Tag archive for "monoculture"
CFO/CSO/CPO, CISSP, Events, Presentations
http://www.dhses.ny.gov/ocs/awareness-training-events/conference/2013/index.cfm
June 4, 2012, 3 PM
Following on the heels of the critically acclaimed NCSC.NL presentation, we look at how Governments, Corporations and Private Citizens are using Cloud Computing, Social Media and the lack of Civil Rights on the internet to compromise Privacy and Security.
See http://www.rajgoel.com/ncsc-conference-2013 and http://www.brainlink.com/de-volkskrant/
After the NCSC 2013 presentation, Peter Teffer interviewed me.
Here’s a (very poor) Google translation of his original Dutch article
If we do not ask, we will not get. Facebook, Google, Apple and other Internet and technology companies are only good for our privacy concerns, as consumers make on the barricades stand. “It is time to demand that your data are yours and not others,” said the American consultant Raj Goel, who recently gave a lecture in The Hague on social media and privacy.
Goel earns his money include giving such lectures – he has written a book that he wants to sell and companies hire him because he was known as a computer security expert. But that does not mean he does not believe in the importance of his message. “The battle for privacy is the next step in the civil rights struggle.”
It is not in the interest of Internet to our privacy and actually we do governments do not expect much. Only when consumers require smart phones and social networking really consider privacy, we will not thousands of times per month be spied, argues Goel.
Can we ordinary people large, powerful companies have reason to do what we want? “Yes,” says Goel. “Look at the history. 150 years ago we had no right to clean air or clean water and food. Only when someone like Upton Sinclair in 1905 the unhealthy conditions of the food described, the company said: enough, we want clean and healthy food. “
Cultural change is not impossible, emphasizes Goel. Forty years ago nobody read leaflets for drugs or labels of food. Nowadays. “If you are willing to five or ten minutes to devote to reading your food packaging and ask your doctor why certain medications are needed, then why not five minutes can take time to ask questions about the technology you use? “
Instead of just saying, wow, what a nice phone, we should also look at the privacy concerns of a product. “Make sure you’re more conscious consumer. Twenty years ago you had only eggs. Now you have free range eggs, organic eggs, free range. We have fair clothing and food. It is now time for honest technology. “
http://peterteffer.com/2013/03/29/strijd-voor-privacy-is-volgende-stap-van-burgerrechtenstrijd/
850 people from 12 countries
NATO personnel, Military lawyers, Europol, Private Sectors, US DHS and FBI…all gathered in the Conference Center at The Hague.
Best conference I’ve been to in over a decade – HIGHLY educational, AMAZING hosts and world class presentations.
(Yes, I spoke on Day 1 – and lots of folks enjoyed it)
(Yes, I had Apple Maps on the brain and referred to Holland and Denmark…and Peter Teffer won’t let me forget it!)
We would like to thank all our speakers and guests for making this year’s event an outstanding conference! We worked hard on delivering a high quality programme built on the theme ‘Many partners, one team, one goal’ and we exceeded our expectations.
This first edition of the NCSC Conference has brought two days of inspiring speakers and opportunities to exchange ideas about the latest developments in the field of information security.
The conference was opened by Dutch Minister of Security and Justice Ivo Opstelten, one year after the start of the NCSC, which has now incorporated GOVCERT.NL.
The programme offered something of interest for a wide variety of participants, from technical specialists, decision-makers to researchers, from both the private and the public sector. In plenary and parallel sessions, with leading experts and inspiring speakers, a variety of topics were presented.
Being a racist is stupid. Human, but stupid.
Being a racist AND posting online…that’s just dumb.
Racist + online postings + assassination threats against a US president? That’s the holy trifecta of stupid, dumb and criminally moronic.
Here’s hoping she develops SOME brain cells…
“I didn’t think it would be that big of a deal.”
These are words so many of us have used, just before someone slapped us across the chops.
So it has proved for Denise Helms, a 22-year-old woman from Turlock, Calif., who used Facebook to express her own miffedness with the re-election of the president.
