Category Archives: Pop Culture

How to keep a really BIG secret?

EW quotes J.J. Abrams — who created the modern day Star Trek movie franchise (here, here) — on how he keeps all his movie details secret despite such a large scale production. He says:

Yet Abrams says he doesn’t bully and nag his teams on the subject. “It’s not like there are threats, it’s not like we’re begging them every day,” he says. “We just say up front that all the work we’re doing is about making this a special experience for the viewer; let’s preserve that as long as we can.”

I speculate that it’s more about the non-disclosure clause in contracts signed by the employees, contractors, etc. who are working on the project. What is said up front is probably more like a friendly reminder about what’s in the contract and by mentioning it is reinforces the seriousness of the agreement.

2000% Increase in Attacks on Israeli Websites

Interesting stats…. (Please do not post political propaganda on my site: it’s about information security not Middle East politics):

An increase of 2000% in attacks on pro-Israel and Israeli government websites was recorded in the first few days after the IDF takeover of the Turkish ship ‘Marmara’ headed for Gaza. Most of the attacks originated from Turkish and Palestinian sources.

Tests conducted by Internet security experts from IBM also found that the attackers managed to breakthrough to 500 Israeli websites and make changes or to plant propaganda on them.

IBM also found that Israeli government sites held up well to the attacks and most of the break-ins were into sites of companies and organizations in the private sector.

Rolling Stone Chronicles Criminal Hackers

Rolling Stone chronicles the lifestyle exploits of Albert Gonzalez, which you can find here in the USA Today article here.  Unfortunately I cannot provide a link to the actual RS article because it is paid only. You can find it at your local newsstand.

Man infects himself with computer virus

I’m not sure if this is innovative or just stupid:

University of Reading researcher Mark Gasson has become the first human known to be infected by a computer virus.

The virus, infecting a chip implanted in Gasson’s hand, passed into a laboratory computer. From there, the infection could have spread into other computer chips found in building access cards.

All this was intentional, in an experiment to see how simple radio-frequency identification (RFID) chips like those used for tracking animals can host and spread technological diseases.

NYC holds ShredFest 2010 ID Protection

NYC rocks!!! If you care about protecting your identity attend NYC Shred Fest 2010, May 23rd from 10AM-4PM… Massive paper shredding for sensitive documents as a free NYC service! My tax dollars at work folks to help protect you… In addition, the first three people to each location receive a free shredder!

Bid for Lunch with Tom Ridge

Ask Tom Ridge all those DHS questions you’ve speculated about since 2001….

Unannounced Ethical Hacking

The French Twitter hacker claimed it was an ethical hack. This defense has rarely been credible in the US since 9/11 due to the uptick in professional services and change in cultural mindset.

… he wanted to reveal just how vulnerable online data systems are to break-ins — and he says he didn’t mean any harm.”I’m a nice hacker,” suspect Francois Cousteix told France 3 television Thursday, a day after he was released from police questioning, adding that his goal was to warn Internet users about data security.

Here is why I no longer report security vulnerabilities I find.

Response: Thoughts on the Lower Merion School District

I received the following email:

Are you of the flap in our area – Lower Merion Pa – that has international attention. It seems that the schoolboard bought software that can control the laptop camera to track lost or stolen computers. Someone got the bright idea that they could spy on a kid suspected of drug use. Fourth amendment issues aside this is spyware. It seems a great opportunity to alert the public of how likely things like this may well be on their computers. You might have the needed “Bull Pulpit.”

I’ve been silent on this issue for awhile. Here’s my email reply to the inquiry:

It’s a very difficult case. When does the public sphere end and the private one begin? Would you be against turning on the camera/mic if it occurred only on school grounds? Could asset tracking software constitute a breach of privacy even if it does not turn on the camera and microphone? What about administrators who need to update the machine with the latest patches, software versions, etc?

I admit that I do not have the answers to these questions and how to proceed. Intuitively I think that software that remotely turns on the camera and mic should categorically be denied on public/school computers. Although laptops will need some type of asset tracking (perhaps installed in the bios at the hardware level) to prevent theft of devices and illegal resales of hardware. If the BIOS tracking was disclosed and explained to the laptop recipient then I think it would be OK. Updating software remotely may give too much access by administrators who could then install additional “spyware”. How to proceed with such laptop maintenance is still unclear to me.

Data Has Time Dependency: Crimes Impact Linger

Data stolen from HSBC in 2006 and 2007 still carry an impact. In this case around 15,000 people could suffer tax consequences. (Naturally, the issue of whether they sheltered money and cheated on their taxes is a separate issue.) The impact is worldwide.

A former IT employee of Swiss subsidiary HSBC Private Bank (Suisse) SA, identified by French authorities as Herve Falciani, obtained the information between late 2006 and early 2007, the bank said. The accounts, held by individuals worldwide, were all opened before October 2006..

Ultimately this means that the value of data is dependent on it’s relationship to the relevant state of affairs. Put differently, if a credit card account is inactive that data is worthless if someone attempts to use it. If the inactive data ties one back to fraud that occurred last year, it’s still relevant.

In the case of HSBC, the accounts reflect who was (potentially) cheating on their taxes in 2006. If the statute of limitations has not run out the information is still valuable.

Fake Malware Slows Down Facebook

There are rumors floating around that a piece of malware is slowing down Facebook. It turns out that it’s just another application after all.

I removed it and it certainly speeds up the application. Here’s how to remove it:

Check your ‘application settings’, go into the drop down box ‘added to profile’. If you see one in there called “unnamed app” delete it