Posts Tagged ‘Data and computer security’
You decide: what should you do with those celebrity pics you’ve found?
Posted by: Gadget Boy in Technology on September 18th, 2009
You've bought a secondhand computer from an auction site. Unsurprisingly, it's not been wiped - most people are rubbish at wiping their hard drives. You're intrigued, though, and you discover some pictures and emails that haven't been deleted.
Oh my. Some pictures of a celebrity who you've heard of (and happen to like, though only on reputation; you've never met). Very intimate pictures. And they're with someone who isn't their spouse. The emails, which are similarly intimate, aren't to their spouse either. You've not seen anything about these two on the news, and a web search doesn't suggest anyone has written about their relationship.
You realise that these pictures might be worth something - perhaps quite a lot - if you sold them to a paper or website. Or you could wipe them. Or...
What do you do?
What’s the real game that Mobster World is playing on Twitter?
Posted by: Gadget Boy in Games, Technology on September 18th, 2009
If you're getting invitations to join peoples' Mafia families, you might be wondering why - and whether it's safe to respond. Is it a worm or just a bit of fun?
If you're on Twitter, you may have been surprised to receive a direct message (like an email, in that it's not in the public domain) from someone who follows you, saying something like
"Hey, I just added you to my Mafia family. You should accept my invitation! :) Click here:"
And then there's a link to playmobsterworld.com, where the "Mafia family" game seems to be hosted.
If you happen to follow the link, you'll be presented with a big, mostly black screen and a big red button in the middle saying "Click here to play more". Look, here's a picture.
But what you rapidly find is that you're taken by the scruff of the internet over to Twitter where you're, um, encouraged to authorise the game to access your Twitter feed. (It uses the OAuth system, which means that the people behind playmobsterworld don't get your username or password. The owners have chosen to hide their identities by using Domainsbyproxy, and haven't left an email address on their website, so we don't know who they are, and couldn't contact them.)
Once you've done that, the "game" will then spew that invitation in the form of a direct message to everyone it can. (The people who receive it are the ones who follow you, and who you also follow. They're the only group you can direct message on Twitter.)
And so those DMs turn up in peoples' feeds, and they click them.. and so on. You'd think that by now Mobster World would be played by everyone.
Not so. Instead many people - the non-players - get annoyed by it.
It's easy to see how the spewing of invitations happens: it's so easy to miss the tiny text at the bottom of the main page that tells you about the Terms of Service (such as they are: basically, it's a website and takes no responsibility for anything) and the one that says "Click here if you don't wish to invite your contacts automatically".
See - there it is.
Oh, so that's how you do it. Except that if you click that second link (the tiny bit of yellow text on the left), you get directed to a page that looks exactly the same as the first with a link to the same Twitter OAuth link, and no indication that your friends won't get spammed just the same way again as if you had never managed to find that well-hidden link.
Although it must be said that the front page does say in a prominent position, "please read the note below for our terms of service". Prominent position, but unfortunately not prominent in any other sense; it's tiny dark grey text on a dark background, and to say that it doesn't stand out is an understatement at best.
See?
OK, now try it with some highlighting of the text:
So is there actually a game in Mobster World? Rik Ferguson, of the security company Trend Micro, has been looking at it for a while. His view?
"In essence it is very similar to the previous Twitter "game" Spymaster" which got very amusingly subverted.
"Mobster World is not a new game to social networking, it has been around on Facebook for some time already with over 1000 active users and in fact was one of the apps that was being linked to via advertising in the series of rogue apps we saw on Facebook recently.
"There is a game behind Mobster World, but in the loosest possible sense of the word. You also have to question the motives of the people behind it when the text "(please read the note below for our terms of service.)" and the terms of service themselves are greyed out almost to the point of invisibility on their front page."
However, here's the kicker: it doesn't let go of your account even if you tell if to, according to Ferguson.
