Friday, January 28, 2011

Egypt Protests and Social Networking Site Access Impacted

Scanning Twitter feeds this week, I saw several posts that talked about what was going on Egypt with the caveat that they were posting for someone in Egypt.  This is because the government of Egypt allegedy blocked Facebook and Twitter after a series of anti-government protests.  Facebook was aware of disruptions in service but said it did not experience a major change in traffic.

In the CNET News article the had a quote from Jim Cowie from the internet monitoring firm, Renesys:  "at approximately 2:34pm PST, his company 'observed the virtually simultaneous withdrawal of all routes to Egyptian networks in the internet's global routing table'.  "

@Scobleizer posted:  Egypt "Let's turn off the one thing keeping young people inside so they will stop protesting." Um, yeah, that really will work.

Secretary of State Hillary Clinton called on Egypt to unblock social networking sites, she asked them "not to prevent peaceful protests or block communications, including on social media".

"US Tells Egypt to unblock Facebook, Twitter", TodayOnline, January 28, 2011.

"Twitter Reacts To Protests In Egypt", Liz McLellan, Huffington Post, January 28, 2011.

"Egypt internet outages hit Facebook and Twitter", Elinor Mills, CNET News, January 28, 2011.

Expanding Internet Access in the U.S.

"Within the next five years, we will make it possible for business to deploy the next generation of high-speed wireless coverage to 98% of all Americans."

Could interconnecting rural areas via an internet highway fuel existing economies and create new business models?  It could be part of the equation but just adding internet access is not the final solution.

At a minimum, to make this happen, we will probably need to:
1.  To encourage the television industry to give up some of their bandwidth to make it available for wireless.

2.  Provide incentives, read your tax dollars, would need to be teed up to encourage firms to lay more cable for landline access to the internet.

3.  Update the policies and inventory of the airwaves, who gets to use them, and what they get used for.

4.  Discuss policy questions such as:  If the Government drives the build out, does that mean they control and manage the newly built internet access?

State of the Union Speech, President Obama, January 25, 2011.

"Obama Aims to Boost Infrastructure Spending", Josh Mitchell, Wall Street Journal, January 26, 2011.

"Obama Pushes Expanding High - Speed Wireless Service", Reuters, New York Times, January 26, 2011.

Do you use the Facebook "Like" Button? You Might Become Part of an Ad.

Many of us use the "like" button on our friend's posts and even when visiting company sites.

If you click on a "like" button for a store or brand, Facebook plans to incorporate your "like" into generating a "Sponsored Story" for advertisers that want to pay for it.

Once you "like" something, Facebook does not offer a way for you to opt out of your "like" being featured in an ad.

The one limit is does have is if you have set your privacy settings for your posts and limit who can see them, when the company buys a sponsored ad, only the people you authorized to see that original post can see it.

"Facebook to let advertisers republish user posts", Barbara Ortutay, Associated Press, January 26, 2011.

Did Someone Hack Into Microsoft to Release Earnings Early?

Brian Caulfield found that a company called Selerity got Microsoft's earnings early, before they were officially announced.  But they did not hack their way in or steal them, they just guess the name of webpage, or URL, that had the earnings posted on them.

There is a fairly common practice to create web pages that are published and live, just not yet linked to main pages.  The pages exist, you just have to know how to find them.

The Selerity company actually searches for earnings releases using technology to try to guess the earnings webpage name.

Selerity reported Microsoft's earnings at 2:50 EST.  Microsoft usually reports them at the close of the stock market.

"How Selerity Got Microsoft’s Earnings Early", Brian Caulfield, Shiny Objects on, January 27, 2011.

If it sounds too good to be true, it probably is

Emails from McDonald's are making the rounds and it's very exciting.  Take a McDonald's survey and get $250 for participating.  The problem is, the email is not legitimate.  It was generated by cybercreeps who want to steal your information.

How it works:
1.  Take a 5 question survey
2.  To "win" your $250, provide your personal information AND your credit card so they will "credit" your account (warning!  warning!)

Tips to spot and avoid scams:
1.  Most surveys, if they offer everyone something, usually give you a nominal amount on a gift card or coupons for a free item
2.  If a company asks for your personal information along with credit card or bank account to "give" you money, it's most likely a scam
3.  Pay attention to the language used - does it sound like the company?  In this case, the message mentions that you are taking a "public opinion poll conducted by McDonald's, a non-partisan polling organization."  I appreciate the fact that the Golden Arches feels food should transcend political parties but that statement does not make sense.

Many thanks to Tony Bradley for highlighting this phishing scam!


