Tuesday, February 14, 2006

The War on Privacy - Rumsfeld warns that the enemy can succeed in changing our way of life. It already has. ( village voice > Liberty Beat by Nat Hentoff ) One morning, in his Supreme Court chambers, Justice William Brennan was giving me a lesson on the American Revolution. "A main precipitating cause of our revolution," he said, "was the general search warrant that British customs officers wrote--without going to any court--to break into the American colonists' homes and offices, looking for contraband." Everything, including the colonists, was turned upside down. He added that news of these recurrent assaults on privacy were spread through the colonies by the Committees of Correspondence that Sam Adams and others organized, inflaming the outraged Americans. Now, the Congressional Democratic leadership has finally found an issue to focus on--the vanishing of Americans' privacy, as happened before the American Revolution, but currently on a scale undreamed of by Sam Adams, Thomas Jefferson, and the other patriots in the Committees of Correspondence. The rising present anger around the country, across party lines, is reflected in a February 3 Zogby Interactive poll that "finds Americans largely unwilling to surrender civil liberties--even if it is to prevent terrorists from carrying out attacks. . . . Even routine security measures, like random searches of bags, purses, and other packages, were opposed by half (50 percent) of respondents in the survey. . . . Just 28 percent are willing to allow their telephone conversations to be monitored." On the other hand, nearly half (45 percent) favored at least "a great deal" of government secrecy in the war on terror. But the public's awareness that the United States has increasingly become a nation under surveillance is indicated by resistance not only to random searches and tapping into our telephone conversations. Zogby says: This is a "public obsessed with civil liberties." Well, not obsessed yet, but growingly apprehensive. 9:50:28 PM  PermaLink   / trackback []

In Rare Briefing, Chinese Official Defends Internet Controls. In Rare Briefing, Chinese Official Defends Internet Controls. The controls do not differ much from those employed by the U.S., an official responsible for managing the Internet said today. By JOSEPH KAHN. [NYT > Home Page] 12:35:13 PM  PermaLink   / trackback []

ETel Conference: Brad Templeton on CALEA - O'Reilly Emerging Telephony Brad Templeton, the head of the EFF, had the audience here at ETel in stitches as he used humor and sarcasm to make his case against the impending application of the CALEA wiretapping law to VoIP providers. For over half of his talk he pretended to be the "evil twin Brad" speaking to an ILEC conference, explaining why they needed to support CALEA for VoIP to stifle the innovation of all these garage innovators that are threatening their business (like those clever Estonian hackers..) Brad's message resonated with the many hackers and innovators here, and I don't think there's many who aren't sympathetic and in agreement with his argument that it's a very bad idea to make CALEA apply to VoIP providers and manufacturers, and that the FCC is overstepping their jurisdiction in this case. There was a large round of applause when he mentioned that the EFF, the ACLU, and others are joining together to file suit next week challenging the FCC's application of CALEA to the VoIP industry. 12:28:34 PM  PermaLink   / trackback []

Slashdot book review - Essential PHP Security. Essential PHP Security. Michael J. Ross writes "Given the remarkable popularity of PHP for developing dynamic Web sites, as well as the ever-increasing need for security on those same sites, one would think that there would be great demand for [~] and comparable supply of [~] books that explain how to create secure sites using PHP. However, such is not the case, and even the most extensive general purpose PHP books may only devote a single chapter to this critical topic, if that much. Essential PHP Security, written by PHP expert Chris Shiflett, aims to fill the gap." Read the rest of Michael's review. [Slashdot] 12:10:28 PM  PermaLink   / trackback []

Wired - The Rootkit of All Evil by Bruce Sterling Sony BMG isn't the only company to have mistaken malicious exploits for mainstream business practices. The British software developer First 4 Internet, which licensed the rootkit to Sony BMG, built its product on techniques developed for creating viruses, and the company's programmers left a trail of newsgroup requests for information about hacks like crippling CD drives. Ironically, First 4 Internet appropriated parts of its music player from an app known as LAME - a bald infringement of the LAME copyright. Imagine the mayhem if this kind of attitude were to become widespread: Coca-Cola would use your desktop to propagate spam about its latest bottle-cap sweepstakes. Vonage would keep Skype offers from reaching your inbox. Samsung would make sure that, when your browser tried to load Sony.com, it reached a fake Sony site where nothing worked. Companies would compile vast archives of customer data merely because they could, hoping they'd stumble on a revenue model. It's time for lawmakers, trade groups, and public-interest organizations to get down to the hard work of hammering out standards for what businesses can and can't do to customers' computers. Such an effort will need to be international, because the Net knows no bounds. It will need to come up with simple, understandable language for end-user licensing agreements. It will need to draw red lines around unacceptably invasive hacks and map gray areas between spying and market research. I'm not holding my breath, though. After all, we asked for this. We didn't want to ruffle the feathers of the goose that laid the golden egg of technological progress, so we allowed manufacturers to claim more and more control over the ways we use their products and what they can do with our information. It should come as no surprise that they're using that power as a cover for bigger, possibly more lucrative schemes. You may not be interested in the digital rights war, but that doesn't mean you'll have the luxury of sitting on the sidelines. Because the other side is very, very interested in you. 12:04:43 PM  PermaLink   / trackback []

