Category Archives: Privacy

Disturbing Stats About Facebook Users & Security

Posted on by
14

There’s a screenshot that’s been sitting on my desktop for a rather long time now, and it’s as scary as it is interesting.

Facebook recently conducted a poll which showed up on the homepage newsfeed, and asked Facebook members just how exactly did they think Facebook’s “friend finder” worked when it prompted them for their email address & password in order to get a list of contacts. The numbers pretty much speak for themselves, here’s what they looked like near the end of the campaign:

Facebook Poll

Now ignore the dark blue bar: it’s a red herring and doesn’t contain any interesting info. The real juicy bit is the “Yes” option, and its 20% response.

Continue reading

Possible Severe Gmail Security Vulnerability (Updated)

Posted on by
14

Gmail may have a serious security vulnerability that can result in the leaking of sensitive private information randomly to people you don’t know, haven’t contacted, and have nothing to do with.

It would seem that between the way Gmail saves and retrieves sessions, existing sessions are authenticated, and views are cached there are one or more loopholes that allow data from a different account (that has nothing to do with yours) to be served instead of the correct data.

I don’t know why, but here’s the how:

  • Firefox 3 opened to Gmail on Ubuntu.
  • Session accidentally reset with ctrl+alt+bkspc
  • Upon reboot & restarting of Firefox, Firefox requested the URIs that were previously open before the crash, partially loading data from local cache and the rest dynamically from the web (because of the AJAX portions of the Gmail interface).

Continue reading

Mapping Computer Techniques to the Real World

Posted on by
3

As a recent Times article describes, shopping plazas are now using cell-phone tracking technology to map shoppers’ activities and movement patterns. The "Path Intelligence" hardware used to track the movements works like this:

  • A cell-phone-wielding shopper enters the shopping plaza.
  • Path Intelligence monitors mounted throughout the plaza detect that a new mobile phone is in the vicinity and log its IMEI code.
  • As the shopper moves around the mall, his or her movements are continuously triangulated by the multiple Path Intelligence units, allowing movements to be mapped and saved for later analysis.

The good news: it’s totally private, there isn’t any (automated) way to map a particular record in the Path Intelligence logs to an actual person. The resulting logs can be analyzed for shopping patterns (where people go after visiting a certain store, peak hours of traffic, most popular regions, etc.) later on, providing valuable intelligence and allowing for improvements.

Continue reading

Family Misunderstands Open Source, Panics, & Sues the Wrong Person…

Posted on by
1

Open source is supposed to be a way of simplifying licensing issues and sharing your software/music/video/other content with the masses — freely and magnanimously. Problem is, what happens when something open source is found to be a (possible) violation of some else’s rights? What happens to its derivatives? Do they just pack up shop and find something else, or are they legally responsible for their actions? In what seems poised to become a landmark case on this issue, we’re about to find out.

A Texan family is now suing Virgin Mobile for using a photo of their daughter, Alison Chang, in an ad campaign – the catch is, it was released by the photographer on Flickr under the Creative Commons Attribution license, and that’s where Virgin Mobile got the photo from. The problem is, the girl featured in the photo had no idea her photo was being used – or that it was released under the Creative Commons license.

As the case currently stands, the Changs are suing consumers of open source works and not the original party responsible for the release of the work as an open source material without a proper media consent form.

Continue reading

Does Net-non-Neutrality Already Exist?

Posted on by
5

Net-Neutrality is without a doubt the biggest techno-political debate of the year. The entire issue has spun out of control since mid-2006, and here on the eve of 2007 it has yet to be resolved. The only question is, has net-neutrality already been destroyed and hacked-to-pieces to a greater extent than anyone thought already existed?

Earlier today, Slashdot featured a story on EarthLink’s “random” dropping of email messages. We just concluded a test of our own, and we find the results may not be as random as they seem. In fact, the results point directly to a big spider of sorts, sitting in the middle of all the tubes and picking what goes through and what doesn’t.

