CISPA Passes in Closed Door Vote


.

Myself . By T.V. Antony Raj

.

At the Congress of the United States begun and held in New York, on March 4, 1789, several States, having at the time of their adopting the Constitution, wanted to prevent misconstruction or abuse of its powers by adding further declaratory and restrictive clauses.

The Fourth Amendment to the Constitution in its original form is as follows:

Amendment IV

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants
shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

The Fourth Amendment (Amendment IV) to the United States Constitution is part of the Bill of Rights ratified on December 15, 1791.

This amendment tries to protect two fundamental liberty interests – the right to privacy and freedom from arbitrary invasions. It guards against unreasonable searches and seizures, along with requiring any warrant to be judicially allowed and supported by probable cause.

Now, the United States Government is attempting to control and censor the internet by passing the Cyber Intelligence Sharing and Protection Act (CISPA), a law that would allow for the sharing of Internet traffic information among the U.S. government and technology and manufacturing companies.

The stated aim of the bill is to help the U.S government investigate cyber threats and ensure the security of networks against cyber attacks. This bill would allow major internet entities such as Facebook, Twitter, and Google to share voluntarily our personal information with the U.S. Government. This will not only affect users in the United States, but also anyone with an account with these companies.

As written, CISPA will not protect us from cyber threats, but will violate our Fourth Amendment’s right to our privacy, and freedom from arbitrary invasions.

    • It lets the government to spy on us without a warrant
    • Companies cannot be sued when they do illegal things using our data.
    • It allows companies and corporations to cyber attack one another and harm individual people outside the law.

.

.

About these ads

“What Ever Happened to the Millennium Bug?” by Grumpa Joe


Posted on 28/11/2012 by Grumpa Joe in Grumpa Joe’s Place

Year 2000 Time Bomb Disposal Kit

Year 2000 Time Bomb Disposal Kit (Photo credit: rjw1)

Does anyone remember the millennium bug? Back in the late 1990′s the planet was a buzz about a worldwide catastrophe, “the bug.” Personal computers came into existence in the seventies. At the time, computers possessed limited storage capacity. Programmers allowed only two digits to define a year. After all, in nineteen eighty, who could imagine the world lasting until the year two thousand? Between two thousand, and the limited capacity of early computer memory, no one could imagine that using only two digits to define a year was a problem. Finally in the late nineteen nineties the world became aware. What will happen on New Year’s eve of 1999 when the calendar turns over and it becomes the year 2000? Will the year 00 mean 1900 or 2000? Imagine the confusion. What would happen to the stock market? What about our savings in the bank? Would we earn the interest of 1900 or the interest of 2000? Worse yet, would those on the verge of retirement in 2000 be set back to 1900 and not be recognized as being born?

The millennium bug caused a rash of business to change out all old computers with new ones that could handle the four digit year. I remember my company racing to check computers to decide if they contained any software that limited the year to two digits. If they identified a problem they replaced it, or bumped it down to an application where the year was not a factor. The whole world sat on the edge of their seats waiting for the clock to turn, and the computers to crash. It is now twelve years after the fact, and I have yet to hear of a problem related to the millennium bug. What that means is we converted every computer on time, or that the millennium bug was a non-problem.

Today, I hear a lot of discussion about a similar catastrophe, the “fiscal cliff.” What will happen to the economy if we reinstate the Clinton era taxes? Many pundits, Congressmen, Senators, and “we the Sheeple” believe it will destroy the economy and send us into another more deeper recession. Really? Who has any definitive knowledge or facts to back that up? I think it would make a great experiment to let it happen i.e. do nothing to avoid the fiscal cliff. Let the taxes go into effect. It is a democrat’s dream to get all that extra money into the coffers (or trough). Perhaps we would learn once and for all about economics. Is economics a real science, or is it a political folly? If it is a science, the democrats will be proven wrong and the people they profess to protect will suffer. If they are right, economics will be proven more witchcraft than science.

It might be interesting to take a simple poll and see how you feel about this argument. Click on the poll below.

Related articles
Enhanced by Zemanta

When a Palm Reader Knows More Than Your Life Line by Natasha Singer


By NATASHA SINGER

“PLEASE put your hand on the scanner,” a receptionist at a doctor’s office at New York University Langone Medical Center said to me recently, pointing to a small plastic device on the counter between us. “I need to take a palm scan for your file.”

I balked.

As a reporter who has been covering the growing business of data collection, I know the potential drawbacks — like customer profiling — of giving out my personal details. But the idea of submitting to an infrared scan at a medical center that would take a copy of the unique vein patterns in my palm seemed fraught.

The receptionist said it was for my own good. The medical center, she said, had recently instituted a biometric patient identification system to protect against identity theft.

I reluctantly stuck my hand on the machine. If I demurred, I thought, perhaps I’d be denied medical care.

