Behavior Tracking, Censorship, and Paranoia
The current infosec news is buzzing with a few major stories and topics that all deal with user behavior tracking, both online and on mobile networks. We’ve talked a bit about Carrier IQ, the company that has a low-level agent installed on many mobile devices such as Blackberries and Droid devices (possibly Apple, too). Well, a few more interesting events are happening around this story, namely the FBI’s refusal to grant Michael Morisy a Freedom of Information Act (FOIA) request for "manuals, documents or other written guidance used to access or analyze data gathered by programs developed or deployed by Carrier IQ." There’s a lot of speculation here - is the FBI using Carrier IQ for monitoring? Is this related to an ongoing investigation by the FBI? Both? Neither? This one certainly raises suspicion about the FBI’s motives, and given the controversy around Carrier IQ and what they’ve been up to, it’s highly likely that security professionals will be watching this one closely. More details can be found at Slashdot.
Speaking of security professionals (this time with an added dose of paranoia), Threatpost reports that a group of well-known security and Internet technology pioneers have written a letter to Congress criticizing the Stop Online Piracy Act (SOPA) and the Protect IP Act (PIPA), both currently under review. These two acts have raised the ire of security folks as they seek to implement censorship and monitoring capabilities by the US government, neither of which are endearing in the least. The letter can be found here at the EFF’s site, and the full story is available at the Threatpost site.
I, for one, will be keeping a close eye on these stories in the near future, and I suspect many other infosec professionals will, too.
More interesting stories for the week:
- Brian Krebs posted an interesting story that describes the site youhavedownloaded.com, where users’ IP addresses are posted when they’ve been downloading content from P2P networks. Naughty? Nice? You decide.
Story here: http://krebsonsecurity.com/2011/12/who-knows-what-youhavedownloaded-com/ - In keeping with one of IANS’ major research themes for 2011 and 2012, DarkReading has a great article on exactly what kinds of data gets left behind on mobile devices when they’re discarded. Account credentials, contacts, calendars, you name it. Ouch! Full story here:
http://www.darkreading.com/mobile-security/167901113/security/news/232300628/old-smartphones-leave-tons-of-data-for-digital-dumpster-divers.html - Given the numerous issues we’ve seen with HTTPS, SSL/TLS, etc. over the past several years, it’s no wonder that smart people have gone to work to try and fix the issues. Enter the EFF’s “Sovereign Keys Project”, a new way of assigning domain names with public keys. Check out their site for more info on this project.
Archives
- March 2012 (2)
- February 2012 (2)
- January 2012 (3)
- December 2011 (5)
- October 2011 (1)
- September 2011 (1)
- August 2011 (4)
- July 2011 (4)
- June 2011 (5)
- May 2011 (7)
- April 2011 (4)
- March 2011 (4)
Next Event
Space is limited, reserve your spot today