« January 2006 | Main | March 2006 »
February 27, 2006
Total Information Awareness is dead. Long live Total Information Awareness
Total Information Awareness Lives On (TIA)
Posted by seans at 05:00 PM | Comments (0) | TrackBack
Keylogging, somewhat relevant to today
Related to the NYT article that was posted below, Cyberthieves Silently Copy Your Passwords as You Type
Not that you would but you can make your own keylogger with minimal pcomp skillz. Of course your PS/2 keyboard is probably out to pasture, and you can use purchase PS/2 and usb versions in several flavors of storage size. Apparently you can avoid keylogging attacks, physical, with the above devices and some software based keyloggers by using a screen keyboard.
Posted by seans at 03:17 PM | Comments (0) | TrackBack
RFID Security Alert
It appears the threat was more theoretical than originally thought...
Posted by Jeff at 01:54 PM | Comments (0) | TrackBack
who's gonna get them?
follow up to class discussion about who is responsible for internet security...
http://www.nytimes.com/2006/02/27/technology/27hack.html?ex=1298696400&en=b794c1adbbd71162&ei=5088&partner=rssnyt&emc=rss Cyberthieves Silently Copy Your Passwords as You Type
Posted by metabreed at 10:19 AM | Comments (0) | TrackBack
Patriot Act e-mail spying approved
What: The Justice Department asks a judge to approve Patriot Act e-mail monitoring without any evidence of criminal behavior.
When: Decided Feb. 2, 2006 by U.S. District Judge Thomas Hogan in Washington, D.C.
Outcome: E-mail surveillance approved.
What happened: As part of a grand jury investigation that's still secret, the Justice Department asked a federal magistrate judge to approve monitoring of an unnamed person's e-mail correspondents.
The request had a twist: Instead of asking to eavesdrop on the contents of the e-mail messages, which would require some evidence of wrongdoing, prosecutors instead requested the identities of the correspondents. Also included in the request was header information like date and time and Internet address--but not subject lines.
Posted by angela at 06:56 AM | Comments (0) | TrackBack
February 26, 2006
Spoofing Your Mac Addresses
Now that we all know how to sniff packets, we might as well know how to trick a network into thinking we're someone else via MAC address spoofing- on Mac OS X this can be done by:
sudo ifconfig en0 ether 00:01:02:03:04:05
Now you can pretend to be anybody or even a router! Note this is only for the ethernet card. To spoof your airport mac address look here:
http://sourceforge.net/projects/aspoof/
To learn what kind of devious things you can do read this excellent pdf:
http://home.jwu.edu/jwright/papers/wlan-mac-spoof.pdf
more information on how to do this on other operating systems here:
http://en.wikipedia.org/wiki/MAC_address
Posted by dnolen at 11:06 PM | Comments (0) | TrackBack
mind your metadata
Last week the Washington Post ran a story on a botnet running hacker, and promised him they would not use his name or where he was from. Unfortunatly for the young hacker, the obscured photos used in the story had EXIF like IPTC data attached to it, stating the location of the phots was Roland OK. This location information and items from the story led some commenters to the story posted on slashdot to conclude his location to be approximatly here [google map]. Well he expects to be caught eventually, and in the article says he's surprised he hasn't been caught yet, maybe soon though.
Posted by seans at 02:36 PM | Comments (0) | TrackBack
February 25, 2006
Valentine Exploit
An simple experiment exposing a fundamental vulnerability in institutional computer systems... The human.
The internet bank caper story linked in the above article is worth looking at as well.
Posted by t.ozawa at 05:58 PM | Comments (0) | TrackBack
Malware Industry Overview
Another interesting article from last weekend's Washington Post. This one's an indepth report on the malware industry from hacker to spammer.
Posted by t.ozawa at 05:47 PM | Comments (0) | TrackBack
Wiretapping: the old fashioned way
Must be hard being a Amish kid in the 'information age'. An Amish teen made thirty-six dollars worth of illegal calls and was fined $367.
Posted by t.ozawa at 05:36 PM | Comments (0) | TrackBack
NSA shopping for pickaxes
NYTimes article regarding seemingly the same privacy concerns raised by other automated data miners.
"Mr. Arquilla, who was a consultant on Admiral Poindexter's Total Information Awareness project, said that the $40 billion spent each year by intelligence agencies had failed to exploit the power of data mining in correlating information readily available from public sources, like monitoring Internet chat rooms used by Al Qaeda. Instead, he said, the government has been investing huge sums in surveillance of phone calls of American citizens."
read more>>
Posted by ajs510 at 09:52 AM | Comments (0) | TrackBack
February 24, 2006
Vending Machines As Police Robots
"The Japanese city of Osaka is eager to introduce high-tech systems for preventing/dealing with crimes. In addition to RFID-based mobile messaging service, special vending machines with embedded surveillance cameras will be used. "
http://ubiks.net/local/blog/jmt/archives3/003489.html
and now in operation...
http://ubiks.net/local/blog/jmt/archives3/005018.html
Posted by sawako at 04:21 PM | Comments (0) | TrackBack
February 21, 2006
Cell phone symphony
60 mobile phones go off in the Strand bookstore bag check. . . orchestrated by Improv Everywhere.
the details
A snippet of the orchestration:
The crowd divided into brands and each group tried to find a common ring tone that all of their phones had. The Nokia group had the "Nokia Tune", Motorola folks had "Hello Moto", etc. Those without common ring tones would either partner up with someone who did, or partner with someone else without a common tone. Agents began to pair off and trade phone numbers, deciding who would enter the store and who would be a caller.
Posted by lrw at 11:35 AM | Comments (1) | TrackBack
February 20, 2006
US GOVERNMENT TO TRACK ANIMALS AND THEIR OWNERS
Plans for a system that would require tagging or implanting all farm
animals with radio frequency devices and registering those animals with
a federal government tracking system have been delayed until after
2009, the USDA announced last week. The National Animal Identification
System (NAIS) has been gaining support in the corporate agribusiness
world, supposedly as a method for sourcing the origins of Mad Cow
disease or possible terrorist biological attacks on the nation's
livestock. Opponents point out the plan was drawn up by corporate
behemoths like Monsanto and would require every owner of even a single
animal to register their home with a national tracking system,
including Global Positing Coordinates (for satellite tracking) and
implant or tag every animal with a radio frequency device (RFID).
Large-scale livestock producers say NAIS would help them control an
outbreak of disease by allowing individual animals to be tracked to
their origins. Small-scale farmers say the registration fees, RFID
expenses and administrative bureaucracy of the system would drive them
out of business. The USDA announced a delay in the launch of the
program last week, based on disputes in the cattle industry over who
gets control of the overall database. The OCA is in the process of
building an online NAIS information and action center to help citizens
educate themselves and offer feedback to the USDA on the NAIS issue.
Posted by paba7 at 04:42 PM | Comments (0) | TrackBack
GOOGLE DESKTOP NOT PRIVATE
GOOGLE DESKTOP NOT PRIVATE
from BBC News, International edition
Search engine admits it stores, sells data when users
search their own computers.
Google is increasingly in the spotlight over the issue of privacy. A
leading US digital rights campaign group has warned against using
Google software which lets people organise and find information on
their computers.
The Electronic Frontier Foundation said the latest version of Google
Desktop posed a risk to privacy. This is because a feature in the
software lets Google keep personal data on its servers for up to 30
days. Google says it plans to encrypt all data transferred from users'
hard drives and restrict access.
Read more
Posted by paba7 at 04:33 PM | Comments (0) | TrackBack
WHEN PUSH COMES TO PULL
WHEN PUSH COMES TO PULL
The New Economy and Culture of Networking Technology
Posted by paba7 at 04:26 PM | Comments (0) | TrackBack
Open Letter to a Library Board by Kim Antieau
I work for Fort Vancouver Regional Library as a fiction selector; it is
also my public library. My husband Mario and I moved to the area in
1987 because I accepted a job as a branch librarian with the library
district. I wanted to work here because Fort Vancouver Regional Library
was renowned across the nation for its stance on Intellectual Freedom
issues and its protection of the rights of patrons. Many of the
librarians chose to work here for exactly the same reasons. I even
commended Fort Vancouver Regional Library's board in the
acknowledgements for my novel Coyote Cowgirl. I wrote, "Thanks to the
board and staff of the Fort Vancouver Regional Library and the boards
and staffs of public libraries throughout the country who courageously
defend the Bill of Rights and protect our intellectual freedoms daily."
That was in 2003. I don?t think I would write the words quite that way
now.
Posted by paba7 at 04:10 PM | Comments (0) | TrackBack
NATIONAL LAMBDARAIL COMPLETES REVOLUTIONARY NATIONWIDE ADVANCED
>
>
>Optical, Ethernet and IP Networking Capabilities Offer Networking and
>Scientific Research Communities Unique Opportunities, Capabilities
>
>Cypress, Calif. February 20, 2006 National LambdaRail (NLR), a
>consortium of leading U.S. research universities and private sector
>technology companies, today announced that it has completed
>deployment of a nationwide advanced optical, Ethernet and IP
>networking network infrastructure on more than 15,000 miles of fiber
>optic cable across the United States.
