security

Cell Phone Security

I keep trying to get the point across to people that email and cell phones should not be considered private and secure. I think most think I’m a paranoid kook. Or at least paranoid. Albeit a well-meaning one. Like a kindly old uncle (which I am, which I feel like, which I am) or a gentle befuddled grandpa (which I’m kinda, which I’m not, which I am) 🙄

Well, here’s something new I learned this morning while scanning the newsletter of a mission-related agency:

2) Is Cell Phone Security Even Worse Than We Thought?

Here’s a question from a field worker who writes, “Our mission team is located in a ‘police state.’ We know the police listen to our phone calls regularly. We also know they can use triangulation to locate us. We’re fine with that stuff. 🙂 But now we’re facing a couple of new concerns:

“*** REMOTELY EAVESDROPPING WHEN WE’RE NOT ON THE PHONE — The microphones in cell phones are now being turned on remotely to allow eavesdropping on their owners anytime (even when you’re not making a call). We’ve figured out how to overcome this problem… but we kind of hate to always have the batteries out of our cell phones. 🙂 [By the way, if you think this worker has been watching too many episodes of “24”, just do an Internet search for the term, “FBI taps cell phone mic as eavesdropping tool.”]

“*** REMOTELY ACCESSING CONTENTS OF YOUR PHONE — We’re hearing (from some pretty tech-smart guys) that it’s easy to remotely hack into the contents of our phone, getting full access to our pics, calendars, docs, task lists, etc. The implications are huge. Can anyone confirm or deny this?

Now what?

Yahoo! Slurp and Me

They helped cause a spike on this site that led to my host suspending the domain.

After at least 30 hours of being suspended, I was allowed to bring the domain back online. Since then, I’ve been monitoring its bandwidth consumption. And particularly watching two bots: Googlebot and Yahoo! Slurp.

I also set up robots.txt to severely restrict bot access to this domain.

Googlebot is behaving; Slurp appears not to be.


Robots/Spiders at 6:53 am on 10/18/08
  Yahoo Slurp  7785+312  156.18 MB  09:46
  Googlebot    4411+33   111.47 MB  02:42

Robots/Spiders at 7:20 am on 10/19/08
  Yahoo Slurp  8357+334  164.00 MB  10:05
  Googlebot    4413+35   111.53 MB  03:59

I checked my recent accesses…and found a whole bunch by Yahoo. 🙁

Read it all

Skype User, Beware

Another company in the bag for the Chinese government?

Skype’s China Spying Sparks Anger

Savvy Internet users in China began avoiding the version of Skype offered by its Chinese partner two years ago, but news it filtered and recorded text messages has sparked new worries about the global firm’s commitment to privacy.

The U.S.-owned Web communications firm faces a backlash at home and in China for apparently allowing core principles to be compromised in order to meet the demands of Chinese censors, analysts warned.

“We may never know whether some of those people whose conversations were logged have gone to jail or have had their lives ruined in various ways as a result of this,” said Rebecca MacKinnon, an Internet expert at Hong Kong University.

“This is a big blow to Skype’s credibility, despite the fact that Skype executives are downplaying it as not such a big deal.”

Skype, with its promises of total security and privacy, has long been popular with Chinese looking to keep their conversations away from the prying eyes of government censors.

But the eBay-owned firm had to apologize on Thursday after a report revealed that its Chinese service not only monitors text chats with sensitive keywords, which it had earlier admitted, but also stores them along with millions of personal user records on computers that could easily be accessed by anybody.

FYI: Border Crossing

U.S. tracking citizens’ border crossings

The U.S. government has been using its border checkpoints to collect information on citizens that will be stored for 15 years, raising concern among privacy advocates, the Washington Post reported on Wednesday.

[…]information may be shared with federal, state and local governments to test “new technology and systems designed to enhance border security or identify other violations of law,” the Post reported.

[…]

Information on international air passengers has long been collected this way but Customs and Border Protection only this year began to log the arrivals of all U.S. citizens across land borders, the Post said.

Privacy advocates raised concerns about the expanded collection of personal data and said safeguards are needed to ensure the system is not abused.

[…]

DHS spokesman Russ Knocke told the paper that the retention period was justified.

“History has shown, whether you are talking about criminal or terrorist activity, that plotting, planning or even relationships among conspirators can go on for years,” he said. “Basic travel records can, quite literally, help frontline officers to connect the dots.”

Another Security Lapse

This time at Facebook — Security Lapse Exposes Photos:

A security lapse made it possible for unwelcome strangers to peruse personal photos posted on Facebook Inc.’s popular online hangout, circumventing a recent upgrade to the Web site’s privacy controls.

The Associated Press verified the loophole Monday after receiving a tip from a Byron Ng, a Vancouver, Canada computer technician. Ng began looking for security weaknesses last week after Facebook unveiled more ways for 67 million members to restrict access to their personal profiles.

But the added protections weren’t enough to prevent Ng from pulling up the most recent pictures posted by Facebook members and their friends, even if the privacy settings were set to restrict the audience to a select few.

After being alerted Monday afternoon, Facebook spokeswoman Brandee Barker said the Palo Alto-based company fixed the bug within an hour.

So how many millions of lines of code does it take to run Facebook? And how many more bugs might there be, waiting to be discovered?

Here are a few more paragraphs from the above story:

The latest lapse serves as another reminder of the perils of sharing sensitive photos and personal information online, even when Web sites pledge to shield the information from prying eyes.

Before the fix, Ng’s computer-coding trick enabled him to find private pictures of Paris Hilton at the Emmy awards and of her brother Barron Nicholas drinking a beer with friends and photos of many other people who hadn’t granted access to Ng.

[…]

Despite the risks, more people than ever — especially teenagers and young adults — are publishing personal photos and other intimate details about their lives on the Internet.

News Corp.’s MySpace.com, the only online social network larger than Facebook, suffered a security breach that exposed its members’ private photos earlier this year.

And don’t forget about the security breach an Gmail. And plenty of other sites. (I wonder how long till we hear of a breach at Carbonite or some other online storage site.)

My urgent advice: Use the Internet (Web, email, chat, IM, storage, etc) as though it weren’t private and secure.

Lured Kids?

This is amazing:

It matters to the security of people here at home if we don’t work to change the conditions that cause 19 kids to be lured onto airplanes to come and murder our citizens.

Perfect Soldiers: The 9/11 Hijackers: Who They Were, Why They Did It

Kids, Mr. President?

Lured?

That is stunning to me.

And when it comes to causal conditions, were none of those fellows educated and such?

And what about those other “kids” more recently in trouble in the UK? You know, those doctors?

Amazing.

I really do think Mr. Bush or Tony Snow or somebody at the White House needs to clarify that. (But it probably can’t be done.)

Private
Above all, love God!