Why Privacy Matters, Even If You Have Nothing To Hide
, by Daniel J. Solove
The nothing-to-hide argument pervades discussions about privacy. The data-security expert Bruce Schneier calls it the "most common retort against privacy advocates." ... To evaluate the nothing-to-hide argument, we should begin by looking at how its adherents understand privacy. Nearly every law or policy involving privacy depends upon a particular understanding of what privacy is. The way problems are conceived has a tremendous impact on the legal and policy solutions used to solve them. [more inside]
posted by the man of twists and turns
on Dec 9, 2012 -
"During his civil lawsuit against the People's Republic of China, Brian Milburn
says he never once saw one of the country's lawyers. He read no court documents from China's attorneys because they filed none. The voluminous case record at the U.S. District courthouse in Santa Ana contains a single communication from China: a curt letter to the U.S. State Department, urging that the suit be dismissed. That doesn't mean
Milburn's adversary had no contact with him." [China Mafia-Style Hack Attack Drives California Firm to Brink
posted by vidur
on Nov 28, 2012 -
What does proper authorization to access a computer system mean?
Robert Graham of Errata Security writes about the recent conviction of Andrew Auernheimer (aka weev)
for “hacking” AT&T. Two years ago, weev discovered a bug
in AT&T's website that exposed the email addresses of customers with iPads. According to weev, the flaw was reported as per responsible disclosure practices by first informing AT&T before bringing it public. However the FBI investigated and arrested him under the Computer Fraud and Abuse Act (CFAA). On 20th November 2012, he was found guilty
of identity fraud and conspiracy to access a computer without authorization.
posted by destrius
on Nov 21, 2012 -
"To aid the national security community in imagining contemporary threats, the Australian Security Research Centre (ASRC) is organising Australia’s Security Nightmares: The National Security Short Story Competition
. The competition aims to produce a set of short stories that will contribute to a better conception of possible future threats and help defence, intelligence services, emergency managers, health agencies and other public, private and non-government organisations to be better prepared." (via
posted by vidur
on Sep 12, 2012 -
A working, cross-platform Java 7 exploit is now in the wild.
It's apparently a pair of bugs
, working in tandem; neither, alone, would be enough to escape the Java sandbox, but together, any machine, be it Windows, Mac, or Linux, can be instantly and silently compromised, simply by viewing a malicious web page. Only Java 7 is vulnerable, but because of the way Oracle schedules patches, it may be unfixed until October.
You can test your machine for the flaw
; if vulnerable, you'll want to at least disable Java in your Web browser
, if not remove it altogether. On Firefox, NoScript
will provide a little protection, by not running Java code unless you click it, but the vulnerability remains.
posted by Malor
on Aug 29, 2012 -
"McPhee describes two things: how Switzerland requires military service from every able-bodied male Swiss citizen—a model later emulated and expanded by Israel—and how the Swiss military has, in effect, wired the entire country to blow in the event of foreign invasion. To keep enemy armies out, bridges will be dynamited and, whenever possible, deliberately collapsed onto other roads and bridges below; hills have been weaponized to be activated as valley-sweeping artificial landslides; mountain tunnels will be sealed from within to act as nuclear-proof air raid shelters; and much more
posted by vidur
on Jun 20, 2012 -
Revolutionary hardware backdoor discovered in China-made military-grade FPGA chips.
Claims were made by the intelligence agencies around the world, from MI5, NSA and IARPA, that silicon chips could be infected. We developed breakthrough silicon chip scanning technology to investigate these claims. We chose an American military chip that is highly secure with sophisticated encryption standard, manufactured in China. Our aim was to perform advanced code breaking and to see if there were any unexpected features on the chip. We scanned the silicon chip in an affordable time and found a previously unknown backdoor inserted by the manufacturer. This backdoor has a key, which we were able to extract. If you use this key you can disable the chip or reprogram it at will, even if locked by the user with their own key. This particular chip is prevalent in many systems from weapons, nuclear power plants to public transport. In other words, this backdoor access could be turned into an advanced Stuxnet weapon to attack potentially millions of systems. The scale and range of possible attacks has huge implications for National Security and public infrastructure.
posted by scalefree
on May 27, 2012 -
If you've ever worked with the command prompt on a Unix-based computer, you're likely familiar with SSH
(Secure SHell), which is a program and a protocol that allows you (yes, you!) to securely access a remote system. While SSH has certainly earned the "Secure" portion of its namesake over the years, it's functionality as a shell has ironically received very little attention, and has begun to show signs of age and obsolescence: SSH doesn't work very well on mobile connections, and its support for Unicode
is buggy and incomplete. A group of MIT researchers think they've found solutions to these problems, and have created Mosh
as a potential successor to SSH, which fixes many of the old protocol's annoyances and shortcomings, while retaining all of SSH's security features.
posted by schmod
on Apr 12, 2012 -
Web developer Justin Watt
was staying at the Courtyard Marriott in Times Square, New York
and using the hotel wifi to access the Internet. He noticed some strangeness on his website... and on every other website he visited
(not to mention YouTube was broken.)
posted by gen
on Apr 5, 2012 -
"A man wearing bowler hat reading a newspaper is seen leaning leisurely against a car. Another person comes from behind and starts hitting the poor man on the head with an iron bar. He does not react at all, still reads his paper. The third man appears looking puzzled. The man takes his hat of and shows it to the other two. They take the hat and examine it." Beat The Bandit, 1961
is a video (01:46) presentation of amazing security/anti-theft inventions that you'll surely feel compelled to buy.
posted by vidur
on Mar 5, 2012 -
, a company that processes credit cards for web apps, decided to play a security wargame
called Capture the Flag
where you are given a logiin and password for a server and are invited to use your hacking abilities to gain access to accounts with increasing access and authorization. People who beat the server and "capture the flag" at /home/the-flag/.password
are invited to contact the company for bragging rights and a T-shirt. Just one problem: the hacking game has been hacked
, with something called a fork bomb
. [more inside]
posted by Deathalicious
on Feb 23, 2012 -
He leaves his cellphone and laptop at home and instead brings "loaner" devices, which he erases before he leaves the US and wipes clean the minute he returns . In China, he disables Bluetooth and Wi-Fi , never lets his phone out of his sight and, in meetings, not only turns off his phone but also removes the battery , for fear his microphone could be turned on remotely. He connects to the Internet only through an encrypted, password-protected channel, and copies and pastes his password from a USB thumb drive. He never types in a password directly, because, he said, "Chinese are very good at installing key-logging software on your laptop."
- Travel precautions in the age of digital espionage.
posted by Artw
on Feb 13, 2012 -
For the past 18 months
, engineers at PayPal, Google, Facebook, Yahoo, AOL, Microsoft and nine
other technology companies have spent their off-hours (and some on-hours) working hand in hand to tackle the problem that plagues them all: e-mail phishing
. The result is DMARC
, or, "Domain-based Message Authentication, Reporting & Conformance". It's not new, but puts SPF
to work in a new way
posted by Blake
on Jan 31, 2012 -
The long strange trip
of a Singaporean Cold-War-era assault rifle into the hands of Somali pirates in the Gulf of Aden, and what it reveals about the unintended consequences of the global trade in small arms and ammunition. [slnyt]
posted by killdevil
on Jan 26, 2012 -