Why I avoid Web 2.0 sites like the plague…

In-Q-Tel, the investment arm of the CIA and the wider intelligence community, is putting cash into Visible Technologies, a software firm that specializes in monitoring social media. It’s part of a larger movement within the spy services to get better at using ”open source intelligence” — information that’s publicly available, but often hidden in the flood of TV shows, newspaper articles, blog posts, online videos and radio reports generated every day.

Here’s the complete Wired article

***I apologize, I can’t help it is a Wired writeup.  I’m beginning to dislike Wired more and more due to their contributors’ extreme verbosity.

Vanish: Expire your cloud data

Imagine being able to set expiration dates to all of your personally identifiable information on the cloud.  Think having gmail or yahoo messages go kaput after one year.  Think about your blog postings or comments left around the internet, are they even necessary and relevant in the future?  What about your Google Docs?  What about those Flickr and SmugMug accounts with family photos that you forget about.  Another great example is those college photo’s on Facebook when you were bonging a beer.

A group of graduate students the U. of Washington (congrats on defeating USC) are working on Vanish, a project aims to do exactly that.  Basically each of your expired messages, pictures, posts uses a unique encryption key.  That key is stored across the bit torrent network with a TTL set to your expiration date.  Once the expiration date is reached the torrents begin to die and the key is ruined.  Very slick, it’s too bad this couldn’t piggy back on the existing Tor infrastructure as well.

Adobe Flash control panel

I previously wrote about Flash cookies which many folks are not aware of.  Well, I’ve just stumbled across a great article which describes how to manage your Flash cookies and other settings.  The “control panel” is located on Adobe’s website: Flash control panel.

If you navigate to the Global Storage Settings tab you can disable “Allow third-party Flash content…”

You can read the article here.

Update: There’s a forensic goldmine in C:Documents and Settings[username]Application DataAdobeFlash Player#SharedObjects

Be leary of Blogger.com (lack of) privacy

Somehow I missed this story, but it seems an anonymous blogger using blogger.com (owned by Google) posted pictures of a wannabe model and posted derogatory comments about her such as “psychotic,” “skank,” and “ho.”  The model  got an attorney and filed a lawsuit at which time the blogger immediately took down the site.  The New York state supreme court ruled that Blogger.com must reveal the identity of the blog owner.  Google complied with the request and the blog owner’s identify was revealed at which time the model dropped the lawsuit.

It really stinks that Google chose not to fight the request to hand over the blogger’s identity.  Just another thing to keep in mind…


Don’t be fooled…it looks like the US Senate is again trying to pass a bill which would impose folks to have a smart ID.  This was originally noted by the EFF.  People are given the ID after showing documents identifying themselves.  These documents are then stored electronically by the government and linked to the issued ID.  Does the government really think it can protect this data?

This idea was initially billed as REAL ID and was loudly objected.  They’ve renamed the program PASS ID and are trying again under the guise of “national security” — just like everything else post 9/11 which has been limiting our freedoms.

Read more here: http://www.techdirt.com/articles/20090821/0232295951.shtml

Data on the cloud

Just saw this TechTarget article regarding seizure notification or lack thereof for data on the cloud or SaaS.  This is just one more thing to consider when moving applications and or sensitive data to a cloud environment.  It’s still a hot topic whethere you’re provided with better security or not when following the SaaS model.  If you don’t have an information security team and it’s not a focus in your organization SaaS could very well be a good alternative. 

Make sure you assess any cloud providers security and make sure they will allow you to at least penetration test your applications.