pfir | 2 Jan 17:52 2011

Security risks in PDF documents


Security risks in PDF documents
http://bit.ly/e8y2je (Google Buzz)

 - - -

http://bit.ly/gUuFCU  (The H Security)

Depending on implementation details, this may be an argument for
viewing PDF documents in inherently more "sandboxed" environments
like Google Chrome (which has a basic internal PDF viewer) rather
than using full-blown Adobe readers (when possible and practical, 
given current feature requirements in any given case).

--Lauren--
Lauren Weinstein (lauren <at> vortex.com)
http://www.vortex.com/lauren
Tel: +1 (818) 225-2800
Co-Founder, PFIR (People For Internet Responsibility): http://www.pfir.org
Founder, NNSquad (Network Neutrality Squad): http://www.nnsquad.org
Founder, GCTIP (Global Coalition for Transparent Internet Performance): 
   http://www.gctip.org
Founder, PRIVACY Forum: http://www.vortex.com
Member, ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com
Twitter: https://twitter.com/laurenweinstein
Google Buzz: http://bit.ly/lauren-buzz

pfir | 2 Jan 17:58 2011

Re: Italy to regulate YouTube as a "TV Station" - including responsibility for user-uploaded content?


----- Forwarded message from Erik Hjalmar Josefsson <erik.hjalmar.josefsson <at> gmail.com> -----

Date: Sun, 02 Jan 2011 17:49:11 +0100
From: Erik Hjalmar Josefsson <erik.hjalmar.josefsson <at> gmail.com>
Subject: [ NNSquad ] Re: Italy to regulate YouTube as a "TV Station"
	-- including responsibility for user-uploaded content?
To: Stefano Quintarelli <stefano <at> quintarelli.it>
Cc: Lauren Weinstein <lauren <at> vortex.com>,
	"nnsquad <at> nnsquad.org" <nnsquad <at> nnsquad.org>

The implementation of the AVMSD is at the heart of this matter. Whether
or not the Italian implementation is compliant with the directive
remains to be seen. The Commission will of course open an infringement
procedure against Italy if YouTube files a complaint.

See:

Audiovisual Media Services Directive (AVMSD)
http://ec.europa.eu/avpolicy/reg/avms/index_en.htm

Infringements of EU law
http://ec.europa.eu/eu_law/infringements/infringements_en.htm

//Erik

On 01/02/2011 02:13 PM, Stefano Quintarelli wrote:
> this is common understanding in these days of political turmoil in italy, with la Repubblica fiercely
contrasting the present government, but it is wrong.
>
(Continue reading)

pfir | 2 Jan 18:36 2011

How long before DHS has "Gorgon Stare" above *our* cities?


How long before DHS has "Gorgon Stare" above *our* cities?
http://bit.ly/h1lJHN  (Google Buzz)

 - - -

The Washington Post has an article today about the latest surveillance
toy ostensibly designed for military use abroad -- "Gorgon Stare" --
reportedly capable of aerial surveillance of an entire town or city.

http://bit.ly/g9LnkQ  (Washington Post)

Supposedly designed for immediate use in Afghanistan (where critics contend
"boots on the ground surveillance and contacts" may be far more
effective), the Post includes one "throwaway" line of particular note:

   "The Department of Homeland Security is exploring the technology's
    potential, an industry official said."

Given U.S. authorities' continuing mantra that "we have no expectation of
privacy in public places" -- one can only imagine the salivating over
technology like this that must already be taking place at DHS.

In particular, this is a prime example of why people who spend their
time harassing Google over static satellite and Street View imagery
(that have very useful applications for ordinary consumers) are so far
off target.

