[SecurityRatty] tag: ties

Links for 2008-10-07 [del.icio.us]

Tue, 07 Oct 2008 20:00:00 +0000

Eye-Fi Adds Upgrade Track at Yearly Fee

Mon, 22 Sep 2008 18:07:12 +0000

The Wi-Fi sharing digital memory card Eye-Fi adds another option for its product line: If you've purchased or plan to purchase an Eye-Fi, starting 5-Oct-2008, you can upgrade the model of card you purchased by paying a yearly subscription fee. This provides more of a try-and-see mode for Eye-Fi's slightly more expensive offerings.

Eye-Fi divided its Wi-Fi SD card line-up into three parts earlier in the year: Home, which transfers to a computer ($80); Share, which uploads to a computer and to Eye-Fi's servers, which relay them to gallery, print, and social services ($100); and Explore, which ties in Wi-Fi positioning and one year of a Wayport hotspot subscription for uploads ($130). I wrote a long review of the Eye-Fi Explore on 12-Aug-2008.

If you bought a Home, you can upgrade to the Share service for $10 per year, and if you bought either a Home or Share, you can add geotagging for $15 per year and hotspot access for $15 per year. It's a smart move, since original Eye-Fi card buyers already had a firmware upgrade that converted their card into a Share model; they'll now be able upgrade to the full featureset. This is something I thought the company was offering at launch months ago, and I speculated it would be easy to add.

Eye-Fi also added two new photo sharing services: Apple's MobileMe and AdoramaPix. I cannot think of any other firm that Apple has partnered with to allow direct MobileMe uploads, although this may be technically less a big deal than it sounds. But I believe it's unique--only the iPhone and iPhoto software can transfers images into MobileMe's galleries; I'll need to investigate further. It's a good feather in Eye-Fi's cap.

Finally, Eye-Fi says they'll release tweaked firmware on 5-Oct as well that will double the speed of photo transfers from their cards to a computer on the local network.

Wee-Fi: Indian Terror over Wi-Fi; Fastest Wireless; Health Fears; Wi-Fi Tub; and More

Mon, 15 Sep 2008 06:03:26 +0000

Another terror message sent via open Wi-Fi in India: Credit for terrorist blasts in Delhi was sent by email minutes before the attack took place using a Wi-Fi network owned by a retired engineer's wife. Though articles keep saying the network was "hacked," the Telegraph also notes that the network was "unsecured."

Italian free space optics test hits 1.2 terabits per second (in Italian, Google translation): Researchers in Pisa, Italy, along with colleagues from two Japanese institutions, crossed 1.2 Tbps in a test. Free space optics typically uses infrared lasers, and can work over a distance of kilometers.

More Canadian Wi-Fi health fears: This time in an island in Montréal. One of the concerned citizens: "This is something that is really under the radar. People do not know that long-term health hazards are associated with wireless technology." They don't know that because all verifiable, repeatable, well-conducted, academic tests so far indicate that there's no such health hazard associated with EMF. The concerned folks are raising an alarm about Wi-Fi being broadcast island wide, but are not paying attention, obviously, to the AM/FM radio, satellite radio, cellular, cordless, and thousand other wireless uses that are bombarding them right now, often at far higher signal levels.

Wi-Fi in a tub: I'm not going to say anything more.

QuickerTek adds antenna to 300 mW ExpressCard for MacBook Pro: Users of Apple's higher-end laptops can drop $200 to get a 300 mW Draft N (802.11n) ExpressCard and 5 dBi external antenna with a mounting clip. That's a lot of power, and it's important to recall that have a louder signal doesn't mean that distant base stations can necessarily hear you better. Draft N devices typically pair better listening (receive sensitivity) with higher transmission power, however.

Mac product ties location settings to Wi-Fi position: Centrix has updated its $29 Mac OS X location preferences program NetworkLocation to take advantage of Skyhook Wireless's Wi-Fi positioning data. You can now tie the package of settings that control what email account you use, iChat status, programs launched, disks mounted, and other factors, to where you're currently at.

595 immigrants arrested at electronics plant

Tue, 26 Aug 2008 20:00:00 +0000

Special agents with U.S. Immigration and Customs Enforcement (ICE) have arrested approximately 595 people suspected of being illegal aliens in the U.S., some with alleged ties to identity theft, at an electronics manufacturing plant in Laurel, Mississippi.

