Gen Y workers OK with flouting cloud, byod policies

IT World Canada has an interesting article on an issue a lot of my customers have been asking about lately:

Corporate IT administrators may have more to worry about than just the wave of smart watches, Google glasses and other wearable computing devices that could flood the enterprise soon. A recent survey of indicates that more than half of Generation Y workers are prepared to contravene corporate bring your own device and cloud computing policies if it cramps their personal and professional computing and social networking activity.

Ransom hackers encrypt medical centre's entire database

An Australian medical centre is reported to be considering paying a ransom demand of $4,000 AUD (US$4215) after blackmailers broke into the organisation’s servers and encrypted its entire patient database.

 If crime doesn't pay, why is this clinic considering making it profitable? Paying ransom only perpetuates the problem. Instead they should be spending the money on securing their systems. The clinic should be asking themselves:

1. Why should I make this crime profitable for the attacker? 
2. How do I know they will provide the password and instructions for decrypting the data? 
3. How do I know that if I decrypt the database, the data hasn't been tampered with? 
4.  If I pay the ransom, what is to stop them from increasing the demand lest they publish the data online?
5. What is a better plan for securing the systems and moving on? 

They already lost once. If they don't bite the bullet and move on, they risk losing again and again. They would also be giving the attackers valuable incentives for attacking more sites.

Communication costs in Canada about to skyrocket

Warrantless spying is about to cause Canada's already too high price of communications to skyrocket. Thanks Stephen Harper. Now even the police are getting greedy.

FBI turns off 3,000 GPS trackers after Supreme Court ruling

Andrew Weissmann, general counsel for the FBI, has announced that his agency is switching off thousands of Global Positioning System-based tracking devices used for surveillance after a Supreme Court decision last month. Weissmann made the statement during a University of San Francisco School of Law symposium on communications privacy this past Friday.

Europe Bans X-Ray Body Scanners Used at U.S. Airports

The European Union on Monday prohibited the use of X-ray body scanners in European airports, parting ways with the U.S. Transportation Security Administration, which has deployed hundreds of the scanners as a way to screen millions of airline passengers for explosives hidden under clothing.

The European Commission, which enforces common policies of the EU's 27 member countries, adopted the rule “in order not to risk jeopardizing citizens’ health and safety.”

Scientists Can Use WiFi to Count Your Breaths and Spy on You

Wireless networks which measure received signal strength (RSS) can be used to reliably detect human breathing and estimate the breathing rate, an application we call "BreathTaking". Although an individual link cannot reliably detect breathing, the collective spectral content of a network of devices reliably indicates the presence and rate of breathing.

Check out The INTRUDER Daily

The INTRUDER Daily is a newspaper style aggregation of information security news. Check it out!

Quantum Cryptography Not All It's CRACKED Up To Be.

This story is an easy-to-read easy-to-understand description of a flaw in quantum cryptography that allows an observer to determine the quantum key. Until now, this was theoretically impossible. If my 20 years in information security has taught me one thing, it is that hackers love impossibilities.

Nexus S Android Sniffs and Emulates RFID tags

The Nexus S Android phone is capable of reading and emulating RFID. An application called Farebot demonstrates how the phone could be used to emulate RFID fare cards. This apparently could make it cheaper and more convenient for transit riders. However, the software's author also points out how many of these cards keep records trip information in clear-text. This creates a bit of a privacy issue since it is so easy for this software to read cards from people who merely happen to walk close enough to you.

Currently FareBot can parse and display balance and trip history information from Seattle’s ORCA card, and can dump raw data from any other MIFARE DESFire card including San Francisco’s Clipper card. FareBot is open-source and designed to be flexible so that hopefully other developers will add support for other types of cards.

Blackberry Encryption Cracked

Elcomsoft, the overseas infosec group who seem to be able to break into just about everything, have now cracked the Blackberry encryption mechanism.

It seems like only yesterday when certain freedom-free countries were complaining that they couldn't read Blackberry messages sent by their own hostile population.

Personal Information is Big Business Now

The personal information aggregation industry has grown to the point that companies have sprout up specializing in each aspect of collecting and selling everything they know about you. This goes a lot deeper than simply tracking what web pages you visit, as these companies also monitor what you look at on a web page, mouse movements, your age and sex demographics, and so on.

And you thought Facebook was starting to look intrusive...