I smell a RAT

News, Security
Yesterday, Vanity Fair published an exclusive on operation Shady RAT (remote access tool), which was a high-level hacking campaign that lasted over 5 years, compromising over 70 name brand victims in over 13 countries. For the techies reading this, McAfee has published a 14-page report [pdf] on the hack. Canadian government agencies were targeted multiple times between 2009 and 2010, 4 in total, with the Canadian hosted World Anti-Doping agency having been compromised for 14 months. F-secure has published a few examples of what the targeted emails look like. Operation Shady RAT has been described as the "biggest transer of … intellectual property in history.", one that could pose a serious economic threat on a global scale. It is suggested it was the work of one specific operation conducted by a single actor/group.…
Read More

Canadian judge rules in favour of pseudo-anonymous website commenters/bloggers

News, Privacy
An article came out today on canada.com.details how some good precedence for freedom of speech and anonymity online was just made in Ontario: "The public interest favouring disclosure [of the bloggers' names] clearly does not outweigh the legitimate interests in freedom of expression and the right to privacy of the persons sought to be identified," Judge Brown wrote, noting the three anonymous defendants, who chose to make comments on the site using pseudonyms, had "a reasonable expectation of anonymity."  - Judge Carol Brown, Ontario superior court Former Aurora mayor Phyllis Morris will appear her $6M defamation action suit. The appeal is sure to set some precedence in Canada, so that is one we'll pay attention to!  
Read More

Internet security just dropped a notch

News
I just read a tweet from Meredith L Patterson stating that Len Sassaman has committed suicide. I don't know why, but at first I thought it only a silly internet joke, as he was a happy kinda guy, at least public facing. Unfortunately, a punch line didn't come and reading more of her stream made me realize it is serious. Len was a pioneer in information security, privacy and anonymity, I know because I was fortunate enough to be there and work with him on a few projects. Mind you, I was only using pseudonyms only at the time, and I'm comfortable with that. Also, I was not near the technical calibre he was, I looked up to him. I remember one phone call we had when he got a job working…
Read More

I’m showing your MAC with my Apple

News, Privacy
News broke yesterday that iPhones have been keeping user's travel patterns in both the iPhone, as well as the computer it is being backed up to. Thanks to Alasdair Allan (alasdair@babilim.co.uk @aallan) and Pete Warden (pete@petewarden.com @petewarden) for releasing this finding, they even released an open source app that can demonstrate these maps called the iPhone Tracker. Last night at Ideas - Victoria, my good friend Kevin McArthur (@kevinsmcarthur) started looking at the files that the iPhone left. We quickly realized that not only was his travel logged and can be mapped, we started seeing some other interesting tables. After a little more digging, we realized that his iPhone was also logging MAC addresses with latitude and longitude! This is what Google Streetview took all of the heat for in regards to privacy in many…
Read More

Update on usage based billing (UBB)

News
This image is getting a lot of attention. Today Michael Geist has released an article on Unpacking The Policy Issues Behind Bandwidth Caps & Usage Based Billing. My MP has told me she opposes gouging consumers through usage-based billing. The liberal party is against UBB. Tony Clement, the industry minister has stated he is also reviewing the decision. The prime minister's office has just said they've requested a review of the CRTC's decision. With 250,000 Canadians having signed the sign the meter campaign, it looks likely the CRTC decision will be overturned. The big question now is strategy; I hope my friends Steve Anderson and Rocky from Teksavvy have a next steps strategy that such a powerful momentum can put us into an internet landscape that has the world's respect, as right…
Read More

Canadian petition against usage based billing

News, Technology
As of writing this, I am one of over 180,000 Canadians that have signed the stop the meter campaign against usage based billing. There are several challenges with usage based billing, the main two to me being the immediate killing of all internet service provider (ISP) competition where very little exists already, as well as the stifling of innovation in the digital media space. Not to mention, internet fees will go up for all of us. You can read TekSavvy's statement on the issue (this forces them to limit customers who were at 200GB/month limits to only 25GB/month limit!), or the open letter against UBB for more information. There's also an info-graphic examining some of the costs. A few minutes ago, Shaw posted their data usage webpage. What's most worthy of…
Read More

30M accounts compromised at plentyoffish.com

News
All kinds of breaking drama around the compromising of plentyoffish.com (POF), which includes the usernames and passwords for around 30 million people! Chris Russo, a security researcher contacted POF making them aware of the SQL injection exploit he claims to have discovered on their website. Marcus Frind, the founder of POF is accusing Chris of extortion as well as harassing his wife. Read the full story at Grumo media. What you can do if you're a plentyoffish.com user: Change your password immediately. Start a process of using different passwords for different websites. For example, if you use the same username and password for POF as another popular website, you can consider that account compromised now as well.
Read More

Why would Facebook turn your actions into an ad?

News
Because they can. On Monday, Facebook released a video that shows how their new sponsored stories program works. Now when you update a page, like, check-in or interact with an application and mention a customer who has paid for this service, it will appear in your newsfeed as per normal, as well as in the right hand advertisement column. Facebook has said that this advertisement you have provided them will only appear to those who you've authorized in your privacy settings. If you're doing any of these things you should be aware of this as Facebook is not a volunteer organization, they make money by selling the information you willingly provide them. If you do not want to participate in this program, the recommended steps are: Don't use @ to…
Read More