Hijacking your Bluetooth headset to send ads is apparently ok in some countries with lax regulations

(Image used under: Creative Commons 2.0 [SRC])

Slashdot points to an article about companies who have figured out a way to send commercials to nearby bluetooth devices. So now if you're walking near a fast food spot, you get a instant message on your phone offering a lunchtime special.

According to the article, the Netherlands (where the practice is widespread) has refused to classify it as Spam giving advertisers the legal green light to start jumping unsuspecting bluetooth phone users. Coming soon to America.

Security theater is the term Bruce Schneier uses to describe a security measure that doesn’t actually improve security as much as it makes us feel more secure. While he disagrees with most uses, he allows that sometimes, feeling better is a good thing. For example, hospitals that put RFID bracelets on newborns that will trigger an alarm if they go through the wrong doors helps reassure new mothers when the babies are out of their sight.

Granted, this is only harmless because there’s no real security problem that is being covered up.

Oh no! They're stealing our windows!

(Image used under: Creative Commons 2.0 [SRC])

Slashdot pointed to this article about a Microsoft press release stating that 22% of Windows Installations are pirated. Their basis for this conclusion? Failure rate of the Windows Genuine Advantage tool.

Self-absorbed boobs. I've never used any pirated software, but I have been greatly tempted to get a hacked version of the software I DO own, just so I didn't have to deal with their invasive and unnecessary activation scheme. There are so many times it's failed on me and I've had to call in to beg for them to let me use my OWN SOFTWARE, that I came very close to getting hacked copies…. Oh yes… very close.

Of course, you can't now because they force you to install an anti-piracy tool before letting you install any kind of security updates. And because Windows is rife with flaws and insecurity, not getting updates is like running through the streets late at night with a scrap of paper in your hand shouting, "I won, I won, Powerball millions woooooo!"

Microsoft needs to stop harassing every user for the sake of a few. They present it as if they're losing 20% revenue when that 20% is made up of pirates who won't buy the software ever. If you succeed in making Windows such a screwed up system that even the pirates won't touch it, chances are, neither will the rest of your market.

Lab-grown meat is coming.

(Image is used under the Pixabay license)

Sixwise reports on the FDA approval of cloned meat and milk. Most notably, there will be no notification required. Quoted from the article:

"When they deny us mandatory labels, they don't just deny us the right to choose", said Andrew Kimbrell, executive director of the Center for Food Safety (CFS). "They also deny our health professionals the ability to trace potential toxic or allergic reactions to this food. It's bad enough they're making us guinea pigs. But when we have health effects, we won't be able to trace it."

I think the idea of lab-grown meat has a lot of potential, but there's no justification for trying to spring this on people in secret.

(Image is in the Public Domain)

According to EFF:

Colorado-based Ciber, Inc., the largest laboratory that tests software used in U.S. voting systems, has been temporarily banned from approving new systems following problems discovered last summer by the Election Assistance Commission (EAC).

The EAC found that Ciber was not following proper quality- control procedures and could not document that it was conducting all the required tests. Ciber's renewed petition for accreditation is currently under EAC review.

(Image used under: Fair Use doctrine)

The Washington Post reports that IE 7 will not have the long known flaw that allows a website to steal the data that may be hanging out in your clipboard.

For those who don't know, the clipboard is where anything you cut and paste hangs out. The trick is, it stays there until you cut or copy something else. So, if the last thing you copied was your tax record from one document to another and then you visit a nosy website, they could have all that data.

If it seems as stupid to you as it does to me that IE allowed this in the first place, then you'll understand why the security community knocks Microsoft products.

(Image used under: Fair Use doctrine)

In Schneier's blog today, he writes about a University of Washington study explaining how to track people using their Nike+iPod Sport Kit (which uses RFID).

This is a great demonstration for anyone who is skeptical that RFID chips can be used to track people. It's a good example because the chips have no personal identifying information, yet can still be used to track people. As long as the chips have unique IDs, those IDs can be used for surveillance.

Schneier goes on to say:

To me, the real significance of this work is how easy it was. The people who designed the Nike/iPod system put zero thought into security and privacy issues. Unless we enact some sort of broad law requiring companies to add security into these sorts of systems, companies will continue to produce devices that erode our privacy through new technologies. Not on purpose, not because they're evil -- just because it's easier to ignore the externality than to worry about it.

Couldn't have said it better myself.

If you spend millions to deploy an encryption system, maybe you should make sure it's robust first?

(Image used under: Creative Commons 2.0 [SRC])

New RFID passports are supposed to make identity theft more difficult and to make it easier to spot fake passports like the ones used by the perpetrators of the 9/11 attacks.

First, making the data remotely secretly readable without every possessing or otherwise coming into contact with the passport hardly makes it more secure against identity theft. Second, it's hard to make fake documents, but easy to fake 1's and 0's. Last I checked your electrons look just like mine.

Besides the very obvious flaws in this idea, all it would take for the "secure passports" to turn into a nightmare of unprecedented proportions would be for the encryption to be broken. Oops, it's been done… and in under 48 hours of effort.

In the article, they mostly talk about the dangers of cloning passports, but I submit that the real danger is being easily, quickly, and remotely identified as a foreigner while you travel. Either way, they said it best in their final paragraph:

It may be that at some point in the future the government will accept that putting RFID chips in to passports is ill-conceived and unnecessary. Until then, the only people likely to embrace this kind of technology are those with mischief in mind.

Our most fundamental right as American citizens is being denied in Maryland. I went to the polls to vote today and explained that I wanted to vote, but would only use a paper ballot. While the check-in people suggested a "provisional ballot", the supervisor nixed that and showed me this nice large sign.

Barred from voting in Maryland

Why did I insist on a paper ballot? Perhaps it's because of the Princeton University Study proving the lousy security of this system (with instructional video).

For example, an attacker who gets physical access to a machine or its removable memory card for as little as one minute could install malicious code; malicious code on a machine could steal votes undetectably, modifying all records, logs, and counters to be consistent with the fraudulent vote count it creates. An attacker could also create malicious code that spreads automatically and silently from machine to machine during normal election activities — a voting-machine virus. We have constructed working demonstrations of these attacks in our lab.

Or it could be because of this study done by the Brennan Center for Justice at NYU School of Law

All of the most commonly purchased electronic voting systems have significant security and reliability vulnerabilities. All three systems are equally vulnerable to an attack involving the insertion of corrupt software or other software attack programs designed to take over a voting machine.

If you protest the e-voting, be prepared to give up your right to vote.

But that aside, forget studies and look at our own state's history:

As reported by the Baltimore Sun many poll workers did not show up for work this morning and when they did they many had no idea how to operate new voting technology called "e-poll books" which are a necessary part of the voting process in Maryland and many other Diebold states. The workers were not trained to use that technology because Diebold did not provide the technology to the state until it was too late to properly train the pollworkers.

It's clear that the e-voting system is unstable and NOT READY. The accounting and security, both hardware and software is heavily suspect and it's much safer to rely on the traditional method of voting rather than on the video-poker-like machines they forced on us. But if you try, you may be barred from voting as I was.