“Streetinsider”:http://www.streetinsider.com/Press+Releases/Bromium+Pioneers+Micro-virtualization+Technology%3B+Secures+%2426.5M+Series+B+Funding/7531426.html … “GigaOM”:http://gigaom.com/cloud/how-bromium-lets-bad-guys-in-and-still-keeps-data-safe/ … “Network Computing”:http://www.networkcomputing.com/end-to-end-apm/240002428
Tag: Security
Cameras in my TV, and not in a creepy way
So apparently all our tvs will have cameras and mics soon, and hopefully the mfrs will be a little smarter about privacy and usage rights than “this abysmal first Samsung attempt”:http://yro.slashdot.org/story/12/03/21/2117236/new-samsung-tv-watches-you-watching-it.
I also note that Xfinity keeps sending me mail about “their home security offering”:http://www.comcast.com/homesecurity/index.htm?SCRedirect=true, they want to come in my house and install a bunch of sensors and extract even a higher monthly fee from me.
So the obvious thought — why do I need a bunch of distributed sensors in the house? If I can put several cameras and mics in the tv (they are basically free), with full directionality and distance sensing, then my tv could sense in-room movement, perimeter movement, glass breakage, basically all the things a security system senses. Heck, throw in heat, smoke, and CO sensing too for fun, and an accelerometer to detect theft.
I’ve got a TV in our family room/kitchen, my office, our bedroom — if each of these provided full room monitoring for security, that would cover the bulk of the issues in the house. There is some great software that needs to be written to process the signals, identify perimeter movement, let me establish baselines to be ignored, set up different watch conditions for times when home versus times when away etc. But I don’t see why I should need to go thru the braindamage of putting sensors everywhere, solving wiring or battery issues for them, etc.
I might as well just publish my SSN and credit card numbers on my blog
“Taking your computer or phone into china”:http://www.nytimes.com/2012/02/11/technology/electronic-security-a-worry-in-an-age-of-digital-espionage.html?pagewanted=all is a bad idea, and I assume you are at risk in other countries as well. And why do we think we are safe here, when “someone can just litter around these sniffers”:http://www.theverge.com/2012/1/27/2753176/f-bomb-diy-darpa-funded-spy-computer, and “squadrons of these things may be flying around”:http://www.realdanlyons.com/blog/2012/02/01/these-mini-copters-flying-in-formation-are-the-coolest-thing-ive-seen-all-day/, and not that far in the future — the “FAA is letting these things in domestic airspace this year”:http://www.allgov.com/Controversies/ViewNews/Arrival_of_Domestic_Drones_Challenges_Air_Safety_120207.
Probably time to radically rethink my approach to data security.
UPDATE: and of course today I got a call from my bank and my credit card has been compromised. Somebody trying to sneak in $1 charges repeatedly. I don’t need to even put my card numbers up here, I should just assume that they are compromised from the get-go. In some sense it makes life easier — I don’t worry about giving my credit card numbers out to anyone because I assume they are already in circulation. What is important is watching my account statements carefully.
Supercircuits
Recommended by Adrian for video cam equipment — “Supercircuits”:http://www.supercircuits.com/
All over the place — Distilleries of Scotland, DC, Bullets, Games, Doghouses, Golf, Currency, and more
- Brett on Stuff » Distilleries of Scotland. A reason to hike Scotland
- WOW — stronger authentication than your bank. What does that say about the world.
- Running DC thru the house. An idea whose time has come again?
- Indie games DB. Often way better than mainstream games
- Guided Bullets. Why not.
- Thingiverse. Kind of an open source design site.
- Denhaus — awesome pet furniture
- Nitrogen-infused golf clubs. Golfers will buy anything.
- Dutch 5 Euro coin. Awesome, wish I could order. Not the first time I have been blocked from ordering a euro product, wish I could sign up for a forwarding PO box in Europe.
- Mini Magnetosphere. Maybe we all need one of these
Network card exploits
NIC exploits via Hack the Planet — “I’ve seen one example use this to establish a zero-footprint rootkit i.e. one which leaves no trace on disk.” — egad.
A mixed set of lists
* The Big Picture | Cognitive Biases: A Short List — great list of the ways we screw up decisions
* marca’s view on the best scifi of the decade
* Larry’s recommended security blogs
* EDSBS’s top 5 legends of football parenting, or, how to give your child a lifetime of therapy.
* super slim wallet designs
* 10 reasons I need to upgrade to MT4
Credit card fraud and reverse DNS
We had a credit card stolen a while back and I was just on the phone with the bank clearing up one last transaction. The vendor, Steam, was claiming that the charge was valid. It took me about 2 minutes to convince the card issuer that the charge was not valid by simple reverse DNS of the IP addresses captured by Steam. Account signup happened at a location served by Adelphia (I have never been an Adelphia customer), and subsequent accesses all took place via two different Russian ISPs.
What surprises me is that neither Steam nor the card issuer (a huge national card issuer) was able to figure this out. It seems very automatable. And seems like card issuers could easily cut down on online fraud by looking at IP addresses — for myself, 99.99% of my transactions come from my work or home machines with fairly stable IP address histories, at least at the subdomain level. Not foolproof of course, and I do occasionally do transactions from other locations, but it seems like another good piece of info to consider when assessing the validity of a particular transaction.
Biopassword challenge to hackers
The Insider: BioPassword to hackers — crack this account — will be interesting to see how much traffic this generates.
Simson on hard drive contents
Good analysis on used hard drive content. Cross-drive analysis is fascinating. A good reminder — physically destroy your hard disks when you are done with them.
Rootkit safety
Advice for friends and family:
- If you have autorun turned on, turn it off, now.
- Never open any link sent to you by anyone on IM. Unless you know what you are doing.