*** Repository ***
Data For Your Head

Home | Guests | NewsViews And UpDates | Products | Security 101 |
| GeorgeAnn's Art Gallery | Library | Health | HealthNews | Downloads |

It is now 2005 and it only gets worse and you don't want to hear it... so why bother! One of the reasons ID theft is so rampant is that so many state and federal employees have access to your information....

27 May 2004 - GAO: Fed Data Mining Extensive
The GAO investigation
http://www.gao.gov/cgi-bin/getrpt?GAO-04-548.pdf (PDF), which covered only unclassified data mining, found that the practice was pervasive throughout the government and identified 52 agencies that had 199 data mining projects active or in the planning stages. Of those, the GAO found that 122 used Americans' personal information. Analyzing intelligence and detecting terrorist activity accounted for the least number of data mining projects.

The report http://www.cdt.org/security/usapatriot/20040526technologies.pdf also uncovered 54 projects with data supplied by private companies, such as credit reporting agencies and credit card issuers. Of those 54 projects, 36 involved personally identifiable information such as names, Social Security numbers and driver's license numbers, raising concerns about the unregulated nature of government data mining. Wired.com

1 October 2003 Computer based Electronic Evidence: http://www.nhtcu.org/ACPO%20Guide%20v3.0.pdf
Association of Chief Police Officers (UK)

27 September 2003 CyberInsecurity: The Cost of Monopoly
How the Dominance of Microsoft's Products Poses a Risk to Security
Source: http://www.ccianet.org/papers/cyberinsecurity.pdf
NOTE: Dr. Daniel Geer, Chief Technology Officer and co-founder of AtStake, was fired by AtStake for co-authoring this paper. AtStake is a supplier to Microsoft.

21 May 2003
DARPA dabbles in real-world 'Matrix'

Soliciting proposals for searchable database of individual human lives Defense Department ubergeeks at DARPA are soliciting proposals for a comprehensive, searchable database of individual human lives encompassing every communication, encounter, transaction and even 'feeling' generated by a lifetime of social interaction.

It's called LifeLog, and it would combine a plethora of sensors, including medical sensors, along with a vast transactional database and an exhaustive catalogue of media encountered, all compiled and tweaked to preserve every scrap of data that a subject might talk or write about, or be observed to do or say or confront, or be reasonably assumed to intend. More... (The Register)

21 May 2003
Alarm at Pentagon's email snooping

Civil liberties groups raised their concerns yesterday about the Pentagon's plans for cyber-surveillance systems which would give the government access to private emails and medical, education, travel and financial records. The fears were expressed as the defence department reported on its plans for the total information awareness (Tia) programme. More... (The Guardian UK)

ICQ Crashed All Over the World Today
Today’s crash of the instant message ICQ server might become the beginning of the end. The Internet pager, which is a bone of contention for AOL, has increased the number of its adversaries today. AOL servers, which support ICQ, crashed during the peak of Internet surfers’ activity. As a result, a lot of users, who kept their contact lists on the server of the company, were deprived of all those contacts. They just vanished.

There have been a lot of news messages reported about the scale of the incident. Western media outlets have not showed any reaction to the event yet. AOL has not released any statement either... More (Pravda)

18 January 2003
Do you know where your old harddive is?
Discarded computer hard drives full of secrets
Of the 129 drives that worked, 69 had recoverable files. Forty-nine contained "significant personal information," including medical correspondence, love letters, pornography and credit card numbers. More (CNEWS.CA)

Speaking of Identity Theft...
The FDIC relies "extensively" on computer systems and networks to support its financial operations and has around 5,400 authorized users of its systems, the GAO said. But it isn't adequately keeping track of who has access to what systems, the GAO said.

