2005

Not sure if the personal details obtained by hackers include CC#s, but names and addresses are certainly involved in this breach at a UK charity. A couple of interesting twists to this one, as reported at Silicon.com. First, the thieves weren’t content with just stealing the info — they used it to extort victims directly:…

Read More "Aid to the Church in Need", 2000 donors to charity, "personal details"

In a comment on “Build Irony In,” “Frank Hecker writes:” First, note that the “invalid certificate” message when connecting to buildsecurityin.uscert.gov using Safari is *not* because the certificate is from an unknown CA (or no CA at all); it’s because the certificate is issued to the server/domain buildsecurityin.us-cert.gov (note the dash) and thus doesn’t match…

Read More Web Certificate Economics

Speaking of tracking and databases: Mobile Landscape Graz in Real Time harnesses the potential of mobile phones as an affordable, ready-made and ubiquitous medium that allows the city to be sensed and displayed in real-time as a complex, pulsating entity. Because it is possible to simultaneously ‘ping’ the cell phones of thousands of users –…

Read More Tracking Graz (Austria)

Ever-increasing requirements that every item be uniquely identifiable are combining with the power of the internet to invade everyone’s privacy. The Guardian (UK) has a story about how ‘planespotters’ are gathering data that allows the after-the-fact tracking of CIA torture planes. (“How planespotters turned into the scourge of the CIA.”) Paul last saw the Gulfstream…

Read More Planespotters vs. the CIA

As we continue the series, illustrating Saltzer and Schroeder’s classic paper, “The Protection of Information in Computer Systems,” we come to the principle of separation of privilege. Separation of privilege: Where feasible, a protection mechanism that requires two keys to unlock it is more robust and flexible than one that allows access to the presenter…

Read More Star Wars and Separation of Privilege

Thieves broke into an auditor’s car trunk and stole a laptop containing SSNs and other information on approximately 800 people. Details at http://fortress.wa.gov/esd/portal/securitybreach

Read More Washington state employment security department, 800 people, SSNs+, auditor's stolen laptop

“Brand new Microsoft Excel Vulnerability:” The lot: One 0-day Microsoft Excel Vulnerability Up for sale is one (1) brand new vulnerability in the Microsoft Excel application. The vulnerability was discovered on December 6th 2005, all the details were submitted to Microsoft, and the reply was received indicating that they may start working on it. It…

Read More 0Day on Ebay