Why We All Should Be Concerned About The Sony PlayStation Data Loss Incident

When I first read about the Sony PlayStation incident in which data theft occurred, I thought to myself it didn’t concern me. So what if some hacker obtained the names, addresses, email addresses credit card information of some 77 million users of Sony PlayStation online, since I don’t own such a beast. But as the week progressed and we learned more about the intrusion it became more apparent that this incident could have a far reaching affect for all of us.

Many of us, me included, use our credit cards for online purchases for everything from buying electronic equipment to buying applications for other devices we own. Though Sony has turned over the information about the break in to the F.B.I. and has warned Sony PlayStation users of the break in, what hasn’t been addressed as of yet is why the data was insecure to begin with?

This afternoon I sat down and added up the number of companies that have stored my informatoin on their servers. Information that could compromise my credit card account or my checking account. PayPal has both. I determined that there are 17 companies that have this information including my name, home address, email address, credit card account information and unfortunately my DOB and social security number, in some cases.

What has always amazed me is that social security numbers were never designed to be a secure means of identification. There was a time when it was stated on the social security card that it was not to be used to ID a person. But this has slipped through the cracks over the years and social security numbers are used to identify us. Armed with our DOB and social security number, thieves can steal our identity easily.

We should be concerned because it seems that whenever an incident happens in which consumer identification could be compromised along with credit information, little is ever done to hold the company responsible accountable. Telling the consumer to monitor your credit charges in case of illegal activity is like telling a murder victim to apprehend the suspect who killed them.

I believe that all companies who store our identification on their servers owe us the proper protections to keep prying eyes away from the information. Until this happens we are all at risk of identity theft.

Cyberwars: Already Underway With No Geneva Conventions To Guide Them

There should be an image here!Cyber attacks of various sorts have been around for decades. The most recent, and very dangerous, escalation in the past few years has been marked by countries launching attacks against other nations, such as Stuxnet, the nuclear plant-disrupting worm the Iranians have blamed on Israel and the U.S., while others are pointing the finger at Russia.

University at Buffalo military ethicist Randall R. Dipert, PhD, one of the founders of the National Center for Ontological Research at UB, says we have good reason to worry, because cyber attacks are almost entirely unaddressed by traditional morality and laws of war.

“The urge to destroy databases, communications systems and power grids, rob banking systems, darken cities, knock manufacturing and health-care infrastructure off line and other calamitous outcomes are bad enough,” says Dipert.

“But unlike conventional warfare, there is nothing remotely close to the Geneva Conventions for cyberwar. There are no boundaries in place and no protocols that set the standards in international law for how such wars can and cannot be waged,” he says.

“In fact,” he says, “terms like ‘cyber attack,’ ‘cyberwarfare’ and “cyberwar,'” — three different things with different characteristics and implications — are still used interchangeably by many, although they are three distinct entities.”

Dipert points out that while the U.S. isn’t the only target, it is a huge target and “our massive systems offer the biggest payoffs for those who compromise them.”

Dipert, C.S. Peirce Professor of American Philosophy at UB and a former West Point philosopher, examined many aspects of this issue in his paper “Ethical Issues of Cyberwarfare,” first published on the website of the Consortium for Emerging Technologies, Military Operations and National Security, or CETMONS.

CETMONS is a multi-institutional organization concerned with the ethical, rational and responsible understanding and management of complex issues raised by emerging technologies, their use in military operations and their broader implications for national security. He presented a more comprehensive paper at the U.S. Naval Academy, which is due to be published soon by the Journal of Military Ethics.

Dipert points to a few of the many fronts on which the war has already begun: on components of U.S. defense cyber-infrastructure; cyber attacks by Russia on Estonia and Georgia; recent probable attacks by China, North Korea and Iran on U.S. defense and economic targets, well-organized attacks by China on corporate targets, Google and Gmail; and this month, the suspected Stuxworm attacks.

“There has been intentional cyberharm for decades,” he says, “including damage perpetrated by apolitical and anarchic (“black”) hackers and economically motivated industrial cyberespionage agents.”

We think we have some idea of what “can” happen, but Dipert says, but there is a large array of possible scenarios for which there do not exist obvious moral reasoning or even straightforward analogies that could guide us.

“For instance,” he says, “traditional rules of warfare address inflicting injury or death on human targets or the destruction of physical structures. But there are no rules or restrictions on ‘soft-‘ or ‘cyber-‘ damage, damage that might not destroy human beings or physical structures as objects.

