The article, "Lawmakers Move to Eject Nude Scanners From New York Airports" by Kevin Poulsen states a movement initiated by a New York lawmaker to ban the use of body scanners in New York Airports, including JFK, where a certain type of body scanners allow security personnel to see through a passenger's clothing. The scanned images are viewed by security personnel in a separate viewing room. Democrat David Greenfield has filed legislation after controversy over the use of around the 350 Advanced Image Technology scanners in 65 airports across America. The method of screening is becoming more widespread with the number of scanners expected to reach 1,000 by the end of 2010.
Greenfield hopes that this legislation, currently filed for New York airports will also spread to other states in the US and ultimately be replaced with other methods of screening. In locations where these scanners are used, passengers can choose to opt out of the screening but are subjected to an aggressive pat down search instead. Thus, Greenfield and his colleagues believe this form of screening makes passengers uncomfortable and leads to privacy concerns for those who do not wish to be screened in this manner. The article also states that there are potential medical concerns associated with back scatter technology used in many of the body scanners, even though the TSA has approved it as a safe technology.
Although the body scanners can be an effective means of detecting unlawful items passengers could carry on flights, it does present a privacy challenge that must be overcome. It is a discomforting feeling to go through this kind of a security check and may give away sensitive information about a passenger that he does not wish to be known. Thus, before employing such techniques, it is important to consider the acceptability of the technology as well. Although there is an alternate method offered to the scanners, that may also be discomforting for travelers who do not wish to be aggressively screened. Agreed, that security is a top priority for the government but when it involves privacy rights of individuals, decisions favoring only one aspect cannot be taken. If passengers protest to the use of nude scanners, they ought be removed and a better alternate be put in place.
Thursday, November 18, 2010
Contentious IP protection bill heads for Senate debate
The article, "Contentious IP protection bill heads for Senate debate", by Jaikumar Vijayan reports an IP protection bill that has been unanimously passed by the Senate Judiciary Committee and is headed to the Senate for approval. The Combating Online Infringement and Counterfeits Act (COICA) allows the US Department of Justice (DOJ) to close down websites hosting copyrighted or counterfeit content by requiring both the registrars as well as Internet Service Providers to block access to pirated websites. This comes in the continued efforts of the DOJ to protect US intellectual property rights against the loss of millions of dollars and thousands of jobs that piracy costs the US economy each year.
While this bill has been heavily backed by the entertainment industry including the Motion Picture Association of America, Newspaper Association of America, and US Chamber of Commerce, it faces strong opposition from privacy advocates who claim that bill gives too much power to the DOJ because websites blacklisted by them can be made to disappear from the internet even if they do not host any illegal content and only link to infringing sites. However, in their defense, the supporters say that these strict measures will only be taken against the worst offenders. Nonetheless, the opponents feel the bill will thwart "the next generation of innovative websites" such as You Tube and could prove counterproductive because these websites are in fact the best way to pay artists of today's era.
Although it may seem harsh, I believe the COICA bill is undoubtedly the right step forward in fighting piracy. It is a large and organized network that can only be broken using the strictest methods. Because pirated websites are mostly hosted outside the US, this law binding bill will help fight piracy on a global level by requiring all registrars and ISPs to block genuinely infringing sites. Intellectual property has an equal right to be safe guarded as physical property, yet, shutting down even those websites which only link to infringing sites may be too harsh a punishment. Perhaps these websites must first be strongly cautioned and banned only if they continue to violate intellectual property rights. Also, while cracking down on piracy, the DOJ must take certain measures to ensure legal websites such as You tube or its successors are not negatively impacted and that creativity and innovation are encouraged.
While this bill has been heavily backed by the entertainment industry including the Motion Picture Association of America, Newspaper Association of America, and US Chamber of Commerce, it faces strong opposition from privacy advocates who claim that bill gives too much power to the DOJ because websites blacklisted by them can be made to disappear from the internet even if they do not host any illegal content and only link to infringing sites. However, in their defense, the supporters say that these strict measures will only be taken against the worst offenders. Nonetheless, the opponents feel the bill will thwart "the next generation of innovative websites" such as You Tube and could prove counterproductive because these websites are in fact the best way to pay artists of today's era.
