirt Glo review

[HTmini] Plasticsmith’s mini Skirt glo is by far one of the coolest accessories for the Mac mini that we’ve come across and is destined to make your Mac mini the center of attention. The mini Skirt go is made out of a 3/4″

Posted at 12:37 PM

NY Times on Personal Data Theft: “A” for effort, “F” for content

[Not Bad For a Cubicle] Senator Dianne Feinstein, Democrat of California, is proposing a national requirement for consumer notification, with civil damages for negligent companies. Her bill is a good start in conjunction with a comprehensive measure by Senators Charles Schumer of New York and Bill Nelson of Florida to begin regulating data merchants by requiring registration with the Federal Trade Commission.

Posted at 12:36 PM

Trading in Stolen Credit Card Data

[ robhyndman.com] Mark Rasch, the former head of cyberinvestigations for the Justice Department and now the senior vice president of Solutionary, a computer security company, said the numbers taken in the CardSystems breach - at least 200,000 are said to have been in stolen files - are almost certain to end up in one of these trading posts.

Posted at 12:34 PM

New Spoof Affects IE and Firefox

[Aviran's Place] Site, Symantec Preps New Site Design, Security Patch Watch: Adobe, Macromedia, Symantec, Yahoo eyes own Web browser, Visa USA Launches Breakthrough Anti-Fraud Technology, IE7 Will Resist Spyware">13

Posted at 12:34 PM

Dialog Origin Spoofing Vulnerability

[Lockergnome's Tech News Watch] Secunia Research has discovered this security vulnerability in several web browsers, including Safari and Internet Explorer on Mac. The vulnerability “…can be exploited by malicious web sites to spoof dialog boxes.

Posted at 12:33 PM

June 21, 2005

The Big Credit Card Theft

[loose wire] In the meantime CardSystems was pretending it was business as usual, including an announcement on June 14 of a move into check processing, and posting job-ads for a ‘Software Quality Assurance Analyst’ to cover, among other things, ‘troubleshooting from operations, production, and outside vendors’

Posted at 12:42 PM

Librarians resist informer role

[Hasten down the wire] Not surprisingly, according to Eric Lichtblau’s account in the New York Times, “the Bush administration says that while it is important for law enforcement officials to get information from libraries if needed in terrorism investigations, officials have yet to actually use their power under the Patriot Act to demand records from libraries or bookstores.”

Posted at 12:37 PM

Protection Blog

[IPEC-International] We are a group of EarthLink employees who have been granted the opportunity to speak directly to consumers about the stuff we work on every day. Our jobs range from building tools that eliminate spyware to lobbying lawmakers to pass laws against spam.

Posted at 12:35 PM

Executive Branch to Congress: GFY

[CMoore.com] A Transportation Security Administration contractor used three data brokers to collect detailed information about U.S. citizens who flew on commercial airlines in June 2004 in order to test a terrorist screening program called Secure Flight, according to documents that will be published in the Federal Register this week.

Posted at 12:33 PM

CardSystems Breach: Old Story, New Dingbats

[PrivacyClueRay Everett-Church on Privacy, Politics Culture] Credit card processing vendor CardSystems Solutions is facing increasing scrutiny of its practices as consumers and lawmakers begin to demand an answer to how 40 million credit card transaction records were stolen from the company’s data banks.

Posted at 12:30 PM

June 20, 2005

DenyThumbDrives

[Switchblog] It's a utility for public terminals to disallow keychain drives. If you have an iPod shuffle or Luxpro Super Tangent, then this would...

Posted at 10:23 AM

Hardening Linux: a 10 step approach to a secure server

[Flavio’s TechnoTalk] The Internet has become a far more dangerous place than it was 20 years ago. Nowadays, Operating System and application security is an integral part of a server configuration and, while firewalls are very important, they are not the panacea.

Posted at 10:22 AM

Microsoft Security Bulletin Summary for June, 2005

[Trust No One] Microsoft Security Bulletin Summary for June, 2005 Windows Update ...