“But,” he says, “intentional destruction or corruption of data and/or algorithms and denial-of-service attacts could cause tremendous harm to humans, machines, artificial systems or the environment — harm that could make entirely civilian systems that are necessary for the well being of the population inoperable for long periods of time.

“Second,” he says, “I am disturbed by the extent to which, through easy Internet access, much of our economic and defense informatics infrastructure is vulnerable to cyber attack.

“This is due, in part,” Dipert says, “to our departure from the relatively secure Arpanet (one of the networks that came to compose the global Internet) for use in defense operations to a wide-open Internet that doesn’t have one relatively secure hard-wired Ethernet portal, but a variety of possible portals accessible by numerous international routes.

“Third,” Dipert says, “Gen. Keith Alexander, director of the National Security Agency, who also heads Cyber Command, a new full command instituted by the U.S. Department of Defense, has indicated that serious thought is being devoted to the development of cyberwarfare policy and strategy.

“To date, however, this has been shrouded in secrecy,” he says, “which is a serious problem because if they are to have a deterrent effect, it is absolutely necessary to make some policy elements public.”

Finally, Dipert points out that cyberwarfare is such a new and difficult domain that traditional ethical and political theories with which we frame disputes — utilitarianism, Kantian theory or natural rights theory — cast little light on this particular one.

Dipert says, “It has been my working assumption that to fully understand the moral constraints of warfare requires us to understand certain conclusions from game theory and work them into traditional thinking about war.”

He points out that similar reasoning in game theory guided the nuclear powers through the earlier years the Cold War, when there was little idea of how to use these weapons defensively or offensively.

What we need today, he says, and what scholars, military personnel and governments are trying to come up with, are policies, doctrines and strategies that cover cyberwarfare; an understanding of Just War Theory for cyberwarfare; new concepts and principles of morality for cyberwarfare; and some agreement as to whether and how such warfare is subject to international and customary law.

Dipert says, “I would predict that what we face today is a long Cyber Cold War, marked by limited but frequent damage to information systems, while nations, corporations and other agents test these weapons and feel their way toward some sort of equilibrium.”

The University at Buffalo is a premier research-intensive public university, a flagship institution in the State University of New York system and its largest and most comprehensive campus. UB’s more than 28,000 students pursue their academic interests through more than 300 undergraduate, graduate and professional degree programs. Founded in 1846, the University at Buffalo is a member of the Association of American Universities.

[Photo above by Chris Drumm / CC BY-ND 2.0]

Patricia Donovan @ University at Buffalo

[awsbullet:geneva conventions]

Windows 7 Annoyances: Tips, Secrets, And Solutions

There should be an image here!Windows 7 may be faster and more stable than Vista, but it’s a far cry from problem-free. David A. Karp comes to the rescue with the latest in his popular Windows Annoyances series. Windows 7 Annoyances: Tips, Secrets, And Solutions is a thorough guide that gives you the tools you need to fix the troublesome parts of this operating system, plus the solutions, hacks, and timesaving tips to make the most of your PC.

  • Streamline Windows Explorer, improve the Search tool, eliminate the Green Ribbon of Death, and tame User Account Control prompts
  • Explore powerful Registry tips and tools, and use them to customize every aspect of Windows and solve its shortcomings
  • Squeeze more performance from your hardware with solutions for your hard disk, laptop battery, CPU, printers, and more
  • Stop crashes, deal with stubborn hardware and drivers, fix video playback issues, and troubleshoot Windows when it won’t start
  • Protect your stuff with permissions, encryption, and shadow copies
  • Secure and speed up your wireless network, fix networking woes, make Bluetooth functional, and improve your Web experience
  • Get nearly all of the goodies in 7 Ultimate, no matter which edition you have

Windows 7 Annoyances: Tips, Secrets, and Solutions

  • Author(s): David A. Karp
  • Paperback: 720 pages
  • Publisher: Publisher: O’Reilly Media; 1 edition (May 4, 2010)
  • Language: English

When Twitter Biebers Fight, It’s Called A Twitter Bieber Battle

This week, Lamarr is all worked up over Justin Bieber and his apparent misuse of Twitter. It seems as though JB was upset after a fan hacked the computer of a friend of the Bieb to obtain Justin’s cell phone number. This “hacker” then called and texted JB a few times. In order to get back at the poor kid, Justin tweeted HIS phone number out, claiming it was his own. The kid received thousands upon thousands of text messages and telephone calls.

