http://www.wired.com/threatlevel/2012/02/laptop-decryption-appeal-rejected/
As an owner of a laptop computer (which I, of course, password-protect), I generally view the contents of my laptop as secure and inaccessible to anyone other than myself. I also believe that, as an American citizen, the privacy and security of the contents of my laptop is a right that I should have by necessity. My laptop is my property, therefore, the files on my laptop are my property. However, not everyone can lay claim to having that right consistently protected.
Now, I am not going to make a decision as to whether or not the court ruling discussed in this article was ethical or not. To sum it up briefly, a woman who was accused of bank fraud was ordered to decrypt the contents of her laptop, as it is assumed that there is information on the laptop that could be used as evidence against her. This sort of case is quite rare, and there is not much legal precedent for it. Because of this fact, the decision by the court was quite difficult, and it was certainly not something that would be referred to as an "open and shut case."
As the ruling stands, the future of the case is still somewhat unclear. The ruling was that the woman who was accused is required to decrypt her laptop within a month's time. However, if she does not unlock the laptop within a month, what will happen next is still up in the air. She is currently trying to use the defense that she forgot her password... which, in my opinion, is a lie. If you are skilled enough to commit bank fraud, you can remember a password. To add to the difficulty of the case, the encryption technique that is used on the laptop would likely make a computer-assisted password break take possibly up to decades. It's certainly a unique case that will likely stand as a precedent for similar future cases.
Thursday, February 23, 2012
The Machine Is Watching You
http://arstechnica.com/business/news/2012/02/schneier-gov-big-data-pose-bigger-net-threat-than-criminals.ars
Remember that diatribe that I wrote against Google a few weeks back? It turns out this isn't some fringe idea that Google has major, major problems. In fact, one of the largest figures in the field of computer security has openly stated similar, and even more harsh, ideas. Bruce Schneier, who is sometimes referred to as the "security guru," has recently come out against several large companies, including Google.
As the article explains, Schneier has publicly stated his discontent with many major technology agencies. These include companies such as Apple, Amazon, Facebook, and Google. The reasoning behind this, Schneier believes, is that companies such as Apple and Google have the technological capabilities and influence to actually affect the makeup of the Internet itself. Additionally, these companies are perceived by the public as legitimate experts in the field of technology, which allows them to get away with certain behaviors that other companies would not be able to get away with.
If you didn't read my last article, the particular behaviors that Scheier is referring to are various forms of data collection. We all know that Google and Facebook are huge offenders in this field, but I can guarantee that many fewer people are concerned about the data collection of Apple and Amazon. Schneier refers to the phenomena of customers trusting these major technological companies to not doing anything bad. Schneier calls this model "feudal security," and believe that it is furthered by the reliability that these companies offer in their services.
Remember that diatribe that I wrote against Google a few weeks back? It turns out this isn't some fringe idea that Google has major, major problems. In fact, one of the largest figures in the field of computer security has openly stated similar, and even more harsh, ideas. Bruce Schneier, who is sometimes referred to as the "security guru," has recently come out against several large companies, including Google.
As the article explains, Schneier has publicly stated his discontent with many major technology agencies. These include companies such as Apple, Amazon, Facebook, and Google. The reasoning behind this, Schneier believes, is that companies such as Apple and Google have the technological capabilities and influence to actually affect the makeup of the Internet itself. Additionally, these companies are perceived by the public as legitimate experts in the field of technology, which allows them to get away with certain behaviors that other companies would not be able to get away with.
If you didn't read my last article, the particular behaviors that Scheier is referring to are various forms of data collection. We all know that Google and Facebook are huge offenders in this field, but I can guarantee that many fewer people are concerned about the data collection of Apple and Amazon. Schneier refers to the phenomena of customers trusting these major technological companies to not doing anything bad. Schneier calls this model "feudal security," and believe that it is furthered by the reliability that these companies offer in their services.
