A new report says federal agencies using electronic data mining techniques are running afoul of Government rules to protect privacy rights. The report by congressional investigators says none of the 5 federal agencies who use data mining are following all of the rules for gathering such personal information, and as a result, there's no way to be sure that individual privacy rights are being properly protected. The Government Accountability Office says the failure to follow the rules has increased the risk that personal information could be exposed or changed, or has made it harder for people to keep track of their personal data. The agencies like the FBI and the IRS has been using data mining to track terrorists, catch criminals or prevent fraud.
Wednesday, August 31, 2005
We Should all Sleep Better Now...
When FBI supervisors in Miami met with new interim U.S. Attorney Alex Acosta last month, they wondered what the top enforcement priority for Acosta and Attorney General Alberto Gonzales would be.
Would it be terrorism? Organized crime? Narcotics trafficking? Immigration? Or maybe public corruption?
The agents were stunned to learn that a top prosecutorial priority of Acosta and the Department of Justice was none of the above. Instead, Acosta told them, it's obscenity. Not pornography involving children, but pornographic material featuring consenting adults.
Would it be terrorism? Organized crime? Narcotics trafficking? Immigration? Or maybe public corruption?
The agents were stunned to learn that a top prosecutorial priority of Acosta and the Department of Justice was none of the above. Instead, Acosta told them, it's obscenity. Not pornography involving children, but pornographic material featuring consenting adults.
Is it Possible to Have a Secure Disaster?
Natural disasters like Hurricane Katrina often pave the way for looting, price gouging, and other opportunistic scams -- including identity theft. Most Gulf Coast residents are still in survival mode, focused on keeping themselves, their loved ones, and their belongings out of harm's way. But as they deal with the devastation, how can they safeguard their personal information to keep identity thieves from compounding their problems?
Think about all of the data/information that is now lost and/or in the open in New Orleans. Think of all the fuss that has been made in the past over just one missing tape. How many tapes do you think are floating down Bourbon Street this AM?
How many corporate DR plans were up for the task? It is one thing to be a large company with just offices in the area, but what if your headquarters (and DR site) were in the path Katrina? Could your company operate in an area under water and Martial Law?
Think about all of the data/information that is now lost and/or in the open in New Orleans. Think of all the fuss that has been made in the past over just one missing tape. How many tapes do you think are floating down Bourbon Street this AM?
How many corporate DR plans were up for the task? It is one thing to be a large company with just offices in the area, but what if your headquarters (and DR site) were in the path Katrina? Could your company operate in an area under water and Martial Law?
New Search Engine Based on Unintended Information Revelation (UIR)
I hope there is a lot of testing, discussion and debate before something like this is deployed. False positives could be very scary...
Existing search engines process individual documents based on the number of times a key word appears in a single document, but UIR constructs a concept chain graph used to search for the best path connecting two ideas within a multitude of documents.
To develop the method, researchers used the chapters of the 9/11 Commission Report to establish concept ontologies – lists of terms of interest in the specific domains relevant to the researchers: aviation, security and anti-terrorism issues.
"A concept chain graph will show you what's common between two seemingly unconnected things," said Srihari. "With regular searches, the input is a set of key words, the search produces a ranked list of documents, any one of which could satisfy the query.
"UIR, on the other hand, is a composite query, not a keyword query. It is designed to find the best path, the best chain of associations between two or more ideas. It returns to you an evidence trail that says, 'This is how these pieces are connected.'"
The hope is to develop the core algorithms exposing veiled paths through documents generated by different individuals or organisations.
Tuesday, August 30, 2005
Chinese researcher warns of nude Web chats
Practice safe chatting - do we need condoms for web cams?
A Chinese researcher has warned of a new threat to public health and morality - naked Internet chatting. Up to 20,000 Chinese Internet users log on to chatrooms each night in which users in various states of undress talk to each other with the help of Web cams, the Shanghai Daily newspaper said Tuesday, citing China Youth Association researcher Liu Gang.
