More evidence that RIM can let governments monitor BlackBerrys
Updated: 2010-08-30 19:03:30
India reviewing plan to enable BlackBerry Monitoring.
The Fear Tax
Updated: 2010-08-20 22:30:56An essay on the cost of ineffective overreaction to threats.Facebook Introduces “Places” location services
Updated: 2010-08-20 17:11:26There has been a lot of excitement in the privacy community around the introduction of a social location service by Facebook. Having blown the dust off my test account, I don’t really understand all the fuss. It appears that this capability only applies to mobile devices right now (although I have blogged in the past [...]The Cat and Mouse Game of Cryptography
Updated: 2010-08-19 21:52:45MD5 is a hashing algorithm created in 1991 and still used by many applications for certain features. But MD5 is no longer recommended for many cases due to weaknesses discovered in the last few years, opening up some scary possibilities. At the end of this year, NIST standards for cryptography used by the federal government [...]PDF Signature Vulnerability Found (Kind of)
Updated: 2010-08-17 21:20:52According to an article published last week, it is apparently possible to construct a signed PDF that can have its underlying data changed such that the signature is still valid, but the presentation of the data is changed. It’s a neat trick, but there are a few things that mitigate the risk inherent in the [...]Breach in the trust of the global public key infrastructure
Updated: 2010-08-16 21:38:21In a recent post on Privacy Digest, and an article in the NYTimes, there is a discussion of some major and well known vulnerabilities in the global public key infrastructure (PKI) and some examples of exploitations of that vulnerability. The issue is with the proliferation of certificate authorities on the Internet, and the low level [...]Hack Exploits Google Street View to Find Victims – The New New Internet
Updated: 2010-08-12 22:00:43Hack Exploits Google Street View to Find Victims – The New New Internet This very short article describes a really simple attack that enables someone to discover your physical location with a very high degree of reliability and accuracy. It involves using JavaScript to access the MAC address of your WiFi wireless access point (base [...]Eric Schmidt against Anonymity
Updated: 2010-08-11 19:21:48In this interview with Eric Schmidt, CEO of Google, comes out very strongly against anonymity starting at about 5:10 in the video. His argument is that: "If you are trying to commit a terrible evil crime it is not obvious that you should be able to do so with complete anonymity." The problem is that absolute [...]Bare Metal Versus Hosted Hypervisor Security
Updated: 2010-08-10 01:22:41by George Wilson, IBM Linux Technology Center I was recently reading through the NIST “Draft Guide to Security for Full Virtualization Technologies” (SP 800-125 draft) [http://csrc.nist.gov/publications/drafts/800-125/Draft-SP800-125.pdf]. It discusses various considerations relating to hypervisor security. One section that particularly struck me was the comparison of bare metal vs hosted hypervisors. These are also known as Type [...]Security of BlackBerry in question
Updated: 2010-08-09 17:48:38There has been a lot of media coverage of the threats of Saudi Arabia and the UAE to shut down BlackBerry connectivity in their countries unless RIM (the maker of BlackBerry) introduces a back door so they can monitor communications. I have been following this story closely, but wanted to wait until I had all [...]Browser ‘Privacy Modes’ Not So Private After All – PCWorld
Updated: 2010-08-09 17:24:14Browser ‘Privacy Modes’ Not So Private After All – PCWorld This article does a good job of discussing why the built in “privacy mode” built in to most browsers is less effective that you might have thought or wished.Google president opposes anonymity.
Updated: 2010-08-06 21:00:48In an interesting CNET article Google CEO Schmidt talks about how new technologies are going to impact society. One of his comments really struck me. Schmidt said that the only way to handle the new technologies is “much greater transparency and no anonymity.” I have not seen the arguments and evidence behind such a bold [...]Add Social Engineering to Your Company’s Security Awareness Training Or Get Pwned at Defcon
Updated: 2010-08-03 17:36:52This past week at Defcon the social engineering capture the flag competition was hotter and more controversial than ever. Contestants were given their target company two weeks in advance for research purposes. During the actual competition contestants called employees at the target companies to gain sensitive information. The overall result: A big fat [...]