>NATIONAL LAMBDARAIL COMPLETES REVOLUTIONARY NATIONWIDE ADVANCED
>NETWORK INFRASTRUCTURE
>
>Optical, Ethernet and IP Networking Capabilities Offer Networking and
>Scientific Research Communities Unique Opportunities, Capabilities
>
>Cypress, Calif. February 20, 2006 National LambdaRail (NLR), a
>consortium of leading U.S. research universities and private sector
>technology companies, today announced that it has completed
>deployment of a nationwide advanced optical, Ethernet and IP
>networking network infrastructure on more than 15,000 miles of fiber
>optic cable across the United States.
>
>NLR provides researchers unprecedented control over a nationwide
>network infrastructure with up to 40 individual lightpaths—each of
>which can transmit data at 10 gigabits per second and be used to
>deploy dedicated side-by-side, but physically and operationally
>separate, production and experimental networks. The infrastructure is
>the result of over three years of work and nearly $100 million in
>funding by members.
>
>"The fully operational National LambdaRail infrastructure marks an
>unprecedented milestone for the U.S. research community," said Tracy
>Futhey, NLR Board Chair. "For the first time, a nationwide networking
>infrastructure is owned and operated by the research and education
>community, giving scientists flexible access to advanced networking
>capabilities and enabling experiments and collaborations across
>geographic barriers."
>NLR's WaveNet, FrameNet, and PacketNet services are already in use by
>more than a dozen cutting-edge research projects, including the
>National Science Foundation-supported Extensible Terascale Facility
>and OptIPuter projects; the U.S. Department of Energy’s UltraScience
>Net project; CENIC and the Pacific Northwest Gigapop’s Pacific Wave
>project; the CAMERA project led by CalIT2, the Venter Institute and
>UCSD's CEOA; the University of Virginia-led CHEETAH project; as well
>as Internet2’s Hybrid Optical Packet Infrastructure (HOPI) project.
>
>"NLR provides a unique and invaluable resource for scientists
>undertaking ambitious research that demands the highest performance,
>most flexible networking available," said Dr. William R. Wing, a
>researcher in the Networking Research Group of Oak Ridge National
>Laboratory’s Computer Science and Mathematics Division. " The NLR
>infrastructure provides unsurpassed breadth of services and
>capabilities to researchers in the United States, outstripping those
>available to many of their colleagues around the world."
>
>NLR is committed to promoting the extensive and active use of its
>infrastructure and resources by diverse groups within the scientific
>and networking research communities. In addition to committing to
>provide up to half of its infrastructure to network research, it has
>established Network Research and Scientific Research advisory
>councils consisting of leaders from a wide range of scientific
>disciplines.
>
># # #
>
>About National LambdaRail
>National LambdaRail, Inc. (NLR) is a major initiative of U.S.
>research universities and private sector technology companies to
>provide a national scale infrastructure for research and
>experimentation in networking technologies and applications. NLR
>puts the control, the power and the promise of experimental network
>infrastructure in the hands of our nation’s scientists and
>researchers. Visit http://www.nlr.net for more information.
Posted by paba7 at 04:09 PM | Comments (0) | TrackBack
February 19, 2006
First they tagged merchandise, then human, now Sea Lions!
Posted by mushon at 10:06 PM | Comments (0) | TrackBack
Return to the Slow Life
Just in thinking again about our last lecture, I came across a blog entry (sojamo)linking to an older blog entry (imomus)about the Slow life movement in Japan with the Slow Life manifesto.
I think these things are what I would consider elements of a higher quality of life, if only I could afford to practice them.
The practice of the "Slow Life" involves the following eight themes:SLOW PACE: We value the culture of walking, to be fit and to reduce traffic accidents.
SLOW WEAR: We respect and cherish our beautiful traditional costumes, including woven and dyed fabrics, Japanese kimonos and Japanese night robes (yukata).
SLOW FOOD: We enjoy Japanese food culture, such as Japanese dishes and tea ceremony, and safe local ingredients.
SLOW HOUSE: We respect houses built with wood, bamboo, and paper, lasting over one hundred or two hundred years, and are careful to make things durably, and ultimately, to conserve our environment.
SLOW INDUSTRY: We take care of our forests, through our agriculture and forestry, conduct sustainable farming with human labor, and ultimately spread urban farms and green tourism.
SLOW EDUCATION: We pay less attention to academic achievement, and create a society in which people can enjoy arts, hobbies, and sports throughout our lifetimes, and where all generations can communicate well with each other.
SLOW AGING: We aim to age with grace and be self-reliant throughout our lifetimes.
SLOW LIFE: Based on the philosophy of life stated above, we live our lives with nature and the seasons, saving our resources and energy.
Posted by lrw at 03:05 PM | Comments (1) | TrackBack
February 18, 2006
RSA Conference 2006: The end of passwords
Bill Gates announces the death of the password.
E-trade gives special crypto devices to its power users that give them one-time secondary passwords that they must enter in addition to their standard password to log in.
Federal online security regulations required of banks (PDF)
Full article is here: Wired article.
Posted by cory at 03:55 PM | Comments (0) | TrackBack
February 17, 2006
yay torontonians to the rescue
qouted from slashdot....
"Canadians To Douse Chinese Firewall"
"From the take-that-eh dept.
Censorship The Internet
FrenchyinOntario writes "Researchers at a University of Toronto lab are getting ready to release a computer program called Psiphon, which will allow Internet users in free countries to help users in more restrictive countries (like China, North Korea, Saudi Arabia, etc.) to access the Internet by getting past the firewalls and getting around "rubber hose cryptoanalysis" which is a drawback of other anti-firewall programs as it reveals a user's tracks if discovered by authorities. Operating through port 443, Psiphon will allow users in monitoring countries the ability to send an encrypted request for certain information, and for users in secure countries to send it back to them. The UofT's Citizen Lab hopes to debut Psiphon at the international congress of the free speech group PEN in May."
Posted by msantram at 01:17 AM | Comments (0) | TrackBack
February 16, 2006
google hacking you
Report from the RSA conference on finding all sorts of stuff you're not supposed to see. It can be automated too.
For instance,
Seach for a robots.txt file to find out what a webmaster doesn't want you to 'see'(well doesn't want the search engines to see), then look at them robots.txt and site:domain.com for this
or you may need a social security number
This also works well on P2P services, since many people will share their entire My Documents folder, and you can see their resume, PDFs of their tax returns in addition to their holiday snaps.
more at ihackstuff(it's down right now though)
Posted by seans at 04:10 PM | Comments (1) | TrackBack
allofMP3.com now under RIAA thumb?
News, albeit from a press release on their own site.
“We hope that recent comments by President Putin suggest that Russian law enforcement officials will soon undertake serious, immediate action to curb rampant intellectual property theft. [** Please see Putin comment, as reported by Reuters, below.**]
that Putin comment as reported by Reuters on Feb. 3, 2006.
"Defending intellectual property rights remains a serious problem…the dissemination of pirated material without doubt discredits Russia as a reliable business partner."
Posted by seans at 04:01 PM | Comments (0) | TrackBack
February 14, 2006
Track the Trackers
" TRACK-THE-TRACKERS---” is a network installation consisting of tactical media components. The work makes use of existing personal technologies in conjunction with the satellite GPS infrastructure to provide participants with an expanded audible (not a visual) experience of the proliferation of video surveillance in the urban public sphere. The mobile unit, a bag containing a laptop, GPS-receiver, earphones, and a generic mouse is taken on a walk through the city. The sound in the headphones changes whenever the participant enters the vicinity of a surveillance camera. This effect is not automatic but created by other participants who are continuously adding new locations to the existing database. The technology is fully documented with the intention of inspiring others to build similar systems and improve on the design "
http://www.t-t-trackers.net/index.php?inc=english
Posted by sawako at 06:35 PM | Comments (0) | TrackBack
RFIdiculous
More from the "that's so last week"'s topic: radio frequency identification.
1. U.S. firm implants ID chips in workers (just like it says)
2. Tracked Workers (in the UK) Outraged Over RFID Tagging.
A different reaction
3. And to stay current with the whole torrid affair: RFID Journal
Posted by ajs510 at 12:10 AM | Comments (0) | TrackBack
February 13, 2006
BBC's report on the UK ID cards
http://news.bbc.co.uk/1/hi/uk_politics/4707608.stm
"MPs back ID cards passports plan
ID card
The ID Cards Bill suffered a number of defeats in the Lords
Ministers have won a Commons vote making it compulsory for people to be given ID cards - and put on a register - when they apply for passports.
The plans, rejected by peers last month, will now go back before the House of Lords.
