Tag: security

Categories
Computing Security

Bruce Schneier’s analysis of electronic voting and revoting

Security expert Bruce Schneier turns his eye to the subject of voter recounts in elections and the effect of electronic voting machines.

When a candidate has evidence of systemic errors, a recount can fix a wrong result — but only if the recount can catch the error. With electronic voting machines, all too often there simply isn’t the data: there are no votes to recount.

This year’s election in Florida’s 13th Congressional District is such an example. The winner won by a margin of 373 out of 237,861 total votes, but as many as 18,000 votes were not recorded by the electronic voting machines. These votes came from areas where the loser was favored over the winner, and would have likely changed the result.

The spread of electronic voting machines which have no paper backup is of concern to many people especially when the result is of such importance as deciding who might be the next government and doubts remain to the security of the systems.

Categories
Security Surveillance Uncategorized

UK Car Rentals to Require Fingerprints

Bruce Schneier has alerted us to the fact that in order to rent a car in the UK fingerprints will be now taken by the rental company.

It seems that the taking of biometric information is entering the mainstream and will likely become more and more commonplace.

Categories
Politics Security Terrorism Uncategorized

Gordon Brown backs call to extend 28-day limit on detention

Our next Prime minister Gordon Brown backs call to extend 28-day limit on detention.

Categories
Computing Security Surveillance

Identity Theft monitoring by Garlik

The BBC reports on a new service that is designed to help users reduce their risk of identity theft through a monitoring facility. The service is kind of like the constant surveillance of the Orwellian Big Brother but where the individual is in control of the surveillance upon themselves.

The Garlik Datapatrol service has been set up by the founders of the internet bank Egg with the intention of putting users back in control of the information that is held on them in public databases that are easily accessible through the internet.

The service brings together from the internet, public databases, and Credit Reports all the personal information it can find on a user and then displays it in a simple online format. Then on a monthly basis users will receive an update summary of additions or changes to their online profile as well as highlighting any risks or suspicious activity.

By facilitating individuals access to the information that is held on them the service puts its users on an equal footing with the criminals that might seek to steal their identities and as irregularities are often the first indication of a problem the monitoring system gives users an early warning and the possibility of nipping it in the bud before any negative consequences have occurred.

My only concerns are the security of Garlik’s database and the trustworthiness of the company. They seem to have a fairly robust system to establish user’s identity and to then authenticate users accessing the personal information gathered in the server database. But it presupposes that an individual’s identifying information hasn’t already been compromised or stolen.

I can see this service being a boon for identity theft rings who have enough data to register falsely for the service in order to further the scope of their thefts by letting Garlik do the legwork as it were in accruing further information.

Garlik’s secure servers would also be a prime target for criminals and so I would hope that they have taken the security of their servers as seriously as any bank would with theirs. Is the physical access to the servers as well secured as the online access is?

My second concern would be that as a new company they haven’t had the time to build a reputation or a record of establishment of trust. Registered users will be empowering the company and placing a lot of trust in the security of the service and the authenticity and accuracy of the personal information data provided to users. Having said that there is nothing to suggest that Garlik is in any way a disreputable company it is merely my natural paranoia.

I would have more faith in Garlik presently than I would in the UK government in securing any personal information I would give them.

Garlik are currently offering free trials to people signing up for the Datapatrol service at their website. http://www.garlik.com.

People with concerns about identity theft and security online should also take a look at the following website Get Safe Online which has been set up by banks and prominent internet companies.

Categories
Computing Security

Vista security

The BBC reports that a senior Microsoft executive has promised that its new operating system will be more secure than ever.

Jean-Philippe Courtois, president of Microsoft International, said that beefing-up security was one reason behind delays to Windows Vista.

I think Microsoft should be applauded for their relatively recent commitment to the subject of security in their products particularly given their laissez-faire attitude to it up until a few years ago. But Microsoft promised the same thing about their previous Operating System release and Windows XP proved to be their least secure system ever until they beefed up the security with the Service Pack 2.

The thing about software security though is that it’s effectiveness can only be judged in retrospect because modern software is now so complicated particularly operating systems that the process used to create it inevitably introduces bugs and security holes.

So the Microsoft engineers may well have patched all the security flaws that had been exposed through previous releases and the testing of this release of Windows Vista, but there will no doubt be new holes that have been inadvertantly created that no one has even conceived of yet.

One such newly introduced security hole has been discovered by researcher Joanna Rutkowska and it’s a biggie. She describes it a blue pill a reference to the movie The Matrix and would allow a malicious hacker to completely compromise a system and the user would have no indication at all that their syetm had been compromised.

