What does the government know about you?

It seems that one of the most paranoid suppositions regarding government control of regular citizens is partly true. Wired reports that they managed to procure declassified documents that show that FBI uses a data-mining system to track down terrorists, but to do this they also gather information about regular citizens going about their lives.

Among the data in the system are travel records, financial forms by banks, hotel and rental-car company records, credit card transactions, telephone records, etc., coming from well known enterprises like Sears, Avis and the Cendant Hotel chain.

And yes, it is true that the system that is maintained by the National Security Branch Analysis Center has been used (successfully) in criminal investigations – to locate suspected terrorists, provide proof of credit scams and similar undertakings.

But the thing that bothers most interested parties is that the system can be used against innocent people. As every technology has the potential to be used for good AND for bad purposes, many privacy groups fear its misuse – particularly since at this time there is no oversight by the Congress or the public. The fact that the NSAC starts to resemble the Total Information Awareness project that the Pentagon tried to create in the wake of the 9/11 attacks raises an additional red flag in their minds.

Source:
http://www.net-security.org/secworld.php?id=8184

Posted in Privacy | No Comments

Phishing scam steals your Twitter password

A phishing scam is circulating on Twitter that aims to steal users’ log-in credentials and then forward scam messages to all their friends in the hope of tricking them too.

The scam begins with a direct message — one sent directly between two Twitter users — that reads “ROFL this you on here?” and appears to link to a video site. When the victim clicks on the link, however, they are sent to a fake Twitter page and asked to log in. The scammers use that log-in information to automatically message the victim’s contacts with the same direct message.

The phishing activity was reported earlier Wednesday on the Mashable blog, which says it received “multiple reports” of the scam.

Source:
http://news.techworld.com/security/3202563/phishing-scam-steals-your-twitter-password/?olo=rss

Posted in Internet, Privacy, Security | No Comments

Critical iTunes flaw exposes Mac, Windows to hacker attacks

Apple has shipped iTunes 9.0.1 to fix a critical security hole that puts Mac and Windows users at risk of computer takeover attacks. The vulnerability could be used by hackers to launch code execution attacks via booby-trapped “.pls” files, Apple warned in an advisory.

Source:
http://blogs.zdnet.com/security/?p=4379

Posted in Internet, Security, Software | No Comments

A Stick Figure Guide to the Advanced Encryption Standard (AES)

Here is another awesome blog post from Jeff Moser over at Moserware.  It’s literally a stick figure guide to AES.  A must-read.  Even if you don’t quite understand it.

http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html

Posted in Coding, General BS, Privacy, Security | No Comments

LogMeIn can control some PCs, even when off

During a recent talk with LogMeIn CEO Michael Simon, I learned about the company’s new LogMeIn Central dashboard for IT managers, designed to help them keep tabs on thousands of computers at a time.

I also heard about the new version of virtual network service Hamachi, which makes it a competitor to standard (and expensive) virtual private-networking products in the enterprise.

We chuckled a bit about the version of LogMeIn that’s embedded in the dashboard of some Ford F150 pickup trucks, so their owners can remotely control their office PCs. And I heard about a LogMeIn technology, just now reaching the market, that enables not just remote diagnostics of computers but also access to data on the hard drives of PCs that are turned completely off. Gulp.

That last technology, part of Intel’s VPro system architecture, has just started to ship in a few new PCs. It’s designed for corporate networks so that support personnel can get into a machine–to run a backup, for example–regardless of whether it’s running Windows, has crashed into a blue screen, or has been shut down. As long as the PC is plugged into the wall and to an Ethernet connection, the computer, even though in an off state, will continue to draw a small amount of power (about 4 watts) while it monitors the network for control packets.

The technology is getting built into motherboards using the Q45 support chipset. Only a few corporate desktops use this technology, in particular HP’s DC 7900 and Lenovo’s ThinkCentre M58 lines.

Simon told me that the technology does not provide a wide-open backdoor. There are security protocols. The user has to agree to use the technology, and like all LogMeIn remote-control products, remote access isn’t possible unless the computer’s owner agrees to it. And in many ways, it is similar to current remote-access products that rely on “Wake-on-LAN” packets to power up a PC so it can then be controlled remotely. The difference here is of degree.

Source:
http://news.cnet.com/8301-19882_3-10356977-250.html?part=rss&subj=news&tag=2547-1_3-0-20

Posted in Hardware, Internet, Networking, Privacy, Security | No Comments