This makes a good case for why it concerns me that we seem to be willing to automate all kinds of things that can really impact us without including real security.

‘War Texting’ Attack Hacks Car Alarm System – Dark Reading

Last week I did an interview on a San Diego news program about issues with many cameras and smart phones in particular embedding very accurate location information in your pictures. If your camera (smart phone or whatever) has GPS, then the EXIF meta data in the picture will contain your location to within about 20 feet. This can be disabled, but is typically on by default.

While this can be useful when you are trying to sort and organize the pictures on your computer, the risk shows up when you start to share the pictures. By combining date and time information in the pictures I can tell if they are recent. If you are on vacation and posting on the road, an attacker can tell that you are away from home and your home probably unguarded. Pictures of your home and family can provide the exact location of your house as well.

The good news is that major sites for sharing pictures like Facebook and Flickr seem to strip out that information from the photos. It is unclear if that is intentional or just a byproduct of how they are processing and displaying the images. In any case, the data is certainly available to the sites themselves.

I strongly encourage everyone to download an EXIF editor to be able to strip this information from pictures before uploading, and to turn off location tracking in their cameras and mobile phone photo applications to prevent the capture of that information in the first place.

US Apologizes to Billionaire Added to Terror No-fly List – ABC News

It looks like there is a process for dealing with inaccurate No-Fly List information after all. You just need to become a billionaire and develop some very high level political connections.

Schneier on Security: Disabling Cars by Remote Control

This is just too good. It is a great example of where giving others power over your security, which they then centralize in a single place, leads to compromise with nasty failure modes.

In this case, a disgruntled former employee uses a system to disable over 1000 vehicles.

In this article “I don’t bleepin’ believe it” ComputerWorld reports on a UK insurer raising rates on social network users. The reason points back to something I have been talking about for some time. People post travel information to their social network sites. They say when they will be away from home, and for how long. This is perfect fodder for thieves, who can typically also collect enough information about the posters to identify them and find where they live.

This is why I don’t blog, Twitter, or otherwise post about conferences I am going to, even though it would be great to use social networks to connect with folks at the conference or in the conference city.