The New Face on Phishing - Brian Krebs on Computer and Internet Security - (washingtonpost.com) Case in point: A source recently forwarded a link to one of the "best" phishing attacks I've ever seen. This one -- targeting the tiny Mountain America credit union in Salt Lake City, Utah -- arrives in an HTML-based e-mail telling recipients that their Mountain America credit union card was automatically enrolled in the Verified by Visa program, a legitimate security program offered by Visa that is supposed to provide "reassurance that only you can use your Visa card online." The e-mail includes the first five digits of the "enrolled card," but those five digits are found on all Mountain America bank cards, so that portion of the scam is likely to be highly convincing for some recipients. The message directs readers to click on a link and activate their new Verified by Visa membership. Now here's where it gets really interesting. The phishing site, which is still up at the time of this writing(ed. site has been shut down), is protected by a Secure Sockets Layer (SSL) encryption certificate issued by a division of the credit reporting bureau Equifax that is now part of a company called Geotrust. SSL is a technology designed to ensure that sensitive information transmitted online cannot be read by a third-party who may have access to the data stream while it is being transmitted. All legitimate banking sites use them, but it's pretty rare to see them on fraudulent sites. 11:55:45 AM  PermaLink   / trackback []

Phishing Site Using Valid SSL Certificates. Phishing Site Using Valid SSL Certificates. UnderAttack writes to tell us the Washington Post SecurityFix blog has an interesting article about a new and rather sophisticated phishing scheme. The email not only used the first few digits of the users card number to look more plausible (even though the first part of the number is the same for all cards), but it also used a valid SSL certificate for its domain name." [Slashdot] 11:48:33 AM  PermaLink   / trackback []

Does Italy Recognize a Right of Privacy? Charles Glasser, Jr., Media Counsel at Bloomberg News, has just published the "International Libel & Privacy Handbook," subtitled "A Global Reference for Journalists, Publishers, Webmasters, and Lawyers." As the reach of print, broadcast, and of course online media becomes worldwide, ignorance about the libel and privacy laws of seemingly far-away jurisdictions is no longer a viable option. 11:30:38 AM  PermaLink   / trackback []

BBC NEWS | Politics | MPs reject ID card costings call MPs have voted against making the government carry out a report on costs before introducing identity cards. They decided by a majority of 53 to overturn an amendment made to the ID Cards Bill by peers last month. But MPs called for a report on costs every six months for the first 10 years of the scheme being in place. MPs also backed ministers in making it compulsory for people to be given cards - and put on a register - when they apply for passports. Critics are concerned about the cost and civil liberty implications of the scheme and some commentators had predicted the votes would be closer. ID card plans, opposed by Conservatives and Liberal Democrats, will now go back before the House of Lords. 11:26:38 AM  PermaLink   / trackback []

UK MPs Approve Compulsory ID Cards. UK MPs Approve Compulsory ID Cards. Idimmu Xul writes "BBC News is reporting that the UK House of Commons has approved legislation making identity cards compulsory." From the article: "The plans, rejected by peers last month, will now go back before the House of Lords. Tories warned of "creeping compulsion" and Lib Dems said the "fight against compulsory ID cards" would go on." [Slashdot: Your Rights Online] 11:23:54 AM  PermaLink   / trackback []

PATRIOT Act Deal Fails to Protect Civil Liberties. PATRIOT Act Deal Fails to Protect Civil Liberties. Four Senate Republicans who supported the filibuster of the PATRIOT Act conference report last December have reached an agreement with the White House on renewing the provisions that are set to expire on March 10. The deal makes minor changes and fails to include the common sense privacy and civil liberties protections from the bill passed unanimously by the Senate last summer. [Center for Democracy and Technology] 11:16:26 AM  PermaLink   / trackback []

Software vendors improve ID products. Software vendors improve ID products. CA and HP this week separately plan to announce better integration within their respective identity management suites so that customers can more easily secure application access and enforce compliance policies. [Identity mangement news] 11:14:55 AM  PermaLink   / trackback []

The Internet: Public Trust or Center for Private Profit? The Internet: Public Trust or Center for Private Profit? (Audio File) Telephone companies and cable operators, which invest billions in the electronic hardware that brings the Internet to consumers, want to change the way customers pay for that access. Instead of the current flat fees, they want different users to pay different amounts, according to how much they go on line and how fast they get service. Google, Yahoo, Microsoft and eBay are among the Internet providers who claim that means corporate censorship of the marketplace of ideas. Consumer groups too are forecasting limits on downloads and e-mail. Should government step in to guarantee access for all or should free-market innovation be left to evolve on its own? Would that mean limits on downloads and e-mails? Is it a threat to virtual democracy as Internet users have come to know it? [Public Knowledge - Breaking News] 11:13:18 AM  PermaLink   / trackback []