Next, the receptionist said she needed to take my photo. After the palm scan, that seemed like data-collection overkill. Then an office manager appeared and explained that the scans and pictures were optional. Alas, my palm was already in the system.

No longer the province of security services and science-fiction films, biometric technology is on the march. Facebook uses facial-recognition software so its members can automatically put name tags on friends when they upload their photos. Apple uses voice recognition to power Siri. Some theme parks take digital fingerprints to help recognize season pass holders. Now some hospitals and school districts are using palm vein pattern recognition to identify and efficiently manage their patients or students — in effect, turning your palm into an E-ZPass.

But consumer advocates say that enterprises are increasingly employing biometric data to improve convenience — and that members of the public are paying for that convenience with their privacy.

Fingerprints, facial dimensions and vein patterns are unique, consumer advocates say, and should be treated as carefully as genetic samples. So collecting such information for expediency, they say, could increase the risks of serious identity theft. Yet companies and institutions that compile such data often fail to adequately explain the risks to consumers, they say.

“Let’s say someone makes a fake ID and goes in and has their photo and their palm print taken as you. What are you going to do when you go in?” said Pam Dixon, the executive director of the World Privacy Forum, an advocacy group in San Diego. “Hospitals that are doing this are leaping over profound security issues that they are actually introducing into their systems.”

THE N.Y.U. medical center started researching biometric systems a few years ago in an effort to address several problems, said Kathryn McClellan, its vice president who is in charge of implementing its new electronic health records system. More than a million people in the New York area have the same or similar names, she said, creating a risk that medical personnel might pull up the wrong health record for a patient. Another issue, she said, was that some patients had multiple records from being treated at different affiliates; N.Y.U. wanted an efficient way to consolidate them.

Last year, the medical center adopted photography and palm-scan technology so that each patient would have two unique identifying features. Now, Ms. McClellan said, each arriving patient has his or her palm scanned, allowing the system to automatically pull up the correct file.

“It’s a patient safety initiative,” Ms. McClellan said. “We felt like the value to the patient was huge.”

N.Y.U.’s system, called PatientSecure and marketed by HT Systems of Tampa, has already scanned more than 250,000 patients. In the United States, over five million patients have had the scans, said Charles Yanak, a spokesman for Fujitsu Frontech North America, a division of Fujitsu, the Japanese company that developed the vein palm identification technology.

Yet, unless patients at N.Y.U. seem uncomfortable with the process, Ms. McClellan said, medical registration staff members don’t inform them that they can opt out of photos and scans.

“We don’t have formal consent,” Ms. McClellan said in a phone interview last Tuesday.

That raises red flags for privacy advocates. “If they are not informing patients it is optional,” said Joel Reidenberg, a professor at Fordham University Law School with an expertise in data privacy, “then effectively it is coerced consent.”

He noted that N.Y.U. medical center has had recent incidents in which computers or USB drives containing unencrypted patient data have been lost or stolen, suggesting that the center’s collection of biometric data might increase patients’ risk of identity theft.

Ms. McClellan responded that there was little chance of identity theft because the palm scan system turned the vein measurements into encrypted strings of binary numbers and stored them on an N.Y.U. server that is separate from the one with patients’ health records. Even if there were a breach, she added, the data would be useless to hackers because a unique key is needed to decode the number strings. As for patients’ photos, she said, they are attached to their medical records.

Still, Arthur Caplan, the director of the division of medical ethics at the N.Y.U. center, recommended that hospitals do a better job of explaining biometric ID systems to patients. He himself recently had an appointment at the N.Y.U. center, he recounted, and didn’t learn that the palm scan was optional until he hesitated and asked questions.

“It gave me pause,” Dr. Caplan said. “It would be useful to put up a sign saying ‘We are going to take biometric information which will help us track you through the system. If you don’t want to do this, please see’ ” an office manager.

Other institutions that use PatientSecure, however, have instituted opt-in programs for patients.

At the Duke University Health System, patients receive brochuresexplaining their options, said Eliana Owens, the health system’s director of patient revenue. The center also trains staff members at registration desks to read patients a script about the opt-in process for the palm scans, she said. (Duke does not take patients’ photos.)

“They say: ‘The enrollment is optional. If you choose not to participate, we will continue to ask you for your photo ID on subsequent visits,’ ” Ms. Owens said.

Consent or not, some leading identity experts see little value in palm scans for patients right now. If medical centers are going to use patients’ biometric data for their own institutional convenience, they argue, the centers should also enhance patient privacy — by, say, permitting lower-echelon medical personnel to look at a person’s medical record only if that patient is present and approves access by having a palm scanned.

Otherwise, “you are enabling another level of danger,” said Joseph Atick, a pioneer in biometric identity systems who consults for governments, “instead of using the technology to enable another level of privacy.”

