Monday, 22 February 2010

Links of interest 22 Feb 2010

Not had time to blog much lately, so here are some links to recent developments of interest, in no particular order - and this is just what I've come across in the last 2 weeks or so!

Privacy & security

  • Your typing style could identify you uniquely - yet another way to identify an individual internet user through the cadence or rhythm of their typing, another weapon for the de-anonymisation armoury. See Ars Technica, CitMediaLaw comments.
  • 10 information security tips for employees developed by ENISA "with the aim of focusing employees' attention on information security and allowing them to recognise IT security concerns and respond accordingly"
  • Tracking people - Autonomous Production of Images based on Distributed and Intelligent Sensing (APIDIS) system for tracking ball and players in sports matches "could also be useful for surveillance, when it could track groups of people on CCTV networks"
  • Forging passports (including British) to use in relation to an assassination is scary indeed. See Amberhawk, Reuters. (ID cards can be faked, techies knew that even if the UK government didn't seem to want to.)
  • Internet safety
  • Linking offline shopping behaviour to online ads - Yahoo & Sainsbury's Nectar make deal allowing online advertisers to target consumers based on their high street purchases, linking high street supermarket spending with the consumer's Yahoo! login (though it appears to be opt-in, at least) - IAB
  • Webcam spying - the stuff of movies, someone spying on you through your computer's webcam and mic, but a US school seems to have been watching students (and their families?) at school and and home using school-supplied laptops, and rightly have been sued - BoingBoing; the BBC have picked it up; Ars Technica say the school's backed down.
  • Ubercookies and identifying website users - Arvind Narayanan describes how "ubercookies" can be used to identify visitors - first, the history stealing and group membership correlating technique I mentioned previously, then more sophisticated attacks using what you share and other "footprint" traces you leave on the web; and next a bug in Google Docs (which Google said they'll fix) that lets sites identify you too.
  • Security - Chip & PIN cards can be used without knowing the PIN - Light Blue Touchpaper
  • DNA retention boo boo - 5 case studies submitted by Home Office to MPs to justify retention of innocent people's DNA were actually 4 with one being included twice… ComputerWeekly
  • ACTA (Anti-Counterfeiting Trade Agreement) negotiations -
  • Government, business and social networking logins stolen through Kneber botnet virus - Reuters, ComputerWeekly
  • PleaseRobMe.com - lots of coverage of this site which aims to raise awareness that announcing your location publicly online, including the fact that you're not at home, may not be a good idea, particularly with the rise of location related services or games like FourSquare - BBC, TechCrunch
    • Broadstuff: "I took one of the people on the first PleaseRobMe screen I looked at… and found their home address via a quick use of Twitter and Google. Took 5 minutes or so (the person was about the 10th I tried). You could fairly quickly build some algorithms to automate that mashup process".
  • People's locations & movements are predictable - study of "cellphone traces" showed that "regardless of whether a person typically remains close to home or roams far and wide, their movements are theoretically predictable as much as 93 per cent of the time." This USstudy made use of cellphone records collected for billing purposes and anonymised, but of course I wouldn't be surprised if someone didn't manage to de-anonymise them…
  • Top 25 programming errors that jeopardise security, updated. ComputerWeekly said New York State is updating its procurement terms (application security procurement language) to address these top 25 errors, with other states to follow. Will the OGC ensure UK government procurement requirements are updated too?
  • Google Buzz privacy debacle (exposing key Gmail contacts & Google Reader shared items to the world, etc) & complaints galore -
  • Data protection audits - the ICO will have more powers come April 2010 including auditing powers; they've issued for consultation a draft Code of Practice on Assessment Notices as to how they'd conduct audits. Out-Law report.
  • Model contractual clauses for transfer of personal data outside the EU - recently modernised. Helpful for multi-national businesses especially for subcontracting & out-sourcing. See Out-Law.
  • CV poaching - I didn't know this was going on:
    • "…it turns out that the candidate fell victim to resume poaching; someone grabbed their resume and submitted the candidate without the candidate’s knowledge… the recruiter could lose out on a potential fill, the candidate can be disqualified by the client for shopping around (a scorched earth response – rather than attempting to sort out what happened, the client disqualifies any resume submitted more than once), and the client is put on the spot to intervene in a process they should never have been involved with in the first place…. If you do post your resume, anonymize it – make the recruiter come to you. Avoid using your LinkedIn profile as a resume (believe it or not, with enough detail an unscrupulous recruiter will just make the resume for you. The key is to just summarize your experience)."

Other mobile / comms stuff

Misc

©WH. This work is licensed under a Creative Commons Attribution Non-Commercial Share-Alike England 2.0 Licence. Please attribute to WH, Tech and Law, and link to the original blog post page. Moral rights asserted.