jump to navigation

“Failed State of Security”- Published by IDGA March 21, 2012

Posted by Chris Mark in InfoSec & Privacy, Laws and Leglslation, Risk & Risk Management.
Tags: , , , , , , ,
add a comment

The Institute for Defense and Government Advancement (IDGA) has published the whitepaper “Failed State of Security”; A Rational Analysis of Deterrence Theory & Its Effect on Cybercrime. Check it out!

Abstract  “In reviewing the literature on criminology and information security it appears that, while they share many common themes, there is a disconnect between the criminological theory and its application in information security.  Information security, as a field, is focused on the protection of information assets.  Criminology is focused on the prevention of criminal behavior.  As most information security practitioners will likely attest, there is little overlap between the two fields and there has been little research or focus on the use of crime theories on the prevention of cybercrimes.   This paper attempts to bridge the gap between the fields and highlight the deficiencies in the current approach of compelling victims to prevent cybercrime as opposed to deterring the criminals from committing cybercrimes.” 

“Warren & Brandeis Cringe”- Identification through Typing March 21, 2012

Posted by Chris Mark in InfoSec & Privacy, Laws and Leglslation.
Tags: , , , , , , , ,
add a comment

Several years ago a few researchers demonstrated that the way in which people type is unique enough to be used to identify that person with a high degree of confidence.  It is not simply speed but includes cadence, time between particular keystrokes and other aspects.  This week DARPA announced that they are working to make the solution a reality.   Due to the uniqueness of a person’s typing DARPA says: “mimicking keystroke dynamics is physiologically improbable,” This means that it would increase the challenge of masquerading as another person.  I mark this up as “good in theory and terrifying in practice”.  In a talk last year a DARPA representative explained the process as such: “is move to a world where you sit down at a console, you identify yourself, and you just start working, and the authentication happens in the background, invisible to you, while you continue to do your work without interruptions.”  This is precisely where the issue comes to life. (more…)

“Goodnight Sweetheart, Its Time To Go…” Away from Gmail…over Privacy March 1, 2012

Posted by Chris Mark in InfoSec & Privacy, Laws and Leglslation.
Tags: , , , , , ,
add a comment

Starting today, Google will consolidate over 60 (that’s right…60) privacy policies into one, big, fluffy, wonderful new privacy policy.  Unfortunately, some of the changes are less than appealing and are simply too much for me to live with.  You can read more about the changes on CNN.com.  According to Google: “We just want to use the information you already trust us with to make your experience better. “If you don’t think information sharing will improve your experience, you don’t need to sign in to use services like Search, Maps and YouTube. “If you are signed in, you can use our many privacy tools to do things like edit or turn off your search history, control the way Google tailors ads to your interests and browse the Web ‘incognito’ using Chrome.”  My beef comes from the fact that they will be compiling a personal ‘dossier’ on every user.  They crawl through Gmail to look for advertising opportunities etc.  After watching J Edgar on Vudu a few days ago, I don’t want to end up with a personal file. (that was a joke by the way)  In the event you decide to stay with Google, here is a guide published by the Electronic Frontier Foundation (EFF) that explains how to use the services while protecting your privacy to some degree.  Form more privacy related information, please visit: www.DrHeatherMark.com.

“Another BRIC in the Wall”; 2012- The Year of Internet Regulation? February 27, 2012

Posted by Chris Mark in InfoSec & Privacy, Laws and Leglslation.
Tags: , , , , ,
add a comment

The Internet started life in the 1960s as a project funded by DARPA known as ARPANET. ARPANET was decommissioned in 1990 and in 1995 NSFNET was decommissioned opening the network for commercial use.  The Internet was officially born.  The impact of the Internet on science, culture, and politics cannot be overstated.  The Internet is a wordwide network of interconnected computers.  It operates without a centralized governing body although ICANN and the DNS root changes are primarily governed by the US.  The fact that the Internet allows for the free flow of information and that it is not ‘regulated’ in a conventional sense is what makes the Internet such powerful tool for science, revolution, politics, medicine, education and about every other aspect you can image, as well as such a threat to some.

On December 8th, 2011 FCC Commissioner Robert McDowell stated: The communications public policy effort that may affect all of us the most in 2012, however, will take place far from our shores. As we sit here today, scores of countries, including China, Russia and India (*the RIC in BRIC), are pushing hard for international regulation of Internet governance.  While we have been focused on other important matters here in the U.S., the effort to radically reverse the long-standing international consensus to keep governments from regulating core functions of the Internet’s ecosystem has been gaining momentum. The reach, scope and seriousness of this effort are nothing short of massive. But don’t take my word for it. As Russian Prime Minister Vladimir Putin said last June, “the goal of this effort is to establish “international control over the Internet using the monitoring and supervisory capabilities of the International Telecommunications Union.” (more…)

“Caveat Emptor”- Facebook reading private text messages?! February 27, 2012

Posted by Chris Mark in InfoSec & Privacy, Laws and Leglslation.
Tags: , , , , , , ,
add a comment

UPDATE: According to Facebook, this story was incorrect.  To ensure the accuracy of my own reporting, here is their statement taken from MSNBC: “The Sunday Times has done some creative conspiracy theorizing but the suggestion that we’re secretly reading people’s texts is ridiculous. Instead, the permission is clearly disclosed on the app page in the Android marketplace and is in anticipation of new features that enable users to integrate Facebook features with their texts. However, other than some very limited testing, we haven’t launched anything so we’re not using the permission. If we do, it will be obvious to users what’s happening. We’ll keep you posted on our progress.” (more…)