"The game itself consists of doing "jobs" to earn cash and respect, using the cash to go on and buy further equipment to do yet more jobs and recruiting other to your mob through direct messaging on Twitter. Having granted read & write access to your Twitter account through OAuth though, the game can send DMs without your knowledge. [emphasis added - CA]
"The default settings on the game account definitely lead to a barrage of Update Tweets. The "Cancel Account" option, despite warning you that it is an irrevocable step, does not work - the account remains active and can be reused at any time. The OAuth permissions granted on your Twitter account are also not revoked. [emphasis added - CA]"
So it grabs hold of your Twitter account and won't let go. That's not good, in the scheme of things. What if the owners decided to start using their access to tweet links to malware links, or adverts? It would seem to come from you to your friends.
So is it dangerous, in Ferguson's view? "It's not overtly malicious, but it is definitely configured to fool the unwary into generating publicity through social worm techniques."
Our opinion: probably best avoided. You can deny it any further access to your Twitter account on Twitter's system itself, at Twitter's Settings -> Connections page, which will show you what programs and sites are allowed to access your account. If you don't want Mobster World to have that access, deny it there.
But is this a new trend in games, or just an aberration? What's your view?
Are malware writers getting ambitious?
Posted by: Gadget Boy in Technology on September 16th, 2009
Yes, if you mean that they're now trying to catch people who read the New York Times, rather than random visitors to music download, porn and hacking sites.
Yes, if you mean that they're now trying to catch people who read the New York Times, rather than random visitors to music download, porn and hacking sites. Of course, it's harder to compromise one of the Grey Lady's web servers, but one group of criminals recently found the answer: buy advertising.
What we now call "malvertising" has grown this year, and it represents a serious threat not just to individual users but to a web that's ultimately paid for by ads. As Deloitte noted in its predictions for 2009: "Anything that makes large numbers of internet users decide that clicking on online advertisements could be a bad or dangerous thing threatens the current business model of almost every company that does business online."
The New York Times says it fell victim to a malicious ad swap. "The culprit masqueraded as a national advertiser and provided seemingly legitimate product advertising for a week. Over the weekend, the ad being served up was switched so that an intrusive message, claiming to be a virus warning from the reader's computer, appeared."
The result is one of the most obvious scams around. A message says your Windows PC has 38 pieces of malware and invites you to run a scan. The fake antivirus program then asks for money to remove the malware (which doesn't exist). In the worst cases, it also drops a Trojan that can download some real infections. The Times slipped up because the criminals impersonated Vonage, the internet telephony company, and it seems they may have owned vonage-inc.com at the time. "Because the Times thought the campaign came straight from Vonage, which has advertised on the site before,it allowed the advertiser to use an outside vendor that it had not vetted to actually deliver the ads," according to the NYT's internet section.
The Times says it has now improved its checking system, but malvertising attacks have also been mounted via other publications, and via Facebook and Google ads. Nowadays, it's also very common for the attacks to use topical events, such as the deaths of Ted Kennedy and Patrick Swayze, to try the same scam using Google's search results.
The result, as Kris Lamb, director of IBM's X-Force security group, told ECN, is that: "There is no such thing as safe browsing today and it is no longer the case that only the red-light district sites are responsible for malware. We've reached a tipping point where every website should be viewed as suspicious and every user is at risk. The threat convergence of the web ecosystem is creating a perfect storm of criminal activity."
US hacker pleads guilty to huge ID theft
Posted by: Gadget Boy in Technology on September 11th, 2009
• Miami hackers stole millions of credit card numbers
• Ringleader faces up to 45 years in jail, with more charges to come
US officials say that a man accused of orchestrating one of the biggest identity thefts in history has agreed to plead guilty to stealing more than 40 million credit card numbers.
Prosecutors say that 28-year-old Albert Gonzalez, of Miami, will accept guilty charges on 19 counts relating to the theft of information from some of America's largest retailers. Operating under a variety of pseudonyms - including "Soupnazi" - Gonzalez organised groups of criminals who broke into wireless networks belonging to major companies in order to exploit flaws in their database software to access millions of people's credit card information.
The case - details of which first emerged in 2007 - saw a number of high-profile companies targeted, including book retailer Barnes & Noble, discount clothing retailer TJX - which owns a string of TJ Maxx shops in Britain - and restaurant chain Dave & Buster's. Eleven individuals were originally charged last year.