As Fox 40 in Sacramento records it, she wrote: “Another 4 years of this n*****. Maybe he will get assassinated this term.”
Oddly, this post seems to have incurred something of a reaction itself. Not everyone was at one with her sentiment.
Indeed, her employer, Cold Stone Creamery, looked at it chillingly and fired her.
via Racist anti-Obama Facebook post gets woman fired | Technically Incorrect – CNET News.
Your email has LESS protections than postal mails, or even postcards.
Cops can search your emails without notifying you.
The feds have a large body of tools, and legal maneuvers (prosecutorial subpeonas, not judge-approved search warrants) that make acquiring emails and cell-phone logs a point-and-click affair.
We also learn that the former head of the CIA used immature communication subterfuge tactics (storing emails as drafts, not hitting send on a shared account). Teenagers today use better avoidance-detection methods…
If former CIA Director David Petraeus had secretly stashed love letters he exchanged with his paramour at home under his mattress, he might have actually done a better job of protecting his privacy.
Blame federal law for this counterintuitive result. Because it’s so easy to dash off an e-mail — or edit a Gmail draft — you might think electronic correspondence should receive far greater legal protections and be more difficult for the FBI to read.
Not quite. Because of the way a key federal privacy law was worded in 1986, back in the pre-Internet days of analog modems, floppy disks, and the 2.8 MHz Apple IIgs, e-mail stored in the cloud receives less legal protection than it would if printed out.
For love letters stashed under a mattress, FBI agents would have had to secure a search warrant from a judge to enter Petraeus’ bedroom. Perhaps just as important, he would likely have known that his house had been raided. Front doors bashed in with a “Hydra Ram” forcible entry tool tend to make that obvious. So does Rule 41 of the Federal Rules of Criminal Procedure.
But for love letters stored in draft format on Gmail, something that Petraeus and biographer Paula Broadwell reportedly did, the Justice Department claims that police have the right to access those without a search warrant. It says only a subpoena, signed by a prosecutor without a judge’s prior approval and without demonstrating probable cause related to a crime, is necessary.
In a legal brief (PDF) filed with a federal appeals court in a previous case, the Justice Department argues that draft e-mail messages aren’t in “electronic storage” and therefore “do not” require the FBI to obtain search warrants to peruse them.
Another oversight in the 1986 law, called the Electronic Communications Privacy Act (ECPA), is that you won’t even know if police are poking through your e-mail accounts. (Contrast this with the notification requirements for searching bank records.)
Courts have not required police to notify account holders of e-mail searches. In a 2009 ruling (PDF), a federal district judge in Oregon ruled that notifying the Internet or Web e-mail provider was sufficient under both ECPA and the Fourth Amendment. The court’s conclusion: the “notice requirement is satisfied when a valid warrant is obtained and served on the holder of the property to be seized, the ISP.”
via Petraeus e-mail affair highlights U.S. privacy law loopholes | Politics and Law – CNET News.
While nothing Facebook is doing in this case is illegal, it IS unsettling.
Showing relationships between existing data is technically neat, but socially gawky.
What next?
Automatic family pages? Automatic family photo albums? Family timelines?
Automatic Corporate albums? Corporate timelines?
Automatic Political group pages? Timelines?
Just because they CAN doesn’t mean they SHOULD.
Otherwise, wait till they link your video watching habits to your profile pages….yes, I’m looking at you HONEY BOO BOO fans!
Facebook users who have listed themselves as “In a Relationship” or “Married” and linked their profile to their partner’s will find that Facebook has automatically generated them a couple page, celebrating their love. The couple’s page skims off a photo of the happy pair together as the profile picture, lists all events that the two have mutually attended and the Likes that they have in common. It shows all photos that both are tagged in and lists wall posts that each have put on the other’s wall.
You don’t need to be a dyspeptic technology hack to find this nauseating.
via Automatic Facebook couple pages: Nauseating sign of desperation • The Register.
Here’s another good reason to educate your kids and keep them off social media.
