(Image used under: Fair Use doctrine)

The Washington Post reports that IE 7 will not have the long known flaw that allows a website to steal the data that may be hanging out in your clipboard.

For those who don't know, the clipboard is where anything you cut and paste hangs out. The trick is, it stays there until you cut or copy something else. So, if the last thing you copied was your tax record from one document to another and then you visit a nosy website, they could have all that data.

If it seems as stupid to you as it does to me that IE allowed this in the first place, then you'll understand why the security community knocks Microsoft products.

Automated profiling at a distance. Very reassuring.

(Image is in the Public Domain)

The EFF (who is also the organization spearheading the lawsuits against AT&T) is now taking on the secret profiling program that has hit the news recently. From their e-newsletter:

The Automated Targeting System (ATS) creates and assigns "risk assessments" to tens of millions of citizens as they enter and leave the country. In November, DHS announced that the program would launch on December 4, but Homeland Security Secretary Michael Chertoff later admitted that the program had already been in operation for several years.

Under ATS, individuals have no way to access information about their "risk assessment" scores or to correct any false information about them. But while you cannot see your score, it will be made readily available to untold numbers of federal, state, local, and foreign agencies. The government will retain the data for 40 years.

100 years late. Better late than never?

(Image used under: Creative Commons 2.0 [SRC])

In the CAGW newsletter, they report that:

In a widely-heralded and very long-sought victory for CAGW and all taxpayers, the Treasury Department announced last May that it would stop collecting the excise tax on long distance telephone service. Known as the Spanish-American War Tax, this "temporary" tax on phone service, considered a luxury at the time, has survived for 108 years, far surpassing its raison d’etre, which lasted just four months. You can apply for a refund of the payment of that tax from 2003-2006 when you file your 2006 tax return next year.

Be sure to ask your accountant about this credit.

Keeping your mail private is not as easy as it should be.

(Image used under: Creative Commons 3.0 [SRC])

In this article, they explain that the Government can use the laws the way they're written now to read any e-mail that is hosted on someone else's computer (like the servers at AOL, Google, Hotmail).

A man who was partially convicted based on his e-mails is suing saying that it's unconstitutional for them to read his e-mails without a warrant. While the case is in appeals, the arguments are that e-mail should have the same privacy protections as snail mail while the government cites several reasons why they can and should be able to read them.

Wireless data is easy to steal. Why did we put it on our passports again?

(Image is in the Public Domain)

Schneier links to an article about RFID passports being cloned in under 5 minutes. The authorities have stopped denying it's possible and have shifted to denying that it can be used for any nefarious purposes.

The UK Home Office however dismissed the ability to get hold of the information on the chip. A spokesman said: "It is hard to see why anyone would want to access the information on the chip. " Other than the photograph, which could be obtained easily by other means, they would gain no information that they did not already have - so the whole exercise would be pointless: the only information stored on the ePassport chip is the basic information you can see on the personal details page."

Well, it sure is hard to see why anyone would want to see someone's credit report, criminal history, medical information, social security card, birth certificate… Are these people for real?

I never thought about it, but it's much easier to defeat TSA security than I realized.

(Image is in the Public Domain)

Bruce Schnier found an intereting article in the NY Times about a bored computer science student wrote a webpage that printed nearly identical boarding passes to those used by Northwest Airlines. Using the fake passes, people were successfully able to bypass airport security. The important part of this article, is the fact that the student did no hacking, no cracking, no breaking of any system. All he did was make passes that looked real.

No cryptographic recipe was cracked; no airline computer system was compromised. Without visiting an airport, Mr. Soghoian needed access to nothing other than a public Web site to embarrass those responsible for airport security.

As security professionals have been saying for years, these measures make life difficult for law-abiding citizens, but do little to stop the bad guys.

Hey there fellow kids. Who wants a PSP fur Realz?

(Image used under: Fair Use doctrine)

In an amusing example of fake marketing, Sony created a fake website called "alliwantforchristmasisapsp" where two employees of their marketing firm pretended to be young, hip gamers who blogged about wanting a PSP.

According to the 1-up article on the debacle:

The tide began to turn against Sony's initiative after popular webcomic Penny-Arcade publicly outed the chicanery in a deliberate move to force a little transparency up ins. The Internet was quick to kick the

Oops. Sorry about all your data gosh golly wilikers!

(Image is used under the Pixabay license)

Consumer Affairs writes:

A laptop containing the personal information of 328,000 current and former employees of Boeing was stolen in Chicago, according to the company. The laptop theft was the third to befall Boeing in the past twelve months. Boeing is contacting the affected employees by mail and has promised to set up free credit monitoring for them through the Experian credit bureau.

cNet writes:

WASHINGTON–U.S. Department of Homeland Security Secretary Michael Chertoff on Thursday defended forthcoming national ID cards as vital for security and consistent with privacy rights.

From the article:

"Do you think your privacy is better protected if someone can walk around with phony docs with your name and your Social Security number, or is your privacy better protected if you have the confidence that the identification relied upon is in fact reliable and uniquely tied to a single individual?" Chertoff asked rhetorically.

Has anyone heard of false dilemma before? This is where you are presented with two choices when there are actually many. One choice is always extremely horrible to make the other seem reasonable. An example could be, "Would you rather put RFID in your credit cards or have a horde of violent viking warriors destroy your home and burn your family?"

False Dilemma choices are sometimes used accidentally, but are often a dirty trick to force people into agreeing or looking bad. Defeating them is only a matter of recognizing them when they're used and calling them out.

Bottom line, do I have much trust that the government who brought us the RFID passport disaster and broken e-voting will get it right this time? No… no I don't.

Marketing to kids on a school bus is about as Orwelian as it gets.

(Image is used under the Pixabay license)

Obligation Inc. is documenting the exploits of BusRadio, a company that is producing programming intended for play on school busses. From the Obligation.org page on the issue:

These men realize that once on a school bus, children are a captive audience. Any captive audience can be exploited by forcing them to hear advertising. So Steven Shulman and Michael Yanoff developed BusRadio and were greatly aided by the venture capital moneyman Robert Davoli of Sigma Partners. As far as I can tell, this is the first time Sigma has chosen to financially back a very controversial company.