Monday, January 23, 2006

Editorial: Earn trust through privacy Agencies have been caught in something of a cookie conundrum in the past month as news organizations -- including this one -- have found government Web sites using persistent cookies despite a rule that prohibits their use. Cookies, text files that a Web site can put on your computer to track how you traverse the site, have raised the ire of privacy advocates because of the potential implications. For example, they could track a visitor's travels to other sites. The National Security Agency was the first agency to be caught with its hand in the cookie jar, which adds to its scrutiny after the recent revelation that the Bush administration has permitted NSA to conduct warrantless wiretaps. Then the White House's Web site was found to be using cookies' more perilous cousin, the Web bug, which is more difficult to track than traditional Web cookies. Then scores of other government Web sites were found to be using Web cookies. Cookies are not the biggest privacy issue this country faces. For example, their use pales in comparison to the significant issues raised by NSA's warrantless wiretaps. But because the problem is so easy to fix, continued cookie use indicates privacy issues' low priority at most agencies. At its heart, the cookie conundrum is about more than just privacy -- it's about citizens' trust in their government. 2:48:50 PM  PermaLink   / trackback []

CBS News | Legal Drama For Google & Its Users Recent revelations that the Bush Administration is trying to get Google to turn over search records has sent chills down the spines of some Web surfers who worry whether what they search for in Google will stay with Google or wind up in government hands. The case raises a number of privacy questions, including whether or not it's appropriate for search companies like Google to be storing this information in the first place. To help answer that question, I interviewed Steve Gibson, the founder of Gibson Research and one of the leading authorities on privacy and Internet security. 2:44:05 PM  PermaLink   / trackback []

Convergence Calls for Better Tracking, Reporting onvergence of media will require companies to use measurement solutions that track users across channels, according to "The Rise of Lifestyle Media: Achieving Success in the Digital Convergence Era," a report expected to be presented by PricewaterhouseCoopers (PwC) today at the NATPE television industry conference. As consumers adapt to what the report calls "lifestyle media," the combination of a personalized media experience with a social context for participation, a new format of measurement that can capture user data across platforms becomes a necessity for publishers and advertisers. New programs will be required to connect content consumption across set-top boxes, computers, cell phones and other media. Heightened measurability makes both publishers and advertisers more accountable, ultimately increasing spending on convergence media channels and creating an environment of deeper audience engagement. Ad dollars are expected to follow the the Internet ad spend trend seeing growth over other channels. "The growth of online advertising is outpacing growth in all other mediums," Vinod Baya, principal author of the report at PricewaterhouseCoopers told ClickZ News. "This is primarily because of the targeting, effectiveness and accountability that is available in the online environment." 2:41:46 PM  PermaLink   / trackback []

Terrorist support or mere fraud? Terrorist support or mere fraud?  Columnist Winn Schwartau discusses the implications of LocateCell.com, a company that sells cell-phone data. [Network World on Privacy] 2:39:04 PM  PermaLink   / trackback []

The Coming Tug of War Over the Internet Do you prefer to search for information online with Google or Yahoo? What about bargain shopping -- do you go to Amazon or eBay? Many of us make these kinds of decisions several times a day, based on who knows what -- maybe you don't like bidding, or maybe Google's clean white search page suits you better than Yahoo's colorful clutter. But the nation's largest telephone companies have a new business plan, and if it comes to pass you may one day discover that Yahoo suddenly responds much faster to your inquiries, overriding your affinity for Google. Or that Amazon's Web site seems sluggish compared with eBay's.   The changes may sound subtle, but make no mistake: The telecommunications companies' proposals have the potential, within just a few years, to alter the flow of commerce and information -- and your personal experience -- on the Internet. For the first time, the companies that own the equipment that delivers the Internet to your office, cubicle, den and dorm room could, for a price, give one company priority on their networks over another. This represents a break with the commercial meritocracy that has ruled the Internet until now. We've come to expect that the people who own the phone and cable lines remain "neutral," doing nothing to influence the content on your computer screen. And may the best Web site win. For more than a year, public interest groups, including the Consumer Federation and Consumers Union, have been lobbying Congress and the Federal Communications Commission to write the concept called "network neutrality" into law and regulation. Google and Yahoo have joined their lobbying efforts. And online retailers, Internet travel services, news media and hundreds of other companies that do business on the Web also have a lot at stake. Meanwhile, on the other side, companies like AT&T, Verizon and BellSouth are lobbying just as hard, saying that they need to find new ways to pay for the expense of building faster, better communication networks. And, they add, because these new networks will compete with those belonging to Comcast, Time Warner and oth er cable companies -- which currently have about 2:34:12 PM  PermaLink   / trackback []