"McDonald's Phishing Scam: I'm Not Lovin' It", Tony Bradley, PCWorld, January 21, 2011.

Do You Ever Get The Feeling Like Somebody Is Watching You?

Do you think that R&B singers, Rockwell, Michael and Jermaine Jackson could have predicted that Geico commercials and today's surveillance age would make their song, "Somebody's Watching Me" such a popular ditty well after it's release in 1984?

If you went to the airport, bank, or a store today, you probably expected to be watched and maybe even tracked, while on premises.

But those are the old school ways of being watched.  Now, the smartphone in your pocket could watch you or your laptop webcam can watch you.

Having an emotional reaction?  There's a wristband monitor for that.

Have a lot of old photos that you need to categorize?  Google and Picassa offer a helpful feature, photo tagging, where they auto suggest who your friends might be and potential names of people in photos based on previously tagged photos.  Helpful?  Yes, and a little spooky too.

At the Consumer Electronics Show, Microsoft and Intel showed attendees an in-store digital billboard that memorizes faces.  The memorization helps track products you like.  That is quite a step up from my grocery store loyalty program.

What happens when technology advances fuse the photos your friends tagged you in, with the grocery store digital billboard, and other information?

All of this data collection can be helpful and put to very good use.  Monitors can alert law enforcement of a potential bad guy's whereabouts.  Monitors could help avert a major health issue for example.

However, there are concerns about privacy:
1.  Who is allowed to collect data via sensors?
2.  Should they have permission first or do they need to disclose that sensors are in use?
3.  Are they allowed to bundle that with other information to create individual profiles?
4.  If you are tagged in a photo by a friend, who else can use that tag?  Is that available for searching by anyone that takes a photo of you and wants to profile and track you?
5.  Employers use Facebook and other online searches now to look up candidates - this will transform information available about you

"Hello, Big Brother: Digital sensors are watching us", USA Today, January 27, 2011.

Thursday, January 27, 2011

Founder Facebook Account Hacked - Security Measures Get Stacked

Facebook Founder and CEO Mark Zuckerberg had his Official Mark Zuckerberg fan page allegedly hacked (Has anyone seen Facebook confirm or comment?).

The post read:

"Let the hacking begin: If facebook needs money, instead of going to the banks, why doesn't Facebook let its users invest in Facebook in a social way? Why not transform Facebook into a ‘social business' the way Nobel Price winner Muhammad Yunus described it? What do you think? #hackercup2011"

A day later after the alleged, but not confirmed, hacking occurred, two security measures were announced on the Facebook blog:

1.  Secure use while on public networks:
The Facebook Blog announced this week that HTTPS (S for secure) will be available throughout your session of Facebook and not just during logon.

Usually new options on Facebook are set to "automatically opt in" unless you turn the feature off.  In this case, you have to go to the effort to turn the security features on.  This approach seems counter-culture and has left security and privacy experts a little confused as to why it did not follow the "automatically opted in" approach.

2.  Social Authentication:
If Facebook spots activity that seems fraudulent it may prompt the user to identify one of their friend's photos.  Hmmm...make sure you are look at your friend's photo albums so you are up to speed on their latest look and sense of fashion.

"Facebook unveils new security measures",  Josh Smith, National Journal, January 26, 2011.

"Mark Zuckerberg Facebook account hacked", Matthew Shaer, The Christian Science Monitor, January 26, 2011.

Photo Posted Not Privacy Protected - See Judge's Opinion

According to the quote noted on the Technology and Marketing Law Blog, a Kansas City Judge said:

"[P]hotos are taken to be viewed. When [nursing student supervisor] Delphia granted permission to take the photos, it was unreasonable to assume that they would not be viewed...By giving the students permission to take the photos, which Delphia admitted, it was reasonable to anticipate that the photos would be shown to others..."

This particular case centers around nursing students who took pictures of a patient's placenta and then posted a picture on Facebook of the human placenta.  The nursing students were expelled from nursing school.  The students went to court and won a ruling to go back to nursing school.

The Judge saw all the facts of the case so I do not want to question his ruling.  I do want to put people on alert that if this ruling becomes precedent, you may have problems with bringing forward complaints or lawsuits on ANY future photos of you or loved ones, that are posted without your permission,

Sending racy photos of yourself to your spouse?  If it gets into the wrong hands and this Judge's ruling is applied, I guess you should remember that it is "..reasonable to anticipate that the photos would be shown to others..."

Snap and store photos and videos with great care.

"Judge Says It’s Reasonable For Any Photo Taken To Go Viral. A Dangerous Precedent?", Kashmir Hill, The Not So Private Parts, January 27, 2011.

