Let the record show that one of the most dramatic expressions of discontent over rampant government surveillance of U.S. citizens and private companies during last week’s RSA Conference in San Francisco went down at a taco joint. As the world’s cyber security elite gathered in San Francisco’s Moscone Center for the RSA Security Conference, a group of privacy and online rights activists that go by the name “Vegas 2.0” used donated funds to rent out Chevy’s, a popular Mexican food restaurant located next to the exhibit halls and frequented by conference goers. As reported by ZDNet’s Violet Blue, paying RSA attendees and speakers – identifiable by red badges – were refused entry to Chevy’s and handed flyers explaining the protestors’ grievances against the Conference’s parent company, RSA Security, which is alleged to have colluded with the NSA to weaken encryption standards in its products. Among those reported to have been […]

[This story was updated to include response from Belkin describing its response to the vulnerabilities identified by IOActive, including firmware updates. - PFR Feb 19, 2014] A researcher with the respected security firm IOActive says that he has found a number of serious security holes in home automation products from the firm Belkin that could allow remote attackers to use Belkin’s WeMo devices to virtually vandalize connected homes or as a stepping stone to other computers connected on a home network. In a statement released on Tuesday, IOActive researcher Mike Davis said that his research into Belkin’s WeMo technology found the “devices expose users to several potentially costly threats, from home fires with possible tragic consequences down to the simple waste of electricity.” IOActive provided information on Davis’s research to the US Computer Emergency Readiness Team (CERT), which issued an advisory on the WeMo issues on Tuesday.  Belkin did not […]

Facebook on Tuesday reiterated calls for reform of laws pertaining to government surveillance practices in the U.S. and elsewhere. The company, in a blog post, urged governments to stop bulk collection of data and enact reforms to limit governments’ authority to collect users information to pertain to “individual users” for “lawful purposes.” The company also called for more oversight of national intelligence agencies such as the US National Security Agency, and more transparency about government requests for data. The blog post was authored by Facebook general counsel Colin Stretch. Facebook reiterated its calls for surveillance reform in recognition of “The Day We Fight Back,” a grass roots effort to use Tuesday, February 11th as a day to rally support for more civil liberties protections.   [Read more Security Ledger coverage of Facebook here.] The date is the one year anniversary of the suicide of Internet activist Aaron Swartz. Leading online […]

The U.S. Department of Health and Human Services (HHS) says that it will make the security of mobile devices containing personal health information and networked medical devices areas of intense scrutiny in 2014.   The security of a wide range of devices, from laptops and USB ‘jump drives’ to networked medical devices like dialysis machines and medication dispensing systems will be under review, according to a 2014 Work Plan issued by HHS’s Office of the Inspector General (OIG). (PDF) Among other projects, the  OIG will review hospitals’ plans to protect the loss of protected health information (PHI), as well as similar plans put in place by Medicare and Medicaid contractors in the next year.  OIG will also scrutinize security controls at hospitals that protect networked medical devices. OIG wants to determine if the controls in place are adequate to secure electronic protected health information stored on medical devices. Links between networked […]

The US Federal Trade Commission (FTC) announced on Friday that it has approved a settlement with TRENDnet, Inc. over lax security features in its line of SecurView cameras. The FTC said on Friday that it has approved a final order settling charges against the company, whose cameras were found to be poorly secured against external attackers, who could access them and use them to spy on the homes and private lives of hundreds of consumers. [See also: Apple Store Favorite IZON Cameras Riddled with Holes] The FTC complaint stems from a February, 2012 case in which independent security analysts with the web site Console Cowboys published details on how a firmware flaw allowed authentication for Internet-connected SecurView cameras to be bypassed, giving any Internet user (with the know-how) the ability to view the surveillance camera’s live feed. The Commission first announced a settlement with TRENDnet, a Torrance, California company, in September of […]

Google is adding to its arsenal of creepy, Big Data tools with crowd sourcing technology that can identify public gatherings and other events that draw spectators. The company has applied to the US government for a patent on what is described as a method for “inferring events based on mob source video,” according to the Web site Public Intelligence. The technology uses video clips submitted by Google users (to YouTube, etc.) to infer that “an event of interest has likely occurred.” The technology surveys time- and geolocation stamps on the videos to correlate the activities of individuals who might be part of a gathering. The Patent, US2014/0025755 A1, was published on January 23, 2014 and lists Google Inc. as the Assignee and Ronald Paul Hughes as the inventor. It claims the technology, dubbed “mob sourcing” will allow Google to correlate video and images to infer the existence of groups (i.e. a public […]

The New Yorker blog has an interesting, short piece by Betsy Morais on the challenges posed by facial recognition and wearable technology that’s worth reading. The post, “Through a Face Scanner, Darkly” picks up on recent reports about a proliferation of facial recognition applications for the Google Glass platform, addressing the ethical implications of the intersection of wearable technology with powerful sensors and analytics capabilities, including facial recognition. Specifically, Morais zeros in on an app called NameTag that adds a face scanner to the Glass. ”Snap a photo of a passerby, then wait a minute as the image is sent up to the company’s database and a match is hunted down. The results load in front of your left eye, a selection of personal details that might include someone’s name, occupation, Facebook and/or Twitter profile, and, conveniently, whether there’s a corresponding entry in the national sex-offender registry,” Morais writes. NameTag’s focus […]

After months evaluating the safety and security of vehicle-to-vehicle (V2V) communications technology, the U.S. government announced that it will begin taking steps to enable the technology for light vehicles. In a statement Monday, U.S. Transportation Secretary Anthony Foxx said that V2V technology represents the next generation of auto safety improvements – a modern analogue to seat belts and air bags. “By helping drivers avoid crashes, this technology will play a key role in improving the way people get where they need to go while ensuring that the U.S. remains the leader in the global automotive industry.” Vehicle-to-Vehicle Communications comprises wireless technology that allows automobiles to exchange information with each other in realtime, as well as with roadside or road-based devices. V2V systems communicate in the 5.9 GHz band and can also use common WiFi signals to communicate. V2V communications allow a vehicle to sense and respond to threats and road […]

Amid the very public debate about the civil liberties implications of Edward Snowden’s revelations about NSA spying at home and abroad, the potential business fallout from the leak of classified information has been a footnote. But as the disclosures wear on, business leaders in the U.S. and elsewhere are beginning to discern the impact of the Snowden leaks. One place they’re voicing their concerns is The State Department, where technology vendors have been complaining of blowback from international customers, according to a senior State Department official who spoke with The Security Ledger. “We’re talking to cloud providers, including some very large cloud providers, about the challenges they face abroad,” the official said. The State Department has heard anecdotal reports of US firms losing business due to concerns about government surveillance, but companies have been reluctant to advertise lost accounts. At the same time, the State Department has heard of foreign competitors drumming […]

The U.S. Department of Justice has acceded to requests from some large, technology firms, allowing them to post more specific information about government requests for data on their users, according to a report by The New York Times. In a statement released on Monday, Attorney General Eric Holder and James R. Clapper, the Director of National Intelligence, the new rules allowing some declassification followed a speech by President Obama calling for intelligence reform. “The administration is acting to allow more detailed disclosures about the number of national security orders and requests issued to communications providers, and the number of customer accounts targeted under those orders and requests including the underlying legal authorities,” the joint statement reads. “Through these new reporting methods, communications providers will be permitted to disclose more information than ever before to their customers.” [Read more Security Ledger coverage of the NSA surveillance story.] Previously, companies were prohibited from […]