Category Archives: Technology

RFID In ID Cards Still a BIG Problem and Getting Worse

"There's a reason you don't wear your Social Security number across your T-shirt," Albrecht says, "and beaming out your new, national RFID number in a 30-foot radius would be far worse."

There are no federal laws against the surreptitious skimming of Americans' RFID numbers, so it won't be long before people seek to profit from this, says Bruce Schneier, an author and chief security officer at BT, the British telecommunications operator.

Data brokers that compile computer dossiers on millions of individuals from public records, credit applications and other sources "will certainly maintain databases of RFID numbers and associated people," he says. "They'd do a disservice to their stockholders if they didn't."

Or put simply, everyone knows that this is scary beyond reason and we need to do something now BEFORE it's a problem.

Here is some more information from the source article:

In its October 2005 Federal Register notice, the State Department reassured Americans that the e-passport's chip — the ISO 14443 tag — would emit radio waves only within a 4-inch radius, making it tougher to hack.

Technologists in Israel and England, however, soon found otherwise. In May 2006, at the University of Tel Aviv, researchers cobbled together $110 worth of parts from hobbyists kits and directly skimmed an encrypted tag from several feet away. At the University of Cambridge, a student showed that a transmission between an e-passport and a legitimate reader could be intercepted from 160 feet.

The article also mentions a video that shows the results of his experiment. I was able to find it HERE.

China Bans Gold Farming

While playing online games like World of Warcraft and similar, you find advertisements for people who will get you rare items or in-game money (gold) for a fee. These so-called "gold-farmers" are often employed in different countries like China.

Well, China took note and passed a ban on gold farming based on the idea that the economy of large online games could affect the real economy negatively.

Whatever the reason, I think that getting rid of the farmers will have a positive effect on the games themselves and I hope we see more of this in the future.

Man Facing Child Porn Charges for Photoshopped Images

Check out this story:

A Tennessee man is facing charges of aggravated sexual exploitation of a minor for what authorities say are three pictures — none of them featuring an actual child's body.

Instead, according to testimony presented at Michael Wayne Campbell's preliminary hearing in Chattanooga, Tennessee, on Wednesday, the photos feature the faces of three young girls placed on the nude bodies of adult females, CNN affiliate WDEF reported.

The supreme court has already ruled that when no child is actually harmed, it's not a crime and I agree with that ruling. As distasteful as I may think it is, what someone does in their own home that harms absolutely no one and has no potential for harming anyone isn't really any of my business.

If this kind of thing continues should we start prosecuting people who look at other types of extreme porn even if there's no victim? Should anyone looking at porn who's married be prosecuted for adultery? There is an argument that sometimes it's hard to tell the age of the participants and in extreme porn whether or not someone is actually getting hurt (ala the film 8mm), but there have even been cases of people getting in trouble for cartoon and computer generated porn where there's no possibility of a live person being hurt. I won't say that I'm completely decided on this issue, but right now I think that this trend is going just a little too far into the "thought police" arena.

RIAA Appeal Goes Bad

A mother of 4 who was hit with a massive fee for sharing music online a while back finally won a new trial, but somehow ended up with a fine almost 10 times as high!

Even though there was no proof of any harm done to the recording companies since there's no way for them to show that anyone actually downloaded any music from her, she was slapped with a nearly 2 million dollar fine for her immense crimes (which were never proven).

Even if 100,000 people had downloaded each of the 24 songs she supposedly shared online (which probably wasn't even intentional as filesharing software generally shares what you download by default), that doesn't translate to direct financial loss to the recording companies anyway! This is a tragedy and I don't understand it. At best, it might be a judge's way of getting attention on the issue by pushing the verdict to absurd extremes.

CFP 2009 – Data Collection on Consumers

The panel this morning consists of members of the FTC, Google, and Microsoft and the subject is profiling people online.

There are so many questions I want to ask such as why Google stores data for so long (which they've avoided answering before) and why the FTC doesn't promote credit freezes (which they've avoided answering before).

In the meantime, there's talk about the different types of data collection each group does and the standard rigamarole about customizing and targeting advertisements as if that's helpful to the end user. Granted having ads that are more appropriate are more useful than less, but I see that as the same as having a neighbor down the street that you hardly know bring you a box of your favorite beef jerky. It's nice, but damned creepy when someone knows that much about you when you don't know who they are, what their intentions are, and how much else they know about you.