MI5 on Terrorist Profiling

Fri, 22 Aug 2008 02:18:30 +0000

There's no profile:

MI5 has concluded that there is no easy way to identify those who become involved in terrorism in Britain, according to a classified internal research document on radicalisation seen by the Guardian.

[...]

The main findings include:

• The majority are British nationals and the remainder, with a few exceptions, are here legally. Around half were born in the UK, with others migrating here later in life. Some of these fled traumatic experiences and oppressive regimes and claimed UK asylum, but more came to Britain to study or for family or economic reasons and became radicalised many years after arriving.

• Far from being religious zealots, a large number of those involved in terrorism do not practise their faith regularly. Many lack religious literacy and could actually be regarded as religious novices. Very few have been brought up in strongly religious households, and there is a higher than average proportion of converts. Some are involved in drug-taking, drinking alcohol and visiting prostitutes. MI5 says there is evidence that a well-established religious identity actually protects against violent radicalisation.

• The "mad and bad" theory to explain why people turn to terrorism does not stand up, with no more evidence of mental illness or pathological personality traits found among British terrorists than is found in the general population.

• British-based terrorists are as ethnically diverse as the UK Muslim population, with individuals from Pakistani, Middle Eastern and Caucasian backgrounds. MI5 says assumptions cannot be made about suspects based on skin colour, ethnic heritage or nationality.

• Most UK terrorists are male, but women also play an important role. Sometimes they are aware of their husbands', brothers' or sons' activities, but do not object or try to stop them.

• While the majority are in their early to mid-20s when they become radicalised, a small but not insignificant minority first become involved in violent extremism at over the age of 30.

• Far from being lone individuals with no ties, the majority of those over 30 have steady relationships, and most have children. MI5 says this challenges the idea that terrorists are young men driven by sexual frustration and lured to "martyrdom" by the promise of beautiful virgins waiting for them in paradise. It is wrong to assume that someone with a wife and children is less likely to commit acts of terrorism.

• Those involved in British terrorism are not unintelligent or gullible, and nor are they more likely to be well-educated; their educational achievement ranges from total lack of qualifications to degree-level education. However, they are almost all employed in low-grade jobs.

Metro Round-Up: Cablevision Update; Springfield (Mich.)

Fri, 01 Aug 2008 10:49:43 +0000

Cablevision says it's already spent $20m towards its plan to build out Wi-Fi across its operating territory: The cable firm has $300m budgeted to put Wi-Fi in place for its higher-tier subscribers at no cost across Long Islands and parts of New Jersey and Connecticut, as well as New York City and Westchester County. Cablevision thinks their network will be good enough to replace cell phones across their coverage, which ties in with the quadruple play many cable operators are aiming for: data, voice, video, and mobile.

Springfield, Mich., puts in its first antennas for a city-wide network: The network is being built with a $750,000 grant from a state development corporation to extend access and improve the business climate. Access will cost $10 per month for residents after an initial free period while the service powers up.

How personal information wound up at the side of the road is a mystery

Thu, 10 Jul 2008 06:50:31 +0000

Technorati Tag: Security Breach

Date Reported:
7/10/08

Organization:
Liberty Furniture*

*"a North Carolina based company with Mid-South ties to Cromcraft - a furniture warehouse in Tate County", Mississippi. According to the report, Liberty Furniture may have gone out of business more than 20 years ago.

Contractor/Consultant/Branch:
Unknown

Victims:
Former employees

Number Affected:
"hundreds, maybe even thousands of people"

Types of Data:
Personal information including W-2 forms and tax forms containing names, addresses, and Social Security numbers

Breach Description:
"Eyewitness News Everywhere Uncovers the personal information of hundreds, maybe even thousands of people - dumped along a Mid-South road."

Reference URL:
Eyewitness News Everywhere

Report Credit:
Kevin Holmes, Eyewitness News Everywhere

Response:
From the online source cited above:

Eyewitness News Everywhere Uncovers the personal information of hundreds, maybe even thousands of people - dumped along a Mid-South road.
[Evan] For those readers who may be unsure where this "Mid-South" is located, in this case it is Mississippi.