Thursday, February 16, 2012
John McCain Makes My Brain Have Pain
http://www.wired.com/threatlevel/2012/02/cybersecurity-act-of-2012/
John McCain, who has admitted to the media that he is "illiterate" when it comes to the Internet and computers, once again thinks he can regulate... the Internet? How does this make any sense? Does Joe Camel regulate the Food and Drug Administration? No. So why does John McCain think he can regulate the Internet? I don't know, but here are some more details on the story.
A little background on the legislation in question: a bill has been proposed in the senate that will attempt to address the urgent security problems facing the critical infrastructure of this country. This bill seemed liked it was going to pass; however, John McCain and seven other senators came out against the bill, and said that were going to come out with a new piece of legislation sometime within the next two weeks. According to McCain, the bill would be ineffective because it wouldn't grant authority to the U.S. Cybercommand and the National Security Agency. While this at first seems like a legitimate concern, one has to simply take a look at the piece of legislation actually in question to see why this concern is in fact illegitimate.
The bill in question does not grant authority to the U.S. Cybercommand or the National Security Agency, but it does grant authority to the Department of Homeland Security. Coincidentally, the most recent budget request for the Department of Homeland Security's cybersecurity efforts has been increased to $769 million. According to the article, "critical infrastructure entities would be allowed to determine how best to meet the standards based on the nature of their business sector, but they would be required to certify annually that they do meet them." To me, this just sounds like a compromise that will likely be better than the NSA having absolute control over infrastructure. This legislation likely will pass, and we will just have to wait and see how it works.
John McCain, who has admitted to the media that he is "illiterate" when it comes to the Internet and computers, once again thinks he can regulate... the Internet? How does this make any sense? Does Joe Camel regulate the Food and Drug Administration? No. So why does John McCain think he can regulate the Internet? I don't know, but here are some more details on the story.
A little background on the legislation in question: a bill has been proposed in the senate that will attempt to address the urgent security problems facing the critical infrastructure of this country. This bill seemed liked it was going to pass; however, John McCain and seven other senators came out against the bill, and said that were going to come out with a new piece of legislation sometime within the next two weeks. According to McCain, the bill would be ineffective because it wouldn't grant authority to the U.S. Cybercommand and the National Security Agency. While this at first seems like a legitimate concern, one has to simply take a look at the piece of legislation actually in question to see why this concern is in fact illegitimate.
The bill in question does not grant authority to the U.S. Cybercommand or the National Security Agency, but it does grant authority to the Department of Homeland Security. Coincidentally, the most recent budget request for the Department of Homeland Security's cybersecurity efforts has been increased to $769 million. According to the article, "critical infrastructure entities would be allowed to determine how best to meet the standards based on the nature of their business sector, but they would be required to certify annually that they do meet them." To me, this just sounds like a compromise that will likely be better than the NSA having absolute control over infrastructure. This legislation likely will pass, and we will just have to wait and see how it works.
Tor: Thwarting Oppressive Regimes
http://arstechnica.com/tech-policy/news/2012/02/iran-reportedly-blocking-encrypted-internet-traffic.ars
http://arstechnica.com/tech-policy/news/2012/02/tors-latest-project-helps-iran-get-back-online-amidst-internet-censorship-regime.ars?src=fbk
Should what people do on the Internet be policed? I think under most circumstances, and I think that most people would agree with me, no. The Internet is, by its very nature, a free technology (both free as in beer, and free as in speech). The primary objective of the Internet is to facilitate the rapid and easy exchange of information and communication. Unfortunately, because of the young age and rapid development of the Internet and Internet-related technologies, the Internet, like highways or streets, is policed.