Earlier on Monday, MPs approved a measure requiring new legislation before ID cards are made compulsory.
The government compromise plan, put forward to avoid a Labour backbench rebellion, was passed without a vote.
Tony Blair was not able to attend after his plane was grounded by engine troubles in South Africa.
Civil liberties
MPs passed backed putting passport applicants after 2008 on the ID cards register by a majority of 31.
They voted by a majority of 51 to ensure all applicants are given cards.
Critics have concerns about the cost and civil liberty implications of the bill.
Further debate about the expenditure on cards is under way in the Commons, with a series of votes expected to last until 2200 GMT.
I think we've won the argument on it
Tony Blair
Q&A: ID card plans
Interview: Info commissioner
ID cards: Your views
If the bill becomes law, everyone who gets a passport will have to get an ID card - something described as "creeping compulsion" by opponents.
Mr Blair told the BBC: "I think we've won the argument on it.
"People have this idea that there's a problem in civil liberties with people having an identity card and an identity registered today when across all walks of our life this is happening.
"And with the real problems people have today with identity fraud, which is a major, major issue; illegal immigration; organised crime: it's just the sensible thing to do."
Defeats
Chancellor Gordon Brown said ID cards would help tackle terrorists and criminals using stolen identities and prevent identity fraud, which, he said, cost Britain £1.7bn a year.
Last month, peers voted for the scheme not to go ahead until the full costs were known and for more security provisions for stored personal data.
Home Secretary Charles Clarke had said a stand-alone ID card would cost £30, and one linked to a passport would cost £93.
However, that figure has been disputed, most notably by a London School of Economics report estimating the cards could cost up to £300 each.
Shadow home secretary David Davis described the scheme as one of "creeping compulsion".
Liberal Democrat home affairs spokesman Alistair Carmichael said government plans were "conflating lots of issues".
Before the debate got under way about 70 people were at a protest outside Parliament involving members of civil rights group Liberty and the No2ID pressure group."
Posted by msantram at 03:00 PM | Comments (0) | TrackBack
world news tonight roundup
last week, abc's world news tonight had a series of articles on identity theft:
- cell phone record theft (MPEG-1, 6.83MB)
- baby identity theft (MPEG-1, 6.42MB)
- online identity theft (MPEG-1, 7.53MB)
Posted by raffi at 11:16 AM | Comments (0) | TrackBack
February 12, 2006
Allofmp3.com
Allofmp3.com, the russian site that sells mp3s for the rock-bottom price of 1 cent per MB, isn't new, but after reading the post about P2P trading becoming legal in France, I wonder if there might be any loopholes opened to allow a French "tous de mp3" site coming soon?
Here are some links regarding the legal loophole that allofmp3 exploits:
Museekster FAQ, interview with the founder of allofmp3, and a post on a legal blog.
Posted by cory at 02:51 PM | Comments (0) | TrackBack
The China Connection - Transmediale
This panel discusses the role that European media arts and technology organisations have been playing in the recent developments of a Chinese media-cultural agenda. It asks how Chinas new electronic media artists deal with the social potentials of globally connected media technologies - from CCTV through cryptography to open source software, with all their attached cultural dimensions.
Posted by mushon at 12:54 PM | Comments (0) | TrackBack
iRepress - Flash Animation
Posted by mushon at 12:50 PM | Comments (0) | TrackBack
P2P Legal in Europe?
Posted by t.ozawa at 12:21 AM | Comments (0) | TrackBack
February 11, 2006
Hey Everyone. Scholarships!!
Wanna learn about surveillance? Here's your opportunity:
Join the NSA
Have kids? Get them involved too!
Click any button, I love the way the loading bar says 'decrypting information.' It's a nice touch.
Posted by t.ozawa at 10:58 PM | Comments (0) | TrackBack
February 10, 2006
A sharp increase in the value of paying attention
Due to the conflict of this post it has been removed. Please do not restore it.
Posted by lrw at 07:38 PM | Comments (1) | TrackBack
Daily Show > No Place to Hide
The Daily Show has been interviewing a large number of surveillance folks lately. Here's a little clip.
Posted by Jeff at 12:54 PM | Comments (0) | TrackBack
authorized personnel
going through some finances via an email from citibank, i wanted to read their privacy statement. anyone have any reward cards? i want to have a shredding party and collectively release our data gathering cards.
http://www.citibank.com/privacy/index.htm
"We will permit only authorized employees, who are trained in the proper handling of customer information, to have access to that information. Employees who violate our Privacy Promise will be subject to our normal disciplinary process."
the list is pretty comical from a certain point of view.
Posted by msantram at 11:08 AM | Comments (0) | TrackBack
February 09, 2006
Canadian IT Operators Discover Beauty In Spam
From Yahoo News: Canadian IT Operators Discover Beauty In Spam
A more artistic-leaning digression from our usual paranoia...
Building on the idea that people are naturally attuned to sound, the Sheridan College Institute of Technology and Advanced Learning has created software that translates network and server activity into music. And, their IT department operators can interpret the music to detect problems in the system.
I like this as well...anybody interested in re-engineering tcpdump to work my atrophying right brain?
Most monitoring systems are engineered for the left side of the brain, requiring attention to detail and analysis, but the right side of the brain processes music, recognizing its patterns with little effort for input that is complimentary
Posted by xncroft at 06:40 PM | Comments (0) | TrackBack
More Surveillance Puts Strain on Carriers
More Surveillance Puts Strain on Carriers from the Wall Street Journal
Often overlooked amid the controversy over the legality of the Bush administration's eavesdropping without warrants is a huge increase in recent years in the number of wiretaps conducted with court approval. Smaller telecom companies in particular have sought help from outsiders in order to comply with the court-ordered subpoenas, touching off a scramble among third parties to meet the demand for assistance.
So, illegal wiretapping isn't all we should be worried about...there's a "legal" trend of increased surveillance as well...
The number of telephone wiretaps from 2000 to 2004 authorized by state and federal judges increased by 44% to 1,710, according to the latest annual report from the Administrative Office of the U.S. Courts.
Posted by xncroft at 06:33 PM | Comments (0) | TrackBack
EPIC confronts proposed CDC rule change
from Electronic Privacy Information Center:
EPIC Urges CDC to Limit Passenger Data Collection
EPIC said in comments (pdf) to the Centers for Disease Control and Prevention that it should limit a proposed rule that would require airline and shipping industries to gather passenger information, maintain it electronically for at least 60 days, and release it to the CDC within 12 hours of a request. EPIC urged the CDC to narrow the scope of data collected to that which is necessary and set strict security standards to keep passenger data secure from unauthorized access and misuse. The CDC also should require the clear and open disclosure that travelers can refuse to submit their information without facing penalties, EPIC said. For more information, see EPIC's Medical Privacy page. (Jan. 31)
A major complaint that EPIC has that reminds me of EFF's letter to the State Department concerning RFID is the vague assurance of "industry standards for data encoding" that will keep all of our citizen data secure as it gets beamed from agency to agency. It makes me wonder how strict the policy makers really care for the guidlines to be.
Posted by xncroft at 06:16 PM | Comments (0) | TrackBack
Google's new Desktop 3 will let Google store files from your hard disk
One of the new features is Search Across Computers, which "makes it seamless to search the content of your documents and web history from any of your computers". Of course, you can't search one of your computers remotely if it happens to be turned off, say, so Google will kindly store your hard drive files on one of its Desktop servers. This applies to your Web history (from Internet Explorer, Firefox, Netscape, and Mozilla); Microsoft Word documents; Microsoft Excel spreadsheets;
Microsoft PowerPoint presentations; PDF files and Text files in My Documents. It won't store data from secure (https) pages.
Posted by mushon at 05:24 PM | Comments (0) | TrackBack
Good Blog
Good blog on various topics, the newest post of which involves some biometric products on the horizon.
Posted by Jeff at 02:32 PM | Comments (0) | TrackBack
Chinese man 'jailed due to Yahoo'
the BBC's review of the official Yahoo! statement:
http://news.bbc.co.uk/2/hi/asia-pacific/4695718.stm
'Rigorous procedures'
Yahoo spokeswoman Mary Osako insisted that in its dealings with China, the company "only responded with what we were legally compelled to provide, and nothing more".
"We were rigorous in our procedures and made sure that only the required material was provided," she told the AFP news agency.
But she added that: "The government of China is not required to inform service providers why they are seeking certain information, and typically does not do so."
Posted by msantram at 02:16 AM | Comments (0) | TrackBack
February 08, 2006
NSA: How They Spy
defensetech.org/archives/002162.html
Declan McCullagh and Anne Broache have put together a fascinating pair of stories for News.com that outline what the NSA's domestic spying program might look like. Part one surveyed telecom companies, to find out which ones cooperated with the spooks. Part two sketches out how the NSA might be able to listen in. A few excerpts are below. But do yourself a favor and read the whole thing.
