UW Computer Security Research and Course Blog

Summary:Home automation systems in general attempt to enable home owners to have a “smart” house. Instead of light switches you have integrated panels that control everything from your lights, to your shades, to your entertainment system, climate control, alarm system, motorized locks, etc. Some specific examples of such systems like those offered by Control4 use wireless communications between the panels and devices they control. Some also have integration with cell phone applications. One of the selling points for these systems is that they improve security.

(Read on …)

From The Guardian, and on Slashdot.

Police in the United Kingdom may soon be be able to collect DNA samples from children if they exhibit behaviors that suggest they may commit crimes later in life, at least if Scotland Yard forensics director Gary Pugh has his way.

Pugh cites the importance of identifying future offenders, saying that “the number of unsolved crimes says we are not sampling enough of the right people.” Advocates of such programs, including the Institute for Public Policy Research, claim that most career criminals begin their lives of crime as early as 10 to 13 years old, and suggest that children from 5 to 12 years old should be profiled and sampled if they exhibit certain “risk factors.”

Even these advocates acknowledge that such treatment could have a “stigmatising” effect, but they do not seem to have any problem with gross violations of privacy in the name of improving public safety.  One concern that is not directly addressed in the article is the possibility that the negative attention such sampling and registration involves might even place more obstacles to a child’s chances of leading a normal life, perhaps even increasing the likelihood that they would turn to crime; a self-fulfilling prophecy, in other words.

Of course, an even greater issue that is sidestepped by the focus on children is the question of whether preemptive DNA sampling of any individual, adult or child, should be tolerated in any free society. Whether such programs are effective in reducing crime is not the only issue - the cost to individual liberty must also be considered. In my opinion, at least, personal freedom must always outweigh public safety, but I’m interested in hearing other ideas.

Summary

Car GPS navigation systems are handy tool for finding one’s way on the road. With features like local points of interest, address book and SD card backup it would not be surprising if becomes a common everyday item soon. Here is a review for a GPS navigation system similar to the Magellan Maestro 4200:

(Read on …)

I’ve seen a few people on this blog cover various aspects of cellphone security, including the new iphone 3rd party support and GPS tracking, however I haven’t seen anything covering the most basic of cellphone features, voice communication. It seems to me there are just as many, if not more, security implications that arise by the simple act of eavesdropping or account spoofing as there are in the more modern functions of cell phones. (Read on …)

No need to go to great lengths to try to spoof finger print scanners on USB sticks. You can just tell the device that the data is public. Researches discovered this vulnerability in models from 9pay and A-Data fingerprint USB data sticks. The vulnerability lies in a fundamental design flaw: the signal to access the data comes from the PC, and is not computed on board the chip. This means all one has to do is send the correct signal and the stick happily discloses the data. This can be done with a very simple command from an opensource utility. The manufacturers commented admitting they were aware of the vulnerability, but that it was difficult enough that most people wouldn’t figure it out. A fine example of attempted security through obscurity.

(Read on …)

Today the House of Representatives voted on a bill that would amend the FISA Act of 1978, which deals with government wiretapping. The amendments would deny amnesty to telecommunication industries for complying with illegal warrant less wiretaps by the Bush administration but allow those companies to use government classified information in their defense to prove that they did comply with the law (if they indeed did). (Read on …)

A security vulnerability in loginwindow.app on Mac OS X was reported to bugtraq this week. The vulnerability is that the user password is still resident in memory after the system authenticates the user. (Read on …)

While this may not be breaking news, it turns out that Facebook has taken just one more step in not respecting their user’s privacy. 

According to a semi-recent article in the New York Times, Facebook retains user profile information even after the user has requested deletion so that “a user can reactivate at any time and their information will be available again just as they left it”.

(Read on …)

News article here, covered on Slashdot here.

Google, with the cooperation of the Cleveland Clinic, is beginning a project to record medical history and other health-related data for patients. The stated goal is to provide patients with a way to access and manage their own health data, as well as to work towards a “more efficient and effective national health care system.”

While a common database of this information could indeed be useful for patients and healthcare providers, it raises some privacy and security issues. (Read on …)

Called The Reynard project, it is a series of plans for the U.S. Intelligence to monitor more internet traffic, most notably, data mining from several major MMORPGs, including WoW. The goal being to eventually create a system that can “automatically detecting suspicious behavior and actions in the virtual world.” Games often have things like bombs and assassinations in them, and it seems like the potential for a very high false positive rate is there. It kinda makes me wonder if custom UIs will have an option to use some sort of encryption with their in-game chat for those who are really bothered by big brother being over their shoulder.

Source:

http://blog.wired.com/27bstroke6/2008/02/nations-spies-w.html

http://www.joystiq.com/2008/02/23/wired-national-intelligence-seeking-terrorists-in-wow/