Show of 12-13-2003

  • PC and Mac File Sharing (a continuation)
  • MAC OS X Has Security Significant Hole
    • A malicious DHCP exploit gives access to root for Mac OS X
    • Mac uses DHCP fields to set up LDAP or Netinfo server connection which are then placed on trusted list after re-boot
      • Mac OS X 10.2 (Jaguar) and Mac OS X 10.3 (Panther) are vulnerable
      • Can exploit both wired and wireless DHCP and LDAP connections
    • Exploit discovered by William Carrel
      • Apple currently has no patch for the hole, but configuration changes can provide protection (e.g. turning off DHCP and LDAP)
    • Full Security Advisory Available from Carrel.org
  • First Felony Arrest of Spammer in Virginia
    • AG Jerry Kilgore announced the first charges under Virginia?s new spam bill
    • The announcement was made Friday at the AOL Campus at Dulles, Va
    • Jeremy Jaynes (aka Gaven Stubberfield)? was charged with four felony counts for deceptive e-mail marketing
    • In particular, he falsified the origin or e-mails that pitched low-priced penny stocks and home-mortgage schemes
    • Jayes, 29, is eighth on the list of top 10 spammers compiled by http://spamhaus.org
    • Jaynes resides in North Carolina
  • World Summit on Information Society (WSIS) a "UN Success"
    • WSIS was held December 10-12, 2003 in Geneva under UN auspices
    • Organized by the UN?s International Telecommunications Union (ITU)
    • Attended by government, business and civil society delegates from most countries
    • Output: Draft Declaration of Principles and Plan of Action, signed by each country
    • Main issues:
      • Security (viruses, worms, fraud)
      • Bridging the Gap between technology ?haves? and ?have nots? using the Digital Solidarity Fund
      • Global Internet Governance
      • Support for free software and freedom of expression
    • In the end all documents were gutted and issues referred to committee. It was a traditional "UN success."
    • Ruling the Root: Internet Governance and the Taming of Cyberspace by Milton L. Mueller. Available from Amazon for $35.
  • Voting Machine Update
    • Nevada select Sequoia Voting Systems over Diebold Election Systems
      • Machines include voter verified receipt printers
      • Felt ?Diebold machines represented a legitimate threat to the integrity of the election process.? Maryland just spent 78M on Diebold machines.
      • Analysis completed by the Gaming Control Board Slot Machine Experts
      • $8M procurement
    • The Campaign to Demand Verifiable Election Results is supporting paper verification for recounts
    • Voting Machine Companies form Trade Group named Information Technology Association of America
    • Bob Graham (D-Florida) introduces Voter Verification Act
      • Requires voter-verified paper records
      • Bans use of undisclosed software
      • Requires mandatory surprise recounts (0.5% of the time)
      • In place for November 2004 elections
      • The legislation has been referred to the Senate Governmental Affairs Committee.
    • Update of stolen e-mail from Diebold
      • A January 3, 2003 email from Ken discusses Sun article about University of Maryland study
      • ?There is an important point that seems to be missed by all these articles: they already bought the system. At this point they are just closing the barn door. Let?s just hope that as a company we are smart enough to charg out the yin-yang if they try to change the rules now and legislate voter receipts.?
    • Check Diebold?s Contributions from OpenSecrets.org
      • $100K in 2000 election cycle to Republicans
      • $100K in 2002 election cycle to Republicans
      • Nothing to Democrats
  • Forensic Art Website by Stephen Mancusi
    • Forensic art, illustration, age progressions, digital graphics, animation and portraiture.
    • Age Progressions
  • US Voter Registration Information Sold By States
    • Voter registration usually requires name, address, birth date, phone number, party affililiation
    • It may include race, driver?s license, Social Security number, mother?s maiden name
    • State officials sell the information to polical parties and candidates, as well as, data collectors
    • The California Voter Foundation found that 22 do not put any restrictions on the release of data.
    • Aristotle International, based in Washington DC, has compiled these lists
      • Contain 157 million names
      • ?Will sell them to just about anyone
      • Price: $25 to $80 per 1000 names
      • Go to Aristotle’s Voterlistsonline to make your purchase
    • This is clearly a privacy violation.
  • Radio Frequency ID (RFID) Tags and Personal Privacy
    • EZ Pass is the most common RFID
      • Electronic Tolls cards automatically pay tolls
      • Can be used to track location and time of car
      • Used to track US Attorney Jonathans Luna?s care the night he was killed
      • New York toll records have been subpeoaned 128 times
      • Record used in child custody battle to establish work times/hours
      • Used by NY Official to prove fraudulent overtime claims by 30 detectives
      • Used to track traffic congestion with additional sensors (could be used to detect speeding)
      • Expanded uses include airport parking tolls, drive-through McDonald?s
      • Some people put their tag in a pouch that absorbed signal
    • Retail security and inventory control a big expansion area
      • Speed passes at gas stations are also RFID technology
      • Have been used on razor blades, suits, washing machines, clothing
      • Soon everything you wear will be tracked right down to your underwear
      • Privacy advocates are worries and want government privacy regulation
  • Broad Internet Patent Process Catches Sreaming Media
    • Acacia Research Corp is enforcing a patent for audio and video streaming
    • Many feel as though the government patent awarding this patent improperly
      • ?The patent system is broken and threatening to stunt technological innovation?
      • Patent Office Director James E Rogan resigned Tuesday
      • Industry hoping for a change
    • First claim for patent infringement is against Internet video-porn providers
      • Next claims will be against
      • University distance education
      • Hotel movies on demand
      • Cable and satellite providers
      • Streaming media companies, like RealAudio and AOL
    • Millions is at stake.
    • Universities are rooting that the porn sites win their case.
  • Voice over IP Continues to Gain Momentum
    • Time Warner Cable signed a deal with Sprint and MCI to connect VoIP users to regular phone customers in 27 cities
    • Quest offers VoIP to a few hundred customers in Minnesota
    • AT&T announced plans to make VoIP available in 100 markets by first quarter of 2004
    • Net2Phone Corp is helping other cable VoIP customers connect to regular phones. Also has solved 911 and wiretapping access
  • Stratford News
    • Next Start January
    • Undergraduate and Graduate Security Sequences are very popular
    • Masters Degrees e-Business, Telecommunications, Software Engineering, MBA
    • Bachelor Degrees in IT, Business Administration, and Hospitality
    • Associated Degrees in Digital Design and Animation, Web Services and e-Business, Networking and Security, Culinary Arts, Hospitality, and Business Administration
    • Website: www.stratford.edu
    • Phone number: 800-444-0804