AdSense Click Fraud Rates

Google's single most profitable revenue generation source AdSense has always been under fire for click fraud and most importanly the company's been under public scrutiny for better communicating their efforts on fighting the problem. Third party companies emerged and started filling the niche by coming up with click fraud analytics software so that Google's major customers, even the small to mid-size business could take advantage of an automated way to analyze click anomalies. But how prelevant is the problem really? Should the discussion always orbit around Google's efforts, to its customers' vigilance and education on detecting click fraud, or should it shift to improving the communication between all participants, namely Google, its customers and the click auditing companies?

According to the most recent click fraud rate from Google - click fraud is only 0.002% of all clicks. Danny Sullivan has an in-depth analysis of the topic, emphasizing on the importance of detected click fraud rates :

"Finally, we have a click fraud rate from Google itself: less than 0.02 percent of all clicks slip past its filters and are caught after advertisers request reviews. That low figure is sure to bring out the critics who will disagree. Below, more about how Google comes up with the figure plus some click fraud fighting initiatives it plans to implement later this year.Why release this figure now, when many have wanted it for literally years?

"We've been working to be more transparent and informative on the issues related to click fraud. Recently, this metric has been something advertisers have specifically asked for and we agree that is useful in describing the scope of the problem. Further, it is something we measure and use to monitor the performance of our click fraud detection systems," said Shuman Ghosemajumder, business product manager for trust & safety at Google."

During July, 2006 Google commissioned a third-part analysis of their efforts to fight click fraud you will definitely find informative, and here's another research taking the discussion beyond the typical botnets and human clickers perspective. There are also false click fraud positives to keep in mind as shown in this analysis.

Stats courtesy of Clickfraudindex who by the way started blogging recently. Continue reading →

Social Engineering the Old Media

While the Rules of the Thirds are partly in place, the floating fragnance and his depressed look provide some clues. The story is very interesting though as it has happened before. As Tim Nudd comments on Adfreak :

"In Switzerland, it doesn’t take much to be in a Gucci ad campaign. You photograph yourself naked, add a perfume bottle and the Gucci logo, send it to a weekly paper, and have them bill Gucci directly for the $50,000. They’ll fall for it every time."

How it could have been prevented? Coordinating the campaign with local Gucci representatives, ensuring payment is processed before the ad is featured, or let's just say look at his face to figure out he's anything but a professional model. Continue reading →

Storm Worm Switching Propagation Vectors

The storm started with mass mailings, then the malware switched to IM propagation, and now the infected PCs are further spreading through blog and forum posts :

"But the twist comes when these people later post blogs or bulletin board notices. The software will insert into each of their postings a link to a malicious Web site, said Alperovitch, who rates the threat as "high."We haven't seen the Web channel used before," he said. "In the past, we've seen malicious links distributed to people in a user's address book and made to look like it's an instant message coming from them."

The smart thing is that compared to situations where malware authors have to figure how to bypass the forum's CAPTCHA or mass spam and generate new blogs, in this case the (infected) end user is authenticating both himself and the malware. Here are some malware stats on social networking sites worth going through as well.

UPDATE: Symantec has a nice analysis with some screenshots of this variant. Continue reading →

Credit Card Data Cloning Tactic

First of all, she's too cute for someone to even have the slightest suspicion, and to be honest the posers paying their coffee with a credit card deserve it -- it leaves them without the opportunity to leave a change at least that's what they've thought. Continue reading →

XSS Vulnerabilities in E-banking Sites

The other day I came across to this summary with direct examples of various XSS vulnerabilities at E-banking sites, and I wonder why the results still haven't gotten the necessary attention from the affected parties :

"First of all you should realize, that this is not the first time, that we are doing such a website. The last time we hit a vast number of sites, mostly german banks. We have shown, that those sites, that should be most secure are not! Many visitors saw the site and also the banks seemed quite upset, nevertheless they fixed the problems, that we pointed at. You can check out the archive at: [English version] and [German version]. This project has been done as a direct reaction to the poll done in austria not long ago and which was reported at [this article] from Heise. For the english readers of you, this article basically says, that 9 of 10 people using online banking in austria trust the security, that their banks offer."

