Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
A Super Puma helicopter crashed on 23 Aug 2013 off Shetland, killing four passengers after an alarming and rapid descent into the North Sea. Fourteen passengers survived, largely because the crash occurred near land. The black box voice and flight-data recorder has now been recovered from the tail section, and accident investigators have released their preliminary findings. "The evidence currently available suggests that the helicopter was intact and upright when it entered the water. It then rapidly inverted and drifted northwards towards Garths Ness. The helicopter was largely broken up by repeated contact with the rocky shoreline." The article notes that this is the fifth accident involving Super Pumas in the past four years, although this one appears unrelated to the previous ones. The British have discontinued all Super Puma flights (disrupting oil workers, both offshore and onshore), although the Norwegians have not. [Source: *The Guardian*, 29 Aug 2013, PGN-ed] http://gu.com/p/3tc5k
Michael J. de la Merced, Shutdown at Nasdaq Is Traced to Software, DealBook -- A Financial News Service of *The New York Times*, 29 Aug 2013 [PGN-ed] http://dealbook.nytimes.com/2013/08/29/nasdaq-blames-a-surge-of-data-for-trading-halt/?nl=todaysheadlines&emc=edit_it_th_20130830 Though the Nasdaq market calls itself home for the stocks of the world's biggest technology companies, the exchange acknowledged on 29 Aug 2013 that a three-hour halt in trading arose from a problem with its software. The Nasdaq OMX Group released preliminary findings that provided the clearest official insight into what caused the trading halt, being called in trading circles as the "flash freeze." While stock prices were little affected when the exchange reopened late in the afternoon of Aug. 22, the episode reignited concerns about the fragility of modern markets and their dependence on intricate software systems. In particular, a series of attempts by a market operated by the NYSE Euronext to connect with the Nasdaq system that reports the prices of recent trades generated a surge of data. That led to a failure of Nasdaq's backup systems, forcing the market to go offline to fix the problem. [...]
"On Tuesday, three appeals court judges agreed with it—in principle. They ruled that if the sender of text messages knows that the recipient is driving and texting at the same time, a court may hold the sender responsible for distraction and hold him or her liable for the accident." http://j.mp/17oKTlS (CNN via NNSquad) Even the theoretical concept of holding the person at the other end of an electronic communication (hell, even another person just talking in the same vehicle) responsible for a driver's stupidity is beyond ludicrous.
Charles Stross, Spy Kids, *Foreign Policy*, 28 Aug 2013 A sci-fi visionary on why the children of tomorrow are the NSA's biggest nightmare [PGN-ed] http://www.foreignpolicy.com/articles/2013/08/28/spy_kids_nsa_surveillance_next_generation In the 21st century, the U.S. National Security Agency (and other espionage agencies) face a storm of system-wide problems that I haven't seen anybody talking about. The problems are sociological, and they threaten to undermine the way the Western security state operates. The big government/civil service agencies are old. The NSA's roots stretch back to the State Department's "Black Chamber" (officially dissolved by Secretary of State Henry Stimson in 1929 with the immortal words "Gentlemen do not read each other's mail"). The CIA is a creation of the late 1940s. J. Edgar Hoover's FBI was established as the Bureau of Investigation in 1908. These organizations are products of the 20th-century industrial state, and they are used to running their human resources and internal security processes as if they're still living in the days of the "job for life" culture. Potential spooks-to-be were tapped early (often while at school or university), vetted, and then given a safe sinecure along with regular monitoring to ensure they stayed on the straight-and-narrow all the way to the gold watch and pension. Because that's how we all used to work, at least if we were civil servants or white-collar paper-pushers back in the 1950s. But outside the walled garden of the civil service, things don't work that way anymore. A major consequence of the 1970s resurgence of neoliberal economics was the deregulation of labor markets and the deliberate destruction of the job-for-life culture (partly because together they were a powerful lever for dislodging unionism and the taproots of left-wing power in the West, and partly because a liquid labor market made entrepreneurial innovation and corporate restructuring easier). Government departments may be structured on old-fashioned lines, but their managers aren't immune to outside influences and they frequently attempt