Parasite websites are popping up that exist solely to grab suggestive and sexually explicit photos of teens/tweens from Social Media and post them on adult websites.
This is Girls Gone Wild – Social media style.
Children and young people are posting thousands of sexually explicit images of themselves and their peers online, which are then being stolen by porn websites, according to a leading internet safety organisation.
A study by the Internet Watch Foundation (IWF) reveals that 88% of self-made sexual or suggestive images and videos posted by young people, often on social networking sites, are taken from their original online location and uploaded on to other websites.
Reams of sexually explicit images and videos are being uploaded by children and young people, the study found. During 47 hours, over a four-week period, a total of 12,224 images and videos were analysed and logged. The majority of these were then mined by “parasite websites” created for the sole purpose of displaying sexually explicit images and videos of young people.
In the 1990′s we spent $ 2.5 BILLION to sequence the human genome.
Thanks to Moore’s law (computing power doubles every 18 months) and revolutionary breakthroughs in DNA sequencing, pretty soon, DNA sequencing will cost less than $ 1,000 per sample.
And several companies, including easyDNA are marketing their services to employers, spouses and lawyers.
So, who’s been tracking YOUR DNA? No one knows.
What rights do you have to data about your DNA? None.
They’re called discreet DNA samples, and the Elk Grove, California, genetic-testing company easyDNA says it can handle many kinds, from toothpicks to tampons.Blood stains from bandages and tampons? Ship them in a paper envelope for paternity, ancestry or health testing. EasyDNA also welcomes cigarette butts two to four, dental floss “do not touch the floss with your fingers”, razor clippings, gum, toothpicks, licked stamps and used tissues if the more standard cheek swab or tube of saliva isn’t obtainable.If the availability of such services seems like an invitation to mischief or worse – imagine a discarded tissue from a prospective employee being tested to determine whether she’s at risk for an expensive disease, for instance – the Presidential Commission for the Study of Bioethical Issues agrees.
via Citing privacy concerns, U.S. panel urges end to secret DNA testing | Reuters.
Amazon closed a Norwegian woman’s Amazon account AND DELETED all books off her Kindle for violating some secret Amazon policy.
Amazon will NOT disclose what policy she violated; nor restore her books; nor provide refunds for all the books that she purchased.
Moral of the story: You do NOT own ebooks (or downloaded music, movies or games). You are merely RENTING IT as a serfs from the digital landlord. As a serf, the only rights you have are given to you by the landlord, and can be revoked at whim.
This isn’t the first time Amazon played digital bully. In 2009, they settled a lawsuit for deleting 1984 from kindles (irony, thy name is Amazon!). See http://www.pcworld.com/article/172953/amazon_kindle_1984_lawsuit.html
Amazon just closed her account and wiped her Kindle. Without notice. Without explanation. This is DRM at it’s worst.Linn travels a lot and therefore has, or should I say had, a lot of books on her Kindle, purchased from Amazon. Suddenly, her Kindle was wiped and her account was closed. Being convinced that something wrong had happened, she sent an e-mail to Amazon, asking for help. This was the answer:
Dear Linn [last name], My name is Michael Murphy and I represent Executive Customer Relations within Amazon.co.uk. One of our mandates is to address the most acute account and order problems, and in this capacity your account and orders have been brought to my attention. We have found your account is directly related to another which has been previously closed for abuse of our policies. As such, your Amazon.co.uk account has been closed and any open orders have been cancelled. Per our Conditions of Use which state in part: Amazon.co.uk and its affiliates reserve the right to refuse service, terminate accounts, remove or edit content, or cancel orders at their sole discretion. Please know that any attempt to open a new account will meet with the same action. You may direct any questions to me at resolution-uk@amazon.co.uk. Thank you for your attention to this email. Regards Michael Murphy Executive Customer Relations Amazon.co.uk
In the name of democracy, and political campaigns, the Obama campaign took things to a scary new level.