Posted by mushon at 10:49 PM | Comments (0) | TrackBack
verizon to google "no free lunch for you"
Verizon Executive Calls for End to Google's 'Free Lunch'.
Verizon wants google and other high profile providers to pay for preferred access to their networks, as their contention is, they built it and spent all of our their money constructing the fiber networks that content providers use. Of course the customers who are overpaying for their broadband connections, so why should the telco get paid twice?
With the telcos owning the last mile to many/most customers they have a position that seems quite strong although I would highly doubt customers would allow for access to a service like google to be cut off from them.
Posted by seans at 12:14 PM | Comments (0) | TrackBack
Use Your Cell Phone Instead of Your Credit Card
Ever wish you could pay for something with your cell phone? Chances are if your friends have kids, they'll whip out their cell phone to show you pictures. So why not put other staples of the wallet--such as driver's license, credit cards, and membership cards--on the cell?
Posted by paba7 at 11:55 AM | Comments (0) | TrackBack
another chip at your privacy
telecommunication companies aid the NSA in tapping your calls w/o a warrant. usatoday.com article
Posted by metabreed at 10:44 AM | Comments (0) | TrackBack
Snoop Speak
New York Times Magazine Article from a couple weeks ago. May not be entirely related to current events, but its a nice historical look at why we use some of the words we use when speaking about this stuff.
Posted by Jeff at 02:44 AM | Comments (0) | TrackBack
February 07, 2006
Eavesdropping 101: What Can The NSA Do?
The recent revelations about illegal eavesdropping on American citizens by the U.S. National Security Agency have raised many questions about just what the agency is doing. Although the facts are just beginning to emerge, information that has come to light about the NSA's activities and capabilities over the years, as well as the recent reporting by the New York Times and others, allows us to discern the outlines of what they are likely doing and how they are doing it.
Make sure you check the infographics they made as well.
Posted by mushon at 11:48 PM | Comments (0) | TrackBack
The Fickle Cellphone: Lipstick on Your Caller
IT would not have taken much for Chloe, a spurned wife played by Emily Mortimer in the movie "Match Point," to confirm that her husband, Chris, played by Jonathan Rhys Meyers, was cheating on her.
Chloe had reason to suspect something was up because Chris was forever disappearing to take or make cellphone calls from or to his mistress, Nola, played by Scarlett Johansson. But Chloe never took action, even though she could have just checked the call-history function on her husband's phone while he was asleep.
If the fictitious couple lived in the United States, it wouldn't take even that much snooping. For about $100, Chloe could have visited any of dozens of Web sites that offer to acquire call records and other personal data. LocateCell.com, Completeskiptrace.com and other sites are accused of getting information by using a pretext, or posing as someone else and duping call-center agents.
Posted by paba7 at 11:01 PM | Comments (0) | TrackBack
AOL and Yahoo! to charge for emails
AOL and Yahoo! are to start charging for sending emails.
Both companies will still accept free emails but are offering the chance to pay to avoid their spam filters. By paying between a quarter and one cent per message companies will get preferential delivery of their messages.
Posted by paba7 at 10:38 PM | Comments (0) | TrackBack
How I stalked my girlfriend
http://www.guardian.co.uk/g2/story/0,,1699080,00.html#article_continue
Interesting that websites offer this service.
Posted by wlodek at 12:48 AM | Comments (0) | TrackBack
February 06, 2006
very small RFID
EETimes.com - Hitachi advances paper-thin RFID chip
that is .15mm X .15 mm X 7.5 microns thin. paper is 80 microns thick.
Obese .3mm X .3mm chips on a finger.
Posted by seans at 02:07 PM | Comments (0) | TrackBack
why you should never use your corporate e-mail account...
email is so transparent. just look at enron emails. all of the emails that were sent to and from enron accounts were stored, and then sold as part of enron's liquidation.
would you want one that was like this (an actual email), floating out there?
Hey Baby,Sorry that I haven't been able to email you yet. It's been a busy day
already. My presentation went well this morning (at least my part
did). I'm meeting with Jen Garcia to work on our project again today.
I should be home before 7 unless Jen and I have some good things going.
When I get home, I have a exam to study for.About grad. dinner- I called the other Mezzaluna and they're booked
also. Bren called her mom for suggestions and she named about 8
different restaurants. So, hopefully some of them will have room! I'll
tell you which ones they are when I get home. PLEASE remind me about
the invitations! I've got to send them out soon. I'm sending mine to
your parents, Bren's parents, Tom & Jeanette, and the Denneys. Anybody
else?I'm really hungry so I'm going to eat my pb&j sandwich soon! (Yeah,
food!) I'm so weak (or is it tired?) that I can't see very well.Seeing you soon is what keeps me going!
Love you,
Jenn
actually, probably not the worst -- but you can see where this is going.
the enron mail program is a demonstration of the inboxer technology that "...finds risky messages that other systems do not, because it is based on our award-winning, proprietary, language-based technology that quickly classifies messages by risk type." it monitors all the corporate email, and allows the computer to take certain actions depending on what information is going in and out of the organisation. that alone was worth a separate blog post.
Posted by raffi at 01:17 PM | Comments (0)
voip security analysis
pstn and pots are dead, long live voip! and, we're all familiar with it -- with some of us as vonage customers and some of us skype users. but, the real question is: are these secure?
shmoocon had a very interesting talk by shawn merdinger of tipping point on the security of wifi voip phones. blue box has a copy of his slides (via a post on hackaday).
Posted by raffi at 09:15 AM | Comments (0)
Nevada Court Rules Google Cache is Fair Use
"A federal district court in Nevada has ruled that Google does not violate copyright law when it copies websites, stores the copies, and transmits them to Internet users as part of its Google Cache feature. The ruling clarifies the legal status of several common search engine practices and could influence future court cases, including the lawsuits brought by book publishers against the Google Library Project"January 25, 2006
Posted by wlodek at 01:00 AM | Comments (0)
rfid zapper
and, while we're on the topic of rfid in passports, why not also talk about a way to zap RFID tags (PDF, 214 KB)?
Posted by raffi at 12:29 AM | Comments (0)
rfid passports dissected
edward hasbrouck has a few great posts over at his blog on rfid in passports. the most recent one RFID passport logo (PDF, 497 KB) is actually quite an interesting read to know what is the latest on the RFID/passport issues:
All passports that contain ICAO standard (ICAO document 9303) RFID chips (ISO standard 14443) are supposed to have this logo on the front cover, printed or embossed in such a manner that it can't readily be effaced or removed without leaving conspicuous traces. Border guards and immigration inspectors need to be able to distinguish quickly and reliably between a (valid, for the time being) passport that never contained an RFID chip, and an invalid (under current USA regulations and, I expect, similar regulations in other countries that are putting RFID chips in passports) passport that contains a defective or disabled RFID chip....
You can't disable the RFID chip without voiding your passport: "Any passport which has been materially changed in physical appearance or composition, or contains a damaged, defective or otherwise nonfunctioning electronic chip, or which includes unauthorized changes, obliterations, entries or photographs, ... may be invalidated."
Posted by raffi at 12:21 AM | Comments (0)
February 05, 2006
Just a thought
Progress and efficiency are coming our way!
Posted by mushon at 11:05 PM | Comments (1)
A little on biometrics
http://en.wikipedia.org/wiki/Biometric
Biometric comparison chart. Facial thermogram is one I haven't heard of before.
Pulled from wikipedia also.
Posted by sailorav at 10:34 PM | Comments (0)
Big Risks, Small Packages
I lost my wallet a few days ago. Beats leaving my laptop on a train.
http://www.wired.com/news/technology/0,70044-0.html
Posted by sailorav at 10:16 PM | Comments (0)
RFID Alternative: Vein Scans
"Our vein structures are completely different, especially when you look at the palm," said Luminetx Chief Executive Officer Jim Phillips. "In a way, it's like looking at a bar code. We convert your veins to a bar code."
Posted by joeyelisa at 10:06 PM | Comments (0)
LAPD Takes RFID To The Chase Scene
By using a compressed air cannon, LAPD can blast a RFID tag onto a suspect's car, and track it with radio-transmitted GPS from a distance.
Posted by joeyelisa at 10:01 PM | Comments (0)
RFID/IVF/HFEA and other acronymous details follow:
In from "The World's No.1 Science & Technology News Service," NewScientist.com, an article dealing with electronic tags for eggs, sperm and embryos.
"The idea...is that an alarm will sound if the wrong eggs and sperm are brought close to one another, for instance, or if a doctor attempts to collect the wrong embryo to implant into a mother-to-be."
But is it safe?
"In Research Instruments’ tests, the tags transmitted continuously for four days without any perceptible effect on the embryos. Though the tests are not complete, “it looks very, very good that there’s going to be no problem with it,” David Lansdowne, technical director at the company told New Scientist."
whew.
