Security breach

Adobe Hacked

Adobe had been breached and have issued a consumer security alert.

Those of you with accounts at Adobe have probably received emails asking you to reset your password. You may also want to keep an eye out for Phishing attempts by fraudsters claiming to be Adobe and unusual activity on the credit cards you’ve used on Adobe. 

For additional details, consult the consumer security alert linked above.

More Information Added

I’ve decided to add a Security/Online Storage listing because I think it’s quite important for people to secure their computers and backup their most important files.

Many malicious programs are handled by Microsoft and Apple but there are a multitude of software packages that help protect computers from malware, spyware and viruses. And if your computer fails because of these programs or a hardware issue, it’s always great to have backups of your content.

I’ve backed up documents, photographs and videos online on Google Drive and Microsoft SkyDrive, both of which offer free storage. And I’m currently considering getting more space for my future needs from a paid service.

By the way, you may already have access to the aforementioned free services if you have email accounts on either gmail, hotmail or yahoo. And Google currently offers 15 gigs storage for free whilst Microsoft offers 7 gigs and Yahoo offers 2 gigs storage for free.

Privacy Threats Not Limited To The United States ?

Everyone has heard about the Verizon data mining performed by the United States government in the name of national security. But are you aware that it might be happening in Canada as well ?

Communications Security Establishment Canada is a security agency that collects various information to protect national interests and according to Ronald Diebert there is a possibility that they are collecting data right now.

Like in the United States this data is likely just cross referenced because it would take an enormous effort to listen to every call or read every email, for example. But we should ask ourselves if this information is stored securely enough so that it cannot be accessed by someone else and how long this data remain accessible, waiting to be abused.

A June 13th, 2013 press release from Commissioner Robert Décary of the Communications Security Establishment Canada addresses some of the issues and he states that the “CSEC does not direct its foreign signals intelligence collection and IT security activities at Canadians — wherever they might be in the world — or at any person in Canada.” But he also confirmed that the CSEC may “unintentionally intercept a communication that originates or terminates in Canada” and that metadata is being collected by the CSEC “for purposes of providing intelligence on foreign entities located outside Canada and to protect information infrastructures of importance to the government”.

We’ve already had serious security breaches with data stored on hard drives and USB sticks within the past six month courtesy of Human Resources and Skills Development Canada, who managed to loose a hard drive containing data on over half a million Canadians in January and a USB key containing private information on an additional 5000 Canadians in December. And in 1999 we had sensitive top secret documents stolen from a CSIS agent’s car while he was at a Toronto Maple Leafs game so Canadians should know what is being stored and by whom.

If you are concerned about this issue contact your local Member of Parliament and/or sign this petition.

Thank you.

The Road To Hell Is Paved With Good Intentions

Today you will notice many sites have gone dark in opposition to a law proposed in the United States House Of Representatives called CISPA.

The Cyber Intelligence Sharing and Protection Act enables private companies and the United States government to exchange information related to internet security issues including private information to prevent cyberattacks, without public disclosure or the need for warrants. And this is of course where the idiom in the subject line of this post comes in.

In order to prevent cyberattacks and attacks against the national security of the United States everyone’s information would be exchanged and stored on multiple computers for analysis, opening this information up to misuse, abuse or theft.

This bill enables the distribution of information that you don’t want made public, from private posts and email to your internet browsing information, without your knowledge or consent. And it also contains an exemption from liability, reducing an individual’s ability to sue if something were to go wrong during this exchange of information.

The proponents of the bill are also relying on people’s inability to understand that the definitions used in this bill may extend the coverage of this bill beyond “cyber attacks”, the term “national security of the United States” having been linked to that country’s commercial interests in past legislation.

Your choice to purchase something outside of the United States could cause your information to be taken under the premise that the purchase was a threat to the American intellectual property owners because the product might not be authentic or authorized by an American company.

Having unfortunately been subjected to counterfeit DVDs in the past via eBay, my personal, private information could be collected and distributed. And because of this, an act beyond my control, I could face further victimization without legal recourse to prevent it.

Yes, some intellectual property provisions have been removed from the bill but what’s to stop them from re-introducing them ? They have no qualms re-introducing warrantless searches, over and over again and warrants do not significantly impede their current efforts to stop crime on the internet. And I have yet to see and evidence substantiating the claim that privacy is a hindrance to law enforcement, so why are these sentiments remaining in Government ?

I suspect internet security firms want to be funded by the public and are doing their best to present these bills as solutions to politicians that have no idea of what is involved.

Vic Toews, for example, is proof positive that politicians can be severely illiterate when it comes to technology.

In February 2012 this Canadian politician had introduced a bill in Parliament that he had not read in its entirety, claiming that it would address child pornography. And he had been so well convinced that it would that he actually accused opponents of this legislation of standing with child pornographers, in the House of Commons of all places.

Even joint statements from the Privacy Commissioner of Canada and her provincial counterparts had failed to convince him that there were serious issues with the bill and it took a severe public backlash to get him to actually review what he was proposing.

This isn’t the time for half-baked, open ended legislation that can be exploited by the very criminals that these bills are trying to address. And it is rather stupid to believe criminals would not use arguments about the constitutionality of these laws in their defense.

Opposition has been strong within the United States and a White House petition has apparently convinced the President to threaten to veto the bill, “as currently crafted” in a April 16th, 2013 statement (pdf).

Another petition for Americans and non American alike is also available at Avaaz. There are currently over 800,000 signatories on this petition.

Bill C-30 Killed – Replacement On The Way

Justice Minister Rob Nicholson has stated that Bill C-30 will not proceed in Parliament in response to the concerns brought up by the Privacy Commissioner of Canada and members of the public.

This bill would have enabled police to access internet traffic without a warrant and would have required the installation and maintenance of extra equipment by internet providers, who would have passed the associated expenditures down to the consumer.

Canadians would not only have lost rights in regards to privacy but could have also been subjected to security breaches via the new aforementioned online spying equipment had this bill gone through.

A new bill will be unveiled shortly in Parliament so additional information will be posted to this blog a.s.a.p.

Security Alert – Java Vulnerabilities

Last week the Department of Homeland Security advised individuals to disable Java in their browsers in response to the release of vulnerability information on the web.

“Web exploit packs” have been sold online enabling amateurs to perform numerous malicious tasks on machines on which Java is installed.

Java has since released an update but the warning remains at Homeland Security.