Rossander’s Security Reader

The Forbidden History of Unpopular People (Why Free Speech is Worth the Price)

Mike Rossander — Fri, 08 Jun 2012 18:46:28 +0000

This video was created in response to a censorship law in Australia. It’s a terrific video, though, and all too applicable to the US. Please watch and pass it along.

Reposted with permission.

ESR on “Hollywood is pro-technology and pro-Internet”

Mike Rossander — Tue, 15 May 2012 11:40:43 +0000

Eric S Raymond (aka ESR, one of the founders of the Open Source software movement and outspoken computer advocate) wrote a scathing letter to former Senator and current Chairman of the MPAA, Chris Dodd over his claim that “Hollywood is pro-technology and pro-Internet.”

ESR’s letter is worth a read, especially if you care about copyright, privacy and the long-term function of the Internet. Read it here.

Dear Google User: We’re Sure You’re Going to Love This

Mike Rossander — Sat, 31 Mar 2012 12:53:54 +0000

online.wsj.com/Dear Google User

Very funny. Depressing, but funny.

Password joke

Mike Rossander — Thu, 08 Mar 2012 14:20:23 +0000

During a recent password audit by a company, they found that one employee was using the following password:

“MickeyMinniePlutoHueyLouieDeweyDonaldGoofySacramento”

When asked why she had such a long password, she rolled her eyes and said: “Hello! It has to be at least 8 characters long and include at least one capital.”

Sounds like a pretty good password to me.

Privacy Rights Clearinghouse launches new Complaint Form

Mike Rossander — Fri, 17 Feb 2012 21:45:54 +0000

The Privacy Rights Clearinghouse launched a new online complaint form to give consumers a better way to speak out about privacy concerns.

The PRC is a non-profit, consumer advocacy and education organization established in 1992 to:

Raise consumers’ awareness of how technology affects personal privacy.
Provide practical tips on privacy protection.
Respond to specific privacy-related complaints from consumers, and when appropriate, intercede on their behalf.
Advocate for consumers’ privacy rights in local, state, and federal public policy proceedings, including legislative testimony, regulatory agency hearings, task forces, and study commissions.

The PRC has done some outstanding work in the past and I’ve written about them before but they’ve always been hampered by the fact that most consumers suffer in silence. When they don’t get data about privacy abuses, they can’t act to fix them.

The new online form should make it easier for customers to report infractions, bad corporate policies and other privacy problems. If you have a privacy concern, please don’t hesitate to report it and please give the PRC permission to include your complaint in their reports to the media and/or to the Federal Trade Commission.

NSA Online security scam

Mike Rossander — Thu, 21 Jul 2011 13:26:31 +0000

It’s an interesting morning. I received three spam messages in rapid succession, each alleging to come from “NSA online security” and reporting a “critical vulnerability” in “a certain types of our token devices.” While I don’t expect perfect grammar from a government functionary, the mistakes in this email were pretty obvious. The alleged link to “fix” the problem point to “national-security-agency.com” which looks pretty plausible until you remember (or look up) that the real NSA uses the domain nsa.gov.

What’s interesting about this case is that it’s a fairly blatant example of an attempt to turn your computer into a zombie using the ZeuS Command&Control attack. If I had been stupid enough to click the link, I would have launched an executable program that would log every keystroke that I make on the machine and that would grab a copy of every form I fill out online. Since that would include my online banking login page, it would have given the hacker access to all my banking information.

ZeuS is a moderately old Trojan Horse but it is remarkably difficult for anti-virus programs to detect, even when kept completely up-to-date. ZeuS is alleged to be one of the largest botnets in the world, infecting some 3.6 million computers in the US alone.

The continued success of attacks like this show why you can never rely only on your anti-virus software. Read your email carefully, be suspicious and never click a link if you’re not sure that it’s safe to do so. Remember – it’s not paranoia when they really are out to get you.

Know Your Electronic Rights

Mike Rossander — Tue, 28 Jun 2011 13:50:26 +0000

I seem to be thinking about privacy as much as security lately. Unfortunately, much of that privacy is from our own government. The Fourth Amendment protects us from unreasonable government searches and seizures but there’s a great deal of confusion about what that means in the context of your computer, cell phone, iPad, thumbdrives, etc.

The Electronic Freedom Foundation published a short quiz (10 questions) to test how much you really know about the Fourth Amendment. I strongly recommend it. Even if you think you will never be pulled over or served with a warrant, you have a responsibility to be an informed citizen.

Facebook Facial Recognition Privacy Threat

Mike Rossander — Mon, 13 Jun 2011 20:09:33 +0000

Facebook’s new tag suggestion feature works by using facial recognition technology to evaluate photos in which you’ve already been tagged and then suggests your name when friends upload a photo that looks like you.

Like most new Facebook features, this is turned on by default, once again proving that Facebook just doesn’t get it about privacy. If you would prefer not to have Facebook store your “photo comparison information”, you need to opt out manually. The Electronic Freedom Foundation published a great video showing three ways to delete your “facial fingerprint” from Facebook.

The short version is:
Account/Privacy Settings/Customize Settings/Suggest photos of me to friends/Disable
followed by
Help Center/Photo tagging/How can I remove the summary information stored about me for tag suggestions? and click “contact us”

It’s a short video but well worth watching.

Security lessons from history

Mike Rossander — Thu, 02 Jun 2011 01:30:28 +0000

Here are a collection of articles about applying Bronze and Iron Age concepts to modern security. Some of the ideas seem a bit radical but I think they are worth contemplating.

ATM skimmers in NE Ohio

Mike Rossander — Sun, 19 Dec 2010 02:03:09 +0000

Yesterday, I had the chance to get a security briefing from the local FBI office. They are reporting a wave of ATM skimmers discovered in the last 30 days in Kent, Stow and Cuyahoga Falls. So far, the financial losses have been low and they are working hard to catch this ring of thieves before they move to some other area.

In the meantime, the FBI recommends that you use the “wiggle test” at ATMs and gas pumps. ATM skimmers are glued onto the front of the existing machine. If something looks even slightly out of place or sticks up from the face of the machine, give it a good yank. If it feels loose (or worse, something comes off), immediately report it to the merchant. And if it just looks suspicious, well, take your business somewhere else.