"At first, we thought if was merely a game for a few mentally abnormal people," the paper quoted Liu as saying. "But as our research continued, we found the problem was much larger than expected," Liu said.
A Chinese researcher has warned of a new threat to public health and morality - naked Internet chatting. Up to 20,000 Chinese Internet users log on to chatrooms each night in which users in various states of undress talk to each other with the help of Web cams, the Shanghai Daily newspaper said Tuesday, citing China Youth Association researcher Liu Gang.
"At first, we thought if was merely a game for a few mentally abnormal people," the paper quoted Liu as saying. "But as our research continued, we found the problem was much larger than expected," Liu said.
Needle Exchange For Hackers (not!)
Ok article, but not necessarily a good analogy. An addict turns in a dirty needle and gets a clean one – no exchange of information is required. The “hackers” aren’t turning in their tools. This is closer to a slut vs. a prostitute – one gets paid the other doesn’t and either way, everyone involved gets a little dirty...
Needle exchange programs operate on the gritty premise that junkies will shoot up regardless of risk, so you might as well give them clean needles to prevent the spread of disease. That's the same kind of logic behind programs such as iDefense's Vulnerability Contributor Program (VCP) and 3Com/TippingPoint Technologies' new Zero Day Initiative (ZDI), which pay independent researchers for newly discovered software vulnerabilities. Hackers will never stop uncovering flaws, so you might as well encourage them with cash payouts to report those vulnerabilities to a trustworthy security company. The company then shares this information with customers and affected vendors, and waits until a patch is available before publicly announcing the vulnerability. "We're doing the QA that vendors should have done before they ever put the product on the shelf," says Michael Sutton, director of iDefense Labs and the VCP. "Vendors benefit because they get advanced warning, and end users benefit because they get vulnerabilities patched."
Monday, August 29, 2005
Portable Freeware Collection
A site dedicated to the collection and cataloguing of freeware that can be extracted to any directory and run independently without prior installation. These can be carried around on a memory stick / USB flash drive, or copied / migrated from PC to PC via simple copying of files. Hence the term portable freeware...
Same Church, different pew...
The Portable Virtual Privacy Machine - Carry your entire Internet communication system on a tiny USB drive. Contains a complete virtual Linux machine with privacy-enabled Open Source Internet applications. No installation needed - just plug the drive into any Windows or Linux computer, and click on the Virtual Privacy Machine icon and you're ready to go.
Police chief- Lockerbie Evidence was Faked
Think this is the first and/or last time?
"A FORMER Scottish police chief has given lawyers a signed statement claiming that key evidence in the Lockerbie bombing trial was fabricated.
The retired officer - of assistant chief constable rank or higher - has testified that the CIA planted the tiny fragment of circuit board crucial in convicting a Libyan for the 1989 mass murder of 270 people."
"A FORMER Scottish police chief has given lawyers a signed statement claiming that key evidence in the Lockerbie bombing trial was fabricated.
The retired officer - of assistant chief constable rank or higher - has testified that the CIA planted the tiny fragment of circuit board crucial in convicting a Libyan for the 1989 mass murder of 270 people."
Sunday, August 28, 2005
Friday, August 26, 2005
Microsoft - Security at Home Videos
Microsoft has a nice collection of free online security videos for educational or training purposes for home users on how to protect against computer viruses, spyware, spam, etc.
Security Now! with Steve Gibson
A weekly look at hot topics in security from the creator of ShieldsUP and Spinrite (and TWiT regular). Released every week by midnight Thursday, just in time for your weekend podcasting...
The feed URL is: http://feeds.feedburner.com/securitynow
The feed URL is: http://feeds.feedburner.com/securitynow
Thursday, August 25, 2005
A Socio-Technical Approach to Internet Security
Interesting research grant from the NSF:
Technical security measures are often breached through social means, but little research has tackled the problem of system security in the context of the entire socio-technical system, with the interactions between the social and technical parts integrated into one model. Similar problems exist in the field of system safety, but recently a new accident model has been devised that uses a systems-theoretic approach to understand accident causation. Systems theory allows complex relationships between events and the system as a whole to be taken into account, so this new model permits an accident to be considered not simply as arising from a chain of individual component failures, but from the interactions among system components, including those that have not failed.