"Hundreds of users had access privileges that allowed them to modify financial software and read, modify, or copy financial data," the report said, adding that the FDIC was not monitoring these users actions. http://www.gao.gov/new.items/d02689.pdf

7 January 2003
'DVD Jon' scores huge legal victory.
16-year-old Jon Lech Johansen who helped crack a code meant to protect the content of DVDs won full backing from an Oslo court on Tuesday. 'DVD Jon' wins big against giant corporations and organizations including the Motion Picture Association of America. More (AftenPosten)

6 January 2003
Hackers take on MS on copyright protection for eBooks
Irked at his inability to read Microsoft eBooks on his older Win CE device, UK programmer Dan Jackson has set up a project to improve file conversion tools. Jackson obtained the source code of a program called Convert Lit (or clit.exe, no sniggering at the back there) from its developers and posted it on his Web site. http://members.lycos.co.uk/hostintheshell/ More (TheRegister)

Spies On The Internet - have a look at this company profile...

9 November 2002
The Pentagon is constructing a computer system that could create a vast electronic dragnet, searching for personal information as part of the hunt for terrorists around the globe — including the United States. In order to deploy such a system, known as Total Information Awareness, new legislation would be needed, some of which has been proposed by the Bush administration in the Homeland Security Act that is now before Congress. That legislation would amend the Privacy Act of 1974, which was intended to limit what government agencies could do with private information...
(NY Times) More

3 November 2002
Cordless keyboard wrote on neighbor's computer
http://www.aftenposten.no/english/local/article.jhtml?articleID=427668 While a Stavanger man typed away at his desktop computer his text was also streaming in on his neighbor's machine in a building 150 meters away. Hewlett-Packard have never received a complaint like it.

24 October 2002
The Death Of The Internet
How Industry Intends To Kill The 'Net As We Know It
http://www.tompaine.com/feature.cfm/ID/6600 Jeff Chester is executive director of the Center for Digital Democracy.
The Internet’s promise as a new medium -- where text, audio, video and data can be freely exchanged -- is under attack by the corporations that control the public’s access to the 'Net, as they see opportunities to monitor and charge for the content people seek and send. The industry’s vision is the online equivalent of seizing the taxpayer-owned airways, as radio and television conglomerates did over the course of the 20th century.

22 October 2002 - An Attack On The Internet?
An unusually powerful electronic attack briefly crippled nine of the 13 computer servers that manage global Internet traffic. The attack lasted one hour and the origin of the attack was not known. Service was restored after experts enacted defensive measures and the attack suddenly stopped...

12 October 2002 - "96 Percent of Net Radio" to close after backroom deal screws grassroots web casters http://www.theregister.co.uk/content/6/27575.html
And privately, even members who support HR.5469 agree that it will "seal the fate of this industry to be dominated by big webcasters," according to correspondence seen by The Register.

11 October 2002 - Maxtor drives one-touch backup
The Milpitas, California -based company has developed a new feature designed to let computer users back up files, folders and drives with the touch of a button. The feature, OneTouch, is built in to a new line of external hard drives, the Personal Storage 5000 family. Backup starts when a user presses a button on one of the drives. The units come with built-in USB 2.0/1.1 and FireWire interfaces, along with 3.5-inch hard drives, the same type used in desktop PCs.

11 October 2002 - Outlook Express flaw speeds hacking
Microsoft warned Outlook Express users that a software flaw could allow an online hacker to take control their computers.
(Go to http://www.ritlabs.com and learn about "TheBat" email client, you will be glad you did!)

9 October 2002 - Satellite systems hackable - study
Critical commercial satellite systems relied upon by federal agencies, civilians and the Pentagon are potentially vulnerable to a variety of sophisticated hack attacks that could cause service disruptions, or even send a satellite spinning out of control, according to a new report by the General Accounting Office, the investigative arm of Congress.

26 September 2002 - Microsoft warns of FrontPage flaw
Microsoft warned Web site administrators on Wednesday that a flaw in its FrontPage extensions could allow an attacker to take control of their servers or cause the computers to seize up. - - Despite launching its Trustworthy Computing initiative in January, the software giant has racked up more than 70 vulnerabilities outlined in 53 advisories this year. Last week, Microsoft revealed three flaw in its Java virtual machine software.

Win-XP Help Center request wipes your HD
http://www.theregister.co.uk/content/4/27074.html A malicious Win-XP Help Center request can easily and silently delete the contents of any directory on your Windows machine, we've learned. Worse, MS has rolled the fix silently into SP1 without making a public announcement. A good sketch of the problem in English, along with a harmless self-test, can be found here, thanks to Mike at http://unity.skankhouse.org, who did some tinkering after noticing a tip on a BBS.

