Chinese Hackers Hit Commerce Department

The Bureau of Industry and Security (BIS), a branch of the Commerce Department, has sustained several successful attacks. Chinese hackers were able to gain access to its computers and install rootkits and other malware.”

From the Information Week article:

“This is the second major attack originating in China that’s been acknowledged by the federal government since July. Then, the State Department said that Chinese attackers had broken into its systems overseas and in Washington. And last year, Britain’s National Infrastructure Security Co-ordination Center (NISCC) claimed that Chinese hackers had attacked more than 300 government agencies and private companies in the U.K.”

I’m getting more and more concerned that the US Government does nothing to ensure the security of our records. I don’t know why they don’t move forward on making our federal computer systems failsafe.

Digital voter fraud is here

This morning, the House Administration Committee held a hearing on legislation to require auditable, voter-verified paper trials for electronic voting machines, such as those manufactured by Diebold.

 

The hearing featured a demonstration by Princeton University professor Dr. Edward Felten, showing how easily such machines can be tampered with. Felten, along with two graduate students, wrote a paper, earlier this year, for the Center for Information Technology Policy, that details who easy it was to hack the Diebold machine and change the outcome of an election. Felten and his two associates set up the machine for an election between George Washington and Benedict Arnold. All three voted for Washington (good choice!) But the machine tabulated only one vote for Washington but two for Arnold.

 

This can be done in a way, Felten says, so that the virus is completely undetectable, and can be set up to generate results that won’t be questioned. If the virus is designed to give 55% of the vote to the winner, the loser is unlikely to question the results, and without a paper record, the result can’t be audited. Felten later explained that because of the way boards of elections typically set up the machines, a virus can be introduced into one, via its memory card, and then many more machines can be contaminated as the rest of the machines are set up. Very scary indeed.

Rather than prohibit the use of such machines, altogether, Rep. Rush Holt (D-N.J.), along with 215 co-sponsors, is supporting legislation that would provide that voters have the opportunity to verify the accuracy of their recorded vote, require that all voting systems produce a voter-verified paper record, ban the use of undisclosed software and wireless devices in voting systems, require random unannounced, had count audits, among other measures.

 

“Voters need to be confident of the central act of their democracy, and voter confidence is unraveling,” he said. The last six years have brought us example after example, in state after state, of the problems caused by unverifiable voting machines.”

In addition to the voting machines bill, Holt in the House and Senators Barbara Boxer (D-Calif.), Russ Feingold (D-Wisc.) and Christopher Dodd (D-Conn.) introduced emergency legislation on Sept. 26 to authorize Federal funding to the states for the printing of paper ballots to be available for voters in case of problems with the electronic voting machines. Boxer told the New York Times that “If someone asks for a paper ballot they ought to be able to have it.” Neither Holt’s voting machine bill, nor the Boxer bill appear to have much chance of enactment, this year, however.

 

It’s not hard to see why the Republican leadership in the Congress is not very interested in moving these bills. The Diebold machines would make what Karl Rove managed to pull off in 2000 in Florida and in 2004 in Ohio much easier and much harder to detect. And that’s why these machines should be banned altogether. Even without fraud, they can malfunction in other ways and screw up your election, just as happened in Montgomery County, Maryland during the Sept. 12 primary, when malfunctions in both voting machines and the electronic voter roles left many people unable to vote.

Rep. Rush Holt (D-N.J.) advocates for paper trails from electronic voting machines. To his left is Dr. Edward Felten of Princeton University.

MySpace takes precautions against predators

In the wake of a series of negative articles and increasingly nervous parents, My Space is taking precautions against Internet predators by introducing new security measures.

The new rules are meant to prevent adults 18 and over from requesting to be on a younger person’s friend list unless they already know the youth’s full name or email address.

While the move is nice in theory, it’s a tad useless, in my opinion, because the site doesn’t have any way of verifying the real age of the user when they’re registering. I just registered successfully as a 16-year-old and I’m 54.