"Nursing School Can't Expel Students for Posting Photo to Facebook--Byrnes v. Johnson County CC", Eric Goldman, Technology & Marketing Law Blog, January 26, 2011.

Fortalice Welcomes Spring Interns: Michael and Stephanie

Fortalice is pleased to announce that we have brought on two spring interns from Immaculata University.  They will be providing research on key topic areas which will be posted to our company blog.  Please welcome Michael and Stephanie.  They look forward to hearing your feedback!

Stephanie Graziano

Stephanie hails from Ridgefield, Connecticut, which is located on the outskirts of New York State. She is a senior at Immaculata University, studying public relations and graphic design. Throughout her college experience I have been involved in a few clubs and organizations. Stephanie started her sophomore year as a Mac Mentor for the incoming freshman assisting them in their transition into college. The following year she was appointed the universities Communications Committee Chair and is responsible for creating and designing Immaculata University’s clubs and organizations monthly event calendars. After graduation she would like to work in the field of public relations and eventually would love to work as an event planner. She is undecided as to where she wants to relocate after college, she is considering Philadelphia or New York City.

Michael Senatore

Michael Senatore is currently a junior attending Immaculata University and is pursuing a degree in communications.  Michael wants to work in a media broadcasting field, specifically radio after graduation.  Michael has worked various jobs recently such as enumerating for the U.S. Census and overseeing catering sales for the local Boston Market.  Michael is looking forward to the spring 2010 internship with Fortalice Solutions because of the freedom to work on different topics of interest and the invaluable experience it will provide.

Thursday, January 20, 2011

Facebook Updates Reveal Your Info - In the words of SNL's Church Lady "How Convenient"

Before you read further, please remove or mask your home address and phone numbers on personal Facebook pages, please.

Dana Carvey's Church Chat and Church Lady, vintage 1986-1990, always made me laugh.  One of Church Lady's favorite phrases when her guests were crossing the line of morality into immorality was "How Con-veeen-I-ent!".  In case you want to get familiar with Church Lady or take a walk down memory lane, check out some Church Chats at YouTube.

When I read the latest privacy and security alert from Sophos and saw that Facebook was once again making enhancements that would expose email addresses and home phone numbers, I thought, "How Convenient!"

Facebook, when asked about the latest change and if they were concerned about the safety of their customers, they responded they were intending to maximize convenience for its users.

In a recent change to settings, sites like Farmville and other games and applications you interact with when you are on Facebook can access your address and phone number.

Sophos and others vocally pushed this issue with Facebook and they have pulled this enhancement back, for now.


"Facebook Update Exposes User Contact Info, Security Expert Says',, January 17, 2011.

"Rogue Facebook apps can now access your home address and mobile phone number", Graham Cluley, Sophos, January 16, 2011.

DUI Mug Shots on Facebook?

Privacy vs. Policing.  Where do you stand on this issue?

A City Councilman in Huntington Beach, California has proposed that the town post mug shots of anyone arrested, more than once, for DUI.  The mug shot and names for repeat offenders would be posted on Facebook.  He believes this approach would create a wall of shame that might deter the number of DUIs and save lives.

The California town had 195 people injured or killed due to DUIs in 2009.

The Police Department is hesitant believing it violates the accused person's rights to privacy.

Honolulu and a township in NJ tried a similar program and were reported to have backed away from their programs to post mug shots of DUIs.

Oconee County in Georgia actually uses a Facebook page to highlight criminals and suspects, for example a suspected child molester.

"California City May Put DUI Mug Shots on Facebook", Associated Press, January 18, 2011.

iPad Hack on the AT&T Network - Are You At Risk?

Roughly 6 months ago an alert came out that iPad customers might have a potential exposure issue.  At the time, it appeared that a technology company discovered an issue where iPad's were transmitting unique ids that could be matched to email addresses which could create a potential for privacy issues and device compromise.  At the time, the technologists said they wanted to report it to Apple so they would fix it.

Apple says they were never contacted.

U.S. Prosecutors have a different point of view of what happened.  They charged the two men this week with stealing and distributing email addresses for iPad owners.  Roughly 120,000 people were impacted by this.  The list of iPad owners included celebrities, company CEOs, military officials, and average consumers.

The investigators have accused the men of using an attack to extract the data.  They then had a program that would guess at data about each iPad and match it to information on AT&T servers to match names and emails.

The two men provided the information to Gawker, a gossip website.  Gawker published some of the information including that former White House Chief of Staff Rahm Emanuel, NASA employees, and other government offices were on the list.