Although it may seem harsh, I believe the COICA bill is undoubtedly the right step forward in fighting piracy. It is a large and organized network that can only be broken using the strictest methods. Because pirated websites are mostly hosted outside the US, this law binding bill will help fight piracy on a global level by requiring all registrars and ISPs to block genuinely infringing sites. Intellectual property has an equal right to be safe guarded as physical property, yet, shutting down even those websites which only link to infringing sites may be too harsh a punishment. Perhaps these websites must first be strongly cautioned and banned only if they continue to violate intellectual property rights. Also, while cracking down on piracy, the DOJ must take certain measures to ensure legal websites such as You tube or its successors are not negatively impacted and that creativity and innovation are encouraged.
Friday, November 12, 2010
Nobel Prize invite is a virus!
The article, "Nobel Prize invite is a virus!", reports the latest virus attack targeted at the Nobel Prize website. The virus is disguised an an email containing a PDF attachment from the Oslo Freedom Forum that invites users for a Noble Prize ceremony in December and allegedly unleashes a Trojan attack that can infect any computer that the email is opened on. The email claims the Nobel Prize awarded to Chinese dissident Liu Xiaobo will be given in an official ceremony in Oslo. At this moment, security experts have not been able to trace the source of the attack. This Trojan is one of a series of cyber attacks targeted at the Nobel Peace Institute in the recent past.
The Nobel Institute director, Geir Lundestad was also the target of a phishing attack in an email that appeared to be legitimately sent from a technician of a company that works with the Nobel Institute. In the email, Lundestad was asked to reveal his user name and password which he fortunately, decided not to give away and contacted the Norwegian authorities instead. Two weeks ago, the official website of the Nobel Prize was also targeted by a cyber attack. The source of this attack was traced to an IP address of a University in Taiwan but experts believe the exact location of the attack cannot be determined simply by the IP address because attackers often use different computers to hide themselves. It is being said that the same source could be behind the Trojan attack as well.
Here is yet another story about malware causing problems for computer users. Attacks of this nature are all too common in today's age and as I have stated previously, the only effective way of avoiding them is to be cautious in opening unknown emails. Any emails suspicious of containing viruses must be promptly reported to appropriate authorities, as the Nobel Institute director rightly did. Moreover, users must set their spam control to strict settings that would block emails from unknown sources. Although this could block certain legitimate emails as well, it is an effective control over malware attacks and would make users less susceptible to them.
The Nobel Institute director, Geir Lundestad was also the target of a phishing attack in an email that appeared to be legitimately sent from a technician of a company that works with the Nobel Institute. In the email, Lundestad was asked to reveal his user name and password which he fortunately, decided not to give away and contacted the Norwegian authorities instead. Two weeks ago, the official website of the Nobel Prize was also targeted by a cyber attack. The source of this attack was traced to an IP address of a University in Taiwan but experts believe the exact location of the attack cannot be determined simply by the IP address because attackers often use different computers to hide themselves. It is being said that the same source could be behind the Trojan attack as well.
Here is yet another story about malware causing problems for computer users. Attacks of this nature are all too common in today's age and as I have stated previously, the only effective way of avoiding them is to be cautious in opening unknown emails. Any emails suspicious of containing viruses must be promptly reported to appropriate authorities, as the Nobel Institute director rightly did. Moreover, users must set their spam control to strict settings that would block emails from unknown sources. Although this could block certain legitimate emails as well, it is an effective control over malware attacks and would make users less susceptible to them.
Two of FBI’s ‘Most Wanted’ Cyber Crooks Captured
The article, "Two of FBI’s ‘Most Wanted’ Cyber Crooks Captured", reports the capture of two of the most wanted cyber criminals on FBI's list, Dorin Codreanu and Lilian Adam, who were arrested in Wisconsin for their alleged involvement in an international bank fraud where they stole millions of dollars from US bank accounts by using false identities. The accounts were reportedly affected by a type of malware called the Trojan Zues as well as other types of malware. The cyber criminals were on the run since September 30th and have been listed by the FBI as international hackers.