Posted at 10:20 AM

40 Million Credit Cards Hacked

[EarthLink Protection Blog] A third party payment processor's--Card Systems--systems were hacked into recently. The company processes payments and transcations for MasterCard.

Posted at 10:19 AM

Secure Flight Tests Broke Privacy Laws?

[Hacktivismo News] Secure Flight Tests Broke Privacy Laws? 8:44 am | By jtesta Wired News: Secure Flight Hits Turbulence “Homeland Security’s privacy czar is...

Posted at 10:18 AM

June 19, 2005

Microsoft Holds Hacker Summit

[ InsideMicrosoft - part of the Blog News Channel] Microsoft in March held a two-day summit called “Blue Hat”, where it invited hackers to meet with the security researchers who work to protect Windows, according to C|Net. While the article does not mention any specific criminal hackers, it does say that Jim Allchin, the guy in charge of the Windows product group was there, as well as Stephen Toulouse, a program manager in Microsoft’s security unit, Matt Thomlinson, Microsoft’s director of security engineering, Dan Kaminsky, who does research for limitations in hashing algorithms and file transfers, and HD Moore, creator of the intrusion program Metasploit.

Posted at 12:54 PM

Download details: Microsoft Windows Server 2003 Service Pack 1 (32 bit)

[dae’s web log 3.04] Download details: Microsoft Windows Server 2003 Service Pack 1 (32 bit) Read the following quote very carefully (note that we don’t sell Dell or Small Business”¦) Important * If you are running Windows Small Business Server 2003, please install using the instructions at, Windows Small Business Server 2003 Service Pack 1 web page. * If you use a Dell Server with a Dell factory installed version of Windows Server 2003 as a domain controller, we recommend that you go to Dell web site for more information prior to installing Windows Server 2003 SP1.

Posted at 12:53 PM

40 Million At Risk in MasterCard Breach

[PrivacyClueRay Everett-Church on Privacy, Politics Culture] No Comments Yet Privacy17 Jun 2005 04:40 pm...

Posted at 12:52 PM

Fourty Million Credit Card Numbers Leaked

[Hacktivismo News] Fourty Million Credit Card Numbers Leaked 12:13 pm | By jtesta Yahoo! News: 40M Credit Card Accounts Could Be Affected “NEW YORK - A computer hacker...

Posted at 12:51 PM

ISPs & Recordkeeping

[EarthLink Protection Blog] According to News.com, the US Department of Justice is considering a new data retention requirement for ISPs. The DOJ is reportedly considering a requirement that all ISPs retain records such as logs of e-mail, web traffic, chatroom activity -- and although the article doesn't say so, presumably download activity that passes through the ISP's bandwidth -- for at least two months.

Posted at 12:49 PM

June 18, 2005

CISA exam last Saturday

[Didier's Corner] I passed last week the CISA exam. I did not found it too hard, finished it in 2.15 hours.

Posted at 05:38 PM

MasterCard - Security Breach Exposed 40M To Fraud

[Aviran's Place] A security breach at a processor used by MasterCard International may have exposed more than 40 million customers to fraud, the credit card giant announced. (via AP)

Posted at 05:36 PM

Security Philosophy - Passwords, Passphrases, & Software To Help

[Lockergnome's IT Professionals] More and more, as time goes on, I am asked about how to securely configure and use computing systems, whether they be Internet sites, online financial services, wireless networks, home and business computers, physical homes and businesses, or what have you. Since my role in that area has not changed too much, I have to assume the uptick in questions comes as a result of a desire by people to get more secure, which is a good thing.

Posted at 05:36 PM

MasterCard Identifies Security Breach at CardSystems Solutions

[Payments News] Through the use of MasterCard fraud-fighting tools that proactively monitor for fraud, MasterCard was able to identify the processor that was breached. Working with all parties, including issuing banks, acquiring banks, the processor and law enforcement, MasterCard immediately launched an investigation into the breach, and worked with CardSystems to remediate the security vulnerabilities in the processor's systems.