"Two charged over iPad hacking on AT&T network", Jonathan Stempel, Reuters, January 18, 2011.

"Two Charged in AT&T Hack of iPad Customer Data", Kim Zetter, Wired, January 18, 2011.

A Hacker Reads Women's Facebook Profiles And Steals Suggestive Photos

Before you read this awful story, please stop and do 3 quick things:
1.  Make sure you have a strong password on your accounts
2.  Review your Facebook profile to see how much information you share about yourself that could be used to impersonate you (high school attended, pet's name, favorite color, etc)
3.  Photos of you on your email account could be fair game to a hacker - please snap those photos and shoot and store videos wisely

A man in California has admitted that he used Facebook profiles to collect information and hack into the email accounts of women.  Once inside their accounts, he would search around their email account and if he found nude or compromising pictures or videos, he sent those out to any addresses he found in their contact book.

Just to add to this heartbreaking story, he actually coerced one victim into sending him explicit photos of her under threat that he would distribute the pictures he stole from her account.

One victim had sent photos of herself to her husband.  The hacker posted them on her Facebook account and a friend notified her.

A quote from the National Cyber Security article that tugged at my heart for this poor woman:
“I have a network of like 1,500 people, so they all saw my pictures. So my graduating class of 2007 saw that. I’m in the military, so all my army friends saw that,” Piscak said.

How did he do this?
1.  He would scan facebook
2.  If women posted their email addresses (newsflash - most of you do), he would study their profile intently so he would have the answers to security questions
3.  He would email the email service provider using the information he learned about them to convince the email providers that he was them
4.  Where possible, he would take over their Facebook account as well using the information he found in their profile to guess at security questions or at their password

Victim Locations?
17 States, Washington DC and England.

"Hacker Assaulted Women on Facebook", National Cyber Security, January 15, 2011.

An Update on a U.S. Internet Id

The White House plans to work with the private sector to create an identity ecosystem.

Discussions go back and forth.  Some opponents are concerned about privacy on various levels, including questions about who would own the aggregated data and how data breaches would be avoided.

In the Washington Times article, they posted a quote by the Inspector General of NARA:

"While each case of data breach, loss or undue risk of loss represents a unique stanza, the chorus of the song remains the same," Paul Brachfeld, NARA's inspector general, said in a 2009 congressional hearing. "Internal control weaknesses, lapses and exercises of questionable judgment tied to other incidents I have spoken of today regularly leave me and my staff frustrated and bewildered."

Companies and Government Organizations have a constant battle keeping records under their care safe from accidental and intentional exposure.

The Administration has stated the program would be voluntary.

The Commerce Department will establish a program office to work on this initiative.

It will be interesting to see what incentives are built to encourage adoption of internet ids by American consumers.

What would make you decide to get one?

1.  Child  safety experts have long felt that an internet identity system is critical to protecting kids
2.  Trusted identities could be used as another layer of authentication before accessing your personal information online, such as your bank account balance
3.  There might be a way to create an economical, digital certificate that belongs to you, think of it as a password passport so you can have one digital identity vs. many passwords to access information

1.  Large collections of userid/password or other identifying parts of information are targets for cybercriminals
2.  Who do you trust to be the agent that holds your internet identity?
3.  It is not clear what information is part of your identity or follows your internet identity around.  Is it just who you are or what you like to do on the internet?
4.   If this is "optional" and led by the private sector as suggested, we may be creating bureaucracy within the Commerce Department that cannot actually manage this or may not be needed


See Previous Fortalice Blog Post

"Obama Wants Internet ID for All Americans", Kevin Parrish, Tom's Guide, January 12, 2011.

"No more passwords? Obama considers Internet ID for Americans in bid to boost web security", David Gardner, Daily Mail Online UK, January 10, 2011.

"Obama Administration Reportedly Plans to Create Internet ID for All Americans", Fox News, January 8, 2011.

"Obama's Internet passport Administration wants national ID card for online commentary", Editorial by the Washington Times, January 13, 2011.

"Obama to hand Commerce Dept. authority over cybersecurity ID", Declan McCullagh, CNET News, January 7, 2011.

Calling all U.S.A. K-12 students - Google wants you to Doodle!

Google is hosting it's fourth "Doodle 4 Google" contest.

Kids are given the theme, "What I'd like to do someday..."

If your kid wins, the Google doodle will be on the homepage and your kid will receive a $15K scholarship AND your kid's school will win a $25K technology grant.

You have until March 2 to register.  Entries must be postmarked by March 16.

Go to: for more details.

