stories filed under: "security"
Dear Hulu: Stop Treating Me Like A Criminal
from the if-you-don't-want-me-to-watch... dept
I mentioned recently that, for some idiotic reason, Hulu has stopped letting me view any of its content. That's because I use WiTopia's VPN service for security reasons. It seems that plenty of other WiTopia users are discovering this, as well, and are getting annoyed. The issue is that Hulu wants to block people from outside the US from viewing its content (for licensing reasons, even if they're pretty pointless in today's world). But, for some bizarre reason, it's been decided that anyone who uses any sort of VPN or proxy can't use Hulu at all because they might be coming from a foreign country. I'm sitting here in California and Hulu tells me I might be illegally accessing its content, so it doesn't allow it. So, instead, I don't give Hulu any additional ad views and I don't watch the content I wanted to watch. How does that help anyone? It appears to make everyone worse off. And it's not like WiTopia is some free anonymous proxy -- it's a pay-service that has been around for ages and is used regularly for WiFi security purposes. Many of its users are US-based (the company is based in the US, and most of its servers are in the US as well). So, because (gasp!) a small group of people outside the US might dare to catch a video (with ads!!), all of Witopia's US customers can't watch any content at all? This is the same ridiculous content industry mindset that drives so many people to unauthorized file sharing: they treat you as a criminal first and force you to prove you're not (or sometimes, don't even let you prove otherwise). The problem the industry is facing isn't due to some guy in Europe catching The Colbert Report from across the sea. It comes from turning off legitimate customers and users who are sick of being treated like crap.Filed Under: content, security, video, vpn
Companies: hulu, witopia
Brazil To Let Hackers Try To Crack E-Voting Terminals
from the good-for-them dept
One thing that never made much sense was how vehemently the big e-voting manufacturers fought pretty much every single attempt to let outside computer security experts try hacking their machines. They often made excuses about how this wouldn't be fair under "non-real-world conditions," but never explained how it would be bad to at least let these hacks proceed to learn from them and use them to strengthen the overall security of the machines. Thankfully, it looks like voting officials in other countries are a bit more open to this concept. Slashdot points out that Brazil opened up a "challenge" allowing security experts and other hackers to request to take part in a big hack attempt on e-voting equipment. Not only that, but the government is going to give $5,000 to whoever successfully hacks into one of the e-voting systems. This seems like a much smarter way to check the security on these machines than the previous method of very basic gov't oversight and the e-voting firms issuing a big "trust us," answer to every question.Anti-File Sharing Propaganda Back To Focusing On That Horrible Malware You'll Get
from the unprotected-file-sharing-is-bad dept
The thing that you sort of need to admire about the copyright maximalist lobby is that they attack the problem from so many different directions on such a constant basis. It's almost impossible to keep up -- though, you do begin to notice some patterns. A particularly popular move is to alternate between the moral argument against copyright infringement (stealing! bad!) and the idea that file sharing is going to destroy your computer (we're just looking out for your safety!). It looks like the industry is back on that latter kick, as two recent stories indicate.First, the BSA has its widely debunked "piracy" numbers -- but it's now getting news for focusing instead on how you're going to get malware if you file share. Since it can't actually back up its bogus numbers, instead it's hoping that most people don't know that correlation doesn't mean a causal relationship -- but at least we know that most of our readers know better. The report notes that there's a correlation between higher piracy rates and higher malware infections, but seems to totally ignore exceptions to that rule (the US) or delve into other variables that may explain either the piracy rate (already questionable) or the malware rate (education levels? poverty? shared computers? etc.). Even more amusing, they claim (with no actual evidence) that those who get malware have to spend more to repair their computers than it would have cost to get the legitimate software in the first place. I have no doubt that there are risks for those who file share, but this report does nothing to show the actual risks and is yet another in a long line of weak propaganda from the BSA, that despite being called on it for years, never seems to do anything to back up its reports with facts.
Then, we have the story of the MPAA apparently sending a bunch of anti-piracy comic books to New Zealand, home of one of many different fights on how to change copyright law. The comic book, like the BSA report, involves plenty of ridiculous and unsubstantiated claims about how file sharing will unleash nasty malware and viruses all over your computers -- but drawn in nice comic book form. Can we send those kids who got the MPAA comic book a copy of the Tales from The Public Domain comic books as well? There are free digital downloads for anyone who wants to hand them out in exchange for the bogus MPAA ones....
Filed Under: comics, file sharing, propaganda, security
Companies: bsa, mpaa
Bank Sends Confidential Email To Wrong Address, Hauls Google To Court To Figure Out Who Got The Email
from the grab-some-popcorn dept
Everyone does it at some point: you send an email to the wrong person. Hopefully the content isn't that bad or important -- but it happens. However, when a Wyoming bank, Rocky Mountain Bank, accidentally sent confidential and sensitive information to the wrong Gmail account, the bank ended up taking Google to court to find out the identity of the individual. The bank had tried emailing the wrong address again, but got no response. Google, naturally, refused to just give up the name of the person without a court order -- so the bank went to court. It also tried to have the case sealed, but the judge has rejected that idea. You can certainly understand the bank's concern here, but it does seem a bit silly to have to bring someone else to court after you screwed up and sent the wrong email.Filed Under: bank, email, identity, privacy, security
Companies: google, rocky mountain bank
Is It Identity Theft Or A Bank Robbery, Part II: Couple Sues Bank Over Money Taken
from the i've-still-got-my-identity dept
Last month, we posted an amusing discussion (and comedy act) concerning whether or not "identify theft" was really a crime, or if it was really a bank robbery where the bank was passing off the liability for its poor authentication system onto the bank customer. Apparently, just such an argument is already playing out in the courts. Steven Hoy alerts us to a story of a couple who are suing their bank, after someone masquerading as them accessed their account and transferred $26,000 to Austria. The details of the case are a bit complex, but basically, the couple claims that the bank did not live up to basic standards in authentication, and cite the Federal Financial Institutions Examination Council's claim that notes that "single-factor authentication is inadequate and calls on banks to implement two-factor systems." Thus, the argument goes, the fault was the bank's security, and thus, the bank should be liable. The judge found that to be convincing:"In light of Citizens' apparent delay in complying with FFIEC security standards, a reasonable finder of fact could conclude that the bank breached its duty to protect Plaintiffs' account against fraudulent access.... If this duty not to disclose customer information is to have any weight in the age of online banking, then banks must certainly employ sufficient security measures to protect their customers' online accounts."Chalk one up for those who believe "identity theft" is actually a "bank robbery."