Posted at 05:35 PM

FTC Settles Another Case for Failure to Use Reasonable Security

[Technology & Marketing Law Blog] "The Commission’s proposed complaint alleges that BJ’s stored members’ personal information on computers at its stores and failed to employ reasonable and appropriate security measures to protect the information. The complaint alleges that this failure was an unfair practice because it caused or was likely to cause substantial consumer injury that was not reasonably avoidable and was not outweighed by countervailing benefits to consumers or competition.

Posted at 05:34 PM

June 17, 2005

BJ's Wholesale Club Settles FTC Charges

[Payments News] According to the FTC, this information was used by an unauthorized person or persons to make millions of dollars of fraudulent purchases. The settlement will require BJ’s to implement a comprehensive information security program and obtain audits by an independent third party security professional every other year for 20 years.

Posted at 08:49 AM

Special Agent Sally Struthers Visits Your ISP

[Secondary Screening] "It was raised not once but several times in the meeting, very emphatically," said Dave McClure, president of the U.S. Internet Industry Association, which represents small to mid-size companies. "We were told, 'You're going to have to start thinking about data retention if you don't want people to think you're soft on child porn.'"

Posted at 08:48 AM

He says:"OMG! Yahoo! spies on us" I say: "OMG you 're so dumb"

[TechTracker] No seriously? You really think yahoo would be spying on you ? Is this world entering a major paranoid stage or is this due to ego individuals?...

Posted at 08:47 AM

House votes to curb Patriot Act, defies Bush (Reuters)

[Doing Something Different: A Weblog by Doug Miller] House votes to curb Patriot Act, defies Bush: The U.S. House of Representatives on Wednesday defied President Bush by approving a measure making it...

Posted at 08:45 AM

Libraries and bookstores: "safe havens for terrori...

[thrashor] The Reuters story quotes Assistant Attorney General William Moschella saying that, "Bookstores and libraries... 'should not be carved out as safe havens for terrorists and spies, who have, in fact, used public libraries to do research and communicate with their co-conspirators.'" Many librarians have exhibited pride at the subversive nature of public libraries, but Moschella may be taking this notion a bit too far.

Posted at 08:43 AM

June 16, 2005

When privacy is a crime

[BradSpangler.com] You may not have noticed, but courts now regard the presence of encryption software on your computer as evidence of a crime. The reaction of noted...

Posted at 10:15 AM

Bruce Schneier on Cryptography

[InfoSec News Blog] [self censorship], Bruce Schneier has some good things to say and is one smart cookie. I enjoy that the interview talks about both Elliptic-Curve problems and show Bruce's use of good analogies. I wrote a research paper about seven years ago about elliptic curve cryptography (ECC), requiring me to learn number theory and the other forms of mathematically "difficult problems".

Posted at 10:14 AM

The EFF spells out bloggers’ rights - but only if they are Americans

[Media @ LSE Group Weblog] The insularity of American web publishers has long been a pet peeve of mine so the launch of the Electronic Freedom Foundation’s Legal Guide for Bloggers with accompanying American-style logo struck a sore nerve. It’s true that in their overview of common issues FAQ they point out that laws vary between countries but several of the sub-FAQs fail to make this point and some of them could therefore actually mislead the unwary.

Posted at 10:13 AM

Risk is in the eye of the beholder

[Not Bad For a Cubicle] Thus, this is a nice bit of strawman work. They’ve found a legitimate legal risk (incomplete response to a discovery request), rolled it in with a longstanding, real network security threat and suggested that there is only one solution to it, and that’s to log everything. The funny thing about this is that it seems to fly in the face of the overall trend toward retention policies in general, which is to retain as little as possible except where required by law to do otherwise.