The Future of e-Commerce and e-Information? The Future of e-Commerce and e-Information?  An anonymous reader writes  "The Washington Post has an interesting article on what they label 'The Coming Tug of War Over the Internet. From the article: 'Do you prefer to search for information online with Google or Yahoo? What about bargain shopping -- do you go to Amazon or eBay? Many of us make these kinds of decisions several times a day, based on who knows what -- maybe you don't like bidding, or maybe Google's clean white search page suits you better than Yahoo's colorful clutter. But the nation's largest telephone companies have a new business plan, and if it comes to pass you may one day discover that Yahoo suddenly responds much faster to your inquiries, overriding your affinity for Google. Or that Amazon's Web site seems sluggish compared with eBay's.'" ---  Seems like the idea of the 2-tier internet is really catching on with the market-droids. [Slashdot: Your Rights Online] 2:31:20 PM  PermaLink   / trackback []

Technology: Searching for Searches - Newsweek National News - MSNBC.com DOJ spokesperson Charles Miller says that the government is requesting only the actual search terms, and not anything that would link the queries to those who made them. (The DOJ is also demanding a list of a million Web sites that Google indexes to determine the degree to which objectionable sites are searched.) Originally, the government asked for a treasure trove of all searches made in June and July 2005; the request has been scaled back to one week's worth of search queries. One oddity about the DOJ's strategy is that the experiment could conceivably sink its own case. If the built-in filters that each search engine provides are effective in blocking porn sites, the government will have wound up proving what the opposition has said all along--you don't need to suppress speech to protect minors on the Net. "We think that our filtering technology does a good job protecting minors from inadvertently seeing adult content," says Ramez Naam, group program manager of MSN Search. 2:20:39 PM  PermaLink   / trackback []

DOJ Gone Google-Fishin'. DOJ Gone Google-Fishin'. The DOJ's demand for one week worth of search histories has raised the concern that the government will go fishing into the data set, looking for searches and for keywords that worry the government. Even if IP numbers or other identifying data is not provided, what is to prevent the government from returning to Google with a second subpoena? Over the weekend, Newsweek has reported that: Though the government intends to use these data specifically for its COPA-related test, it's possible that the information could lead to further investigations and, perhaps, subpoenas to find out who was doing the searching. What if certain search terms indicated that people were contemplating terrorist actions or other criminal activities? Says the DOJ's [spokesperson Charles] Miller, "I'm assuming that if something raised alarms, we would hand it over to the proper [authorities]." (emphasis added) If Mr. Miller is accuarate, this shows that the DOJ's civil division is not afraid to venture beyond the confines of the underlying COPA case (and the protective order), and data mine the deeply personal data provided by Google (and the other search engines) to find suspicious searchers to subject to scrutiny by the criminal division. Not only is this dangerous plan Constiutionally suspect, it raises the possibility that innocent people will be suspected based on false assumptions about their searches (think about whether all the Amazon or TiVo recommendations based on your habits really captured what you were looking for). It's time for the DOJ to give up this dangerous experiment in abusive and overreaching discovery, and assure the public that the government will not use your search histories as a investigative tool. [EFF: Deep Links] 2:17:18 PM  PermaLink   / trackback []

Securing Instant Messaging. Securing Instant Messaging. In this paper, Tom Olzak will review the current challenges facing businesses in which employees use public IM services. He also defines the possible damage to your business because of IM vulnerabilities as well as the objectives of an effective secure IM strategy. Finally, he looks at various ways to meet the goals of that strategy. By Tom Olzak. [Infosec Writers Latest Security Papers] 2:15:33 PM  PermaLink   / trackback []

Plan B from Petty France - the other UK ID card. Plan B from Petty France - the other UK ID card. Or more properly, the real one? Analysis The UK is to go ahead with a biometric-backed system of ID verification this year, whether or not the ID Cards Bill is passed by parliament. The 'Plan B', which is going ahead under the auspices of the Passport Office and which does not require parliamentary approval, was touched on by Home Office Minister Baroness Scotland during the recent House of Lords debate ID cards debate. [The Register - Internet and Law: Digital Rights/Digital Wrongs] 2:13:52 PM  PermaLink   / trackback []

Anti-scam website forced offline. Anti-scam website forced offline. Heavy legal threats get plug pulled A website set up to warn UK companies about an international business directory scam has been pulled by hosting company Server Center after legal threats. [The Register - Internet and Law: Digital Rights/Digital Wrongs] 2:11:41 PM  PermaLink   / trackback []

Police store DNA records of 24,000 innocent kids. Police store DNA records of 24,000 innocent kids. You never know when they might come in handy The British newspapers have been getting in a tizz over a Police database of DNA samples. [The Register - Internet and Law: Digital Rights/Digital Wrongs] 2:10:00 PM  PermaLink   / trackback []

