Recently in Exploits and Security Category

Note: While I hope this woman gets her due process and justice, I find it appalling that we're constantly facing abuses to our Constitutional rights.

Snagged via: http://www.foxnews.com/scitech/2012/01/24/judge-reportedly-orders-colorado-woman-to-decrypt-laptop/?test=latestnews

A judge has reportedly ordered a Colorado woman to decrypt her laptop computer so prosecutors may use the files against her in a criminal case involving alleged bank fraud.

The defendant, Ramona Fricosu, had unsuccessfully argued that being forced to do so would violate the Fifth Amendment protection against compelled self-incrimination, Wired reports.

"I conclude that the Fifth Amendment is not implicated by requiring production of the unencrypted contents of the Toshiba Satellite M305 laptop computer," Colorado U.S. District Judge Robert Blackburn ruled Monday.

The case is being closely watched by civil rights groups, Wired reports, as the issue has never been fully considered by the Supreme Court. Authorities seized the laptop from Fricosu in 2010 with a court warrant while investigating financial fraud.

Blackburn ordered Fricosu to surrender an unencrypted hard drive by Feb. 21. The judge added that the government is precluded "from using Ms. Fricosu's act of production of the unencrypted hard drive against her in any prosecution," Wired reports.




Enhanced by Zemanta
Cyberwar


Nothing has ever changed the world as quickly as the Internet.

Less than a decade ago, "60 Minutes" went to the Pentagon to do a story on something called information warfare, or cyberwar as some people called it. It involved using computers and the Internet as weapons.

Much of it was still theory, but we were told that before too long it might be possible for a hacker with a computer to disable critical infrastructure in a major city and disrupt essential services, steal millions of dollars from banks all over the world, infiltrate defense systems, extort millions from public companies, and even sabotage our weapons systems.

Today it's not only possible, all of that has actually happened. And there's a lot more we don't even know about.

It's why President Obama has made cyberwar defense a top national priority and why some people are already saying that the next big war is less likely to begin with a bang than with a blackout.

"Can you imagine your life without electric power?" Ret. Adm. Mike McConnell asked "60 Minutes" correspondent Steve Kroft...



Microsoft confirms the existence of a bug in Windows Server 2008, Windows Vista and release candidates of Windows 7 that could be used to hijack PCs. While users await a patch, there are a few steps they can take to protect themselves.

Hours after its latest Patch Tuesday release, Microsoft confirmed the presence of a serious zero-day bug in Windows Vista, Windows Server 2008 and release candidates of Windows 7. 

The vulnerability, which lies in Windows' SMB (Server Message Block) 2, is due to the SMB implementation improperly parsing SMB negotiation requests. As of yesterday, Microsoft reported the flaw had not been the subject of attacks, but that could change as exploit code has been publicly available since Monday.

"An attacker who successfully exploited this vulnerability could take complete control of an affected system," Microsoft's advisory said. "Most attempts to exploit this vulnerability will cause an affected system to stop responding and restart."

While Microsoft officials said the company is working on a patch, they offered no timeline as to when it would be available. While users wait, the company recommends they disable SMB 2 via the Windows Registry Editor or block TCP ports 139 and 445 at the firewall. Both those workarounds, however, come with drawbacks. A mistake in the Registry Editor could force a user to reinstall Windows, while blocking ports 139 and 445 could stop applications from working.

The issue first came to light Monday when a researcher claimed he used it to trigger the infamous "Blue Screen of Death" on Windows Vista and Windows 7. Other researchers subsequently used the bug to crash other versions of Windows. After a day of investigation, Microsoft announced late Tuesday that the flaw was real, and reported it could not only cause a denial-of-service condition but could also be used to take over a system.

According to Microsoft, the Windows 7 RTM (release to manufacturing), Windows 2000, XP and Windows Server 2008 R2 are not affected by this vulnerability.

