Privacy
Skype Passive IP Disclosure Vulnerability
When performing spear phishing attacks, the more information you have at your disposal, the better. One tactic we thought useful was this Skype security flaw disclosed in the early days of 2012 (discovered by one of the Skype engineers much earlier).
For those who haven’t heard of it – this vulnerability allows an attacker to passively disclose victims external, as well as internal, IP addresses in a matter of seconds, by viewing the victims VCard through an ‘Add Contact’ form.
Information Security South Africa (ISSA) 2010
Last week we presented an invited talk at the ISSA conference on the topic of online privacy (embedded below, click through to SlideShare for the original PDF.)
The talk is an introductory overview of Privacy from a Security perspective and was prompted by discussions between security & privacy people along the line of “Isn’t Privacy just directed Security? Privacy is to private info what PCI is to card info?” It was further prompted by discussion with Joe the Plumber along the lines of “Privacy is dead!”
Prof Felten (and friends) attack bitlocker/filevault (and friends)
So felten et al basically figured that cooling dram chips allows an attacker to move them to another machine where they can be leeched!
The geek in me cant help but say “COOL!”
According to the comments posted (by Eugene Spafford no less) this sort of attack is fairly well known.. but.. for this humble fanboy, i think its still pretty rocking!
Amazon SimpleDB – Outsource your database??
Amazon announced the beta of Amazon SimpleDB without that much fanfare, but it is an interesting trend to watch..
Essentially amazon are giving the power of a database to people used to excel and simple queries, backed by their massively optimised infrastructure. It will make popping up a web shop even more trivial than it has been in the past, and i guess continues along the growing trend of allowing “content to be king”. i.e. u dont need a sql geek in your corner, just a good idea .
’twas only a matter of time before various FaceBook developers started cashing in on the amount of personal info they can collect…
http://www.theregister.co.uk/2007/09/12/facebook_compare_people/
This was something Marco and I chatted about a few weeks ago – not from the “financial gain” perspective, but rather from the large amounts of data one would be able to collect from Facebook by playing with the FaceBook API. Unfortunately, there has been no time for fun and games yet…
On hacking and politics
I meant to blog this whilst I was still in Vegas, but only got around
to it now. Its arb, but worth a bit of thinking… Kenneth Geers’
talk titled ‘Greetz from Room 101’ was on which countries have the
Top Ten most Orwellian computer networks. In his precis he asks
“Could a cyber attack lead to a real-life government overthrow?”
I find these kinds of discussions really interesting, because of the
significant role that information technology plays in today’s wars on
crime and ‘terror’. In such “wars” the lines between right and wrong
are very loosely defined. As we saw clearly in South Africa today’s
terrorist is tomorrow’s freedom fighter. Thus, a technology that
could be used fight terror today, could just as easily be used to
oppress freedom tomorrow. Technology will serve any master.
Another blow for privacy? A small price for your 15 minutes of fame..
Spock have just opened up beyond their private beta and promise to be the most comprehensive people search tool on the interwebs.. Their model is interesting because they aim to combine wikipedia style editing with a single focus.. people..
Roelof and i had long discussions in the past, around someway to get people to update information on people while growing the db and still having people contribute.. Interestingly, spocks simple sounding approach might be perfect.. in a day when everybody vanity googles themselves, and when the facebook/myspace/twitter generation have 0 qualms about informing the world what they are doing 24/7, the simplest way to populate a db with information about people, might just be to let them fill the info in themselves..
Page 1 of 1