Most Popular


Book Reviews

The Ultimate Guide to Electronic Marketing for Small Business
The Daily Drucker
Copy This! The Story of Kinko's
Presence: An Exploration of Profound Change in People, Organizations, and Society
How To Read A Book
Contempt: How the Right is Wronging American Justice
Classical Education at Home
Copy Fights: The Future of Intellectual Property In The Information Age
Flawless Consulting: How to Get Your Expertise Used

Recently

EULA-based Deep Root Spying On Blizzard Entertainment Customers
Acoustical Spying Recovers Passwords With 90-percent Accuracy
Does Your Doctor's Computer Have Spyware?
Are You A Denied Person?

Theme Design
Mark Pilgrim
IT Support
Seth Dillingham
Hosting
Macrobyte Resources

Friday, October 14, 2005

EULA-based Deep Root Spying On Blizzard Entertainment Customers

Comments
Trackbacks (0)
If you play Warcraft, World of Warcraft, or any other Blizzard Entertainment game you need to read this. You probably have no idea how much personal info the cretins at Blizzard are collecting from you. [via Copyfight

I Spy With My Little EULA (Donna Wentworth)

You may recall that Blizzard is the videogame company that sued three software programmers for creating BnetD, a free, open source program that allowed gamers to play games they purchased with others on the platform of their choice. Blizzard claimed that the programmers violated several parts of the company's End User Licensing Agreement (EULA), including a provision on reverse-engineering. But it turns out that's not all that Blizzard's lawyers have inserted in the fine print. As Bruce Schneier reports, the company is also using its Terms of Use agreements to justify spying on gamers' computers.

Writes Greg Hoglund, co-author of Exploiting Software, How to Break Code:

I watched the [software] warden sniff down the email addresses of people I was communicating with on MSN, the URL of several websites that I had open at the time, and the names of all my running programs, including those that were minimized or in the toolbar. These strings can easily contain social security numbers or credit card numbers, for example, if I have Microsoft Excel or Quickbooks open w/ my personal finances at the time. ...[The scanning] certainly will result in warden reporting you as a cheater. I really believe that reading these window titles violates privacy, considering window titles contain alot of personal data. But, we already know Blizzard Entertainment is fierce from a legal perspective. Look at what they have done to people who tried to make BNetD, freecraft, or third party WoW servers.

As Schneier says, this is truly scary stuff. Yet even a few of the security-savvy readers at Schneier's weblog are downplaying its significance. Why? Annalee Newitz has a theory that rings true to me: people think of routine spying as normal. […]
Posted by: Send an e-mail to Terry Frazier Terry Frazier at 11:11 PM  | Permanent Link  | Trackback URL | 
Categories: Privacy, Security, Technology


Sunday, October 2, 2005

Acoustical Spying Recovers Passwords With 90-percent Accuracy

Comments
Link
Trackbacks (0)
Computer scientists at UC Berkeley have been experimenting with recordings of keystrokes. Using 10-minute sound recordings of users typing at a keyboards, researchers were able to feed the data into a computer and recover up to 96 percent of the typed characters. By running the audio repeatedly through a feedback loop that trains the computer, they were able to recover passwords, passphrases, and complete paragraphs. [via FutureEdition from Arlington Institute]
Once the system is trained, recovering the text became more straightforward, even if the text was a password and not an English word. After just 20 attempts, the researchers were able to retrieve 90 percent of five-character passwords, 77 percent of eight-character passwords and 69 percent of 10-character passwords.

[...]

What was particularly striking about this study, the researchers said, was the ease with which the text could be recovered using off-the-shelf equipment. "We didn't need high-quality audio to accomplish this," said Feng Zhou, a UC Berkeley Ph.D. student in computer science and co-author of the study. "We just used a $10 microphone that can be easily purchased in almost any computer supply store."
Posted by: Send an e-mail to Terry Frazier Terry Frazier at 9:51 PM  | Permanent Link  | Trackback URL | 
Categories: Privacy, Technology

Does Your Doctor's Computer Have Spyware?

Comments
Link
Trackbacks (0)
What is your doctor's computer security policy? Every time I have a blood test or visit a doctor I sign a new HIPAA form, but it's clear there's no understanding of digital privacy within the office. For a high-tech industry, doctors and their staff are woefully ill-equipped to deal with computers. What do you do when all the providers of a necessary service have little or no idea how to protect your information? [via Spyware Warrior]  [More...]
Posted by: Send an e-mail to Terry Frazier Terry Frazier at 9:54 AM  | Permanent Link  | Trackback URL | 
Categories: Privacy


Friday, May 13, 2005

Are You A Denied Person?

Comments (1)
Trackbacks (0)
I received an interesting, informative, and  anonymous comment today regarding the Official Denied Persons List at

http://www.bxa.doc.gov/dpl/Default.shtm

Back in October I bought a new copy of PGP and grew annoyed when I paid my money, got my confirmation, and all it included was a "purchase review". Today someone posted an explanation and clarification that made me feel a little better about the situation:

Terry this isn't a re-instatement of the law, it is the current law. The "review" is a machine review. Your name is run against the "denied persons" list - which you can find here (btw i don't see your name on it)

http://www.bxa.doc.gov/dpl/Default.shtm

Its not a list of terrorists or naughty boys and girls but a list of those who've violated export control laws and are 'denied' as part of their punishment under law.

When you click to download the software a GEO IP check is performed (determines geographically where you are by your IP) to make sure you aren't in the IP space of one of the embargoed countries - Iran, Iraq, Cuba, Libya, N. Korea. Sudan & Syria. If your IP is anonymous or from a satellite ISP - you'll also be denied I think. Those IPS fall into "A1" and "A2" IP space.

This IP check of course doesn't and couldn't account for someone in say a Syrian embassy in a european country.


I checked the site. It's part of the Dept. of Commerce.  And the post seems written by someone who knows the subject. This past Tuesday I received the following e-mail:

Dear Terry Frazier,

PGP Corporation has just released completely new versions of its award-winning desktop products -- PGP Desktop Professional 9.0 (formerly PGP Workgroup Desktop 8.x) and PGP Desktop Home 9.0 (formerly PGP Personal Desktop 8.x). These new versions are the most significant PGP product upgrades ever offered. [...]

I suppose there is some connection between the new product release and someone showing up on my site. Maybe a little "blog trolling" to try and address any negative feelings? In any case, I appreciate the comment and the explanation.

Posted by: Send an e-mail to Terry Frazier Terry Frazier at 10:00 PM  | Permanent Link  | Trackback URL | 
Categories: Policy & Regulation, Privacy, Security
Terry W. Frazier
Search this site:
Advanced Search

Syndication

Add to any service
Get updates in your e-mail!

Contact

Click here to send an email to the editor of this weblog.
 
My PGP Key
My Linkedin Profile


Presence


 

 
 ICQ

 

 



 

www.flickr.com
GratefulZed's photos More of GratefulZed's photos