May 13th, 2008 by Lance Cottrell
New Sites Make It Easier To Spy on Your Friends - WSJ.com This article does not break any new ground, but does a nice job of listing and discussing a number of tools one can use to gather information on people. They pull from on-line information sources as well as public records for things like criminal history. For employers, it would be a good place to start before hiring someone to do a full background check.The big take away at the end is that you need to make sure you reduce your Internet footprint, specifically by taking care to check the privacy box on many sites, and to simply provide no or false information to others. For example, although I would never provide a wrong age to gain access to a restricted website, I almost never provide my correct birthday because to many other sites (like banks) use that as part of your identity verification.
- Lance Cottrell
May 11th, 2008 by Lance Cottrell
China won’t guarantee Web freedom over OlympicsHere is an interesting article on Internet censorship during the Olympics. Fortunately for visitors, it is easy to set up secure communication links back to the US before going over. VPN links back to a corporate headquarters outside of China can be a very effective conduit around the censorship. While Anonymizer’s commercial solutions are blocked in China, our censorship circumvention technologies are very effective within the country.
- Lance Cottrell
May 1st, 2008 by Lance Cottrell
I have some exciting news to announce today. Anonymizer is in the process of being merged with Abraxas <www.abraxascorp.com>. I initially started talking with Abraxas about a possible partnership but synergies between the companies were so clear the conversation quickly went from discussions of teaming to discussions of acquisition. Abraxas is a very well respected risk mitigation company with many unique technologies and capabilities. This combination will enable Anonymizer to significantly enhance and broaden its offerings. I am excited by the prospect of rolling out these new capabilities to our users over the next months and years. This is the start of a new and exciting phase for Anonymizer.Anonymizer will continue to operate independently under the existing management team (including me) as an independent subsidiary of Abraxas. In addition, I am thrilled to be taking a very visible leadership position in Abraxas as their Chief Scientist. This change will have no negative impact on the level of privacy we provide to our users. My personal reputation is and has been closely linked to the ethical behavior and trustworthiness of Anonymizer. Nothing will happen to compromise that integrity.
- Lance Cottrell
April 20th, 2008 by Lance Cottrell
CNN to go dark 19 April 2008 1200 GMT according to Chinese Hackers | IntelFusionIn case anyone thinks cyber warfare is a myth, this is more evidence of its reality. It appears that a non-governmental group of Chinese hackers were planning to take down CNN as a protest against their perceived western bias in coverage of Chinese issues. Evidently news of the plans spread too far, and it was called off.
- Lance Cottrell
April 6th, 2008 by Lance Cottrell
This article discusses the risk from “deep packet inspection” by ISPs. The article states that at least 100,000 people in the US are being tracked with this technology right now. If true, the impact of this could be huge. Whereas a website can only track you when you are actually visiting that site, your ISP can see all of your activity on any website or other service you use. The idea is that the information collected could be sold to advertisers to better target marketing messages to you. If you had been looking at car sites, you might see more car ads next time you visit an advertising supported website like CNN.com.This is certainly not the realm of science fiction. The Chinese government is already using this technology on a massive scale as part of their national censorship infrastructure. They use it to detect forbidden words and phrases, “Tibet” being at the top of that list right now.Most of us assume that the bad guys are “out there” on the net, and assume that our ISPs are basically just passing our traffic along without looking at it. If they start this kind of inspection, it opens all kinds of additional risks. Once the equipment is there, a rogue sysadmin could tune it to watch for passwords, personal information, bank information, etc. It opens a whole new set of vulnerabilities.Anonymizer’s Total Net Shield, and Private Surfing (with full time SSL enabled) provide significant protection against this threat. Both allow you to tunnel your traffic to Anonymizer without the ISP being able to inspect it, other than to see that it is going to Anonymizer.It is shocking to me that this kind of thing should be possible without explicit user consent. Maybe we need a “truth in labeling” law for Internet service providers. A bottle of Napa Merlot can not be so labeled unless it is from Napa and made from merlot grapes. Similarly, it should not be called an “Internet Connection” if you can’t go everywhere (some ISPs are restricting certain perfectly legal protocols). If the ISP is going to spy on you, it should be in big red letters. Maybe I am OK with that, but I certainly have a right to know in advance.
- Lance Cottrell
March 31st, 2008 by Lance Cottrell
Security guide to customs-proofing your laptop | The Iconoclast - politics, law, and technology - CNET News.comDeclan writes a witty and informative piece on securing a laptop against legals searches without cause at border crossings.
- Lance Cottrell
March 24th, 2008 by Lance Cottrell
Yahoo and MSN helping to root out Tibetan rioters | The ObserversYahoo China posted pictures of “most wanted” Tibetan protestors on Yahoo! China’s home page. Cooperation with lawful process in a repressive country is bad enough, here they are actively collaborating. Yahoo!’s claim that this was done by Yahoo! China, not by the Yahoo! mother-ship, seems disingenuous at best.Active support of censorship and oppression is clearly unethical. If this is not clearly on the wrong side of the line, then what in the world is?
- Lance Cottrell
March 24th, 2008 by Lance Cottrell
Tool Physically Hacks Windows - Desktop Security News Analysis - Dark ReadingI am not sure how this has been true for years, yet has received so little attention. This article discusses the fact that Firewire connections enable direct read and write to a computer’s RAM. In many ways, this is even better than the RAM persistence I blogged about a while back. It appears to be easy to write a script that would run on an iPod or other Firewire device which will allow you to grab passwords from memory, bypass login screens, and gain access to the local drive. The amazing thing about the memory access is that it actually bypasses the CPU entirely. Normal security software will not pick this up at all.PCMCIA and Firewire are designed to work this way. It is a “feature” not a “bug”. Never the less, it is a huge security issue. If your computer is under the physical control of another person, you are in trouble. Hard drive encryption is the solution, but only if the computer is OFF. If it is on, then the password can be grabbed from memory. There is really no solution to that problem.There are two actions one can take. First, you can physically disable your Firewire capability if you need to leave your computer running unattended. Second, you can make sure you never leave your computer running unattended in an insecure location, and that the hard drive is encrypted securely. This second suggestion is the same solution as for the RAM persistence attack.
- Lance Cottrell
March 24th, 2008 by Lance Cottrell
Web Site Criticizing Quran Curbed - WSJ.comA Dutch lawmaker has a website promoting a short film critical of the Quran. It appears that the site and article are extreme and unreasonable, but what is really shocking is the policy of Network Solutions against ”objectionable material of any kind or nature.” Most of the interesting thought, literature, and art is objectionable to someone. This is clearly a license to remove anything they want. To me, it is a compelling reason to avoid using Network Solutions.
- Lance Cottrell
March 15th, 2008 by Lance Cottrell
David Brin Rebuts Schneier In Defense of a Transparent Society Here is David’s own rebuttal to the Schneier article on the Transparent Society I blogged about earlier.
- Lance Cottrell