At my request, N.Y.U. medical center has deleted my palm print.

.

E-mail: slipstream@nytimes.com.

Reproduced from The New York Times – Business Day Technology

Enhanced by Zemanta

Hackers Reveal 10 PC Security Mistakes We ALL Make


No one knows security mistakes better than hackers – because for them, tiny errors in security are the ‘keys’ that allow access to home PCs and office computer systems.

And hackers are clear about one thing. Computer users make mistakes all the time – and often the same ones, over and over again. Two hackers – one ‘ethical hacker’, who tests computer systems by attempting to break into them, and one ex-hacker who now works in security – lay bare the ten errors that crop up most often.

‘People are too trusting,’ says Tom Beale, who has worked as an ‘ethical hacker’ for 10 years, protecting corporate and government systems by finding weaknesses.

‘The human element is always the weak link in the chain. People are very easily distracted – and particular attackers prey on that.’

‘People are just getting more and more stupid,’ says Cal Leeming, an ex-hacker who was convicted for a cyber crime, but now works in computer security.

‘They want their stuff to be protected, but they expect someone else to do it for them. People don’t want to know. Even for companies, computer security isn’t a priority, because it’s not a primary source of income. It’s only once the company’s been hit that they realise, “Oh we should have paid more attention than that”.’

1. Don’t use the same username everywhere

‘People often upload photos of themselves to an online library, say,’ says Cal Leeming, a former hacker who works in security at Simplicity Media, ‘But they use a username they use on other sites. They don’t realise that people can use Google to connect them across all the different worlds they visit, and then work out a way in.’

2. Don’t trust public wi-fi

‘When you go on a public wi-fi network you have no way to determine whether it’s a real network run by a reputable company, or a fake run by a spotty guy next to you,’ says Tom Beale of Vigilante Bespoke. ‘The problem’s particularly bad on mobile, where you really can’t tell if you’re on a fake network set up to steal your data. If you’re going to use public networks for business, use a laptop, because the browser will warn you of security breaches – your phone won’t.’

3. Be careful about who you friend on Facebook

‘Facebook has been basically forced to implement privacy settings,’ says Cal. ‘But people still get it wrong. They randomly friend other people, not realising they are giving away information that could be useful in a cyber attack – for instance names of pets or family that might be a password or security question.’

4. Don’t trust people you don’t know

‘I always tell people to do an ‘offline test’ – ie would you do the same thing if you were offline? So for instance, if you’re chatting to someone online, and you tell them some information, would you give that information to someone you’d just met in a bar?,’ says Tom. ‘Online, you’re even LESS safe – because you may not be talking to who you think you are. People just seem to lose all concept of reality when they’re on a PC.’

5. Use two-factor passwords when you can

‘People resist this except when they’re made to do it – like by their bank,’ says Tom. ‘But it does add that extra layer. It does offer protection. People accept that their bank will use tokens or keycard readers, but when other sites add it, people resist it – they just want quick access.’

6. Don’t re-use your email password

‘This isn’t going to be a problem that goes away any time soon,’ says Cal. ‘People don’t realise what are the risks of using the same password. If you reuse your email password, you’re handing out the keys to be hacked and breached – giving hackers access to the information they’ll need to hack your bank account and other networks you use. People use simple passwords for convenience – memorising too many is just a pain.’

7. Don’t be fooled by ‘cries for help’

‘Some of the most effective attacks are “cries for help” from friends – sent by email from a compromised machine. It’s incredible how many people respond to that,’ says Tom. ‘If it’s someone who travels a lot, and their email is hacked, it’s more convincing when you get an email saying that they are stranded abroad, and need money. They target people with a scattergun approach, but when they find someone who IS abroad a lot, it’s very effective.’

8. Use antivirus software

‘I can’t see any reason why you wouldn’t run AV software,’ says Tom. ‘It’s not a Holy Grail, but it helps you to deal with most known problems. Browsing without it is like driving without a seatbelt. It’s your first layer of defence, whether you’re using PC, Mac or Android.’

9. Remember that funny videos can be very unfunny

‘Facebook’s system doesn’t filter for malicious links, so they can be very dangerous. Often a ‘video’ link will try to fool people into visiting an infected site or downloading something in the guise of video software or fake antivirus software. Your only defence is to think, ‘Would my friend really post that?’ so be careful about people you only half-know. Facebook and Twitter need to inform users better.’

10. Set everything to auto update

‘Attackers will be actively looking for vulnerabilities – not just in your operating system, but in your browser, in plug-ins such as Flash and Java. Be sure that all of those are up to date,’ says Tom. ‘If you don’t, you are leaving security holes. Most updates don’t add functions, they just fix holes, and if you don’t get them, you still have the holes.’

.