Posted by ajs510 at 08:39 PM | Comments (0)
surveillance program illegal (according to specter)
the new york times has an article (PDF, 68.8 KB) covering senator specter's remarks that the president's surveillance program was in clear violation of the foreign intelligence surveillance act.
Posted by raffi at 08:28 PM | Comments (0)
Advanced security features make "osaifu keitai" (= phone wallet ) safe ?
Recently "osaifu keitai", the mobile phone with the contactless IC card, are used in Japan.
http://www.vodafone.jp/en/live/felica/index.html
The produce catalogue says advanced security features make it safe (middle of the page.)
http://www.au.kddi.com/english/product/lineup/w32s/index.html
NTT DoCoMo release the fingerprint phone for the security.
http://us.gizmodo.com/gadgets/cellphones/docomo-f902i-fingerprint-phone-136686.php
But, are they really safe ? Some Japanese articles say it's easy to skimming the data if you put the phone in your pocket of jacket. How can we protect our information if the mobile phone will be with more privacy feautures ?
Posted by sawako at 04:04 PM | Comments (0)
Increasing Requests from ISPs for Customer Data
Requests for information have become so common that most big Internet companies, as well as telephone companies, have a formal process for what is often called subpoena management.
AOL, for example, has more than a dozen people, including several former prosecutors, handling the nearly 1,000 requests it receives each month for information in criminal and civil cases.
* for a login/pass try notme9/noone (or get one at bugmenot.com)
Posted by cory at 02:03 PM | Comments (0)
FOIA request turned down for Pentagon spying (NYU)
Administration Refuses To Release Gay Spying Documents
by Doreen Brandt, 365Gay.com Washington Bureau
Posted: January 23, 2006 - 1:00 pm ET
(Washington) The administration is refusing to turn over documents related to allegations that it spied on LGBT civil rights groups.
The Servicemembers Legal Defense Network, which represents gays in the military, and other LGBT rights groups sought the documents under the Freedom of Information Act. They filed the request early this month and asked that the government respond within 20 days.
Last month media reports said that the Pentagon has been spying on "suspicious" meetings by civilian groups, including student groups opposed to the military's "don't ask, don't tell".
The reports said that the Pentagon had spied on New York University law school's LGBT advocacy group OUTlaw and gay groups at the State University of New York at Albany and William Patterson College in New Jersey.
The FOIA request included a demand for "any and all documents" concerning meetings and communications within and between LGBT organizations, including SLDN. The filing included a request for "reports, video recordings, audio recording and photographs" obtained through Pentagon surveillance.
Joining SLDN were Gays & Lesbians Against Defamation; the Gay and Lesbian Medical Association; the Human Rights Campaign; the International Gay and Lesbian Human Rights Commission; the Los Angeles Lesbian & Gay Center; the Lambda Legal Defense and Education Fund; Lambdas, Chicago-Kent College of Law; the Mautner Project; the National Coalition of Anti-Violence Projects; the National Youth Advocacy Coalition; Outlaws, University of Michigan School of Law; Pride at Work, AFL-CIO; QLaw, University of Wisconsin School of Law; and OUTLAW, Stanford Law School.
In responding to the request FBI said the FOIA request did not "reasonably describe" the records sought.
The Freedom of Information officer for the Attorney General's office responded that their office "would not maintain" the records that were requested, but did not indicate if it had conducted a search to be certain.
The Department of Defense turned down the request saying that SLDN is not an organization primarily engaged in disseminating information to the public and that there is no imminent loss of substantial due process rights.
"I'm not surprised to learn that the government is attempting to stonewall our original FOIA request," SLDN spokesperson Steve Ralls said on Monday.
Ralls called the FBI response "outrageous" and said that the organization would continue to press for the documents.
"SLDN is undeterred in our efforts to find out what information the government obtained and for what purposes it may have used that information."
Posted by paba7 at 01:15 PM | Comments (0)
Pigeons to blog on air pollution
02.02.06 9.00am
LONDON - A flock of pigeons fitted with mobile phone backpacks is to be
used to monitor air pollution, New Scientist magazine reported on Wednesday.
The 20 pigeons will be released into the skies over San Jose,
California, in August.
Each bird will carry a GPS satellite tracking receiver, air pollution
sensors and a basic mobile phone.
Text messages on air quality will be beamed back in real time to a
special pigeon "blog", a journal accessible on the internet.
Miniature cameras slung around the pigeons' necks will also post aerial
pictures.
The idea is the brainchild of researcher Beatriz da Costa, of the
University of California at Irvine, and two of her students.
They have built a prototype of the pigeons' equipment, containing a
mobile phone circuit board with Sim card and communication chips, a GPS
receiver, and sensors capable of detecting carbon monoxide and nitrogen dioxide.
"We are combining an air pollution sensor with a home-made cellphone,"
da Costa told New Scientist.
The team is planning to squeeze all the components onto a single board
small enough for the birds to carry in a backpack, New Scientist said.
The pigeons will take to the air at the inter-Society for Electronic
Arts' annual symposium in San Jose on August 5.
The data they send back will be displayed on the blog in the form of an interactive map.
Posted by paba7 at 01:07 PM | Comments (0)
Homeland Security Tries New 3-D Technology At Super Bowl XL
POSTED: 3:31 pm EST January 31, 2006
(Courtesy Of LawFuel - The Law News Network) Birmingham, MI -- ***
Homeland Security Tries New 3-D Technology at Super Bowl XL ***
Hidden from public view at Super Bowl XL, live-action 3-D holograms
created from signals streaming in from networks of electronic eyes will help
Homeland Security Agency officials detect people and objects suspected
of endangering the 65 thousand ticket holders crowding into Ford Field,
and the thousands more celebrating in downtown Detroit.
ThePittsburghChannel.com
While officials may not go public with the details, the surveillance
effort is likely to include:
-- scanning undersides of vehicles for suspicious objects
-- face-in-the-crowd recognition and feature-matching
-- monitoring street-level festivities, day and night
-- underwater Detroit River monitoring
-- classified methods of searching for and detecting potential threats.
Viewing 3-D holographic displays hidden in a security van, security
officials will, for the first time ever, view three-dimensional
holography that can reveal shadows, angles, depths and details unseen by
conventional imaging.
Super Bowl XL marks the first public security use of this new
technology, LifeVision3D(TM), from privately held Intrepid Defense & Security
Systems, Birmingham, Michigan.
Intrepid's CEO James Fischbach says his LifeVision3D(TM) system
produces "true, live-action 3-D. No funny eyeglasses. No 'virtual reality'
goggles. Instead, the action appears to move out from the surface of the screen
and envelop the viewer."
Mark A. Hammond, Deputy Director, Wayne County Department of Homeland
Security and Emergency Management, believes this technology "should be
considered a 'must have' for every agency and company with protection
responsibilities."
After over a decade in development, LifeVision3D now is ready for
production and sale. "Opportunities are opening up with government agencies, the
military, entertainment, medicine, and just about everyplace where people
are starting to appreciate what they can accomplish with live-action
3-D holography," Fischbach says.
What's ahead? Intrepid's successful development of live-action three-
dimensional full color holography promises to leap ahead of current
technologies for:
-- Color night vision
-- Revealing details of ground images from satellites
-- Lifelike flight-training simulation
-- Arcade video games
-- Making education exciting
-- Space exploration
-- Underwater surveillance, threat assessment, exploration and recovery
-- Remotely controlled precision surgery (already demonstrated at
Detroit's
Henry Ford Hospital).
Copyright 2006 Courtesy of SportsNetwork.
Posted by paba7 at 01:04 PM | Comments (0)
Eavesdropping 101: What Can The NSA Do? (1/31/2006)
The recent revelations about illegal eavesdropping on American citizens
by
the U.S. National Security Agency have raised many questions about just
what
the agency is doing. Although the facts are just beginning to emerge,
information that has come to light about the NSA's activities and
capabilities over the years, as well as the recent reporting by the New
York
Times and others, allows us to discern the outlines of what they are
likely
doing and how they are doing it.
The NSA is not only the world's largest spy agency (far larger than the
CIA,
for example), but it possesses the most advanced technology for
intercepting
communications. We know it has long had the ability to focus powerful
surveillance capabilities on particular individuals or communications.
But
the current scandal has indicated two new and significant elements of
the
agency's eavesdropping:
1. The NSA has gained direct access to the telecommunications
infrastructure through some of America's largest companies
2. The agency appears to be not only targeting individuals, but also
using broad "data mining" systems that allow them to intercept and
evaluate
the communications of millions of people within the United States.
The ACLU has prepared a map illustrating how all this is believed to
work.
It shows how the military spying agency has extended its tentacles into
much
of the U.S. civilian communications infrastructure, including, it
appears,
the "switches" through which international and some domestic
communications
are routed, Internet exchange points, individual telephone company
central
facilities, and Internet Service Providers (ISPs). While we cannot be
certain about these secretive links, this chart shows a representation
of
what is, according to recent reports, the most likely picture of what
is
going on.
