(In)security

Without intention, I've been on hiatus from a topic of personal interest. To wit: computer-centric security, privacy, and hacking. Diverted by other topics of note -- among which: yea, Dragon! -- I see I haven't written a post dedicated to (in)security since January ("Viruses: not just for PCs anymore").

Let's get caught up ...

Bad fortune ...

Google has been caught with their hand in the, ahem, cookie jar. As in, slipping in cookies despite users' do-not-track settings. From Computerworld last February, see "Google's tracking of Safari users could lead to FTC investigation."

Apple has long had the reputation of offering secure platforms -- if only because until Apple products began to get a decent market share, malware writers couldn't be bother to attack Apple products. Enter the Flashback Trojan, which quickly infected 600K Macs. As Cnet noted last April, "Apple's security code of silence: A big problem."

Apple has cultivated a myth about security on the Mac platform. The myth goes like this: Apple users don't need antivirus software. We're more secure than anything out there. Security worries are overblown.

In reality, Apple practiced security by obscurity with the Mac.

 But wait! Sadly, there's much more!

While driving around to capture Street View data for its maps, Google decided to hoover up all manner of private WiFi data. And although:

The new Flower Power?

... the FCC didn't peek at the info Google gathered from the private wireless nets, regulators in other nations conducting similar investigations have. They found Google had captured e-mail messages, instant messages, chat sessions, romantic exchanges between lovers, Web addresses that could be used to determine a person's sexual orientation and data that could be linked to specific addresses.

That's from Computerworld again, this time in April, which opines -- squarely hitting the metaphorical nail on the head that "FCC's Ruling that Google's WiFi Snooping is Legal Sets Horrible Precedent."

Remember the outage of Microsoft's cloud service last March? Another security flaw. As Information Week reported last March ("Azure Outage Caused By False Failure Alarms: Microsoft"),

A process meant to detect failed hardware in Microsoft's Azure cloud was inadvertently triggered by a Leap Day software bug that set invalid expiration dates for security certificates. The bad certificates caused virtual machine startups to stall, which in turn generated more and more readings of hardware failure until Microsoft had a full-blown service outage on its hands.

Leap Year? Every fourth year? That's crazy talk. 

Meanwhile, IEEE Spectrum reported in April that "UK Government Pushes Hard (Again) to Become Big Brother." As in:

In February, the London Telegraph published a story about how the UK government (once again) wanted the ability to obtain "details of every phone call and text message, email traffic and web sites visited online." The information, to be stored by telecom companies and Internet service providers for one year, would not contain the contents of the phone calls, emails, text messages, etc., but would contain the telephone numbers and email addresses of the senders and receivers. The justification was that UK security services needed the information to combat terrorism.

If we haven't yet touched upon enough snafus, power grabs, and intrusions to make you anxious, look to the skies. From The Wall Street Journal, in April, "Drone Use Takes Off on the Home Front."

The information, released by the Electronic Frontier Foundation, came to light as the Federal Aviation Administration gears up to advance the widespread use of the drones. By the fall of 2015, Congress wants the agency to integrate remotely piloted aircraft throughout U.S. airspace.

In February, the Mesa County Sheriff's Department in Colorado tested a drone with an infrared camera. It measures about 36 inch wide. Although the documents don't indicate how the aircraft will be used, the disclosures likely will fuel privacy concerns involving drones.

Although the FAA doesn't seem curious how the drones will be used, I'm curious -- and more than a little concerned.

My 2008 novel Fools' Experiments involved (among other things) computer viruses crossing to humans. Not every reader bought the premise -- but it appears that I was only slightly ahead of my time. From Scientific American last March, see, "Could Human and Computer Viruses Merge, Leaving Both Realms Vulnerable?"

Earlier this month, Space.com reported, "New 'Unknowns' Hacking Group Hits NASA, Air Force, European Space Agency":

A new hacking group calling itself "The Unknowns" has published a list of passwords and documents reportedly belonging to NASA, the European Space Agency and the U.S. Air Force, among other high-profile government targets.

The group's Pastebin post, released yesterday (May 1), includes names and passwords reportedly belonging to NASA's Glenn Research Center as well as the U.S. Military's Joint Pathology Center, the Thai Royal Navy, Harvard University, Renault, the Jordanian Yellow Pages and the Ministries of Defense of France and Bahrain.

Is it any wonder that in March an Infoworld blogger opined that "Your privacy is a sci-fi fantasy."