I stood up to lecture the panel on the fact that personalized ads aren't necessary for small sites to exist if they use the product recommendation method versus random ad policy like me, opt-out is an unfair business practice since it requires that people become very knowledgeable about ads and how to stop them which is near impossible for regular people, and opt-in is not only necessary, it's easy.

I doubt the information I shared will have any positive effect on the industry, but it was still worth a try.

2009 Computers Freedom and Privacy Conference

This week, I'm attending the 2009 CFP conference at the George Washington University in DC. So far, I found out that there's still far too few people that understand privacy when it comes to social networking sites.

Even more interesting was the information about Cross site scripting and worse and just how easy attacks like that (and others) are to use. If I were to put a certain code on this page and you still had Facebook or your bank open in another window, just by viewing this page I could manipulate your accounts.

It's really interesting stuff, but the lesson for the day is to never stay logged into services when browsing around in other windows or tabs.

What is up with Google Errors?

This error is everywhere!
This error is everywhere!

It's weird but suddenly I've been seeing this annoying Google error randomly whenever I'm browsing around. In some cases, it's even come up when I wasn't using a link from Google! If I try reloading the page or, worst case, opening the page in Internet Explorer, it works fine most times.

I don't know what it is, but I wish it would stop. It's clearly some kind of weird Google flaw and I hope they fix it soon. If anyone knows what this is and how to get rid of it, please let us know in the comments.

Stalkers and Pranksters Using Your Cellphone To Spy on You

One day, my father-in-law answered a phone call on his cell and was shocked to hear his own voice on the other end. After listening a few seconds, he realized that he was listening to a recorded conversation that he'd had with a customer many days prior.

My in-laws asked me how this happened and I theorized, but didn't have a good answer at the time.

They can turn on your cellphone and listen to your conversation from anywhere at any time
Now it seems that what happened to him is the same sort of thing that happened to these two poor ladies where someone secretly installed software on their phone allowing them to track and monitor where they went, what they said, who called them and when, and, worst of all, turn on their cellphone remotely to listen to them even when they weren't using the phone.

At the end of the video, they mention a website for more information which has a few more details about the experiment such as the fact that the FBI used similar technology to spy on organized crime families.

The main problem here is that by putting all those extra features and gimmicks into cellphones means that they're nothing short of hand-held computers (and with that comes all the computer vulnerabilities). However, they mention ways to protect yourself such as:

  • Keep a close watch on your cellphone
  • Use a password on your phone to prevent casual tampering
  • Avoid high-end phones with internet and multiple networking capabilities
  • Remove the battery from the phone when it's not being used

And by this point you're probably thinking the same thing I am, if you are the kind who wants a cool phone, how realistic is any of this? Not very.

Instead, their last recommendation, which is the same I was going to make is to get a pre-paid cellphone for better security. Why? It's just a phone. No gimmicks, no computers (and no contract!).

It would be nice if cell phone companies would be willing to cell simple phones with only a few basic features that we actually want (like voice-dialing), but until and unless that ever happens, your best security is with a pre-paid phone.

Google’s GPS-like Friend Locater Service, Latitude, To Be Privacy Friendly

I swear, sometimes I think Google is suffering from a serious Jeckel and Hyde complex. In the previous post I was lamenting Google's very lame privacy policies, but then this comes along.

Google apparently has a new service that lets you broadcast to your friends where you are at any time (at which point Google will plot them on a map for you). The downsides to this technology is of course that people could theoretically monitor you or get the records to use against you.

But Google is promising that the information in their Latitude service is ephemeral and will disappear after use.

What Loopt — and now Google — are asserting is this: when you tell your friends where you are, you are using a public conveyance to communicate privately. And, just as it would if it wanted to record your phone call or read your e-mail, the government needs to get a wiretap order. That's even tougher to get than a search warrant.

They've always been good about not giving up their search records without a fight, but it would be nice if they didn't store them so long in the first place.

Google Voice – Universal Phone Number Appealing, But is it Safe?

I only just learned about Google Voice and the staggeringly awesome features it offers for free. Though I'm not a huge fan of all the gimmicks companies attach to cell phones and phone services, this one has me interested.

The only problem is that with Google's historically abysmal privacy policies, will it be safe to use? Time will tell.