Just as Girls Around Me used public Facebook & FourSquare data to list single girls around you, this app uses the freely available census and political data to display blue flags, and reveal names & ages of people who are registered democrats.
Scary that a presidential campaign would stoop this low…
From ProPublica:
Curious how many Democrats live on your block? Just download the Obama campaign’s new mobile app.
The app, released last week, includes a Google map for canvassers that recognizes your current location and marks nearby Democratic households with small blue flags.
For each targeted address, the app displays the first name, age and gender of the voter or voters who live there: “Lori C., 58 F, Democrat.”
All this is public information, which campaigns have long given to volunteers. But you no longer have to schedule a visit to a field office and wait for a staffer to hand you a clipboard and a printed-out list of addresses.
With the Obama app, getting a glimpse of your neighbor’s political affiliation can take seconds.
via Is Your Neighbor a Democrat? Obama Has an App for That – ProPublica.
Katherine Losse was Facebook’s employee #51 and personal ghost writer for Zuckerberg. Here’s what she revealed about DARK PROFILES.
NB: LinkedIn does this as well. So do most other social media & dating firms. Facebook does it best (or worst..)
From TheWashingtoinPost:
Facebook engineers was developing what they called “dark profiles” — pages for people who had not signed up for the service but who had been identified in posts by Facebook users. The dark profiles were not to be visible to ordinary users, Losse said, but if the person eventually signed up, Facebook would activate those latent links to other users.
All the world a stage
Losse’s unease sharpened when a celebrated Facebook engineer was developing the capacity for users to upload video to their pages. He started videotaping friends, including Losse, almost compulsively. On one road trip together, the engineer made a video of her napping in a car and uploaded it remotely to an internal Facebook page. Comments noting her siesta soon began appearing — only moments after it happened.
“The day before, I could just be in a car being in a car. Now my being in a car is a performance that is visible to everyone,” Losse said, exasperation creeping into her voice. “It’s almost like there is no middle of nowhere anymore.”
via Refugee from Facebook questions the social media life – The Washington Post.
If your business (or life) revolves around GoogleTalk, you were in for a rude surprise last week.
GoogleTalk, Twitter, Salesforce, Microsoft Azure…each went down for hours on-end, globally.
The Google Talk IM and video chat service suffered a massive global outage beginning early on Thursday, leaving users mum for more than four hours.
The Chocolate Factory’s application status page first noted the problem at 3:40am PST, describing it as a “service disruption.” Google updated that status to a “service outage” ten minutes later.
“We’re aware of a problem with Google Talk affecting a majority of users,” Google engineers wrote in a status update. “The affected users are able to access Google Talk, but are seeing error messages and/or other unexpected behavior.”
The search giant continued to publish hourly updates, though no cause for the outage was identified.
By 7:50am, Google claimed to have restored at least partial service, saying it expected “a resolution for all users in the near future.”
Meanwhile, GTalk users have reacted in expected ways. They have rubbed their eyes, yawned, stretched … and taken to venting their frustrations on Twitter.
via Google Talk goes dumb in massive global outage • The Register.
In case you missed my Social Media & Cloud Computing Threats to Privacy, Security & Liberty or A Global Perspective on Mobile Security, Privacy and Safety presentations, here’s a fantastic article from NYTimes covering the various ways these lovely, useful, wonderful devices encourage us to abrogate our 1st, 4th & 5th amendment protections.
From NYTimes:
THE device in your purse or jeans that you think is a cellphone — guess again. It is a tracking device that happens to make calls. Let’s stop calling them phones. They are trackers.
Most doubts about the principal function of these devices were erased when it was recently disclosed that cellphone carriers responded 1.3 million times last year to law enforcement requests for call data. That’s not even a complete count, because T-Mobile, one of the largest carriers, refused to reveal its numbers. It appears that millions of cellphone users have been swept up in government surveillance of their calls and where they made them from. Many police agencies don’t obtain search warrants when requesting location data from carriers.
For years, I’ve been talking about drive-by-lootings, where security screwups on part of CompanyA cause damage to innocent Company B.
