Canadian’s Online Privacy At Risk

From the “I can’t believe this is Canada” file, the government is pushing a new “lawful access” bill, basically granting the police and government officials the rights and means to freely and on a hunch, spy on your internet usage.  Assuming that if you have nothing to hide, you should have no fear of arbitrary search and seizure, of course.

Michael Geist has a good article about the bill and why it is crazy.  The insanity first becomes evident when Public Safety Minister Vic Toews tells people “You can stand with us, or you can stand with the child pornographers“.   As if everyone with a desire for online privacy and against widespread internet surveillance is somehow automatically “for” child pron!  Yep, there is no middle ground here.  Line up with the rest of ’em, mate.

I agree with Tech Dirt’s post, this is totally ridiculous, and a cynical political move that assumes the Canadian public is stupid and will just roll over.  I sincerely hope that is not true, that there is enough outcry against this bill that it is thrown out faster than last week’s Metro.  Yes, it may be difficult and time consuming to obtain a judge’s consent in the form of a warrant, but you don’t just subtract an individual’s rights from the equation in the name of expediancy and convenience for law enforcement.  You cannot and should not assume that the entire public is suspect, and then launch a witch hunt to see who floats and who sinks! Continue reading

Of Skimmers & Scumbags

A skimming device came off in the hands of a Bank of America customer when she tried to use her debit card at an ATM recently, police said.  The man who had planted the credential stealing device appeared and asked for it back.  The woman refused to return the card and growled at the man who fled.

Sixth Precinct police are seeking two male suspects in connection with the  incident. The first is about 40, stands 5 feet 10 inches tall, and weighs 170  pounds. The second male is about 30, stands 5 feet 8 inches tall, and weighs 160  pounds, police said.

The two suspects face felony forgery charges and up to 15 years in  prison.  I wouldn’t advise anyone to do this, but that 23 year old woman sure has moxxy.  I hope the bank rewards her for her valiant stance.  DNAinfo

The reason that I don’t advise people to take this kind of action?  Read the article just published in The Compliance Exchange blog about Aaron Hand, already convicted in a $100 million mortgage-fraud scheme and serving a sentence of eight years and four months to 25 years.  He was sentenced to 8 – 16 more for plotting to have a key witness in his case killed.

Please remember that these guys mean business, and that there is more than just your current balance at stake.  These guys are all in it for the big money payoff.  If you find yourself involved in a confrontation or an investigation, a little paranoia is healthy, and caution is not cowardice, in my humble opinion.

How Was FBI Call Compromised?

I am pretty sure that everybody knows that the FBI and Scotland Yard were embarassed recently by the notorious hacking group, Anonymous, when they spilled the beans that they were now watching the watchers, listening in to a confidential phonecall taking place between investigators accross the pond.  If you haven’t heard it, find it here.  The New Statesman has an overheated article here that can provide additional details.

So how did this brazen and seemingly high tech hack take place?  A conference call was arranged two weeks earlier by FBI agent Timothy Lauster, who wanted to discuss on-going investigations into Anonymous and other hacktivist groups.  In an email to Scotland Yard’s e-crimes unit, the time, date and phone number to call were provided, along with the pass code for entry. Continue reading

The Anonymous ‘Movement’?

I’ve been reading way too much of this garbage on the Internet lately, and it is starting to stick in my craw.  Crap like this.  It seems that everyone has accepted that the hacking group Anonymous is above the law, and has some special insight that makes them a voice of reason.  21st century Robin Hoods.  I hope that this is just the result of sensational journalism, and not what people are really believing.

“The beginning years have intensified their activities demonstrating great technical skills.”

No, what it has demonstrated is a disregard for your privacy, a lack of moral fiber, a little too much technical knowledge, and the patience that is common in a good criminal.

“As always, the movement gives voice to social dissent and protest against amendments and decisions of governments guilty of not listening to the masses.”

The Movement?  What bloody movement?  This is a bunch of self-entitled, self-indulgent, egotistical miscreants that are incapable of operating within the confines of the law or rules of society.  These are people that have an abundance of tools, have found cracks in programs and protocols, and are taking advantage of those flaws.  They are no more a movement than the clowns that walk into a bank with a note in one hand and a formiddable looking pocket in the other. Continue reading

Why Do We Network, Socially?