According to the indictment against Gonzalez, he and a team of accomplices sold many of the stolen card numbers, while using others to create their own cloned cards which they used to withdraw vast sums of money. As part of his plea, Gonzalez will forfeit more than $2.7m (£1.6m) as well as property and other personal items, seized after investigators conducted a number of raids on properties linked to the fraud ring.
Sentencing is due in December, where he could face a total of 45 years in prison - but even then, cases involving him do not end there.
The guilty plea will settle charges brought in Massachusetts and New York, but Gonzalez also faces separate charges in New Jersey, where he is accused of running another - even larger - credit card fraud ring.
It is not the first brush with the law for Gonzalez, however. He had previously faced a length prison sentence for his role with another group of hackers, known as the ShadowCrew, in 2003. However, he avoided jail by offering to become an informant for the US Secret Service in their case against the group - which led to a string of convictions for identity theft and fraud but left Gonzalez free.
Google’s plan to free your information
Posted by: Gadget Boy in Technology on September 9th, 2009
As head of its 'Data Liberation Front' Brian Fitzpatrick's role is to make it easier to export your files from Google's servers
For years, the aim of pretty much every technology company has been to make a product that people can't give up using, and in case something better comes along from a rival, make sure that they can't get their stuff – whether it be data, software or hardware – to work easily with the newcomer's platform. On this rested the success of the compact cassette v the 8-track, VHS v Betamax, Iomega's Zip v other backup systems, and most recently Blu-ray v HD DVD.
Amidst which, Brian Fitzpatrick's role at Google sounds, at the very least, contrary. He runs its self-styled (and half-jokingly named) "Data Liberation Front" in the Chicago offices, and his aim is to make it easier – one button is the ideal – to export your data from Google's servers onto a storage format of your choice – whether that's your own web server, your computer, or the comfort of your backup drive that you keep locked away in a fireproof cupboard after using it every night.
The Data Liberation Front – the name's a jokey reference to the Judean People's Front, the would-be terrorist group in Monty Python's Life of Brian that never quite gets its act together and spends most of its time bickering – is actually a good thing for Google's customers, Fitzpatrick argues, because it means that lock-in element can't be applied to your data.
"Think of it like you were renting a house," says Fitzpatrick. "If you decided to move out and the landlord came and told you that you couldn't take your furniture or your clothes or your family photos, you wouldn't be pleased, would you?" His point being that Google wants to give you that comfortable feeling that if you need to export your data then you can.
In the click of time
It's already been achieved for Blogger, the free blogging platform the company bought. There is a one-click export (to the Atom format) which preserves not only posts but also comments. (An export to RSS, which is also available, only preserves the blog posts.) Google Notebook, which has been "end of lifed" (read: killed off), has had export functionality added to it. Fitzpatrick notes all sorts of Google products that have got export functionality: Google Docs, iGoogle, and various other Google products. (And, inevitably, you can follow it on Twitter at twitter.com/dataliberation — which might make you ponder how easy it is, by contrast, to get your tweets out of Twitter.)
And next, he says – though dates aren'tgi – there'll be an "export" button for Google Sites (in HTML), as well as a "mass export" from Google Docs, for those who want to export a lot of data at once.
You can see the clever sales logic. Many people fret that with cloud computing you can't walk up to any location – still less a specific machine – and say: "My data is in here." Such distributed services mean your data might be on five continents at the same time.
Thus people, and companies, get uncomfortable about trusting a cloud service, because they don't know where it is, and so can't be sure it's really safe. For Google to say "we can easily import your data" isn't more of a claim than others are already making.
But if it then says "exporting your data is one-button easy", it actually has a selling point. True, it looks perverse to those accustomed to the lock-in mentality of previous commercial battles. But it may be the right approach for the web. It's classically, Google-typically, counter-intuitive.
Fitzpatrick studied Latin and Greek ("and ceramics") at university, then went to work for OnShore, a small networking company based in Chicago. There he got interested in fixing a problem with an open source database driver, and was then encouraged to submit the change to its authors. Which led to working on Subversion, a version control system widely used by teams of programmers who need to co-ordinate different versions of programs. He then went to Apple, where he worked on the consulting team that would go with every sale of its fabulously expensive WebObjects package, and then back to Subversion. (He wrote the book on it.) When Google bought the company he was working at, he was reluctant to join: he'd set down roots in Chicago. But the company was happy to let him set up an engineering department in the city (it already had a sales centre). He's also in charge of Google Affiliate Networks, an acquisition from the takeover of DoubleClick. He adds: "We believe in an open web for everyone … The web is fundamentally about openness."