CORPORATE BEDFELLOWS
One major new element of the NSA's spying machinery is its ability to
tap
directly into the major communications switches, routing stations, or
access
points of the telecommunications system. For example, according to the
New
York Times, the NSA has worked with "the leading companies" in the
telecommunications industry to collect communications patterns, and has
gained access "to switches that act as gateways" at "some of the main
arteries for moving voice and some Internet traffic into and out of the
United States."(1)
This new level of direct access apparently includes both some of the
gateways through which phone calls are routed, as well as other key
nodes
through which a large proportion of Internet traffic passes. This new
program also recognizes that today's voice and Internet communications
systems are increasingly converging, with a rising proportion of even
voice
phone calls moving to the Internet via VOIP, and parts of the old
telephone
transmission system being converted to fiber optic cable and used for
both
data and voice communications. While data and voice sometimes travel
together and sometimes do not, and we do not know exactly which
"switches"
and other access points the NSA has tapped, what appears certain is
that the
NSA is looking at both.
And most significantly, access to these "switches" and other network
hubs
give the agency access to a direct feed of all the communications that
pass
through them, and the ability to filter, sift through, analyze, read,
or
share those communications as it sees fit.
DATA MINING
The other major novelty in the NSA's activities appears to be the
exploitation of a new concept in surveillance that has attracted a lot
of
attention in the past few years: what is commonly called "data mining."
Unlike the agency's longstanding practice of spying on specific
individuals
and communications based upon some source of suspicion, data mining
involves
formula-based searches through mountains of data for individuals whose
behavior or profile is in some way suspiciously different from the
norm.
Data mining is a broad dragnet. Instead of targeting you because you
once
received a telephone call from a person who received a telephone call
from a
person who is a suspected terrorist, you might be targeted because the
NSA's
computers have analyzed your communications and have determined that
they
contain certain words or word combinations, addressing information, or
other
factors with a frequency that deviates from the average, and which they
have
decided might be an indication of suspiciousness. The NSA has no prior
reason to suspect you, and you are in no way tied to any other
suspicious
individuals you have just been plucked out of the crowd by a computer
algorithm's analysis of your behavior.
Use of these statistical fishing expeditions has been made possible by
the
access to communications streams granted by key corporations. The NSA
may
also be engaging in "geographic targeting," in which they listen in on
communications between the United States and a particular foreign
country or
region. More broadly, data mining has been greatly facilitated by
underlying
changes in technology that have taken place in the past few years (see
below).
This dragnet approach is not only bad for civil liberties it is also
a bad
use of our scarce security and law enforcement resources. In fact, the
creation of large numbers of wasteful and distracting leads is one of
the
primary reasons that many security experts say data mining and other
dragnet
strategies are a poor way of preventing crime and terrorism. The New
York
Times confirmed that point, with its report that the NSA has sent the
FBI a
"flood" of tips generated by mass domestic eavesdropping and data
mining,
virtually all of which led to dead ends that wasted the FBI's
resources.
"We'd chase a number, find it's a schoolteacher with no indication
they've
ever been involved in international terrorism," one former FBI agent
told
the Times. "After you get a thousand numbers and not one is turning up
anything, you get some frustration."(2)
COMBINING TELECOMMUNICATIONS AND OTHER PRIVATE DATA?
The NSA has historically been in the business of intercepting and
analyzing
communications data. One question is whether or not this communications
data
is being combined with other intimate details about our lives. A few
years
ago, the Pentagon began work on an breathtaking data mining program
called
Total Information Awareness, which envisioned programming computers to
trawl
through an extensive list of information on Americans (including,
according
to the program's own materials, "Financial, Education, Travel, Medical,
Veterinary, Country Entry, Place/Event Entry, Transportation, Housing,
Critical Resources, Government, Communications") in the hunt for
"suspicious" patterns of activity. Congress decisively rejected this
approach, voting to shut down the program, at least for domestic use
but
we know Congress allowed elements of the program to be moved
undercover,
into the bowels of the Pentagon, while supposedly being restricted to
non-Americans. We also know that the NSA is sharing its information
with
other security services. What we do not know is whether any of
information
from TIA-like enterprises is being combined with the NSA's
communications
intercepts.
HOW THE NSA SEARCHES FOR TARGETS
There are a range of techniques that are probably used by the NSA to
sift
through the sea of communications it steals from the world's cables and
airwaves:
* Keywords. In this longstanding technique, the agency maintains a
watch
list or "dictionary" of key words, individuals, telephone numbers and
presumably now computer IP addresses. It uses that list to pick out
potentially relevant communications from all the data that it gathers.
These
keywords are often provided to the NSA by other security agencies, and
the
NSA passes the resulting intelligence "take" back to the other agencies
or
officials. According to the law, the NSA must strip out the names and
other
identifying information of Americans captured inadvertently, a process
called "minimization." (According to published reports, those
minimization
procedures are not being properly observed.) In the 1990s, it was
revealed
that the NSA had used the word "Greenpeace" and "Amnesty" (as in the
human
rights group Amnesty International) as keywords as part of its
"Echelon"
program (see Echelon).
* Link analysis. It is believed that another manner in which
individuals
are now being added to the watch lists is through a process often
called
"link analysis." Link analysis can work like this: the CIA captures a
terrorist's computer on the battlefield and finds a list of phone
numbers,
including some U.S. numbers. The NSA puts those numbers on their watch
list.
They add the people that are called from those numbers to their list.
They
could then in turn add the people called from those numbers to their
list.
How far they carry that process and what standards if any govern the
process
is unknown.
* Other screening techniques. There may be other techniques that
the NSA
could be using to pluck out potential targets. One example is voice
pattern
analysis, in which computers listen for the sound of, say, Osama Bin
Laden's
voice. No one knows how accurate the NSA's computers may be at such
tasks,
but if commercial attempts at analogous activities such as face
recognition
are any guide, they would also be likely to generate enormous numbers
of
false hits.
A THREE-STAGE PROCESS
So how are all these new techniques and capabilities being put into
practice? Presumably, "The Program" (as insiders reportedly refer to
the
illegal practices) continues to employ watch lists and dictionaries. We
do
not know how the newer and more sophisticated link analysis and
statistical
data mining techniques are being used.
But, a good guess is that the NSA is following a three-stage process
for the
broadest portion of its sweep through the communications
infrastructure:
1. The Dragnet: a search for targets. In this stage, the NSA sifts
through the data coursing through the arteries of our telecom systems,
making use of such factors as keyword searches, telephone number and IP
address targeting, and techniques such as link analysis, and "data
mining."
At this stage, the communications of millions of people may be
scrutinized.
2. Human review: making the target list. Communications and
individuals
that are flagged by the system for one reason or another are presumably
then
subject to human review. An analyst looks at the origin, destination
and
content of the communication and makes a determination as to whether
further
eavesdropping or investigation is desired. We have absolutely no idea
what
kind of numbers are involved at this stage.
3. The Microscope: targeting listed individuals. Finally,
individuals
determined to be suspicious in phase two are presumably placed on a
target
list so that they are placed under the full scrutiny of the NSA's giant
surveillance microscope, with all their communications captured and
analyzed.
EXPANDING SURVEILLANCE AS TECHNOLOGY CHANGES
Today's NSA spying is a response to, and has been made possible by,
some of
the fundamental technological changes that have taken place in recent
years.
Around the end of 1990s, the NSA began to complain privately and
occasionally publicly that they were being overrun by technology as
communications increasingly went digital. One change in particular was
especially significant: electronic communications ranging from email to
voice conversations were increasingly using the new and different
protocols
of the Internet.
The consequence of this change was that the NSA felt it was forced to
change
the points in the communications infrastructure that it targeted but
having done that, it gained the ability to analyze vastly more and
richer
communications.
The Internet and technologies that rely upon it (such as electronic
mail,
web surfing and Internet-based telephones known as Voice over IP or
VOIP)
works by breaking information into small "packets." Each packet is then
routed across the network of computers that make up the Internet
according
to the most efficient path at that moment, like a driver trying to
avoid
traffic jams as he makes his way across a city. Once all the packets
which
are labeled with their origin, destination and other "header"
information
have arrived, they are then reassembled.
An important result of this technology is that on the Internet, there
is no
longer a meaningful distinction between "domestic" and "international"
routes of a communication. It was once relatively easy for the NSA,
which by
law is limited to "foreign intelligence," to aim its interception
technologies at purely "foreign" communications. But now, an e-mail
sent
from London to Paris, for example, might well be routed through the
west
coast of the United States (when, for example, it is a busy mid-morning
in
Europe but the middle of the night in California) along the same path
traveled by mail between Los Angeles and San Francisco.
That system makes the NSA all the more eager to get access to
centralized
Internet exchange points operated by a few telecommunications giants.
But
because of the way this technology works, eavesdropping on an IP
communication is a completely different ballgame from using an
old-fashioned
"wiretap" on a single line. The packets of interest to the eavesdropper
are
mixed in with all the other traffic that crosses through that pathway
domestic and international.
