Author Archives: Jeremy

2009 Computers Freedom and Privacy Conference

This week, I'm attending the 2009 CFP conference at the George Washington University in DC. So far, I found out that there's still far too few people that understand privacy when it comes to social networking sites.

Even more interesting was the information about Cross site scripting and worse and just how easy attacks like that (and others) are to use. If I were to put a certain code on this page and you still had Facebook or your bank open in another window, just by viewing this page I could manipulate your accounts.

It's really interesting stuff, but the lesson for the day is to never stay logged into services when browsing around in other windows or tabs.

Senate Passes Credit Reform Bill

That bill that everyone's been talking about a while just passed with most of the good protections still in tact (go figure). Essentially, the bill is a shinging example of regulation at its best and industry at its worst as it mandates that credit companies stop doing things that are dishonest and one-sided.

Wow. Who knew that without laws to prevent it, companies would stoop to one-sided and dishonest policies for the sake of money… hmmm.

Some of the major points:

  • Plain-English contracts
  • Can't raise interest rates on existing balances unless the card holder is 60 days behind, then the rate has to be restored if payments are on time for six months.
  • 45 days advance notice required for rate increases.
  • Credit card companies can't charge a late fee if they themselves are late processing a payment.
  • Statements have to get mailed 21 days before the payment is due.
  • Harder to give credit cards to people under 21.
  • Rates can be increased within the first year
  • Promotional rates have to last at least 6 month
  • Virgina Loses State-Run Medical Records

    It's so very obvious that health record systems should not be accessible online and any such system should have rock-solid security or not be put together at all… obvious to everyone except Virginia that is. What is it with that state? First the public records online and now health records? Are they TRYING to destroy the lives of everyone that lives there?

    Presidentail Photo-Op Flyover Causes Panic and Questions

    So one of Obama's planes flew low around the New York city area inciting mass panic, but the real question is "why?"

    The cost of this stunt was in the range of almost $400,000 and all for getting a shot of the plane flying with the Statue of Liberty in the background. You know, I'd have photoshopped that for half the price… They should have asked me.

    School Strip-Searches 13 Year Old

    A student tipped off the school administrators that a girl had some kind of drugs on her so they stripped her to her undies and told her to shake out her underwear. Some people defend this:

    That leaves school administrators with the choice of embarrassing a child through a search or possibly having other children die while in their care, Justice David Souter said. "With those stakes in mind, why isn't that reasonable?" Souter said.

    But there are several problems with this argument. First, the "reasonableness" depends entirely upon two conditions, that she possessed drugs and that those drugs would have caused harm to another student, both of which were not met.

    The event in question is now about 3 years old, but the rulings and hearings are just getting started.

    (H/T to Privacy.org for the link)

    What is up with Google Errors?

    This error is everywhere!
    This error is everywhere!

    It's weird but suddenly I've been seeing this annoying Google error randomly whenever I'm browsing around. In some cases, it's even come up when I wasn't using a link from Google! If I try reloading the page or, worst case, opening the page in Internet Explorer, it works fine most times.

    I don't know what it is, but I wish it would stop. It's clearly some kind of weird Google flaw and I hope they fix it soon. If anyone knows what this is and how to get rid of it, please let us know in the comments.

    Stalkers and Pranksters Using Your Cellphone To Spy on You

    One day, my father-in-law answered a phone call on his cell and was shocked to hear his own voice on the other end. After listening a few seconds, he realized that he was listening to a recorded conversation that he'd had with a customer many days prior.

    My in-laws asked me how this happened and I theorized, but didn't have a good answer at the time.

    They can turn on your cellphone and listen to your conversation from anywhere at any time
    Now it seems that what happened to him is the same sort of thing that happened to these two poor ladies where someone secretly installed software on their phone allowing them to track and monitor where they went, what they said, who called them and when, and, worst of all, turn on their cellphone remotely to listen to them even when they weren't using the phone.

    At the end of the video, they mention a website for more information which has a few more details about the experiment such as the fact that the FBI used similar technology to spy on organized crime families.

    The main problem here is that by putting all those extra features and gimmicks into cellphones means that they're nothing short of hand-held computers (and with that comes all the computer vulnerabilities). However, they mention ways to protect yourself such as:

    • Keep a close watch on your cellphone
    • Use a password on your phone to prevent casual tampering
    • Avoid high-end phones with internet and multiple networking capabilities
    • Remove the battery from the phone when it's not being used

    And by this point you're probably thinking the same thing I am, if you are the kind who wants a cool phone, how realistic is any of this? Not very.

    Instead, their last recommendation, which is the same I was going to make is to get a pre-paid cellphone for better security. Why? It's just a phone. No gimmicks, no computers (and no contract!).

    It would be nice if cell phone companies would be willing to cell simple phones with only a few basic features that we actually want (like voice-dialing), but until and unless that ever happens, your best security is with a pre-paid phone.