Thursday, August 10, 2006

More (disturbing) AOL profiles. More (disturbing) AOL profiles. Declan McCullagh at CNet has posted many more, often disturbing, profiles of users gleaned from the AOL search data leak. Examples include: Based on the number of local searches, AOL user 1515830 appears to be a resident of Ohio[base ']s Mahoning County. On March 1, user 1515830 was trying to find the amount of calories in chai tea and bananas. But on March 9, the searches took a darker turn: chai tea calories calories in bananas aftermath of incest how to tell your family you[base ']re a victim of incest pottery barn curtains surgical help for depression oakland raiders comforter set can you adopt after a suicide attempt who is not allowed to adopt i hate men medication to enhance female desire jobs in denver colorado teaching positions in denver colorado how long will the swelling last after my tummy tuck divorce laws in ohio free remote keyloggers baked macaroni and cheese with sour cream how to deal with anger teaching jobs with the denver school system marriage counseling tips anti psychotic drugs Whoever wrote that hell hath no fury like a woman scorned had clearly never experienced the Internet. For a three-month period, AOL user 2708, apparently a resident of the greater Boston area, was searching for little else. Her search terms suggest that she signed up her ex-boyfriend for Columbia House CDs, articles on [base "]gay life,[per thou] and Christian literature[^]while shopping for women[base ']s Harley Davidson boots. User 2708[base ']s ex apparently lives in New Hampshire: revenge tactics the woman[base ']s book of revenge dirty tricks for chicks voice changer how to humiliate someone bill me pay later for cd[base ']s scams to play on people how to get revenge on an old lover i hate my ex boyfriend how to really make someone hurt for the pain they caused to someone else columbia house advice from women who have seeked revenge on old lovers makehimsuffer.com how to say goodbye hurtfully how to report child neglect in the state of new hampshire free articles on gay life that can be mailed to me free christian things free gay magazines free angry stuff to send to an ex lover how to permanently delete information from your hard drive makehimpay.net women[base ']s harley davidson boots www.match.com the worst thing to send someone via email thong dancewear locatecell.com what can i do to an old lover for revenge mean revenge tactics death records in hampstead new hampshire [michaelzimmer.org] 2:54:07 PM

Two charged in Royal phone tap probe. Two charged in Royal phone tap probe. Phreaking serious Two men have been charged with intercepting mobile phone voicemail messages following an investigation into allegations that the phone calls of staff working for Prince Charles were illegally accessed. [The Register - Internet and Law: Digital Rights/Digital Wrongs] 2:47:50 PM

RFID passports cloned and shown to be poorly shielded. RFID passports cloned and shown to be poorly shielded. I wasn't there, but at a hacker conference last weekend in Las Vegas, two different security research groups publicly demonstrated major vulnerabilities in the RFID passports now beginning to be issued by the USA and many other countries. Using a new German passport (based on the same ISO14443 and ICAO document 9303 specifications as the new USA passports with RFID chips), Lukas Grunwald of DN-Systems showed how the data on the RFID chip in each of these passports could be remotely read, copied onto another off-the-shelf blank chip, and used to fool an RFID reader . After Grunwald's demonstration some RFID proponents claimed that the encryption of most of the data on the chip (although not the unique chip ID number broadcast in the clear ) would prevent the use of a cloned RFID passport chip for digital impersonation -- conveniently forgetting that the encryption has already been cracked . At least as significant, but much less widely publicized, was another report on tests by Flexilis of the RF shielding in the outer covers of the RFID passports, which has been heavily advertised by the USA State Department as "preventing" reading of the RFID chip unless the passport is deliberately opened. The graph on page 2 of the experimental results shows that an RFID passport "shielded" according to the current standard could be read from 4 (10 cm) inches away (e.g. by someone bumping against the outside of the victims' pocket or purse with an RFID reader in a piece of luggage) if the covers gapped open as much as 1/2 inch (1.2 cm) at their outer edges, as could easily happen inadvertently. Even a 1/4 inch (7 mm) gap between the outer edges of the passport covers allowed reading from 1 1/2 inches (4 cm) away, well within the plausible range of a approach for a "bump" attack through clothing or a purse. And as has already been demonstrated , the distances at which the chips can be read will likely continue to increase with improved readers during the 10-year validity of RFID passports now being issued. If you want a new USA passport (valid for the next 10 years) without an RFID chip, apply for one now . You probably just barely have time, if you do so immediately. When you get your new passport, check for the RFID logo on the front cover; if you find it, please let me know right away when and by which office your passport was issued, so I can spread the word. And if you do get stuck with an RFID passport, don't rely on adequate shielding being built into the cover. Keep it wrapped in electrically conductive mylar or aluminum foil, or in one of these RF-shielding cases whenever you don't want it read. [The Practical Nomad] 2:44:49 PM