Rutkowska’s Vista kernel attack did not rely on any known bugs in Vista, which is still in beta testing. She stressed that her demonstration did not rely on any implementation bug nor any undocumented Windows Vista functionality. She characterized her approaches as “legal,” using documented SDK features.

As she says it did not rely on any known bug within Windows Vista so who knows what other security problems might have been engineered into the operating system that haven’t yet been uncovered by Microsoft’s own testers or by third party researchers.

Categories
Computing Security

Fears of Internet crime second only to bank card fraud.

Internet crime eclipses burglary in survey of perceived risks

Fear of internet crime is now more prevalent than concerns about more conventional crimes such as burglary, mugging and car theft, according to a report published today. And criminals are increasingly targeting cyberspace as more and more people shop online and use internet banking services.

The study was conducted by Get Safe Online, a UK internet security awareness campaign launched last year by the government, the Serious Organised Crime Agency and big online companies.

More than a fifth of internet users (21%) feel more vulnerable to electronic crime than any other type of criminal activity. It is second only to bank card fraud (27%) as the type of crime to which survey respondents felt most exposed. Internet crime has overtaken burglary (16%) as one of the crimes people feel most at risk of.

Of course like many things that people fear the perception differs hugely with the actual reality of the situation. That’s not to say that there isn’t a risk of becoming a victim of crime on the internet but that there are simple and easy precautions that people can take to minimize their exposure.

The problem is that the internet is still largely an unfamiliar environment for most people even if they do shop and bank online. There is generally an awareness amongst people of the crime rate in their area and so they can gauge to what extent they are of at risk of being burglarised. But the internet exists as a single place in the minds of many people and so every story they hear of crimes carried out online further increases their anxiety about it.

Categories
Security Uncategorized

goodthinkful

I think Bruce Schneier’s right on the money when he calls this Opinion Monitoring Software Orwellian.

It’s like the sort of thing you can imagine a nascent Ministry of Truth using to separate the goodthinkers from the crimethinkers.

It starts out well enough and sounds like a useful tool to track world opinion on the US and its government’s policies and as result make the US a more responsible player on the world stage.

A consortium of major universities, using Homeland Security Department money, is developing software that would let the government monitor negative opinions of the United States or its leaders in newspapers and other publications overseas.

Such a “sentiment analysis” is intended to identify potential threats to the nation, security officials said.

But like any tool there is scope for misuse of the technology should the research into it actually bear fruit in this case.

Categories
Security Uncategorized

Safebreaking – a concise History

A concise history of the British safe and safe-cracking. [via]

I went through a period of my life as a kid wanting to grow up to be a safe cracker. I’m still pretty fascinated by the tales of the ongoing technological battle between safemakers and safebreakers that are presented on the site.

Categories
Security Terrorism Uncategorized

Police given extra time to question ‘bomb plot’ suspects

BBC News reports that the police investigating an alleged bomb plot targeting UK to US flights have been given extra time to question 23 of the suspects.

The time police can hold 23 of the 24 suspects expired on Wednesday and a district judge had to decide whether to grant detectives an extension.

Warrants given to the Metropolitan Police Anti-Terrorist Branch allow them to question 21 people until 23 August.

Another two of those held can be detained until 21 August.

The maximum period that someone suspected of terrorist activity can be held without charge is now 28 days following the extension in the 2006 Terrorism Act.

This is the extension that the Home Office said was vital to the security of the country and it’s ability to counter the threat posed by international terrorism. The extension that was actually a compromise between the former period of 14 days and the 90 day period that the Home Office and police wanted.

Curiously the 28 days detention without charge part of the 2006 Terrorism Act was not commenced when the rest of the act was in April but was actually only commenced as of July 25th 2006.

Odd that the extension to the detention without charge period that was so vital to our security that the powers weren’t given to the police until just a few weeks ago.

Categories
Politics Security Terrorism Uncategorized

Loss of life on an unprecedented scale

In an addendum to my previous post about the UK Threat Level it’s good to see Home Secretary John Reid keep his tendency for hyperbole under check. Quoting from this BBC News report.

Home Secretary John Reid said the government was “confident” the ring leaders were in custody but it was not complacent.

He said had the plot been successful, it would have meant “loss of life on an unprecedented scale”.

I think the precedents of massive loss of life in our history are pretty fucking massive even if we only take a single incident rather than the wars or genocides of the last century the precedent of the dropping of an atomic bomb on Hiroshima killing instantly about 80 000 people easily outweighs any possible loss of life if this latest terrorist plot had been successful.