More Than Just a Bad Cable Connection

http://arstechnica.com/business/news/2012/04/tv-based-botnets-ddos-attacks-on-your-fridge-more-plausible-than-you-think.ars

Have you ever had a problem in which your satellite dish needs to be adjusted, or your cable connection goes out? I think we've all experienced one of these. However, most of us have not experienced any television problems beyond these. It has recently come out, though, that there may be more serious problems on the horizon. These problems have to do with malware actually being used on modern televisions.

Now, these attacks aren't actually happening much now, except maybe in extremely rare cases. These flaws are being caused by the increase of TVs that are networked in some way, either to the Internet or to a local network of TVs in the home.

These attacks were discovered and disclosed on Thursday, April 19th by Italian security researcher Luigi Auriemma, who is known for his work in finding security flaws in Microsoft Windows and in various video games. He discovered a flaw in his brother's Samsung D6000 TV, in which he was able to set the TV on an endless loop where the TV would constantly restart, even after unplugging and plugging it back in. The TV was completely unusable for three days. According to Auriemma, the attack could be potentially carried out over the Internet.


Another flaw in TV security came about two weeks earlier than Auriemma's discovery. This vulnerability affects Sony Bravia TVs. Through using the hping networking tool, the TV was rendered unusable, with the volume and channels not being able to be changed, and all other functionality prevented. After a short period of the time, the TV is remotely shut off, and must be turned on at the physical location of the TV.


Apparently, TV manufacturers who were informed of these issues have offered no response about possible solutions. Auriemma discussed the issue he discovered with Samsung's response team, and reported that they have little in the way of helpful advice to offer. Reports to support@samsung.com were also unsuccessful.

More on Flashback

http://www.darkreading.com/advanced-threats/167901091/security/attacks-breaches/232900618/apple-mac-attack-began-with-infected-wordpress-sites.html

More information has been coming out about the Flashback trojan that has been infecting computers running Mac OSX. This story has been getting so much coverage because it will likely be remembered in history as the specific event that showed that Macs really aren't as secure as people once thought.

In my in-class presentation on Thursday, April 19th, I mentioned that Flashback was thought to have spread through malicious WordPress sites. This theory has now been confirmed. These WordPress sites would secretly redirect the visitor to a server that would determine the OS that the user was running and serve up an appropriate security exploit. This particular piece of software was not only used to spread the Flashback trojan, but to spread other malware as well.

While Apple did respond to this security flaw, they have received some criticism for their delayed response. They issued updates for the two most recent versions of Mac OSX, which did bring about the largest reported drop in the amount of computers infected by Flashback. However, this update was only released last weekend, while Flashback itself was reported as early as September 2011.

"Computer Security" Has Never Been More Literal!

http://arstechnica.com/gadgets/news/2012/04/you-have-20-seconds-to-comply-south-korea-unleashes-robot-guards.ars


What do you think of when you hear the term "computer security?" You probably think of what most people think of, which is security to protect computers. But, in some cases, you could interpret the word differently. You could think of computer security as meaning "computers providing security." In South Korea's Pohang prison, this is certainly the case.

The Pohang prison is actually using robots... as security guards. According to the prison, it's supposed to reduce costs and make the prison safer. The robot has various sensors, such as a camera, a microphone, and a speaker, and includes software that is designed to gather, interpret, and evaluate the behavior of inmates. The robots cannot actually do anything to harm or restrain the inmates. Currently they can only alert human guards about inmate misconduct, or what they interpret as human misconduct.

The robots are also able to function as what basically amounts to "Skype on wheels." The robots fully support wireless two-way communication through audio and video between the inmates and guards. This is intended to reduce response time in the event of an emergency.

Though these robots are now very costly, following this one-month trial run (which costs $750,000), the Asian Forum of Corrections is hoping to permanently implement these robots. Eventually, after testing and tuning, these robots are supposed to carry out random weapon and contraband searches. 

