This week we wrap up the Data Leaks series, explaining the ideas, and risks, of location- based services (LBS).
Imagine someday in the future walking into the food court at the mall and being pummeled with text messages from every vendor, each trying to entice you over to their counter, offering coupons and deals tailored to you.
How did they know when to text you? Your cell phone service provider told them you were in the area, and the clock told them it was the lunchtime hour. [Read More…]
This week the Data Leaks series explores another troubling piece of hackery, the rootkit. Today we are going to investigate what they are, what they do, and why you should care about them.
Unfortunately, there will be neither be a “how to detect them” or a “what to do about them” segment. Why? Despite the existence of rootkits on traditional computing platforms for years, i.e. desktops and laptops, the ability to detect and/or prevent their installation is a hard problem. Personally, I’d rather tackle world peace than the rootkit problem—it is that hard to solve. [Read More…]
There’s a great Wiki that Wired has just put together that provides the low-down on how to disable Facebook Places, a new feature of Facebook that allows you to share your “whereabouts” with your friends.
So why would you want to disable this? Besides the obvious security reasons, like how you shouldn’t be leaving your current location anywhere on your social media outlets, this new service can be used by your friends without you knowing it.
Just like they can tag your face in a photo, causing that photo to be associated with your account, your Facebook friends can tag you as being at a location, “checking you in” to a place on your behalf. The fact you’re at a location will show up on your Wall, and your friends will see your face appear on the Facebook page of that bar, restaurant or strip club under a list of “People here now.” You’ll receive a notification that you’ve been tagged (just like a photo) and you can go into Places and un-tag (un-check-in) yourself.
Last week we kicked off a four-part series on Data Leaks with a lead article about vehicular data leaks. In today’s article, we’ll be diving into the realm of free WiFi.
This series is designed to look at how ordinary things we take for granted encroach on our perception of privacy. This series isn’t about ridiculously risky, yet highly popular, opt-in social networks—like blippy, a web site that divulges recent shopping details via sharing credit-card bills among friends.
If any member of this site participates in blippy.com, stay put—the black rendition van is on its way to your location at this very moment to knock some sense into you.
Instead, the Data Leaks series focuses on unexpected data leaks; ways you might be leaking the personally identifiable information that data thieves profit from. This week’s article leaves the car in the garage and focuses on the coffee joint around the corner where you login to pay your bills each month. [Read More…]
One way to mitigate that risk is to carefully consider your privacy settings at social networking sites. Last week I presented the DefCon/Black Hat roundup, announcing a four-part series that inspects how ordinary things we take for granted encroach on our perception of privacy, much more so than opt-in social networking sites.
Today we’ll get into the first article in the data leaks series, how my car betrays me. [Read More…]
Today we’re surrounded by massive computational power and vast communication systems. When you visit your bank’s site, you don’t think about negotiating cryptographic keys and verifying digital signatures. When you talk on a cell phone, you don’t have to worry about COMSEC (supposedly).
Not too long ago, however, a “computer” was a young woman at a desk, and cryptographic links were short messages. In this article, I’ll show you proven, uncrackable encryption scheme that can be done with pencil and paper. If properly implemented, One Time Pad encryption can be used in virtually any medium, and is still used by our favorite black helicopter organizations to conduct missions abroad. [Read More…]
The web has forever changed the way we socialize. Twitter, Facebook, LinkedIn, MySpace, Blogs, and other less popular sites all represent you in the digital realm.
The bottom line is this: when the 1’s and 0’s start flowing across the ether, you are exposing yourself to all of the web’s vagrants. Paradoxically, if you decide not to participate in all these sites, you are exposing yourself.
When I was in elementary school, my father and brother helped me build my first computer; I had scavenged the parts from the obsolete equipment my school was throwing out.
I had only the vaguest idea of what we were doing, but I distinctly remember firing up a word processor and finding several letters written by former teachers of mine still on the hard-drive. Unfortunately, this kind of leak is not unique.
Just yesterday, an acquaintance told me how he used to dumpster dive at a computer disposal plant and found several hard-drives from the Wisconsin Department of Justice. Unencrypted.
If one wanted to earn a profitable living as a “market researcher”, identity thief, or foreign intelligence agent, buying liquidated computer equipment or working for a photocopier leaser would be a good place to start. Recovering even so-called deleted data is relatively easy with off-the-shelf software and a little know-how.
This article attempts to first explain how data storage works, dispel some of the myths around data destruction, and then tell you how to actually blow that data into oblivion.