Who has your memories?

Professor Viktor Mayer-Schonberger said that he worries that the digital age may be removing the critical ability to forget. The function of what he calls “social forgetting” which allows us to forget things that are embarrassing or unpleasant to remember. However, with the social networking and other such changes brought about by the internet, interesting and worrying questions begin to arise.

They remember better than you?

Mayer-Schonberger worries that some corporation or government my remember things better than we do. If google remembers what we searched for years ago better than we do, then they have power over us. Then imagine if that data resurfaces later, long after we have forgotten it. This sort of thing has already arrived with the practice of screening the public profiles of new hires. After all, it is very difficult to defend against things you forgot about. I worry about what will happen when corporations or governments remember every internet-immortalized minutia of our lives – when the internet remembers more of our live than we do ourselves.

Remembering more

On the other end of the spectrum, Microsoft researcher Gordon Bell has logged every aspect of his life into a database. He argues the virtue of using technology to remember things for us, helping us find things long forgotten that may be of emotional importance. Then again, maybe some things are better forgotten.

The real risk

Perhaps where I believe there is a real risk in remembering too much is when you no longer control what gets remembered and what is forgotten. When it is controlled by someone else, say a website, then you may not be able to stop everything from being remembered.

• Maybe We Remember Too Much In This Digital Age
• Microsoft Researcher Records His Life in Data
• Clive Thompson on Remembering Not to Remember in an Age of Unlimited Memory

September 6, 2009 Posted by huskadoor | Uncategorized | google, government, privacy, socialnetworking, web | 1 Comment

Google: “no reason not to trust us…”

The co founder of Google, Sergey Brin, said to NPR that he sees no reason not to trust Google with personal data. It would be very comforting to be able to agree, and become part of the warm and fuzzy free spirit that Google presents. When he says Google is not interested in the nitty gritty of your life I long to beleive that it really is that simple. Unfortunately, I think that we forget that Google is driven to profits just like any other business, and unfortunately morality is sorely pressed to compete with money waved under one’s nose.

What I worry about is not that there is some personal reason that Google would want to watch individual people, but that there would be a chance to make money off exploiting or selling someone’s personal information. We cannot be fooled into thinking that because Google says that they should be trusted that means they won’t ever sell personal information.

Really, as Cindy Cohen from the Electronic Frontier Foundation says, we may be able to trust Google now, but will we always be able to trust them in the future? They may keep personal information through changes in the company, and the future Google may not seem so harmless.

Safer digitally? I doubt it.

Finally, Brin makes the assertion that you are more likely to lose control over your personal info through paper records than digitally. That, I must say, is ridiculous. Imagine if you are mailing a form with sensitive information in the mail {“snail mail” for clarity}, and someone is going to steal it. It will take a great deal of effort to open it, then carefully reseal it when you are done. On the other hand, an email is by default not encrypted, and can be read by any suspicious character between you and the receiver with a bit of know how and the right tools. Then there will be no trace. None.

Or, in a more Google oriented example, say some unnamed company has personal data in a database, including mother’s maiden name, or-more likely-a birthdate. It would be far easier for someone to simply buy {or steal} the information from that unnamed company than to go through the effort of looking it up in historical records, birth certificates, etc. I ask you, how is that safer than a paper form? Then, more importantly, is there any reason to trust Google?

Read about the interview: Google Co-Founder Sergey Brin Says Trust Us With Your Personal Information

September 1, 2009 Posted by huskadoor | Uncategorized | google, privacy, tracking, web | Leave a Comment

China wants more Censorship

Ah, once again China is creating a stir by trying to censor the internet even more than they already do. The previously discussed “Golden Shield” project filters out websites for the entire country, but is circumvented by a proxy. In what may be a response to that loophole, China is now requesting that all new PC’s in the country come with censorship software either pre-installed or on a CD.

“But it’s a good thing!” – they claim

The stated intention of the software is to protect children from pornography, and avoid the so called poisoning of minds. Even though the software now only blocks pornography, it could easily be expanded to block other sites, via a database that is updated over the internet.

Not so great after all

Luckily the software can be uninstalled or disabled by parents wanting their internet free from censorship. Unfortunately, the software can also allegedly make computers more vulnerable to attack. What’s more, the software may transmit personal data and then the user may not even know what is being blocked. Some claim that incompatibilities can lead to crashes and such, while China claims that testing has proved otherwise.

The Companies weigh in

This arrangement leaves the computer companies in a tricky spot – with a choice between helping make censorship possible or disregarding a government order and facing the loss of a large market. It is, however, unclear how the rule will be enforced. Industry officials have stated that the “incredible scope of the requirement that is not matched anywhere around the world” and the lack of time to test the software makes the rule challenging.

