Jun 132013
 

I’ve read all his books, while still in my early teens. I have no comprehension (understanding) of those people who have never read or know who George Orwell (Eric Blair) was!

      *************************************

Boom in ’1984′ sales in NSA wake

Politico
by Hadas Gold
June 12, 2013

George Orwell’s '1984' is a book about a totalitarian state and government monitoring. | Reuters

George Orwell’s ’1984′ is a book about a totalitarian state and government monitoring. | Reuters

 

As the story of the National Security Agency secret surveillance program exploded, sales of George Orwell’s “1984” – about a totalitarian state and government monitoring – have shot up on online book seller Amazon.

As of Wednesday morning, four different editions of the book are in the top 40 of Amazon’s “Movers and Shakers” list with the highest ranking at 17. At one point, the Centennial Edition’s popularity was up nearly 10,000 percent and clocked in at third most popular on the list.

One description of the book says, “‘Thought Police.’ ‘Big Brother.’ ‘Orwellian’ – these words have entered our vocabulary because of George Orwell’s classic dystopian novel, 1984. The story of one man’s nightmare odyssey as he pursues a forbidden love affair through a world ruled by warring states and a power structure that controls not only information but also individual thought and memory, 1984 is a prophetic, haunting tale.”

 

(PHOTOS: Celebs react to NSA story)

 

The NSA program’s “broad net of surveillance is exactly the kind of threat Orwell feared,” Michael Sheldon, author of “Orwell: The Authorized Biography” told NPR.

 

Link to a biography of the very special political writer….

http://www.britannica.com/EBchecked/topic/433643/George-Orwell

 

Other Suggestions of George Orwell’s writings:

* “Animal Farm”

* ” Down and Out in Paris and London”

* ” Burmese Days”

 

Direct Link:  http://www.politico.com/story/2013/06/1984-book-sales-nsa-leak-92632.html

 

Mar 202012
 

Smartphone apps are sending your data to China

 

Naked Security
by Lachlan Urquhart
March 9, 2012

 

 

 

 

Smartphone apps can access some pretty personal and intimate information. This ranges from phone numbers and email addresses to GPS coordinates, to name a few.

It would be reasonable to assume that data collected is limited to assisting an app with its functionality. However, this doesn’t always seem to be the case.

A report in the UK’s The Sunday Times, “In a flash your details are on a server in Israel”, sheds some light on data transfer practices in 70 basic smartphone apps.

These run-of-the mill applications were chosen because the Sunday Times felt they sought more information than was functionally necessary.

Using “MiddleMan” software, they were able to monitor app data transfers and made some rather disconcerting discoveries.

 

The results showed that of the 70 apps, “twenty-one transmitted the phone number, six sent out email addresses, six shared the exact co-ordinates of the phone and more than half passed on the handset’s ID number.”

While the permissions for data collection may be buried somewhere in the privacy policy, we all know that most users don’t actually read these non-negotiable, lengthy, and difficult-to-understand contracts.

The excessive and unnecessary data collection is only part of this story. Perhaps more worryingly, the investigation highlights that the terms and conditions of the tested apps do not disclose the names of the data recipients, leaving users clueless about the final destination of their data.

The Sunday Times claimed that personal information was being sent outside the EU data protection fortress to companies and servers in China, India, Israel and America.

Specifically, 15 of the apps, including a puppy wallpaper app “Cute Dog”, sent the phone number to an LA-based nternet advertiser.

In another example, a flashlight app sent the user’s email address and phone number to a server in Delhi, India.

When EU data travels outside the European Economic Area borders, it is said to travel to “third countries.” This can post new risks to the subject’s privacy, and the data enters a minefield of complex legal regulation.

One such regulatory divide is found in Article 25 of the Data Protection Directive (DPD). It demands that the European Commission determine when “third countries” are providing DP standards equivalent to the EU’s DPD.

If the country meets the standards, it is added to a list of approved countries. Currently, this list is very short, notably including Argentina, Australia, Canada and the Faeroe Islands. This means that free flow of data can occur between the EU and these jurisdictions.

Data transfer between computer and device

The US also has made the cut with its US-EU Safe Harbour Agreement.

Importantly, The Sunday Times headline singled out Israel as an example of somewhere unexpected to send EU data. However, this is a bit of a red herring and should not necessarily alarm concerned parties.

Last year, the European Commission added Israel to the approved countries list, meaning their DP laws are adequate for EU transfers without the need for any additional safety measures.

For India and China, two other destinations mentioned in the report, there is no such seal of approval. Although India recently passed new data protection rules, these don’t equate to the same high EU standards yet.

However, the commercial reality is that developers need to make money from these apps. Nevertheless, I don’t think the business model of collecting and relaying all data that seems vaguely useful is sustainable from a user perspective.

Non-legal approaches may be able to provide businesses a more sustainable model, while protecting customers from over-zealous apps.

Stronger adherence to minimal data collection and clearer user privacy policies are a good start.

Last week’s GSMA mobile app “privacy by design” development guidelines included some brilliant recommendations to develop industry-wide harmonisation in these areas.

Another important practice is to ensure data is strongly encrypted when transferred to “third countries”. This added security is essential considering the likelihood that app data will end up in places that fall well short of the high EU DP standards.

