Security

Congrats to Bromium coming out of stealth mode!

john

“Streetinsider”:http://www.streetinsider.com/Press+Releases/Bromium+Pioneers+Micro-virtualization+Technology%3B+Secures+%2426.5M+Series+B+Funding/7531426.html … “GigaOM”:http://gigaom.com/cloud/how-bromium-lets-bad-guys-in-and-still-keeps-data-safe/ … “Network Computing”:http://www.networkcomputing.com/end-to-end-apm/240002428

Cameras in my TV, and not in a creepy way

john

So apparently all our tvs will have cameras and mics soon, and hopefully the mfrs will be a little smarter about privacy and usage rights than “this abysmal first Samsung attempt”:http://yro.slashdot.org/story/12/03/21/2117236/new-samsung-tv-watches-you-watching-it.

I also note that Xfinity keeps sending me mail about “their home security offering”:http://www.comcast.com/homesecurity/index.htm?SCRedirect=true, they want to come in my house and install a bunch of sensors and extract even a higher monthly fee from me.

So the obvious thought — why do I need a bunch of distributed sensors in the house? If I can put several cameras and mics in the tv (they are basically free), with full directionality and distance sensing, then my tv could sense in-room movement, perimeter movement, glass breakage, basically all the things a security system senses. Heck, throw in heat, smoke, and CO sensing too for fun, and an accelerometer to detect theft.

I’ve got a TV in our family room/kitchen, my office, our bedroom — if each of these provided full room monitoring for security, that would cover the bulk of the issues in the house. There is some great software that needs to be written to process the signals, identify perimeter movement, let me establish baselines to be ignored, set up different watch conditions for times when home versus times when away etc. But I don’t see why I should need to go thru the braindamage of putting sensors everywhere, solving wiring or battery issues for them, etc.

I might as well just publish my SSN and credit card numbers on my blog

john 3 Comments

“Taking your computer or phone into china”:http://www.nytimes.com/2012/02/11/technology/electronic-security-a-worry-in-an-age-of-digital-espionage.html?pagewanted=all is a bad idea, and I assume you are at risk in other countries as well. And why do we think we are safe here, when “someone can just litter around these sniffers”:http://www.theverge.com/2012/1/27/2753176/f-bomb-diy-darpa-funded-spy-computer, and “squadrons of these things may be flying around”:http://www.realdanlyons.com/blog/2012/02/01/these-mini-copters-flying-in-formation-are-the-coolest-thing-ive-seen-all-day/, and not that far in the future — the “FAA is letting these things in domestic airspace this year”:http://www.allgov.com/Controversies/ViewNews/Arrival_of_Domestic_Drones_Challenges_Air_Safety_120207.

Probably time to radically rethink my approach to data security.

UPDATE: and of course today I got a call from my bank and my credit card has been compromised. Somebody trying to sneak in $1 charges repeatedly. I don’t need to even put my card numbers up here, I should just assume that they are compromised from the get-go. In some sense it makes life easier — I don’t worry about giving my credit card numbers out to anyone because I assume they are already in circulation. What is important is watching my account statements carefully.

All over the place — Distilleries of Scotland, DC, Bullets, Games, Doghouses, Golf, Currency, and more

john

Credit card fraud and reverse DNS

john 1 Comment

We had a credit card stolen a while back and I was just on the phone with the bank clearing up one last transaction. The vendor, Steam, was claiming that the charge was valid. It took me about 2 minutes to convince the card issuer that the charge was not valid by simple reverse DNS of the IP addresses captured by Steam. Account signup happened at a location served by Adelphia (I have never been an Adelphia customer), and subsequent accesses all took place via two different Russian ISPs.

What surprises me is that neither Steam nor the card issuer (a huge national card issuer) was able to figure this out. It seems very automatable. And seems like card issuers could easily cut down on online fraud by looking at IP addresses — for myself, 99.99% of my transactions come from my work or home machines with fairly stable IP address histories, at least at the subdomain level. Not foolproof of course, and I do occasionally do transactions from other locations, but it seems like another good piece of info to consider when assessing the validity of a particular transaction.