The Anonymous ‘Movement’?

I’ve been reading way too much of this garbage on the Internet lately, and it is starting to stick in my craw.  Crap like this.  It seems that everyone has accepted that the hacking group Anonymous is above the law, and has some special insight that makes them a voice of reason.  21st century Robin Hoods.  I hope that this is just the result of sensational journalism, and not what people are really believing.

“The beginning years have intensified their activities demonstrating great technical skills.”

No, what it has demonstrated is a disregard for your privacy, a lack of moral fiber, a little too much technical knowledge, and the patience that is common in a good criminal.

“As always, the movement gives voice to social dissent and protest against amendments and decisions of governments guilty of not listening to the masses.”

The Movement?  What bloody movement?  This is a bunch of self-entitled, self-indulgent, egotistical miscreants that are incapable of operating within the confines of the law or rules of society.  These are people that have an abundance of tools, have found cracks in programs and protocols, and are taking advantage of those flaws.  They are no more a movement than the clowns that walk into a bank with a note in one hand and a formiddable looking pocket in the other. Continue reading

Insecure Conference Rooms

Weak LinkThe New York Times is reporting that Rapid7 researchers have discovered that they could remotely infiltrate conference rooms in some of the top venture capital, law firms, pharmaceutical and oil companies across North America by simply calling in to unsecured videoconferencing systems found by scanning the internet.

Moore found he was able to listen in on meetings, remotely steer a camera, and zoom in on items in the room to read proprietary information on documents.  Most expensive videoconferencing systems offer encryption, password protection and camera lock down capabiilties, but they found that administrators were setting them up outside of firewalls for convenience, and not properly configuring security features.  Some systems were set up to automatically accept inbound calls, opening the way for anyone to call in and eavesdrop on a meeting.

“These are literally some of the world’s most important boardrooms — this is where their most critical meetings take place — and there could be silent attendees in all of them.”

Time to review your video and conference  call setups, folks.  It would be terrible to find out that privileged client or finiancial information was so easily obtainable AFTER the fact!

Why Do We Network, Socially?

A LinkedIn acquaintance of mine has posed what I believe is a very good question, and has caused me to reflect this weekend.  I have responded, but am frustrated with the very short box (a few hundred letters?  I’m noisier than that!!)  that is allotted to respond.  I will try to say here what I have said on LinkedIn, with the complete freedom to use as many characters as I please.  I would appreciate your input as well, to find out why others use LinkedIn to connect.

HC’s question:  Why do we connect on LinkedIn?  When I log into LinkedIn, I usually see just line after line, “So-as-so is now connected to So-and-so…”.  Okay, that’s great.  Then I see that I have something in my Inbox, and it’s a couple of folks I’ve never met, or perhaps someone who attended a presentation, who wants to connect with me.  For the past couple of months, I’ve been asking folks, “why do you want to connect with me?”  What’s the value in this “relationship” to you?  Most often, the response is, “oh, sorry to offend…”, and then nothing else.  The thing is…I’m not offended.

I too have been asking, if I didn’t invite the link, what the nature of the request is, or how I can help them otherwise.  Again, not intended to offend, I have always been somewhat selective with my Social Networking connections.  I will gladly share information with others, but will try my hardest to avoid sharing others’ information.  In my 5 or so years on LinkedIn I still only have 250 connections. Continue reading

Microsoft Sues UK Retail Chain For Pirating Windows

ComputerWorld reports that Microsoft is suing a UK retail electronics chain for selling Windows recovery discs to customers, claiming that the practice amounts to piracy.  I think that they are going to be challenged to make a strong case.  It will be interesting to see how this one unfolds.

Microsoft accuses Comet Group PLC of illegally copying Windows XP and Vista to create operating system recovery discs.  These copies were then sold to Windows desktop and laptops cutomers in 2008 and 2009.  Comet, operating about 250 UK stores, believes it was on solid legal ground.

Comet approached 95,000 PC customers over a 2 year period, and offered to sell them unnecessary recovery discs, according to Microsoft’s anti-piracy legal team.  The recovery software was already provided on the hard drive by the computer manufacturer.