EFF - Call Your Rep on the House Judiciary to Unlock the NSA Wiretaps. Call Your Rep on the House Judiciary to Unlock the NSA Wiretaps. H.Res.643 is a "resolution of inquiry" that calls for the Attorney General to hand over to the House of Representatives all documents "relating to warrantless electronic surveillance of telephone conversations and electronic communications of persons in the United States conducted by the National Security Agency." We're asking EFF supporters whose representatives are on this key committee (find out if you are one) to call him or her, and vote to uncover what's going on at the NSA. The NSA's growing surveillance powers should concern everyone. Democrats and Republicans, liberals and conservatives all have a stake in preserving our fundamental freedoms and balancing the power of the executive with Congressional oversight. As David Keene, chairman of the American Conservative Union, has said, "This is not a partisan issue; it is an issue of safeguarding the fundamental freedoms of all Americans so that future administrations do not interpret our laws in ways that pose constitutional concerns." House resolutions are not binding, but they do give representatives the opportunity to raise issues in the House. By tradition, they oblige the Executive to respond. We're convinced that the more politicians hear of the NSA's Program and their voters' concerns over it, the more worried they will become. To stand against the Administration and even their own political party, both Democratic and Republican representatives need your support. On Wednesday, the resolution goes before the House Judiciary Committee. If your representative is on the House Judiciary, you can call and ask him or her now to support the resolution. Our Action Center can step you through the process. It will only take a couple of minutes - but it will show politicians of every stripe how badly we all need to know who is listening in, and why. [EFF: Deep Links] 11:11:15 AM  PermaLink   / trackback []

Drag-and-drop Flaw in Internet Explorer Reported. Drag-and-drop Flaw in Internet Explorer Reported. An IE browser flaw reportedly could allow malicious code to run and cause a takeover of your PC. [PCWorld.com - Latest News Stories] 11:09:26 AM  PermaLink   / trackback []

'Lawful interception' firm tapping into Europe, Asia Pacific. 'Lawful interception' firm tapping into Europe, Asia Pacific. Network diversity spurs growth 3GSM Lawful interception firm SS8 Networks is using the 3GSM show to set out its stall in Europe. The firm, which makes middleware that helps service providers manage the collection of data from wiretaps across multiple voice and data connections, also announced a resale agreement with Pen-Link, a firm whose software allows law enforcement agencies to make sense out of the data SS8 collects. [The Register - Internet and Law: Digital Rights/Digital Wrongs] 11:05:32 AM  PermaLink   / trackback []

HNS - Coping with A Major Security Breach? What's your Contingency Plan? Legal pressures, not to mention your moral obligation to assist unwitting victims, means that you should never delay when disclosing IT security incidents. In November 2005 a laptop belonging to an employee of the Boeing Corporation was stolen. Among the information on the machine was personal financial data about 161,000 current and former employees of the aerospace giant. None of the confidential information was encrypted, and therefore the thieves would have been able to read and exploit it easily. Yet this was just one of the two serious failings in Boeing's IT security procedures that this episode highlighted. The second was not to have immediately owned up to the incident. The company still refuses to reveal the precise timings but has admitted that it was "several days" after the theft before the 161,000 'victims' were officially informed that their personal details were now in the public domain, potentially ready to be used by criminals involved in identity theft. Companies across the world, have always preferred not to reveal details of IT security breaches. The problem became so bad in the UK that the Metropolitan Police launched a special guarantee under which companies are promised anonymity if they report that their systems have been the target of hackers. Without such a scheme, police were unable to prosecute the hackers because officers were unaware that the incidents had taken place. 11:03:12 AM  PermaLink   / trackback []

ID Cards to be compulsory in Britain. ID Cards to be compulsory in Britain. 'Creeping compulsion' retained The British Parliament has kicked out Lords amendments to the ID Card Bill that would have made their use voluntary. [The Register - Internet and Law: Digital Rights/Digital Wrongs] 10:58:24 AM  PermaLink   / trackback []

ID Card costs escape scrutiny. ID Card costs escape scrutiny. Dobson amendment lets govt. off hook Analysis Parliament has scrapped House of Lords amendments that would have demanded strict scrutiny on the proposed ID Cards system. [The Register - Internet and Law: Digital Rights/Digital Wrongs] 10:57:11 AM  PermaLink   / trackback []

419er jailed for 376 years. 419er jailed for 376 years. Hard time for $2m scammer A Nigerian 419er was last Friday jailed for 376 years by a Lagos court for "stealing, forgery, impersonation and conspiracy to obtain money by false pretences" contrary to the Advance Fee Fraud Act, the Nigerian Daily Independent reports. [The Register - Internet and Law: Digital Rights/Digital Wrongs] 10:55:12 AM  PermaLink   / trackback []

Please don't censor internet, sobs Yahoo! Heartfelt plea fails to mention China Please don't censor internet, sobs Yahoo! Heartfelt plea fails to mention China Yahoo! has issued a statement ahead of tomorrow's US House of Representatives Committee on International Relations which expresses its deep concerns at "efforts of governments to restrict and control open access to information and communication". [The Register - Internet and Law: Digital Rights/Digital Wrongs] 10:53:33 AM  PermaLink   / trackback []