Friday, January 14, 2011

Arizona Suffers a Horrible Loss - How Do We Learn From This Tragedy?

What happened in Arizona was a tragedy for all involved.  We are fortunate the losses were not higher and I thank all the heroes of that day for what they did.

The alleged shooter left a trail of digital footprints.  Some of his own making through posts on a gaming forum called Earth Empires and Myspace or videos on YouTube.  Some via other people that encountered him and worried for their safety.  In hindsight, these digital footprints look like potential clues.

On his MySpace account which is now inactive, he posted:

“Goodbye friends  Dear friends…Please don’t be mad at me. The literacy rate is below 5%. I haven’t talked to one person who is literate…I want to make..”

The question is, what responsibility does the online community have to follow up on bizarre posts?  What should the protocol be?  Should there be a forum for alerting law enforcement of bizarre posts?  How would something like that work effectively?

These are challenging questions, but if we can find the right balance, perhaps there are lessons to be learned from this tragedy that can be used to prevent future tragedies.


"Jared Lee Loughner’s Secret Online Life on Earth Empires", Alexandra Berzon, Wall Street Journal, January 13, 2011.

"Arizona Shooter Jared Lee Loughner – Internet Profile, Photographs", Prefect, Praetorian Prefect, January 8, 2011.

A Twist on School Robocalls - A Dad Dials Back

A Maryland Dad got a call at 4:33am Wednesday.  His heart racing and mind in a panic, he wondered what was wrong and did not want his 5 children to be woken up by the phone.  He picked up the phone and the call was an automated call letting him know that his school had a two hour delay.  He already knew this information and was dumbfounded as to why the school system thought a robocall at 4:30am was the appropriate time to call.

Instead of getting mad, he dialed back!
1.  He went online and found a robocall company
2.  He taped a message
3.  He typed in the phone numbers for the school board members, the Superintendent, and the General Counsel
4.  He scheduled the robocall for 4:30am the next day

The Robocall service gave the Dad back a summary that 8 people picked up the phone out of the 19 phone numbers he supplied and the rest most likely went to an answering machine.

His call is posted on the Washington Post and is polite.  You may disagree with the time he chose but it looks like he may have made his point as the school system is evaluating their processes for choosing the timing of robocalls.

"Md. father uses robocall to get revenge on school officials", Donna St. George, Washington Post, January 14, 2011.

Spam is down but new scam methods will be up

Is your email inbox suddenly a little leaner?  Less Viagra and Penny Stock emails getting through?  It's all a great sign for the war against spam but experts are worried that, since criminals go where the action is, they are just up to new tricks.

On Christmas Day, the Rustock Botnet, which seems to have replaced Mega-D for generating high volumes of spam, they are known for fake drug ads, was quiet.  Maybe cybercriminals do take days off?  Highly unlikely.  Rustock Botnet potentially owns 1.7 million  computers and uses those to generate and send more spam.

Rustock cranked back up again after the New Year but not at the same volumes.

What targets can you expect for this year?

1.  Shortened links:  hiding behind those shortened links so popular in social networking sites.

2.  Smishing:  text messages on your cell phone that look legitimate but the link is not

3.  Click through Ad fraud:  You click on an add for a legitimate product or company that has been hijacked or counterfeited

4.  Poisoned Searches:  Creating web sites that generate traffic so they hit the top of your search engine results and lead you to click on a link that is hiding malicious software


Instead of clicking on the link, type the headline into your favorite search engine and connect via the original web site through the search engine link provided.

Use a tool like Norton's safe web tool or ExpandMyURL.  You can type in the link and get a report on the reputation of the site or the link.  Go to:  or


"Experts fear cyberspammers are plotting new attack modes", Byron Acohido, USA Today, January 11, 2011.

Previous blog post, "Have Cybercreeps Gone Vegetarian on Us?" and sources from January 5, 2011.

WBTV Protecting Your Cyberturf Segment, "The New Hiding Spot for Spam", January 13, 2011.

Riots Via Social Media

We talked before about how Iranian protesters were able to leverage Twitter to tell their local friends and family, and the world, about events as they were unfolding in 2009.  Most posts covered the details of the crackdowns on Tehran University students that were protesting the elections.

Youths in Tunisia, a North African nation, used Facebook recently to riot and protest the unemployment situation.  They have an average of 14% unemployment.  The movement is leveraging social networks, including Facebook, the organize their protests and to educate and mobilize others across Tunisia.

One source said 1 in 10 Tunisians has a Facebook account.  YouTube and other video sharing sites are banned and newspapers are heavily censored, so many Tunisians use Facebook to share information and videos.