USA Supreme Court asked to rule on secrecy of law restricting freedom of travel. USA Supreme Court asked to rule on secrecy of law restricting freedom of travel. A petition for certiorari was filed with the U.S. Supreme Court last Friday in the case of Gilmore v. Gonzales , asking the court to rule on whether "the government keep secret a directive that is generally applicable to millions of passengers every day", requiring them to present documentary evidence of their identity (or maybe to submit to a more intrusive search) in order to travel by airline common carrier within the USA. The Supreme Court doesn't have to hear this (or almost any other) case, and could let stand the abominable reasoning and outcome of the decision by the 9th Circuit Court of Appeals. But I'm cautiously optimistic that the Supreme Court may take up the question of the Constitutionality of secret law. If the Supreme Court rules in favor of John Gilmore (and everyone who believes in justice) on that question, we may finally get a chance on remand to address the issues of freedom of travel: [The Practical Nomad] 2:40:42 PM

Google CEO: AOL Breach Won't Happen Here. Google CEO: AOL Breach Won't Happen Here. Exec says Google has security measures in place to prevent the release of user search histories. [PC World: Latest Technology News] 2:29:15 PM

Summer Slowdown in AT&T Spy Case. Summer Slowdown in AT&T Spy Case. A Northern California federal court judge pressed pause today on the Electronic Frontier Foundation's lawsuit against AT&T for allegedly violating the privacy rights of its customers by helping the NSA spy on their emails and phone calls. Chief Judge Vaughn Walker decided to temporarily halt the proceedings until late September or early October, giving the Ninth Circuit Court of Appeals time to consider the government's appeal of Walker's landmark decision in July to allow the case to proceed despite the government's invocation of the state secrets privilege. That invocation is often referred to as the nuclear option, since almost every time the government steps into a civil case and says that the case would reveal national secrets, judges defer to the government. The pause also gives time to a court panel in Chicago which is weighing whether and how to consolidate multiple lawsuits against telecoms for their alleged participation in the acknowledged warrantless wiretapping program. The government wants the cases brought to a District Court in D.C., while the EFF and other plaintiffs hope to move the cases to Walker's court room. That decision is expected in one to two weeks. Today's hearing held few surprises. The EFF argued that AT&T could provide an answer to their complaint to the judge and give the group some documents, without endangering state secrets. The government's lawyer, Anthony Coppolino, argued that any discovery should be held off until the Appeals Court gives a "second opinion" on Walker's ruling, and he and AT&T's attorney Bradford Berenson lectured the judge at length for overstepping his powers. "Your honor needs to give the executive branch the utmost deference," Berenson said. Berenson served as associate counsel in the Bush Administration White House for two years. According to his biography on his law firm's web site, he "played a significant role in the executive branch's counterterrorism response," including the "USA Patriot Act, the military order authorizing the use of military commissions, detainee policy and anti-terrorism litigation, presidential action against terrorist financing." Both AT&T and the government argued against the judge's proposal to hire use an outside expert with a high security clearance to help decide whether information revealed during the course of the case would harm national security. Coppolino suggested that the government would refuse to give a security clearance to such a person, since it's the executive branch's prerogative to decide on the classification of material, not the court's. The EFF argued for such an expert but all sides said they preferred it if the judge made the decisions. Walker told the courtroom that he had envisioned former CIA director James Woolsey for the job, since has national security experience and is a lawyer. Coppolino said he once argued a state secrets case on behalf of Woolsey, but that even Woolsey is a bad choice since only current administration members have the ability to understand national security. However, Walker decided to punt the decision on whether to hire such an expert and what role that person should play. Wired News's attorney Timothy Alger, along with an attorney for the print media, asked Walker to rule on their motion to unseal the AT&T documents provided by former AT&T technician Mark Klein, which form the heart of the case. While the government specifically declined to say they included state secrets and Wired News published an overlapping set of documents, they remain under seal. AT&T argues that they include trade secrets. Wired News disputes that assertion and wants the judge to rule on the matter. [27B Stroke 6] 2:15:48 PM

