Category Archives: Security

The Most Secure Way to Communicate? An iPod Touch | WIRED

This isn’t a bad idea, actually. Most of the day I’m covered by WiFi which should allow me to use Facetime or Skype to talk to anyone I need to talk to. Email and text is also possible. For the paranoid and just careful this could be the answer.

You don’t actually need fancy, dedicated hardware to communicate securely.

Source: The Most Secure Way to Communicate? An iPod Touch | WIRED

Edward Snowden statue installed by artists in Brooklyn removed by park officials

I fully understand the park officials removing an unsanctioned piece of art but……

The NYPD says its intelligence division is investigating the statue and will be searching for DNA or other clues that may bring up a suspect. It’s not clear what charges are possible, NBC continues to report.

via Edward Snowden statue installed by artists in Brooklyn removed by park officials | syracuse.com.

Why go to this expense to prosecute the artists responsible?

Clemency for Snowden?

The New York Times and The Guardian are both calling for clemency for Edward Snowden from the Obama administration citing the abuses he has uncovered. This is good news but I’m doubting it will do much good. Most of the popular media is content to continue rolling out stories blaming Snowden for the economic damage various tech companies are suffering due to the company’s own decisions to be complicit with the NSA in making it easy to spy on their customers.

Honestly? I believe that the upcoming mini-series “The Asset” that ABC is producing is being used as propaganda to further damage Snowden’s reputation, to associate Snowden with Ames. So while a couple of major media outlets are calling for clemency for Snowden it seems like all others are finding ways to paint Snowden in the worst light.

The New York Times editorial can be found here.

The Guardian editorial can be found here.

 And The Atlantic chimes in.

It Should Come As No Surprise

I open up Google News this morning and I’m greeted by this headline:

NSA taps in to user data of Facebook, Apple, Google and others, secret files reveal
•Top secret PRISM program claims direct access to servers of firms including Google, Facebook and Apple
•Companies deny any knowledge of program in operation since 2007

via NSA taps in to user data of Facebook, Apple, Google and others, secret files reveal | World news | The Guardian.

This news actually broke a couple of days ago but it was limited to one cell phone carrier giving up all of its transactional metadata on its customers. Since then we’ve found out that it isn’t just cell phone information but also everything digital in our lives.

It isn’t like we really didn’t know this was happening, how could we not know with the theme of so many of the story lines running through pop culture pointing directly to Big Brother and his surveillence abilities. This can’t be a surprise but it is confirmation of our fears of a reality we didn’t want to admit to.

So where do we go with this knowledge? For one thing we need to acknowledge that there does need to be intelligence gathering efforts by our Department of Defense and some of the details of those efforts do need to remain secret. However, with secrecy comes a limit to the oversight so what remains secret needs to be kept to a minimum. And, see, that’s what I don’t think people in government grasp. For instance, we have this from James Clapper:

Director of National Intelligence James Clapper, in an unusual late-night statement Thursday, denounced the leaks of highly classified documents that revealed the programs and warned that America’s security will suffer. He called the disclosure of a program that targets foreigners’ Internet use “reprehensible,” and said the leak of another program that lets the government collect Americans’ phone records would affect how America’s enemies behave and make it harder to understand their intentions.

“The unauthorized disclosure of a top secret U.S. court document threatens potentially long-lasting and irreversible harm to our ability to identify and respond to the many threats facing our nation,” Clapper said of the phone-tracking program.

via US declassifies phone program details after uproar : News : FOX21News.com.

See, I don’t think he fully understands that one of the threats facing our nation comes from our own government. The more stuff the government does behind our back the more stuff we start imagining them doing behind our back when stories like this come to light. We lose trust in the government when we learn that they have secretly been doing things that might step over the line of what we authorized them to do in our constitution. You don’t subject us to unreasonable seach and siezures without probable cause and this snooping appears to have been an unreasonable search without probable cause.

I am somewhat encouraged, though, that maybe those in charge do have some understanding of my concerns. Mr. Clapper has declassified the two programs that were leaked:

At the same time, he offered new information about both programs, saying he wanted to correct the “misleading impression” created by out-of-context news articles even as he acknowledged that publicly discussing the programs comes with inherent security risks.

“I believe it is important for the American people to understand the limits of this targeted counterterrorism program and the principles that govern its use,” Clapper said.

The problem is that if you keep it secret we are going to imagine the worse when the secret becomes public knowledge, and it will become public knowledge. Someone will leak it. You just need to understand that those leaking the information are probably more hero than villain.

Sobig Virus Variant

A variation of the Windows Sobig virus hammered my e-mail yesterday. Time after time I was interrupted from working on my computer by NAV alerting me to another e-mail being received infected with this bug. I quit counting after eighteen. Folks, anti-virus software is a necessity if you are running a Windows OS.

Bogus e-mail from Paypal

I just got an email that looked all the world like it came from Paypal asking me to fill out a form supplied in the email and give my username, password, credit card #, expiration date, and PIN. This was an HTML formatted letter so all I had to do was fill out the form and press submit and all that information would have gone to where the submit button told it to go.

This seemed like an awfully insecure way of handling this data to me so I tore into the letter to see how the form behaved and where it wanted to send my information. It ends up wanting to send it to www.client-support.biz/paypal/pp.php. I fired up my web browser and went to see where this place was. It redirected me to the official Paypal website. I went to look up who owned this “client-support.biz” domain and it belongs to a “thomas liebich” in Vienna, Austria.

What this little nasty e-mail would have done, had I filled out the form with the information it asked and clicked on the submit button, is send all my information to the client-support.biz website and then immediately redirected me to the Paypal website with the proper login information and I’d have never been any the wiser. What do you want to bet that no one ate Paypal has ever made any business arrangements with “Mr. Liebich” to do anything like this?

I thought this was interesting and just thought I’d pass the information on to y’all. It’s never a good idea to fill out any of these forms that you receive in e-mail. Think real hard about the information you are submitting anywhere and consider if you really trust where this informtion will end up. Most things out there are harmless, not all though. This was one of the things that could have really bitten me.