New York Cop’s Online Persona Used Against Him In Court

Whether or not the officer in question really did use excessive force, the main point here is that the things you write about online can come back to haunt you in the most unexpected ways.

Officer Ettienne said he is now being careful to mask his identity on the Web and that he has curbed his tongue because of the acquittal. “I feel it’s partially my fault, ? he said. “It paints a picture of a person who could be overly aggressive. You put that together, it’s reasonable doubt in anybody’s mind. ?

Even your "private" Facebook or Myspace account isn't so private under the force of a subpeona.

Bonus: Parents are getting busted for pictures of their kids drinking posted to Myspace pages.

Biometrics on Laptops Don’t Work

At least, not anymore. For anyone who thought those little fingerprint readers that some laptops have provide better security, I hope you won't be surprised to find out that they've been defeated.

The researchers were able to bypass Lenovo's Veriface III, Asus' SmartLogon V1.0.0005, and Toshiba's Face Recognition 2.0.2.32, even with each program set for maximum security.

Linkedin and Myspace At Your Own Risk

I can't believe it. After the issue with Reunion.com, I would have thought there'd be LESS sites asking for your e-mail password to "find your friends from you contact list", not more!

Today I found out that both Myspace AND Linkedin ask for your e-mail address passwords. Never NEVER give away your e-mail password to anyone for ANY reason, no matter how nicely they ask.

LinkedIn asking for e-mail passwords
LinkedIn asking for e-mail passwords

Forced RFID Implants Lead to Dog’s Death

Apparently, someone had enough money to spread around to get a law passed in California forcing dog owners to have their pets chipped. Though no one's sure why, at least one pet has died due the procedure. The sad part is that the owner was against the chipping, but was faced with fines and jail time if she didn't. Here's the full write-up from the Spychips newsletter:

===================================================

For Immediate Release
February 3, 2009

Dog Bleeds to Death After "Routine" Microchip Implant Procedure
Grieving owner calls for an end to mandatory microchipping in Los
Angeles

A fluffy bundle of life, love, and enthusiasm named Charlie Brown was
laid to rest last week, the victim of a microchip implant gone horribly
wrong. The long-haired, purebred Chihuahua bled to death in the arms of
his distraught owners, Lori and Ed Ginsberg of Agua Dulce, California,
just hours after undergoing the controversial chipping procedure.

"I wasn't in favor of getting Charlie chipped, but it was the law," said
Lori Ginsberg, citing a Los Angeles county ordinance that requires all
dog owners to chip their dogs once they reach four months of age. Dog
owners who refuse to comply face a $250 fine for the first offense and
up to six months in jail for continued non-compliance. "This technology
is supposedly so great until it's your animal that dies," she said. "I
can't believe Charlie is gone. I'm just beside myself."

Dr. Reid Loken, the board certified veterinarian who performed the
chipping, confirmed on Friday that Charlie died from blood loss
associated with the microchip. He cited "an extreme amount of bleeding"
from the "little hole in the skin where the [microchip implant] needle
went in" as the cause of death. He said he was both saddened and puzzled
by Charlie's death.

"I just don't know what happened to him. We put the chip in the back in
the shoulder blades, the standard place where we put them, and there
really aren't any major blood vessels in that area," he said. "I don't
think it went in too deep; it was a pretty routine chipping."

Dr. Loken suspected the needle may have nicked the muscle around the
scapula, causing blood to ooze from the muscle. However, his efforts to
stem the bleeding with pressure bandages were unsuccessful. The bleeding
could not be attributed to a congenital clotting problem, he said, since
Charlie had undergone a neutering and tooth extraction without incident
just weeks before.

Charlie's owners were devastated by the loss. "Charlie loved to play and
cuddle. He brought so much joy and life to our home," said Lori. "We
loved him and took such good care of him. He meant everything to us."

The Ginsbergs were quick to absolve Dr. Loken of responsibility for
Charlie's death. "He's a great vet and this was not his fault. The real
blame is with the people who forced us to implant our dog against our
better judgment," they said.

The Ginsbergs plan to petition the Los Angeles County Board of
Supervisors to repeal the mandatory chipping law, and have sought the
help of prominent consumer privacy advocate Dr. Katherine Albrecht.
Albrecht is a Harvard-trained researcher who has authored a definitive
academic paper citing literature that links microchips with cancer in
dogs as well as laboratory animals. She has also authored an exhaustive,
47-page FAQ on microchip implants.

