Archive for the Privacy Category

Internet Safety Act

Posted February 21, 2009 at 11:07 pm in News, Privacy | No Comments

In response to an article written by CNET, Bill proposes ISPs, Wi-Fi keep logs for police, I’d like to know when I will be paid for collecting information that “police officers” are employed to do considering they can already do whatever they want under the Patriot Act.

I could care less that hotels and coffee shops maintain this information, as it makes sense for this to be occurring, but home users? This smells of violation; violation of the 5th Amendment. A law enforcement agency will tack on an offense of not maintaining logs for two years onto someone who used technology inappropriately (in their opinion) and this will be taken up the judicial tree. It’s going to happen.

The best Congress could do was tell us it’ll help protect the children? Couldn’t they have at least told us it would save democracy from communism?

P.S. Am I now able to write off my hard disks for tax purposes as they now serve a government function?

Facebook attacks likely to rise

Posted January 30, 2009 at 10:41 pm in Privacy | 2 Comments

The Red Tape Chronicles over at MSNBC.com have posted an interesting story titled Facebook ID theft targets ‘friends’ that highlights an attack on Bryan Rutberg. The jist of the article revolves around Mr. Rutberg’s Facebook ID being hacked and then exploited for money. In typical playbook manner the hackers managed to crack his password, post a few fake messages to his profile stating an emergency and seeking financial help while changing the account’s password. They even managed to take an additional step and “de-friend” his wife so he would be unable to post a message stating his account had been hacked. The hackers managed to extract $1,200 out of their scam. This Nigerian attack isn’t that different from any other Nigerian attack carried out on any other format (MySpace, LinkedIn, etc.).

Mr. Rutberg, being an employee at Microsoft, should have taken a few security best-practices into mind. Before signing up for any service offered on the Internet one should recognize the risks involved. This is especially true for websites like Facebook where every facet of one’s life is involved. I know it’s tedious and annoying and time-consuming but read the privacy policies, the terms of service, and even the FAQ. Reading these documents in advance will shine light on what the service will and will not provide. I often find the FAQ to be the summarized version of many these documents if one is provided. It wouldn’t hurt to do a little research online about these services as well. I know it is often tempting to rush into something new because it’s trendy and everyone in your life is doing it but let me remind you that this is the same psychological principle used in Ponzi schemes where even the biggest “stars” on the planet lose their money.

The rest of this article I’d like to dedicate to Facebook. Facebook is a free social networking service that allows millions of people worldwide to connect with one another. This is also the same platform that hackers dream of. All critical and personally identifiable information is available almost instantly once an account has been jeopardized. How do hackers (crackers technically) hack a Facebook account? They use password crackers. Browse over to https://login.facebook.com/login.php. All you need is the target’s email account which is easily obtained with a few phone calls at most. You enter the email address and begin the arduous process of guessing the right password. If you have local access to the target’s system it isn’t hard to browse their cookies, especially the “login_x” cookie provided by Facebook. It should contain something like this: 

a%3A2%3A%7Bs%3A5%3A%22email%22%3Bs%3A20%3A%22john%40doe.com%22%3Bs%3A19
%3A%22remember_me_default%22%3Bb%3A0%3B%7D

As you can see amongst the hex, the email address the target uses to login into Facebook with is john@doe.com. Continue reading..

Page 2 of 212