Source: PC firms face China decree

July 23, 2009 Posted by huskadoor | Uncategorized | Leave a Comment

What Hacked PC’s Do

You may think that only people with banking or credit card information connected with their computers will be attacked, that maybe the bad guys only steal money, but it’s much, much, worse. Once a dubious character has control of your system, what they may want to do goes beyond only doing something slightly unpleasant like stealing money. A blog post over on Security Fix at the Washington Post details the some reasons for a criminal to take over computers.

• Hosting dubious enterprises:

  in order to power anything from spam and phishing to pirated media and malware computers are needed to “host” files on the web. Why would someone ever endanger their own computer and internet connection with something like that? Instead, they take over someone else’s computer to do the grunt work.

• Mindless Labor as a Zombie:

  In fact, why even give a stolen computer such an important task as web hosting? Let it do some lowly task, along with hundreds or thousands of it’s kind. These computers are part of botnets, and are called zombies. They are commanded to provide processing power for some vast task, such as breaking captchas, sending spam, or even relaying the internet communications of hackers as a proxy. Maybe they even force websites to pay so that they are not shut down by a Denial of Service attack by the entire botnet.

• Harvesting for Spam:

  Just the contacts of an email account can yield many email addresses to add to a spam list. In fact, why bother with the computer at all? Just a compromised account can wreak havoc, begging friends and contacts for money. In fact, just knowing a password can easily open up all the other accounts that have the same password (which is common) or reset the passwords of accounts via the email address.

• Stolen Credentials:

  User names passwords, etc. Each giving the hacker access to some part of the victims online life. A website can be taken over, to host all sorts of nasties (see first point.) Any web pages those accounts control are an advantage.

• Virtual Goods:

  Why only steal definite things? Stealing gaming accounts is an active business, and the objects filched off those account are valuable. Often the worth of a player is tied to the account, and simply possessing it is an advantage in the game.

• Financial Credentials:

  Well, of course these are stolen, but they are only the tip of the iceberg.

The original list is at Security Fix

July 1, 2009 Posted by huskadoor | Uncategorized | botnet, security, spam | Leave a Comment

The army is not so secure after all

We all simply assume that the army is nice and safe and have security engineers who know what they are doing. After all, they must have something important behind those sealed up network doors. Well, apparently someone found a hole in their security. Not so airtight after all!

• On Jan. 26, hackers from the group “m0sted” that leans to the anti-american broke into the McAlester Munitions Plant’s website, which they altered to send users to a climate change protest page. Information Week did not know if any sensitive information was obtained.
• Previously, the same hackers had broken into the Army Corps of Engineers website in Sept. 19, 2007 and made it send visitors to the groups web site, which displayed {at the time} rhetoric against America and Israel.

Investigators have already carried out search warrants on email companies, including Microsoft, Yahoo, and Google, to try to find the actual identities of the hackers. The attack is believed to have been launched via SQL Injection, which takes advantage of a vulnerability in the Microsoft’s SQL database software. What is really concerning is that this attack worked right around the enormous amounts of money that the government puts into security, and waltzing right by the millions of dollars and security personnel that are supposed to be stopping this. We can only hope that the government has a good handle on the taxpayers information, but this is really unnerving regardless. It is even worse considering the proliferation of information the government may keep due to entities such as the patriot act.

On Information Week

June 6, 2009 Posted by huskadoor | Uncategorized | government, security, us | Leave a Comment

Linux Market Share Up — Safety Down

The market share of Linux compared to other operating systems has finally reached 1%. Now, that may seem tiny when dwarfed by the towering shadow of the 87.9% share of windows. And it is, but there is a catch. This landmark will make Linux less secure!

Now, bear with me through my logic. One of the most advertised reasons not to have antivirus software on Linux is the pure small amount of malware written for Linux. The basic idea is that who would want to write software that will infect Linux when there are so few people using it. Windows is so much of a larger target, so why bother with Linux? Well, this sense of security will end as soon as enough people use Linux for it to be a worthwhile target. There are, of course, other protections to keep Linux users secure (wow, you don’t even have to pay for them!), but this landmark in market share shows that Linux will not be protected by it’s obscurity forever. However, I have to admit that 1% is probably not the turning point.

May 15, 2009 Posted by huskadoor | Uncategorized | linux, security | Leave a Comment

Ted “A series of Tubes” Stevens

This is not so much new technology that is groundbreaking or paranoia inducing. It is, rather, just not very comforting. Former republican senator from Alaska Ted Stevens used an analogy that compares the internet to a “series of tubes.” He also mentioned to his “own personal internet.”