Open and shut case
But there's also two other ways in which it works to Google's advantage. First, it encourages its developers not to fall behind rivals. If the price of being overtaken is that people will pick up their data and leave your application behind (which might then mean your job as the application's developer vanishes), you'll have a stronger incentive to keep going. But equally, for managers who don't want to have to support a million wilting blooms, being able to export data means that unsuccessful projects can be shut down without regrets that users will curse the company for locking away their data on its servers forever.
Compare that with the outcry that Yahoo faced when it announced it would close Geocities: efforts to save it sprouted up, and Yahoo wasn't popular. Google isn't popular for closing services – but at least Google Notebook users can get their data out.
So, export for blogs and Google docs is straightforward enough, as everyone is familiar with their formats. But how will exporting work for a completely novel idea, such as Wave, whose functionality nobody outside Google ("or inside," adds Google's PR woman, who is listening) has yet managed to describe in fewer than a thousand hand-waving words (it's something like "email and instant messaging and collaboration but with changes shown over time")? How do you export something which has a unique format?
For a moment, Fitzpatrick looks faintly alarmed. But that's not because he hasn't considered it – although Wave was developed in Sydney, his Chicago team has already been looking at what it needs to do.
"We have talked about it. It's not that difficult to represent [its data]. The question is how to represent time. Wave has the extra dimension of revisions. There are ways to represent that but nothing else really has anything that it's like. It's unique." What about Wikipedia's "diff", which shows the differences between revised versions of the same page? "That's perhaps the closest," Fitzpatrick acknowledges. The problem then is that a diff is a database representation and there isn't an agreed way to export a database. (SQL ends up being database-specific, Fitzpatrick says.)
The irony is that if Fitzpatrick succeeds, then Eric Schmidt, Google's chief executive, will probably be happy. "He keeps telling us, the way to not be evil is to not lock users in," Fitzpatrick says. "He tells us, just get the users and we'll figure out how to make money."
O2 routers vulnerable to remote attack
Posted by: Gadget Boy in Technology on September 8th, 2009
Thousands of O2 broadband customers are at risk from a hack that its discoverer has tried to warn the company about
If you get your broadband from O2, and have a router from O2, you have a problem. A very serious problem. According to a report by Paul Mutton, an O2 customer who has tried repeatedly to get O2 to take some notice of the vulnerability,
The O2 Wireless Box III (a customised Thomson TG585n router) is an ADSL modem and wireless router used by O2 Broadband customers. Two weeks ago, I discovered a serious security vulnerability that allows remote attackers to access a home user's private network and view/change settings on the router.
a remote attacker can:
- Steal the router's wireless encryption key (even if WPA2 is enabled).
- List all internal IP addresses being used on the home network.
- Forward external ports to those internal IP addresses, allowing remote access to individual home computers.
- ... plus much more!
The details are complex - it depends on "cross-site request forgery" (which personally I'd never heard of before).
This is serious, and you should indeed Worry. If you have an O2-supplied ADSL router, it would make sense (as it always has) to (a) change the default password (b) check that O2 hasn't changed it remotely back - as Andrew Brown has discovered, to his fright.
(To clarify, it is the router admin password that you should change, not your wireless network password.)
And how many might be affected? According to Mutton,
I'm not entirely sure how many users are affected by this problem, but it could be quite a lot. O2 has 457,000 fixed broadband customers as at 30 June 2009 [source: O2 PR], most of which will probably be using a Wireless Box II or III (these are the only routers currently offered to home users of O2 Broadband).
Zen Broadband and Be did respond though to find out whether the routers they supply might be affected.
O2 has apparently been making some remote updates:
So, O2 has applied a remote update to their Wireless Boxes which sets the password to the box's serial number. This does indeed mitigate the problem to some extent, but it does not remove the risk completely. The software release is still identified as 8.2.L.0 and it is still vulnerable to CSRF. The proofs of concept that I demonstrated to O2 (and several other ISPs) still work without further user interaction providing you have recently logged in to your router.