Stating The Obvious

http://www.wired.com/threatlevel/2012/04/computer-fraud-and-abuse-act/


Unless you steal something, you cannot be charged with theft. Unless you murder someone, you cannot be charged with murder. And this makes sense, and this is a good thing. So, this recent court decision makes sense. The court decision in question states that, unless you are a hacker, you cannot be charged for hacking.


Let's look at this bill a little bit more. The specific bill is the Computer Fraud and Abuse Act, enacted in 1984 (any legislation that old relating to computers is likely to outdated anyway.) This bill has been interpreted to allow people who violate terms of service on websites, and who violate computer usage policies at their places of work, to be prosecuted as criminals. Rightfully so, this bill has recently been brought into question, and ultimately has been rebuked.


There's not much more to say about this bill; the legislation and the interpretation of the legislation basically speak for themselves. It's important to note that currently this rebuke was decided by the 9th U.S. Circuit Court of Appeals, which covers Alaska, Arizona, California, Hawaii, Idaho, Montana, Nevada, Oregon, and Washington. It is likely, however, that this will reach the Supreme Court at some point in the future, and will hopefully be rebuked on the national level. 

Just Like Cockroaches, These Bugs Live Forever

http://arstechnica.com/business/news/2012/04/rise-of-ics-forever-day-vulnerabiliities-threaten-critical-infrastructure.ars


This post is a follow-up to my post from last week about bugs in critical infrastructure systems, such as factories and water treatment plants. It turns out that there are much more systems that contain gaping vulnerabilities than just the one company that I mentioned last week. It also turns out that, in the case of many of these vulnerabilities, the companies do not intend to have the software patched to make it more secure.


Because the software used in these specific situations is often quite old, companies are simply refusing to have it patched. This means that, now not only are these security flaws known, but they are not even going to be fixed. This is a very bad and disturbing trend; whenever any important system has a security flaw, it should not only be patched, but it should be patched quickly.


These never-patched bugs are referred to "forever day" bugs, because they're never fixed, even when they're known and acknowledged by the software developers responsible for them. These developers usually choose to take the easy way out, and instead of patching their software, just add information in user manuals informing the user how to avoid the threat. This type of laziness should not be tolerated, and in my opinion should not even be legal, especially since this is software that is being used in situations where safety is of the utmost importance.

It's Not That You Forgot To Pay The Electric Bill, It's Just That Your System Is Vulnerable, And Got Hacked, And Now The Power Is Gone.

http://www.wired.com/threatlevel/2012/04/exploit-for-quantum-plc/

So, it seems that the Schneider-Electric corporation is pretty dumb. Unfortunately, this company makes technological components that are used in some of the most critical infrastructure areas that there are. It has just been revealed by researchers that their Modicon Quantum programmable logic controller, which is used to control things such as water plants and oil refineries, has some massive, massive security flaws.

The big flaw has to do with accessing the PLC (programmable logic controller) from a remote source.The PLC does not have any security restrictions that prevent it from being remotely accessed. Because of this, any computer with the capability of communicating with the PLC is able to issue commands to the PLC. These commands can do things like take control of the system or to stop the system from operating altogether.

A researcher from Digital Bond originally created the code that allowed for these security attacks. This researcher, Reid Wightman, says that the purpose of the research was to urge or even force the companies creating these vulnerable technologies to fix these critical issues because they can turn out to have disastrous consequences. Digital Bond has continued to, and is likely to continue in the future, release new modules of code that are able to exploit other vulnerabilities in similar products and software systems.

#StopSpam

http://arstechnica.com/business/news/2012/04/twitter-sues-spam-tool-providers-and-the-people-who-use-them.ars

Hallelujah, thank you Twitter! As Facebook keeps getting spammier (spammier is a word I just coined), Twitter is actually taking steps to become less spammy. They are going directly to the source, and suing the companies that create software that helps propagate spam.

By doing this, Twitter is making a serious statement that spam should be stopped. This shows that Twitter really does care about its users, and wants their product to be as high-quality as possible. Twitter is going after five of the top providers of spam-related-toolery, as well as the people who buy and use these tools.

