Archive for Google Privacy

Episodes 114 and 115 – February 27, 2010

Posted in Conference Coverage, Court Cases, criminal forensics, darkweb, ediscovery, Podcast, Show Notes, Vulnerabilities with tags , , , , on February 28, 2010 by Habeas Hard Drive

The CyberJungle episode 115 features an interview with Simon Bransfield-Garth, CEO of CellCrypt on the growing potential for cell phone eavesdropping; also, an interview with information activist John Young, whose website was shut down on orders from Microsoft attorneys after he posted a document the company considers proprietary.Bransfield-Garth’s interview starts approximately 21 minutes into the podcast.  Young’s interview can be found approximately 53 minutes into the podcast.

We have posted a separate, unedited version of the Simon Bransfield-Garth interview, as our “su root” edition this week. The su root interview is always longer and more technically sophisticated than the podcast versions, which have been edited for radio. This su root offering is labeled episode 114.

Click Here to Listen to Episode 115. Shownotes below.

The Chuck Norris attack… so named because of references to the action film star in the code…. It’s targeting the D-Link router.

Wyndham Hotels Breached for the third time – And the Wyndam Privacy and Security Policy indicates privacy and security might not be a top priority… also reveals the large number of brand name hospitality establishments owned by Wyndam.

Inventory documents from the Department of Homeland Security show that 985 computers were lost by the Immigration and Customs Enforcement (ICE) and Customs and Border Protection (CBP) in fiscal 2008. In addition the departments lost hundreds of night vision scopes, computer switchers worth $92,000 apiece, and an international harvester truck. All of this loss was considered by the feds to be within acceptable loss limits.

Eric Schmidt, privacy hypocrite: We’re ordering a T-shirt for Google CEO Eric Schmidt, who famously proclaimed in a recent CNBC interview that “if you have something you don’t want anyone to know, maybe you should be doing it in the first place.” Schmidt apparently had his employees take down a blog from Google Blogspot, in which his mistress made numerous references to him. So fortunate that he runs the company where his privacy was breached. His new motto will be “Privacy for me, but not for thee.” Thanks to Valley Wag for this delicious morsel.

Just in case you’ve been living under a rock, parents of high school students in Lower Merion School District are suing after the district activated the cameras in school-issued laptops and spied on the kids while they were at home. The lawsuit slaps the district with violations of all of the following laws:

Electronic Communications Privacy Act, The Computer Fraud Abuse Act, the Stored Communications Act, a section of the Civil Rights Act, the Fourth Amendment of the U.S. Constitution, the Pennsylvania Wiretapping and Electronic Surveillance Act and Pennsylvania common law.

Not so fast, says Orin Kerr, law professor at George Washington University, and regular contributor to the Volokh Conspiracy. Kerr’s analysis shows how specific these laws are, and how tough it is to prosecute violations of federal computer protection laws. The only real case against the school district, says Kerr, is a Fourth Amendment case.

Episodes 108 and 109 – February 6, 2010

Posted in Breach, Conference Coverage, Court Cases, criminal forensics, darkweb, Show Notes, Vulnerabilities with tags , , , , , on February 6, 2010 by Habeas Hard Drive

Show notes from Episode 108

Episode 108 is the su root edition. Interview with Gretchen Hellman of Vormetric, expert in HIPAA and encryption.  Gretchen discusses the 2009 “son of HIPAA” passed by congress, called “HIPAA high tech,” and a Connecticut HIPAA lawsuit against Health Net, involving the loss of thousands of unencrypted records. Read about the lawsuit here.

Shownotes from Episode 109

Google approaches the National Security Agency for help in securing its networks.  National Security Agency says yes.  Neither is commenting publicly.  NSA will perform a range of tasks for Google that are widely available from private information security companies.  Is Google getting IT Security on the taxpayer dime? What’s Google offering the NSA in return? ?  Is there more to Chinese Google attack than we’ve been told? Read the Washington Post report.

Speaking of China…  they’ll get around to everyone sooner or later.  This week it was the Iowa Gaming and Racing Commission.  The Desmoines Register describes the attack, which exposed personal information belonging to 80,000 current and former casino employees, jockeys, horse and greyhound owners, and more.  Desmoines Register reports.

Major patch Tuesday for Microsoft.  This batch will include patches for 26 holes in multiple versions of Windows.

News from Black Hat D.C. A researcher points out holes in Cisco’s wiretapping architecture.

Biggest threats to databases come not from SQL injections, but from poor account management.

Law Enforcement is pushing for ISPs and other service provides to develop a web interface to make it easier and faster for police investigators seeking customer records.  cnet’s Declan McCullough  is on top of it.