The total take for Comet from this exercise is estimated at about 2.2 million dollars.  Not bad.

So is Comet just fulfilling a need that Microsoft has stopped providing in order to cut costs, or does Comet have some accountability or obligation for controlling how these recovery CDs are used after sale?  My understanding is that Microsoft’s own VAR agreement states that these CDs can be provided by the reseller “for a nominal fee”.  Is $25 a nominal fee?  If the recovery software is on the hard drive, does that preclude the VAR’s abaility to collect the nominal fee and distribute the CDs?  What’s your take on this?

Michaels Breach – More Law Suits, Police Seek Help

Police in Beaverton, Oregon are investigating 50 fraud reports related to the Michaels Crafts breach that reportedly compromised thousands of debit cards in 20 states.  Police are asking for the public’s help in identifying four suspects caught on camera using “white cards” at Oregon bank machines, created from card details skimmed at Michaels stores.   Police say that the suspects are from a larger organization which allows multiple crews to work numerous areas and move around quickly.

The law suits around this breach continue to fly in, and Michaels replaced all of its US Point Of Sale terminals by May 6 to contain the risk of continued compromise.  The law suits focus on the time taken to notify customers of the breach, inadequate protections of data, and violations of various regulatory acts.

Forty-six states currently have mandatory reporting, but only three or four have public websites where the public can see the notices that have come into the state’s attorney general’s office.  Texas, the state where Michaels is based, has breach notification statutes on the books.  However, the law says that companies should notify the public “as quickly as possible”, and most other states do not specify a timeframe for “reasonable notification”.  This case and others  like it could set legal precedents about what is considered reasonable notification timelines until a national act is passed.  I will continue to watch this issue with interest.

Credit Union Times

LulzSec Hacks Arizona Law Enforcement Agency

LulzSec has announced the publication of a trove of over 700 leaked documents from an Arizona law enforcement agency on the notorious Pirate Bay file sharing site.  Arizona’s Department of Public Safety confirmed that it had been hacked.  The LulzSec press release included with the dump sounds more “hacktivistic” than usual, exposing a political agenda, opposing Arizona’s SB1070, the state’s broad and controversial anti-illegal immigration measure.

Amongst countless mundane documents covering hours worked, officers’ personal information and other stuff of minimal interest are a few fascinating stories of law enforcement activities, such as an encounter with off-duty Marines patrolling the U.S.-Mexico border with assault weapons, and tirades about illegal Mexicans and drug dealers.

LulzSec, Anonymous Declare War On Us All

Lulzsec and Anonymous are declaring open war on all governments, banks and big corporations, worldwide.  They are attempting to unite all hackers to fully expose corruption and “dark secrets”.

“Whether you’re sailing with us or against us, whether you hold past grudges or a burning desire to sink our lone ship, we invite you to join the rebellion.  Together we can defend ourselves so that our privacy is not overrun by profiteering gluttons.  Your hat can be white, gray or black, your skin and race are not important.  If you’re aware of the corruption, expose it now, in the name of Anti-Security.  Top priority is to steal and leak any classified government information, including email spools and documentation.

Prime targets are banks and other high-ranking establishments.  If they try to censor our progress, we will obliterate the censor with cannonfire anointed with lizard blood.”

Don’t be fooled by this diatribe.  The highlighting is mine, but the intentions are clear.  This is online terrorism, and it is totally illegal.  This sort of behavior is itself corrupt.  I’m all for making a difference, I support bringing about positive change, but there is a time, a place, and a proper methodology to follow.  This just isn’t it for me.  I’m not posting links to this, you can Google it up easily enough if you are that interested.

So far, they have not done anything that I have seen that rings true to this “eat the rich” campaign.  They have broken the law, caused large companies reputational and financial hardship, and have expsoed countless individuals to unnecessary risk by posting personal and account information publicly.  What information do those “Prime Targets” hold?  So much for Robin Hood.  Stealing from the poor to hurt the rich??

TNW has posted a handy little widget available if you would like to check all of the LulzSec released files for your email address to see if your accounts have been exposed.  If your email is there, your other information may be as well.