Security Bullet In
Communiques from the security front, sir
Tuesday 22 July 2008, 5:08 PM
Trades Unions against ID Cards
The Trades Union Congress (TUC) has backed up airport workers protesting against ID cards, the Financial Times reports.
In a letter to Home Secretary Jacqui Smith, the TUC said it had "significant and substantive" concerns about ID cards, due to be rolled out to airport workers in 2009.
The TUC repeated claims made by the British Air Transport Association earlier this month that ID cards will not improve security procedures.
"Unions representing the airport workforce recognise the need for effective security measures but see no evidence that these proposals would enhance airport security arrangements," the TUC wrote in the letter seen by the FT.
Tuesday 22 July 2008, 4:33 PM
Kaspersky websites hacked while being built
Russian security vendor Kaspersky's nascent Malaysian website has been hacked and defaced.
According to security site Zone-H.org, Kaspersky's website and online shop, which are under construction, were hacked into on Saturday by a hacker calling them self "m0sted".
While Zone-H warned that Kaspersky customers may have been affected, as the websites were linked to the corporate network, Kaspersky told me that no damage could have been done.
"This situation can be compared to a thief breaking into an empty house that is still under construction and has not been yet properly secured," stated Kaspersky. "Breaking in is therefore an easy task, but in such cases there is nothing to steal or damage – the websites are not yet live and are not linked to other Kaspersky Lab corporate websites. We therefore do not believe that this attack could harm users in any way."
Kaspersky added that it was using a third party to host the sites.
Monday 21 July 2008, 5:26 PM
Brown aide honeytrap victim?
One of Gordon Brown's senior advisors could have been the victim of a Chinese honeytrap plot, according to the Times.
He was picked up by a woman in a disco in Shanghai while visiting on a diplomatic trip. When he woke up at the hotel the next morning, his Blackberry had been nicked.
"Experts say that even if the aide’s device did not contain anything top secret, it might enable a hostile intelligence service to hack into the Downing Street server, potentially gaining access to No 10’s e-mail traffic and text messages," said the Times article.
While intelligence services say this could have been a plot by Chinese intelligence, Times readers are not so convinced.
Many of the comments at the bottom of the story say that this is probably nothing more than opportunism - from both parties.
"Having lived in China for a number of years I can tell you now that this girl was NOT a part of an elaborate government espionage plan," wrote one reader in Beijing. "She had no idea who this guy was, she simply saw a westerner in a suit and took advantage. A blackberry will pay her rent for about 2 months…"
Tuesday 15 July 2008, 5:34 PM
GoDaddy suspends travel-getaways.com domain
I'm very pleased to say that GoDaddy has suspended the travel-getaways.com domain.
I blogged in June that to my surprise I had found I was the site administrator for travel-getaways.com, which was pulling content from a legitimate travel site. I was surprised because I'd never heard of this domain.
After much to-ing and fro-ing I managed to convince GoDaddy that parties unknown had used my name and altered work details to register the domain.
On the WHOIS records, rather than my work address, a fake address had been given. You wouldn't believe the amount of time it takes to prove that an address doesn't exist -- you need to contact your local authority, and explain why you need them to send you a letter to prove an address doesn't exist. Then get them to send the thing.
However, rather than go through this rigmarole I thought I hit upon a simpler method.
For reasons that I don't want to go into here, the fake telephone number that was given actually came through to me anyway. Simple, you would have thought, to get GoDaddy to ring me on the number, so I could tell them that the details were fake. Believe me, this took a couple of days to sort out. Firstly I had to convince them that this was a good idea. Then I had to get them to ring me back -- no easy task. They are based in Arizona, I am in London. There's only a couple of hours a day when me and the GoDaddy employee I was dealing with are both at work. I tried to just go through the 24/7 Domain Services at GoDaddy, but they insisted I had to go through this other employee.
Eventually the employee I was dealing with, courteous to the last, managed to convince Domain Services that there was a valid reason to investigate the domain. The investigation took 15 days. They have now suspended the domain. Phew.
Aside from wasting hours of my life, this whole experience has shown me just how difficult it is to prove that false details are fake.
Interestingly, GoDaddy has now put a disclaimer on its WHOIS entries.
"The data contained in GoDaddy.com, Inc.'s WhoIs database,
while believed by the company to be reliable, is provided "as is"
with no guarantee or warranties regarding its accuracy. This
information is provided for the sole purpose of assisting you
in obtaining information about domain name registration records," reads the disclaimer.
Wednesday 9 July 2008, 1:33 PM
MoJ sends out hacks email details on data protection invite
I find this very ironic. The Ministry of Justice has just sent me an invitation to a press briefing with Information Commissioner Richard Thomas on Thursday. Thomas will be discussing the results of a report he wrote with Mark Walport about how information is dealt with in the private and public sectors, especially how government data sharing policy should be implemented in line with the data protection act.
The funny thing is, on the email invitation, the Ministry of Justice neglected to use the blind carbon copy function. As a result, I now have a full list of email addresses for the hacks who were invited. These include journalists from the Times, the Guardian, the Independent, the Telegraph, the Spectator, the Economist, the Daily Mail, the Mirror, the Express, the Sun, and various trade press colleagues. On most publications several journalists have been invited.
Ah, that list would be a hack-spammer's paradise. Way to go, MoJ - yet more proof that we can trust the government to look after our personal details.
Previous
