ACMA finds Facebook photos are not private

By Brett Winterford on Dec 19, 2011 1:56 PM

Users offered no safety from Facebook-trawling.

Australia’s communications regulator has ruled that television networks are not breaking the industry’s code of practice when publishing photos lifted from a public Facebook profile.

The Australian Communications and Media Authority ACMA determined that Channel Seven did not breach the Commercial Television Industry Code of Practice when it accessed and broadcasted photographs – specifically in the case of a deceased person lifted from a Facebook tribute page, and another which broadcasted the name, photograph and comments penned by a 14-year old boy.

via ACMA finds Facebook photos are not private – Security – Technology – News – iTnews.com.au.

Assange vs. Zuckerberg

via Assange vs. Zuckerberg – Imgur.

Stop the Great Firewall of America

By REBECCA MacKINNON

Published: November 15, 2011

China operates the world’s most elaborate and opaque system of Internet censorship. But Congress, under pressure to take action against the theft of intellectual property, is considering misguided legislation that would strengthen China’s Great Firewall and even bring major features of it to America.

The legislation — the Protect IP Act, which has been introduced in the Senate, and a House version known as the Stop Online Piracy Act — have an impressive array of well-financed backers, including the United States Chamber of Commerce, the Motion Picture Association of America, the American Federation of Musicians, the Directors Guild of America, the International Brotherhood of Teamsters and the Screen Actors Guild. The bills aim not to censor political or religious speech as China does, but to protect American intellectual property. Alarm at the infringement of creative works through the Internet is justifiable. The solutions offered by the legislation, however, threaten to inflict collateral damage on democratic discourse and dissent both at home and around the world.

The bills would empower the attorney general to create a blacklist of sites to be blocked by Internet service providers, search engines, payment providers and advertising networks, all without a court hearing or a trial. The House version goes further, allowing private companies to sue service providers for even briefly and unknowingly hosting content that infringes on copyright — a sharp change from current law, which protects the service providers from civil liability if they remove the problematic content immediately upon notification. The intention is not the same as China’s Great Firewall, a nationwide system of Web censorship, but the practical effect could be similar.

via Firewall Law Could Infringe on Free Speech – NYTimes.com.

Too much social media networking: Paranoia of Big Brother surveillance may destroy ya

The biggest cybersecurity agency in Europe peeked at the future, 2014, to predict the effects of online social media connectivity 24/7 and concluded that too much social networking could make you paranoid and feel like you are constantly under surveillance by Big Brother.

By Ms. Smith on Wed, 11/16/11 – 12:34pm.

If you think 24/7 connectivity is nothing new for you, and you constantly check in on Foursquare, use location-aware apps, update Facebook or other social media statuses with your geo-tagged photos, then you probably have no location-awareness sharing issues and are not overly concerned if you lose locational privacy. In the year 2014, your futuristic automated smart home can update statuses for you; even more personal data will be logged coming from emerging technology; interaction with the power grid, smart meters, IP TVs, smart appliances, movie theaters harvesting emotions, robots, GPS in cars and smartphones, and products that stalk you will create a life-log. By 2014 there will be a plethora of programs, mobile apps and devices to track you that will create and store records of your movements, activities and behaviors; this is the scene that Europe’s biggest cybersecurity agency studied “to predict positive and negative effects of online ‘life-logging’ on citizens and society.”

In the European Network and Information Security Agency (ENISA) report, “To log or not to log? Risks and benefits of emerging life-logging technologies, the agency used a 2014 fictional family’s day-to-day lives and examined the “impact for their privacy and psychology as they put ever more personal information online.” While you might not call it life-logging, it’s not too farfetched as many people track personal data generated by their own behavioral activities.

via Privacy and Security Fanatic: Too much social media networking: Paranoia of Big Brother surveillance may destroy ya.

4th Amendment vs Virtual Force by Feds, Trojan Horse Warrants for Remote Searches?

Can the government legally deploy malware for eavesdropping and remote searches, in order to investigate and control potential criminal activity? Here’s a look at the future of the Fourth Amendment if the Feds lawfully use virtual force to remotely search computers and how such Trojan horse warrants would work.

By Ms. Smith on Wed, 11/09/11 – 7:57am.