I don’t know if there is much My Space can do to solve the problem of Internet predators and false identities unless they agree to use authentication of all their users. Bringing all the MySpace millions of users ‘inside’ would be difficult if not impossible, but my hope is that a new, safer environment for teens and young adults will eventually take on MySpace. Such a new social environment could be a very popular place if parents were satisfied that all the users were authenticated. I know I would be. 

Just how public are your private records?

I’ve talked before about how concerned I am regarding internet security and identity fraud. I think any country that relies on social security numbers as the main source of identification in both social and financial arenas is doing things ass-backwards and just plain stupid. Yes, fellow Americans, I mean our government allowing our social security numbers to become part of a public record both inside county courthouses and on the internet. What? You think your social security number isn’t available to anyone with internet access around the world? Are you sure?

Betty Ostergren, a 56 year old resident of Richmond Virginia, is committed to making important people angry. She puts their Social Security numbers on her Web site, or links to where they can be found. She does this because she is trying to embarass government into making privacy a priority. And she’s making an impression. She isn’t trying to make government officials like CIA Director Porter J. Goss, former secretary of state Colin L. Powell, or Florida Gov. Jeb Bush be victims of identity theft, as were millions of plain, hardworking Americans in the past year. She is on a crusade to scare and shame public officials into doing something about how easy it is to get sensitive personal data.

Ostergren discovered that a wealth of documents — including marriage and divorce records, property deeds, and military discharge papers — containing Social Security numbers, dates of birth and other sensitive information is accessible from any computer anywhere. Many of the online records are images of original documents, which also display people’s signatures. She began organizing citizens and complaining to officials on the issue in 2002, when a title examiner called to warn her that her county was about to put a slew of documents online, including pages with her signature. She swung into action, bringing enough pressure on the Hanover County Virginia officials that they halted their plans. Then she broadened her attack, targeting other counties in Virginia and elsewhere.Today, she is eager to guide reporters to her favorite example: the Social Security number of House Majority Leader Tom DeLay (R-Tex.), which is viewable via the Internet on a tax lien filed against him in 1980. She says that if she could easily find Tom DeLay’s social security number online, couldn’t internet identity thieves do just as well with your records. I think she’s got a good point.

Ostergren found that for decades, Social Security numbers, mothers’ maiden names and other crucial forms of personal identity were routinely included in dozens of documents with little thought to the consequences. That, in turn, enabled companies such as ChoicePoint to send their workers to courthouses across the country to grab such personal data for their databanks. The information is collated, or analyzed, and sold to other companies and back to government agencies. Just what I wanted to hear. All those things I assumed would remain private, like my mother’s maiden name, are out there for anyone willing to dig them up in a county courthouse. Once that information is found, it becomes a valuable commodity and can be sold over and over again to financial database organizations. Now I get why I’m on every junque mail list for credit cards ever created, regardless of the “Do Not Contact” letter I’ve sent.

Florida is one of the few states that has legally required the blacking out of sensitive data from public records. Why Florida, which has never been known for it’s forward thinking? Thank Ms. Ostergren. When she finds a well-known figure, she decides whether exposing his or her number on her Virginia Watchdog Web site might further her cause. Which is how she came to link to Jeb Bush’s Social Security number.She notified Bush through someone she knew in the administration of his brother, President Bush. Soon after, she noticed that the governor’s number was blacked out on the county Web site in Florida where it was listed. So she posted it on her site. Ostrander says:”I decided since he protected his own hind end and nobody else’s, I’d put his on there,” she said.Ostergren gets my vote for Woman of the Week. She’s my new hero!

Parenting teens in the days of MySpace

I’ve written before about MySpace and that I allow my teens to have pages on this site, despite my reservations. I do so because I am ever vigilent about watching their pages, questioning anything I think is inappropriate, and deleting friends I don’t want them talking to. I’m extremely careful and I talk about adding new friends and giving out personal information all the time. My kids roll their eyes they’ve heard it so much. But evidentally not quite enough.