reforms, in the name of greater efficiency, that shadow the popular private-sector fads of the day. One side effect of making corporate restructuring easier was the rush toward outsourcing, and today around 70 percent of the U.S. intelligence budget is spent on outside contractors. And it's a big budget—well over $50 billion a year. Some chunks go to heavy metal (the National Reconnaissance Office is probably the biggest high-spending agency you've never heard of: it builds spy satellites), but a lot goes to people. People to oil the machines. People who work for large contracting organizations. Organizations that increasingly rely on contractors rather than permanent labor to retain "flexibility." Here's the problem: The organizations are now running into outside contractors who grew up in the globalized, liquid labor world of Generation X and Generation Y, with Generation Z fast approaching. [...] If I were in charge of long-term planning for human resources in any government department, I'd be panicking. Even though it's already too late. [This is a long but pithy article, pruned extensively for RISKS, although I kept the concluding paragraph above. PGN]
Dan Goodin, Ars Technica, 27 Aug 2013 via ACM TechNews, Wednesday, August 28, 2013 Microsoft and Indiana University researchers have found an architectural weakness in both the iOS and Android mobile operating systems that makes it possible for hackers to steal sensitive user data and login credentials for popular email and storage services. The researchers, in a paper to be presented at the ACM Special Interest Group on Security, Audit and Control's (SIGSAC) Computer and Communications Security Conference in November, found that both operating systems fail to ensure that browser cookies, document files, and other sensitive content from one Internet domain are off-limits to scripts controlled by a second address without explicit permission. The same-origin policy is a basic security mechanism enforced by desktop browsers, but the protection is absent from many iOS and Android apps. The researchers demonstrated the threat by creating several hacks that carry out cross-site scripting and cross-site request forgery attacks. "The problem here is that iOS and Android do not have this origin-based protection to regulate the interactions between those apps and between an app and another app's Web content," says Indiana University professor XiaoFeng Wang. The researchers created a proof-of-concept app called Morbs that provides OS-level protection across all apps on an Android device. Morbs works by labeling each message with information about its origin that could make it easier for developers to specify and enforce security policies based on the sites where sensitive information originates. http://arstechnica.com/security/2013/08/ios-and-android-weaknesses-allow-stealthy-pilfering-of-website-credentials/
Paul Ducklin, Sophos Naked Security, 12 Aug 2013, with comments Filed Under: Android, Cryptography, Data loss, Featured, Google http://nakedsecurity.sophos.com/2013/08/12/android-random-number-flaw-implicated-in-bitcoin-thefts/
Dax Roberts completed a PhD in another department of this university this year. 100 second-hand hard drives were bought. 24 of these still contained private information, 13 of them just plug it in and turn it on and it's there. Four of the 24 were from high schools (none in the Otago region). [Source: the *Otago Daily Times*, 11 May 2013] http://www.odt.co.nz/campus/university-otago/256516/computers-worth-data-left-hard-drives
Lucian Constantin, IDG News Service, InfoWorld, 26 Aug 2013 The agency reportedly cracked the system's encryption to snoop on internal UN communications http://www.infoworld.com/d/security/report-nsa-broke-un-video-teleconferencing-system-225585
"Facial recognition technology has been a sensitive issue for technology companies, raising concerns among some privacy advocates and government officials. Tag suggest, which the company introduced in 2011, is not available in Europe due to concerns raised by regulators. Google's social network, Google+, also employs similar technology, but requires user consent. And it has banned third-party software makers from using facial recognition technology in apps designed for its Glass wearable computer." http://j.mp/1fnmQGM (Guardian)
