Monday, October 29, 2007

What does the reported Vonage vulnerability mean? 

Consultant Steve Stroh pointed me to an announcement of a security flaw in Vonage VOIP service.

Your first question, if you're a security consultant, is "exactly what is the vulnerability"? If I'm reading correctly, the problem is that someone can place a Vonage call to you and falsify information about where they came from. Sipera, the people who reported the problem, point out correctly that this opens the door for all sorts of deception-based crime.

Your first question, if you're a consumer, should be "who is reporting this"? Well, it's kind of like an antivirus company reporting on a virus. Sipera sells VOIP security tools. So they know what to look for, they're likely to be right in their analysis, but they're not going to be the people to tell you if there's a reason not to worry.


Saturday, October 20, 2007

Know your enemy: what organized crime is up to 

“But they’re better run and managed than many organizations. They’re properly funded, they have a clear goal, they’re performance driven, focused on a single mission. It’s like an MBA case study of success.”

That's what a security person had to say about computer fraud rings in an article about organized cybercrime.

There is custom software to grab data from online forms. It can discard random forms and collect data just from online banking forms. Access to the results is rented to credit card fraudsters by the crooks who run the software on your computer.

Antivirus doesn't catch all the forms-stealing software. Think twice before you install things from the Web.


Tuesday, October 16, 2007

Government eavesdropping: another perspective 

There's been plenty of debate about whether judges should have the chance to review eavesdropping, but have you seen anyone discuss the security implications?

Bruce Schneier, my favorite security writer, has a post on the subject so good that I can't think of value-adding commentary:


Sunday, October 14, 2007

A look at the enemy 

Washington Post columnist Brian Krebs takes a look at the "Russian Business Network", which provides web hosting to criminals. Krebs also wrote up the story of an internet service provider who blocked the Russian Business Network


Monday, October 08, 2007

It's PDF files now (again actually) 

Adobe's PDF reader software has a security vulnerability that a maliciously built PDF file could use to take over your computer.

This was first reported a few weeks ago. Adobe has confirmed it but hasn't release a patch yet.

There's a smaller and faster PDF reader available from Foxit which I've used successfully.


Sunday, October 07, 2007

Why privacy matters 

Private organizations and the government are both accumulating lots of information about you. Some people trust the government more, since it's supposed to be working for us.

But "the government" isn't the one looking at the personal information. Government employees are. There's nothing about cashing a government paycheck that improves someone's character.

Unless the government puts privacy safeguards on your personal data like restricting access or not collecting it at all, then your fate is in the hands of government employees like Benjamin Robinson, indicted for using a Homeland Security database to stalk his ex-girlfriend

The good news is that there are laws in place to forbid that kind of misuse of a government database. The bad news is that he (allegedly) started in 2002 and only just now got charged.

Privacy is not an enemy of public safety: it is necessary for public safety.

via Techdirt.


Wednesday, October 03, 2007

"I demand a recount!" 

It's a logical request to make if the ballot measure you proposed loses by only 200 votes.

But when a group in Alameda County, California demanded a recount, they were told it was impossible. The county had used electronic voting machines and had sent them back to the manufacturer. All the logs had been erased.

They went to court, and the judge was so disturbed that for only the second time in California history a court overturned an election. The judge ordered a revote.

Techdirt article about voided election in Alamedo County
Electronic Frontier Foundation article about judge ordering a revote in Alamedo County


This page is powered by Blogger. Isn't yours?