Blog.Ivacy.com

The New York Times has up an article discussing the trend of employers tracking the ‘free time’ activities of their employees via their web presence.

“When they do go off the clock and off the corporate network, how they spend their private time should be of no concern to their employer, even if the Internet, by its nature, makes some off-the-job activities more visible to more people than was previously possible. In the absence of strong protections for employees, poorly chosen words or even a single photograph posted online in one’s off-hours can have career-altering consequences.”

The piece likens this activity to the ‘Sociological Department’ that the Ford Company ran to monitor the home lives of their workers. Overstatement, or the corp as Big Brother?

spinctrl links to an interesting story in the L.A. Times about the cloak-and-daggerism of fighting online scams in Romania, summing it up like this:

“The country is the top source of auction site scams. One company is trying to do something about it, with increasing collaboration from local law enforcement over recent years. Ebay has sent over equipment and a team to help the authorities combat this form of cyber crime, which is run with all the organization of an industrial-scale business.”

Via Slashdot.

SJ2000 writes

“Windows Explorer was quarantined last week by Kaspersky Lab’s antivirus software after being falsely identified as malicious code. The security company’s systems had decided that a virus called Huhk-C was present in the explorer.exe file, leading to its confinement or, in some cases, deletion. The bug was only live in the wild for two hours, and ended up affecting just one corporate customer and a handful of home users.”

SenatorLuddite writes

“From January 20, 2008 new content laws introduced by the Federal Government will force sites to verify the age of users before accessing content intended for mature audiences (MA15+ and R18+). The laws bring internet classification into line with Film and Book classification laws and completely prohibits X18+ and RC content from the internet. ACMA (The Australian Communications and Media Authority) claims that adults will not be affected by the new laws, yet user-generated and even chatrooms are required to be assessed for classification and powers are granted to ACMA to send ‘take down’ notices to offending sites.”

markybob writes

“An open-source bittorrent client, Deluge, now provides an internal, anonymizing browser to protect its users from overzealous ISPs. The client runs on Windows, Linux and OS X. From the site: “Everyone knows that it is common practice for ISPs to do their best to either block or throttle bittorrent users. We believe that this is wrong and unethical, as there are many legal uses for bittorrent. If an ISP is throttling or blocking bittorrent traffic, you can pretty much bet that they’re tracking which users visit bittorrent-related sites so that they can better block or throttle those users.” Their forum has more info”

Security vendor F-Secure noted the announcement by Nikolay Patrushev, head of the Russian FSB (Federal Security Agency). Patrushev said federal sites fought off 1.4 million attacks this year. Also, Patrushev noted the pending trial of the authors of the Trojan creator, Pinch. Only the names of Russian citizens Ermishkin and Farhutdinov have been publicized as those behind Pinch.

“The financial losses due to Pinch infections can hardly be calculated,” F-Secure said. It has been estimated that malware created with Pinch in turn has infected millions of PCs. News of another scam connected to criminals in Russia, and in the Ukraine, involved fourteen people in The Netherlands who acted as mules for money laundering. The Channel Register said fake ABN Amro websites in Hong Kong stole credentials from bank customers.

Those credentials enabled the thefts to take place. The report cited prosecutors as noting the accused collaborators who muled the money “were generously renumerated” by the criminals.

Via SecurityProNews.

Last week, Ask.com announced a feature called AskEraser (good description here), which erases a user’s search history. While it’s great to see companies using privacy features for competitive advantage, EPIC examined the feature and wrote to the company with some problems:

The first one is the fact that AskEraser uses an opt-out cookie. Cookies are bits of software left on a consumer’s computer that are used to authenticate the user and maintain information such as the user’s site preferences.Usually, people concerned with privacy delete cookies, so creating an opt-out cookie is “counter-intuitive,” the letter states. Once the AskEraser opt-out cookie is deleted, the privacy setting is lost and the consumer’s search activity will be tracked. Why not have an opt-in cookie instead, the letter suggests.

The second problem is that Ask inserts the exact time that the user enables AskEraser and stores it in the cookie, which could make identifying the computer easier and make it easy for third-party tracking if the cookie were transferred to such parties. The letter recommends using a session cookie that expires once the search result is returned.

Ask’s Frequently Asked Questions for the feature notes that there may be circumstances when Ask is required to comply with a court order and if asked to, it will retain the consumer’s search data even if AskEraser appears to be turned on. Ask should notify consumers when the feature has been disabled so that people are not misled into thinking their searches aren’t being tracked when they actually are, the letter said.

Via Schneier on security

Stony Stevenson writes

“The Software & Information Industry Association (SIIA) is offering consumers up to $500 for reporting software counterfeiters who sell their goods on online auction sites like eBay. Under the plan, anyone who unwittingly buys fake software from an online fraudster can receive up to $500 if they report the scam. SIIA said the program is a ‘don’t get mad, get even’ approach to stopping software piracy. It’s ‘a way for unsuspecting buyers to get even with auction sellers who rip them off,’ said SIIA VP Keith Kupferschmid. The campaign, launched December 13, is slated to run through January 30, 2008.”

An anonymous reader writes

“Several sites are reporting that a student has been given detention for using Firefox to do his classwork. No, really. The student was in class, working on an assignment that necessitated using a browser. The teacher instructed him to stop using Firefox and to do his classwork, to which the student responded that he was doing his classwork using a ‘better’ browser (it is unclear whether the computer was the student’s own computer or not). The clueless teacher (who called the rogue program ‘Firefox.exe’) ordered him to detention.”

Update: 12/17 20:09 by SM One of the school officials was nice enough to contact us and let us know this is a hoax. If you are planning on calling the school please refrain from doing so, I’m sure they have had enough excitement for one day.

The feed brings us this NYTimes story giving new details on the telecom carriers’ cooperation with secret NSA (and other) domestic spying programs. One revelation is that the Drug Enforcement Agency has been running a program since the 1990s to collect the phone records of calls from US citizens to Latin America in order to catch narcotics traffickers. Another revelation is what exactly the NSA asked for in 2001 that Qwest balked at supplying. According to the article, it was access to the company’s most localized communications switches, which primarily carry domestic calls.

Via Slashdot.