In addition to the latest zero-day, Microsoft has promised to fix a flaw in the file transfer protocol (FTP) service utilized by Internet Information Services (IIS). The flaw has come under attack by hackers, and Windows users are advised to leverage the information on workarounds and mitigations provided by Microsoft.


Note: While I agree that we must protect ourselves from Cyber-espionage and Cyber-warfare, having full access to the US Internet "plug" is not warranted. How about we just take our military systems offline? Do they really need to be connected to the world-wide-web?
---

Internet companies and civil liberties groups were alarmed this spring when a U.S. Senate bill proposed handing the White House the power to disconnect private-sector computers from the Internet.

They're not much happier about a revised version that aides to Sen. Jay Rockefeller, a West Virginia Democrat, have spent months drafting behind closed doors. CNET News has obtained a copy of the 55-page draft of S.773 (excerpt), which still appears to permit the president to seize temporary control of private-sector networks during a so-called cybersecurity emergency.

The new version would allow the president to "declare a cybersecurity emergency" relating to "non-governmental" computer networks and do what's necessary to respond to the threat. Other sections of the proposal include a federal certification program for "cybersecurity professionals," and a requirement that certain computer systems and networks in the private sector be managed by people who have been awarded that license.

"I think the redraft, while improved, remains troubling due to its vagueness," said Larry Clinton, president of the Internet Security Alliance, which counts representatives of Verizon, Verisign, Nortel, and Carnegie Mellon University on its board. "It is unclear what authority Sen. Rockefeller thinks is necessary over the private sector. Unless this is clarified, we cannot properly analyze, let alone support the bill."

Representatives of other large Internet and telecommunications companies expressed concerns about the bill in a teleconference with Rockefeller's aides this week, but were not immediately available for interviews on Thursday.

A spokesman for Rockefeller also declined to comment on the record Thursday, saying that many people were unavailable because of the summer recess. A Senate source familiar with the bill compared the president's power to take control of portions of the Internet to what President Bush did when grounding all aircraft on Sept. 11, 2001. The source said that one primary concern was the electrical grid, and what would happen if it were attacked from a broadband connection.

When Rockefeller, the chairman of the Senate Commerce committee, and Olympia Snowe (R-Maine) introduced the original bill in April, they claimed it was vital to protect national cybersecurity. "We must protect our critical infrastructure at all costs--from our water to our electricity, to banking, traffic lights and electronic health records," Rockefeller said.

The Rockefeller proposal plays out against a broader concern in Washington, D.C., about the government's role in cybersecurity. In May, President Obama acknowledged that the government is "not as prepared" as it should be to respond to disruptions and announced that a new cybersecurity coordinator position would be created inside the White House staff. Three months later, that post remains empty, one top cybersecurity aide has quit, and some wags have begun to wonder why a government that receives failing marks on cybersecurity should be trusted to instruct the private sector what to do.

Rockefeller's revised legislation seeks to reshuffle the way the federal government addresses the topic. It requires a "cybersecurity workforce plan" from every federal agency, a "dashboard" pilot project, measurements of hiring effectiveness, and the implementation of a "comprehensive national cybersecurity strategy" in six months--even though its mandatory legal review will take a year to complete.

The privacy implications of sweeping changes implemented before the legal review is finished worry Lee Tien, a senior staff attorney with the Electronic Frontier Foundation in San Francisco. "As soon as you're saying that the federal government is going to be exercising this kind of power over private networks, it's going to be a really big issue," he says.

Probably the most controversial language begins in Section 201, which permits the president to "direct the national response to the cyber threat" if necessary for "the national defense and security." The White House is supposed to engage in "periodic mapping" of private networks deemed to be critical, and those companies "shall share" requested information with the federal government. ("Cyber" is defined as anything having to do with the Internet, telecommunications, computers, or computer networks.)

"The language has changed but it doesn't contain any real additional limits," EFF's Tien says. "It simply switches the more direct and obvious language they had originally to the more ambiguous (version)...The designation of what is a critical infrastructure system or network as far as I can tell has no specific process. There's no provision for any administrative process or review. That's where the problems seem to start. And then you have the amorphous powers that go along with it."