#2001-04. Microsoft-English Dictionary Volume 1
A highly interesting read! [G.H.]
Given that Microsoft is preparing to roll out its subscription- based suite of services (Windows XP, .NET, and Hailstorm)... not to mention is still engaged in ongoing legal proceedings, there's a lot of information and statements being released by the software company to help sway public opinion in its favor. This article helps the public understand what Microsoft is really saying, and what their statements actually mean to the computing world. (Written with the helpful input of several IT professionals).

Felt-tip marker hack for copy-protect CDs 'completely neutralized' http://www.theregister.co.uk/content/6/26839.html

Marker pens, sticky tape crack music CD protection http://www.theregister.co.uk/content/archive/25274.html

HP, Dell ditch MS Works for WordPerfect http://www.theregister.co.uk/content/4/26832.html

Media Giants Are Clearly Out of Control...
Media giants demand ISPs block Web sites
According to Thomas C Greene, the Recording Industry Ass. of America has sued for the right to determine which Web sites you and I will be permitted to visit. Taking a page from the book of totalitarian regimes, the media industry is suing major ISPs, demanding that the foundations of a Chinese-style Great Firewall be laid to protect their precious copyrights, Reuters reports.

KDE fixes SSL hole as MS dithers
MS has decided to whitewash the affair and persuade users that the bug in their operating system is harmless, in flagrant disregard of the handy exploit code that's already been released.
See: IE Security hole

Verizon switches programmers to Linux The company cut costs by replacing programmers' Unix and Windows workstations with Linux systems that run OpenOffice instead of Microsoft Office, said George Hughes, a Verizon executive overseeing the work. The average desktop cost dropped from $20,000 to $3,000 per developer, he said in a talk at the LinuxWorld Conference and Expo.

Sleuths Invade Military PCs With Ease
The consultants, inexperienced but armed with free, widely available software, identified unprotected PCs and then roamed at will through sensitive files containing military procedures, personnel records and financial data. One computer at Fort Hood in Texas held a copy of an air support squadron's "smart book" that details radio encryption techniques, the use of laser targeting systems and other field procedures. Another maintained hundreds of personnel records containing Social Security numbers, security clearance levels and credit card numbers. A NASA computer contained vendor records, including company bank account and financial routing numbers. Available on other machines across the country were e-mail messages, confidential disciplinary letters and, in one case, a memo naming couriers to carry secret documents and their destinations...

MS 'Software Choice' scheme a clever fraud
Microsoft's new "Software Choice" campaign is all for your right to choose... as long as you choose Microsoft. It's too bad that Intel and the U.S. Government couldn't see through the rhetoric.

'Creative Attacks' Beat Crypto -- Expert
In 1998 cryptographer Paul Kocher developed a method for deducing the secret key embedded in a cryptographic smart card by monitoring tiny fluctuations in power consumption. Three years earlier, at the tender age of 22, he made headlines with a technique to compromise implementations of the RSA algorithm -- not with a direct frontal assault, but by watching the amount of time a system took to perform certain functions... "Nobody breaks the crypto, they all bypass the crypto," says Kocher. "They are putting bigger crypto keys in there and it doesn't give you bigger security."

Dangers of the Google tool bar exposed
A series of attacks based on a flaw in the way the Google tool bar uses URLs to alter browser settings has been described by Israeli security outfit GreyMagic Software.

Microsoft-FTC settle over Passport
MS makes sweeping changes to its Passport authentication system as part of a settlement agreement with the Federal Trade Commission... Within one year, Microsoft must "obtain certification from a qualified, independent third party that its security program provides at least the protections that the order mandates," Muris said. The assessment must be performed biannually. Microsoft agreed not to engage in unfair or deceptive practices and to protect the security and privacy of personal information. Question: Has Microsoft ever kept their word where ethics are concerned?

Microsoft EULA asks for root rights - again
"You acknowledge and agree that Microsoft may automatically check the version of the OS Product and/or its components that you are utilizing and may provide upgrades or fixes to the OS Product that will be automatically downloaded to your computer," is the new bit you'll be interested in.

