Archive for the 'Privacy' Category

There’s a wonderful quote in the Hitchhiker’s Guide to the Galaxy: “The Ravenous Bugblatter Beast of Traal [is] a mindboggingly stupid animal, it assumes that if you can’t see it, it can’t see you- daft as a bush, but very ravenous.” Here on the Internet, we face a related problem. Every time we type something […]

Read Full Post »

Recently, a friend of mine received a letter from Bank of America informing her that “some credit card information on your Bank of America account may have been compromised at an undisclosed third-party location.” The letter went on to state that BofA had reviewed her account and saw “no evidence that your account has been […]

Read Full Post »

If your medical data, credit card number, Social Security number, personal email, or other information were stolen, would you even know about it? After ten years handling incident response and forensics, I’ve been repeatedly shocked at the number of times that organizations sweep data breaches under the rug. When upper management is notified of a […]

Read Full Post »

Governments store and gather a *lot* of private information about everyday citizens, in order to provide you with services such as health, transportation, safety, education, taxation, and much more. How much of this will be handed over to private IT companies such as Google in the rush to the “cloud”? What will happen to it […]

Read Full Post »

Recently I saw an ad which read: “Over 60% of the U.S. state governments have gone Google.” Does this mean that we’ve now handed the majority of our state governments’ operational data to a single privately-controlled company which has well-publicized partnerships with other governments such as China? To find out more, I contacted Google’s press […]

Read Full Post »

‘”Until the first blow fell, no one was convinced that Penn Station really would be demolished, or that New York would permit this monumental act of vandalism against one of the largest and finest landmarks of its age of Roman elegance.” (New York TImes) ‘”Its destruction left a deep and lasting wound in the architectural […]

Read Full Post »

UPDATE: The Metropolitan Detention Center has confirmed that Mr. Mocek was arrested and is currently being held for $1000 bail. He is being charged with “concealing identity, disorderly conduct, refusing to obey an officer, and criminal trespass.” (1:40PM, 11/16) Today a traveler going through the Albuquerque airport was arrested after politely refusing to show his […]

Read Full Post »

Swiping Your Identity

Today a local liquor store decided to swipe my identification card into their computer systems for the first time. Here’s my response. To the management of Local Liquor Store*, I’ve been a customer of your store for about a year now. My husband and I stop by to stock up for parties. Your staff are […]

Read Full Post »

Here’s a real copy of an American citizen’s DHS Travel Record retrieved from the U.S. Customs and Border Patrol’s Automated Targeting System (ATS). This was obtained through a FOIA/Privacy Act request and sent in by an anonymous reader (thanks!) The document reveals that the DHS is storing the reader’s: Credit card number and expiration (really) […]

Read Full Post »

Here’s where you can download my “scary” DEFCON presentation: Reverse of the United States Great SealNovus Ordo Seclorum“A New Order of the Ages” “Death of Anonymous Travel”DEFCON 2009 – PDF MD5sum: c772681c37c9ad5d210c19c12eb43095 Thanks to everyone who sent in comments, suggestions, and encouragement. (Special thanks to the EFF lawyers for reviewing this beforehand– you guys rock!) […]

Read Full Post »

Bobby Dominguez wrote in to report on how the DHS is automatically collecting full travel itineraries, including hotel reservations, from electronic booking systems. He writes: “I recently requested my “file” from the Dept of Homeland Security – Customs. It was interesting to see that they not only knew every flight I took, but also all […]

Read Full Post »

This week I’m trying to think positively about mass surveillance. It seems inevitable, after all. “Iran’s Web Spying Aided By Western Technology,” read the front page of the Wall Street Journal a few weeks ago. “European Gear Used in Vast Effort to Monitor Communications.” Judging by the Intelligence Support Systems industry marketing brochures, Iran’s “monitoring […]

Read Full Post »

Kindle Spying

Josh Wright recently purchased a new Kindle. Surprisingly, when he downloaded one of his books onto the new Kindle, it offered to open it to the page where he had left off on his old Kindle. In other words, Amazon tracked not just the books he was reading, but specifically which sections of the book […]

Read Full Post »

Walking into the doctor’s office, I was surprised to see a new sign in front of the receptionist, which read: “Red Flag Identity Theft Rule We are now required by law to ask for a Photo ID at the time of each visit. Please have your Photo ID ready for the receptionist to scan.” As […]

Read Full Post »

On May 15, the first phase of TSA’s Secure Flight program took effect after years of development. By the end of the year, when you book a flight, the airline will send your name (as specified on your government-issued ID), birthdate, gender, and itinerary to TSA’s centralized Secure Flight system, where you will be checked […]

Read Full Post »

Squid Forensics

Cephalopod autopsies? Nope, today’s article is about conducting forensics on a Squid web proxy/cache. Just as complicated, but less smelly. Chances are pretty good that you’re reading this page through a web proxy right now, especially if you’re in an enterprise environment. Web proxying and caching have become increasingly popular, for both filtering traffic and […]

Read Full Post »

I love the Minneapolis airport. For an information security geek, it never fails to provide some interesting gem. Wandering through the airport this week I ran across a Delta “Helpline” kiosk (formerly Northwest’s Rebook Service Center). Every time I walk through the airport I see these gray kiosks closed up and pushed aside in some […]

Read Full Post »

This week, IBM ran a full-page ad in the Wall Street Journal, which advertised that: New York’s “Real Time Crime Center can quickly query millions of pieces of information to uncover previously unknown data relationships and points of connection.” In Poland “personal and vehicle IDs can be instantly checked in an EU-wide database.” In Chicago: […]

Read Full Post »

No matter where you go, your computer leaves footprints on the network. When you connect to the network, logon to your workstation, or surf the web, these activities leave trails throughout your employer or ISP’s network– even when the administrators are not deliberately trying to monitor your activity. Forensic analysts traditionally focus on hard drive […]

Read Full Post »

Last week marked the original official deadline for the Digital Television Transition, after which analog television broadcasts would be terminated. (The official deadline was recently extended to June 12, 2009.) To ease the transition, the US government launched the TV Converter Box Coupon Program, which “allows U.S. households to obtain up to two coupons, each […]

Read Full Post »

Next »