Reproduced from Yahoo! News – Thu, Sep 13, 2012

 

Skimmers can skin you …


My nephew Dilip Vazirani living in Colombo, Sri Lanka, alerted me through an email to be aware of ATM skimmers installed in ATM booths. He says,

Friends,
I received this mail from a friend in India. I do not know if this is being done here. Nevertheless, be alert – if its not here (wherever in the world you are) already, it could well arrive soon.

Best to all.
Dilip

So, I surfed the net and oh my my … lots of information on ATM scamming and skimmers. I am writing this for people who are duds like me living in a cocoon.

Nowadays, the crooks are getting wiser and wiser. They can steal our credit or debit card information without our knowledge by card skimming that has become increasingly common in the past few years. In essence skimmers – the electronic equipment and those who plant them are indeed a serious security threat to users of credit or debit cards at ATMs, gas pumps, credit card readers, etc.

ATM Skimming is an illegal activity that involves the installaltion of a device, usually undetectable by ATM users. The skimmer secretly records bank account data when a customer inserts an ATM card into the machine. Criminals can then encode the stolen data onto a blank card and use it to ransack the customer’s bank account.

Credit card skimmers are devices that crooks place over the actual card readers on an ATM or credit card terminal. The skimmers look like real card readers and their appearance range from mediocre to sophisticated equipment that are indistinguishable from an actual ATM equipment. When customers insert their ATM card into the phony reader, their account info is swiped and stored on an attached cell phone or laptop or sent wirelessly to the crooks lurking nearby.

There are variety of equipment used for skimming:

  • Phony card reader that swipe the account info.
  • False keypad placed over the actual keypad to harvest the PIN numbers being typed.
  • Hard-to-detect pinhole cameras mounted overlooking  the keypad to peep and convey images of the personal information. that’s being entered such as PIN number.
Fig 1: SKIMMING Equipment (phony card reader) being installed on top of the existing atm bank card slot

FIG 2: The skimmer (PHONY CARD READER) as it appears installed over the normal ATM bank card slot.

FIG 3: The PIN reading camera being installed on the ATM is housed in an innocent looking leaflet holder.

FIG 4: The installed camera in the leaflet holder captures PINs by looking down on the keypad

The following are from the article “Taking a Trip to the ATM? Beware of ‘Skimmers’ ” posted by the FBI on their website.

How to Avoid being Skimmed

  • Inspect the ATM, gas pump, or credit card reader before using it…be suspicious if you see anything loose, crooked, or damaged, or if you notice scratches or adhesive/tape residue.
  • When entering your PIN, block the keypad with your other hand to prevent possible hidden cameras from recording your number.
  • If possible, use an ATM at an inside location (less access for criminals to install skimmers).
  • Be careful of ATM s in tourist areas…they are a popular target of skimmers.
  •  If your card isn’t returned after the transaction or after hitting “cancel,” immediately contact the financial institution that issued the card.

Add this anywhere

Enhanced by Zemanta

Back again to square one …


This is a sequel to the article “Big Brothers are watching you…” that I posted yesterday after installing Collusion the new Add-on for the Firefox browser.

Today morning I switched on my laptop, opened my Firebox browser and out of curiosity I checked Collusion and here is the screen image of what I saw:

So, even after I shut down and switched on the computer the following day, I find that the Big Brothers are still there stalking to watch my movements on the web.

Exasperated, I clicked the orange drop down tab “Firefox” at the top left-hand corner, and then clicked “Options”:

Now on the options page I clicked the ‘Privacy’ tab and I checked the box under Tracking – “Tell websites I do not want to be tracked” and then clicked “clear all current history” and cleared ‘Browsing & Download History’, ‘Cookies’,  ‘Cache’, and ‘Active Logins’.

ext I checked Collusion and I was elated.  This is what I saw – a clean slate.

Next I logged into WordPress Dashboard.

Then I entered the web page of “The Telegraph”

And here is the screen shot of Collusion while browsing ‘The Telegraph’.

Next I searched Google. After about googling 6 sites, I checked Collusion and was confounded.So, I was back again to square one.

Enhanced by Zemanta

Add this anywhere

Big Brothers are watching you…


You all know that there are many Big Brothers watching every click that we make, hoping to make a profit by trying to sell us something we browsed through or bought, as if we are going to buy more of the same.

Earlier today an experimental add-on for the Firefox browser called Collusion was introduced by Mozilla that shows how companies are tracking us as we surf the Web.

I installed a fresh copy of Firefox 7 today and then I installed this add-on. I was able to see all the uninvited third parties who are tracking my movements across the web.  Collusion show in real time, a spider-web of inter action between companies and other trackers.

I closed the Firefox browser and after some time I opened it. I was shocked to see a hive of trackers tracking my every move. Here is a screen shot of my Firefox screen:

I advise you to install this add-on for your Firefox browser.