AMITIAE - Tuesday 10 December 2013


Cassandra: Security Services, Personal Security and Other Risks


apple and chopsticks



advertisement


By Graham K. Rogers


Cassandra


Security is never too far from our thoughts these days, especially with new revelations each week from the treasure trove that Edward Snowden is releasing. With each new revelation, it is becoming clearer to me that, the security services are out of control and no politicians have the balls to rein them in. All they have to do is demand and the politicians shower them with more money, more protection and increased anonymity. Not that users around the world - especially those who are not US citizens - are getting much of that.

Having looked at Echelon, which was an earlier collaboration between the fives states (Australia, Canada, New Zealand, UK and USA), some of the revelations have not been too surprising to me: as the internet took over from telephone systems as the major medium of communication (albeit with many ways in which that communication works), security services were bound to switch their attention to online links.

Links to those articles on Echelon are:


Japanese bomb runs in WW2, were mainly ineffective; the USSR missile threat kept the military on its toes during the Cold War; while home grown terrorism was a domestic problem, so the shock of 9/11, when - for almost the first time - the US was attacked on its own soil from outside, opened the door for a major rethink in security. The default military-security reaction was panic.

The NSA (and others) saw the gift and accepted it with open hands. In the climate of the time, the NSA and others expanded surveillance and tended to ignore many of the legal and constitutional constraints that should have kept them in check, including lying to the (perceived) rubber-stamp FISA court that was set up.


The surprises came thick and fast and included the monitoring of the German Chancellor's phone as well as a similar setup that the Australian services had for the Indonesian president. The real surprise is not that these acts were done, but that they were found out. Affecting national security? No, the revelations are causing national embarrassment: those agencies are out of control.

A recent example that came to light, is the idea that not only are emails being monitored, phone calls checked and online transactions copied for later reference (not read, so not really illegal, the NSA claims), but that there are also online games that security services both monitor and perhaps infiltrate, like World of Warcraft.

Several publications have put out the news that WoW and other games, including Second Life (whose former CTO is an ex-military officer with top secret clearance) have been used by the NSA and other agencies from as long ago as 2007, according to a report by Tim Cushing on TechDirt.

The idea (severely criticised in the article) is that terrorists may communicate or shift cash using the online technology that the games provide. The online communities may also be where potential recruits could be identified by the terrorists. It sounds to me like the NSA are still watching reruns of Matthew Broderick in War Games: the only place that the real world and reality seem to meet is within their own minds.


camera Several articles online recently had another revelation concerning the inbuilt camera that now comes on many computers. A Google search will reveal several sources for this, such as the article by Liz Klimas on The Blaze.

I was reminded of a NSA document - covering OS X 10.6 - freely available on the internet that suggested, even when Snow Leopard was current, that one way to make sure the camera could not be used was to place a Band-Aid (or something similar) over the lens.

Despite the blanking out of the lens, the document suggested that the best way to secure the iSight camera was to have it removed. That would fix it. They obviously knew more than we did back then, although if you look at the screenshot on the right, this will need some refining.

While we are on the NSA and their limited view of the world, we were interested to see a move from several tech companies a couple of days ago who had all signed an initiative to put the surveillance genie back in its bottle and to insist that the government learns to control the NSA and other such agencies. Fat chance I say: it is these guys who run the government, not the other way round.


NSA


The companies have now been joined by several intellectuals and the website RT reports that "Over 500 world-famous authors sign anti-surveillance petition". There are some impressive names in the list. Note the comment (agree 100%) that "a person under surveillance is no longer free; a society under surveillance is no longer a democracy." Others might remember that too.


A couple of weeks ago, when writing about certain 3rd party updates for the latest version of OS X 10.9, Mavericks, I mentioned anti-virus software and wrote then,

I do not see a pressing need for a virus checker on OS X as the system itself prevents self-installation (definition of a virus) of any software. The last figures I have seen concerning viruses for OS X, puts the figure at less than 1: the same as it ever was. Systems before OS X were different and then there were reported to be some 80 or 90 viruses.

There are other forms of malware, particularly Trojan Horse software and phishing. An alert user should be able to avoid the many examples of phishing that arrive each week.

A couple of items from Net Security put those comments in some more perspective. The first concerns the rise in the number and types of attacks that Macs may be vulnerable to and includes a video that shows how Google protects its Macs (and Google has lots of Macs).

The other item concerns phishing, which is something that users need to keep their eyes open for all the time. Zeljka Zorz writes on the latest PayPal phishing email and this includes some advice on ways that such hoaxes may be more easily identified. I am so careful about this that I never click on any link in a PayPal email: even those that are legitimate. I go to my secure account using a browser instead.


Online scams are not just limited to phishing. One teenager found out the hard way that it is best to read the fine print when he bought not the Xbox One he was expecting, but a picture of the device. Timothy Geigner on TechDirt reports on this and tells us that eBay did help the teen get his money back.

As a note, although it is a public holiday in Thailand today, the nice guy in the over-smart polyester pants and cream shoes, who tells everyone that the Grand Palace is closed, is lying and the tuk-tuk driver he is working with will take those who get caught on a trip round some expensive shops in the hopes that the tourists will spend lots of money. They still catch several every day.


There was a lot of publicity over Apple chargers that electrocuted some people, killing one in China (she got out of the shower to take a call with the charger connected). There were also a couple in Thailand: explosion, fire, publicity. Of course there was lots of publicity when the initial story broke, but some of those same reporters were never honest enough to follow up with the results that the chargers that caused the short circuits were not Apple originals.

There is a thriving market in lookalikes: knock-offs that seem a bargain at the time. Apple took the phones for testing to an independent lab in the USA (with the cooperation of Thai authorities) and the results later appeared, albeit quietly. There were videos too and some are still online. With those results, these videos are perhaps more damaging to the complainant and reporter than to Apple.

That is not the view that Samsung takes. When a young man who goes by the dubious name of Ghostlyrich (sounds like a company I have heard of) experienced a burning Galaxy S4, he complained. Samsung (understandably) wanted some proof, so Ghostlyrich posted a video to YouTube.

This is where it goes awry. Electronista reports that part of the terms of settlement included removal of the video and "other extreme terms . . . which included never discussing the incident with anyone. . . ." He refused. And he added a second video (with some naughty words) which garnered almost half a million hits. Samsung has so far said nothing. In this case, silence may not be golden.

Mind you, as Gostlyrich has had service problem with an iPhone and an Xbox, both of which were treated positively, there could be more to this than meets the eye.


Graham K. Rogers teaches at the Faculty of Engineering, Mahidol University in Thailand where he is also Assistant Dean. He wrote in the Bangkok Post, Database supplement on IT subjects. For the last seven years of Database he wrote a column on Apple and Macs.


advertisement



Google


Made on Mac

For further information, e-mail to

information Tag information Tag

Back to eXtensions
Back to Home Page