Translation: If your company is deemed "critical," a new set of regulations kick in involving who you can hire, what information you must disclose, and when the government would exercise control over your computers or network.

The Internet Security Alliance's Clinton adds that his group is "supportive of increased federal involvement to enhance cyber security, but we believe that the wrong approach, as embodied in this bill as introduced, will be counterproductive both from an national economic and national secuity perspective."

Update at 3:14 p.m. PDT: I just talked to Jena Longo, deputy communications director for the Senate Commerce committee, on the phone. She sent me e-mail with this statement:

The president of the United States has always had the constitutional authority, and duty, to protect the American people and direct the national response to any emergency that threatens the security and safety of the United States. The Rockefeller-Snowe Cybersecurity bill makes it clear that the president's authority includes securing our national cyber infrastructure from attack. The section of the bill that addresses this issue, applies specifically to the national response to a severe attack or natural disaster. This particular legislative language is based on longstanding statutory authorities for wartime use of communications networks. To be very clear, the Rockefeller-Snowe bill will not empower a "government shutdown or takeover of the Internet" and any suggestion otherwise is misleading and false. The purpose of this language is to clarify how the president directs the public-private response to a crisis, secure our economy and safeguard our financial networks, protect the American people, their privacy and civil liberties, and coordinate the government's response.

Unfortunately, I'm still waiting for an on-the-record answer to these four questions that I asked her colleague on Wednesday. I'll let you know if and when I get a response.


How serious are you about your company's information security?  You will get very serious quickly when your company is audited by a third party.  These aren't third party vendors either, we're talking about the pending alliance will be profitable for your organization, get us through this audit...type of third party audit.

Playing these situations to your fullest abilities will not only increase the profitability of your business, it will also result in a tightened down security posture for your company.  I know, audits tend to cause headaches, neck pain as well as stress and the related "burn out" syndrome. But, I say expand your horizons, take a look at the big picture.  How close are you to the ISO standards?  What are those little pet projects that are curtailed by cultural issues which require C-level buy-in?  This may be the straw that increases security in your environment.  You may even get your pet project going again after frustrating funding delays.

I seem to be going through my fair share of these lately and have a few pieces of advice for those facing this same reality.

  1. Stay calm and be prepared to the best of your ability.
  2. Provide the auditor with a hard and soft copy of your IT Security policy, hopefully one based on Internationally agreed standards.
  3. Use post-it flags to mark answers in the policy to any questions provided in advance. Saving the auditor time is a good thing.
  4. Make sure your policies include the approval date and revision histories for each section of policy.
  5. Set up a clean "routine" image workstation for the auditor to verify at their leisure.
  6. Have copies of your Security Awareness Training materials ready.
  7. Give heads up to the collateral departments which will need to provide requested documentation.  Like HR for background checks and Physical Security for access logs. 
  8. Practice accessing your logs from any SEIM or logging device.  Double check logging enabled settings on all critical servers.
  9. Allow the examiner to work in a secured environment away from prying eyes and curious onlookers.
  10. Re-evaluate and study your questionnaire answers from the previous phases of the audit.
  11. Showing your professionalism and your dedication to security will undoubtedly assist in obtaining the vital business alliances required in our global economy.

 Let me know some of your audit survival skills and secrets and I'll update this page with your ideas.

Microsoft on Tuesday released nine patches, five of them critical, to plug holes in Windows and other software products.

The nine patches actually relate to 19 separate vulnerabilities in Windows, the .Net Framework, Microsoft Office, Microsoft Visual Studio, Microsoft ISA Server, Microsoft BizTalk Server, and Remote Desktop Client for Mac.

Among the issues addressed is one that Microsoft warned about last month--a vulnerability related to the Office Web Components that help users put spreadsheets, charts, and other documents onto the Web. At the time, Microsoft said it was already seeing attacks based on the flaw, which affects Office XP, Office 2003, Internet Security and Acceleration Server 2004 and 2006, as well as Office Small Business Accounting 2006.