There are 340 million tweets posted to Twitter every day. That means that, even if only 1% of tweets are posted by spambots (which is probably a conservative estimate), that there are stil l340 thousand of these spam tweets, or spweets, every day. In addition to their legal actions, Twitter is also enforcing other security measures, including building in functionality to their URL-shortener that will block links to malware and other dangerous content.

Occupy Wall Street (Through Hacking)

http://www.huffingtonpost.com/2012/03/28/cybercrime-financial-sector_n_1385029.html?ref=cybersecurity

Did you know that in 2009, financial service firms reported zero cybercrime? Yeah , I'm not making that up! Zero cybercrime! And now, just three years later, cybercrime accounts for 38% of economic crime that financial service companies have experienced. So why the sudden jump? Read on...

Well, as it turns out, this data is probably flawed. According to other research cited in the article, the reason that cybercrime was not reported in 2009 was due to a lack of detection of the crime taking place. This largely had to do with the companies either lacking the proper security software, or the employees lacking the training to be able to detect cybercrime, or both.

However, the data it still striking, and there definitely has been a large increase in cybercrime on the financial spectrum since 2009. This is thought to have to do with the economic downturn in recent years. Even street gangs like the Bloods and Crips have apparently stopped bashing people in the head, and instead have turned the attention to learning Bash so they can breach security systems for monetary gain. 

It seems that this is a problem that could get much worse in coming years. Based on the reading I did, it seems to me that companies and judiciaries are woefully in the dark when it comes to the risk that cybercrime poses. I mean, we live in the Internet age, where most records are kept electronically, and if someone can hack into the computer systems for these major financial instutions, then that is obviously a serious problem. Companies should probably start taking this threat more seriously, and place some time and money into the problem now, rather than having something bad happen to them, and losing much, much more time and money in the end.

Mac Attack!

http://arstechnica.com/apple/news/2012/03/james-bond-style-malware-attacks-come-to-the-mac.ars


It turns out that Mac OSX, Apple's operating system, is turning out to have more security vulnerabilities than previously thought. Once touted as the ultra-secure alternative to Microsoft's Windows operating system, more and more security issues are beginning to come out. What specific problems are being found? Read on...


The OSX problems that have been found rely on vulnerabilities found in Microsoft Office and the Java framework. The backdoor trojans, which were used to target pro-Tibetan organizations, install unbeknownst to the user and send information about the user's machine to the attacker's server. The attacker is then able to use this information to remotely issue Unix commands that affect the attacker's machine (Mac is Unix-based, after all). These attacks signify an increased shift from hackers targeting nearly only Windows machines to hackers targeting both Windows and Mac machines. 


These sorts of vulnerabilities certainly could have major ramifications. The article mentions that companies as large as Google have been switching many of their computers from Windows machines to Mac machines for the specific purpose of avoiding these sorts of security issues, which Macs were previously thought to not be subject to. Again, this illustrates the trend of writers of malicious software putting more emphasis on Mac OSX. Ironic, isn't it?

FCC: Fighting Computer Crime

http://arstechnica.com/business/news/2012/03/fcc-publishes-voluntary-code-of-isp-conduct-to-combat-botnets.ars

The FCC, or as I like to call them, the Factory of Crazy Censorship, has done something good! They have given something solid and measurable to the field of Internet security. This might actually be one of the biggest steps in security taken recently, and certainly deserves praise.

So what did the FCC actually do? A council in the FCC, the third Communications, Security. Reliability, and Interoperability Council, created a code that describes in details steps that must be taken by ISPs to fight botnets. Now, this code is voluntary, but major communications companies such as AT&T, Sprint, and Time Warner cable have already agreed to follow this code, granting them a position on a list maintained by the FCC that is essentially a "safe list."

