Interesting stats…. (Please do not post political propaganda on my site: it’s about information security not Middle East politics):
An increase of 2000% in attacks on pro-Israel and Israeli government websites was recorded in the first few days after the IDF takeover of the Turkish ship ‘Marmara’ headed for Gaza. Most of the attacks originated from Turkish and Palestinian sources.
Tests conducted by Internet security experts from IBM also found that the attackers managed to breakthrough to 500 Israeli websites and make changes or to plant propaganda on them.
IBM also found that Israeli government sites held up well to the attacks and most of the break-ins were into sites of companies and organizations in the private sector.
Rolling Stone chronicles the lifestyle exploits of Albert Gonzalez, which you can find here in the USA Today article here. Unfortunately I cannot provide a link to the actual RS article because it is paid only. You can find it at your local newsstand.
University of Reading researcher Mark Gasson has become the first human known to be infected by a computer virus.
The virus, infecting a chip implanted in Gasson’s hand, passed into a laboratory computer. From there, the infection could have spread into other computer chips found in building access cards.
All this was intentional, in an experiment to see how simple radio-frequency identification (RFID) chips like those used for tracking animals can host and spread technological diseases.
… he wanted to reveal just how vulnerable online data systems are to break-ins — and he says he didn’t mean any harm.”I’m a nice hacker,” suspect Francois Cousteix told France 3 television Thursday, a day after he was released from police questioning, adding that his goal was to warn Internet users about data security.
Are you of the flap in our area – Lower Merion Pa – that has international attention. It seems that the schoolboard bought software that can control the laptop camera to track lost or stolen computers. Someone got the bright idea that they could spy on a kid suspected of drug use. Fourth amendment issues aside this is spyware. It seems a great opportunity to alert the public of how likely things like this may well be on their computers. You might have the needed “Bull Pulpit.”
I’ve been silent on this issue for awhile. Here’s my email reply to the inquiry:
It’s a very difficult case. When does the public sphere end and the private one begin? Would you be against turning on the camera/mic if it occurred only on school grounds? Could asset tracking software constitute a breach of privacy even if it does not turn on the camera and microphone? What about administrators who need to update the machine with the latest patches, software versions, etc?
I admit that I do not have the answers to these questions and how to proceed. Intuitively I think that software that remotely turns on the camera and mic should categorically be denied on public/school computers. Although laptops will need some type of asset tracking (perhaps installed in the bios at the hardware level) to prevent theft of devices and illegal resales of hardware. If the BIOS tracking was disclosed and explained to the laptop recipient then I think it would be OK. Updating software remotely may give too much access by administrators who could then install additional “spyware”. How to proceed with such laptop maintenance is still unclear to me.
Data stolen from HSBC in 2006 and 2007 still carry an impact. In this case around 15,000 people could suffer tax consequences. (Naturally, the issue of whether they sheltered money and cheated on their taxes is a separate issue.) The impact is worldwide.
A former IT employee of Swiss subsidiary HSBC Private Bank (Suisse) SA, identified by French authorities as Herve Falciani, obtained the information between late 2006 and early 2007, the bank said. The accounts, held by individuals worldwide, were all opened before October 2006..
Ultimately this means that the value of data is dependent on it’s relationship to the relevant state of affairs. Put differently, if a credit card account is inactive that data is worthless if someone attempts to use it. If the inactive data ties one back to fraud that occurred last year, it’s still relevant.
In the case of HSBC, the accounts reflect who was (potentially) cheating on their taxes in 2006. If the statute of limitations has not run out the information is still valuable.
This weekend I revisited the 1968 film 2001: A Space Odyssey. It’s a classic. Even though the effects are now over 40 years old, the film still does an amazing job at conveying weightlessness. It’s worth checking out if you have not see it. Onto the infosec!
In the section of the film TMA-1 the character Dr. Heywood Floyd is subject to voice print authentication in which he is asked to state his last name and first name as well as some other information. It would be easy to circumvent such a device today although the advent of portable electronic voice recorders was most likely not on Kubrick‘s mind at the time. If Kubrick had really studied security he would have had a biometric device (such as an retinal scanner) for dual-authentication.
I'm a global information security professional. This site is dedicated to the bits and bytes of InfoSec, rather than the full-length articles I publish at bloginfosec.com. The tone is one of a less serious nature and covers the daily InfoSec grind as well as thoughts and ideas that have not (yet?) been developed into full-length articles.