Welcome!
If you have an account, please:
Log in

TSA Pilot Refuses Naked Scanner – TSA Response

(Image is in the Public Domain)

Maybe you haven't heard of this yet, but a pilot working for ExpressJet refused to use the new nudie scanners installed at his airport. They offered to pat him down instead, but according to him:

"Pat down is misleading," Roberts explained. "They concentrate on the area between the upper thighs and torso, and they're not just patting people's arms and legs, they're grabbing and groping and prodding pretty aggressively."

I've written about this previously as it's been reported that refusing the scanner will get you a ''super-sized'' pat-down almost like a punishment and this experience seems to confirm that.

Peter Pietra, the head of privacy for the TSA is a reasonable guy who I met at a conference once. I asked him about this issue and he stated that the procedures seemed to work as intended. People have the right to opt out, but must be patted down in the process. I asked him about the "aggressive pat-down" and he said this:

There is no retaliatory pat-down for people who decline AIT. There used to be several types of pat-downs, but there are now only two (standard, and resolution). People who decline AIT or metal detector, for that matter, get the standard pat-down, but our standard pat-down changed about a month ago .... There was a flurry of media attention about a month ago on it, and some complaints following the news articles, but not a lot. My rough recollection is a dozen or fewer complaints specific to the new pat-down.
There is no retalitory pat-down…people who decline get a standard pat-down

Along with my previous talks with him, this is the second time he's assured me that there is no special treatment of people who refuse the scan. While I'm positive there are people who abuse their authority or make things tougher for people who they think make things tough for them (asserting rights which also makes their job harder), here's the thing:

There are two pat-downs and while I don't know what warrants the second, you should only get the first by refusing to be scanned. Therefore, if your pat down is more extensive than what you see old people with heart devices getting, it's time to complain and complain loudly (which is what I believe this pilot has done and good for him). Peter says he thinks there's no problem because he hasn't received many complaints. If you think you've been a victim of retaliation or excessive probing, make sure he hears about it.

Make sure your voice is heard. You can connect with his office here: TSAPrivacy@dhs.gov

Support for the Pilot

There's been a lot of support for him in the airline industry (among workers not officially). Here are some of the industry forums where they're talking about him:

Jetcareers
Expressjetpilots
Flyertalk

UPDATE 2010/11/07

I recently went through the airport and also refused the scanner. I was patted down, but the TSA employee was very clear and professional. At no point did I feel uncomfortable.

It's a big deal if someone overdoes it and they should be called out, but it really wasn't a problem for me.

However, I was once told that signs would be prominently posted showing people they could opt out of the scan, but I found none anywhere.

Tags: ,

Prosecuting Whistleblowers

Toot toot!
(Image used under: Creative Commons 2.0 [SRC])

It seems there's a been a big push recently to punish those naughty whistleblowers who leaked government secrets and put everyone in danger. The only problem is, they didn't leak any secrets or put anyone in danger. Instead, they embarrassed their leaders and paid the price.

Tags:

Firewall Flowchart

(Image used under: Creative Commons 2.0 [SRC])

I always recommend having a Software Firewall on your computer, but the one catch is that you have to know what to do when you get an alert. It's not very hard once you've seen it once or twice, but to help you walk through it, I've made this firewall flowchart:

Click on the image for a larger view

Just start at the green oval and answer the yes/no questions to trace your way through.

Tags: , , ,

Twitter Warned By Government For Security Breaches

(Image used under: Creative Commons 2.0 [SRC])

So it's not just Facebook that's full of holes and privacy issues. Twitter has been warned by the Federal Trade Commission for their "serious lapses in data security".

The FTC had originally accused the social media service of making private tweets and the login credentials of users easily available to "hackers" between January and May of 2009. During that time, someone was able to gain administrative access to Twitter's system (and therefore access to thousands of user accounts, passwords, direct messages, and more) simply by using password-guessing software. That user reset numerous user passwords, allowing others to access those accounts.

As is always the case, when not required to provide adequate security or privacy, most companies will do what they can get away with and no more. If there's no penalty for doing a bad job, don't be surprised when they don't.

Tags: , , ,

Researcher Points Out the Risk of Virus Infected RFID Implants

An RFID tag hidden under a label

One of the many problems of RFID technology is that they can be hacked and used to spread viruses.

The device, which enables him to pass through security doors and activate his mobile phone, is a sophisticated version of ID chips used to tag pets. In trials, Dr Gasson showed that the chip was able to pass on the computer virus to external control systems. If other implanted chips had then connected to the system they too would have been corrupted, he said.

Mostly, this hasn't received a lot of attention to date because the computing power of RFID has historically been very low. But as the technology progresses, the consequences of not securing them properly becomes higher and higher. Tags: ,

Have Fun With Secret Questions

That's not my dog...
(Image used under: Creative Commons 2.0 [SRC])

Sometimes when you set up an account with a company, they'll let you set a question and the answer. Then when you call in, the operator will read the question YOU WROTE and you get to provide the response. This has the potential to be highly amusing if done right:

Q: What the hell is your f***ing problem, sir?
A: This is completely inappropriate and I'd like to speak to your supervisor.

Q: I've been embezzling hundreds of thousands of dollars from my employer, and I don't care who knows it.
A: It's a good thing they're recording this call, because I'm going to have to report you.

Q: Are you really who you say you are?
A: No, I am a Russian identity thief.

