Security

Always question the assertion that your privacy is protected

jesse — Mon, 30 Jun 2008 10:20:36 -0400

Last week my CBC radio column covered the recent introduction of a 3D imaging surveillance system used at the Kelowna BC airport to screen passengers. Using millimetre waves the system is able to penetrate clothing and create a vivid 3D model of the passenger without clothes on. Thus it is a far more thorough system then the existing setup which only scans for metal.

Part of the focus of the column was on the privacy implications of such a system, and at the time CATSA (the Canadian Air Transport Security Authority) was claiming it had the support of the federal privacy commissioner. I mentioned this in my column, but also expressed skepticism that the current steps being taken to protect passenger's privacy was not enough.

Turns out, the privacy commissioner does not support the pilot project, and does indeed have concerns with how passengers privacy might be violated. Here's a quote from the Globe and Mail:

"However, the privacy commissioner's office said yesterday it is concerned about the implications of the new system and it never told CATSA officials that the body-scanning technology meets Canadian privacy standards.

"At this very early stage we certainly don't know enough to endorse the project, so the suggestion that we endorsed it is perhaps a bit off," commission spokeswoman Anne-Marie Hayden said. "I think we're going to have to watch it closely and we're going to want to ensure that individuals' privacy rights are protected."

Thanks to Blair Campbell for alerting me to this. Goes to show that even when an organization says it is protecting your privacy you should still question that assertion, and try and think of unforeseen ways in your rights my be violated.

Child Pornography and Computer Hacking

jesse — Sun, 24 Feb 2008 16:38:12 -0500

This past week I was overwhelmed with responses from a number of media stories. A couple of Blackberry business articles, a couple of Facebook expert articles, an article about a Hong Kong sex scandal, as well as some TV and radio appearances, first about the bust of a child porn ring, and then about the bust of a Quebec based Hacker cell.

In general my policy is to respond to anyone who takes the time to get in touch with me. Yet I've now had to revise this policy to only reply to people who show respect rather than outright hostility. Something about the audience that reads the National Post that brings all sorts of trolls out from under the bridge.

The CBC audience on the other hand is a pleasure to interact with. Even when they strongly disagree with me I find CBC viewers and listeners to be intelligent and engaging. One particularly pleasant email I received was from a "middle-aged mother" who will remain nameless, but I suspect represents a typical Canadian, from an average family. For the sake of argument, let's call her Louise.

JS/Snz an example of what's wrong with computer security

jesse — Mon, 31 Dec 2007 16:19:52 -0500

Computer security is a field I've always been interested in, both as a journalist, researcher, and system administrator. However I'm also often quite critical of the industry as a whole, and the manner in which they communicate with their customers.

Today a particularly symbolic and silly episode is transpiring that illustrates why the trust and power we put into security and anti-virus software is often misplaced.

Users of the CA eTrust software are being alerted that they've been infected by the JS/SNZ.a virus whenever they surf a website that runs any one of a few common javascript libraries. This includes my own site, which is causing some of my readers to get alerts, one of whom emailed me about it.

The problem of course is that this is not a virus at all, rather a false positive. Most users however won't know that, and instead are being scared away from thousands if not millions of legitimate websites.

2007 was about cyber crime

jesse — Tue, 25 Dec 2007 09:40:53 -0500

In my latest article for cbcnews.ca I've taken a look back at 2007 as a profitable and successful year for cyber crime. Explicitly I take my analysis of the storm worm and draw out a thread that shows the larger socio-political implications of this emerging technology:

The organization of all this criminal activity manifests in the form of bot nets (see sidebar) such as the storm worm, networks of hijacked machines that allow criminals to engage in their activities without being traced or identified. The sophistication of these bot nets has increased so rapidly that many observers have begun speculating that we're witnessing the early stages of a new online arms race, a cyber cold-war in which new weapons and tactics are being developed and tested.

Who am I? Who is the Storm Worm?

jesse — Thu, 18 Oct 2007 00:00:00 -0400

Today's my birthday, I was born 3.3 decades ago, at around 6:10 in the morning. I've always enjoyed my birthdays. I tend to take the time to reflect on this day, remembering where I came from, while thinking about where I'm going.

On some levels identity is fluid, always changing, yet on the other hand there are constants that go through our lives as threads that bend but remain relatively the same.

The Perpetual Information War

jesse — Sat, 15 Sep 2007 00:00:00 -0400

I've done a number of CBC segments recently around computer security and information warfare. While trying not to be sensational, these are subject areas that I feel require more attention, certainly from the news media, but also from the public at large.

On the one hand they are fascinating unto themselves, and don't require any added emphasis to denote severity, yet at the same time, the phenomena generally flourishes due to the ignorance and fear of average computer users.

I got hit by a Polynomial Code Exploit!

jesse — Tue, 28 Nov 2006 00:00:00 -0500

When I got back from our mini-road trip to Chicago for American Thanksgiving I found that my windows workstation was infected with some kind of nasty malware. Initially from what I could see it was a type of rootkit that had taken over the machine and was using it to blast out spam to the world. From what I can tell neither the anti-virus nor anti-spyware software could detect it.

Chatting with Lynne Russell about Defcon 2006

jesse — Tue, 08 Aug 2006 00:00:00 -0400

Lynne Russell is one of my favourite news personality and it was a great thrill to be able to chat on-air with her about the 2006 Defcon conference. You might remember Lynne from CNN Headline News, she's now working for CBC Newsworld. In this segment we talk about hacking the blackberry as well as RFID vulnerabilities.