Selim Ben Hassen, the Paris-based president of the Byrsa citizens movement, gave Facebook the bulk of the credit as a way to get information disseminated.   Selim Ben Hassen said, "The psychological barrier of fear has fallen. People now know it's possible to go into the streets, cry 'Freedom!' and say 'We don't want a president for life.'"

"Jobless youths in Tunisia riot using Facebook", Bouazza Ben Bouazza and Elaine Ganley, Associated Press, January 11, 2011.

An Internet ID for Americans

The Obama Administration is reviewing a plan called the National Strategy for Trusted Identities in Cyberspace.  This would essentially mean crating Internet IDs for all Americans.  An early draft of the plan indicates that the implementation would be handled via the U.S. Commerce Department and not Department of Homeland Security or the National Security Agency.  Experts feel this may be in a nod to privacy concerns.

CBS News quoted the White House Cybersecurity Coordinator, Howard Schmidt, "I don't have to get a credential if I don't want to."  Schmidt has also said there would not be a centralized database and they are counting on the private sector to lead how this is implemented.

U.S. Commerce Secretary, Gary Locke, was also quoted as saying at the Stanford Institute for Economic Policy Research, "We are not talking about a national ID card. We are not talking about a government-controlled system. What we are talking about is enhancing online security and privacy and reducing and perhaps even eliminating the need to memorize a dozen passwords, through creation and use of more trusted digital identities."

Some potential Pros and Cons based on what we know so far:

1.  Child  safety experts have long felt that an internet identity system is critical to protecting kids
2.  Trusted identities could be used as another layer of authentication before accessing your personal information online, such as your bank account balance
3.  There might be a way to create an economical, digital certificate that belongs to you, think of it as a password passport so you can have one digital identity vs. many passwords to access information 

1.  Large collections of userid/password or other identifying parts of information are targets for cybercriminals
2.  Who do you trust to be the agent that holds your internet identity?
3.  It is not clear what information is part of your identity or follows your internet identity around.  Is it just who you are or what you like to do on the internet?
4.   If this is "optional" and led by the private sector as suggested, we may be creating bureaucracy within the Commerce Department that cannot actually manage this or may not be needed

I did an informal poll and asked people what their thoughts were.  The responses were surprisingly consistent.   Here is a summary:

Overall many had mixed feelings: 
1.  Many respondents feel there is so much anonymity that it allows cybercreeps and cybercriminals to prey on others, however,

2.  Respondents have followed the data privacy breaches that come with centralized ids/passwords both in the private and the public sector and they feel this could create new forms of identity theft.

Bottom line:  Not one person answered and said we must have IDs for All Americans without saying in the next sentence they were concerned about privacy, security, and governance.  

I would love to know your opinion.    Do you see additional pros that I did not mention?  


"Obama Wants Internet ID for All Americans", Kevin Parrish, Tom's Guide, January 12, 2011.

"No more passwords? Obama considers Internet ID for Americans in bid to boost web security", David Gardner, Daily Mail Online UK, January 10, 2011.

Read more:

"Obama Administration Reportedly Plans to Create Internet ID for All Americans", Fox News, January 8, 2011.

Thursday, January 6, 2011

"Who Watches The Watchmen?" When Computers Watch Us Who Watches Them?

When security guards walk their watch and use surveillance TVs they apply acumen, logic, intuition and skill.  When computers man the watch they use face recognition software and behavior patterns.

Recently various prisons sent their correctional officers to West Virginia for a training exercise that was different than previous exercises.  The difference was a new set of watchmen - computers.

This has far reaching opportunities to improve lives but potentially at the cost of your privacy.  That does not mean I am opposed to it.  I want to see open and vigorous debate on the pros and cons of computer surveillance and the safeguards needed to insure the government ,or the cyberbad guys, cannot abuse the technology.

I pulled this quote from a New York Times article written by Steve Lohr:
“Machines will definitely be able to observe us and understand us better,” said Hartmut Neven, a computer scientist and vision expert at Google. “Where that leads is uncertain.”

This is a vision expert from Google admitting that where this leads is uncertain.

Google is the company with the fabulous feature rich Google Maps that also had citizens concerned for their personal privacy.  The same company that has an app called "Goggles" where you can snap a photo on your smartphone and then Goggles will search the internet for matches.  Goggles purposely omitted facial recognition software due to privacy concerns.

If you have Kinect and love it, you are benefitting from the same technology.  As a player, you can wave your hand and the computer sees you through sensors and a digital camera.

There are many wonderful ways to use this technology - preventing theft or assault; searching for bad guys; checking on employees; and proactive protection and detection services.