If you missed part one, Fourth Amendment’s Future if Gov’t Uses Virtual Force and Trojan Horse Warrants, then please go catch up with the rest of us. This time we’ll look at Remote Access Trojans (RAT) which are nothing new, yet assume that this government-injected malware/spyware was not detected by antivirus. Also in this case, we are not assuming the target is a SE (social engineering) victim who opens an email or clicks on a link that installs the backdoor into their digital life. This isn’t about if I agree or if I think that sort of privacy invasion is right (if you are wondering, then you’ve never read this blog huh?); this is about an interesting paper that discussed if the government/law enforcement can legally get around your Fourth Amendment rights and secretly install software for remote searches.Virtual Force

When the Feds used virtual force to “enter” computers infected with the Coreflood botnet and issue the ‘stop’ command, thereby disabling the malware, it was not considered a Fourth Amendment search. It did not “meaningfully interfere with a computer owner’s possessory interests over an infected computer” and required no Trojan horse warrant. While it ended successfully, and we don’t need botnets, that seems like a very slippery slope now that we are talking about surreptitiously installing software so law enforcement can sneak in through a backdoor for a remote search.

via Privacy and Security Fanatic: 4th Amendment vs Virtual Force by Feds, Trojan Horse Warrants for Remote Searches?.

Privacy Nightmare: Data Mine & Analyze all College Students’ Online Activities

1984 surveillance tactics continue in schools by suggestions of sharing collected student data with fusion centers. There is another particularly invasive security idea being pitched to universities as a “crystal ball” to stop future violence — to data mine and analyze all college students’ online activities.

By Ms. Smith on Sun, 10/02/11 – 6:57pm.

It is not uncommon for schools to be equipped with metal detectors, cameras for video surveillance, motion detectors, RFID badge tracking, computer programs to check school visitors against sex offender lists, and infrared systems to track body heat after school hours and potentially hunt down intruders. No parent ever wants any possibility of a school tragedy, so other biometric systems in the name of security have been introduced. Iris recognition and fingerprint scans are being used to monitor students’ Internet usage. Now there is a particularly invasive idea being pitched to universities as a “crystal ball” to stop future violence by data mining and analyzing all college students’ online activities.

In K – 12 schools, “new military and corrections technologies are quietly moving into the classroom with little oversight.” It’s making our schools a “fertile ground for prison tech,” Mother Jones reported. “For millions of children, being scanned and monitored has become as much a part of their daily education as learning to read and write.” All of this surveillance is supposed to keep students safe, but there are some states that would like to dump public school surveillance data into federally-funded fusion centers.

via Privacy and Security Fanatic: Privacy Nightmare: Data Mine & Analyze all College Students’ Online Activities.

Brandjacked Google+ page slings insults at Bank of America

America’s biggest banking institution had its brand dragged through Web2.0rhea, after an imposter pretended to be the Bank of America on a newly-created and quickly deleted Google+ page.  As noted by TalkingPointsMemo.com, the fake profile was apparently created just a day after the Chocolate Factory launched its Google+ Pages for businesses.

On the profile’s About page, the spoof account described the Bank of America thusly:  “We are committed to making as much money as possible from usury, coercion, bribery, insider trading, extortion, and debit card fees as possible.”

Photos, images and other posts were also added that ridiculed the bank’s brand.

One such message, posted on 8 November, read: “Starting tomorrow, all Occupy Wall Street protestors with Bank of America accounts around the country will have their assets seized as part of BofA’s new Counter-Financial-Terrorism policy.”

It comically added: “You will sit down and shut up, or we will foreclose on you.”

via Brandjacked Google+ page slings insults at Bank of America • The Register.

A monoculture exists when one breed of a crop or product dominates the landscape – and a single new threat wipes out the crop.

Windows has long been the king of infections because of it’s large install base.  Why do most criminals, malware writers and viruses attack windows?  Because that’s where the money is.

In a novel twist, processor-hungry malware is attacking OSX machines because Apple has created a monoculture with it’s rigid lock on the operating system and hardware specs.  Get root on a modern Mac and chances are, it’s got a beefy video card (GPU) and these days, GPUs bet CPUs for number-crunching horsepower by several orders of magnitude.

Illicit Bitcoin miners steal resources from infected Macs

Passwords, browsing history also harvested

By Dan Goodin in San Francisco • Get more from this author

Posted in Malware, 31st October 2011 21:24 GMT

Free whitepaper – IBM System Networking RackSwitch G8124

Security researchers have identified malware that hijacks the resources of infected Macs to illegally mint the digital currency known as Bitcoin.