Today I was checking my daughter’s page while she was in school. First I went through her inbox to see any new messages. She has several, from some guy I’ve never heard of, and a couple of them are really inappropriate. So I looked at his site and there are 6 pages of women and no men at all in his friends list. Plus, quite a few of the women are scantily clad and a bit too sexy for my taste. They guy identifies himself as 23 years old. I’m really not happy.

I contacted MySpace and reported him as a predator. I contacted the police and reported him as a predator. The police are taking it seriously enough to come over and get the printouts of his mail to the Girl. They’re going to be watching his space carefully. I also sent him a message telling him I was reporting him to both the police and to MySpace and not to contact my daughter any more. She is no longer on his friend’s page, either.

But what upsets me the most is that when the Girl came home and I questioned her about this guy, she told me a friend of hers is in love with him, and that he’s been to our house to pick up said friend. Her friend is 13, too. OMG, I’m so upset it’s beyond pissed and angry. This is bothering me to the core of my being.

I deleted this guy and blocked him from my daughter’s site. But the bad thing is, unknowingly she gave him WAY too much information as to where her friend lives now, and now to get in touch with her. I don’t think she meant to, and she says that he’s a ‘nice guy’, like all predators are. She just doesn’t get the whole predator thing at all, despite watching Dateline shows on this very topic over and over. She thinks that because her friend knows him in real life, he’s OK. Even when I showed her the latest mail from him asking about her sexual preferences. She’s 13. I don’t think she needs to be asked this by anyone, never mind some 23 year old creepy guy on MySpace.

I so want to delete her page, but she is using it appropriately 99.9% of the time. She made a bad error in judgement, one that involved the police and her friend’s parents. Hopefully she’ll learn from her mistakes. If not, the page goes.

Update: About 2 hours later, after I had talked to her about this, this jackass emailed her thru MySpace again. AGAIN. First he responded to my email telling him to leave my kid alone with this ditty:

” I might also add that a bitter old lady should really mind her own business and allow her daughter to become a person, not just a posession that you monitor. “

Then the Girl writes back, idiot that she is:

” THANK YOU. want to tell her that. but i really am sorry and i like totally cried ova this “

He responds to her mail:

” HAHA, Im sorry, I know your mom is just looking out for you, but i dont think your profile says ur 13 anyway does it? i thought it said a bit older, but dont worry, im a nice guy, I assume mxxxxx told you some stuff about me so….ya, thatd be good lol. so how was ur day otherwise??? “

Then she writes back:

“if i were u, i would nt message me, but if u want to talk to me, tell some to message me and tell them to tell me to message u back. i can message u and we can talk that way but u shouldnt message me first. did that make any sence?”

And he responds:

“it would make more sense if you just had an email address lol???”

At which point I catch her in the act and go ballistic. I emailed him this:

“How fricking stupid are you? I told you to leave my child alone. I’ve reported you to the police. YOU STOP HARASSING MY CHILD NOW. NOT ONE MORE WORD. NOTHING. You are a predator and a real sicko. She’s 13. Mxxxxx is also 13. I’ve contacted her Mom, and she isn’t happy. Either you stay far away or I’ll be forced to have the police take immediate action.

DO NOT RESPOND.”

So, I again blocked him from her site (yahoo to MySpace for ignoring me the first time), copied all the emails for the police to pick up tomorrow morning, and banned her from the computer unless I am sitting with her. She told me she felt badly that she just left this jackass hanging. She STILL thinks he is a nice guy.

I called her friend’s parents to let them know, and found that her mother had already reported this guy and called the FBI. And still he goes on.
I haven’t yet pulled down her page, but the computer is now password protected and she cannot get on it without my knowing. Heh.

I fricking HATE THIS.