You are here: Home / Archives for information

Proof-of-concept Android Trojan uses motion sensor to determine tapped keys – Computerworld (Lucian Constantin)

April 23, 2012 By Leave a Comment

A team of researchers from Pennsylvania State University (PSU) and IBM have designed a proof-of-concept Android Trojan app that can steal passwords and other sensitive information by using the smartphone’s motion sensors to determine what keys victims tap on their touchscreens when unlocking their phones or inputting credit card numbers during phone banking operations.

The Trojan horse is dubbed TapLogger by its creators and was designed to demonstrate how data from a smartphone’s accelerometer and orientation sensors can be abused by applications with no special security permissions to compromise privacy.

via Proof-of-concept Android Trojan uses motion sensor to determine tapped keys – Computerworld.

LinkedInPinterestEvernoteWordPressBlogger PostEmailShare
Filed Under: Tech Bytes Tagged With: , , , , ,

E-discovery in the Cloud? Not so easy – Computerworld (Tom Harbert)

April 23, 2012 By Leave a Comment

Your company is embroiled in a lawsuit, and your general counsel has come to IT for help in conducting e-discovery on a batch of data. You easily gather some of the information from storage in your data center, but the rest of it is sitting in the cloud. Easy enough, you think, to get that data as well.

You may be in for a rude awakening.

Many lawyers and IT staffers “just assume if they put data in the cloud it’s going to be at their fingertips, that it’s inherently discoverable,” says Barry Murphy, co-founder and principal analyst at eDJ Group, a consulting firm specializing in e-discovery. “That’s not necessarily the case.”

Under the Federal Rules of Civil Procedure, a party to litigation is expected to preserve and be able to produce electronically stored information that is in its “possession, custody or control.” But in the cloud, the situation isn’t so clear. Information that’s electronically stored in the cloud is presumably under your control, but it may not technically be in your possession, says James M. Kunick, principal and chair of the intellectual property and technology practice at law firm Much Shelist.

via E-discovery in the Cloud – Computerworld.

LinkedInPinterestEvernoteWordPressBlogger PostEmailShare
Filed Under: Tech Bytes Tagged With: , , , , , ,

Operationalizing e-discovery—two different approaches | Inside Counsel (Sophie Ross)

April 21, 2012 By Leave a Comment

There are a number of factors driving the operationalizing of e-discovery.

1.  The sheer complexity of e-discovery has created the need to streamline the process. In-house counsel are now seeking to develop a set of policies and procedures that can help them place controls around e-discovery, leading to predictable levels of quality, efficiency and costs. This is especially true in light of the fact that each matter may involve a variety of internal and external stakeholders, from IT and records management to outside counsel and legal technology vendors. By operationalizing the process, legal departments can better coordinate these disparate parties.

2. The complexity of the e-discovery process exposes an organization to a considerable amount of risk. Because e-discovery will remain a routine duty of the legal department for the indefinite future, the chief information officer and IT department are increasingly involved in acquiring the tools and services to create repeatable and defensible processes.

3.  As our culture has shifted from paper to digital communications, there has been an explosion in the amount of electronically stored information. It’s not uncommon for corporations to put data in terms of petabytes, which is equal to 1 million gigabytes. This deluge of data means that without a plan in place, e-discovery can quickly become an unmanageable and expensive process.

4. The economic downturn of the last few years has put corporate expenditures under scrutiny. This includes a company’s litigation budget, which can easily swell as the volume of corporate data and the frequency of e-discovery requests increase. This need to rein in costs, or at least create a means to predict litigation costs, has also led to the operationalization of e-discovery.

via Operationalizing e-discovery—two different approaches.

LinkedInPinterestEvernoteWordPressBlogger PostEmailShare
Filed Under: From The News Tagged With: , , ,

Google’s Brin: ‘Worried’ about open Web – The Washington Post (Hayley Tsukayama)

April 16, 2012 By Leave a Comment

“There’s a lot to be lost,” he told the newspaper. “For example, all the information in apps — that data is not crawlable by Web crawlers. You can’t search it.”