The solution? There isn't a simple one. (It would be interesting to know how many other routers on the market are vulnerable to this, though, and whether Thomson - which makes it - has updated its firmware at all to deal with it - or whether firmware is O2's responsibility.) We'll aim to speak to O2 later to find out what it is really doing.
Update: Here's the email that Be sent to its customers. (Ta, Keith Emmerson.)
We want to let you know that we've recently been informed of a security problem that could affect the BE Box, among other routers. Essentially, the problem could allow somebody to change your router settings, and nobody wants that. For you tech savvies, we've included more details at the bottom of this email.
Here's what we're doing:
We want everyone to be protected - even the people who don't read this email, so, we've decided to automatically update the password for everyone. It will be unique to each user: we are running a script to change the password to the individual serial number on your BE Box (found on the bottom of the router). If you want to change it after that, go here for a guide: https://www.bethere.co.uk/web/beportal/beboxpassword
Just to be clear, we aren't changing the wireless key - it's the password to the administrator web interface. That's the only change we will.or would.make.
We will be starting to run this script first thing Monday 7th September, if you don't want us to do it (although we do recommend it), you can stop us by either:
a) Downloading and running the tool here:
http://www.beusergroup.co.uk/downloads/BEBox_OptOut.exe
b) Following the manual guide here:
http://www.beusergroup.co.uk/technotes/index.php/How_To_Fully_Secure_The_Beb
ox
The Techie Stuff: The BE Box is vulnerable to an XSS (cross-site scripting) combined with a CRSF (cross-site request forgery) that allows a remote attacker to perform actions on the Web UI (user interface), via the use of JavaScript - and without the user's knowledge or consent.
In the short term, in order to stop this from occurring we are going to set the password on everyone's BE Box.
After we've done this, if someone tries to attack your router, you will be prompted to enter your Administrator Password. Don't do it, otherwise the attack will be successful. (We'd like to think that most people wouldn't enter their username and password for a random unexpected login prompt)
In the long run we're working with Thomson to improve the firmware's
resilience to such attacks.
Do take note of that penultimate paragraph: remote attacks will lead to an unexpected demand for your router admin password. You shouldn't ever get that unless you're asking for it. So beware, and be aware. Good to se Be being cautious on this. It seems O2 has been doing the same thing - hence people finding their admin passwords abruptly changing.
Credit card scam raises web security fear
Posted by: Gadget Boy in Technology on August 18th, 2009
• Former informant accused with two east Europeans
• 'Biggest ever' case involves 130m cards
US companies and law enforcement agencies are facing fresh questions today about the ease with which hackers can penetrate their defences and make off with vital data about consumers, following the arrest and charging of a Miami man for what is allegedly the biggest credit card scam in history.
Albert Gonzalez, a 28-year-old former informant for the US secret service who helped the authorities track hackers, was charged with conspiring to steal the details of 130m credit cards. The charge sheet detailed a complex history of online skulduggery in which Gonzalez used three internet aliases: segvec, soupnazi and j4guar17, each marking different stages in his life.
The alleged fraud was perpetrated through devices that could penetrate computer networks, steal card data and send it to servers in the US and Europe, prosecutors say. The acting US attorney general, Ralph Marra, praised the investigators "in tracking down cutting edge hacking schemes committed by hackers working together across the globe".
But computer security experts suggested that the ruse allegedly devised by Gonzalez and two other accused men from eastern Europe was actually relatively simple and that the real question was the failure of the big US companies involved to properly defend their computer systems.
"None of this is revolutionary or the work of rocket scientists - it's the kind of thing we see every day," said Graham Cluley, a consultant with hi-tech security company Sophos. He added: "It seems to me that there was a concerted effort to target major retailers, and there is egg on the face of these large corporations for failing to protect their data adequately."
The charge sheet says that Gonzalez, along with two others who "resided in or near Russia", in December 2007 injected "structured query language", a computer programming language designed to retrieve and manage data, into the computers of companies such as Heartland, one of the world's biggest credit and debit card payment processing companies.
"Malware", malicious computer software, was used to identify, sort and export information.
Other companies alleged to have been attacked include 7-Eleven and Hannaford Brothers, a supermarket chain.