But, it's hard to know where technology could lead us.  Using geocoding to check in at your favorite spots around town - was that on your radar before you had a smart phone?  The first time you had a videoconference at work did you think to yourself, "Oh no!  Now some kid is going to create Chatroulette?"

One more quote from the New York Times article that drives home the sensitivity and planning that needs to be considered.  When asked why they did not include facial recognition software into Goggles Eric Schmidt said, "“It was just too sensitive, and we didn’t want to go there. You want to avoid enabling stalker behavior.”

Who Watches The Watchmen?

"Computers that see you and keep watch over you", Steve Lohr, New York Times, January 1, 2011

Maybe He'll Think Twice Before He Cheats - Song has new meaning in China

The economy in China is booming and reports indicate that the culture is facing challenges.  One challenge is the spike in marital infidelity, including taking a 2nd wife!

The Chinese government is not taking this lightly so they have a solution.  They are putting marriage records online so anyone in China can look up a name and see if they are lying about their marital status.

So, what's your opinion?  I can look at what my neighbor paid for their house.  Should I be able to easily look at everyone's and anyone's marital status?

"Checking Cheats:  China Plans Online Marriage Database", Associated Press, January 5, 2011

Wednesday, January 5, 2011

Have cybercreeps gone vegetarian on us? The sudden drop in spam!

According to analysis provided by John E. Dunn in an article published by TechWorld, spam volumes appear to have peaked in the late summer of 2010 and then began falling.  Eric Park, in a post on Symantec's site reported the same analysis.

For example, M86 Security found that their spam measures dropped dramatically in late 2010, even with the typical high-volume period around year end and holidays.

Of course, Mega-D was caught and that outfit was a big spewer of spam.  That outfit was taken offline long enough ago that security experts do not think this can account for the drop.

So, have the cybercreeps gone good or given up "spam" for a more vegetarian diet?  The security community does not think so.  It is very likely that cybercreeps have turned their evil talents towards targeting you via social networking and mobile phones.

Case in point, Websense reported that Facebook and Twitter had an uptick in spam posts.

What can you do if your friend or colleague has a very interesting post but you are worried about clicking on the link?  One option is to go to Norton's Safe Web and type in the URL or shortened link to test it first. It's an extra step but might be worth it if the spam via email continues to drop but spam via your smart phone messages, Twitter, Facebook and other social networking sites rises!


"Spam and Phishing Landscape:  December 2010", Eric Park, Symantec, December 16, 2010.

"Sudden Spam Drop Leaves Experts Baffled", John E Dunn, TechWorld, January 4, 2011.

The "e" in e-card for cybercreeps means "easy" to get past security

My family and friends know by now that I NEVER open e-cards without calling or emailing them first to ask them 50 questions about the card before I even consider opening it.  That might explain the decline in e-cards in my in basket?

Until now, most of my friends and family put up with it because they love me and they all know that like the kid in "6th sense" who "sees dead people", when I look at most anything I "see cyberbadpeople".

So, when I read that bogus White House Christmas e-cards were sent out to people, I absolutely cringed.  I knew, before I read the article, that people probably opened them.

According to articles I read, the e-card contained the infamous Zeus malware.

One article mentions that one of the servers used to deliver the e-cards from "the White House" was in Belarus.  It is believed that the hackers stole several gigabytes worth of data.

From the site KrebsOnSecurity, he posted the actual message sent to recipients:

“As you and your families gather to celebrate the holidays, we wanted to take
a moment to send you our greetings. Be sure that we’re profoundly grateful
for your dedication to duty and wish you inspiration and success in
fulfillment of our core mission."

The card included links with a picture of a decorated Christmas tree with a file named "".

The Zeus variant appears to have stolen passwords and used those to steal Word and Excel documents.


"White House E-Card Spoof Steals Data", Brian Kalish,, January 4, 2011.

" 'White House' eCard Dupes Dot-Gov Geeks", KrebsonSecurity, January 4, 2011.

Hee Haw - Get Your Video Games and Apple Gift Cards By Way of a Mule?

Was an Apple gift card or video game under the Menorah or Christmas tree this recent holiday season?

Well, it may have come to you via a mule.   Slow down PETA members, I'm actually not talking about a new method of transit via animals, I am talking about money mules.

The Feds recently busted a major, multi million dollar ring involving two exchange students in Minnesota.  The dynamic duo, from Vietnam, are believed to be the masterminds behind a major scheme using counterfeit credit cards and taking advantage of online auctions and online stores.