He was particularly critical of Facebook, whose rules, he said, are “really restrictive,” making it hard to transfer contact data out of the social network. Users can download an archive of information on Facebook but cannot convert that data easily to other services. Google has recently taken steps to integrate its social graph into search with Google+ and Search Your World, which serves personalized results to queries typed into Google’s engine. The changes, which are optional for users, have not been popular with some consumers.

Brin said he was troubled by censorship of the Web in countries around the world, such as China and Saudi Arabia, where governments can seemingly turn off the Web for long stretches of time.

via Google’s Brin: ‘Worried’ about open Web – The Washington Post.

LinkedInPinterestEvernoteWordPressBlogger PostEmailShare
Filed Under: Tech Bytes Tagged With: , , , , , , ,

Google Is Faulted for Impeding U.S. Inquiry on Data Collection – NYTimes.com (David Streitfeld)

April 15, 2012 By Leave a Comment

The finding, by the Federal Communications Commission, and the exasperated tone of the report were in marked contrast to the resolution of a separate inquiry two years ago. That investigation, by the Federal Trade Commission, accepted Google’s explanation that it was “mortified by what happened” while collecting information for its Street View project, and its promise to impose internal controls.

But since then, the F.C.C. said, Google repeatedly failed to respond to requests for e-mails and other information and refused to identify the employees involved.

“Although a world leader in digital search capability, Google took the position that searching its employees’ e-mail ‘would be a time-consuming and burdensome task,’ ” the report said. The commission also noted that Google stymied its efforts to learn more about the data collection because its main architect, an engineer who was not identified, had invoked his Fifth Amendment right against self-incrimination.

When the commission asked Google to identify those responsible for the program, Google “unilaterally determined that to do so would ‘serve no useful purpose,’ ” according to the F.C.C. report.

via Google Is Faulted for Impeding U.S. Inquiry on Data Collection – NYTimes.com.

LinkedInPinterestEvernoteWordPressBlogger PostEmailShare
Filed Under: Tech Bytes Tagged With: , , , , , ,

Facebook updates data archive tool, upsets privacy warriors • The Register | Kevin Fiveash

April 12, 2012 By Leave a Comment

Facebook is dishing up a more comprehensive archive of the data it stores and tracks, after the Irish data protection commission requested that the dominant social network give its users full control of that information.

But Facebook’s updated tool – which allows users to download different types of data held by the company – stopped short of providing all the info it keeps on an individual using the site.

The Facebook account history feature was described by the Mark Zuckerberg-run outfit as a downloadable “expanded archive” of that information. The privacy update comes as Zuckerberg poises himself to take the company public on Wall Street.

via Facebook updates data archive tool, upsets privacy warriors • The Register.

LinkedInPinterestEvernoteWordPressBlogger PostEmailShare
Filed Under: Tech Bytes Tagged With: , , , , , ,

Predictive Coding Could Reduce E-Discovery Costs, but More Guidance Needed on Data Preservation | RAND

April 12, 2012 By Leave a Comment

Companies could lower the high cost of large-scale electronic discovery in lawsuits by using a computer application known as predictive coding to reduce the number of documents requiring human review, according to a new study from the RAND Corporation.

The study also calls for rule changes to address concerns about the scope and process of preserving information in anticipation of future litigation.

Pretrial discovery procedures are designed to help narrow the issues being litigated, eliminate surprise at trial and achieve substantial justice. But in recent years, claims have been made that the societal shift from paper documents to electronically stored information has led to sharp increases in discovery costs compared to the overall costs of litigation. Some claim that these escalating costs are preventing people from litigating legitimate disputes.

The study includes 57 case studies from eight large corporations, reviews the literature on electronic discovery, estimates the costs of complying with discovery requests and examines the challenges of preserving electronic information.

via Predictive Coding Could Reduce E-Discovery Costs, but More Guidance Needed on Data Preservation | RAND.

