Facebook storing your information

By mstie74 at 11:18 pm on February 26, 2008 | 5 Comments

While this may not be breaking news, it turns out that Facebook has taken just one more step in not respecting their user’s privacy. 

According to a semi-recent article in the New York Times, Facebook retains user profile information even after the user has requested deletion so that “a user can reactivate at any time and their information will be available again just as they left it”.

(Read on …)

Filed under: Current Events,Ethics,Policy,Privacy5 Comments »

RIAA investigators unaware of IP spoofing or BGP hijacking?

By gbc3 at 4:45 pm on | 1 Comment

Slashdot reports that an assistant professor of Delft University Technology in the Netherlands calls a recent investigation by the RIAA, “Borderline Incompetent”. A recent investigation by the RIAA was accusing the defendants of distributing copyright material over Kazaa. In the investigation, in order to obtain the IP address of the distributor, they used techniques that have not been tested or accepted in the scientific community, and that there has been no such degree of checking rate of error. (Read on …)

Filed under: Current Events1 Comment »

Wii hacked using buffer overflow

By Karl Koscher at 5:43 pm on February 25, 2008 | 5 Comments

Slashdot is reporting that a lot of Wii homebrew code is being developed and released now. Apparently, a bug was found in The Legend of Zelda: Twilight Princess that allows you to smash the stack by overflowing the horse name buffer. Creating a modified saved game allows you to inject this malicious name. I was under the impression that the Wii cryptographically signed saved games to prevent bugs like these from being exploited, but it appears that people have either figured out how to sign saved games, or bypass the signature check, if one exists at all.

Filed under: Miscellaneous5 Comments »

Pakistan ISPs, Routing, and YouTube

By Tadayoshi Kohno at 3:03 pm on Comments Off on Pakistan ISPs, Routing, and YouTube

Here’s a link to the article I mentioned today in class, which is related to the material that we covered on Friday: http://blog.washingtonpost.com/securityfix/2008/02/pakistan_censorship_order_take.html (from The Washington Post).

Here’s a quote from the article:

So, what happened? From everything I’ve read and heard, the YouTube situation appears to have been due to an innocent — if inept — mix-up, which allowed Pakistan’s ISPs to effectively announce to the world that its Internet addresses were the authoritative home of YouTube.com, and for about an hour or so, most of the rest of the world’s ISPs incorporated those updated directions as gospel.

Filed under: Current EventsComments Off on Pakistan ISPs, Routing, and YouTube

DVD Jon’s DoubleTwist

By nekret at 2:16 am on | 3 Comments

Jon Johansen (known for his work in defeating CSS in DVDs) has recently released an application known as DoubleTwist. DoubleTwist is designed to defeat Apple’s FairPlay DRM by playing the track’s in fast forward and capturing the analog signal as it leaves the sound card. In addition to stripping the DRM from songs, it allows users, through a Facebook application, to share songs with their friends.

(Read on …)

Filed under: Current Events3 Comments »

Google to Store Patient Health Data

By Trip Volpe at 11:53 pm on February 24, 2008 | 7 Comments

News article here, covered on Slashdot here.

Google, with the cooperation of the Cleveland Clinic, is beginning a project to record medical history and other health-related data for patients. The stated goal is to provide patients with a way to access and manage their own health data, as well as to work towards a “more efficient and effective national health care system.”

While a common database of this information could indeed be useful for patients and healthcare providers, it raises some privacy and security issues. (Read on …)

Filed under: Current Events,Ethics,Privacy7 Comments »

ISP caching issue exposes Gmail data

By harsh at 11:35 pm on | 3 Comments

Last week, when a Kuwait-based Gmail user tried logging in, he was denied access to his own account, and instead was granted access to over 30 accounts that did not belong to him. He was able to peek into other people’s private information and personal emails, including one that contained “keycodes for some embassy gate”. This incident that occurred during the last weekend was fixed on the following Wednesday.

A Google spokesman who confirmed the issue said that the problem occurred due to a caching issue experienced by the ISP in that region. However, another user in Sri Lanka reported a similar issue with his Gmail account.

The same user who faced problems with his Gmail account wrote to CNN that he had no problems with his other accounts such as Hotmail. Though Google confirmed that the issue was caused by the ISP, I think it is also Google’s responsibility to enforce security measures which will prevent such minor issues outside itself from compromising its users’ accounts.

Fortunately, in this case, the issue was not widespread. If it were, one can only imagine how much damage it can potentially cause.




Filed under: Current Events3 Comments »

Security Review: Coin-Operated Laundromats

By zaxim at 11:27 pm on | 6 Comments

They’re out there…Some of us use them everyday…Especially college students living away from home…We can’t avoid them, unless we want to be stinky…

Yes I’m talking about coin-operated laundries…

Coin-operated washing facilities provide an interesting security problem, since the users only maintain a single asset, their clothes. The owners and operators of the facility are at most risk since they have to protect against people stealing money or gaining free use.

(Read on …)

Filed under: Miscellaneous,Physical Security,Security Reviews6 Comments »

Collaborative Security Review: Wave2Go

By Chad at 9:57 pm on | 2 Comments

This security review is intentionally left incomplete. It is simply a topic that I think would be interesting for us as a group to explore. If you can add to the discussion, please do, even if it’s simply to propose an idea, or to shoot one down.

Washington State Ferries have been using the Wave2Go system for over a year now. The old system required passengers to remain in a holding area after they had bought their tickets from one of three booths. Many patients would wait to buy their tickets just before the ferry would board, causing long lines right before departure and occasionally delaying ferries.

Wave2Go allows clients to buy tickets from multiple kiosks in addition to the three ticket booths. Alternatively, you can purchase tickets ahead of time online and then print them out. (Read on …)

Filed under: Physical Security,Security Reviews2 Comments »

U.S. Intelligence wants to monitor WoW chat

By sky at 9:46 pm on | 2 Comments

Called The Reynard project, it is a series of plans for the U.S. Intelligence to monitor more internet traffic, most notably, data mining from several major MMORPGs, including WoW. The goal being to eventually create a system that can “automatically detecting suspicious behavior and actions in the virtual world.” Games often have things like bombs and assassinations in them, and it seems like the potential for a very high false positive rate is there. It kinda makes me wonder if custom UIs will have an option to use some sort of encryption with their in-game chat for those who are really bothered by big brother being over their shoulder.




Filed under: Current Events,Policy,Privacy2 Comments »
Next Page »