Security Fix - Brian Krebs on Computer and Internet Security - (washingtonpost.com) A potentially destructive new computer worm disguised as pornographic videos and other material is steadily infecting thousands of victims each hour with payload designed to destroy documents and files on victim machines. This particular nastygram has earned different monikers from various antivirus vendors -- including "W32/Nyxem-D" (Sophos and F-Secure), "Tearac.A" (Panda Software), and "W32.Blackmal.E@mm" -- but the catchiest name I've seen so far is "Kama Sutra," taken from one of the e-mail worm's variable enticing subject lines. The worm appears programmed to do three things: spread, disable security software and overwrite certain files. According to analysis from F-Secure, on the third day of each month the worm will overwrite the contents of certain files on infected machines, including Microsoft Word, Excel and Powerpoint files, as well as Adobe PDF documents and compressed ZIP and RAR archives, among other file formats. The worm also notifies a specific Web site each time it infects a new machine, increasing the number on a Web based counter with each visit. Security Fix isn't publishing the link to the counter for obvious reasons (if everyone who read this started visiting the link its accuracy for measuring the true spread of the worm would quickly decrease.) Just know that as of 12:30 a.m. ET on Sunday the counter showed 539,261 victims, up from 522,684 5:30 p.m. ET on Saturday, an average of about 2,500 new victims per hour. 2:07:29 PM  PermaLink   / trackback []

KDE flaws put Linux, Unix systems at risk | CNET News.com A serious vulnerability has been found in the popular KDE open-source software bundle. The flaw, deemed "critical" by the research outfit the French Security Incident Response Team, could allow a remote attacker to gain control over vulnerable systems. KDE is a desktop software package for Linux and Unix systems and includes the Konqueror Web browser and other applications. The vulnerability lies in the JavaScript interpreter engine used by Konqueror and other parts of KDE, according to a security advisory posted Thursday. An attacker could craft a special UTF-8 encoded URI sequence to exploit the flaw, according to the advisory. For an attack to be successful, a person would have to visit the attacker's Web page using Konqueror, the FrSIRT said in its alert. Affected are KDE 3.2.0 up to and including KDE 3.5.0. Fixes are available. 2:04:59 PM  PermaLink   / trackback []

NewsForge | OpenSSL receives FIPS certification The Cryptographic Module Validation Program (CMVP), a joint effort of the US and Canadian governments, approved the validation of the OpenSSL open source security toolkit for implementation of the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols on Friday.   OpenSSL is already in use by companies and organizations around the world. However, validation that the toolkit meets the Federal Information Processing Standard (FIPS) 140-2 regulations means that US and Canadian government agencies that handle sensitive data can use the free, open source security software. The CMVP is run by the US National Institute for Standards and Technology (NIST) and Canada's Communications Security Establishment (CSE) to provide testing of cryptographic modules in accredited labs, which makes sure that security software does what it is designed to do every time it's used, based on the FIPS standards. While not yet officially validated, CMVP Director Randy Easter said validation of the open source software "is a done deal." OpenSSL is now in the finalization stage of the CMVP pre-validation process. Although a certificate must be printed and signed by representatives of both NIST and CSE, Easter said the certificate could be signed, and the validation official, as early as next week. This would be the first open source cryptographic module to be validated, Easter said. According to a draft of the validation certificate, when compiled, installed, and implemented following the specifications in the document, OpenSSL meets requirements to protect sensitive government information. The toolkit was granted Level 1 approval, the lowest of four possible validation levels, in nine of the 11 categories the module was tested for. 2:03:25 PM  PermaLink   / trackback []

Privacy experts condemn subpoena of Google by feds. Privacy experts condemn subpoena of Google by feds. Privacy advocates say efforts by the U.S. government to get Google Inc. to turn over a broad range of materials from its databases set a dangerous precedent that should concern all Americans. [Computerworld Data Mining News] 1:57:45 PM  PermaLink   / trackback []

New Trojan Horses Threaten Cell Phones. New Trojan Horses Threaten Cell Phones. Malware spreads via Bluetooth or multimedia messages and could leave a device unusable. [PCWorld.com - Latest News Stories] 1:55:46 PM  PermaLink   / trackback []

Nyxem Worm Programmed to Erase Files. Nyxem Worm Programmed to Erase Files. Rapidly-spreading worm will overwrite data files on infected computers on February 3. [PCWorld.com - Latest News Stories] 1:54:38 PM  PermaLink   / trackback []

CDT Files Complaints Against Major Adware Distributor CDT Files Complaints Against Major Adware Distributor. CDT today asked the Federal Trade Commission (FTC) to put an end to the illegal and deceptive practices of 180solutions Inc., one of the world's largest developers of Internet advertising software. In a detailed complaint, CDT outlines a pattern in which 180solutions, through a complicated web of affiliate relationships, repeatedly duped Internet users into downloading unwanted, intrusive software. In addition to the 'pattern-of-practice' complaint against 180solutions, CDT also filed a specific complaint with the FTC detailing the unfair installation practices of 180solutions affiliate CJB.NET. [Center for Democracy and Technology] 1:52:40 PM  PermaLink   / trackback []