According to EarthLink themselves, “EarthLink’s mail system has been so overloaded that some users have been missing up to 90 percent of their incoming e-mail.” But what they don’t mention is, it isn’t random. As a matter of fact, our tests lead us to believe that EarthLink is indeed prioritizing not only message delivery time but also whether the messages ever get there or not.

Continue reading

National Online “Meth-Makers” Registry

Posted on by
2

According to an MSNBC article published earlier today, many States are considering the creation of another type of Online Offenders Registry – one for anyone involved in the “cooking” or dealing of methamphetamine. Online Offenders Registries in the United States were previously restricted to sex offenders, namely, rapists and pedophiles. The question is, “What’s the point, and why just meth?”

Tennessee, the first to implement such a system in March of 2005, has the highest rate of meth abuse. Jennifer Johnson of the PR Dept. at the Tennessee’s regional version of the FBI makes a case for an internet registry that lists meth – and meth only – makers:

“Unlike other drugs where it is really [only] harmful to you and your family, meth is hazardous to all around you. […] That’s why we don’t foresee a heroin or cocaine registry.”

Continue reading

Zune, Microsoft, & DRM: What’s all the Fuss About?

Posted on by
29

Someone help us out here. Since when does a bit of news about ‘crippled’ wi-fi activity and slightly-restricted file-sharing on a device make us lose all self-respect and denounce the product as hopeless?

Are we the only ones that how that every single MP3/Audio player to date has been successfully stripped of its firmware, souped-up, then published as a how-to on the web? But all that is besides the point: there is no evidence right now that indicates the need for anything as drastic.

Continue reading

An Argument for Full Disclosure

Posted on by
4

NeoSmart Technologies is a big proponent of Full Disclosure when dealing with security vulnerabilities. Many coders and general online denizens think that’s not a very nice thing to do – that it creates more harm than it helps; but if you look at the alternatives it becomes obvious that not only is Full Disclosure not an extreme view/course of action but rather the only real middle ground there is for dealing with 0-day flaws.

When a person, group, or company discovers a security flaw in a product or service, they have a range of means to communicate this flaw to the outside world. On one side of the scale, most companies explicitly ask that such discoveries be treated with the utmost confidence and not spoken of until they have released a patch. Then you have Full Disclosure wherein the finders reveal any and all associated information, exploits, fixes, and workarounds. At the the very other end are the self-beneficiaries that attempt to sell or else use the exploits for their own self-aggrandizement.

Continue reading

The Law of the Jungle

Posted on by
Reply

Copyright rules don’t apply online. Well, technically speaking, they apply just the same as anywhere else, but the way the internet is ‘organized’ and how information and content is not limited to a particular location or country has raised a lot of issues on international copyright violations and have more than their share of lawsuits. That’s not what this article is about though, we’re not lawyers, and nothing we say here will make any immediate difference. This is about the one thing you can do that will make it almost impossible for anyone to take any action against you, no matter what it is you did or who they are.

It’s the law of the jungle. It’s a wild beast that has been thus far never been truly stopped, and you can use it for your own advantage. It’s called fair use, and it’s near impossible to truly define. Simply put, if you see something online and you want to use it in an article or presentation or project, all you have to do is cite your sources, follow that up with a link, and you’re good to go.

Continue reading

The Other Great Firewall

Posted on by
12

Everyone’s heard of The Great Firewall of China and it’s international eyebrow-raising responses from the internet community. China’s Firewall has come into the spotlight with criticism from all around the world. But China isn’t the only one, and it isn’t even necessarily the biggest — it’s just the one people talk about most. There is one Firewall in particular that is close to and may even surpass the Great Firewall of China when it comes to complete and utter control of information. Which country? Saudi Arabia of course.

Everyone agrees the internet is full of both the good and the bad, and that you can’t necessarily have one without the other. The only real question is, whose to decide what’s right and what’s not? Who can say whether a country is right or wrong to decide what’s good for its people; what they can or cannot access, and where they get their information from. Generally speaking, every man or woman should decide for themselves; but some countries have made the decisions for their citizens and that’s the world we live in.

Continue reading

Pages: 1 2 3