This code has already been shown to have an impact. According to the working group who drafted the code, benefits included "fewer class to help desks from customers with infected machines, reduced upstream bandwidth consumption from denial-of-service attacks and spam, increased customer goodwill, and a drop in spam-related complaints from other ISPs." This is real, demonstrable data that touches on a wide variety of important Internet security issues. Hopefully, more major companies will adopt these rules, and the web will be a safer place!

if(year == 2011) { hacktivists > cybercriminals }

http://www.wired.com/threatlevel/2012/03/hacktivists-beat-cybercriminals/

So, it turns out that in 2011, hacktivists have overtaken cybercriminals in terms of the amount of data collected. According to the Verizon 2012 Data Breach Investigations Report, over 100 million (out of 174 million) stolen records were stolen by hacktivist groups in 2011. Is this a good thing?

This is a completely subjective issue, and depends on people's subjective opinions of the political and social agendas of these hacktivist groups. On one hand, these groups often point out gaping security holes, which then get patched, but on the other hand, some these groups are at best annoying and at worst destructive.

Obviously, the hacktivist group with the most name recognition is Anonymous. Surprisingly, this article doesn't mention Anonymous at all. This could be because Anonymous relies largely on denial-of-service attacks, rather than attacks that require more technical computer knowledge. The article does mention that the reason that the amount of data that hacktivists may have collected so much more data than cybercriminals is because hacktivists often target large organizations or government agencies (usually to further the political agenda of the hacktivist group), while cybercriminals are more likely to attack smaller businesses that have weak security systems.

So how do we judge this information? After reading the article, I'm not convinced as to who is worse. On one hand, cybercriminals clearly do more damage to individuals, especially business owners and employees. However, hacktivist groups could pose a larger-scale threat, due to their ability to disrupt larger agencies. It makes one think... where do we draw the line between hacktivism and cybercrime?

Your Android Is Safe

http://www.wired.com/threatlevel/2012/03/fbi-android-phone-lock/ 

In recent years, the popularity and power of smartphones has been growing exponentially. The two largest competitors in the smart phone market, in terms of software, are Google's Android and Apple's iOS. Since smartphones are basically miniature web-enabled computers, the security of the information that is stored on one's smartphone is obviously a huge issue. While we often find that security solutions offered by major companies are subpar, in the case of Android, it has been proven that its built in security feature is quite good.

Android's built in security mechanism, which prevents any data on your phone from being accessed, is pattern based. It consists of a 3 x 3 grid, and the owner of the phone initially programs in a pattern in a "connect-the-dots" fashion. Any time the user wants to unlock the phone, the correct pattern must be drawn on the phone screen. If the pattern is attempted and failed several times, the pattern mechanism will be "locked out," and the user will be required to enter the Google email and password that corresponds to the phone. Not only is the pattern-based mechanism extremely difficult to guess, but the lockout feature prevents someone from attempting to unlock the phone by using brute force to try every different possibility.

The article specifically talks about a case in which forensics experts from the FBI were attempting to unlock a Samsung Exhibit II phone (which runs Android) that is suspected to belong to a San Diego-based prostitution pimp, but were unable to crack the password. The security of an effective built-in security mechanism, such as Android's pattern-based mechanism, is critical because many states allow authorities access to a suspect's mobile phone upon arrest. This can help prevent innocent people, or who people who have been arrested for crimes that do not require invasion of privacy to determine innocence, from having their personal information looked at. Currently, in the case in question, the FBI is attempting to have Google override the lockout feature so that they can access the phone. 

Ruby on Rails Fails

http://arstechnica.com/business/news/2012/03/hacker-commandeers-github-to-prove-vuln-in-ruby.ars
http://erratasec.blogspot.com/2012/03/rubygithub-hack-translated.html

A huge flaw in Ruby on Rails has been pointed out. Ruby on Rails is a popular web-application framework that is based on the Ruby programming language. Rails aims to be an all-encompassing framework that attempts to address all aspects of the web development process. This sounds good, right? However, in order for something like this to work, all of the pieces have to actually be designed well, to work securely. This is the basis for the security flaw that was pointed out.

