You are hereFeed aggregator / Categories / Industry Blogs

Industry Blogs

AusCERT: In case you missed it, the AusCERT week in review for 03.02.2012 https://t.co/e2slZX1T #patch #PHP #Apache #Mozilla #OSX #sudo

Auscert Feed - 3 hours 46 min ago

AusCERT: In case you missed it, the AusCERT week in review for 03.02.2012 https://t.co/e2slZX1T #patch #PHP #Apache #Mozilla #OSX #sudo

Categories: Industry Blogs

Case studies - what would you find useful?

Forensic Focus News - Sun, 02/05/2012 - 22:21

Following on from an earlier discussion, I'd like to revisit the idea of "case studies". What would people find useful in a case study, e.g. what subject areas would we like to see covered, what level of expertise, what format should it take etc.? If I can gain a better understanding of what people are looking for I may be able to facilitate something in future. Please let me know your thoughts by replying to this forum post, thank you. Jamie

Categories: Industry Blogs

Should Personal Data Be Personal?

Pogo Was Right - Sun, 02/05/2012 - 08:35

Somini Sengupta writes:

…. Every European country has a privacy law, as do Canada, Australia and many Latin American countries. The United States remains a holdout: We have separate laws that protect our health records and financial information, and even one that keeps private what movies we rent. But there is no law that spells out the control and use of online data.

It would be tempting to say that history and culture on this side of the Atlantic make privacy a non-issue. That’s not exactly the case. Privacy has always mattered in American law and to American sensibilities, but in a different way.

California Legislator to Introduce 911 Privacy Bill

Pogo Was Right - Sun, 02/05/2012 - 08:30

Dan Kahn writes:

California legislator Norma Torres recently announced that she plans to introduce a bill that would restrict the release of taped 911 emergency telephone conversations. Torres, herself a longtime former 911 operator, said in a statement that “I don’t want anyone to hesitate or not make a 9-1-1 call because they are afraid their taped call will be released to the media.”

Read more on Covington & Burling Insider Privacy.

Categories: Industry Blogs

IL: Bill would ban employers asking for personal passwords

Pogo Was Right - Sun, 02/05/2012 - 08:29

WJBC reports:

Businesses may soon be banned from requiring potential employees to divulge their social media passwords, for sites such as Facebook and Twitter, during the hiring process.

State Rep. La Shawn Ford (D-Chicago) said getting access to an applicant’s account not only gives employers access to personal social information but sometimes sensitive banking information as well. The bill’s opponents simply don’t understand, he said.

Friday Squid Blogging: Clothing that Keeps an Exercise Journal

Scheier on Security - Sat, 02/04/2012 - 08:18

It's called Squid.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Categories: Industry Blogs

The Problems of Too Much Information Sharing

Scheier on Security - Sat, 02/04/2012 - 06:49

Funny. Fake, but funny.

Edited to add (2/3): The rest of the story.

Categories: Industry Blogs

VeriSign Hacked, Successfully and Repeatedly, in 2010

Scheier on Security - Sat, 02/04/2012 - 02:49

Reuters discovered the information:

The VeriSign attacks were revealed in a quarterly U.S. Securities and Exchange Commission filing in October that followed new guidelines on reporting security breaches to investors. It was the most striking disclosure to emerge in a review by Reuters of more than 2,000 documents mentioning breach risks since the SEC guidance was published.

The company, unsurprisingly, is saying nothing.

VeriSign declined multiple interview requests, and senior employees said privately that they had not been given any more details than were in the filing. One said it was impossible to tell if the breach was the result of a concerted effort by a national power, though that was a possibility. "It's an ugly, slim sliver of facts. It's not enough," he said.

The problem for all of us, naturally, is if the certificate system was hacked, allowing the bad guys to forge certificates. (This has, of course, happened before.)

Are we finally ready to accept that the certificate system is completely broken?

Categories: Industry Blogs

A Reasonableness Approach to Searches After the Jones GPS Tracking Case

Pogo Was Right - Fri, 02/03/2012 - 23:22

Peter Swire writes, in part:

The proposal here is that the answer lies in addressing what the Supreme Court in Delaware v. Prouse called “standardless and unconstrained discretion,”[5] and what Justice Sotomayor called “unfettered discretion” in her concurrence in Jones.[6] Supreme Court precedent contains powerful methods for limiting this sort of discretion, primarily in the second step of Fourth Amendment analysis. The first step, and the focus of the dueling opinions in Jones, concerns the definition of what constitutes a “search or seizure.” The second step, once a “search or seizure” exists, is to define its reasonableness. The thesis here is that the reasonableness doctrine offers the best opportunity to respond to the Justices’ concern about unconstrained discretion in high-tech searches. Longstanding precedents under this doctrine require “minimization” of intrusive surveillance and procedural checks against standardless or discriminatory surveillance.

Read more of his article in the Stanford Law Review

Categories: Industry Blogs

Federal court – warrantless search of protestor’s video cam violated Fourth Amendment

Pogo Was Right - Fri, 02/03/2012 - 23:14

FourthAmendment.com points to a recent news story out of Oregon that searching a videocam without a warrant, even incident to an arrest, is a Fourth Amendment violation. Bryan Denson reports:

The rules of engagement became clearer in Eugene’s U.S. District Court last week, when a civil jury determined that a city police sergeant violated an environmental activist’s constitutional protections against illegal search and seizure during a 2009 leafletting campaign outside a bank.

