Welcome to Detto Technologies.
CNN.com - Anti-terror program would comb personal information.
(AP) -- Financed by more than $20 million in government contracts, researchers are taking the first steps toward developing a system that could sift through the financial, telephone, travel and medical records of millions of people in hopes of identifying terrorists before they strike.
So far, the companies awarded contracts by the Defense Department are using only fabricated data in their work on the program, which is called Total Information Awareness.
The Pentagon's technology chief, Pete Aldridge, has said the department is interested in tying together such privately held data as credit card records, bank transactions, car rental receipts and gun purchases, along with massive quantities of intelligence information already gathered by the federal government.
[ ... ]
In all, 26 bids were received, said DARPA spokeswoman Jan Walker. Four companies were awarded contracts. According to the TIA Web site, many other organizations were already working on pieces Poindexter planned to connect to TIA.
The companies included:
o Cycorp, based in Austin, Texas, which was awarded $9.8 million to work on a prototype database. The company specializes in searching data.
o Telcordia, based in Morristown, New Jersey, which won a $5.2 million contract to focus on connecting data already available within different government offices.
o Hicks Associates, of McLean, Virginia, which was awarded $3.6 million to study the feasibility of TIA, how it would develop, and to create a prototype.
o Booz, Allen & Hamilton, based in Falls Church, Virginia, which won a $1.5 million contract. Its purpose was not publicly disclosed.
Raytheon Co., based in Lexington, Massachusetts, which confirmed that it is under contract with DARPA. Spokesman David Shay declined to outline Raytheon's specific role.
MS-NBC - FTD.com hole leaks personal data.
A security flaw at FTD.com left private information open to harvesting this week, one of the busiest of the year for the online florist. The flaw allowed a person to use a modified "cookie" to easily access customer information from the company's servers, said Gerald Quakenbush, an information security analyst for Internet and e-business consulting service Fusion Alliance. Cookies are snippets of data that reside on a person's computer, linking that PC to information and personalized sites on the Web.
ZDNet |UK| - Online florist divulges customer details.
A Web site left it's customer data unprotected and available to anyone with even a basic knowledge of HTML, illustrating a basic problem with poor cookie control
A security flaw at FTD.com left private information open to harvesting this week, one of the busiest of the year for the online florist.
The flaw allowed a person to use a modified "cookie" to easily access customer information from the company's servers, said Gerald Quakenbush, an information security analyst for Internet and e-business consulting service Fusion Alliance.
[ ... ]
"You can steal any customer's information from the site," Quakenbush said in an interview with CNET News.com on Thursday, the eve of Valentine's Day. The security problem exposed customer billing records, including name, address and phone number, by changing a simple number, he added. A specific customer couldn't be targeted by name, only randomly by changing numbers in an FTD.com cookie.
[ ... ]
Quakenbush discovered the flaw on Tuesday, when a co-worker attempting to order flowers from FTD.com found another person's information appearing in his browser. Quakenbush found that separate computers could access customer data just by copying the cookie data from one PC to the other. Moreover, the identifiers used by FTD.com's e-commerce system were seemingly sequential, not random, making it easier to guess the numbers of other valid cookies, he said.
A combination of predictable identifiers for customer transactions and the site's allowance for nonencrypted transactions could allow anyone to guess valid identifiers for previous customer transactions and, as a result, view customer and credit card information, he explained.
Canadian Press - Alberta privacy commissioner slams Klein government child adoption Web site .
EDMONTON (CP) - Alberta's new adoption Web site, aimed at placing more children in permanent homes, includes too much personal information and could be harmful to needy youngsters, the province's privacy commissioner said Wednesday.
Frank Work wants major changes to the program and told the government not to add any more children to the Web site for at least three months. Work has also begun an investigation into the government's collection, use and disclosure of the children's personal information. "We have not sanctioned the Web site," Work said in a release.
"Some of the concerns are the amount of personal history the children's profiles contain and the amount of health information.
"If the technology can help them (the children), good," he said. "However, we have to make sure it doesn't harm them."
Work is recommending there should be no detailed health information on the Web site and no detailed personal history of the children, said a privacy office spokesman.
The adoption Web site features video clips, photographs and profiles of children as part of efforts by Premier Ralph Klein's government to move more kids from foster care to permanent homes.
CNET NEWS.COM - Bush unveils final cybersecurity plan.
The Bush administration signed off Friday on the final version of the United States' strategy for protecting the Internet and securing information systems.
The policy statement, called the National Strategy to Secure Cyberspace, largely backs off from mandating that companies adopt certain measures. Instead, it calls for the government to work with private industry to create an emergency response system to cyberattacks and to reduce the nation's vulnerability to such threats.
"Securing cyberspace is an extraordinarily difficult strategic challenge that requires a coordinated and focused effort from our entire society--the federal government, state and local government, the private sector and the American people," President George W. Bush wrote in a letter introducing the document.
Slashdot | Crack Windows XP With... Windows 2000.