It is believed that Apple, Dell, Verizon, Amazon, Paypal, eBay, and even Rosetta Stone lost money due to these alleged cybercriminals.

Investigators believe they have uncovered 180+ eBay accounts and roughly 360 PayPal accounts that were established by this ring under false information.  The tally of their evil looting?  Possibly $1.25 million.

How did they pull it off?  With money mules that wired them the money.  Mules are people that might be people duped into "work at home" schemes and have no idea they are part of a mule ring.  Some mules know exactly what they are doing.  The mules are believed to be US based and the scam ran in the U.S., Vietnam, and Canada.


"Cyber crime trail leads to Winona State students - Feds say a transnational cyber crime ring based in Vietnam has ties to two exchange students", Dan Browning, Star Tribune, January 3, 2011.

"Foreign-exchange Students Linked to Vietnamese Cyber-Crime Gang", Camille Tuutti, The New New Internet, January 3, 2011.

" 'Operation eMule' Feds Bust Duo with 500+ eBay, PayPal Accounts", John Leyden, The Register, January 5, 2011.

Sticks and Stones Do Break Bones...And Internet Postings Can Land You in Court.

There is a new example in the news that I want everyone to read about and take heed.  Please sit down with your young adults and children to discuss the do's and don'ts of life and how they must transfer into how they treat people on the internet.

For background purposes, you may want to read a book that talks about this, from the victim's point of view.  I am referring to the Google Bomb Book by Sue Scheff.  You can read about her and the awful ordeal that she survived and eventually learned how to thrive her way through.  Sue was the subject of internet defamation.  I met Sue through Twitter and I consider her an esteemed colleague and friend.  You can read a summary at the Google Bomb Book site.

The latest headline in the news that your teens and young adults can relate to is the Courtney Love defamation trial.  A social media expert is expected to testify AGAINST Ms. Love.  A defamation suit alleges that Ms. Love tweeted awful things about a designer known as "Boudoir Queen".  The defamation suit alleges that the Twitter posts damaged the fashion designer's reputation.

The lawsuit heads to trial January 18th.  I wonder if Ms. Love will tweet about it from the court room?

The court will hear the defamation suit and then will have to decide if Ms. Love's Twitter posts are an expression of her thoughts and opinions vs. presented as facts.

Social Media Expert, Jessie Stricchiola, has been asked to be a witness at the trial and to testify what the twitterati and followers of Ms. Love may have interpreted from the posts.


"Twitter Expert Will Testify Against Courtney Love In Defamation Trial", Debra Cassens Weiss, Internet Law, January 5, 2011.

"Are you ready to be google bombed? Why you must read Sue Scheff’s story", Dr. Michele Borba, September 7, 2009.

Google Bomb - The Untold Story of the $11.3M Verdict That Changed the Way We Use the Internet, by John W. Dozier Jr. and Sue Scheff.

The new heist - your conversations and text messages

The good guys strike again.  I have said before that technology functionality typically outpaces the ability to secure it.  Good guys are constantly trying to think like the bad guys to expose weaknesses that put you at risk.

Also, the term "hacker" has been hijacked and is associated with bad guys.  A hacker is someone who knows how to break into a system to override it.  This skill can be used for good, or for evil.  It's at the hands of the person's moral compass.

Two cybersecurity good-guy hackers worked on cell phone vulnerabilities for roughly a year designing ways to think like bad guys to see if they could steal text messages.  They recently accomplished this feat and showed how they could steal text messages from any phone within 20 seconds.  Wow!

The demonstration:
1.  The hacker sends a ghost text message  to a target phone which does NOT show up on the phone
2.  By sending the message to the target phone, they are able to obtain the unique id number on the phone
3.  Once they grab the id number, the recorded phone conversations and texts from that phone
4.  The demonstration took place on the GSM Network which houses roughly 80% of all phones globally. (GSM - Global System for Mobile)

So, is this affordable or scalable?  What was the cost of the technology?  You'll be surprised:
Roughly 36 British Sterling for the 4 Motorola phones ($56.09 US) and some sweat equity in programming.

The good-guy hackers did this as a wake up call to the mobile security industry.  It should also be a wake up call to consumers, businesses, and government agencies.

Great quote from one of the researchers pulled from the Security News Daily:
“This is all a 20-year-old infrastructure, with lots of private data and not a lot of security,” Karsten Nohl.

"Cybersecurity Experts Create Program That Steals Text Messages", Matt Liebowtiz, Security News Daily, January 4, 2011.

"GSM Phones Vulnerable to Hacking, Claim Researchers", John Plunkett, The Guardian, December 31, 2010.