Tag: encryption

British Schizophrenic Jailed for Encryption

Posted by Andrew at 10:24 AM on November 25, 2009

Britain has some of the most draconian security laws of the “free” world. Many of these laws are brought in under the guise of fighting terrorism and paedophiles (which are always guaranteed vote winners) and of course, if you’ve nothing to hide, you’ve nothing to worry about.

Unless you’re an schizophrenic amateur scientist with a distrust of the authorities and you refuse to hand over the encryption keys (passwords) to your USB memory sticks. That’ll cost you an initial 13 months in jail followed by detention in a secure mental unit at Her Majesty’s pleasure.

Ok, so the case is slightly more complex but the heart of the matter is that this person had done nothing wrong before he was detained by police returning to the UK from France on suspicion of terrorism because he had a model rocket, though the rocket was without its explosive motor. From that point on, it was a downward spiral.

And how many terrorists and paedophiles have been sent to prison using the same law. Zero.

The whole sorry tale is at The Register.

Tags: encryption

Posted in Law, Legal

Comments Off

Lost Hard Drive Contains 23,000 Social Security Numbers

Posted by geeknews at 1:32 PM on September 5, 2004

Students, faculty, and staff at seven campuses of the California State University (CSU) system are at risk for identity theft after a hardware technician improperly disposed of a computer hard drive with unencrypted database tables that included Social Security numbers and other personal details. The CSU is required, under California law, to notify all affected parties.

The law, which went into effect last year, requires notification whenever personal data, such as Social Security numbers, driver’s license numbers or credit card numbers (with identification numbers) have been accessed without authority.

The university system’s hard drive has been missing since Friday, June 25th. The technician left the drive laying on a worktable after upgrading the computer from which it came. In a rush to start the weekend, the drive wasn’t properly secured, and come Monday, there was no sign of it. The drive was most likely picked up by the evening cleaning crew; however, the results of a police investigation was inconclusive.

Dave’s Opinion
Hard disks, like portable media, must be completely destroyed before being discarded. Using a security data deletion (wiping ) program such one that comes with the PGP data security program, would have prevented the data being recovered, even if the drive were reused.

Call for Comments
What do you think? Leave your comments below.

Tags: california state university system, csu, data, encryption, personal data, pgp, Protection, Security, social security numbers

Posted in Commerce, Crime, Dave's Muse, Information, Operating Systems, Security, Software, Technical

1 Comment

The Big Gorilla Project

Posted by geeknews at 11:43 PM on November 21, 2003

Spam is an ever-increasing annoyance for e-mail users. Most people have some form of spam filtering application that reduces the instances of the frequently offensive unsolicited commercial messages. Many of these filters seek to identify spam based on the address from which the message is sent, but spammers are already wise to this trick, and spoofing is now commonplace. By hiding or misdirecting their transmission source, spammers make it exceedingly difficult for most users to determine from where the spam message actually came.

But there’s some hope for spammer identification. An loose alliance formed by large e-mail services (Microsoft, Yahoo, America Online, and Earthlink), the Anti-Spam Research Group (ASRG), and Intelligent Computer Solutions (ICS) is working on an e-mail sender-authentication system that’s been dubbed the Big Gorilla Project.

Using an identification system based on public key encryption, ISPs who have control over outgoing e-mail can include a piece of encrypted code in header of each outgoing message. The code snippet can be used by receiving ISPs to confirm the identity of the outgoing e-mail server and the authenticity of the e-mail message’s return address.

By confirming the identity of the transmission site, it’s a simple matter to blacklist and block known offenders.

Dave’s Opinion
I use a combination of anti-spam filtering applications, both on our incoming mail servers and our client workstations. So far I’ve been able to drop my daily spam tally from over 600 messages to about a dozen, maybe double that on a bad day. But that’s still not good enough. It’s not just receiving junk mail that bothers me, it’s the offensive content.

I’m all for proposals, both legislative and technical, that help kill off spam.

Call for Comments
What do you think? Leave your comments below.

References
Anti-Spam Research Group
Intelligent Computer Solutions