Posted at 10:12 AM

June 15, 2005

EFF: Legal Guide for Bloggers

[The Lazy Genius :: Main Page] You might, for example, publish something that someone considers defamatory, republish an AP news story that's under copyright, or write a lengthy piece detailing the alleged crimes of a candidate for public office.

Posted at 06:26 AM

Microsoft Released June, 2005 Security Updates

[Aviran's Place] Microsoft Released June, 2005 Security Updates Filed under: Security Microsoft ”” Aviran Mordo @ 4:20 pm Microsoft posted June security patch...

Posted at 06:25 AM

New RFID Smart Locks Replace Regular Doorknobs

[Lockergnome's Tech News Watch] The chips are so small you can hide them inside your cell phone’s battery cover, or tape it to your key chain. A back up keypad makes it easy to set up different codes for guests, children, and contractors, and the locks can be set to “auto lock” after a set period, or remain unlocked when you are at home.

Posted at 06:23 AM

Engadget Interview with Steve Heiner, GM, Digital SLR Systems, Nikon

[O'Reilly Radar] Nikon agrees to an interview with Engadget, which has been all over the RAW encryption controversy, but Nikon won't talk about RAW. Great PR move!.....

Posted at 06:21 AM

Waiting on the Ten Commandments: High Court Shift or Attorney Strategy?

[Pierce Law IP News Blog] Waiting on the Ten Commandments: High Court Shift or Attorney Strategy? Will the 10 Commandments be allowed to stay on the walls of Kentucky court...

Posted at 06:20 AM

June 14, 2005

Unintended Consequences of Google Pre-fetch

[O'Reilly Radar] By tim Lauren Weinstein's posting today on Dave Farber's IP list argues that Google's recent decision to pre-fetch the top search results for visitors...

Posted at 08:56 AM

British Organizations Speak Out on RFID Standardization

[RFID Gazette] The two groups hope to leverage their influence to benefit industries using RFID. Recently, UK news reported on a company that was tagging its workers during the work day. These types of events signal the urgency with which appropriate use of the technology must be considered.

Posted at 08:55 AM

Mark of the Beast phobia revisited

[Lonewacko: Immigration, Politics, Media Bias, Multiculturalism, Privacy, Los Angeles, California] Apparently that report has since been edited, because google news shows it as having once contained the phrase "mark of the beast." Obviously the lizardian masters got to this small town TV station and forced them to change their report. There really is nothing to worry about, citizen.

Posted at 08:53 AM

Internet empire mauls Star Wars Kid

[Chris Brauer Media Project [BLOG]] The sociological conclusion is that none of this was ever about the Quebec teenager but instead fed the need for the geeks, bloggers, privacy lawyers, guerilla video editors and star wars aficionados to express themselves through his story. All of the rest of it is just bold-faced speculation, unnecessary and uncomplicated and unfortunately Ghyslain has been forced to embody this meme by an excitable audience. It provides unwelcome support for Thomas Hobbes' view of man as naturally selfish hedonist -- "of the voluntary acts of every man, the object is some good to himself".

Posted at 08:52 AM

June 13, 2005

History eraser Visual basic source code

[Fullycoded.com] Delete history using this code : ”˜””Visual basic source Code start”” Option Explicit Private Type guid w1 As Long w2 As Integer w3 As Integer w4(7) As Byte End ( _...

Posted at 09:22 AM

pod slurping howto

[Sharp Ideas] Just kidding. You probably didn't unzip the library files that come with slurp. Slurp needs all of these files in the same directory that it runs from or it won't work.

Posted at 09:22 AM

Pod slurping

[Sharp Ideas] This brief article explores an idea that has been known by the security community for decades: physical security is important to information system security. A year ago a report was published by the Gartner Group warning that iPods (and other multi-gigabyte portable storage devices) pose a security risk for enterprises.

Read related posts for „Pod slurping“.