Particularly, oppressive regimes can't get enough of restricting and policing the Internet usage of their citizens. Currently, the country generating the most negative buzz in this area is Iran. A statement by an Iranian resident, posted on Hacker news, reads "Since Thursday Iranian government has shutted [sic] down the https protocol which has caused almost all google services (gmail, and google.com itself) to become inaccessible. Almost all websites that run on Google APIs (like wolfram alpha) won't work. Accessing to any website that relies on https (just imaging how many websites use this protocol, from Arch Wiki to bank websites). Also accessing many proxies is also impossible." Anyone who uses the Internet knows that Google is to the Internet what The Beatles were to rock music; it would still exist without them, but it would be much worse. Right now, I'm running Chrome, Google's web browser, and using Blogger, Google's web app for blogging. But, as the Iranian citizen said, the Iranian government has blocked not only Google's services, but any website using the https protocol. This blocks access to an enormous part of the Internet.
Luckily, computer programmers and people in technology tend to be good people (although I will admit to being a little biased towards them). This brings me to the Tor network. Without going into too many technical details, the Tor network allows for anonymous Internet access through encryption. Because Tor relies on encryption to function, this blocking of encrypted data by the Iranian government had a massive negative effect on Tor usage. According to the second news story, Tor users in Iran dropped from around 50,000 on February 8th to almost zero on February 10th. Thankfully, some geniuses created a bridge called obfsproxy, which disguises encrypted traffic as regular traffic.
Though Tor connections in Iran are currently on the rise, it is unsure whether on not this is due to obfsproxy or due to the Iranian government lessening their censorship. Whatever the case may be, it is clear that obfsproxy has played some role in preserving the anonymity of Iranians. So, Tor and obfsproxy, for that, I commend you.
http://arstechnica.com/tech-policy/news/2012/02/tors-latest-project-helps-iran-get-back-online-amidst-internet-censorship-regime.ars?src=fbk
Should what people do on the Internet be policed? I think under most circumstances, and I think that most people would agree with me, no. The Internet is, by its very nature, a free technology (both free as in beer, and free as in speech). The primary objective of the Internet is to facilitate the rapid and easy exchange of information and communication. Unfortunately, because of the young age and rapid development of the Internet and Internet-related technologies, the Internet, like highways or streets, is policed.
Particularly, oppressive regimes can't get enough of restricting and policing the Internet usage of their citizens. Currently, the country generating the most negative buzz in this area is Iran. A statement by an Iranian resident, posted on Hacker news, reads "Since Thursday Iranian government has shutted [sic] down the https protocol which has caused almost all google services (gmail, and google.com itself) to become inaccessible. Almost all websites that run on Google APIs (like wolfram alpha) won't work. Accessing to any website that relies on https (just imaging how many websites use this protocol, from Arch Wiki to bank websites). Also accessing many proxies is also impossible." Anyone who uses the Internet knows that Google is to the Internet what The Beatles were to rock music; it would still exist without them, but it would be much worse. Right now, I'm running Chrome, Google's web browser, and using Blogger, Google's web app for blogging. But, as the Iranian citizen said, the Iranian government has blocked not only Google's services, but any website using the https protocol. This blocks access to an enormous part of the Internet.
Luckily, computer programmers and people in technology tend to be good people (although I will admit to being a little biased towards them). This brings me to the Tor network. Without going into too many technical details, the Tor network allows for anonymous Internet access through encryption. Because Tor relies on encryption to function, this blocking of encrypted data by the Iranian government had a massive negative effect on Tor usage. According to the second news story, Tor users in Iran dropped from around 50,000 on February 8th to almost zero on February 10th. Thankfully, some geniuses created a bridge called obfsproxy, which disguises encrypted traffic as regular traffic.
Though Tor connections in Iran are currently on the rise, it is unsure whether on not this is due to obfsproxy or due to the Iranian government lessening their censorship. Whatever the case may be, it is clear that obfsproxy has played some role in preserving the anonymity of Iranians. So, Tor and obfsproxy, for that, I commend you.