We even found W-2 forms, tax forms with people's names, addresses and social security numbers.

Investigators in Tate County are trying to figure out how the papers got there.

Larry Davis made the discovery.

He says he was driving into town when he came across thousands of forms.

"That's just uncalled for...you are entrusting these people with a lot of information that could ruin you very quickly, but yet they treat it like it's trash," said Davis.
[Evan] I think most people share Mr. Davis' feelings. It is puzzling. What was the person who dumped the information on the side of the road thinking, supposing the the person was thinking and supposing the information was dumped and not lost (i.e. fell off a truck).

Financial records, shipping order forms, and W-2's of former employees

"Stupidity on the person that threw it out on the road. The people who disposed of these, there should be some legal action against them, but to me that's mismanagement," said Davis.
[Evan] Again, I think many people share the same feelings as Mr. Davis.

Many of the records are from Liberty Furniture, a North Carolina based company with Mid-South ties to Cromcraft - a furniture warehouse in Tate County

"There all from North Carolina, how did they get here? This is Mississippi. We got some strong wind, but they ain't that strong," says Davis.

Even Cromcraft employees were shocked when we brought this to their attention.

Most of the W-2's are from the late 1970's and early 80's.
[Evan] Wow! These W-2's are 20-30+ years old?!

we're told Liberty Furniture went out of business more than twenty years ago.

Larry Davis' daughter Susan Herron said, "This could be someone's grandparents on fixed income, now their social security number is floating around somewhere and it's awful, people need to be more careful."

Eyewitness News Everywhere caught up with one of the former employees whose personal information was exposed.

"My initial feeling was a very sinking, horrified, scared, feeling....You feel vulnerable and hope your social security number hasn't fallen into the wrong hands. So I have to be diligent in checking my credit report," said the employee.
[Evan] It is interesting to read how a person feels when they learn that their personal information has been compromised. I feel bad for these people. This employee doesn't need to feel "horrified and scared", but he/she does nonetheless, and it's all due to negligence. This is just one reason why information security is so personal to me.

Other former Liberty Furniture employees tell Eyewitness News Everywhere they will be doing the same thing - checking their credit report.

Eyewitness News Everywhere will keep those forms in a secure place until we hand them over to the proper authorities.

Commentary:
There is a lot of mystery surrounding this breach. How did the information get there? Why was the information still kept? Who was in possession of the information before it was found on the side of the road? Why wasn't the information already destroyed if the company who was responsible for it is no longer in business?

Past Breaches:
Unknown

ACLU files lawsuit to challenge surveillance law

Wed, 09 Jul 2008 20:00:00 +0000

The American Civil Liberties Union (ACLU) and several other groups have filed a lawsuit in an effort to strike down a new law allowing the U.S. government to intercept the phone calls and e-mail messages of people with suspected ties to terrorism.

Will Idiocy Ever End?

Wed, 25 Jun 2008 02:15:00 +0000

So, I just came back from FIRST2008 and a typical conference discussion over beer has turned - again! - to academic security research.

I lamented and ranted and rambled about it (here, here, here), but I am still shocked. I come from academic background myself and it is unthinkable to me that a research physicist today will write a thesis on 2nd Law of Newton or will set to prove that objects tend to fall down while dropped. Or that they, in fact, "fall up."

However, that is the type of stuff I see in academic security papers that I occasionally get to review. Based on our FIRST conversation, other people who happen to retain ties to academia are reporting the same: research work that confuses "phishing" with "fast flux networks" (thanks Jose), inventing a new intrusion detection "paradigm, " and all sorts of other bizarre crap continues to be cooked and submitted to publications.

When will this end? Why can't you people tackle REAL problems? Or at least useful and hard classic problems? Or, at the very least, learn WTF is going on the real world of operational security before you do ANYTHING? The maybe you stop saying things like "in general, IDS is considered to be a security tool" as if it was some kind of Zen wisdom (a quote from a pathetic excuse for a paper that I reviewed recently...)

Japan and France agree to closer ties on cybercrime

Wed, 11 Jun 2008 20:00:00 +0000

Japanese and French government ministers agreed on Thursday to work more closely on cybercrime.