Real-time technologies like vast CCTV networks and Gorgon Stare,
capable of observing large areas and recording the resulting live data
(Continue reading)

pfir | 4 Jan 00:02 2011

Chip-based DRM from Intel -- their gift to Hollywood


Chip-based DRM from Intel -- their gift to Hollywood

http://bit.ly/dZEdz9  (Bloomberg)

--Lauren--
Lauren Weinstein (lauren <at> vortex.com)
http://www.vortex.com/lauren
Tel: +1 (818) 225-2800
Co-Founder, PFIR (People For Internet Responsibility): http://www.pfir.org
Founder, NNSquad (Network Neutrality Squad): http://www.nnsquad.org
Founder, GCTIP (Global Coalition for Transparent Internet Performance): 
   http://www.gctip.org
Founder, PRIVACY Forum: http://www.vortex.com
Member, ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com
Twitter: https://twitter.com/laurenweinstein
Google Buzz: http://bit.ly/lauren-buzz

pfir | 4 Jan 17:57 2011

Intel Builds Sandy Bridge With a DRM Tollbooth


Intel Builds Sandy Bridge With a DRM Tollbooth
http://bit.ly/dIty13  (Google Buzz)

 - - -

http://bit.ly/gguijO  (Tech News World)

Also now confirmed is that the new architecture includes "features"
such as integral display adapters and memory controllers, etc., and
even apparently built-in "self-destruct" timers for content. 

These of course are only the details we're being told about.  My guess
is that Intel will attempt to also position this tech with promises of
other sorts of file and document "security" as well.  Could there also
be undisclosed goodies addressing government surveillance concerns,
buried in the silicon?  Silly to even fantasize along those lines of
course, right?

--Lauren--
Lauren Weinstein (lauren <at> vortex.com)
http://www.vortex.com/lauren
Tel: +1 (818) 225-2800
Co-Founder, PFIR (People For Internet Responsibility): http://www.pfir.org
Founder, NNSquad (Network Neutrality Squad): http://www.nnsquad.org
Founder, GCTIP (Global Coalition for Transparent Internet Performance): 
   http://www.gctip.org
Founder, PRIVACY Forum: http://www.vortex.com
Member, ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com
(Continue reading)

pfir | 4 Jan 18:21 2011

Calif. Supreme Court - cell phones can be searched without warrants


Calif. Supreme Court - cell phones can be searched without warrants

http://bit.ly/gV2NbK  (SFGate)

--Lauren--
Lauren Weinstein (lauren <at> vortex.com)
http://www.vortex.com/lauren
Tel: +1 (818) 225-2800
Co-Founder, PFIR (People For Internet Responsibility): http://www.pfir.org
Founder, NNSquad (Network Neutrality Squad): http://www.nnsquad.org
Founder, GCTIP (Global Coalition for Transparent Internet Performance): 
   http://www.gctip.org
Founder, PRIVACY Forum: http://www.vortex.com
Member, ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com
Twitter: https://twitter.com/laurenweinstein
Google Buzz: http://bit.ly/lauren-buzz

pfir | 5 Jan 02:10 2011

More "The Internet is a Threat" Security Screaming from the Usual Suspects


More "The Internet is a Threat" Security Screaming from the Usual Suspects.

--Lauren--
NNSquad Moderator

----- Forwarded message from Dave Farber <dave <at> farber.net> -----

Date: Tue, 4 Jan 2011 16:41:05 -0500
From: Dave Farber <dave <at> farber.net>
Subject: [IP] Trouble in Cybercity: What Canada Can Do
Reply-To: dave <at> farber.net
To: ip <ip <at> listbox.com>

Begin forwarded message:

> From: Jeffrey Hunker <hunker <at> jeffreyhunker.com>
> Date: January 4, 2011 4:12:13 PM EST
> To: Dave Farber <dave <at> farber.net>
> Subject: Trouble in Cybercity: What Canada Can Do
> 

> For IP if you wish. This op-ed is an extension of my thinking in Creeping
> Failure: How We Broke the Internet and What We Can Do to Fix It (McClelland
> and Stewart,2010).
> 
> 
> Globe and Mail 4 January 2011
> http://www.theglobeandmail.com/news/opinions/opinion/trouble-in-cybercity-wh
> at-canada-can-do/article1854625/
(Continue reading)

pfir | 5 Jan 04:04 2011

Video: The Navy's Raunchy "XO Movie Night" Parrot Revealed!