 

Direct Link:  http://nakedsecurity.sophos.com/2012/03/09/smartphone-apps-sending-your-data-to-china/

Mar 192012
 

Hacker ‘KhantastiC’ attacks government websites

The Times of India
Shoeb Khan, TNN
Mar 20, 2012

 


JAIPUR:
Individual and corporate internet users in Rajasthan, beware. You might lose all your data as Pakistan hackers are on the prowl. They attacked and defaced 31 government websites this year exposing the poor handling capacity of web servers by state government.

KhantastiC, a hacker who claimed to be a part of Pakistan Net Army (PNA) reported on ‘zone-h.net’ the number of ‘Rajasthan.gov.in’ domain named websites hacked by him since January 16, 2012.

It is estimated that over 70% of government websites are vulnerable to cyber attacks as they were never audited by any competent agency. Another striking feature is that the main domain Rajasthan.gov.in was attacked four times since 2004.

Pakistani hackers have uploaded a ‘shell’ on the vulnerable website to penetrate into the web server in order to extract information from the source. Ironically this vulnerability was already reported by Jaipur-based cyber crime expert Mukesh Chaudhary in the first week of January.

Senior government officials added that no action was taken on the report as the government failed to find out a capable agency person who could correct it. “It’s tough to track down new-age hackers as they connect to Virtual Private Network of countries which do not record IP logs (tracking the user). It leaves users with no choice but to frequently change web security standards,” added Chaudhary.

Rajasthan-based experts feel the scenario is very bad in the state. Most of the government and small and medium companies have failed the international standards for web security, not because the procedures are expensive, but because they are apathetic to go for certification.

Himanshu Tiwari, president of NGO ‘Cyber Suraksha’ explained the modus operandi. He says, “Hackers write codes to exploit a particular type of vulnerability. These programs called robots, continuously crawl over the internet.” He adds that even advance Google search options are used to find such sites on the Internet. This also explains why institutes or websites which are not so famous also get hacked.

It is not necessary that the motive behind hacking is to steal data. Sometimes the hackers do it for fun.

Dec 072011
 

Duqu hackers scrub evidence from command servers, shut down spying op
Delete all files and logs just days after researchers revealed botnet’s existence
Computerworld
By Gregg Keizer
November 30, 2011

Computerworld – The hackers behind the Duqu botnet have shut down their snooping operation, a security researcher said today.

The 12 known command-and-control (C&C) servers for Duqu were scrubbed of all files on Oct. 20, 2011, according to Moscow-based Kaspersky Lab.

That was just two days after rival antivirus firm Symantec went public with its analysis of Duqu, a Trojan horse-based botnet that many security experts believe shared common code and characteristics with Stuxnet, the super-sophisticated worm that last year sabotaged Iran’s nuclear program.

Duqu was designed, said Symantec and Kaspersky, by advanced hackers, most likely backed by an unknown country’s government. Unlike Stuxnet, it was not crafted to wreak havoc on uranium enrichment centrifuges, but to scout out vulnerable installations and computer networks as a lead-in to the development of another worm targeting industrial control systems.

“I think this part of the [Duqu] operation is now closed.” said Roel Schouwenberg, a Kaspersky senior researcher, in an emailed reply to questions today. “[But] that’s not to say a new/modified operation may be under way.”

Earlier Wednesday, another Kaspersky expert posted an update on the company’s investigation into Duqu that noted the Oct. 20 hackers’ house-cleaning.

According to Kaspersky, each Duqu variant — and it knows of an even dozen — used a different compromised server to manage the PCs infected with that specific version of the malware. Those servers were located in Belgium, India, the Netherlands and Vietnam, among other countries.

“The attackers wiped every single server they had used as far back as 2009,” Kaspersky said, referring to the Oct. 20 cleaning job.

The hackers not only deleted all their files from those systems, but double-checked afterward that the cleaning had been effective, Kaspersky noted. “Each [C&C server] we’ve investigated has been scrubbed,” said Schouwenberg.

Kaspersky also uncovered clues about Duqu’s operation that it has yet to decipher.

The attackers quickly updated each compromised server’s version of OpenSSH — for Open BSD Secure Shell, an open-source toolkit for encrypting Internet traffic — to a newer edition, replacing the stock 4.3 version with the newer 5.8.

Although there have been reports that OpenSSH contains an unpatched, or “zero-day,” vulnerability — perhaps exploited by the Duqu hackers to hijack legitimate servers for their own use — Kaspersky eventually rejected that theory, saying it was simply “too scary” to contemplate.

Even so, it was one of two reasons Schouwenberg proposed for the fast update to OpenSSH 5.8.

“The logical assumption here is that we’re looking at possibly a vulnerability in the older version and/or an added feature in the new version that’s of use to the attacker,” said Schouwenberg.

By updating OpenSSH from the possibly-vulnerable OpenSSH 4.3, the Duqu developers may have intended to ensure that other criminals couldn’t steal their stolen servers.

Iran, which last year acknowledged some systems, including ones in its nuclear facilities, had been infected with Stuxnet, two weeks ago admitted Duqu had also wiggled its way onto PCs in the country.

Duqu has been traced to attacks in several countries other than Iran, including the Sudan, and may have been under construction since August 2007.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld.

Direct Link: http://www.computerworld.com/s/article/9222293/Duqu_hackers_scrub_evidence_from_command_servers_shut_down_spying_op?taxonomyId=82