More information on that issue and the others addressed with this month's patches is available in a bulletin on Microsoft's Web site.

As is its practice, Microsoft said last week that the patches were coming.

Symantec senior research manager Ben Greenbaum noted that many of the vulnerabilites this month related to so-called ActiveX controls and added that many of the holes could be exploited just by getting a user to visit a Web page that has malicious code.

"All of the ActiveX issues patched this month could be easily exploited and can impact even the average computer user," Greenbaum said in an e-mail. "For example, any user who has Microsoft Office on their machine could be vulnerable to the Microsoft Office Web Components vulnerabilities. Similarly, every user with Windows XP SP3 or Vista could also be susceptible to one of the Remote Desktop Connection issues."

Actually, not all versions of Office are affected, as the Web components issue does not affect the latest version--Office 2007. For a list of Office programs affected, see this security bulletin.

In any case, McAfee and Lumension both noted that it continues to be a long, hard summer for IT professionals who have had to deal with a large number of regular patches and some unscheduled ones as well from Microsoft and others.

"There's no break from patching this summer," McAfee Avert Labs' Dave Marcus said in a statement. "Microsoft is playing catchup with these patches as cybercriminals have already used some of the serious vulnerabilities to commandeer vulnerable Windows computers."

Lumension analyst Paul Henry said there had been some fear that the patches would go further, addressing some kernel-level issues. But even still, he said the latest crop of patches will bring their fair share of headaches.

"After a summer of heavier-than-normal Patch Tuesdays, the last thing IT workers need is yet another large batch of patches from Microsoft," Henry said in a statement. "Unfortunately, that is exactly what we got today as Microsoft released a total of nine security updates, five of which are critical and seven of which require disruptive restarts."

John Hering and Kevin Mahaffey of Flexilis demonstrate an SMS attack targeting a Windows Mobile phone.

(Credit: Elinor Mills/CNET News)

LAS VEGAS--In one of a handful of SMS-related presentations here at the Black Hat security show, researchers demonstrated on Thursday how they can force certain types of smartphones to visit a malicious URL or install an app without user approval.

The vulnerability only affects phones that have been misconfigured by the original equipment manufacturer so that they accept any message sent through WAP Push (Wireless Application Protocol), a service that runs on top of SMS, said researcher John Hering.

WAP Push messages should only be accepted when sent by a trusted party such as the mobile operator, said Hering, chief executive of Flexilis, which provides software for protecting mobile phones from attack.

The vulnerability spans all Windows Mobile devices including HTC, Motorola, and Samsung, but not all of any one make or model of phone is found to be vulnerable, only random ones, he said.

Phone owners can test their phone to determine if they are affected by the issue. Hering and Kevin Mahaffey, Chief Technology Officer at Flexilis, are releasing a free tool that can be used to test whether a mobile phone is vulnerable, and if so fix the issue.

The researchers said they had not yet determined whether the iPhone or other devices were vulnerable. They said they have notified carriers, or Microsoft, and fixes are being worked on.

The attack works on GSM networks, the men said, adding that they had not yet tested it on CDMA networks.

The researchers built this device for testing for the vulnerability on multiple phones at once.

(Credit: Elinor Mills/CNET News)

The researchers have developed free, open-source software called "Fuzzit," which is designed to test the security of mobile devices and is geared towards mobile manufacturers, operators, and software developers. It will be released shortly. They also built a device that allows for the testing of multiple phones on different platforms at once for internal research and development.

Their session was just one of a handful that dealt with vulnerabilities on mobile phones and SMS, in particular.

In a presentation earlier in the day, Zane Lackey of ISEC Partners and independent researcher Luis Miras demonstrated how an attacker could spoof an MMS (multimedia messaging service) type of SMS message that appears to be sent from a trusted source and trick the recipient into visiting a malicious Web site.

