never-ever-****-with-my.net

Wired published an interesting article on Narus' deep packet-inspection technology said to be the basis of the NSA's internet surveillance:

"Narus' product, the Semantic Traffic Analyzer, is a software application that runs on standard IBM or Dell servers using the Linux operating system. It's renowned within certain circles for its ability to inspect traffic in real time on high-bandwidth pipes, identifying packets of interest as they race by at up to 10 gigabits per second.

Internet companies can install the analyzers at every entrance and exit point of their networks, at their "cores" or centers, or both. The analyzers communicate with centralized "logic servers" running specialized applications. The combination can keep track of, analyze and record nearly every form of internet communication, whether e-mail, instant message, video streams or VOIP phone calls that cross the network.

Brasil Telecom and several other Brazilian phone companies are using Narus products to charge each other for VOIP calls they send over one another's IP networks. Internet companies in China and the Middle East use them to block VOIP calls altogether."

The Guardian published an interesting article where their reporter investigated how much information an identity fraudster could get about you from a simple airline stub, picked out of a bin near Heathrow:

"We logged on to the BA website, bought a ticket in Broer's name and then, using the frequent flyer number on his boarding pass stub, without typing in a password, were given full access to all his personal details - including his passport number, the date it expired, his nationality (he is Dutch, living in the UK) and his date of birth. The system even allowed us to change the information.

Using this information and surfing publicly available databases, we were able - within 15 minutes - to find out where Broer lived, who lived there with him, where he worked, which universities he had attended and even how much his house was worth when he bought it two years ago. (This was particularly easy given his unusual name, but it would have been possible even if his name had been John Smith. We now had his date of birth and passport number, so we would have known exactly which John Smith.)"

Actually, as outlined in comments on Bruce Schneier's posting about this article, you could practice using Google Images.

FlexiSpy sells a monitoring application that records the activity of Symbian OS-based mobile phones (incoming/outgoing SMS as well as call history).

According to PC Inpact (in French), the publisher works on PocketPC and Blackberry ports of the application, and on a professional version that would record conversations.

Well, I now love my vintage Nokia phone even more.

As reported by Computerworld, three regional banks in the US were hacked in new spoofing attack:

"Earlier this month, attackers were able to hack servers run by the Internet service provider (ISP) that hosted the three banks' Web sites.  They then redirected traffic from the legitimate Web sites to a bogus server, designed to resemble the banking sites, according to Bob Breeden, special agent supervisor with the Florida Department of Law Enforcement's Computer Crime Center.

Users were then asked to enter credit card numbers, PINs (Personal Identification Numbers) and other types of sensitive information, he said.

According to Breeden, the affected banks are Premier Bank, Wakulla Bank, and Capital City Bank, all small regional banks based in Florida."

Computerworld reports on a press briefing at the CeBIT trade show in Hanover, Germany, where Viviane Reding, European commissioner for information society and media, declared that:

"RFID is very important to businesses and it is very important to citizens, but it also raises concerns about trust. (...) Citizens have to be sure they are in control of their data, and to have this control we must have worldwide legal certainty."

The bottom-line is the EC will consider revising the existing directive on e-privacy if new threats to EU citizens' privacy are identified.

As reported by Computerworld, the FTC settled with CardSystems over last summer's data breach, which may have exposed 40M credit cards.

CardSystems must adopt security measures, undergo independent audits for the next 20 years. It still faces potential liability for millions of dollars in private lawsuits for losses.

As reported by Computerworld, Gartner warns the latest version of Google Desktop poses security risks, as Google's servers may store an index of the files contained on the workstation where it is installed.

The workaround is to install the enterprise version, which lets IT administrators decide which features should be enabled or not (using GPOs).

Likewise, an enterprise version exists for the latest version of Google Toolbar (still in beta), and lets IT admins deactivate sensitive functions (i.e. PageRank display or AutoFill).