        Video: The Navy's Raunchy "XO Movie Night" Parrot Revealed!

               http://lauren.vortex.com/archive/000796.html

Greetings and Happy New Year.  By now you've probably heard how some
Internet Videos have triggered "career-interruptus" for U.S. Navy
Captain Owen Honors, who was recently awarded prestigious command of
the aircraft carrier USS Enterprise.

Unfortunately for the Captain, a series of extremely "raunchy" videos
entitled "XO Movie Night" -- produced and shown on board the
Enterprise around the 2006-2007 period, and featuring then first
officer (executive officer - "XO") Owens -- have been revealed and
widely disseminated on the Net.

It is being reported today that Captain Owens has (at the very least)
lost command of the Enterprise as a result.

Aside from the obvious "never assume videos will stay private" aspects
of the Internet that this situation illustrates, there's an oddity
worth exploring in the videos themselves.

In scene after scene, a strange and colorful "parrot" of some sort
appears, often specifically featured in the footage with Owens --
rather bizarre, indeed.

However, I'm pleased to reveal all regarding this bird -- straight
from the parrot's mouth in fact -- in a two minute video, including an
actual "parrot demo" no less!
(Continue reading)

pfir | 5 Jan 19:37 2011

California: *All* data on *all* devices you carry is subject to warrantless search


California: *All* data on *all* devices you carry is subject to
warrantless search

http://bit.ly/ep9OUC  (CNN)

This ruling illustrates a good reason to keep your phone locked (or
have a way to lock it quickly), and keep as much phone-related data as
possible in the cloud, where warrantless searches are much less likely
in the general case.  Note though, that there are legal tradeoffs
between cloud-based and personal-based data in all manner of complex
ways due to lack of harmonization of relevant laws in a manner that
would provide equally strong privacy protection in all cases.  Such
harmonization in favor of privacy is crucially needed.

Key points:

Ruling conflicts with other rulings, Supreme Court involvement likely

 "Ruling includes any arrests, even for protests and demonstrations."

 "... ruling is not limited to text messages.  The ruling allows police in
  California to access any data stored on an arrestee's phone: photos,
  address book, Web browsing history, data stored in apps (including
  social media apps), voicemail messages, search history, chat logs, and
  more. Also, depending on the use of location-enabled services or apps
  that store data on the phone, the police might also be able to infer
  the arrestee's past whereabouts."

I should add that it appears the ruling would apply to any other carried
(Continue reading)

pfir | 6 Jan 02:24 2011

Urgent Call for Privacy-Enhanced Mobile Data Storage and Self-Destruct Mechanisms


            Urgent Call for Privacy-Enhanced Mobile Data Storage 
                       and Self-Destruct Mechanisms

               http://lauren.vortex.com/archive/000797.html

Greetings.  Once upon a time -- not so very long ago -- an individual
arrested by law enforcement, or subjected to search at border custom
checkpoints, would typically be carrying little more of interest than
clothing, a purse or wallet containing limited sundry items, and more
recently a very simple cell phone.

But now many of us carry powerful computing devices that frequently
contain immense volumes of personal and business data -- laptops,
smartphones, tablets, flash memory thumb drives, and soon other yet to
be imagined marvels.  While it is increasingly possible to store data
only in the cloud for download or streaming on demand, many users
still need to maintain significantly large amounts of data on their
local devices due to data access speed requirements, or to assure data
availability when remote data connections are not available.

Governments in general and law enforcement in particular are
increasingly taking the view that their detailed inspections of mobile
devices, and the masses of data that they frequently contain, are no
different in kind than a simple search of a suspect's or traveler's
pockets.

Now the California Supreme Court has alarmingly ruled that arrested
suspects' phones -- and by extension any other devices on their person
or in their vehicles at the time of their arrest -- can be
(Continue reading)


Gmane