Albrecht cites other adverse reactions stemming from microchips in the
past. In one case, a struggling kitten died instantly when a microchip
was accidentally injected into its brain stem. In another, a cat was
paralyzed when an implant entered its spinal column. The implants have
been widely reported to migrate within animals' bodies, and can cause
abscesses and infection. In at least two documented cases, dogs have
developed cancerous tumors surrounding or adjacent to microchip
implants.

"Tragedies like what happened to Charlie Brown are probably more common
than we like to think," said Albrecht. "But it takes courageous people
like the Ginsbergs to come forward and talk about it."

Albrecht and the Ginsbergs are calling for a repeal of all mandatory
animal chipping laws nationwide, and for the creation of a national
registry to document adverse reactions from the chipping procedure.

"It's horrible to live in a country where your choices are being take
away and you don't get to make decisions about your family and your life
anymore," said Lori Ginsberg. "Politicians should not take away my right
to do what I thought was best for my pet."

For The Media:
Lori and Ed Ginsberg have agreed to speak to the media to help raise
awareness of the dangers of pet chipping. They can be contacted at:
CharlieBrownMemorial@yahoo.com

Pictures of adorable Charlie Brown are available for press and blogging
use at:
http://www.katherinealbrecht.com/images/stories/charlie%20brown%
20003.jpg
http://www.katherinealbrecht.com/images/stories/charlie%20brown%
20004.jpg
http://www.katherinealbrecht.com/images/stories/charlie%20brown%20for%
20first%20christmas%20003.jpg
http://www.katherinealbrecht.com/images/stories/charlie%20brown%20for%
20first%20christmas%20005.jpg

Dr. Katherine Albrecht can be contacted at kma@spychips.com or (877)
287-5854, ext 1.
Her microchip implant FAQ and cancer study can be found online at
www.antichips.com
Further information about Dr. Albrecht can be found at
www.katherinealbrecht.com

Information on the Los Angeles Country chipping ordinance can be found
at:
http://www.laanimalservices.com/PDF/medical/lacounty_ordinance.pdf

Live Radio Interview Today
The Ginsbergs will be joining Dr. Katherine Albrecht on her live,
syndicated radio program today to discuss microchip implants and
Charlie's tragic death. The segment will air from 4:00-6:00 PM Eastern
time on "The Dr. Katherine Albrecht Show." The show broadcasts daily on
the Genesis Communications Network, and can be heard live at:
http://gcnlive.com/Listen_Live.html (Click "Stream 2")

The Ginsberg interview will be archived as a downloadable MP3 file on
Dr. Albrecht's website at:
http://www.katherinealbrecht.com (Click "archives")

# # #

=====================================================================
ABOUT CASPIAN

CASPIAN (Consumers Against Supermarket Privacy Invasion and Numbering) is a grass-roots consumer group fighting retail surveillance schemes since 1999 and irresponsible RFID use since 2002. With thousands of members in all 50 U.S. states and over 30 countries worldwide, CASPIAN seeks to educate consumers about marketing strategies that invade their
privacy and encourage privacy-conscious shopping habits across the retail spectrum.

http://www.spychips.com/
http://www.antichips.com/
http://www.nocards.org/

You're welcome to duplicate and distribute this message to others who
may find it of interest.

=====================================================================

To subscribe or unsubscribe to the Caspian-newsletter-l mailing list, click
the following link or copy and paste it into your browser:
http://mailman.nocards.org/mailman/listinfo/caspian-newsletter-l

If you have difficulty with the web-based interface, you may also
subscribe or unsubscribe via email by writing to:
admin@nocards.org

=====================================================================

RFID Passports Clones From Moving Car

Using inexpensive off-the-shelf components, an information security expert has built a mobile platform that can clone large numbers of the unique electronic identifiers used in US passport cards and next generation drivers licenses.

The $250 proof-of-concept device – which researcher Chris Paget built in his spare time – operates out of his vehicle and contains everything needed to sniff and then clone RFID, or radio frequency identification, tags. During a recent 20-minute drive in downtown San Francisco, it successfully copied the RFID tags of two passport cards without the knowledge of their owners.

So he cheaply proved that you can not only clone RFID passports, but you can do it secretly, at great distance, while moving.

Wouldn't it be nice if they thought about the security risks BEFORE putting a wireless chip in the passports?