Posted at 09:21 AM

cashing in on fear

[Saar Drimer - The Weblog] On my way back from the hike earlier this week, I was driving on a mountainous road just east of Carmel where mansions are sprinkled on the mountaintops. An authoritative smoker’s voice alarmingly interrupts the calm ride”¦

Posted at 09:19 AM

June 12, 2005

So much for the Kensington lock controversy

[stillhq.com - Chocolate fudge self saucing pudding, and other posts] So much for the Kensington lock controversy raised by Robert Scoble and Boing Boing raised. I haven't heard anything recently, and the most recent commentary on the topic on Technorati is from 11 days ago. I guess no one cares? > Technorati tags for this post: blog Kensington lock security marketing > Comment on this post...

Posted at 11:36 AM

In the privacy of my own blog

[Peregrinations] Still on the subject of phonebooks, and I’m going to have to be a bit hedgey on this one because I don’t want to invade an apparently nice man’s privacy Ã la Jehovah’s Witness. Yesterday, I read an article quoting another article in a major British newspaper which reported that a very famous Scottish author had said he used to “pore over phonebooks” when he first lived in London, looking up famous authors and marking them in his A-Z.

Posted at 11:34 AM

RFID Policies Responsibility of Managers

[RFID Gazette] A recent study conducted by the US Government Accountability Office demonstrated that few federal departments were aware of the threat to privacy the technology possesses. Another study, conducted by the University of Durham, in Britain, concluded that the privacy of up to 10,000 UK workers is currently being violated. The threat of the technology lies in the potential of active tags (not to be confused with passive tags, which must be scanned in order to communicate any information) to track not only items within stores, but people as well.

Posted at 11:33 AM

Groups sue to overturn Utah’s porn law

[ - Intellectual Intercourse] But, as any web host will attest, it is possible for a single IP address to house hundreds of domain names. Thus, it might be that my friend Lisa at Just a Girl might lose all of her readers in Utah because someone in the AG's office didn't like the content on my other friend Vinny's blog, Insignificant Thoughts. Remember all that it takes to get blocked is a determination by the AG that a site is pornographic, and that there is no review process worthy of the name.

Posted at 11:32 AM

June 11, 2005

Principle of Psychological Acceptability in Service Oriented Security

[1 Raindrop] A number of Kim Cameron's Laws of Identity deal with usability and psychological acceptability issues, probably the one that applies most directly is the Law of Human Integration. I see this law as being an useful flip side to the traditional security-usability discussions that typically center around "don't make the password too long or people won't remember it or they will tape it to their forehead, etc." This law actually empowers the user by providing unambiguous between the human and user.

Posted at 01:10 PM

Good Time to be a Privacy Startup

[PrivacyClue - Ray Everett-Church on Privacy, Politics and Culture] Red Herring magazine reports that PortAuthority (formerly Vidius) has raised another $13.4 million.

Posted at 01:08 PM

Information Security and Forensic Oriented Architectures (Part Three)

[ITtoolbox Blogs] Disclaimer: Blog contents express the viewpoints of their independent authors and are not reviewed for correctness or accuracy by ITtoolbox. Any opinions, comments, solutions or other commentary expressed by blog authors are not endorsed or recommended by ITtoolbox or any vendor. If you feel a blog entry is inappropriate, click here to notify ITtoolbox.

Posted at 01:08 PM

June 10, 2005

Gen JJ Singh’s iron fist

[The Acorn] “Ninety-nine per cent of the population of Kashmir are innocent. The one per cent who have taken the arms will be extended all possible help if they shun the gun,” Chief of Army Staff General J J Singh told reporters here today.

Posted at 09:33 AM

I’d rather spy on you secretly than lock down the borders

[Blind Mind’s Eye] Throwing out all of the lessons of history regarding the illconcieved buddy-buddy relationship between intelligence and law enforcement made possible by the USA PATRIOT Act, Bush says we should be grateful for our “security” and not tamper with this new friendship:

Posted at 09:31 AM

How This Trojan Horse Works

[ Arik’s blog] Its almost impossible to understand anything - these guys should really learn how to write articles. Also a lot of personal information can be gleened from the logs they posted - for example, we can see full names and details (encoded as URL encoded UTF-8) in the contacts directory for outlook.