The eight-person panel determined that Sgt. Bill Solesbee arrested environmentalist Josh Schlossberg without probable cause and used excessive force. But it was Solesbee’s next act that sent legal minds across Oregon into hyperdrive: He seized the environmentalist’s video camera without a warrant.

That’s the electronic equivalent of police walking off with several file cabinets of private papers without benefit of a judge’s signature, said Lauren Regan, Schlossberg’s lawyer.

U.S. Magistrate Judge Thomas Coffin ruled in a pretrial hearing in the Eugene case that Solesbee violated Schlossberg’s Fourth Amendment rights by searching the contents of his camera without a warrant. That ruling marked the first time that a federal court in Oregon weighed in on warrantless seizures of digital devices.

Article19.org raises concern’s about Pakistan’s Telecommunications (Re-organization) Act

Pogo Was Right - Fri, 02/03/2012 - 22:30

Thanks to Dave Banisar of Article19.0rg for alerting me to their analysis of the Pakistan Telecommunications (Re-organisation) Act.

From the Executive Summary:

In January 2012, ARTICLE 19 has analysed the provisions of the Pakistan Telecommunications (Re-organisation) Act, 1966 (the Act) to assess their compatibility with international standards relating to the rights to freedom of expression and information and privacy. ARTICLE 19 finds the Act has many provisions which are incompatible with Pakistan’s obligations under international law and violate citizens’ rights of freedom of expression, access to information and protection of privacy.

As a general matter, the Act gives broad, largely unrestricted powers to the Government of Pakistan to issue policy statements and regulations in the name of protecting national security. These provisions provide few limitations on the ability of the government to issue directives and orders in violation of freedom of expression and privacy rights.

In addition, the Act criminalises vague and broad offenses, banning the dissemination of “false” or fabricated” information, as well as indecent materials and causing “mischief.”

Furthermore, the Act allows for the shutdown of communications both individually with a vague warning, and in broader cases, based on a decree by the government of potentially the entire telecommunications networks.

Finally, there are significant problems with the broad powers of surveillance given under the Act. It allows for the interception of communications with little or no regulation or oversight. It also places restrictions on the use of encryption by users to prevent unlawful interception of their communications. These create a significant chilling effect on telecommunications users’ ability to seek and receive information.

Read the full report for more of their analysis and their recommendations.

Categories: Industry Blogs

Prisons in the U.S.

Scheier on Security - Fri, 02/03/2012 - 01:04

Really good article on the huge incarceration rate in the U.S., its causes, its effects, and its value:

Over all, there are now more people under "correctional supervision" in America -- more than six million -- than were in the Gulag Archipelago under Stalin at its height. That city of the confined and the controlled, Lockuptown, is now the second largest in the United States.

The accelerating rate of incarceration over the past few decades is just as startling as the number of people jailed: in 1980, there were about two hundred and twenty people incarcerated for every hundred thousand Americans; by 2010, the number had more than tripled, to seven hundred and thirty-one. No other country even approaches that. In the past two decades, the money that states spend on prisons has risen at six times the rate of spending on higher education.

[...]

The trouble with the Bill of Rights, he argues, is that it emphasizes process and procedure rather than principles. The Declaration of the Rights of Man says, Be just! The Bill of Rights says, Be fair! Instead of announcing general principles -- no one should be accused of something that wasn't a crime when he did it; cruel punishments are always wrong; the goal of justice is, above all, that justice be done -- it talks procedurally. You can't search someone without a reason; you can't accuse him without allowing him to see the evidence; and so on. This emphasis, Stuntz thinks, has led to the current mess, where accused criminals get laboriously articulated protection against procedural errors and no protection at all against outrageous and obvious violations of simple justice. You can get off if the cops looked in the wrong car with the wrong warrant when they found your joint, but you have no recourse if owning the joint gets you locked up for life. You may be spared the death penalty if you can show a problem with your appointed defender, but it is much harder if there is merely enormous accumulated evidence that you weren't guilty in the first place and the jury got it wrong. Even clauses that Americans are taught to revere are, Stuntz maintains, unworthy of reverence: the ban on "cruel and unusual punishment" was designed to protect cruel punishments -- flogging and branding -- that were not at that time unusual.

The author mentions the rise of for-profit businesses increasingly running prisons in the U.S., but I don't think he makes the point strongly enough. There is now a corporate interest in the U.S. lobbying for such things as mandatory minimum sentencing.

Categories: Industry Blogs

KY: Proponents say welfare drug testing is only fair; opponents say it targets the neediest Kentuckians

Pogo Was Right - Fri, 02/03/2012 - 00:08

Roger Alford of Associated Press reports:

Legislation that would require welfare recipients to be tested for drug use is gaining popularity among Kentucky legislators, more than 50 of whom have signed on as co-sponsors.

