I frequently reject comments that I consider to be spam or gratuitous advertising. In fact, between us, me and Akismet have denied around 20,000 comments – and counting. But Akismet missed this one – correctly, I suppose, because it’s not spam. It’s advertising. Now my arbitrary policy on gratuitous advertising is to ask myself, will it be of use to the reader? If it will, then I allow it. If not, I deny it.
But this one? Well, I suppose it might be of help to some readers…
security audit of your website(s) HACKING OF WEBSITES & Hacking Accounts which include facebook,twitter this is pretty easy,myspace,skype,and email ids.I require either a Name, Friend ID, or E-mail address of the targets account(s). I have the help of a current 0-Day Exploit that allows me to gain remote access to the website servers and from there I find the password which is usually in an MD5 hash, from that I must decrypt to get the real password. The entire process takes about 30 minutes-1 hour to complete. All passwords are tested out 3 times before they get issued to any clients.I also rip Standards from websites.I accept payment through LR (Liberty Reserve) Only.I hardly ever USE WESTERN UNION!
YOU CAN REACH ME ON :email@example.com (SEND ME AN IM THROUGH Y! MESSENGER OR MAIL)i also sell bank logins and credit cards
for your daily hacking problems AND ALSO coperate problems contact firstname.lastname@example.org
Twitter’s announcement that it will start censoring tweets where required by the law of the country concerned has upset many people. It is, however, difficult to know what else the company can do: the law is the law; and surely some twitter is better than no Twitter at all.
But maybe Twitter is better than we thought: The Next Web has pointed out that its own help files explain how to circumvent the censorship. Tweets will be censored on a country basis. Twitter understands the user’s country by the user’s IP address. But since this isn’t foolproof, especially on mobile devices, Twitter allows the user to manually change his or her country settings via a simple drop-down box.
The implication is that if you start finding ‘Withheld’ tweets in your timeline, simply telling Twitter that you are really in a different country with a less censorious regime will reveal them. It is, according to The Next Web, as simple as that.
What happens next will be telling. If this is just a loop-hole, we can expect Twitter to try to close it. But it’s difficult to imagine that Twitter doesn’t know its own system, and even more difficult to see what it can do about it. Purely relying on IP addresses will leave open the possibility of censoring tweets in or from countries that believe in freedom of expression.
The EU and the UK cannot have signed ACTA: neither the BBC nor the Europa press service know anything about it
Isn’t it strange that the BBC reports that “Thousands of protesters have taken to Poland’s streets over the signing of an international treaty activists say amounts to internet censorship”? And then goes on to say that “Poland was one of several European Union countries, including Finland, France, Ireland, Italy, Portugal, Romania and Greece, to sign the treaty on Thursday but it appeared to be the only place where it caused protest.”
Very strange since the BBC is probably the UK’s leading news service and certainly the UK’s national news service paid for by the UK people – and it omits to mention that the UK also signed this document at the same time in the same place in Tokyo.
Isn’t it strange that the EU’s news service says nothing about it also signing the ACTA agreement at the same time in the same place in Tokyo?
And that neither news service seems to be aware that Kader Arif, the appointed rapporteur for ACTA in the European Parliament, has resigned in protest, saying he will not take part in this masquerade?
Conspiracy of silence? Too damn right.
And finally the BBC catches up – 24 hours after the news breaks. The BBC is supposed to let the cat out of the bag, not chase after it when it escapes.
You have to look long and hard, but eventually you find it. There, on page 51 of ‘Building on our inheritance – Genomic technology in healthcare’ is the one and only mention of the national whole genome sequence database. From the beginning you know it must exist. The report talks throughout about the benefits that will accrue to mankind from the widespread use whole genome sequence research; but it only makes sense if the data is complete and freely available. But not until page 51, and only on page 51, is the national genome database mentioned.
This would not necessarily require data stored locally: patient sequence data could be stored securely in a national database, making it accessible to the centres but also to the patient’s physician or GP.
let’s be clear: this is a national DNA database. But it’s OK, because this is for health rather than law enforcement. And it will, yeah right, only be available to health officials, and health researchers, and pharmaceutical companies and academics and probably anyone who pays for it – internationally. The report makes very clear that if national research is good, international research is very much better.
It is, in effect, a national DNA database writ large. It has all the worst elements of the police DNA database combined with the NHS central records database and will undoubtedly cost a great deal more than both and be more dangerous and insecure than either.
And for what? “Government should not be duped by hype about genomics: some useful applications will exist but most diseases in most people and many adverse drug reactions are not predictable from people’s genes,” said Dr Helen Wallace, Director of GeneWatch UK. “Storing personal genomes for no reason would lead to a massive marketing scam, based on selling drugs to healthy people who are told they are at risk of getting diseases in the future.”
My concern is that government is quite relaxed about a new national DNA database from which it will gain all the benefits with none of the blame; that, in effect, a national genome database is already a conspiracy between government and the pharmaceutical companies in just the way that ACTA and DEA and SOPA and PIPA and others are a conspiracy between governments and the entertainment industry.