LinkedInPinterestEvernoteWordPressBlogger PostEmailShare
Filed Under: Tech Bytes Tagged With: , , , , , ,

Forensic snoops: It doesn’t take a Genius to break into an iPhone • The Register (John Leyden)

April 10, 2012 By Leave a Comment

Forensic tools against smartphones allow basic 4-digit phone passcodes to be bypassed in minutes.

However, more complex passcodes are far more difficult to defeat and might even leave some information of seized Androids or iPhones outside the range of many tools, according to computer forensics experts.

A YouTube video – which has since been pulled – that accompanied a recent article by Forbes explained how Swedish firm Micro Systemation’s XRY tool enabled law enforcement official to bypass an iPhone passcode and gain access to call records, location data, photos and other information in a matter of minutes.

The process is akin to jailbreaking and relies on exploiting vulnerabilities on the device itself, rather than entering through any backdoor. Once a device is jailbroken, the XRY utility is installed and used to brute-force a passcode.

via Forensic snoops: It doesn’t take a Genius to break into an iPhone • The Register.

LinkedInPinterestEvernoteWordPressBlogger PostEmailShare
Filed Under: Tech Bytes Tagged With: , , , , , ,

How Safe Is Your Mobile? | Scientific American Blog Network (Alan Woodward)

April 9, 2012 By Leave a Comment

Our smartphones and tablets now contain information that is every bit as sensitive as that stored on our personal computers. And, if the device itself doesn’t hold the information, it almost certainly acts as an access point to your sensitive data online.

Amongst those of us who study cyber security, therefore, mobile devices attract a lot of attention with respect to how easily they can be cracked. There is a remarkable amount of information on how to circumvent the various controls on mobile devices. Just take a look at sites like http://forensics.spreitzenbarth.de/ for extensive details on the Android platform, or http://www.msab.com/xry/current-version-release-information for forensics toolkits that enable mobile device access (although such tools are increasingly being restricted to law enforcement agencies).

Being a computer scientist I find this fascinating, but in addition to being a computer scientist who studies cyber security, I am also a statistician, and I have long suspected that a PIN is not the random number that many assume it is. With so many devices still reliant upon PINs for their security I find myself asking if this more detailed, technical research is perhaps tackling a molehill when there is a mountain of a problem inherent in the use of PINs.

The majority of PINs are four digits only. Some bank ATMs had six digits when originally introduced, but even those appear to have now adopted the standard four digit format. This four digit PIN has been carried over onto the mobile devices, on which we all now store our treasured secrets. The simplistic view is that if I pick up a device and attempt to guess then PIN then it is just as likely to be 0000 as it is 9999 ie a chance of 1 in 10000. Most systems lock access after three incorrect guesses so the probability of an attacker guessing your PIN is actually 0.03%, or so the designers hope.

via How Safe Is Your Mobile? | Guest Blog, Scientific American Blog Network.

LinkedInPinterestEvernoteWordPressBlogger PostEmailShare
Filed Under: Tech Bytes Tagged With: , , , ,

CDT: Cybersecurity bills raise major civil liberties concerns – Computerworld (Grant Gross)

April 5, 2012 By Leave a Comment

A group of cybersecurity bills that the U.S. Congress may soon vote on contain serious privacy and civil liberties flaws, with some of the bills allowing private companies to share a wide range of their customers’ online communications with government agencies, the Center for Democracy and Technology said.

The U.S. House of Representatives could vote later this month on two bills focused on encouraging private companies and the government to share cyberthreat information with each other, even though there are major civil liberties concerns with one of the bills and some outstanding questions about the second, CDT officials said during a press briefing Wednesday.

The Senate may vote on information-sharing legislation in May, CDT officials said. CDT raised concerns about four information-sharing bills, all of which would provide legal protections for private companies that share cyberthreat information with government agencies.

via CDT: Cybersecurity bills raise major civil liberties concerns – Computerworld.

LinkedInPinterestEvernoteWordPressBlogger PostEmailShare
Filed Under: From The News, Tech Bytes Tagged With: , , , , ,
« Older Posts
Newer Posts »