Filed Under: banks, identity theft, scams, security
US Gov't Briefing For All Employees: All Music Downloads Are Stolen, Risky
from the accuracy-not-so-important dept
A bunch of folks have sent over a post on Slashdot detailing how a mandatory US gov't briefing on "information security" uses incredibly hyperbolic and inaccurate information, including the idea that all music downloads are theft and insecure. You can see the (flash-heavy) video briefing. The actual part with the music downloads is pretty far into the presentation (you can jump forward through the chapters), when it hits an interactive bit where you get to go through "real-life scenarios" of "threats." In the bottom left corner, there's a scenario involving a colleague who says he's found a "cool site" from which you can "download music" and asks you how do you respond:
- I'd rather download the music from home -- email me the link
- Is it safe to download?
- Since we're on our lunch hour, I see no harm. Here's my thumb drive!
- That's stealing.
Now, to be fair, it's rather obvious that the briefing is designed to keep gov't employees from using file sharing programs and potentially exposing confidential gov't documents via file sharing. And that's reasonable. But why not be accurate and honest about it? Lying about it makes no sense.
Filed Under: briefings, downloading, federal government, file sharing, music, security
Time For IT Guys To Unshackle Corporate Computers
from the can't-do-that dept
This one ought to infuriate some of the IT folks, but Farhad Manjoo, over at Slate, is making the case for why corporate IT folks should give up trying to control everyone's computers. He says it's silly for them to dictate which apps you can and cannot use, what websites you can and cannot visit and what mobile devices you can and cannot use. He argues that doing so only restricts employees from actually doing useful and innovative stuff and also can make employees significantly less productive.The response from IT folks will always be about the cost of maintaining all of this -- noting (perhaps correctly) that any time there are any problems, people will call up IT folks who will have to try to service all sorts of things, rather than having a standard list. And, of course, they'll say that users are often dumb, and prone to doing things that put computers and networks at risk. Thus, locking stuff down isn't only cost effective, but it's prudent to protect the company.
In the end, though, if that prevents important work from getting done (or done quickly), that seems like a problem. In the past, we've pointed out study after study after study suggesting that those who are actually allowed to do personal surfing at work are happier and more productive. Manjoo makes that point as well, mentioning recent studies that have shown the same thing and suggesting that companies that trust their workers on these sorts of things tend to get much more out of those employees.
Filed Under: it, limitations, personal surfing, security
Did People Think No One Would Recognize REAL ID If Introduced Under Another Name?
from the pass-id,-indeed dept
Last year, it became clear that REAL ID was dead on arrival as pretty much everyone was against it, and states were refusing to implement it. With the changing of the administration, it seemed like REAL ID was finally going to die completely... but apparently not just yet. EFF alerts folks to the fact that the same concept has basically been reintroduced under the name PASS ID, as if that would trick people:Proponents seem to be blind to the systemic impotence of such an identification card scheme. Individuals originally motivated to obtain and use fake IDs will instead use fake identity documents to procure "real" drivers' licenses. PASS ID creates new risks -- it calls for the scanning and storage of copies of applicants' identity documents (birth certificates, visas, etc.). These documents will be stored in databases that will become leaky honeypots of sensitive personal data, prime targets for malicious identity thieves or otherwise accessible by individuals authorized to obtain documents from the database. Despite some alterations to the scheme, PASS ID is still bad for privacy in many of the same ways the REAL ID was.But why let that stop the gov't from coming up with more ways to keep tabs on you?
Is It ID Theft Or Was The Bank Robbed?
from the which-one-seems-more-accurate dept
Via Clay Shirky, comes a very good point from Kevin Marks concerning claims of "identity theft," where he notes that identity theft is not actually an identity being stolen but is usually a bank/credit card company being robbed and passing off the blame for their own poor security on the victim. He point to a brilliant comedy routine by Mitchell and Webb that makes this all pretty clear:"They took all the money? That sounds more like a bank robbery."The problem isn't "identity theft." It's bad security and verification processes by a financial institution.
"No, no. If only. 'Cause we could take the hit. No, no. It was actually your identity that was stolen, primarily. It's a massive pisser for you."
"But, it's actually money that's been taken..."
"Yes"
"From you?"
"Kind of."
"I don't know what you want from me other than my commiserations."
"You see it was your identity. They said they were you!"
"And you believed them?"
"Yes, they stole your identity."
"Well, I don't know. I seem to still have my identity, whereas you seem to have lost several thousands of pounds. In light of that, I'm not sure why you think it was my identity that was stolen instead of your money."
Filed Under: identity theft, scams, security
