UK Telecoms Lack of Web Site Privacy

When the U.S and Canada are the benchmark it's logical to conclude the U.K gets poor ratings as web site privacy especially in the commercial sector is something the U.S and Canada tackled a long time ago. Taking the pragmatic perspective, does it really matter in times when government officials abuse commercially aggregated data, one they cannot legally obtain by themesleves, and so they ought to perform as paper-tigers to access it? Here's an interesting analysis :

"The U.K. industry, however, performed much worse in privacy. Telecom firms, especially in the U.K., ask for more personal data than companies in other industries. This data is often unconnected to the request being made by the customer.

U.K. sites are generally unclear about data sharing practices, with 23 per cent judged to be explicit compared to 69 per cent in the U.S. Clarity in this area has made steady gains in the U.S. in the past 12 months, but the U.K. has shown no significant change.

It is not only clarity that fails in the U.K., but also the actual practices in place. Eleven of the 13 sites routinely share personal data with other internal groups, business partners or third parties without explicit permission. This compared poorly with the U.S., where 40 per cent share in the same way. The best performing site with regards to privacy in the U.K. was O2."

Moreover, the U.K realizing its ongoing negative PR across the globe in respect to the CCTV surveillance myopia, they've released a report claiming Italy's COMINT is worse than their (walking) CCTV surveillance efforts. To publish a privacy policy or not to publish a privacy policy? That "used to be" the question.

Steganography Applications Hash Set

Did you know that there are over 600 applications capable of using steganography to hide data? Me neither, but here's a company that's innovating in the field of detecting such ongoing communication :

"Backbone Security’s Steganography Analysis and Research Center (SARC) is pleased to announce the release of version 3.0 of SAFDB. With the fingerprints, or hash values, of every file artifact associated with 625 steganography applications, SAFDB is the world’s largest commercially available hash set exclusive to digital steganography and other information hiding applications. The database is used by Federal, state and local law enforcement; intelligence community; and private sector computer forensic examiners to detect the presence or use of steganography and extract hidden information.

Version 3.0 contains hash values for each file artifact associated with the 625 steganography applications computed with the CRC-32, MD5, SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512 algorithms.

A free extract of SAFDB with MD5 hashes only is available to qualifying law enforcement, government, and intelligence agency computer forensic examiners."

Chart courtesy of Huaiqing Wang and Shuozhong Wang. And here's a related post.

Distributed Computing with Malware

Distributed computing with malware infected PCs is nothing new as a concept, it's just the lack of botnet master's desire to contribute processing power for anything socially oriented. That's until late last month, when members of Berkeley's BOINC project noticed a project that was suspiciously becoming popular and found out that malware infected PCs had the BOINC client installed to participate in it :

"It recently came to the attention of boinc staff that a multi-project cruncher called Wate who occupied a very high position in the boinc and project stats had reached this exalted position by dishonest means. In early June 2006 he appears to to have released onto the internet a link purporting to provide Windows updates including now for Vista. Some 1500 members of the public worldwide downloaded these 'updates' which in fact consisted of a trojan application that downloaded boinc.exe and attached the person's computer to Wate's account, giving him the subsequent fraudulent credits. About 90% of the people affected appear to have uninstalled or disabled the unwanted boinc installation, but some compromised computers are still running and crashing climate models. Boinc and project staff have no means of contacting the owners of these computers."

If only would botnet masters take this note seriously, I'm sure we'll see certain networks controlling the top 10 positions at the BOINC project. A war on bandwidth or CPU power?