In an attempt to capture the remaining 11 fugitives, FBI is asking anyone who has about the whereabouts of these criminals to notify the FBI or the local police in helping to punish the hackers. In total, 37 defendants were charged in this bank fraud case of which, nine were arrested in New York, one in Pittsburgh, and 10 others in the past year. FBI Agent Richard Kolko says the following:
In an attempt to capture the remaining 11 fugitives, FBI is asking anyone who has about the whereabouts of these criminals to notify the FBI or the local police in helping to punish the hackers. In total, 37 defendants were charged in this bank fraud case of which, nine were arrested in New York, one in Pittsburgh, and 10 others in the past year. FBI Agent Richard Kolko says the following:
" These two were on the run, but they could not outrun the FBI... The FBI is determined to track them down and arrest them. "It is heartening to see the FBI is taking strict and apt measures to track down cyber criminals. They are just as serious a threat as other criminals and it is crucial we recognize the need for strict punishment against cyber attacks. Crime on the Internet is no longer restricted to individuals and is instead, an organized network of crime across the globe. If these criminal networks are let to grow, they will only flourish and cause more damage to governments and citizens alike. The fact that a top agency such as the FBI is heavily involved in fighting cyber crime not only eludes to its growing number of occurrences, but also shows that it is an area of crime that cannot be taken lightly. Also, it shows the seriousness of malware attacks and that they can do much more than simply infect computers with annoying viruses; they have the dangerous ability, as this case demonstrates, to hack into financial institutions such as banks and cause millions of dollars in loss.
Monday, November 1, 2010
Concerns grow over cellphone security
In the article, "Concerns grow over cellphone security", Chris Kridler reports the vulnerabilities contained in cell phones and how the mobile devices are becoming just as vulnerable as PCs and laptops. The operating system on the devices allows users to use them in much the same way as they use computers, but also brings with it, security risk. Kridler describes an experiment a resident of Florida conducted when his friend told him of a phone app that could allow him to sneak into his wife's Iphone and download her contacts list. Experts believe it won't not long before malicious programs like this one target cell phones.
A security company has recently exposed a type of malware that targets the Android OS by Google. In the scam, a link on an adult site prompts users to download a media player and then seeks the user's permission to send text messages. Most users are unaware of the cost associated with such a request and may innocuously give consent to sending the text messages; however, the program sends text messages to a premium phone number costing a pricey $6 per text. Users do not even realize the loss they incur until they get their monthly bills, many days later. As a precaution, security experts advice users to always keep their phones up to date with the latest software and security patches. The article ends with a quote that aptly sums up the situation surrounding cell phone security today.
A security company has recently exposed a type of malware that targets the Android OS by Google. In the scam, a link on an adult site prompts users to download a media player and then seeks the user's permission to send text messages. Most users are unaware of the cost associated with such a request and may innocuously give consent to sending the text messages; however, the program sends text messages to a premium phone number costing a pricey $6 per text. Users do not even realize the loss they incur until they get their monthly bills, many days later. As a precaution, security experts advice users to always keep their phones up to date with the latest software and security patches. The article ends with a quote that aptly sums up the situation surrounding cell phone security today.
"I think the sense that we all have is we're just waiting for the floodgates to open."The article raises fair concern over the security issues of mobile devices; users of cell phones carry loads of personal information on it, especially on new devices such as Iphones and Ipads. Although this is a convenience feature, it also poses a major risk to privacy and security if the operating system on the device contains security loopholes. It is needless to say that with the huge increase in the number of mobile devices, they will be the next major target of malware authors. What this requires of software developers is that they employ serious security measures in mobile devices also. Furthermore, there must also be more awareness and caution on the part of users. Also, some features that the average user may not require can be disabled by OS as a default; giving users extra features that they would probably not require or use increases the risk because added features are usually a trade off against security.
Student creates tool to fight Facebook hacking on WiFi
The article, "Student creates tool to fight Facebook hacking on WiFi"reports a new add-on for Firefox, named FireShepard that counters the controversial FireSheep tool that allows anyone logged onto a wireless public network to see accounts of other people also on the network. In its first 24 hours, Firesheep was downloaded over a 129,000 times and although developed with good intentions by a Seattle developer, gives hackers the easy tool they needed to hack into social networking accounts. To counter this dangerous add-on, a student of the University of Iceland has programmed another tool that can protect users accessing accounts on public wi-fi.
FireShepard works by flooding the network with so many packets that it prevents Firesheep from working correctly. However, FireShepard should not be expected to protect from all hacking methods and may not work for sophisticated attacks. Thus, users must still not drop their guard when using wi-fi in public places. Meanwhile, the developer of Firesheep, Eric Butler, has put the onus on social networking sites to take responsibility and protect users who trust them to provide reliable services. He claims that his motivator for creating Firesheep in the first place was to force these websites, who have been shrugging their responsibility, to take measures to ensure that users are provided with a safe browsing experience.