The DevilRobber.A trojan has been circulating on The Pirate Bay and other BitTorrent trackers, where it’s bundled with the Mac OS X image-editing application Graphic Converter, researchers from Sophos blogged on Monday. Like previous malware attacking Windows PCs, it commandeers a Mac’s graphics card and CPU to perform the mathematical calculations necessary to generate new digital currency, a process known as Bitcoin mining.

EZPass is a joy to use when driving along the interstate.  No more waiting in line to pay tolls, or fiddling to get exact change.

And like all good things, it’s being exploited for unintended uses.

1) Lawyers are using EZPass records in divorce cases

2) The manufacturer has applied for a patent to put cameras INSIDE the ezpass tag to photograph the car occupants.  Sure, it’s to prevent HOV lane violations…but what’s to stop them from photographing you randomly…or every time you start your car, hit the brakes, or change gears?

From TheBlaze.com:

• Kapsch Traffic Com AG, a transponder (i.e., E-Z Pass and IPass) manufacturer, filed a patent for technology to include an inward and outward pointing camera.

• Technology is not necessarily going to be created.

• If it were, it would be used to monitor HOV lanes.

• Kapsch signed a 10 year contract to provide transponders for 22 toll systems in the United States.

• Kapsch transponders can be found in 41 countries and 64 million cars worldwide.

First, it was OnStar tracking users even after subscription to the service was canceled — which they since pulled back on. Now, there’s a patent filed for an in-car device that would be used for monitoring purposes.

MSNBC reports that Kapsch TrafficCom AG, an Austrian company that creates transponders like E-Z Pass, which allows cars to breeze through tolls, filed a patent for technology that would include cameras in such devices. Cameras would point inside the car as well as out:

The stated reason for an inward-pointing camera is to verify the number of occupants in the car for enforcement of HOV and HOT lanes. The outward-pointing camera could be used for the same purpose, helping authorities enforce minimum occupant rules against drivers who aren’t carrying transponders.

But it’s easy to imagine other uses. The patent says the transponders would have the ability to store and transmit pictures, either at random intervals or on command from a central office. It would be tempting to use them as part of a search for a lost child, for example, and law enforcement officials might find the data treasure trove irresistible. The gadget could also be instructed to take pictures when the acceleration of a car “exceeds a threshold,” or when accidents occur, so it could be used like an airplane cockpit flight recorder.

via Kapsch TrafficCom AG Files Patent for Camera Technology in EZ Pass, iPass | TheBlaze.com.

The German government, in violation of the German constitution, has developed (or bought) malware that they have actively deployed against German citizens.

From Op-Ed: Bundestrojan — German ‘official’ Trojan can get into email, Skype.

Sydney – Well, if you want to read about Western government-sponsored Trojans, read Xinhua. Notably not showing up on the radar of other tech sites I’ve seen recently, the German Bundestrojan is considered dangerous- by hackers.

According to Xinhua:

The software that is supposed to be a “lawful interception” program designed to monitor Internet-based phone calls as part of a legal wiretap goes far beyond the legal bounds, according to the Chaos Computer Club, a Germany-based hacker group.

“We got our hands on it and found it is doing much more than it is legally allowed to do,” said Frank Rieger, a member of the club.

Germany allowed the use of the backdoor program Bundestrojan, which permits government investigators to listen in on Skype-based phone calls. Since 2008, Bundestrojan has been ruled legal by Germany’s Federal Constitutional Court as long as it screened only very specific communications — Internet telephone calls.

The hackers sent the virus to an internet security firm in Finland and found that Bundestrojan could conduct key logging, activate cameras and send information to government agencies. It can run on 64 bit systems, and could infect:

The list of targeted applications includes major browsers, including Internet Explorer, Firefox and Opera, as well programs with VoIP and data encryption functionality, including ICQ, MSN Messenger, Yahoo Messenger, Skype, Low-Rate VoIP, CounterPath X-Lite and Paltalk.

This, of course, isn’t the whole story, or anything like it. As you will have noticed, this is a very broad-based Trojan, and it has another ramification- It can be copied, modified and expanded. The Chaos Club didn’t have any trouble getting their hands on it, so it’s reasonable to assume that others would find it equally easy.

via Op-Ed: Bundestrojan — German ‘official’ Trojan can get into email, Skype.