The flaw in question was pointed out by the Russian hacker Egor Homakov. Homakov discovered the flaw, which had to do with "mass assignment." Mass assignment introduces a security flaw because it potentially allows hackers to add parameters to webrequests that shouldn't be there. This hole, which Homakov pointed out several days prior to his attack, is a known security flaw, and can allow hackers to gain administrator rights on some websites that are built with Ruby on Rails.

After an unsuccessful bug report, Homakov decided that he would make his point by showing how serious the security flaw could be. By exploiting this flaw, Homakov was able to gain administrator rights to GitHub.com, one of the largest source code repository hosts there is (ironically, the source code for Ruby on Rails is hosted on GitHub). This allowed Homakov to have complete control over the site. Luckily, he didn't do anything malicious, but the possibility of extremely destructive activity was certainly there. All Homakov did, appropriately enough, was add a comment regarding the security problem in the Ruby on Rails source code. GitHub quickly patched the security problem in there website, but it is still clear that the possibility for security problems like this in other websites running on Ruby on Rails should be a huge concern. As of now, the flaw has not been fixed.

Just How Protected Is Your Laptop?

http://www.wired.com/threatlevel/2012/02/laptop-decryption-appeal-rejected/

As an owner of a laptop computer (which I, of course, password-protect), I generally view the contents of my laptop as secure and inaccessible to anyone other than myself. I also believe that, as an American citizen, the privacy and security of the contents of my laptop is a right that I should have by necessity. My laptop is my property, therefore, the files on my laptop are my property. However, not everyone can lay claim to having that right consistently protected.

Now, I am not going to make a decision as to whether or not the court ruling discussed in this article was ethical or not. To sum it up briefly, a woman who was accused of bank fraud was ordered to decrypt the contents of her laptop, as it is assumed that there is information on the laptop that could be used as evidence against her. This sort of case is quite rare, and there is not much legal precedent for it. Because of this fact, the decision by the court was quite difficult, and it was certainly not something that would be referred to as an "open and shut case."

As the ruling stands, the future of the case is still somewhat unclear. The ruling was that the woman who was accused is required to decrypt her laptop within a month's time. However, if she does not unlock the laptop within a month, what will happen next is still up in the air. She is currently trying to use the defense that she forgot her password... which, in my opinion, is a lie. If you are skilled enough to commit bank fraud, you can remember a password. To add to the difficulty of the case, the encryption technique that is used on the laptop would likely make a computer-assisted password break take possibly up to decades. It's certainly a unique case that will likely stand as a precedent for similar future cases.

The Machine Is Watching You

http://arstechnica.com/business/news/2012/02/schneier-gov-big-data-pose-bigger-net-threat-than-criminals.ars

Remember that diatribe that I wrote against Google a few weeks back? It turns out this isn't some fringe idea that Google has major, major problems. In fact, one of the largest figures in the field of computer security has openly stated similar, and even more harsh, ideas. Bruce Schneier, who is sometimes referred to as the "security guru," has recently come out against several large companies, including Google.

As the article explains, Schneier has publicly stated his discontent with many major technology agencies. These include companies such as Apple, Amazon, Facebook, and Google. The reasoning behind this, Schneier believes, is that companies such as Apple and Google have the technological capabilities and influence to actually affect the makeup of the Internet itself. Additionally, these companies are perceived by the public as legitimate experts in the field of technology, which allows them to get away with certain behaviors that other companies would not be able to get away with.

If you didn't read my last article, the particular behaviors that Scheier is referring to are various forms of data collection. We all know that Google and Facebook are huge offenders in this field, but I can guarantee that many fewer people are concerned about the data collection of Apple and Amazon. Schneier refers to the phenomena of customers trusting these major technological companies to not doing anything bad. Schneier calls this model "feudal security," and believe that it is furthered by the reliability that these companies offer in their services.