Add to iTunes | Add to YouTube | Add to Google | RSS Feed

Apparently, the victim was Detroit teen Kevin Kristopik, who deleted his Twitter account shortly after tweeting, “Thanks for giving out my # @justinbieber.” Kristopik hacked Bieber’s friend Ryan Butler to uncover Bieber’s phone number, then did the crazed fan thing and texted him. Yes, that was wrong. No, Kristopik shouldn’t have done it. But does that give Justin Bieber the right to tweet Kevin’s number out to over four million followers?

According to a video Kevin posted on YouTube, he received more than 26,000 text messages in just a few hours. If the kid doesn’t have an unlimited texting plan (or International calling!), then his parents will likely have heart failure when the next phone bill shows up.

To me, this is a blatant case of abusing one’s power, and JB owes this kid a public apology — and then some. Lamarr doesn’t necessarily agree, though. What do YOU think?

Want to embed this video on your own site, blog, or forum? Use this code or download the video:

Windows 7 Annoyances: Tips, Secrets, And Solutions

There should be an image here!Windows 7 may be faster and more stable than Vista, but it’s a far cry from problem-free. David A. Karp comes to the rescue with the latest in his popular Windows Annoyances series. Windows 7 Annoyances: Tips, Secrets, And Solutions is a thorough guide that gives you the tools you need to fix the troublesome parts of this operating system, plus the solutions, hacks, and timesaving tips to make the most of your PC.

  • Streamline Windows Explorer, improve the Search tool, eliminate the Green Ribbon of Death, and tame User Account Control prompts
  • Explore powerful Registry tips and tools, and use them to customize every aspect of Windows and solve its shortcomings
  • Squeeze more performance from your hardware with solutions for your hard disk, laptop battery, CPU, printers, and more
  • Stop crashes, deal with stubborn hardware and drivers, fix video playback issues, and troubleshoot Windows when it won’t start
  • Protect your stuff with permissions, encryption, and shadow copies
  • Secure and speed up your wireless network, fix networking woes, make Bluetooth functional, and improve your Web experience
  • Get nearly all of the goodies in 7 Ultimate, no matter which edition you have

Ubuntu: Powerful Hacks And Customizations

There should be an image here! Ubuntu is a community developed, Linux-based operating system that is perfect for laptops, desktops, and servers, and is used by millions of people around the world. Ubuntu: Powerful Hacks And Customizations provides you with practical hacks and tips that are not readily available online, in FAQ files, or any other Ubuntu book on the market so that you can customize your Ubuntu system for your specific needs.

Bridging the gap between introductory information and overly technical coverage, this unique resource presents complex hacks and ways to extend them. You’ll feast on numerous tips, hints, and little-known secrets for getting the most out of your Ubuntu system.

Coverage includes:

  • Hacking the Installation
  • Selecting a Distribution
  • Selecting the Ubuntu Version
  • The 10-Step Boot Configuration
  • Booting Variations and Troubleshooting
  • Tweaking the BusyBox
  • Upgrading Issues with Ubuntu
  • Configuring GRUB
  • Customizing the User Environment
  • Configuring Devices
  • Adapting Input Devices
  • Managing Software
  • Communicating Online
  • Collaborating
  • Tuning Processes
  • Multitasking Applications
  • Locking Down Ubuntu
  • Advanced Networking
  • Enabling Services

If you’re a power user hungry for cutting-edge hacks to intensify your Ubuntu system, then this is the book for you!

Seven Deadliest Unified Communications Attacks

There should be an image here!Do you need to keep up with the latest hacks, attacks, and exploits affecting unified communications technology? Then you need Seven Deadliest Unified Communication Attacks. This book pinpoints the most dangerous hacks and exploits specific to unified communications, laying out the anatomy of these attacks including how to make your system more secure.

You will discover the best ways to defend against these vicious hacks with step-by-step instruction and learn techniques to make your computer and network impenetrable.

“Anyone charged with securing their enterprise UC systems will find Dan York’s clear and thoughtful guidance invaluable as we enter this era of massively interconnected communications solutions. There’s no magic bullet for UC security, but Dan gives readers the next best thing: accessible security models and straightforward action plans that speak directly to the most unique aspects of UC security challenges.” – Andy Zmolak, Sr. Mgr., Security Planning and Strategy, Avaya, Inc.

Web Site Identifies Hacker – Should It Prosecute?

Last January, TechCrunch had its Web site defaced and traffic redirected by a hacker, and now the company wants to know your opinion whether it should prosecute the person or not. What’s the problem? Prosecute the hacker. That is my opinion that is shared with about 70% of the people who have responded to the poll thus far.

Here are the results as of this morning at 9:00 am CDT:

Should We Press Charges Against The TechCrunch Hacker?
Total Votes: 16,566

I personally do not see what the problem is. The person defaced the site and caused problems for two days which most likely cost the company money to fix and a loss of revenue.