The news stories written for Infosecurity Magazine last week are:
- Law Society tougher than the ICO on Andrew Crossley
- Mixed but depressing findings in European corporate governance recruitment
- Ransomware pretending to be law enforcement
- Olympic security dossier left on London train
- Voice biometrics will be the authentication of choice, says Opus Research
- SP Toolkit illustrates the dangers inherent in many security audit tools
- HMRC’s failure to recruit security staff shows education must change
- Ten years of Microsoft’s Trustworthy Computing initiative: Has it delivered?
- A road-map towards meaningful security data sharing
- Research by Sophos reveals the gang behind Koobface
- Children’s online games used to distribute malware
- AXA global insurance company adopts data analytics to reduce fraud
- Health Software firm develops Android app while NHS warns on tablet security
- New version of Sykipot malware targets DoD smart cards
- How DarkCoderSC reveals SFX files methodology
There is a new jailbreak for the Apple 4S called Absinthe (a strong alcoholic drink prepared from wormwood and largely banned for its toxicity). I have written about this for Infosecurity Magazine here.
But what I want to consider now is perhaps more philosophic: is a jailbroken iPhone basically an Android? Opinions vary.
David Harley, the independent researcher behind the Mac Virus website, thinks ‘not really’. Jailbreaking alters the Apple’s kernel. If this is done you would get no further support from Apple. As a result, software that really requires co-operation between the developer of the software and the developer of the hardware would be at a disadvantage. Anti-virus software running on a jailbroken Apple, for example, would suffer. “So no,” he says, “jailbreaking isn’t precisely analogous to an unrooted Android: while most Android AV is pretty patchy in performance, you can get AV that could be described as commercial standard.”
But yes, thinks Luis Corrons of PandaLabs. “At the end of the day, the main difference between both platforms is that Android gives me, as a user, the option to decide what applications I want to install.” Confirming his view, Luis has a jailbroken iPad 1 and used to use a jailbroken iPhone 3GS (which he has now replaced with an Android Galaxy SII).
Kaspersky’s David Emm has a similar view. “It’s the commercial models taken by Apple and Google that are different.” The result of these commercial differences is that a jailbroken Apple has access to hundred of thousands of secure apps plus a few hundred unknown apps from Cydia Store. Android users have access to hundreds of thousands of unknown apps. The inference I draw, unstated by David, is that a jailbroken iPhone remains more secure, albeit more restricted, than an Android.
So what can we conclude? Not a lot really. If you jailbreak an iPhone you can technically gain the freedom inherent in an Android – but since most users will still be limited to third-party apps, you don’t gain many more. And you lose the security of the iPhone. In the final analysis, you simply pay your money and take your choice: Apple if you want security; Android if you want freedom. Jailbreaking seems to give you neither.
Absinthe download (unchecked, unverified)
Should staff, not the taxpayer, pay fines for public sector data breaches? This is a question posed by UKauthorITy, a publisher of IT related news for the local sector. It quotes the TaxPayer’s Alliance:
Of course people in these situations should be held personally liable as if the council is fined, then that fine is paid for out of the local council taxes. It essence it is a double tax – once for collecting/storing the data and again for losing it.
Should staff, not the taxpayer, pay fines for public sector data breaches?
Grant Taylor, UK VP of CryptZone is agin the idea of fining the staff rather than the organization, and puts forward a strong case. “If the penalties are applied to nominated senior managers in the relevant NHS trust, council or other government agency – as is the case with corporate responsibility, for example within transportation authorities – then the public sector could be forced into building liability insurance remuneration into management salaries, as has been required by medical professionals for some time,” he argues. This will simply have the effect of “moving the cost of data breach penalties across the government spreadsheet – with the taxpayer continuing to foot the bill.”
Grant believes that education and open discussion is the solution. “But to reduce the argument to individual ICO penalties within the workforce would only result in the departure of the most talented member of staff – who will be streamed off into the private sector – with predictable results. This is what makes this argument something of a non-starter in our opinion,” he concludes.
I sort of agree; but I don’t think education will ever be enough to protect our data. The bottom line is the current arrangements just are not working. Personal data continues to be lost, councils are fined, and the ‘double tax’ described by the TaxPayer’s Alliance is a reality. But potential remedies exist, and always have existed, without any action from the ICO. It is the concept of responsibility – when things go wrong, there is always someone at fault.
Consider this. Organizations will have procedures that are part of the security policy and part of the employment contract. If these procedures are followed, then data will not be lost. If they are followed and data is still lost, then the author of the procedures is responsible because he or she simply didn’t do the job properly. If the procedures are not followed and data is lost, then the person who loses the data is responsible because he or she didn’t follow procedures. Because the procedures are part of the employment contract, failure to follow them is a disciplinary offence. It’s not a case of the ICO fining individual staff, it’s a case of the organization sacking staff who haven’t done their job.
The advantage of this simple approach is that it doesn’t frighten off good staff (good staff will always be confident in their own abilities), but it does weed out poor staff. And it doesn’t cost the taxpayer an additional penny.
There are even in-built safeguards in this approach. Organizations always have bullies. Middle managers at fault will generally blame their staff. But that’s why we have employment protection laws and tribunals. If a scapegoat is selected and sacked to protect a manager, that scapegoat has recourse to the law. So we don’t need to fine individual staff or the organization. We don’t even need the ICO. We just need to do what we always could do: in the event of a data breach, the person responsible should automatically be sacked.