John McCain Makes My Brain Have Pain

http://www.wired.com/threatlevel/2012/02/cybersecurity-act-of-2012/

John McCain, who has admitted to the media that he is "illiterate" when it comes to the Internet and computers, once again thinks he can regulate... the Internet? How does this make any sense? Does Joe Camel regulate the Food and Drug Administration? No. So why does John McCain think he can regulate the Internet? I don't know, but here are some more details on the story.

A little background on the legislation in question: a bill has been proposed in the senate that will attempt to address the urgent security problems facing the critical infrastructure of this country. This bill seemed liked it was going to pass; however, John McCain and seven other senators came out against the bill, and said that were going to come out with a new piece of legislation sometime within the next two weeks. According to McCain, the bill would be ineffective because it wouldn't grant authority to the U.S. Cybercommand and the National Security Agency. While this at first seems like a legitimate concern, one has to simply take a look at the piece of legislation actually in question to see why this concern is in fact illegitimate.

The bill in question does not grant authority to the U.S. Cybercommand or the National Security Agency, but it does grant authority to the Department of Homeland Security. Coincidentally, the most recent budget request for the Department of Homeland Security's cybersecurity efforts has been increased to $769 million. According to the article, "critical infrastructure entities would be allowed to determine how best to meet the standards based on the nature of their business sector, but they would be required to certify annually that they do meet them." To me, this just sounds like a compromise that will likely be better than the NSA having absolute control over infrastructure. This legislation likely will pass, and we will just have to wait and see how it works.

Tor: Thwarting Oppressive Regimes

http://arstechnica.com/tech-policy/news/2012/02/iran-reportedly-blocking-encrypted-internet-traffic.ars
http://arstechnica.com/tech-policy/news/2012/02/tors-latest-project-helps-iran-get-back-online-amidst-internet-censorship-regime.ars?src=fbk

Should what people do on the Internet be policed? I think under most circumstances, and I think that most people would agree with me, no. The Internet is, by its very nature, a free technology (both free as in beer, and free as in speech). The primary objective of the Internet is to facilitate the rapid and easy exchange of information and communication. Unfortunately, because of the young age and rapid development of the Internet and Internet-related technologies, the Internet, like highways or streets, is policed.

Particularly, oppressive regimes can't get enough of restricting and policing the Internet usage of their citizens. Currently, the country generating the most negative buzz in this area is Iran. A statement by an Iranian resident, posted on Hacker news, reads "Since Thursday Iranian government has shutted [sic] down the https protocol which has caused almost all google services (gmail, and google.com itself) to become inaccessible. Almost all websites that run on Google APIs (like wolfram alpha) won't work. Accessing to any website that relies on https (just imaging how many websites use this protocol, from Arch Wiki to bank websites). Also accessing many proxies is also impossible." Anyone who uses the Internet knows that Google is to the Internet what The Beatles were to rock music; it would still exist without them, but it would be much worse. Right now, I'm running Chrome, Google's web browser, and using Blogger, Google's web app for blogging. But, as the Iranian citizen said, the Iranian government has blocked not only Google's services, but any website using the https protocol. This blocks access to an enormous part of the Internet.

Luckily, computer programmers and people in technology tend to be good people (although I will admit to being a little biased towards them). This brings me to the Tor network. Without going into too many technical details, the Tor network allows for anonymous Internet access through encryption. Because Tor relies on encryption to function, this blocking of encrypted data by the Iranian government had a massive negative effect on Tor usage. According to the second news story, Tor users in Iran dropped from around 50,000 on February 8th to almost zero on February 10th. Thankfully, some geniuses created a bridge called obfsproxy, which disguises encrypted traffic as regular traffic.

Though Tor connections in Iran are currently on the rise, it is unsure whether on not this is due to obfsproxy or due to the Iranian government lessening their censorship. Whatever the case may be, it is clear that obfsproxy has played some role in preserving the anonymity of Iranians. So, Tor and obfsproxy, for that, I commend you.