What do you think? You can vote (I voted yes!) by clicking on the source link below.

Comments welcome.


Reblog this post [with Zemanta]

Apple iPhone ‘Bug’ To Hit On Thursday – 07-30-09 – Beware!

A group of researches are going to demonstrate this Thursday, 07-30-09, a hack that can take over any iPhone. The researchers have stated they have contacted Apple over a month ago, but that Apple has yet to fix the problem. So on Thursday afternoon, if you receive a text message with a square, users should turn off the phone to prevent from being hacked.

Over at Forbes they are taking this seriously and have posted the following information:

That small cipher will likely be your only warning that someone has taken advantage of a bug that Miller and his fellow cybersecurity researcher Collin Mulliner plan to publicize Thursday at the Black Hat cybersecurity conference in Las Vegas. Using a flaw they’ve found in the iPhone’s handling of text messages, the researchers say they’ll demonstrate how to send a series of mostly invisible SMS bursts that can give a hacker complete power over any of the smart phone’s functions. That includes dialing the phone, visiting Web sites, turning on the device’s camera and microphone and, most importantly, sending more text messages to further propagate a mass-gadget hijacking.

“This is serious. The only thing you can do to prevent it is turn off your phone,” Miller told Forbes. “Someone could pretty quickly take over every iPhone in the world with this.”

So if you own a iPhone you should be aware of this possible intrusion on your cell and take the apprioprate action of turning off the device.

Comments welcome.


CanSecWest security conference – Ubuntu unhacked

At the CanSecWest security conference held in Vancouver, Canada this past weekend only Ubuntu remained unhacked in the contest. According to the web site at DVLabs the contest ended with only a Sony sporting Ubuntu as the final victor. The article stated:

So at the end of the last day of the contest, only the Sony VAIO laptop running Ubuntu was left standing.

had an awards ceremony tonight where we officially handed out both
winning laptops as well as brand spankin’ new Zero Day Initiative
laptop bags.

In previous reports both Mac and Vista had been hacked by conference attendees leaving only Linux as the standalone system. Though according to the article Adobe needed to be installed before an exploit could be found. This exploit is in the process of being patched.

Comments welcome.

Complete report is here.

[tags]security, conference, hack, vista, mac, ubuntu, exploits, [/tags]

Eccentric Cubicle

There should be an image here!Is your dreary office cubicle in need of some spice? If so, a new book, Eccentric Cubicle, has your much-needed remedies. Featuring zany and interesting ways to pump some fun into your workspace, Eccentric Cubicle will improve your building and creative skills, while quickly turning your cubicle into an office hot spot. Author Kaden Harris — the unconventional mind behind Eccentric Genius — takes aspiring and die-hard do-it-yourselfers through a highly entertaining gamut of workplace-oriented projects. From desktop guillotines and crossbows to mood-enhancing effects and music makers, these interesting builds combine a wide spectrum of basic shop techniques, alternative materials and designs that are guaranteed to bring some fun into any office environment.

Specific projects include:

  • Active Desktop: Over-engineered and cunningly executed, this postmillennial version of the classic French revolutionary guillotine is the last word in cigar accessories. Or desktop snack choppers.
  • BallistaMail: This Greco-Roman missile (good for launching spears, javelins, and the occasional boulder) scales down to an intimidatingly powerful interoffice mail delivery system. Your memos will never be ignored again!
  • Maple Mike: Because golfing is a stepping stone to boardroom success, make your own desktop simulation of the perfect golf swing in one easy-to-use/easy-to-build project.
  • Haze-o-Matic 3000: Bring the “fog of war” to your contract negotiations. Build a mechanism that’s as inherently cool as a fog machine and mystify your co-workers!
  • The Gysin Device: Harness your subconscious for enhanced creativity with this lucid dream induction device — all from the comfort of your own cubicle! Sitar not included.

Eccentric Cubicle offers far more than a collection of project “how-tos.” Filled with oblique industrial design, fabrication philosophies and sardonic social commentary, Eccentric Cubicle offers the reader encouragement to adapt, modify, and hack their way through their builds. “The book’s overall intent is to infuse the new-school Do-It-Yourself community with a therapeutic dose of slightly non-Euclidean engineering, classic shop techniques and surreally interpreted physics,” explains Harris. “The projects are intended to make people say, ‘It does WHAT?!'”

[tags]invention, hack, modification[/tags]

Mac OS X Leopard On Your PC ?