Also on Thursday, Charlie Miller of Independent Security Evaluators and independent researcher Collin Mulliner demonstrated another type of attack in which they can take complete control over an iPhone merely by sending special SMS messages. They proved the attack the night before with a denial of service attack on my non-jailbroken iPhone, which runs OS 3.0.

Since SMS is available on so many devices and is always on--as long as the phone is turned on--it makes for an attractive target for attackers, according to researchers.


SEOUL, South Korea -- A wave of cyberattacks aimed at 27 American and South Korean government agencies and commercial Web sites temporarily jammed more than a third of them over the past five days, and several sites in South Korea came under renewed attack on Thursday.


The latest bout of attacks, which affected service on one government and six commercial Web sites in South Korea, was relatively minor, and all but one of the sites was fully functional within two hours, an official from the state-run Korea Communications Commission told The Associated Press.

Officials and computer experts in the United States said Wednesday that the attacks, which began over the July 4th weekend, were unsophisticated and on a relatively small scale, and that their origins had not been determined. They said 50,000 to 65,000 computers had been commandeered by hackers and ordered to flood specific Web sites with access requests, causing them to slow or stall. Such robotic networks, or botnets, can involve more than a million computers.

The Web sites of the Treasury Department, Secret Service, Federal Trade Commission and Transportation Department were all affected at some point over the weekend and into this week, The Associated Press reported Tuesday, citing American officials.

A White House spokesman, Nick Shapiro, said in a statement on Wednesday that "all federal Web sites were back up and running" by Tuesday night and that the White House site had also been attacked.

He said, "The preventative measures in place to deal with frequent attempts to disrupt whitehouse.gov's service performed as planned, keeping the site stable and available to the general public, although visitors from regions in Asia may have been affected."

The Web site of the New York Stock Exchange also came under attack, as well as the sites of Nasdaq, Yahoo's finance section and The Washington Post.

Researchers who are following the attacks said that they began July 4 and focused on the small group of United States government Web sites, but that the list later expanded to include commercial sites in the United States and then commercial and government sites in South Korea. Files stored on computers that are part of the attacking system show that 27 Web sites are now targets.

In South Korea, at least 11 major sites have slowed or crashed since Tuesday, including those of the presidential Blue House, the Defense Ministry, the National Assembly, Shinhan Bank, the mass-circulation newspaper Chosun Ilbo and the top Internet portal Naver.com, according to the government's Korea Information Security Agency.

On Wednesday, some of the South Korean sites regained service, but others remained unstable or inaccessible.

"This is not a simple attack by an individual hacker, but appears to be thoroughly planned and executed by a specific organization or on a state level," the South Korean spy agency, the National Intelligence Service, said in a statement, adding that it was cooperating with the American authorities to investigate the attacks.

The spy agency said the attacks appeared to have been carried out by a hostile group or government, and the news agency Yonhap reported that the agency had implicated North Korea or pro-North Korean groups.

A spokesman at the intelligence agency said it could not confirm the Yonhap report about North Korea's possible role. The opposition Democratic Party accused the spy agency of spreading rumors to whip up support for an antiterrorism bill that would give it more power.

Although most of the North Korean military's hardware is decrepit, the South Korean authorities have recently expressed concern over possible cyberattacks from the North. In May, South Korean media reported that North Korea was running a cyberwarfare unit that operated through the Chinese Internet network and tried to hack into American and South Korean military networks. United States computer security researchers who have examined the attacking software and watched network traffic played down the sophistication and extent of the attacks.

"I would call this a garden-variety attack," said Jose Nazario, manager of security research at Arbor Networks, a network security firm that is based in Chelmsford, Mass. He said that the attackers were generating about 23 megabits of data a second, not enough to cause major disruptions of the Internet at most of the sites that were being attacked.

"The code is really pretty elementary in many respects," he added. "I'm doubting that the author is a computer science graduate student."

As for possible origins, there were only hints. One researcher, Joe Stewart, of Secureworks' Counter Threat Unit in Atlanta, said the attacking software contained the text string "get/China/DNS," with DNS referring to China's Internet routing system. He said that it appeared that the data generated by the attacking program was based on a Korean-language browser.