Thursday, February 9, 2012
And Now For Something Completely Ironic
http://www.wired.com/threatlevel/2012/02/interactive-web-patent/
You are being watched. Right now. And who do you have to thank? Wait for it.... a home security camera company! That's right, a company that designs security systems, that are supposed to be set in your home, the most secure and safe place you can possibly be, has failed on the highest level. Meet Trendnet, a company that, hopefully, you won't be hearing much about anymore. According to the article, "A flaw in home security cameras made by Trendnet potentially exposed thousands of customers to hackers who could access the live video feeds without a password."
Oh, and this isn't some flaw that was discovered by some great hacker prodigy with a state of the art computer system. Au contraire, it was discovered by a blogger named "someLuser" who was able to get into vulnerable camera systems by using a search engine. Following this blogger's post, over 600 cameras were accesssed, with pictures from the video feeds being posted online (see the pictures in the article). Some of the cameras accessed were even in children's bedrooms.
And here's the worst part: the cameras did not originally have the problem. The bug only surfaced after code was added in 2010 (which was 2 years ago, by the way). Is there a bright side to this story? Nope, unless you consider the fact the company intends to "update the firmware to correct the problem" enough to count as a bright side. Are you ready for the ultimate irony, though? If you go to www.trendnet.com, the title of the site reads "TRENDnet: Networks People Trust." Yeah... not anymore, they don't.
The call may not be coming from inside the house, but the video feed might be.
You are being watched. Right now. And who do you have to thank? Wait for it.... a home security camera company! That's right, a company that designs security systems, that are supposed to be set in your home, the most secure and safe place you can possibly be, has failed on the highest level. Meet Trendnet, a company that, hopefully, you won't be hearing much about anymore. According to the article, "A flaw in home security cameras made by Trendnet potentially exposed thousands of customers to hackers who could access the live video feeds without a password."
Oh, and this isn't some flaw that was discovered by some great hacker prodigy with a state of the art computer system. Au contraire, it was discovered by a blogger named "someLuser" who was able to get into vulnerable camera systems by using a search engine. Following this blogger's post, over 600 cameras were accesssed, with pictures from the video feeds being posted online (see the pictures in the article). Some of the cameras accessed were even in children's bedrooms.
And here's the worst part: the cameras did not originally have the problem. The bug only surfaced after code was added in 2010 (which was 2 years ago, by the way). Is there a bright side to this story? Nope, unless you consider the fact the company intends to "update the firmware to correct the problem" enough to count as a bright side. Are you ready for the ultimate irony, though? If you go to www.trendnet.com, the title of the site reads "TRENDnet: Networks People Trust." Yeah... not anymore, they don't.
The call may not be coming from inside the house, but the video feed might be.
Google: Pretty Poor Privacy Policies
http://arstechnica.com/gadgets/news/2012/02/privacy-group-demands-ftc-force-google-to-roll-back-privacy-policy-changes.ars
Ah, Google. Why do you have to make such quality products, but have such poor privacy policies? Once again, I am torn in how I feel about being one of the many Google users in the world. It seems to me that, as the quality of Google's products and services go up, the protection of its privacy policies goes down. As a self-admitted Android, Chrome, YouTube, Gmail, Maps, Navigation, and Google search (does anyone remember the old days when Google was just a search engine?) addict, I'm not about to stop using my Google products anytime soon. Hell, I'm writing this blog on Blogger, which has been owned by Google for nearly ten years, and so far, it has been a great platform for blogging on. However, the recent changes to their privacy policies has made me take a step back and be more aware of where my information is actually going.
Google claims that their new privacy policies are intended to, essentially, allow their products and services to work better together, and to be more integrated to allow for unique inter-application functionality. Let me just say, as someone who has used, or currently uses, nearly every product Google has to offer (including the criminally underused Google+), that Google's product integration is fine as it is! Google uses the bizarre example of using their GPS app in tandem with their Calendar app to alert you if you will be late to an appointment if you're too distant from a meeting location. What an incredibly useful feature! If my GPS doesn't tell me I'm late to an appointment, I just assume I'm always on time! Thank you, o Google wizards, for telling time for me, despite having a clock built into the phone. You are not being innovative by implementing features that have no need to be implemented in the first place.
