Some Big Headlines on Security and Privacy Issues

Saturday, November 27, 2010

Theresa Payton


U.S. Marshals Service - Thousands of Naked images on Body Scanners

When the new scanners came online at court houses, airports, and other places we were promised that images would not be stored or transmitted.

EPIC, the Electronic Privacy Information Center, filed a Freedom of Information Act (FOIA) request in August to determine if the promise was kept or broken.  There were 35000 images on the scanners and EPIC was given roughly 100 scans to review.  According to the report they found 100 naked images.

What they found were naked images captured on the scanners used by US Marshals Service at an Orlando courthouse.  Their findings can be seen on technology blog, Gizmodo, who posted the naked body images.

The images are not as graphic as the TSA airport scanners but EPIC did this for a reason.  They wanted to show that the technology is available that allows one to store, retrieve, and view the images later.

TSA says they have safeguards in place to prevent this from happening.

Sources: ABC News Report, November 16, 2010, "One Hundred Naked Citizens:  One Hundred Leaked Body Scans",

New Facebook Spam Campaign Brought to You by Asprox

Facebook friends and fans beware!  A new Facebook Spam Campaign is on the loose.

The spam is spawning from a spambot named Asprox.  This is the gang behind a lot of the bogus emails purportedly sent to victims from DHL, FedEx, UPS, USPS spam.

If you get a pop up screen from "Facebook Support" it looks legitimate and the message makes you think that Facebook is really on the ball protecting you.

Facebook Service is notifying you that since spam was sent from your account, they changed your password for your "safety" and they ask you to open the zip file attachment for more information.

Here's your red flag - Facebook will not send you a note asking you to download a zip file for more information.

If you do download the file it has the Sasfis Trojan in it which connects to domain name

Source: M86 Security Labs Blog


Leading Cyber Official Says "Yes" We are At A Great Disadvantage for a Cyber Attack

Admiral J. Michael McConnell, the former Director of National Intelligence now at Booz Allen Hamilton was interviewed recently by Forbes.

He indicated that a cyber attack is inevitable.

When he was asked, "Are we at a greater disadvantage than any of our adversaries?" He answered, "
Yes, and there’s a very simple reason:  We’re more vulnerable because we’re more dependent [on technology]."

Mr. McConnell said change will only come about through dialogue otherwise it will happen after a catastrophe.

Mr. McConnell noted that intellectual capital is also at risk, not just information and money.

Sources: "Former Intelligence Chief Says A Cyber Attack Is Inevitable", Brian Wingfield, Business in the Beltway - Forbes Blog, November 23, 2010.

Geocode check in service GoWalla Goes to Disney!

Going to Disney may be a whole new experience.  Many kids like to buy pins and souvenirs.  GoWalla allows you with one swipe of your finger to check-in and collect virtual pins and badges on your smartphone while you walk around the park.  

The service will let you check, in advance, if junior is tall enough to ride the roller coaster.  It will also help you plan your day and map out the attractions you want to see.

GoWalla boasts 600,000 users today.  If the 120 million Disney visitors adopt GoWalla, that's a whole new game for this check in service.

Sources: "Gowalla Goes to Disneyland", Joshua Brustein, New York Times,  November 24, 2010

Will You Check Work Email Over the Holidays?

A new survey is out and over half of you say YES you will be checking work email over the holidays.  Xobni and Harris Interactive gave the following statistics:

  • 59% of American workers will check email over the Thanksgiving and Christmas holidays
  • 55% of the 59% will check it at least 1x a day
  • 28% of the 59% will check it several times a day
  • 42% of the 59% say it is important to check in over the holiday and some even admitted it was a welcome distraction.

For the Southern folk - the southerners are the most likely to check in boxes on holiday.

For bosses that want to be this holiday's Scrooge to keep in mind - 41% of Americans are annoyed when they get emails over the holidays

Sources: "Most Americans check work email over the holidays", Radhika Marya, Mashable, November 23, 2010.

Tech Firms May Get More Oversight

Recent breaches reviewed in testimony and briefings on the Hill have left Congress concerned that Tech Giants with gaps in their cybersecurity could be putting government websites and information at risk. 

Some are proposing that the Department of Homeland Security should have the power to force Tech Giants and the owners of networks to secure themselves better.

What might this mean?

If the bill is too large and vast, this could impact tiny startups.    According to an article written by Jeremy A. Kaplan, the bill is called, "The Homeland Security Cyber and Physical Infrastructure Protection Act of 2010 or HR 6423" and the sponsor is Rep. Bennie G. Thompson, D-Miss.

The current draft of the bill gives DHS the power:

a.  to set security standards for the networks at privately held facilities
b.  they could levy penalties on websites DHS names as having gaps in cybersecurity

The current draft also creates a "Cybersecurity Compliance Division".

What is your opinion?

How do you feel about the technology company that may be providing the power behind a website that collects and displays your personal information?  Do you want tighter, the same, or less oversight of how your information is handled?

What should this look like?

Is the status quo acceptable?

Sources: "Bill Could Give Homeland Security Power Over Tech Giants",, Jeremy A. Kaplan, November 23, 2010.

Cross-posted from Fortalice

Possibly Related Articles:
Security Awareness
Email Facebook Regulation Cyber Crime geo-location TSA
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.