Posted at 09:30 AM

Who Needs Privacy Audits?

[PrivacyClue - Ray Everett-Church on Privacy, Politics and Culture] Since most of you probably don’t subscribe to Technology Daily, and probably aren’t willing to pay the few thousand bucks a year for a subscription, I’ll do my best to paraphrase the article. The article can be read for free at GovExec.com. Thanks Stephen!

Posted at 09:29 AM

The Cost of Encryption

[PrivacyClue - Ray Everett-Church on Privacy, Politics and Culture] Many companies have chosen not to encrypt their important databases because of the added cost and complexity associated with it. But what are the costs of having unencrypted data laying around, vulnerable to theft, loss, and mishandling?

Posted at 09:27 AM

June 09, 2005

TRUSTe - BBBOnLine and Hotbar - iDownload

[CastleCops] Hotbar has recently been sending out cease and desist letters to companies such as Sunbelt Software and Javacool Software. Symantec recently filed a lawsuit against Hotbar demanding the right to keep cleaning any trace of them. eWeek is reporting how Hotbar is in trouble with more entities. TRUSTe has pulled Hotbar's authorization to use their Seal.

Posted at 02:16 PM

Plaxo Etiquette: Moral High Ground Or Cheap Stunt?

[loose wire] Cynics, once again, might say that Plaxo was part of the address book spamming lapse in etiquette to start with two years ago, so suggesting it’s suddenly ‘committed to helping its users be better members of the digital world’ and that it feels it occupies such moral high ground it can ‘challenge other providers of prevalent technologies to do the same’ might be considered somewhat rich. I wouldn’t say that, of course; nor would I suggest this is a self-serving piece of publicity to raise the profile of a service that hasn’t been heard of — at least in a positive light — very much in recent months. (A keyword search for Plaxo of Google News throws up three references to the dangers associated with Plaxo and phishing, one to Plaxo and privacy and nine neutral references in passing.)

Posted at 02:14 PM

Imagery and Privacy

[O'Reilly Radar] By nat I recently did press call with Tim, talking about the Where 2.0 conference. We covered the popularity of Google Maps, the big changes coming...

Posted at 02:14 PM

Personal Data for 3.9 Million Lost in Transit

[My Big White Hairy Ass] “In one of the largest breaches of data security to date, CitiFinancial, the consumer finance subsidiary of Citigroup, announced yesterday that a box of computer tapes containing information on 3.9 million customers was lost by United Parcel Service last month, while in transit to a credit reporting agency.

Posted at 02:12 PM

Data Aggregators Aggregate Errors

[IPTAblog] This study examined the quality of data provided by ChoicePoint and Acxiom, two of the largest consumer data brokers in the United States, as well as their responsiveness to consumer requests – and found significant areas of concern in both areas.

Posted at 02:11 PM

June 08, 2005

It's okay to steal data”¦from sick people

[The Phantom City] That's kind of interesting, since the employees who did the stealing would have been the targets of any criminal prosecution anyway. I'm not sure what Justice was thinking on this one, although I don't entirely buy the theory that it's a backhanded way of getting rid of HIPAA. To the extent that I do buy it, I think it is likely a result of a larger ongoing Justice Department attempt to downsize its influence over corporate practices.

Posted at 11:31 AM

Identity systems change the client/server decision

[Brad Ideas | Crazy ideas, inventions, essays and links from Brad Templeton] There have been many efforts at internet “identity” systems, such as Microsoft Passport, Liberty Alliance, and a variety of others. A recent conference was held in SF, though I didn’t go, but I thought it was time to put forward one important idea.