Vindu Goel, Facebook to Update Privacy Policy, but Adjusting Settings Is No Easier, *The New York Times*, 29 Aug, 2013 [PGN-ed] Facebook announced Thursday that it planned to enact changes to its privacy policies on Sept. 5. But the social network's famously difficult privacy controls will not become any easier to navigate. Mostly, the new data use policy and statement of rights and responsibilities lay out more clearly the things that Facebook already does with your personal information, Ed Palmieri, the company's associate general counsel for privacy, said in an interview. "The updates that we are showing in the red lines are our way to better explain the products that exist today," he said. [...] The old policy explicitly stated, "You can use your privacy settings to limit how your name and profile picture may be associated with commercial, sponsored, or related content (such as a brand you like) served or enhanced by us." Facebook's new language starts with the opposite position. "You give us permission to use your name, and profile picture, content, and information in connection with commercial, sponsored, or related content (such as a brand you like) served or enhanced by us," the company said. "If you have selected a specific audience for your content or information, we will respect your choice when we use it." Mr. Palmieri said the two versions amount to the same thing. It brings to mind Humpty Dumpty in Lewis Carroll's "Through the Looking Glass." As he told young Alice, "When I use a word, it means just what I choose it to mean - neither more nor less." http://bits.blogs.nytimes.com/2013/08/29/facebook-to-update-privacy-policy-but-adjusting-settings-is-no-easier/?nl=todaysheadlines&emc=edit_it_th_20130830
Monica Goyal, *IT Business*, 28 Aug 2013 http://www.itbusiness.ca/blog/the-end-of-groklaw-and-our-online-privacy/42250 opening paragraph: "My personal decision is to get off of the Internet to the degree it's possible. I'm just an ordinary person. But I really know, after all my research and some serious thinking things through, that I can't stay online personally without losing my humanness, now that I know that ensuring privacy online is impossible. I find myself unable to write. I've always been a private person. That's why I never wanted to be a celebrity and why I fought hard to maintain both my privacy and yours." Pamela Jones, Groklaw in her last post.
FYI. If private sector employee, Edward Snowden, could impersonate NSA honchos for the purpose of exposing system flaws and security breaches harmful to the public; then who else could and may have done this for less honorable purposes? Are there several people who knew how to do this and we may never know what info got into the wrong hands? [Sharon Kramer, San Diego, via Dave Farber] Edward Snowden Impersonated NSA Officials: Report "Edward Snowden, the former government contractor who leaked information on the National Security Agency's surveillance programs, impersonated NSA officials in order to obtain files, NBC News reported Thursday. While working for Booz Allen Hamilton, the technology consulting firm that contracted for the NSA, Snowden reportedly used his access as a system administrator to borrow the electronic identities of officials with higher security clearances via NSAnet, the agency's intranet. Snowden reportedly used the identities obtain 20,000 documents containing information on the agency's controversial programs. 'Every day, they are learning how brilliant [Snowden] was, an anonymous former intelligence official told NBC, `'This is why you don't hire brilliant people for jobs like this. You hire smart people. Brilliant people get you in trouble.'' <http://www.huffingtonpost.com/2013/08/29/edward-snowden-impersonated-nsa_n_3837459.html?utm_hp_ref=politics> <http://investigations.nbcnews.com/_news/2013/08/29/20234171-snowden-impersonated-nsa-officials-sources-say?lite> <http://www.huffingtonpost.com/2013/06/24/edward-snowden-booz-allen-hamilton_n_3491203.html> <http://investigations.nbcnews.com/_news/2013/08/29/20234171-snowden-impersonated-nsa-officials-sources-say?lite>.
A 24-year-old Danish man was recently denied entry to the U.S. with his family. He has no criminal record, no known political activities and no known connection to terrorism, but what he did have was a phone number that once belonged to a man with known terrorist ties. http://cphpost.dk/international/dane-denied-entry-us-wrong-phone-number Much more in Danish: http://politiken.dk/search/?q=Tobias%20Linde%20Schanz dr.phil. Donald B. Wagner, Jernbanegade 9B, DK-3600 Frederikssund Denmark, Tel. +45-3331 2581 http://donwagner.dk [Incidentally, there is a fairly comprehensive article on the pluses and minuses of metadata by Jaron Lanier, The Meta Question: What is the NSA doing with your metadata? *The Nation*, 15 Jul 2013, along with subsequent some diverse comments online. PGN] http://www.thenation.com/article/174776/meta-question
There's an easy way for Mr. Obama and the NSA to convince people that the "metadata" that they collect has no privacy implications. They can publish theirs. Publish the "metadata" for all phone calls made to or from the White House and the NSA, whether they be landlines, wireless, or VOIP. Put it on a website with a search engine, and update the data (at least) every day. Marshall Clow, Idio Software mclow.lists@gmail.com
Please report problems with the web pages to the maintainer