The charge sheet says Gonzalez "would identify potential corporate victims by, among other methods, reviewing a list of Fortune 500 companies". He would also "travel to retail stores of potential corporate victims, both to identify the payment processing systems that the would-be victims used at their point of sale terminals [eg checkout computers] and to understand the potential vulnerabilities of those systems".
If convicted, Gonzalez faces 25 years in jail. He had already been in jail after being charged last year in New York for allegedly hacking into a national restaurant chain.
The charge sheet relating to the 130m credit cards does not say if any have actually been used illegally. But Linda Foley, founder of US consumer group the Identity Theft Resource Centre, suggested criminals may have auctioned off some of the data, and the true scope of the attack might only emerge over time, with the potential to drag in financial institutions, as well as other retailers, as more details become available.
"Things may go quiet for six months, but the fear is that when the heat is off, they could start using the information again," she warned.
Gonzalez, a Cuban-American, was brought up in Coral Gables, near Miami. He avoided a conviction for credit card theft in 2003 by turning informant for the US secret service, but then allegedly resumed a life of crime.
Online magazine Wired said Gonzalez, who is alleged to have amassed about $1.6m (£965,000), had been a big spender, including $75,000 on a birthday party.
The trial is due to begin next month.
Cyxymu attacked and the rise of the GPU
Posted by: Gadget Boy in Technology on August 12th, 2009
Charles speaks to Evgeny Morozov, blogger for Foreign Policy magazine and Graham Cluely of security firm Sophos to find out how and why Twitter, Live Journal, Google and Facebook were targeted by denial of service attacks last week. The answer it would appear is an attempt to silence one Georgian blogger - Cyxymu, who was a critic of last year's conflict between Georgia and Russia in South Ossetia. Charles finds out about him, why Twitter was so badly affected, and why distributed denial of service attacks from botnets are less successful than they were earlier this decade.
Charles also speaks to Jen Husun Huang, Co-founder, President and Chief Executive Officer of Nvidia. He discusses why the graphics processing unit will become more important to the future of computing. Instead of being used just to process intensive visual tasks, the GPU can be used to crunch data to much better effect than a CPU with multiple cores. Hear what the benefits will be, and how the GPU differs and works.
Plus there's this week's news, including the state of surveillance in Britain, details of Facebook buying FriendFeed, and Spinvox's latest troubles. Bobbie Johnson is your presenter, and he's most grateful to you for helping push the Guardian Tech Twitter feed over the 1 million follower mark...
Don't forget to...
• Comment below...
• Mail us at tech@guardian.co.uk
• Get our Twitter feed for programme updates
• Join our Facebook group
• See our pics on Flickr/Post your tech pics
Georgian blogger Cyxymu blames Russia for cyber attack
Posted by: Gadget Boy in Technology on August 7th, 2009
Blogger claims attack on Twitter, Facebook and LiveJournal was part of plot to silence his criticism of the Kremlim
The Georgian blogger known as Cyxymu, who was yesterday the victim of a cyber assault that affected hundreds of millions of web users around the world, has blamed the attack on the Kremlin.
Speaking to the Guardian from an office in the Georgian capital, Tbilisi, he said he believed the denial-of-service strike that hit LiveJournal, Facebook and Twitter stemmed from an attempt to silence his criticism over Russia's conduct in the war over the disputed South Ossetia region, which began a year ago today.
"Maybe it was carried out by ordinary hackers but I'm certain the order came from the Russian government," said the blogger, whose monicker is a latinised version of the Russian spelling of Sukhumi, the capital of Georgia's other breakaway republic, Abkhazia.
He added: "An attack on such a scale that affected three worldwide services with numerous servers could only be organised by someone with huge resources."
The trio of social networking sites were temporarily overwhelmed causing disruptions of service.
Cyxymu said his real name was Georgy and that he was a 34-year-old economics lecturer. He is an active critic of Moscow's politics in the Caucasus region and was the victim of a similar attack last year that crashed LiveJournal.
He said he was "amazed" when he realised the latest strike on his blog, Sukhumi, war and pain, had seemingly prompted a global online meltdown.