Posted at 11:29 AM

UPS loses Private Information of 3.9M Citigroup Customers

[CMoore.com] Citigroup said Monday that personal information on 3.9 million consumer lending customers of its CitiFinancial subsidiary was lost by UPS while in transit to a credit bureau

Posted at 11:28 AM

UPS loses a package

[The Phantom City] Not really news, usually, but this time the package contained financial information and Social Security numbers on 3.9 million Citibank customers. Apparently Citibank was sending unencrypted backup tapes by UPS, and a set disappeared a few weeks ago. After what must have been a agonized few weeks of searching, Citibank is now planning on notifying affected customers.

Posted at 11:27 AM

June 07, 2005

MSN Korea Website Hacked

[Tech Gadgets Blog - LiewCF.com] Microsoft said it had cleaned the Web site, www.msn.co.kr, and removed the software code that had been planted on its news page. It said another company that operates the MSN Korea site apparently failed to apply necessary software patches, leaving its server computers vulnerable.

Posted at 05:08 PM

Google Desktop Search is creepy

[doctorvee] Peter Gasston wonders: Booted up my PC this morning to find this little Google Desktop Search widget floating on my screen”¦ I think this means that...

Posted at 05:07 PM

Politics: Taking Action

[dmiessler.com - grep understanding knowledge] Well, I finally joined the Electronic Freedom Foundation.

Posted at 05:07 PM

Got a nanny? You need a shredder

[My Big White Hairy Ass] “A new federal law requires those who handle other people’s personal information to dispose of the data properly.”

Posted at 05:04 PM

Aviation Instruments Encrypt Engine-Monitor Data

[Computer Alchemy] kitplane01 writes "Airplanes engines need to always work, and are monitored by engine monitors. JP Instruments' engine-monitor units have begun to...

Posted at 05:02 PM

Computer clusters off-limits to foreigners?

[InfoSec News Blog] Foreigners in America may be blocked from sitting down at any keyboard connected to any decent-sized cluster of computers unless they get an American friend to get them an "export license".

Posted at 05:00 PM

PGP goes the whole hog of encryption

[InfoSec News Blog] PGP Corporation has launched a radical overhaul of its PGP desktop security suite aimed at making its products more comprehensive and easier to use. PGP Desktop 9.0, released Monday 9 May, features "automatic operation so email, instant messaging (IM), whole disk, and file encryption are secure without user interaction or training", the blurb boasts.

Posted at 04:59 PM

(Chinese) Authorities declare war on unregistered websites and blogs

[LibertyNews.org] A China-based blogger told Reporters Without Borders on condition of anonymity that the Shanghai police recently rendered his website inaccessible because it had not been registered. He then phoned the MII to ask what he had to do in order to register, and was told that in his case it was “not worth bothering” because “there was no chance of an independent blog getting permission to publish.”

Posted at 04:58 PM

New Law Protects You, Shredder Makers

[Emergent Chaos: Musings from Adam Shostack on security, privacy, and economics] Even if you ordered a background check on your kid's coach, or nanny, or -- as is the latest trend in online dating -- on a prospective blind date, the law applies to you.

Posted at 04:56 PM

Bible-belt town bans blasphemy

[My Big White Hairy Ass] Staphorst, in the so-called Dutch “bible belt” of eastern towns where religion holds sway, approved a ban on swearing by 13-4 council votes.”

Posted at 04:55 PM

Planned Parenthood Perversity?

[The Disenchanted Forest] is something the Cotillionistas would do, take their references to PP fighting against the fishing expeditions of Steve Carter and Phil Kline, implicate sex-ed classes and PP as conduits to facilitate inapropriate sexual relationships between little girls and adult men, and ignore a pretty significant (and completely skeevesome) bit of information. According to the conservatives, PP exploits (maybe even encourages) these relationships without reporting them to ensure they can continue to turn a profit from performing abortions on these girls. In their minds, if clinics that perform abortions would just call the authorities and stop "pushing" abortions and/or contraceptives on these girls, the problem would decrease substantially.