Amy Kudwa, a Department of Homeland Security spokeswoman, said that the agency was aware of the attacks and that it had issued a notice to federal departments and agencies, as well as to other partner organizations, advising them of steps to take to help mitigate attacks.

FBI Transaction Warning

| No Comments
Note: Should I really submit this information? BAHHAHAH!

I received this as an email at work today.
------------
FEDERAL BUREAU OF INVESTIGATION
ANTI-TERRORIST AND MONETARY CRIMES DIVISION
FBI HEADQUARTERS IN WASHINGTON, D.C.
J. EDGAR HOOVER BUILDING935
PENNSYLVANIA AVENUE,
NW WASHINGTON, D.C. 20535-0001

NOTIFICATION! NOTIFICATION!! NOTIFICATION!!!

This is an official advice from the FEDERAL BUREAU OF INVESTIGATION (FBI). It has come to our notice that some certain individuals have used your name as the beneficiary of funds worth Millions of United States Dollars from abroad. These individuals with their collaborating banks knowing fully well that they do not have enough facilities to effect this payment from any part of the world to your account, used what we know as a Secret Diplomatic Transit Payment (S.T.D.P) as well as the ATM card system to pay this fund which has not been completed till this day.

Direct transfers are difficult and Secret Diplomatic Transit Payment (S.T.D.P) are not made unless the funds are related to terrorist activities and we ask why must your payment be made in secret transfer if your transaction is legitimate.We do not want you to get into trouble as soon as these funds reflect in your account, so it is our duty as an International Commission to correct these little problems before this fund is credited into your personal account.

However, due to the increased difficulty and security by the American authorities when funds come from outside of America and Europe. The F.B.I Bank Commission for Europe has stopped your transfer. We govern and oversee funds transfer for the World Bank and the rest of the world. We advice you to contact us immediately, as the funds have been stopped and are being held in our custody, until you are able to provide us with a Diplomatic Immunity Seal of Transfer (DIST) document within 3 days from the Country that authorized the transfer from where the funds was transferred from to certify that the funds that you are about to receive are terrorist/drug free or we shall have cause to impound the payment and subsequent prosecution. We shall release the funds immediately we receive this legal document and make sure that you get your payment without any further delay.

----------------------------------------------------------------------------------------------------------------
We decided to contact you directly to acquire the proper verifications and proof from you to show that you are the rightful person to receive this fund, because of the amount involved. Be informed that the funds are now with a top bank in the United State in your name and under the monitoring/custody of the FBI.
At the moment, we have asked the bank not to release the fund to anybody that comes to them, unless we instruct them to do so, this is to enable us carry out a comprehensive investigations first before releasing the fund to you. Hence, you are to forward the document to us immediately if you have it in your possession, if you do not have it, let us know so that we will direct you where to obtain the document and send to us. Thereafter, we will ask the bank holding the funds, to go ahead and credit your account immediately. FBI Identification Record and Diplomatic Immunity Seal of Transfer (DIST) often referred to as a Criminal History Record or Rap Sheet is a listing of certain information taken from fingerprint submissions retained by the FBI in connection with arrests, and in some instances, federal employment, naturalization, or military service.
This Condition Is Valid until after 30 days upon receipt of this notice, thereafter we shall take actions on canceling the payment and then charge you for illegally moving funds out of the country under the
jurisdiction of the United Nations.
GUARANTEE: Funds will be released on confirmation of the
document.