Amerika Online. Amerika Online. The New York Times today follows up on the AOL search logs debacle by identifying and interviewing a Georgia woman who was able to be found from her search terms -- which included multiple queries on health-related matters. At first glance, it might appear that Ms. Arnold fears she is suffering from a wide range of ailments. Her search history includes "hand tremors," "nicotine effects on the body," "dry mouth" and "bipolar." But in an interview, Ms. Arnold said she routinely researched medical conditions for her friends to assuage their anxieties. Explaining her queries about nicotine, for example, she said: "I have a friend who needs to quit smoking and I want to help her do it." Ms. Arnold says she loves>self-issued subpoenas to the big search engines asking for all user logs that include a set of terms or clicked on websites that might indicate someone was interested in terrorism. Some possible terms might include 'anthrax,' 'shoe bomber,' 'jihad.' 'UBL,' 'bioterrorism.' From there, they could then use those logs to request all the searches from people who look suspicious. Given the FBI has also invigorated its crackdown on porn, I wouldn't be surprised if they dropped subpoenas for logs of searches for pornographic terms. Still think you have nothing to fear? Bureaucracies chew people and their reputations up. It's just what they do. To wit: Wen Ho Lee. Richard Jewell. Ted Kennedy. The Center on Wrongful Convictions. The Thin Blue Line. Sister Glenn Anne Mcphee. Daniel Ellsberg. Khaled El-Masri. Maher Arar. [27B Stroke 6] 2:12:23 PM

A Face Is Exposed for AOL Searcher No. 4417749 - New York Times Buried in a list of 20 million Web search queries collected by AOL and recently released on the Internet is user No. 4417749. The number was assigned by the company to protect the searcher's anonymity, but it was not much of a shield. Thelma Arnold's identity was betrayed by AOL records of her Web searches, like ones for her dog, Dudley, who clearly has a problem. No. 4417749 conducted hundreds of searches over a three-month period on topics ranging from "numb fingers" to "60 single men" to "dog that urinates on everything." And search by search, click by click, the identity of AOL user No. 4417749 became easier to discern. There are queries for "landscapers in Lilburn, Ga," several people with the last name Arnold and "homes sold in shadow lake subdivision gwinnett county georgia." It did not take much investigating to follow that data trail to Thelma Arnold, a 62-year-old widow who lives in Lilburn, Ga., frequently researches her friends' medical ailments and loves her three dogs. "Those are my searches," she said, after a reporter read part of the list to her. AOL removed the search data from its site over the weekend and apologized for its release, saying it was an unauthorized move by a team that had hoped it would benefit academic researchers. But the detailed records of searches conducted by Ms. Arnold and 657,000 other Americans, copies of which continue to circulate online, underscore how much people unintentionally reveal about themselves when they use search engines -- and how risky it can be for companies like AOL, Google and Yahoo to compile such data. Those risks have long pitted privacy advocates against online marketers and other Internet companies seeking to profit from the Internet's unique ability to track the comings and goings of users, allowing for more focused and therefore more lucrative advertising. 2:09:52 PM

Slashdot | A Different Kind of WGA 'Problem' Ed Bott recently attempted to scout out the problems reported in so many horror stories floating around the net relating to Microsoft's WGA. He did experience problems, however, not the ones that you might expect. He intentionally installed a pirated copy of Windows XP to see how the process worked but was unable to get WGA to recognize his computer as pirated. --- From the article:  "I'm reluctantly running a pirated version of Windows and can't get caught no matter how hard I try. But these same people want us to believe that the WGA software they've developed is nearly foolproof. They claim that all but "a fraction of a percent" of those 60 million people who've been denied access to Microsoft updates and downloads are guilty, guilty, guilty. Right." 2:04:13 PM

Slashdot | BBC Reports UK-U.S. Terror Plot Foiled j823777 was one of several readers to point out a BBC report that " A terrorist plot to blow up planes in mid-flight from the UK to the U.S. has been disrupted, Scotland Yard has said. It is thought the plan was to detonate up to three explosive devices smuggled on aircraft in hand luggage. Police have arrested 21 people in the London area after an anti-terrorist operation lasting several months. Security at all airports in the UK has been tightened and delays are reported. MI5 has raised the UK threat level to critical -- the highest possible."  spo0nman adds a link to the Associated Press's coverage. Update: 08/10 12:57 GMT by T : Several readers have pointed out new restrictions imposed as a result of this plot on passengers' carry-on luggage. In the UK, nearly all possession (including laptop computers) must be carried in the cargo hold; while their rules don't yet go quite as far, U.S. airlines are stepping up their enforcement of carry-on-restrictions, including banning substances like toothpaste. 1:14:31 PM

© Copyright 2006 Paul Hardwick. Last update: 9/2/06; 4:21:55 AM.