Posted March 11th, 2010
Filed under: Sharing Info Online, Internet Dangers, Technology, Articles of Interest
There is a debate about how or if parents should use spyware on their kids’ computer to find out what their kids are doing online. This is a debate between parents, but is not a legal debate. Apparently a high school in Philadelphia took this idea to another level.
A Pennsylvania school district is being investigated by the FBI for remotely activating the web cams on the laptops they issued to students. The school district says that they were wanting to track online behavior when the students were supposed to be doing homework. The parents of these students disagree, saying it was a clear privacy violation. It is still unknown how the FBI will find, but I would not at all be surprised to find this a question posed to either the state’s or the U.S. Supreme Court.
What do you think? Privacy violation or good intentions communicated poorly?
Permalink | Email this | Linking Blogs | Comments
Posted March 10th, 2010
Really:
Since they are hard to conceal, the study says, noses would work well for identification in covert surveillance.
The researchers say noses have been overlooked in the growing field of biometrics, studies into ways of identifying distinguishing traits in people.
“Noses are prominent facial features and yet their use as a biometric has been largely unexplored,” said the University of Bath’s Dr Adrian Evans.
“Ears have been looked at in detail, eyes have been looked at in terms of iris recognition but the nose has been neglected.”
The researchers used a system called PhotoFace, developed by researchers at the University of the West of England, Bristol and Imperial College, London, for the 3D scans.
Posted March 10th, 2010
Good legal paper on the limits of identity cards: Stephen Mason and Nick Bohm, “Identity and its Verification,” in Computer Law & Security Review, Volume 26, Number 1, Jan 2010.
Those faced with the problem of how to verify a person’s identity would be well advised to ask themselves the question, ‘Identity with what?’ An enquirer equipped with the answer to this question is in a position to tackle, on a rational basis, the task of deciding what evidence will be useful for the purpose. Without the answer to the question, the verification of identity becomes a sadly familiar exercise in blind compliance with arbitrary rules.
Posted March 10th, 2010
Can you hear that? That’s the sound of air escaping as we all finally recover from the RSA conference. Rich and Martin are back, and Zach… never left (but did celebrate a birthday last week). We do a quick recap of RSA and then dig into the security news… much of which had nothing to [...]
Posted March 9th, 2010
Today I was looking at some of the various vendor security and advisory sites and I noticed at the top of the Ubuntu site: For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker. I had not seen the Ubuntu CVE Tracker before, so I checked out, very interested because of the fact that certain sites continue to assert and report that some Linux distributions do not have any Unpatched issues. For example, take a look at the page Vulnerability Report: Ubuntu Linux 9.10 on secunia.com (9.10 is Ubuntu Karmic Koala, released on October 29, 2009) and you?ll see a couple of interesting summary statistics as shown here: 
Looks good, eh? However, if you take a look at the CVE tracker, you get a view that is a bit different: 
You can see the Risk Color Key, but it is about what you?d expect. Red is High or Critical, orange is Medium and yellow is Low. The asterisk means that this is a package maintained by Canonical instead of a 3rd-party. I didn?t bother to do a count, but I can see that the number of ?needed? fixes is somewhat larger than zero, however, I did not see an RED = High vulnerabilities, so I did check on more thing ? I wondered how these severity ratings mapped to CVSS as used by the National Vulnerability Database (ie, http://nvd.nist.gov). I spot-checked a few: CVE-2009-4537, kernel, Orange(Medium) by Canonical, High(7.8) by CVSS CVE-2009-4565, sendmail, Orange(Medium) by Canonical, High(7.5) by CVSS CVE-2010-0408, apache2, Orange(Medium) by Canonical, Medium(5.0) by CVSS CVE-2010-0433, openssl, Orange(Medium) by Canonical, Medium(4.3) by CVSS CVE-2007-5901, krb5 (kerberos), Yellow(Low) by Canonical, High(10.0) by CVSS There were 474 CVE entries, so I didn?t do a comprehensive check, but it turns out that there are more than a few of these unfixed vulnerabilities that are rated High by CVSS. 