A LinkedIn acquaintance of mine has posed what I believe is a very good question, and has caused me to reflect this weekend.  I have responded, but am frustrated with the very short box (a few hundred letters?  I’m noisier than that!!)  that is allotted to respond.  I will try to say here what I have said on LinkedIn, with the complete freedom to use as many characters as I please.  I would appreciate your input as well, to find out why others use LinkedIn to connect.

HC’s question:  Why do we connect on LinkedIn?  When I log into LinkedIn, I usually see just line after line, “So-as-so is now connected to So-and-so…”.  Okay, that’s great.  Then I see that I have something in my Inbox, and it’s a couple of folks I’ve never met, or perhaps someone who attended a presentation, who wants to connect with me.  For the past couple of months, I’ve been asking folks, “why do you want to connect with me?”  What’s the value in this “relationship” to you?  Most often, the response is, “oh, sorry to offend…”, and then nothing else.  The thing is…I’m not offended.

I too have been asking, if I didn’t invite the link, what the nature of the request is, or how I can help them otherwise.  Again, not intended to offend, I have always been somewhat selective with my Social Networking connections.  I will gladly share information with others, but will try my hardest to avoid sharing others’ information.  In my 5 or so years on LinkedIn I still only have 250 connections. Continue reading

Advice On Healthcare Breach Avoidance

Interesting and fairly good recorded interview on HealhCareInfoSecurity blog from the perspective of a lawyer who has been involved in many a breach invetigation.  Listen to hear attorney David Szabo’s top three tips for breach prevention and detection.  Be aware of and learn from other organizations’ mistakes.

“There’s a huge risk area around laptops and other portable devices that carry a lot of data.  Organizations, even when it’s not legally required, need to be looking at, say, encryption of all laptops that leave a facility with protected health information or personal information.  Organizations also should re-assess exactly what kind of information should and should not leave the premises on mobile devices”, Szabo says. “That’s another factor of risk.”

In this exclusive interview, Szabo discusses:

  • The three most important steps to take now to prevent and detect breaches;
  • What healthcare organizations can do now to prepare for the final version of the HIPAA breach notification rule;
  • The most important steps healthcare organizations can take to prepare for this year’s HIPAA compliance audits.

I enjoyed the interview, thought you might too.

13 Rules of Intelligence

I came across this post on the “Intelligence War” blog site.  The original 13 rules were written by Admiral Sir John Godfrey, Royal Navy, Director of Naval Intelligence, 1939-1943.  These rules written decades ago have stood the test of time fairly well.

  1. Fighting commanders, technical experts and political leaders are liable to ignore, under-rate or even despise intelligence.  Obsession and bias often begin at the top.
  2. Intelligence for the fighting services should be directed as far as possible by civilians.
  3. Intelligence is the voice of conscience to a staff.  Wishful thinking is the original sin of men of power.
  4. Intelligence judgments must be kept constantly under review and revision.  Nothing must be taken for granted either in premises or deduction.
  5. Intelligence departments must be fully informed about operations and plans, but operations and plans must not be dominated by the facts and views of intelligence.  Intelligence is the servant and not the master.
  6. Reliance on one source is dangerous; the more reliable and comprehensive the source the greater the dangers.
  7. One’s communications are always in danger; the enemy is always listening in, even if he cannot understand.  Intelligence has a high responsibility for security.
  8. The intelligence worker must be prepared for villainy; integrity in handling of facts has to be reconciled with the unethical way they have been collected.
  9. Intelligence is ineffective without showmanship in presentation and argument.
  10. The boss, whoever he is, cannot know best and should not claim that he does.
  11. Intelligence is indivisible.  In its wartime practice the divisions imposed by separate services and departments broke down.
  12. Excessive secrecy can make intelligence ineffective.
  13. Intelligence is produced from files, but by people. They require recognition, continuity, and tradition, like a ship or a regiment.

Any Vulnerability Management or Incident Response process could benefit from knowing, understanding, and applying these 13 rules.