And Now For Something Completely Ironic

http://www.wired.com/threatlevel/2012/02/interactive-web-patent/

You are being watched. Right now. And who do you have to thank? Wait for it.... a home security camera company! That's right, a company that designs security systems, that are supposed to be set in your home, the most secure and safe place you can possibly be, has failed on the highest level. Meet Trendnet, a company that, hopefully, you won't be hearing much about anymore. According to the article, "A flaw in home security cameras made by Trendnet potentially exposed thousands of customers to hackers who could access the live video feeds without a password."

Oh, and this isn't some flaw that was discovered by some great hacker prodigy with a state of the art computer system. Au contraire, it was discovered by a blogger named "someLuser" who was able to get into vulnerable camera systems by using a search engine. Following this blogger's post, over 600 cameras were accesssed, with pictures from the video feeds being posted online (see the pictures in the article). Some of the cameras accessed were even in children's bedrooms.

And here's the worst part: the cameras did not originally have the problem. The bug only surfaced after code was added in 2010 (which was 2 years ago, by the way). Is there a bright side to this story? Nope, unless you consider the fact the company intends to "update the firmware to correct the problem" enough to count as a bright side. Are you ready for the ultimate irony, though? If you go to www.trendnet.com, the title of the site reads "TRENDnet: Networks People Trust." Yeah... not anymore, they don't.

The call may not be coming from inside the house, but the video feed might be.

Google: Pretty Poor Privacy Policies

http://arstechnica.com/gadgets/news/2012/02/privacy-group-demands-ftc-force-google-to-roll-back-privacy-policy-changes.ars

Ah, Google. Why do you have to make such quality products, but have such poor privacy policies? Once again, I am torn in how I feel about being one of the many Google users in the world. It seems to me that, as the quality of Google's products and services go up, the protection of its privacy policies goes down. As a self-admitted Android, Chrome, YouTube, Gmail, Maps, Navigation, and Google search (does anyone remember the old days when Google was just a search engine?) addict, I'm not about to stop using my Google products anytime soon. Hell, I'm writing this blog on Blogger, which has been owned by Google for nearly ten years, and so far, it has been a great platform for blogging on. However, the recent changes to their privacy policies has made me take a step back and be more aware of where my information is actually going.

Google claims that their new privacy policies are intended to, essentially, allow their products and services to work better together, and to be more integrated to allow for unique inter-application functionality. Let me just say, as someone who has used, or currently uses, nearly every product Google has to offer (including the criminally underused Google+), that Google's product integration is fine as it is! Google uses the bizarre example of using their GPS app in tandem with their Calendar app to alert you if you will be late to an appointment if you're too distant from a meeting location. What an incredibly useful feature! If my GPS doesn't tell me I'm late to an appointment, I just assume I'm always on time! Thank you, o Google wizards, for telling time for me, despite having a clock built into the phone. You are not being innovative by implementing features that have no need to be implemented in the first place.


If this is the shining example that Google wants to use to justify their weakened privacy policies, then I'll happily take the better privacy protection over the "magical GPS that tells time." According to EPIC (the Electronic Privacy Information Center), referenced in the article, Google's new privacy policy would, in regards to third parties (everyone except Google and its subsidiaries), "make it possible to  gain access to personal information which was previously unavailable to them." I am getting sick and tired of Google tracking my every move on the Internet and selling my browsing data. Google, just stop for a moment and listen: you're one of the largest companies in the world, you're likely the most profitable company on the Internet, and you are doing just fine. Your homepage is the most visited page on the Internet, so advertisers are already paying top dollar to advertise. You do not need to sell out the data of your loyal customers, just be happy with the mountains of cash you already have.

Sincerely,
Patrick J. Thomas

Welcome!

Hello! Welcome to my blog.

The purpose of this blog is to cover the latest and greatest (or often worst) news stories involving computer security, from hackers to copyright laws to information warfare. I'll be updating it weekly, and using the most accurate and credible sources. Hopefully, by reading the stories on this blog, you'll not only be informed of current events in computer security, but you'll also become more aware of how to protect yourself in this modern, technological society.

Stay safe, and enjoy the blog!
  - Patrick J. Thomas