ECHELON
Much of what we know about the NSA's spying prior to the recent
revelations
comes from the late 1990s, when a fair amount of information emerged
about a
system popularly referred to by the name "Echelon" a codename the NSA
had
used at least at one time (although their continued use of the term, if
at
all, is unknown). Echelon was a system for mass eavesdropping on
communications around the world by the NSA and its allies among the
intelligence agencies of other nations. The best source of information
on
Echelon was two reports commissioned by the European Parliament (in
part due
to suspicions among Europeans that the NSA was carrying out economic
espionage on behalf of American corporations). Other bits of
information
were gleaned from documents obtained through the U.S. Freedom of
Information
Act, as well as statements by foreign governments that were partners in
the
program (the UK, Australia, Canada, and New Zealand).
As of the late 1990s/early 2000s, Echelon swept up global
communications
using two primary methods:
* The interception of satellite and microwave signals. One way that
telephone calls and other communications are sent from the United
States to
Europe and other destinations is via satellite and microwave
transmissions.
ECHELON was known to use numerous satellite receivers ("dishes")
located
on the east and west coasts of the United States, in England,
Australia,
Germany, and elsewhere around the globe to vacuum up the "spillover"
broadcasts from these satellite transmissions.
* Transoceanic cable tapping. ECHELON's other primary eavesdropping
method was to tap into the transoceanic cables that also carry phone
calls
across the seas. According to published reports, American divers were
able
to install surveillance devices onto these cables. One of these taps
was
discovered in 1982, but other devices apparently continued to function
undetected. It is more difficult to tap into fiber-optic cables (which
unlike other cables do not "leak" radio signals that can be picked up
by a
device attached to the outside of the cable), but there is no reason to
believe that that problem remained unsolved by the agency.
We do not know the extent to which these sources of data continue to be
significant for the NSA, or the extent to which they have been
superseded by
the agency's new direct access to the infrastructure, including the
Internet
itself, over which both voice and data communications travel.
UNANSWERED QUESTIONS
The bottom line is that the NSA appears to be capable not only of
intercepting the international communications of a relatively small
number
of targeted Americans, but also of intercepting a sweeping amount of
U.S.
communications (through corporate-granted access to communications
"pipes"
and "boxes"), and of performing mass analysis on those communications
(through data mining and other techniques).
Despite the fuzzy picture of "The Program" that we now possess, the
current
spying scandal has highlighted many unanswered questions about the
NSA's
current activities. They include:
* Just what kinds of communications arteries has the NSA tapped
into?
* What kinds of filters or analysis is the NSA applying to the data
that
flows through those arteries? How are data mining and other new
techniques
are being used?
* Which telecom providers are cooperating with the NSA?
* How are subjects selected for targeted intercepts?
* What kinds of information exchange are taking place between the
NSA
and other security agencies? We know they probably turn over to other
agencies any data turned up by watch list entries submitted by those
other
agencies, and they are also apparently passing along data
mining-generated
"cold hits" to the FBI and perhaps other security agencies for further
investigation. Does information flow the other way as well are other
agencies giving data to the NSA for help in that second phase of
deciding
who gets put under the microscope?
* Is data that NSA collects, under whatever rubric, being merged
with
other data, either by NSA or another agency? Is communications data
being
merged with other transactional information, such as credit card,
travel,
and financial data, in the fashion of the infamous "Total Information
Awareness" data mining program? (TIA, while prohibited by Congress from
engaging in "domestic" activities, still exists within the Pentagon
and
can be used for "foreign intelligence purposes.)
* Just how many schoolteachers and other innocent Americans have
been
investigated as a result of "The Program"? And just how much privacy
invasion are they subject to before the FBI can conclude they are not
"involved in international terrorism"?
Rarely if ever in American history has a government agency possessed so
much
power subject to so little oversight. Given that situation, abuses were
inevitable and any limits to those abuses a matter of mere good
fortune.
If our generation of leaders and citizens does not rise to the
occasion, we
will prove ourselves to be unworthy of the heritage that we have been
so
fortunate to inherit from our Founders.
(1) Eric Lichtblau and James Risen, "Spy Agency Mined Vast Data Trove,
Officials Report," New York Times, December 24, 2005;
http://select.nytimes.com/search/restricted/article?res=FA0714F63E540C778EDD
AB0994DD404482.
(2) Lowell Bergman, Eric Lichtblau, Scott Shane and Don Van Natta Jr.,
"Spy
Agency Data After Sept. 11 Led F.B.I. to Dead Ends," New York Times,
January
17, 2006; http://www.nytimes.com/2006/01/17/politics/17spy.html.
Posted by paba7 at 01:02 PM | Comments (0)
The End of the Internet?
The nation's largest telephone and cable companies are crafting an alarming set of strategies that would transform the free, open and nondiscriminatory Internet of today to a privately run and branded service that would charge a fee for virtually everything we do online. read more
Posted by paba7 at 12:58 PM | Comments (0)
Porn Boosts Online Technologies
What is the most powerful force pushing new technologies to take root in
South Korea, the world's high-tech testing ground? The shocking answer
could be pornography. read more
Posted by paba7 at 12:54 PM | Comments (0)
Half of Korea’s Preschoolers Use Internet Daily
Internet use among preschoolers between three and five is no longer limited to a handful of prodigies, an astounding government survey suggests. If the figures are to be believed, some 48 percent or 870,000 children in that age bracket used the Internet daily in the second half of last year.
Posted by paba7 at 12:50 PM | Comments (0)
Public ownership is the answer
Publicly owned broadband would be the equivalent of our network of highways.
n its Jan. 31 editorial “Keep network neutrality” the Daily missed a major opportunity to speak out about Minneapolis’ plan for a privately owned citywide wireless network. Students, small companies and struggling startups will be hurt if telephone and cable companies start charging content providers. But the solution is not, as the editorial suggests, to ask Congress to impose regulations enforcing network neutrality. The solution is to build publicly owned, open access networks as an alternative to the private, proprietary networks on which we currently rely.
Posted by paba7 at 12:46 PM | Comments (0)
MUTE: Simple, Anonymous File Sharing
While catching up on reading some feeds, I stumbled across an article on this nice little anonymous file sharing app, it seems like it's taking a similar approach to anonymizing as Tor but rather then being for all your network traffic, it is just for their p2p network.
"MUTE protects your privacy by avoiding direct connections with your sharing partners in the network. Most other file sharing programs use direct connections to download or upload, making your identity available to spies from the RIAA and other unscrupulous organizations."
Here is their article that explains how the RIAA catches you, and what MUTE does to protect you.
Posted by noah at 12:42 AM | Comments (0)
February 04, 2006
comcast's view on net neutraility
in reference to the previous story, brian roberts (the ceo of comcast, the largest broadband provider in the US) stated as part of a transcript (PDF, 185.6 KB) of comcast's 2005 q4 earnings conference call:
Let me answer the question on net neutrality, if I might. We continue to believe that proponents of the so-called net neutrality are pursuing a solution in search of a problem. Neither Comcast nor any other major cable operator has ever blocked access to my knowledge of customers to any websites, and the competitive market, in fact there are multiple ways to access broadband and the high speed internet, and the internet in general, continues to be the ultimate governor of conduct in this context. But we do also recognize and try to advocate for our right as a network manager, to manage the network, to make sure that the customer experience does not get degraded, due to outside influences like spam and other things. And finally, we have not had any discussions with content providers with respect to any charges directly from such providers, and that’s an area that at this time, that’s where we’re at. So we don’t believe that this is the right policy. I don’t see it at the moment, having a lot of, it is a regulation of the internet, and we’re certainly going to try to fight anything like that.
interesting...
Posted by raffi at 06:34 PM | Comments (0)
a multi-tiered internet
In a broader sense, the move to create what is essentially a preferred class of e-mail is a major change in the economics of the Internet. Until now, senders and recipients of e-mail — and, for that matter, Web pages and other information — each covered their own costs of using the network, with no money changing hands. That model is different from, say, the telephone system, in which the company whose customer places a call pays a fee to the company whose customer receives it.
says a new york times article entitled "postage is due for companies sending e-mail" (PDF, 73.2 KB). the internet is currently a level and neutral playing field -- and moves like this will change it. if a company can give preferential treatment to certain applications, does that mean it can give preferential treatment to certain pieces of data?
This Tuesday the Senate Commerce Committee will hold a hearing to consider legislation for what has been called Net neutrality — effectively banning Internet access companies from giving preferred status to certain providers of content. The concern is that companies that do not pay could find it hard to reach customers or potential customers, threatening the openness of the Internet.
Posted by raffi at 06:24 PM | Comments (0)
"could future subpoenas tie you to 'britney spears nude'"
fred von lohmann has written an article for law.com entitled "could future subpoenas tie you to 'britney spears nude'?" (PDF, 88.4 KB) -- fred is examinging the landscape of information that people like the googles are compiling. trust is the word of the day.