This exploratory research will examine how this new approach to safety can be applied to Internet security, using worms as a first example. The long-term goal is to create a general model of trustworthiness that can incorporate both safety and security, along with system modeling tools and analysis methods that can be used to create more trustworthy socio-technical systems. This research provides a unique opportunity to link two research disciplines, safety and security, that have many commonalities but, up to now, relatively little communication or interaction.
Why We Must Leave Iraq
Larry Johnson is far from being an anti-war advocate, but he is an intelligence expert and his opinions come from the many years of experience he has attained.
Tuesday, August 23, 2005
Blue Sky and Fresh Air
Via the WiFi at Rapid City SD Airport...
Where I was - http://www.spearfish.com/canyon/
Live from Deadwood
Regular stuff tomorrow...
Where I was - http://www.spearfish.com/canyon/
Live from Deadwood
Regular stuff tomorrow...
Wednesday, August 17, 2005
Believe Nothing You Read...
...and only half of what you see.
Like it or not, fake images are everywhere and have become a part of today's culture. Thanks to the popularity of digital cameras and the availability of desktop imaging software that allows users to easily manipulate images, fake images have become commonplace, especially on the Internet.
Like it or not, fake images are everywhere and have become a part of today's culture. Thanks to the popularity of digital cameras and the availability of desktop imaging software that allows users to easily manipulate images, fake images have become commonplace, especially on the Internet.
Unmanned Planes Patrolling Borders
Customs and Border Protection, a part of the Department of Homeland Security, has tested UAVs along the Mexican border, and is considering using these surveillance planes permanently. The Coast Guard, also under the umbrella of Homeland Security, has bought 45 of Bell Helicopter’s “Eagle Eye” tilt-rotor UAVs and will begin rolling them out in September.4 Each Eagle Eye costs $5.5 million.
'Home banking hacker' arrested
Self-confessed home banking hacker Pieter Miclotte has been arrested on charges of fraud. Miclotte reported to Ghent police on Friday 8/12, just hours after Belgian media quoted him saying that thieving via home banking is as easy as plundering a shop with its doors open. He told newspaper 'Het Laatste Nieuws' that he'd robbed customers of two banks, namely ING and Keytrade, via online banking. He claimed to have stolen thousands of euros in recent weeks. Miclotte said he gained access during chat sessions to the computers of other online chatters and went looking for information about their banking and bank access codes. He allegedly used those codes to transfer large sums of money to his own accounts.
Tuesday, August 16, 2005
Guard against Social Engineering Attacks
I am delighted to report the release of a marvelous device to guard against social engineering attacks: http://www.stopabductions.com/Users have reported that since wearing one, they have not once succumbed to numerous invitations to update their details at PayPal and/or a variety of banks. One user was briefly tempted to collect his winnings from a lottery he had never entered and to assist the survivors of a former West African dictator tragically killed in a plane crash in 1998 to repatriate a trunk full of money, but then he discovered the rear of the anti-social-engineering device had ridden up, temporarily exposing his amygdyla to the harmful thought rays.
It has also been reported that the device also protects against mobile phone radiation. Scientists have been unable to confirm whether a slight increase in head temperature since wearing the device is due to GSM-induced cerebral currents or reduced convective cooling.
Monday, August 15, 2005
The third issue of (IN)SECURE
A free digital security magazine published in PDF format: http://www.insecuremag.com
The covered topics are:
- Security vulnerabilities, exploits and patches
- PDA attacks: palm sized devices - PC sized threats
- Adding service signatures to Nmap
- CSO and CISO - perception vs. reality in the security kingdom
- Unified threat management: IT security's silver bullet?
- The reality of SQL injection
- 12 months of progress for the Microsoft Security Response Centre
- Interview with Michal Zalewski, security researcher
- OpenSSH for Macintosh
- Method for forensic validation of backup tapes