Disclaimer : XXXxx-XXX does not encourage piracy so please go and buy yourself a copy of Leopard legally rather than being a cheap dumbo.

These were the words on a Web sited I visited this morning in which they have posted two links to pirated versions of Apple’s newest operating system Leopard. There were also links for information on how to hack Leopard in an attempt to install it on a PC. Apple’s licensing agreement specifies that the software is designed for labeled Mac systems only and no others.

I’m not trying to be a goody-two-shoes here, but it seems to me that by placing a disclaimer like the above, may make the web site owner feel self-righteous, but does little to prevent piracy. By providing two piracy links it appears that they do condone piracy and are trying to benefit by increasing their site visits by offering the links. I seriously doubt they are doing this as a public service. I will also venture a guess that Apple may be contacting these people and asking them to withdraw the links.

What is humorous about the situation is that most sites that have provided access to the link for the ‘hack’ to install Leopard on a PC, also have another disclaimers of sorts:

Some system preferences, like Sound and Network, may never work.

Without network support means no Internet. Sound would be nice as well. But since Apple doesn’t produce PC related drivers for every hardware under the sun, I would venture another guess that the words may never should be replaced with will not.

Wouldn’t it just be simpler to go out and buy a Mac instead of trying to turn a PC into one? I guess the question I have is why? Why would you want your PC to run on Mac software? Or why would you want your Mac to run Windows?

Comments welcome.

[tags]apple, pc, leopard, hack, download, piracy[/tags]

Hack Thy iPhone

I would love to know what was really going on inside of Steve Jobs’ head when he rattled off the company speak as to how Apple is going to be working to curb the iPhone hacking as much as possible. Now understand that Jobs is no fool. I’m willing to bet Minis to iMacs that he could honestly careless who unlocks what from whom, just so long as the product is a hot seller and Apple is able to make its sales goals for the phone. I suspect that the move was to calm the carriers who are supposed to be ‘exclusive’ to the phone and are none to happy to seeing people taking the once exclusive product onto the airwaves from another carrier.

Should the contract providing for the exclusivity of the phone to only work with select carriers run out anytime in the near future however, I think it might be interesting to see how Apple reacts at that point. Will they even care once or if this happens? Guess only time will tell. Then again, perhaps you have some thoughts on this whole thing? What do you think will happen?

[tags]iphone, hack, Apple[/tags]

Should Apple iPhone Hackers Be Punished?

CNN had a segment over the weekend in which they interviewed the 17 year old teenage boy who had hacked the Apple iPhone and was able to use the phone with another carrier, not AT&T. While I was watching the program two thoughts went through my head. First, was this legal? Second what would be the response by Apple and AT&T? As the week progressed, others hailed their exploits about having also hacked the iPhone and were going to sell their hacking software to the general public. Same questions surfaced in my mind.

Here are some known facts we must deal with. Apple spent millions developing their iPhone. They also chose a telco. that they felt would give them the best service and also the best price. Their choosing AT&T instead of another carrier may not of sat well with some people. But it was Apples decision to make. Not yours or mine. Lets face it. Had Apple chosen another carrier, there still would of been some people upset no matter who Apple had used.

So now we have two sides with different view points. Side #1 thinks that Apple has a right to protect their intellectual property rights as well as inking a contract with whoever they deem fit, in this case AT&T. Side #2 thinks that the iPhone is fair game and once purchased the user should decide which carrier they wish to use, even if this means hacking the unit.

So what do you think?

Comments welcome.

[tags]iPhone, apple, hack, att&t, [/tags]

Vista Key-Gen Crack Most Likely A Hoax

Yesterday I received a Google alert concerning a key-gen crack that had allegedly cracked Windows Vista and the writer stated that it really, really, really worked. My first thought was that I doubted that Microsoft was going to allow Vista to be compromised by a 25 cent parlor trick. But then again… you never know. Software keys have been circumvented before.

So I took a look at the site where this alleged tip came from, and I noticed that the link to the key-gen wasn’t available and that the only information concerned a file that you could not locate, no matter how many Googles you did. Not even the hacks, or the hackers, had hacked it. :-)

Which is really strange since I would have suspected that this would have been a prime hack and a definite feather in someone’s hat. I mean there were even some semi-experts who had publicly stated the hack worked and one who had stated that he was able to generate no less than two keys that worked on Vista.

But it seems that the poster has fessed up to the prank and no such key-gen ever existed. At least that is the story today. You have to love the Internet for the stories and rumors that seem to take on a life of their own.

[tags]vista, microsoft, key-gen, hoax, hack[/tags]