In this case, Microsoft (legally!) used the leaked password lists from LinkedIn, eHarmony, Yahoo and other breaches and compared them to their existing users.
Surprise, surprise – approx 20% (1/5th) of Microsoft users reuse their usernames & passwods from other sites.
Lesson#1:
While I believe in recycling and being green, REUSING CREDENTIALS ACROSS SITES IS A BAD IDEA!
Lesson#2:
Learn from Microsoft and hack YOUR user’s passwords PROACTIVELY!
(note: This practice SHOULD be in your company’s security policies and you really, really must get written permission from users or your employer…otherwise, you may become an involuntary guest of the US Penal System).
From ZDnet.com:
About 20 percent of Microsoft Account logins are found on lists of compromised credentials in the wake of hack attacks on other service providers, the company has said.
People re-use passwords and login details across services from different providers, Microsoft Account group manager Eric Doerr noted in a blog post on Sunday. That reuse means that if one set of logins is compromised, other accounts are at risk.
“These attacks shine a spotlight on the core issue — people reuse passwords between different websites,” said Doer, speaking after the Yahoo breach last week that exposed 400,000 user details. “On average, we see successful password matches of around 20 percent of matching usernames.”
Doer revealed the figure in a run-down of some Microsoft Account security practices, meant to reassure customers after the Yahoo hack. Microsoft Account is a single sign-on tool for Microsoft services such as SkyDrive, Hotmail, Xbox and Messenger.
via One in five Microsoft logins are in hands of hackers | ZDNet.
Repeat after me:
“Everything I (or my friend) (or my friends’ friends) say about me online can be used against me FOREVER”.
Case in point – an ambulance operator in Texas posts a comment about giving unruly passengers a “boot to the head”. His employer promptly terminates the ambulance techs involved.
From TheRegister.Co.Uk:
Ignorance about Facebook privacy settings is no excuse for complaining about the consequences of publishing off-colour online comments, a US judge has ruled.Robert J Sumien, an emergency medical technician in Texas, wrote a Facebook wall post about giving “boot to the head” to unruly patients. The comment came to the attention of his employers, CareFlite, an ambulance service and medical transportation firm, who showed him the door.Sumien sued for privacy invasion and wrongful termination of his employment contract. He claimed that his employer invaded his privacy because he misunderstood a coworker’s Facebook settings and didn’t realise comments he made on a colleague’s wall would be seen by others inside and outside the hospital.The comment that resulted in Sumien getting the sack came after his ambulance partner, Jan Roberts, posted a comment on the Facebook wall of CareFlite worker Scott Schoenhardt, suggesting she wanted to slap a patient she had recently transported. This started a discussion about what to do with unruly patients, prompting Sumien’s comments.Both Roberts and Sumien were reported over the comments and both were fired. Sumien sued but a court rejected claims that he had any expectation of privacy about comments posted on a Facebook wall.A trial judge rejected Sumien’s claims that he intended the comments only to be seen by his close friends and threw out his unlawful dismissal claim, a decision recently upheld by a Texas appeal court ruling, extract below.http://www.2ndcoa.courts.state.tx.us/opinions/pdfOpinion.asp?OpinionID=23493
via Yes, you can be sacked for making dodgy Facebook posts • The Register.
accountants, attorneys, CFO/CSO/CPO, CISSP, Events, Presentations
http://www.brighttalk.com/webcast/288/50821
July 11, 2012 4:00 PM EST
Traditionally, when we think of mobile computing, we think about which of our employees we trust, and what devices we allow onto our network.
But what if we’ve been looking at this from the wrong end of the telescope?
What if, the bigger threats to our networks aren’t the employees and their new devices, but telephony companies, technology vendors & governments?
Using case studies from around the world, this presentation discusses the challenges to privacy, security and safety posed by end-users, mobile devices, vendors, governments.