Check out a ton more here.

Tags: ,

Wireless Auto Repossession System Hacked – Cars Disabled

In Austin Texas, more than 100 customers of a local car dealership suddenly found their cars dead or their horns honking out of control when a vengeful former employee decided to take action using their computerized payment nagging system:

The dealership used a system called Webtech Plus as an alternative to repossessing vehicles that haven’t been paid for. Operated by Cleveland-based Pay Technologies, the system lets car dealers install a small black box under vehicle dashboards that responds to commands issued through a central website, and relayed over a wireless pager network. The dealer can disable a car’s ignition system, or trigger the horn to begin honking, as a reminder that a payment is due.

While there are questions of the ethics and legality of shutting down someone’s car due to failure to pay, the important lesson here is to avoid using wireless and web-based capabilities carelessly. Many such systems are designed without taking into account hacking or insider threat. In this case, customers who had the “black box” in their cars were at risk to both employees of the dealer and Pay Technologies as well as any random hacker who managed to get into either company’s systems.

The simplest and most effective solution is to avoid wireless and web technologies where there is no clear mission goal or benefit. Even then, they must be implemented with strong security measures designed by specialists.

Tags: , ,

How to Force Login Security on Facebook

When you arrive at Facebook's homepage, you'll notice something odd:

Where's the security!?

That's right! No login security!

To be technical, the login is still redirected to a secure login page, but how could you ever know that without viewing the source code and understanding what you see there? If the page you're on doesn't show the HTTPS protection, it's safer to just assume it's not there.

So here I offer you this simple trick whenever logging into Facebook or any other service for that matter. See that login form over there? It looks like this:

Here's the form you use to login from the homepage

Instead of putting in your data, click LOGIN without entering any data. Leave it blank and click the button anyway

You'll get an error, but ignore it. The point is now you're on a page that's visibly protected.

Facebook will redirect you to their secure login page where you can visibly see the security is active by seeing the Using HTTPS For Secure Login and Payment Online and lock icons. Now you can login knowing that the chances of someone catching your name and password in transmission are greatly reduced.

An even simpler trick is to put a bookmark in your browser or bookmarks bar that goes to https://www.facebook.com and always use that bookmark to go to the page. If you're not on your personal computer, use the above trick instead.
Tags: ,

Beware of Hijacked Facebook Accounts

(Image used under: Creative Commons 2.0 [SRC])

Of course this isn't a problem limited only to Facebook, but the FBI issued a warning about the rise of hijacking scams. This is where a bad guy gets your login information through various means and then poses as you on your account. They'll send an urgent request for help or money to all your friends who may be fooled and comply (as in the case of Bryan Rutberg).

Remember to use good passwords and protect them especially the password for your e-mail account (which can be used to unlock all your other accounts).
Tags: , , , , , , ,

Sears and Kmart Websites Install Spyware on Computers

Bad Sears, BAD!

The sick thing about this story is that the spyware wasn't a hack against these companies, but was planned and sanctioned by the companies.

Between April 2007 and January 2008, visitors to the Kmart and Sears web sites were invited to join an "online community" for which they would be paid $10 with the idea they would be helping the company learn more about their customers. It turned out they learned a lot more than participants realized or that the feds thought was reasonable. To join the "My SHC Community," users downloaded software that ended up grabbing some members' prescription information, emails, bank account data and purchases on other sites. Sears called the group that participated "small" and said the data captured by the program was at all times secure and was then destroyed.

Remember that there are no laws currently to protect against the abusive data collection and sharing practices that many companies employ. Be careful with your data and don't trust even the most reputable-seeming companies to choose your privacy over the almighty dollar.

Tags: , , , , , , , ,

Loading...

If you want to learn more about my professional background, click here to learn more.

Check out one of my guides/tutorials:

shopping online Tutorial
|INDEX|next: Research Products
If you like to keep your money and safe yourself the trouble and hassle of getting nailed by a bad or fraudulent retailer online, you need to learn to identify them before it's too late.
Before you buy anything, utilize the vast power of the Internet to research products and pick the best one possible.
You're about to pay for something, but what's the safest way to do it?

Related Guide

Once you've gone through the trouble to make an online account with a company, make sure you protect your passwords properly

... or check out any of my other guides and tutorials by clicking here!

RFID - Radio Frequency IDentification

One of the most risky technology when it comes to your privacy is Radio Frequency Identification Tags (RFID). These radio chips broadcast your identity sometimes hundreds of feet and can be found in passports, farecards, credit cards, and even some clothing.

[Click for full description]

Using HTTPS For Secure Login and Payment Online

Making online accounts is useful and fun, but doesn't mean much if someone can capture your login information and use it against you. Make sure to use this simple trick to prevent that from happening.

[Click for full description]

Using HTTPS For Secure Login and Payment Online

Making online accounts is useful and fun, but doesn't mean much if someone can capture your login information and use it against you. Make sure to use this simple trick to prevent that from happening.

[Click for full description]

Validating Webstores and Services

It can be hard to know who to trust and who to not trust online, but there are things you can do to verify who the good guys and bad guys are before it's too late.

[Click for full description]

Research Products

One of the best things about shopping online is the ability to research information online.

[Click for full description]

Paying Online

Ever been nervous about paying online for something. Just take a second to learn about the various options and put your mind at ease.

[Click for full description]