The Google subpoena incident is a timely reminder to all Internet users that we are routinely entrusting third parties with an ever-increasing amount of private information about ourselves. We entrust our e-mail to services that encourage us to "never throw anything away," we upload our photos to share with family, and rely on search engines to help us track down virtually everything without a second thought....
There is legal precedent for forcing a business to delete your information after a reasonable time. The Video Privacy Protection Act, 18 U.S.C. §2710, requires that video rental services "destroy personally identifiable information as soon as practicable, but no later than one year from the date the information is no longer necessary for the purpose for which it was collected." The law also requires that the person whose information is sought be notified prior to disclosure and includes an exclusionary rule barring wrongfully obtained information from any court proceeding. A similar rule has recently been proposed for search engines in legislation introduced by Rep. Edward Markey, D-Mass. Such a rule would go a long way toward protecting our privacy online.
Posted by raffi at 06:07 PM | Comments (1)
Google casting its net further and further
Rumours mount over Google's internet plan from timesonline.co.uk
Apparently, Google has started picking up dark fibre left over from the dot-com boom in order to set up an alternative internet that they would control.
Google is working on a project to create its own global internet protocol (IP) network, a private alternative to the internet controlled by the search giant, according to sources who are in commercial negotiation with the company.
Late last year, Google purchased a 270,000sq ft telecom interconnection facilities in New York. It is believed that from here, Google plans to link up and power the dark fibre system and turn it into a working internet network of its own.
There are apparently also rumors of Google developing cheap PCs (sub $100 price tag)...what's the catch?? Running the computers could require a continuous connection to Google and exposure to personal ads from Google's AdWords.
Posted by xncroft at 02:32 PM | Comments (1)
February 03, 2006
Break WEP Encryption in 10 mins
It's widely(?) known that WEP encryption is broken. WEP is one of the 'security' measures you can take to protect access to your wi-fi network, and presumably to the things on your network, say at home behind your wi-fi router. While looking for other tools in addition to the tcpdump, etherpeg I came across a network stumbler with a little more ummph than macstumbler or istumbler KisMAC, an OS X version of the linux kismet. From O'Reilly hacks,
KisMAC is a passive network scanner. Rather than send out active probe requests, it instructs the wireless card to tune to a channel, listen for a short time, then tune to the next channel, listen for a while, and so on. In this way, it is possible to not only detect networks without announcing your presence, but also find networks that don't respond to probe requests—namely, "closed" networks (APs that have beaconing disabled). But that's not all. Passive monitors have access to every frame that the radio can hear while tuned to a particular channel. This means that you can not only detect access points, but also the wireless clients of those APs.
That sounds pretty interesting, so what does it mean? Well KisMAC has some 'features' that allow it to do things that you should only do on your own networks, to test for 'security'. Under the Network menu item there is an entry title Deauthenticate, a sub-menu title named Crack which contains Wordlist Attack, Weak Scheduling Attack and Bruteforce attack... Well just look at this video. It shows KisMAC being used to break 40-bit WEP encryption, in what they claim, under 10 minutes and it like a little lesson so you can do it too.
Video at ethicalhack.org or Google Video
Posted by seans at 01:15 PM | Comments (0)
meghan trainor/RFID in wired
was this posted before?
http://www.wired.com/news/technology/0,70135-0.html?tw=rss.index
from chris ault via the list. meghan is going to come into class on monday.
Posted by msantram at 11:26 AM | Comments (1)
All your Dutch RFID e-passports ....
Dutch e-passports which store information in an encrypted RFID have been reportedly cracked by the Dutch Security Firm Riscure. The data transmission was intercepted between the e-passport and the reader and the passcode was cracked, presumably by some bruteforce method, to access the stored contents of the e-passport. These contents were listed as digital fingerprint, digital photograph, other encrypted data (whats in there?) and plain text data, presumably whats printed on the passport and then some.
Fortunatly the US will be issuing e-passports starting this October using the same ISO 14443 spec and encryption scheme that was adopted as the world standard for these sorts of things.
The spec read distance on ISO 14443 passive chips is only 2mm, but claims for greater read distances are out there.
I suggest the new tin foil passport wallet ;)
More at The Register and Engadget General e-passport discussion at Security Info Watch and Vastly Important Blog
Posted by seans at 11:24 AM | Comments (0)
February 02, 2006
u've got chlamydia
The NHS is contemplating informing patients via SMS of their chlamydia test results. The article states that this would be a cheaper, faster, and "more acceptable" alternative to communicate information. Yikes.
Posted by lrw at 09:08 PM | Comments (0)
Speaking of Pigeons...
An article from L magazine (vol IV issue 01, Jan 18-31 06) looks at artists' reactions to surveillance. A project involving pigeons, RFID chips and the CCTV cameras in Rotterdam:
"With Urban Eyes Marchus Kirsch and Jussi Angesleva...have enlisted pigeons as their conspiratorial message carriers. Kirsch and Angesleva feed pigeons seeds containing RFID tags that communicate with a city's CCTV cameras; as the birds fly near a CCTV camera, a photograph is recorded and sent to a distinct URL. Here's an incarnation of the messenger pigeon - photographing the city from above, alerting us to invisible eyes. The best part? The project is eco-friendly; digested devices are shat out like so many stones some 12 hours later."
More on the project and a scenario video here: http://angesleva.iki.fi/projects/urban_eyes/main.html
Urban Eyes blog: http://project-urbaneyes.blogspot.com/
Posted by angela at 03:49 PM | Comments (0)
Pigeons to blog on air pollution
A flock of pigeons fitted with mobile phone backpacks is to be used to monitor air pollution, New Scientist magazine reported on Wednesday.
The 20 pigeons will be released into the skies over San Jose, California, in August.
Each bird will carry a GPS satellite tracking receiver, air pollution sensors and a basic mobile phone.
Text messages on air quality will be beamed back in real time to a special pigeon "blog", a journal accessible on the internet.
Miniature cameras slung around the pigeons' necks will also post aerial pictures.
The idea is the brainchild of researcher Beatriz da Costa, of the University of California at Irvine, and two of her students.
They have built a prototype of the pigeons' equipment, containing a mobile phone circuit board with Sim card and communication chips, a GPS receiver, and sensors capable of detecting carbon monoxide and nitrogen dioxide.
"We are combining an air pollution sensor with a home-made cellphone," da Costa told New Scientist.
The team is planning to squeeze all the components onto a single board small enough for the birds to carry in a backpack, New Scientist said.
The pigeons will take to the air at the inter-Society for Electronic Arts' annual symposium in San Jose on August 5.
The data they send back will be displayed on the blog in the form of an interactive map.
Posted by lrw at 10:40 AM | Comments (0)
February 01, 2006
Testament: Do we really want to be tagged?
I've been thinking about this a lot after seeing our Monday class guest presenting at Dorkbot last month. I have very mixed feelings about this hype, which I will save for Monday. In the meanwhile you might want to check Rushkoff's new comic book called Testament. He has his own perspective on this RFID issue where in the not so far future all citizens will be tagged and the rebels will actually be the ones pulling the RFIDs out of their wrists.
The comic book's narrative is playing back-and-forth between the near-futuristic plot and biblical stories. In the first issue one of the main characters, one of the scientists behind the RFID tags technology is fighting the dilemma of having to tag his son with an RFID. The plot is refering to the story of the 'Aqedah' - god's test of Abraham's willingness to sacrifice his only child.
check out a PDF sample, especially the last page.
Posted by mushon at 11:39 PM | Comments (0)
Microsoft Amends Its Policy for Shutting Down Blogs
"Microsoft unveiled new company guidelines yesterday intended to spell out how it will deal with government censorship demands, in China and anywhere it does business, and limit the impact of its compliance."
This NY Times article deals specifically with censorship in regard to Chinese blogger, Zhao Jing, whose popular blog was shut down five weeks ago, at the Chinese government's request.
Posted by ajs510 at 06:22 AM | Comments (0)
Anti-hacker Bill in UK
Part V of the Police and Justice Bill before the House of Commons seeks to outlaw "computer misuse."
Section 33
Increased penalty etc for offence of unauthorised access to computer material
Section 34
Unauthorised acts with intent to impair operation of computer, etc
Section 35
Making, supplying or obtaining articles for use in computer misuse offences
Posted by t.ozawa at 03:44 AM | Comments (0)
EFF sues ATT over wiretap
Apparently, EFF filed suit Tuesday against ATT for cooperating with the NSA.
In the lawsuit, EFF alleges that AT&T, in addition to allowing the NSA direct access to the phone and Internet communications passing over its network, has given the government unfettered access to its over 312 terabyte "Hawkeye" database, detailing nearly every telephone communication on AT&T's domestic network since 2001, according to the complaint.
Posted by t.ozawa at 03:30 AM | Comments (0)