Chrome condition of service that effectively lets Google use any of
your copyrighted material posted to the web via Chrome without paying
you a cent.

Bookmark to:

I read just read this article Best Western and the worst kind of security mix-up. Over the past couple of days it has emerged that customer details, including name, address, phone and credit card numbers were stolen when Best Western were hacked by an Indian hacker with ties to the Russian Mafia.

What needs to be further highlighted is that as we commit more information to electronic storage and retrieval, it is more vulnerable. As we have see in the past year of data loses, vast amounts of information can be lost or exposed through very simple human error or negligence.

Tougher encryption and security is also a joke. In the programming world it is well know that if you can code it, you can hack it. Examples of so called unbreakable security are the DVD format and the security researchers cloning the new passport chips.

We are truly heading towards an information age where there are no secrets, regardless of the noise government makes. Big Brother is its own worst enemy. The traditional idea of security has to be radically rethought.

We are seeing this theme being played out currently in the world of software development, especially with web browsers and Operating Systems. We see the realm of Open Source where vulnerabilities are publicly acknowledged and addressed verses proprietary commercial software where the mantra is security through obscurity (Apple) and denial (Macintosh).

Last year on Google Maps you could go and look at satellite images of a top secret US Navy submarine in dry dock. The US military screamed to take down the images. D'uh hello? If a commercial satellite snapped pictures of this submarine with out looking for it, what about all of the spy satellites that are?

It all goes to show that our concept of security is no more than just that, a concept, or at worse a dangerous expensive joke.

Bookmark to:

Last year a story emerged that security researchers managed to skim information at a distance from an Radio Frequency Identification (RFID) card and clone it. This has ramifications for many things as the technology is used for, entry to secure buildings, passports and transport cards.

It is with transport cards, namely London's Oyster card that the issue has arisen again with another security hole found by Dutch researchers. They managed to clone an oyster card to a standard building security entry card which uses the same technology. They then travelled to London to test their clone, travelling for a full day on the London Tube with no problems.

Apparently the hardware required to skim the information is relatively cheap and can easily be used with a standard laptop, making RFID cards and passports vulnerable to anyone with know-how and inclination.

More detail about this story can be found in the following article: "Group Demonstrates Security Hole in Oyster Card".

Bookmark to:

The annual McAfee Virtual Criminology Report was released yesterday warning of a rise in international cyber spying, labelling it the single biggest threat to digital security.

McAfee estimates 120 countries are now using the Internet for Web espionage operations.

Cyber-attacks on private and government Web sites in Estonia in April and May this year were "just the tip of the iceberg", the report warned.

Estonia said thousands of sites were affected in attacks aimed at crippling infrastructure in a country heavily dependent on the Internet.

As well as communications, everything from stock orders, inventory checks, banking and salary payments are all made electronically the world over.

Ian Grayson suggests in his post "Email - what if the flow just stopped?", that we should not be relying souly upon digital records but also keep some back up methods of the traditional and papery kind, in the event that anything drastic should happen. At least business will be able to continue in some manner rather than completely grind to a halt.

Bookmark to:

Careful what you post online, be very careful.

Steven J. Murdoch , a security researcher at the University of Cambridge Computer Laboratory recently had his WordPress blog hacked. The hacker created an administrator account on the blog. However Steven quickly deleted it. He then began investigating how this happened. In the process of doing this he was curious about the password that the hacker used.

WordPress stores raw MD5 hashes in the user database. It is believed to be computationally infeasible to discover the input
of MD5 hash from an output. Someone would have to try out all
possible inputs until the correct output is discovered.

Steven looked at various lengthy methods of uncovering the password, but in the end he turned to Google. It seems that many sites use hashing for query strings. His search led him to a genealogy page with the surname of Anthony. Bingo, this was indeed the password.

More detail can be found in his original posting about Google as a password cracker.

Bookmark to:

We are more frequently questioning how much information should
organizations, especially commercial ones keep on us, and what should
they be allowed to do with it. Adam Ostrow's recent posting "My Soul, and 10 Other Things that Google Owns" on Mashable.com shows just how far Google has you wrapped up in its tentacles.

• Feedburner
• Gmail
• Gchat
• Adsence
• Google Calendar
• Google Checkout
• You Tube and Google Video
• Blogger
• Google Maps
• Gooble Apps

With all of these, Google can cross reference your activities, contacts, purchases and interests. Do we know what Google does with all of this information? No. Can we be assured that our private information won't become exposed, through accident, court order or secret government spying? No.

The likes of Google are banks, banks for information. Just like financial banking institutions it's easy to deposit, harder still to withdraw or gain co-operation.

Bookmark to: