While this may not be breaking news, it turns out that Facebook has taken just one more step in not respecting their user’s privacy.
According to a semi-recent article in the New York Times, Facebook retains user profile information even after the user has requested deletion so that “a user can reactivate at any time and their information will be available again just as they left it”.
Called The Reynard project, it is a series of plans for the U.S. Intelligence to monitor more internet traffic, most notably, data mining from several major MMORPGs, including WoW. The goal being to eventually create a system that can “automatically detecting suspicious behavior and actions in the virtual world.” Games often have things like bombs and assassinations in them, and it seems like the potential for a very high false positive rate is there. It kinda makes me wonder if custom UIs will have an option to use some sort of encryption with their in-game chat for those who are really bothered by big brother being over their shoulder.
Source:
http://blog.wired.com/27bstroke6/2008/02/nations-spies-w.html
http://www.joystiq.com/2008/02/23/wired-national-intelligence-seeking-terrorists-in-wow/
The government has decided to continue wiretapping phones with assistance from phone companies. These companies are also pushing a bill for immunity from lawsuits for participating in the tapping. What is the line at which informational surveillance pushes too far into privacy? Should immunity be granted?
Articles:
http://yro.slashdot.org/yro/08/02/24/135225.shtml
http://www.reuters.com/article/newsOne/idUSN2229053420080224
Given all the Microsoft-bashing that takes place among Linux-users, I’m surprised that no one has posted an article (that I’ve seen, at least) that clearly has an anti-Microsoft bias. Despite the bias of the following article, it makes a valid argument that Microsoft should adopt some C-variant that is more safe with regards to buffer-overflows, which are still the “bread and butter” (according to the article) of malware-authors. The author definitely overestimates the amount of time required by a user to maintain a reasonably secure and patched system. That said, the author makes a valid point: it is the algorithm, not the language, that dictates the overall speed of an OS – hence a “safe” language would be a better choice. Unix worked fine on hardware 20+ years ago, so there is no reason Windows should not be both secure and speedy on today’s hardware. Windows/ze-bashers, indulge.
The security of our nation’s borders is a topic of great importance. The importance of border security, like most forms of security, can only be truly appreciated when it fails. Some forms of border security failure can have devastating consequences (9/11, though I don’t presume to say that border security was alone at fault for this tragedy), while other failures can have less obvious consequence, such as the draining of tax dollars to support illegal aliens receiving free health-care and education. The problem comes down to foreigners wanting to illegally enter our country for two contrasting reasons: to either benefit from a superior quality of life or to inflict damage on our nation. Defending against illegal immigration is no easy feat, as we have to consider the vast Southern border, the even bigger (though much less troublesome) Northern border, the coasts, and all international airports. Furthermore, distinguishing via identification and authentication between a foreigner who is legally residing within our borders and one that is doing so illegally is also a very hard problem. (Read on …)
Anybody who has flown on a national airline or had business in a federal, state, or county government building has certainly had the experience of waiting in the queue to be ushered through a beeping metal-detecting portal, separated from bags and other belongings which are whisked through an adjacent X-ray machine. Such devices are usually intended to secure the premises against an outside threat entering with weapons or other dangerous items. (Read on …)
In a recent article on Computerworld, it was reported that a former system administrator of Medco planted a logic bomb which was intended to cripple the company’s network. Medco deals with prescribing drugs and various other heath services. Due to the nature of this attack, the well-being of customers of Medco were put at risk. Fortunately, the logic bomb did not succeed, and it is reported that the first wave of the attack failed due to buggy code, and subsequent waves were detected and prevented before they could trigger. The former system administrator will now serve 30 months and has to pay $81,200 in damages.
It is mentioned that upcoming layoffs could have triggered the system administrator (Lin) to commit this offense. Medco had just been restructured, and layoffs had taken place, but Lin did not lose his job. However, there were more layoffs to come, so perhaps in anticipation, Lin planted the logic bomb. It is difficult to say if there could have been anything done to prevent this offense. Since Lin was a system administrator, it is difficult to stop or deter a person of this position if they are willing to commit such a serious offense. I think the best a company could do is respond to actions taken by employees by checking their work, but enforcing a system like this would be too pricey and time consuming to be plausible.
As mentioned before, the impact of this event, if it were successful, could have been very serious. People’s lives could have been lost due to lack of prescription drugs, and others could have been damaged for life potentially. One very difficult question to answer is, what should we do with people like Lin? What kind of punishment is suitable for the crime? Even though it was not successful, the intent to harm was always present. After Lin completes his sentence, should he be trusted to work with a company’s computer systems? Who knows if Lin will have learned his lesson, or if he will be even more upset and “out to get the world.” I would think it is safe to say that a company will never hire Lin to work on their computer systems with this kind of event on his record.
The state of Maryland has decided, after spending $65 million on electronic voting machines made by Premier (formerly known as Diebold) Election Systems, to spend another $20 million on optical-scan machines that read paper ballots. The reason for this incredible expenditure of taxpayer money, which the state will be paying off until at least 2014? Security concerns about the purely computerized voting machines. (Read on …)
Covered on The Register, Telegraph.co.uk, and Slashdot.
Earlier this month, a 14-year-old in Poland used a modified TV remote control to directly interfere with rail junction controls in the city of Lodz. He obtained information on the operation of the junctions by trespassing in several train depots. In the end, he used his train remote to alter the switchings on several moving trams, causing some to derail and resulting in numerous passengers receiving minor injuries. The boy has been charged in juvenile court with endangering the public.
The youth’s particular attack on the system was made possible by the use of infrared signals to control track switches, which left them open to outside interference. Additionally, the lack of property security at railway depots allowed the attacker to obtain information about exactly how the switches interpreted their signals, rendering possible the direct manipulation of the switches. (Read on …)
According to a report Tuesday from the Government Accountability
Office, sensitive taxpayer data housed at the IRS is critically
vulnerable to security threats. The report is a follow up from March
2006 where the security problems were initially discovered. The new
report indicates that 70% of the issues discovered in March remain.