-------------------------------------------------------------------------
Final Instruction;
1. Credit payment instruction: Irrevocable credit guarantee.
2. Beneficiary has full power when validation is cleared.
3. Beneficiaries bank in U.S.A. can only release funds.
4. Upon confirmation from the World Bank / United nations.
5. Bearers must clear bank protocol and validation request.
-------------------------------------------------------------------------

NOTE: We have asked for the Diplomatic Immunity Seal of Transfer (DIST) document to ensure the most complete and up-to date records possible for the enhancement of public safety, welfare and security of society while recognizing the importance of individual privacy rights. If you fail to provide the Documents to us, we will charge you and take appropriate action against you for not proving the legality of the funds. The United States Department of Justice Order 556-73 establishes rules and regulations for the subject of an FBI Identification Record to obtain a copy of his or her own Record for review.
The FBI Criminal Justice Information Services (CJIS) division processes these requests to check illegal activities in USA and beyond. An individual may request a copy of his or her own FBI Identification Record for personal review or to challenge information on the Record. Other reasons an individual may request a copy of his or her own Identification Record may include international adoption or to satisfy a requirement to live or work in a foreign country or receive funds from another country, i.e. Diplomatic Immunity Seal of Transfer, letter of good conduct, criminal history Background, etc.) We look forward to hearing from you. Be rest assured that your individual rights will be protected, while we ensure that you receive your funds. We are sorry for what you have gone through and we want to provide justice.

Yours Sincerely
FBI Director
Robert S. Mueller, III
Note: Duh! Advertise to the entire Internet that you're going on vacation.
--

Twitter user's tweets revealed he was out of town. Did that tip off a burglar?

(Credit: Twitter)

Here's either a cautionary tale or an example of social-media paranoia. An Arizona man believes that his Twitter messages about going out of town led to a burglary at his home while he was away.

Israel Hyman posted to approximately 2,000 followers on Twitter that he and his wife were "preparing to head out of town," that they had "another 10 hours of driving ahead" and later, that they "made it to Kansas City."

When he came home, he found that someone had broken into his house and stolen thousands of dollars worth of video equipment he used for his video business, IzzyVideo.com, which he uses for his Twitter account.

"My wife thinks it could be a random thing, but I just have my suspicions," he told the Associated Press. "They didn't take any of our normal consumer electronics."

Personally, I don't think it's a good idea to advertise to the world that your home will be unoccupied for a period of time. I also don't think it's necessary to reveal too many other personal details on social media sites that could be used for identity fraud, like your birth date.

The real-time aspect to mobile uploads makes this situation even more risky and location-aware technology seems like it would be a great tool for spies of all kinds. In this excellent article in Wired, Mathew Honan records his experience being a social geoapps guinea pig.

"Did I really want to tell the world that I was out of town?" he writes. "Because the card in my camera automatically added location data to my photos, anyone who cared to look at my Flickr page could see my computers, my spendy bicycle, and my large flatscreen TV all pinpointed on an online photo map. Hell, with a few clicks you could get driving directions right to my place--and with a few more you could get black gloves and a lock pick delivered to your home."

As a test, he innocently stalked a woman taking a photo in Golden Gate Park with her iPhone 3G. He searched the Flickr map and found one of the shots the woman took and verified it was her by viewing her photo stream. He then looked at her photos on the Flickr map and saw a cluster of images in one spot. The shots were of an interior of what was likely her apartment.

"Now I know where she lives," he writes.




 Where is James King?


 

Language Translation




 

Other Links:


 Main
 Public Trail Maps
 Archives
 CMS
 About/Contact
 Twitter @BruteForce
 Facebook
 LinkedIn
 Geocaching
 View DGP stats

 

My Audio & Video:


 Flickr
 YouTube
 Pandora

 

Elsewhere:


 ATV Utah
 Our ATV Obsession
 Bogley Outdoor Community
 ATV Escape
 Trish's Cake Shop
 Dennis Udink's Site
 Army Ranger
 Alex's World
 Grizzly Guy
 Adventure World TV
 WeatherCam: UofU
 Delta Bravo Sierra Comics  
 PowerPoint Ranger Comics
 Reversaroller ATV Winch

March 2022

Sun Mon Tue Wed Thu Fri Sat
    1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30 31    

Recent Photos

About this Archive

This page is an archive of recent entries in the Exploits and Security category.

Desktop Operating Systems is the previous category.

Networking is the next category.

Find recent content on the main index or look in the archives to find all content.