Seeing what stuxnet…

… was capable of, it was just a matter of time until someone take a jab to the instalations of an utility company.

Hacking mechanical vibrations

These WIRED article described an interesting application of the side channel idea to key-log your typing by sensing mechanical vibrations.

We need a “DO NOT TRACK” option for smart-phones!

smartphones tracking users

smartphones tracking users

Hey Apple, Google, when are you going to have a DO NOT TRACK option on your smartphones’ operating systems?
This is another idea, maybe RIM engineers can come up with a feature like that to give the BlackBerrys a fighting chance.

The fact that most of us carry (voluntarily) a tracking device should not be news for anybody. I guess the news-worthy part is that somebody expossed what Apple and Google where doing. I am not sure it is illegal, have you checked the small font bits of the contract you signed? Me neither.
Believe me, that Apple and Google know where you are and where you have been is not the biggest of our problems with privacy as discussed in here.


(h/t) Raymond who sent this link

More on Cyberwar

Cyber War: Is the Ultimate WMD For Sale at Best Buy?

Short Video from PJTV featuring an interview with Paul Rosenzweig.

Securing the Human

SANS Institute set up an excellent resource for those interested in computer security issues (who is not these days?).
OUCH! and other newsletters carry current information on the security issues and they are published now in several languages. I’ve put a permanent link with the badge in the right column.

Good News for InterNet Freedom

As reported by the National Post

Canada’s telecom regulator said Friday it will not expand its probe into Internet pricing to look at the billing practices of retail Internet services because market forces are working just fine for consumers.

A related editorial, explains why this is the right approach.

A “Free” internet does not mean that users should not be paying market prices for connectivity or services.

See my previous post.

Net Neutrality, another bad idea [Updated]

What can go wrong with the government dictating how much companies can charge for bandwidth on the internet?
They certainly have a very good track record regulating it.

Regulators are congenitally incapable of grasping that they create more problems than they solve

This is why I am always wary of attempts at regulation.

It didn’t take very long… [UPDATED]

for my prediction to become a reality.
PC world reported on Feb 18 that a bunch of websites, only 84,000, were taken down “accidentally” by the ICE.
I have zero sympathy for people who uses the web to steal or commit morally reprehensible acts, however, if I can anticipate the heavy damage that a government agency with the power to shut down internet domains can unleash on hardworking and honest people,you cannot convince me that the legislators cannot figure this was bound to happen. Obviously they don’t care about the consequences of their grandstanding have for the rest of us mortals. And at the end of the day, shutting down websites doesn’t stop the traffic of child pornography or stolen intellectual property, it is just a nuisance for the bad guys that now need to go and setup another channel.
The danger for the rest of us is this, if we trust the government, any government, with the switch to the Internet, how long before the shutting down of domains is used as a way to silence dissent?
Oh wait! It did already happened? That was another prediction that turned to be right!


Check this Hall of Shame page at the EFF

from Backdoor to Backdoor

While the FBI was accused to set a backdoor to OpenBSD, the NSA clears the record on DES.
There are many stories about sneaking sophisticated chunks of code that make perfectly good encryption system to leak information. Something like this is extremely difficult to do without nobody noticing it and I think that it must be considered as a lot of unnecessary trouble for the guys that rather will nicely ask for the keys to your front door.

Cyber war or hacking as usual?

The Government of Canada was hit by a phishing attack from servers outside the country.
This attack follows the trend described here by RSA.
Was it in retaliation for this?