"I didn't expect that it would be an attack on me, I'm not such a famous blogger," he said. "It started when hundreds of thousands of spam emails supposedly from me were sent all over the world suggesting for people to visit one of my blogs. So thousands of people visited it causing it to freeze, and they [LiveJournal] had to block it again. Then the same thing happened with Facebook and Twitter."
Max Kelly, Facebook's chief security officer, confirmedyesterday that the attack that disrupted the Twitter site and caused problems for Facebook and LiveJournal was aimed at Cyxymu. "It was a simultaneous attack across a number of properties targeting him to keep his voice from being heard," he said.
Cyxymu said he had started his blog as a way to unite ethnic Georgians who lived in Sukhumi but were forced to leave as refugees in 1993 when Abkhazia seceded from Georgia. "When the war started in South Ossetia last year I couldn't avoid being drawn into politics," he said.
Battle is on to regain control of our files
Posted by: Gadget Boy in Technology on September 9th, 2009
Our use of social networking, as well as iPhones and Kindles, relinquishes control of how we delete files – we need that back
File deletion is all about control. This used to not be an issue. Your data was on your computer, and you decided when and how to delete a file. You could use the delete function if you didn't care about whether the file could be recovered or not, and a file erase program – I use BCWipe for Windows – if you wanted to ensure no one could ever recover the file.
As we move more of our data onto cloud computing platforms such as Gmail and Facebook, and closed proprietary platforms such as the Kindle and the iPhone deleting data is much harder.
You have to trust that these companies will delete your data when you ask them to, but they're generally not interested in doing so. Sites like these are more likely to make your data inaccessible than they are to physically delete it. Facebook is a known culprit: actually deleting your data from its servers requires a complicated procedure that may or may not work. And even if you do manage to delete your data, copies are certain to remain in the companies' backup systems. Gmail explicitly says this in its privacy notice.
Online backups, SMS messages, photos on photo sharing sites, smartphone applications that store your data in the network: you have no idea what really happens when you delete pieces of data or your entire account, because you're not in control of the computers that are storing the data.
This notion of control also explains how Amazon was able to delete a book that people had previously purchased on their Kindle e-book readers. The legalities are debatable, but Amazon had the technical ability to delete the file because it controls all Kindles. It has designed the Kindle so that it determines when to update the software, whether people are allowed to buy Kindle books, and when to turn off people's Kindles entirely.
Vanish is a research project by Roxana Geambasu and colleagues at the University of Washington. They designed a prototype system that automatically deletes data after a set time interval. So you can send an email, create a Google Doc, post an update to Facebook, or upload a photo to Flickr, all designed to disappear after a set period of time. And after it disappears, no one – not anyone who downloaded the data, not the site that hosted the data, not anyone who intercepted the data in transit, not even you – will be able to read it. If the police arrive at Facebook or Google or Flickr with a warrant, they won't be able to read it.
The details are complicated, but Vanish breaks the data's decryption key into a bunch of pieces and scatters them around the web using a peer-to-peer network. Then it uses the natural turnover in these networks – machines constantly join and leave – to make the data disappear. Unlike previous programs (PDF) that supported file deletion, this one doesn't require you to trust any company, organisation, or website. It just happens.
Of course, Vanish doesn't prevent the recipient of an email or the reader of a Facebook page from copying the data and pasting it into another file, just as Kindle's deletion feature doesn't prevent people from copying a book's files and saving them on their computers. Vanish is just a prototype at this point, and it only works if all the people who read your Facebook entries or view your Flickr pictures have it installed on their computers as well; but it's a good demonstration of how control affects file deletion. And while it's a step in the right direction, it's also new and therefore deserves further security analysis before being adopted on a wide scale.
We've lost the control of data on some of the computers we own, and we've lost control of our data in the cloud. We're not going to stop using Facebook and Twitter just because they're not going to delete our data when we ask them to, and we're not going to stop using Kindles and iPhones because they may delete our data when we don't want them to. But we need to take back control of data in the cloud, and projects like Vanish show us how we can.
Now we need something that will protect our data when a large corporation decides to delete it.
Bruce Schneier is BT's chief security technology officer
Apple, Comment, Computing, Data and computer security, Gadgets, Gmail, Social Networking, The Guardian, twitter
No Comments