If this is the shining example that Google wants to use to justify their weakened privacy policies, then I'll happily take the better privacy protection over the "magical GPS that tells time." According to EPIC (the Electronic Privacy Information Center), referenced in the article, Google's new privacy policy would, in regards to third parties (everyone except Google and its subsidiaries), "make it possible to gain access to personal information which was previously unavailable to them." I am getting sick and tired of Google tracking my every move on the Internet and selling my browsing data. Google, just stop for a moment and listen: you're one of the largest companies in the world, you're likely the most profitable company on the Internet, and you are doing just fine. Your homepage is the most visited page on the Internet, so advertisers are already paying top dollar to advertise. You do not need to sell out the data of your loyal customers, just be happy with the mountains of cash you already have.
Sincerely,
Patrick J. Thomas
Ah, Google. Why do you have to make such quality products, but have such poor privacy policies? Once again, I am torn in how I feel about being one of the many Google users in the world. It seems to me that, as the quality of Google's products and services go up, the protection of its privacy policies goes down. As a self-admitted Android, Chrome, YouTube, Gmail, Maps, Navigation, and Google search (does anyone remember the old days when Google was just a search engine?) addict, I'm not about to stop using my Google products anytime soon. Hell, I'm writing this blog on Blogger, which has been owned by Google for nearly ten years, and so far, it has been a great platform for blogging on. However, the recent changes to their privacy policies has made me take a step back and be more aware of where my information is actually going.
Google claims that their new privacy policies are intended to, essentially, allow their products and services to work better together, and to be more integrated to allow for unique inter-application functionality. Let me just say, as someone who has used, or currently uses, nearly every product Google has to offer (including the criminally underused Google+), that Google's product integration is fine as it is! Google uses the bizarre example of using their GPS app in tandem with their Calendar app to alert you if you will be late to an appointment if you're too distant from a meeting location. What an incredibly useful feature! If my GPS doesn't tell me I'm late to an appointment, I just assume I'm always on time! Thank you, o Google wizards, for telling time for me, despite having a clock built into the phone. You are not being innovative by implementing features that have no need to be implemented in the first place.
If this is the shining example that Google wants to use to justify their weakened privacy policies, then I'll happily take the better privacy protection over the "magical GPS that tells time." According to EPIC (the Electronic Privacy Information Center), referenced in the article, Google's new privacy policy would, in regards to third parties (everyone except Google and its subsidiaries), "make it possible to gain access to personal information which was previously unavailable to them." I am getting sick and tired of Google tracking my every move on the Internet and selling my browsing data. Google, just stop for a moment and listen: you're one of the largest companies in the world, you're likely the most profitable company on the Internet, and you are doing just fine. Your homepage is the most visited page on the Internet, so advertisers are already paying top dollar to advertise. You do not need to sell out the data of your loyal customers, just be happy with the mountains of cash you already have.
Sincerely,
Patrick J. Thomas
Monday, February 6, 2012
Welcome!
Hello! Welcome to my blog.
The purpose of this blog is to cover the latest and greatest (or often worst) news stories involving computer security, from hackers to copyright laws to information warfare. I'll be updating it weekly, and using the most accurate and credible sources. Hopefully, by reading the stories on this blog, you'll not only be informed of current events in computer security, but you'll also become more aware of how to protect yourself in this modern, technological society.
Stay safe, and enjoy the blog!
- Patrick J. Thomas
The purpose of this blog is to cover the latest and greatest (or often worst) news stories involving computer security, from hackers to copyright laws to information warfare. I'll be updating it weekly, and using the most accurate and credible sources. Hopefully, by reading the stories on this blog, you'll not only be informed of current events in computer security, but you'll also become more aware of how to protect yourself in this modern, technological society.
Stay safe, and enjoy the blog!
- Patrick J. Thomas
Subscribe to:
Posts (Atom)