The slides are available here 2012-07-11-RajGoel-Brighttalk-A_Global_Perspective_On_Mobile_Security_Privacy_and_Safety
accountants, attorneys, CFO/CSO/CPO, CISSP, Events, Presentations
http://www.gbata.com/conference.html
July 11, 2012 10:30 AM EST
Social Media has quickly woven itself into the very fabric of everyday life. This boom in sharing, even the most banal of details, has had a resounding impact on how our children, employees and colleagues communicate.
Using case studies from the US and around the world, we’ll examine how people have lost jobs, college admissions, college degrees, fortunes and freedom through (un)social media.
We’ll also investigate the rampant OVERCOLLECTION of customer and subscriber data by major corporations and governments.
We’ll also discuss some strategies and steps we can take to protect civil liberties and privacy in the age of Social Media.
IBM is one of the largest IT firms on the planet, and based on their patent filings, the smartest tech organization in human history. They invented large parts of modern society – from hard drives to SQL databases to cluster-computing to super-computing – Big Blue has done it all.
And even though they own some of the smartest Internet Security companies in existence, even IBM found it hard to secure it’s client data and intellectual property from Dropbox and Siri.
So, my question to you is:
‘If IBM cannot use Dropbox, iCloud or Siri safely, then what makes you think YOUR firm can use these tools without violating client privacy or losing control of your intellectual property?
If you have a BYOD policy, or tolerate BYOD, consider yourself forewarned.
Using Siri, Dropbox or iCloud (and their competitors) could lead to HIPAA violations.
From TheRegister.Co.UK:
IBM has banned employees from using Dropbox and Apple’s iCloud at work as it claws back permission to use third-party cloud services. The rethink has also resulted in a edict against the iPhone 4S’s Siri voice recognition technology at Big Blue.
Jeanette Horan, IBM’s chief information officer, told MIT’s Technology Review that the restrictions had been applied following a review of IBM’s Bring Your Own Device BYOD Policy, introduced in 2010. IBM still supplies BlackBerrys to about 40,000 of its 400,000 employees, but a further 80,000 others now access its intranet using rival smartphones and tablets, including kit they purchased themselves. The [BYOD - ed.] initiative has not yielded anticipated cost reductions even though it has created various security headaches.
An internal survey of IBM workers discovered they were “blissfully unaware” about the security risks from popular apps, according to Horan. In some cases, staff forwarded internal corporate emails to webmail inboxes, potentially pushing sensitive information beyond Big Blue’s security perimeter.
via IBM bans Dropbox, Siri and rival cloud tech at work • The Register.
CFO/CSO/CPO, CISSP, Events, Presentations
http://www.dhses.ny.gov/ocs/awareness-training-events/conference/2012/index.cfm
June 5, 2012, 11 am
Social Media has quickly woven itself into the very fabric of everyday life. This boom in sharing, even the most banal of details, has had a resounding impact on how our children, employees and colleagues communicate.
Using case studies from the US and around the world, we’ll examine how people have lost jobs, college admissions, college degrees, fortunes and freedom through (un)social media.
We’ll also investigate the rampant OVERCOLLECTION of customer and subscriber data by major corporations and governments.
We’ll also discuss some strategies and steps we can take to protect civil liberties and privacy in the age of Social Media.
Sep 11, 2012 – ASIS 58
Social Media & Cloud Computing Threats to Privacy, Security and Liberty, Session 3183
http://www.asis2012.org/Pages/Seminar-Home-Page.aspx
Social Media has quickly woven itself into the very fabric of everyday life. This boom in sharing, even the most banal of details, has had a resounding impact on how our children, employees and colleagues communicate.
Using case studies from the US and around the world, we’ll examine how people have lost jobs, college admissions, college degrees, fortunes and freedom through (un)social media.
We’ll also investigate the rampant OVERCOLLECTION of customer and subscriber data by major corporations and governments.
We’ll also discuss some strategies and steps we can take to protect civil liberties and privacy in the age of Social Media.
ISC(2) SecureSanAntonio – Jan 19, 2012
ISC(2) SecureDallas – Jan 20 2012
© 2013 Raj Goel, CISSP. Powered by WordPress.