Subject: Remove the EULA before installing your software
Newsgroups: alt.privacy, alt.windows98
This is a Windows VBScript I created to remove the click-through End-User License Agreements from retail software I install. EULAs are getting unacceptably intrusive and restrictive, and I for one have had enough. In my opinion, manufacturers have no business putting extra restrictions on how I use something after I have already paid for it.

Gnutella Developer Gene Kan, 25, Commits Suicide?
The cause of death was a gunshot wound to the head

Report: FDIC not protecting data
The FDIC relies "extensively" on computer systems and networks to support its financial operations and has around 5,400 authorized users of its systems, the GAO said. But it isn't adequately keeping track of who has access to what systems, the GAO said.

"Hundreds of users had access privileges that allowed them to modify financial software and read, modify, or copy financial data," the report said, adding that the FDIC was not monitoring these users actions.


China Internet Portals Sign Pact Yahoo agrees to censor Chinese portal by removing content from the web that the Chinese communist government deems subversive.

There's a new generation of freedom fighters sitting behind computers.
Hacking group develops technology to thwart censor-happy governments
e-Freedom fighters forge new weapon

House Votes to Stiffen Cybercrime Penalties
Spurred by worries about electronic terrorism, computer viruses and other Internet intrusions, the U.S. House of Representatives voted on Monday to increase online surveillance and stiffen penalties for computer crime. Do you think the penalties will be extended to cover on-line corporate marketeers (spies) who use hacking techniques to secretly gather information from you when you go on-line?

Copyright bill may severely limit rights
Legislators are readying a bill that could sharply limit Americans' rights relating to copying music, taping TV shows, and transferring files through the Internet. At the same time, the draft legislation seen by CNET News.com would place the struggling Webcasting industry on firmer legal footing (this is not exactly a truthful statement). Reps. Howard Coble of North Carolina and Howard Berman of California, authored the draf. A Librarian of Congress set royalty fees for Web radio companies...

Bush seeks broad new powers to protect U.S.
Bush asked for unprecedented authority to reorganize government and transfer money among programs - without the approval of Congress - to deal with the changing face of terrorism. Bush also proposed an end to laws (Posse Comitatus) that bar military personnel from being involved in civilian law enforcement.

Patriot Act = CALEA = Communications Assistance for Law Enforcement Act
= VeriSign = Verint Systems (formerly Comverse Infosys)

Congress passed the legislation that made this possible...

Under the J- STD-025, law enforcement could be provided with access to both call identifying information and call content, even where it may be authorized only to receive call-identifying information... Party hold, join, drop on conference calls -- Messages will be sent to a LEA that identify the active parties of a call. Specifically, on a conference call, these messages will indicate whether a party is on hold, has joined, or has been dropped from the conference call. Subject-initiated dialing and signaling information -- Access to dialing and signaling information available from the subject will inform a LEA of a subject's use of features (e.g., call forwarding, call waiting, call hold, and three-way calling) In-band and out-of-band signaling (notification message) -- A message will be sent to a LEA whenever a subject's service sends a tone or other network message to the subject or associate (e.g., notification that a line is ringing or busy, call waiting signal). Timing information -- Information will be sent to a LEA permitting it to correlate call- identifying information with the call content of a communications interception. More... http://www.telecomweb.com/reports/calea/

Verisign is prepared to SELL or USE your information. VeriSign claims - "Trust is the Foundation of Every Human Relationship." Like Microsoft and security, VeriSign and trust = oxymoron. About Verisign... http://www.telecomweb.com/reports/calea/About_Verisign.htm

VeriSign in bed with Verint Systems? VeriSign announced in early June 2002 that it will offer CALEA spying services to US ISPs and wireless providers through the use of Verint's technology. Verint.com Verient's website is under construction.

FBI CALEA - Communications Assistance for Law Enforcement Act-Site http://www.askcalea.net/programs/deployment.html

Where are VeriSign's ethics?...
20 June 2002
VeriSign backs down over phony alerts
VeriSign has agreed to stop sending false notices telling customers of rival registrars that their domain names will soon expire.