It doesn’t matter that the measure stands little chance of passing into law. In a legislative election year, incumbents want their names on proposals that tend to be popular with blue-collar voters, as this one is.

Supreme Court fumbles return of personal privacy

Pogo Was Right - Fri, 02/03/2012 - 00:04

Nat Hentoff comments on the Supreme Court decision in United States v. Jones:

I was thrilled to see this headline on the American Civil Liberties Union’s website after the Supreme Court’s unanimous Jan. 23 ruling on United States v. Jones: “Supreme Court GPS Ruling: Bringing the 4th Amendment Into the 21st Century.” Wow!

And this dramatic praise from Marcia Hofmann, the senior staff attorney for leading digital civil liberties protector, the Electronic Frontier Foundation:

“The Supreme Court has unanimously confirmed that the Constitution prevents unbridled police use of new technologies to monitor our movements.”

Do you hear that, President Obama?

But as soon as I read Justice Antonin Scalia’s decision, I knew the Supreme Court had committed no such all-encompassing attack on how George W. Bush, Dick Cheney and Barack Obama have turned us into a society constantly under surveillance by the government.

UK: Google executives questioned by MPs over privacy

Pogo Was Right - Thu, 02/02/2012 - 23:52

I’m still getting caught up with news after being offline so much. Here’s a news story from Monday by John Plunkett that I missed:

It was the latest stage in a long-running inquiry into privacy but the appearance of two senior Google executives before a joint parliamentary committee turned into an occasionally ill-tempered debate about whether the search giant was being economical with the truth.

The vice-president of Global Communications and Public Affairs for Google, David-John Collins, and the legal director and associate general counsel for Google, Daphne Keller, found themselves under fire from MPs and peers on the joint committee on privacy and injunctions on Monday.

The Google pair defended their track record on privacy following criticism from Max Mosley – who gave evidence to the committee in December – that it had failed to take down images from an orgy video published online by the News of the World.

Google: Here’s the real truth about Microsoft’s privacy claims about us

Pogo Was Right - Thu, 02/02/2012 - 23:46

Preston Gralla reports:

Microsoft has launched an all-out public assault on Google’s recent privacy changes, but Google is fighting back, claiming that Microsoft and other critics are spreading untruths about the new policy. It’s a fight that’s good for users.

Read about it on Computerworld.

Categories: Industry Blogs

Oxygen Forensic Suite 2012 v.4.0.1 released

Forensic Focus News - Thu, 02/02/2012 - 23:01

Oxygen Forensic Suite 2012 v.4.0.1 introduces support for Touch application analysis for Android and Apple devices; improves examination of SkyFire mobile browser data adding Apple devices support. The new release adds more than 80 Android-based devices, the overall number of supported devices rises to 2800.

Categories: Industry Blogs

NH: House Bill Would Outlaw GPS Tracking

Pogo Was Right - Thu, 02/02/2012 - 07:12

Sam Evans-Brown reports:

The state House of Representatives has passed a bill that would ban the use of GPS devices to secretly track people. The bill would make such tracking illegal someone without a court order.

UK: Axel Springer and Von Hannover judgments announced

Pogo Was Right - Thu, 02/02/2012 - 02:17

The European Court of Human Rights has announced today that it will deliver two Grand Chamber judgments, in the cases of Axel Springer AG v Germany and von Hannover v Germany (No.2) on 7 February 2012. The cases were both heard more than 15 months ago, on 13 October 2010. We had a post about the hearing at the time (and an earlier preview).Both cases concern the publication in the media of material which is alleged to be private. The Axel Springer case concerned the publication in “Bild” of an article about a well-known television actor, being arrested for possession of cocaine. The article was illustrated by three pictures of the actor. The German court granted him an injunction to prohibit the publication of the article and the photos. The applicant company did not challenge the judgment concerning the photos. The newspaper published a second article in July 2005, which reported on the actor being convicted and fined for illegal possession of drugs after he had made a full confession.

Read more on Inforrm’s Blog. In light of intervening developments and discussions of “right to be forgotten,” it will be particularly interesting to see how the court rules in these cases as in both cases, there’s no dispute about the accuracy of the reports, but the issue is whether a free press and public interest or curiosity trumps an individual’s privacy rights. Of course, even if such articles were prohibited in the EU, what would stop a non-EU publisher from reporting the news?

Categories: Industry Blogs

The right to be forgotten, or how to edit your history

Pogo Was Right - Wed, 02/01/2012 - 23:59

Peter Fleischer writes:

The “Right to be Forgotten” is a very successful political slogan. Like all successful political slogans, it is like a Rorschach test. People can see in it what they want. The debate would sound quite different if the slogan were actually something more descriptive, for example, the “right to delete”. The European Commission has now proposed to make the “right to be forgotten” into a law. It’s a big step to turn a vague political slogan into a law. The time for vague slogans must now give way to a more practical discussion of how the “right to be forgotten” could actually work.

Read more on Peter Fleischer: Privacy…?

Categories: Industry Blogs


	1300 760 452
	On Line Enquiry
	Info At Swarm-logic.com
	12/1 Elizabeth Plaza, North Sydney

Industry Blogs

Call Us Today