Butler does make a valid argument in demanding websites to take responsibility to make data on their sites more secure, but it cannot simply be expected for websites take all the blame. Even if it was developed for a good purpose, Butler cannot deny the innumerable ways in which FireSheep can cause harm to user accounts, many of which may have already been hacked into. Also, it is quite commendable for an antidote to Firesheep already been developed so soon, but I believe it is Firefox that must step up and also take responsibility for the dangerous add-on it offers as a part of its browser. It seems the most effective and quick remedy to counter Firesheep is not FireShepard, although it is a good attempt, but rather, Firefox taking moral responsibility and removing Firesheep as an add-on with immediate effect.
FireShepard works by flooding the network with so many packets that it prevents Firesheep from working correctly. However, FireShepard should not be expected to protect from all hacking methods and may not work for sophisticated attacks. Thus, users must still not drop their guard when using wi-fi in public places. Meanwhile, the developer of Firesheep, Eric Butler, has put the onus on social networking sites to take responsibility and protect users who trust them to provide reliable services. He claims that his motivator for creating Firesheep in the first place was to force these websites, who have been shrugging their responsibility, to take measures to ensure that users are provided with a safe browsing experience.
Butler does make a valid argument in demanding websites to take responsibility to make data on their sites more secure, but it cannot simply be expected for websites take all the blame. Even if it was developed for a good purpose, Butler cannot deny the innumerable ways in which FireSheep can cause harm to user accounts, many of which may have already been hacked into. Also, it is quite commendable for an antidote to Firesheep already been developed so soon, but I believe it is Firefox that must step up and also take responsibility for the dangerous add-on it offers as a part of its browser. It seems the most effective and quick remedy to counter Firesheep is not FireShepard, although it is a good attempt, but rather, Firefox taking moral responsibility and removing Firesheep as an add-on with immediate effect.
Wednesday, October 27, 2010
Hacking the Vote
The article, "Hacking the Vote", states the security vulnerabilities contained in present day online voting systems. In an experiment conducted by University of Michigan professor, Alex Halderman and colleagues at Princeton University, legal government voting machines were purchased and tested to see how easily they could be hacked into. The results showed that hacking into the voting machines was as "easy as picking a cheap lock". The researchers could easily reprogram the memory card inside the machines and steal votes from one candidate to another, and even transfer them from state to state. To further illustrate the poor security of the machines, researches even replaced the election software with the video game, Pac-man.
The government is seriously contemplating replacing paper ballots with online voting machines and it has already registered 9 million citizens who can use the technology in elections this November. However, the experiments indicate that the government might need to wait a little longer, which is what Washington D.C has decided to do, by abandoning online voting, at least for this year and explore the option only when it is more secure and reliable. Halderman suggests an alternate way of using online voting that can minimize the risk of fraud. He recommends voters filling out a paper ballot that is scanned and stored electronically on the computer. This option is more secure because election officials can double check and ensure the paper ballots and scanned ballots match.
This seems to be yet another reason for relying 100% on technology. Manual paper methods may not be as effective and fast as electronic means, but they are undoubtedly more secure than the online voting systems that were tested. This does not eliminate the possibility of developing secure systems in the future, but it only proves that governments must not be hasty in employing electronic methods unless they are sure of its reliability, because much is at stake. For now, if online systems are to be used at all, as Prof. Halderman suggests, paper ballots can be scanned and stored electronically. However, even if voting machines are made secure in the future, it does not guarantee reliable results as hackers are relentlessly looking for ways to attack even the most secure online systems. There are serious trade-offs that the government must contemplate before replacing paper voting with online systems.
The government is seriously contemplating replacing paper ballots with online voting machines and it has already registered 9 million citizens who can use the technology in elections this November. However, the experiments indicate that the government might need to wait a little longer, which is what Washington D.C has decided to do, by abandoning online voting, at least for this year and explore the option only when it is more secure and reliable. Halderman suggests an alternate way of using online voting that can minimize the risk of fraud. He recommends voters filling out a paper ballot that is scanned and stored electronically on the computer. This option is more secure because election officials can double check and ensure the paper ballots and scanned ballots match.
This seems to be yet another reason for relying 100% on technology. Manual paper methods may not be as effective and fast as electronic means, but they are undoubtedly more secure than the online voting systems that were tested. This does not eliminate the possibility of developing secure systems in the future, but it only proves that governments must not be hasty in employing electronic methods unless they are sure of its reliability, because much is at stake. For now, if online systems are to be used at all, as Prof. Halderman suggests, paper ballots can be scanned and stored electronically. However, even if voting machines are made secure in the future, it does not guarantee reliable results as hackers are relentlessly looking for ways to attack even the most secure online systems. There are serious trade-offs that the government must contemplate before replacing paper voting with online systems.
Subscribe to:
Posts (Atom)