An anonymous reader writes "According to this story seen on Brian's Buzz on Windows, access to a Windows 2000 CD is all that is needed to bypass all (well, most) Windows XP security features. An attacker can boot up XP and start the Windows 2000 Recovery Console which allows them to operate as any user, even Administrator, without requiring them to enter a password. This method even allows someone to copy files to removable media, something which normally the Administrator can't even do in the Recovery Console."
Counterpane: Crypto-Gram: February 15, 2003.
In this issue:
LIDS Project - Secure Linux System.
What are the problems with current GNU/Linux System ?
- File System is unprotected.
- Process is unprotected.
- System administration is unprotected.
- Superuser (root) may abuse the rights.
- Authentication to access the system is untrustable.
- the Access Control model (DAC) is not enough.
What is LIDS ?
- A kernel patch and admin tool to enhance the linux kernel security
- Implementation of reference monitor in kernel
- Mandatory Access Control in the kernel
- An active project with many helpful hackers.
Yahoo News - Judge Suspends Wash. State Phone Privacy .
SEATTLE - Washington state regulations to protect the privacy of telephone customer account information, some of the toughest in the country, have been suspended by a federal judge.
State regulations that were adopted in November and took effect in January required phone companies to obtain customer approval before selling calling records or using them to market anything but telecommunications services.
But Verizon Communications Inc. of New York, which has about 1 million customers in Washington, sued the state, saying its Utilities and Transportation Commission overstepped its authority and infringed on the company's ability to speak to and serve customers.
U.S. District Judge Barbara J. Rothstein ruled Monday that Verizon had raised "serious questions" about the constitutionality of Washington's privacy rules, and granted a preliminary injunction blocking their enforcement while the case is pending.
The judge wrote that in weighing the company's free speech rights against privacy interests "the balance of hardships tips in Verizon's favor." She said federal privacy rules are sufficient to protect customers until this case is settled.
Slashdot | Your Rights Online - Washington Judge Overturns Privacy Law.
joeflies writes "Washington state regulations were enacted to protect phone customer privacy. The opt-in policy regulation was overturned by a judge who found in favor of Verizon, seeing it as a potential violation of free speech."
Yahoo News - U.S. Endorses Merging Telephone, Internet Numbers.
The U.S. government on Thursday threw its weight behind an emerging standard that could simplify personal communications by providing a single point of contact for telephone and Internet communications.
The Department of Commerce said it will support an electronic-numbering system, known as ENUM, which would allow consumers to specify a single identifier for their telephone numbers, e-mail and Instant Messaging (news - web sites) addresses, fax numbers, and mobile phone numbers.
In a letter to the "State Department", Assistant Secretary of Commerce Nancy Victory said the U.S. should endorse the effort but work to ensure that users' privacy and security will be protected and innovation and competition would be encouraged.
"The time has come for the United States to be more active on this issue," Victory wrote. "We must ensure that ENUM can be implemented in a pro-consumer, secure and competitive manner."
[ ... ]
ENUM has already won support from 13 other countries, and an international telecommunications body has been working to set standards on a global basis.
[ ... ]
Proponents say ENUM will simplify communications as one point of contact could be routed to a telephone, an e-mail inbox or a fax machine, depending on the application. The standard would also allow users to access Internet services through a telephone keypad.
Slashdot | U.S. Endorses ENUM.
esarjeant writes "It looks like the the U.S. has endorsed ENUM (also known as E.164.arpa). This means you get a single number for phone and Internet, look for demos at Spring VON (San Jose, April 1-3) and VISIONng will be engaging in US trials. Essentially this means you get a new TLD of e164.arpa with your phone number in front of it." --- The addresses look pretty long and unwieldy, but supposedly consumer devices will make it easier to use.
Aaron Swartz - Google's Privacy Problems (Google Weblog).
Aaron has some comments about the Google privacy issues mentioned yesterday by Google Watch: Google as Big Brother.
EVHEAD: just the right amount of time for it to kick in.
"And here's the most revolutionary thing about AlwaysOn: Perkins has put his entire member database into the customer management service of Salesforce.com. When somebody signs up, their info—including, at a minimum, name, title, company, zip code, and favorite URL—goes directly into Salesforce. Most people voluntarily include significantly more. Then Perkins gives his advertisers and sponsors real-time (perhaps we should call it 'always-on') access to his membership database by giving them Salesforce.com accounts."
Wow, my first thought on reading that was that I should have read the AlwaysOn privacy policy before signing up. And then I did read the privacy policy. It only talks about aggregate information shared with third parties. I don't know exactly what the advertisers can see through salesforce.com, but I'd be surprised if it's only aggregate information, from the way it sounds. It sounds more like a blatant violation. What's up, Tony?
"The West Wing" Continuity Guide: TV Show.
"The West Wing" UNofficial Continuity Guide is a tribute to NBC's award winning TV show, (Wednesdays 9 pm ET, 8 pm Central); especially to the writing of Aaron Sorkin. Our only connection to this television series is our irreverent reverence.
|