Posted at 04:53 PM

Few Agencies Recognize RFID Privacy Issues

[RFID Gazette] The U.S. Government Accountability Office published a report on Friday stating that 13 federal agencies are already using RFID or are planning on deploying it. Of the 23 agencies interviewed, only one identified any privacy or legal threat that could come as a result of using the technology. A lot of the time, government agencies plan on using RFID to track warehouse pallets, but it is when the chips are embedded in ID cards or otherwise linked to personal information that the issues of privacy could become serious, the GAO warns.

Posted at 04:30 PM

Global Security Watch > June 30, 2005

Wal-Mart heir dies in plane crash

It’s STILL bullshit

June 30, 2005

Wal-Mart heir dies in plane crash

It’s STILL bullshit

Big brother ?

Block Ciphers and Initialization Vectors (IVs)

Police offer advice for avoiding identity theft

June 28, 2005

Microsoft Claims Windows Has Better Security

DTrace : collecting debug info for buggy applications using app_crash.d

A Privacy-Openness Tradeoff

No homeland security: We are no safer now

Bill to Combat Identity Theft Moves on to Governor

June 27, 2005

The Phisher Commuter

Phishing through Google

Valet screening

SHA Cryptanalysis Paper Online

Pair starts Web site to warn about sex offenders

June 26, 2005

Fortune 500 spyware

Financial institutions, privacy, EFT Code and deceased estates

Another Wolf in Sheep’s Clothing!

New Bill Seeks to Strengthen Role of DHS Privacy Officer

June 25, 2005

British MPs React to Outsourcing Security Breach

Despite Congressional Mandate, Air Passenger Data Collection Continued

Now even The Economist has security on the brain

Credit card security breach

June 24, 2005

Pentagon Creating Student Database

June 23, 2005

Don’t buy a Dell

Longhorn error reporting is too chatty?

Washingtonienne Privacy Lawsuit

FOIA Request By Advocacy Group Reveals Social Security Data Released Post 9/11

Do not recruit list needed?

June 22, 2005

Miniskirt Glo review

NY Times on Personal Data Theft: “A” for effort, “F” for content

Trading in Stolen Credit Card Data

New Spoof Affects IE and Firefox

Dialog Origin Spoofing Vulnerability

June 21, 2005

The Big Credit Card Theft

Librarians resist informer role

Protection Blog

Executive Branch to Congress: GFY

CardSystems Breach: Old Story, New Dingbats

June 20, 2005

DenyThumbDrives

Hardening Linux: a 10 step approach to a secure server

Microsoft Security Bulletin Summary for June, 2005

40 Million Credit Cards Hacked

Secure Flight Tests Broke Privacy Laws?

June 19, 2005

Microsoft Holds Hacker Summit

Download details: Microsoft Windows Server 2003 Service Pack 1 (32 bit)

40 Million At Risk in MasterCard Breach

Fourty Million Credit Card Numbers Leaked

ISPs & Recordkeeping

June 18, 2005

CISA exam last Saturday

MasterCard - Security Breach Exposed 40M To Fraud

Security Philosophy - Passwords, Passphrases, & Software To Help

MasterCard Identifies Security Breach at CardSystems Solutions

FTC Settles Another Case for Failure to Use Reasonable Security

June 17, 2005

BJ's Wholesale Club Settles FTC Charges

Special Agent Sally Struthers Visits Your ISP

He says:"OMG! Yahoo! spies on us" I say: "OMG you 're so dumb"

House votes to curb Patriot Act, defies Bush (Reuters)

Libraries and bookstores: "safe havens for terrori...

June 16, 2005

When privacy is a crime

Bruce Schneier on Cryptography

The EFF spells out bloggers’ rights - but only if they are Americans

Risk is in the eye of the beholder

NY Times on Personal Data Theft: “A” for effort, “F” for content