View the "Letter of Deception.jpg" sent out by VeriSign...

8 May 2002
VeriSign Gets Contract to Manage Background Checks on eBay Sellers
VeriSign Inc. reached an agreement with eBay Inc. to run background checks on eBay sellers to help combat fraud on the Internet auction site.

Fear of Big Brother in Microsoft Technology
[TheAge - Australia]

The Big Secret
The plan, revealed for the first time to NewsWeek, is Palladium...
[MSNBC - A Major Privacy Violator]

Microsoft Technology:
Palladium is TCPA - Ross Anderson's paper

U.S. mulls online ID systems
The U.S government is considering using online ID systems from Microsoft, Entrust, RSA, and VeriSign among others to track the identity of visitors to a dozen new federal Web sites launching later this year, a federal official said Friday.

Microsoft accused of technology theft

MS security hole extravaganza
Cracking MS SQL Server passwords
[The Register]

http://www.theregister.co.uk/content/4/26086.html The inner workings of the undocumented pwdencrypt() hash function in Microsoft SQL Server [http://www.microsoft.com/sql/default.asp] have been revealed in a paper by security researcher David Litchfield of Next Generation Security Software (NGSS) [ http://www.nextgenss.com/ ]

Were you a Sprint user?
Mitnick testimony burns Sprint in Vegas 'vice hack' case

Quote from InsightMag article on ID theft "Most alarming is that government agencies are increasingly putting SSNs on the Internet."

Long Distance Penetration - NASA Gets Hacked

How safe is on-line banking...
should we laugh now or later?
Boy of 17 hacks into missile secrets

Citibank Payment Service Said Flawed
9 January 2002
http://www.infowar.com/ Researcher claims hacker could steal funds from c2it.com computer security researcher says he has found several flaws in Citibank's online payment service C2it.com. The flaws could potentially expose customer information and even enable a malicious criminal to move money out of a victim's c2it.com account.

Remember This? Appraisal of Technologies of Political Control (1998)

A Must Read - EU Data Retention Legislation National Law Enforcement Experts Working on... a wish list of citizens' communications data to be retained in the EU.

Unpatched IE security holes
http://www.pivx.com/larholm/adv/TL003/ Vulnerabilities listed on this page work (among others) with the latest versions of Internet Explorer, with all patches installed. Until proper patches have been provided, the only fix is to disable scripting.

IE scripting flaw uncovered

PGP Outlook plugin has major security hole
http://www.theregister.co.uk/content/4/26145.html A malicious e-mail can create a buffer overrun in Network Associates' PGP plugin for MS Outlook on Windows, which in turn can be used to run arbitrary code with the user's level of privilege.

Do You Use The IE-browser?
Check this out...
Japanese security enthusiasts developed a little tool called IE'en which exposes traffic between an IE user and any server he's contacting, including logins and passwords over HTTPS. New IE spy progie exploits DCOM
[The Register]

IE'en remotely controls Internet Explorer using DCOM.

'Hacktivists' to release covert communications tool
July 2002
International group of "hacktivists" (hackers) says it is about to release a computer program designed to let political dissidents communicate via the internet without fear of government eavesdropping.

Diamond Computer Systems Security Advisory
18 March 2002
D.I.R.T. ("Data Interception by Remote Transmission") is a Remote Access Trojan originally developed by Eric Schneider (as reported by The Register) and currently marketed and sold by vendor Codex Data Systems, a relatively small firm based in New York. It is marketed to military and law enforcement agencies and utilises an Aladdin HASP hardware dongle to prevent unauthorised use of the package... D.I.R.T. also allows agents to remotely seize and secure digital evidence prior to physically entering suspect premises.

Gigger worm can format Windows PCs
11 January 2002
Gigger, a new JavaScript-based virus attempts to delete files from a computer and format user's disk drive on restart and antivirus vendors are characterizing it as high-risk. Gigger, which uses a combination of Microsoft Outlook and mIRC to spread...

Popular file share utilities contain Trojans
3 Jan 2002

Don't Click This!

Home | Guests | NewsViews And UpDates | Products | Security 101 |
| GeorgeAnn's Art Gallery | Library | Health | Downloads | Essentials |