Now, I rather like the analogy of tubes, but he uses it to show the internet is “not a big truck” that you can “just dump something on.” These arguments were made in connection to a bill that would support net neutrality by stopping ISP’s from charging to prioritize customers. I’m not entirely sure what he means by his “own personal internet” (email, maybe?) and how he could receive “an internet sent by my staff”, but I hope that he knew what he was talking about. The thing is, he was involved in regulating the internet. What it seems like is he didn’t quite understand what he was talking about. And that would normally be fine (I don’t understand it fully), except if he was regulating it. Which he was. Then it’s a little unnerving. I can only hope that the other people who are now regulating the internet know what they’re talking about, and I hope he did too. And watch out, while loading this page it might get “tangled up with all these things going on the Internet commercially”, like the “Ten movies streaming across that, that Internet” (sic)

• Read and hear the quotes through Wikipedia.

May 2, 2009 Posted by huskadoor | US | government, isp, Ted_Stevens, us, web | Leave a Comment

Massive Botnet run from Ukraine

Here’s yet another argument for just disconnecting you computer from the internet forever {after all the, only way to be absolutely secure.} It’s just so comforting when we know that instead of criminals stealing by breaking and entering, they are stealing by crawling in through the internet {figuratively.}

What it is:

The security company Finjan discovered a massive botnet which is controlled in Ukraine. Over 1.9 million computers were infected when Finjan reported the infection.

• The malware gets to a computer via a trojan that is on a legitimate web site. Unfortunately, this trojan is only detected by 4 anti virus programs, making it seriously dangerous.
• The malware downloads other malware to the infected computer — when it’s operators are paid, of course.
• Finjan found a forum in Russia asking to “trade” infected computers. It’s just really nice to think that some shady cyber criminal could be haggling for control over your computer right now, don’t you think?
• What’s worse, is that the control in question is nearly unlimited, and the infected computers bow to the will of it’s controllers – stealing email, spreading infections, and taking data.

Around 77 computers from government domains are infected, 51 of which were in the U.S. government. All of the infectred computers run Windows XP {which service pack or version isn’t mentioned.} The vast majority {80%} use Internet Explorer, while some use Firefox {15%}, with only a few using Opera and Safari {3 and 1% respectively.}

April 24, 2009 Posted by huskadoor | Uncategorized | botnet, security, spam, web, zombie | Leave a Comment

Is your browser private? Chances are it isn’t.

We all like to think that the browsers that we use are supported by a dedicated team that is doing their best to write software that protects us, now that privacy concerns have become so important. Unfortunately, there is some doubt whether enough is being done, in both browsers and plugins. A researcher at a security firm performed a test to find out what was going on.

Cookies:

• Firefox, Opera, and Chrome correctly cleared cookies when the user told them to.
• Safari required the user to find the data in preferences and delete it.
• Internet Explorer would only clear data when the browser was closed.
• All browsers, at least, allow users to view the cookies stored.

Private Browsing:

Many browsers claim to be able to run in “private mode” where all private data is cleared after the session ends. Unfortunately, that feature never works quite right.

• Every browser didn’t clear gears data from a private browsing session.
• Chrome did, however, clear the other data.
• Firefox (3.1 beta 2) cleared everything except the “persistent storage”.
• Internet Explorer (8, beta 2) cleared everything except the “userData” store.
• Safari performed the worse:
  • On windows, Safari cleared nothing.
  • On Mac OSX it performed irregularly: cookies were sometimes cleared, other data just wasn’t cleared.

Flash

Flash performs pretty darn bad.

• Flash bypasses browser security that stops code from other domains being read.
• Luckily, Flash restricts access to microphones and webcams, and requires user consent for a Flash object to access them.
• Flash stashes data on the computer, which is available across multiple browsers, with no indication in any browser that it is stored. The browser cannot touch this data, and all the data can only be viewed through an obscure webpage. What is more, the setting panel on that page, though it allows data to be removed and settings to be changed, is hard to understand and has no indication that it is on a secured page.

Where to go from here:

• View the report and see for yourself.
• See the setting panel
• For Firefox, I recommend the Better Privacy add-on to clear these “flash cookies” at will.

April 19, 2009 Posted by huskadoor | Uncategorized | browser, cookies, firefox, flash, gears, ie, privacy, safari, tracking, web | Leave a Comment

Virus Poisoned Photo Frames

Way to go, letting viruses on your product. That will really encourage consumer confidence in electronics. Walmart photo keychains have been found to come with viruses. In addition, the CD for a Samsung digital photo frame came with a worm on it. Just makes you want to go out and spend money on some consumer electronics. Oh wait! The nasty virus on you computer (that came from some consumer electronics) stole your financial data and you don’t have any money left.

Read more at Slashdot

February 11, 2009 Posted by huskadoor | News | security, virus | 1 Comment