Sunday, March 3rd, 2019 (
No comments yet)
The Washington Post reports that IE 7 will not have the long known flaw that allows a website to steal the data that may be hanging out in your clipboard.
For those who don't know, the clipboard is where anything you cut and paste hangs out. The trick is, it stays there until you cut or copy something else. So, if the last thing you copied was your tax record from one document to another and then you visit a nosy website, they could have all that data.
If it seems as stupid to you as it does to me that IE allowed this in the first place, then you'll understand why the security community knocks Microsoft products.
Tags:
Bad Design,
Internet Explorer,
Microsoft
Sunday, March 3rd, 2019 (
No comments yet)
The EFF (who is also the organization spearheading the lawsuits against AT&T) is now taking on the secret profiling program that has hit the news recently. From their e-newsletter:
The Automated Targeting System (ATS) creates and assigns "risk assessments" to tens of millions of citizens as they enter and leave the country. In November, DHS announced that the program would launch on December 4, but Homeland Security Secretary Michael Chertoff later admitted that the program had already been in operation for several years.
Under ATS, individuals have no way to access information about their "risk assessment" scores or to correct any false information about them. But while you cannot see your score, it will be made readily available to untold numbers of federal, state, local, and foreign agencies. The government will retain the data for 40 years.
Tags:
ATS,
Big Brother,
Citizen Profiling,
Homeland Security
Sunday, March 3rd, 2019 (
No comments yet)
In the CAGW newsletter, they report that:
In a widely-heralded and
very long-sought victory for CAGW and all taxpayers, the Treasury Department announced last May that it would stop collecting the excise tax on long distance telephone service. Known as the Spanish-American War Tax, this "temporary" tax on phone service, considered a luxury at the time, has survived for 108 years, far surpassing its raison d’etre, which lasted just four months. You can apply for a refund of the payment of that tax from 2003-2006 when you file your 2006 tax return next year.
Be sure to ask your accountant about this credit.
Tags:
Outdated Laws,
Taxes
Sunday, March 3rd, 2019 (
No comments yet)
In this article, they explain that the Government can use the laws the way they're written now to read any e-mail that is hosted on someone else's computer (like the servers at AOL, Google, Hotmail).
A man who was partially convicted based on his e-mails is suing saying that it's unconstitutional for them to read his e-mails without a warrant. While the case is in appeals, the arguments are that e-mail should have the same privacy protections as snail mail while the government cites several reasons why they can and should be able to read them.
Tags:
Big Brother,
Email
Sunday, March 3rd, 2019 (
No comments yet)
Schneier links to an article about RFID passports being cloned in under 5 minutes. The authorities have stopped denying it's possible and have shifted to denying that it can be used for any nefarious purposes.
The UK Home Office however dismissed the ability to get hold of the information on the chip. A spokesman said: "It is hard to see why anyone would want to access the information on the chip. " Other than the photograph, which could be obtained easily by other means, they would gain no information that they did not already have - so the whole exercise would be pointless: the only information stored on the ePassport chip is the basic information you can see on the personal details page."
Well, it sure is hard to see why anyone would want to see someone's credit report, criminal history, medical information, social security card, birth certificate… Are these people for real?
Tags:
Identity Theft,
Passports,
RFID,
Security Theater
Sunday, March 3rd, 2019 (
No comments yet)
Bruce Schnier found an intereting article in the NY Times about a bored computer science student wrote a webpage that printed nearly identical boarding passes to those used by Northwest Airlines. Using the fake passes, people were successfully able to bypass airport security. The important part of this article, is the fact that the student did no hacking, no cracking, no breaking of any system. All he did was make passes that looked real.
No cryptographic recipe was cracked; no airline computer system was compromised. Without visiting an airport, Mr. Soghoian needed access to nothing other than a public Web site to embarrass those responsible for airport security.
As security professionals have been saying for years, these measures make life difficult for law-abiding citizens, but do little to stop the bad guys.
Tags:
ID Check,
Security Theater,
TSA
Sunday, March 3rd, 2019 (
No comments yet)
In an amusing example of fake marketing, Sony created a fake website called "alliwantforchristmasisapsp" where two employees of their marketing firm pretended to be young, hip gamers who blogged about wanting a PSP.
According to the 1-up article on the debacle:
The tide began to turn against Sony's initiative after popular webcomic Penny-Arcade publicly outed the chicanery in a deliberate move to force a little transparency up ins. The Internet was quick to kick the
Tags:
Market Lies,
Marketing,
Scams - Ripoffs - Dirty Tricks,
Sony,
Viral Marketing
Sunday, March 3rd, 2019 (
No comments yet)
Consumer Affairs writes:
A laptop containing the personal information of 328,000 current and former employees of Boeing was stolen in Chicago, according to the company. The laptop theft was the third to befall Boeing in the past twelve months. Boeing is contacting the affected employees by mail and has promised to set up free credit monitoring for them through the Experian credit bureau.
Tags:
Boeing,
Identity Theft,
Lost Laptops,
Negligence,
Security Theater
Sunday, March 3rd, 2019 (
No comments yet)
cNet writes:
WASHINGTON–U.S. Department of Homeland Security Secretary Michael Chertoff on Thursday defended forthcoming national ID cards as vital for security and consistent with privacy rights.
From the article:
"Do you think your privacy is better protected if someone can walk around with phony docs with your name and your Social Security number, or is your privacy better protected if you have the confidence that the identification relied upon is in fact reliable and uniquely tied to a single individual?" Chertoff asked rhetorically.
Has anyone heard of false dilemma before? This is where you are presented with two choices when there are actually many. One choice is always extremely horrible to make the other seem reasonable. An example could be, "Would you rather put RFID in your credit cards or have a horde of violent viking warriors destroy your home and burn your family?"
| | False Dilemma choices are sometimes used accidentally, but are often a dirty trick to force people into agreeing or looking bad. Defeating them is only a matter of recognizing them when they're used and calling them out. |
Bottom line, do I have much trust that the government who brought us the RFID passport disaster and broken e-voting will get it right this time? No… no I don't.
Tags:
Big Brother,
RFID
Saturday, March 2nd, 2019 (
No comments yet)
Obligation Inc. is documenting the exploits of BusRadio, a company that is producing programming intended for play on school busses. From the Obligation.org page on the issue:
These men realize that once on a school bus, children are a captive audience. Any captive audience can be exploited by forcing them to hear advertising. So Steven Shulman and Michael Yanoff developed BusRadio and were greatly aided by the venture capital moneyman Robert Davoli of Sigma Partners. As far as I can tell, this is the first time Sigma has chosen to financially back a very controversial company.
Tags:
Kids,
Marketing,
Scams - Ripoffs - Dirty Tricks,
School Bus