The best phishing attack at least from a technical perspective is the one that's using a vulnerability in the targeted's brand site to further improve its truthfulness, and believe it or not, certain phishing attacks are actually loading images directly from the victim's sites instead of coming up with the phish creative on their own. Continue reading →

Fake Terror SMS Sent to 10,000 People

This is serious, and while it was a hoax, it could have had much more devastating results acting as a propagation vector for malware, a phishing attack as the social engineering potential here for anything offline or online is huge :

"About 10,000 commuters who subscribe to the train operator's timetable messaging service received the threatening text message on Friday night after hackers broke into the system. The message, sent after 9.30pm (AEDT), reads: ALLAHU AKBR FROM CONNEX! our inspectorS Love Killing people - if you see one coming, run. Want to bomb a train? they will gladly help. See you in hell!"

ALLAHU AKBR means "God is the Greatest". Now which God is the greatest I'll leave up to your religious beliefs, though the Muslim motives are spooky and the attack directly undermines the citizens' confidence in their government's ability to protect them -- what I anticipate next are articles on how terrorists take control over the trains. I'm very interested in who's having acccess to the company's feature, and most importantly to what extend are they outsourcing, or was it an insider that used someone else's terminal to send the message? Here's a related post on the interest of various governments into developing an SMS disaster alert and warning systems and the related security/impersonation problems to consider. Continue reading →

A Review of SiteAdvisor Pro

During 2006, the company popped out like a mushroom in front of my desktop as you can read in a previous post, and on its acquisition two months later. In the typical detailed and extensive CNET Reviews style, here's what they have to say about SiteAdvisor Plus :

"SiteAdvisor Plus includes the ability to report suspicious links within IM and e-mail and can automatically block access to flagged sites. However, SiteAdvisor Plus lacks additional configuration options and doesn't work with Firefox or Opera, or with branded browsers from AOL and other services. In addition, the paid version on Internet Explorer appears to conflict with the free version installed on Firefox. Overall, we experienced greater flexibility and fewer hassles when using the free Netcraft toolbar, and we also liked the proactive nature of Linkscanner Pro better."

The niche filling competition is also reviewed, namely LinkScanner Pro. Niche filling in respect to the real-time sandboxing of results, a concept I'm sure is on its way at SiteAdvisor, or else the community has a lot to contribute as always. SiteAdvisor are however truly embracing a Web 2.0 business model on all fronts, and it's perhaps my favorite case study on commercializing an academic idea during the last year. Continue reading →

Characteristics of Islamist Websites

Excellent and recent analysis of the most common characteristics of islamist websites published by the Middle East Media Research Institute :

"The media platform favored by the Islamist organizations is the Internet, which they prefer for several reasons: firstly, for the anonymity it allows - anyone can enter and post to a site without divulging personal information; secondly, due to the medium's availability and low cost - all that is required is a PC and an Internet connection; and thirdly, due to the ability to distribute material to a great number of people over a wide geographic area in a matter of seconds.

The organizations use the Internet mainly for propaganda and indoctrination, but also for operational military needs.

This paper will discuss the distinguishing characteristics of the websites of Islamist organizations and their supporters; the various online activities through which terrorist organizations assist the mujahideen on the ground, both militarily and, especially, with propaganda; and the Internet polemics that these organizations conduct vis-à-vis their enemies."

The majority of articles you've probably read are doing nothing more than scratching the surface of the topic. Fundraising, propaganda, communications within steganographic images and the use of plain simple encryption, or the thriller type of scenarious where entire food supply chains get remotely controlled or where your next dose of Prozac may be a little bit more dangerous than it actually is, of course because terrorists may have the capacity to do so. In the post 9/11 world terrorist experts started emerging from all over the globe, universities realizied the potential and opened up educational courses, even degrees, security companies started pitching their offers with cyberterrorism in mind, and last but not least the mainstream media doesn't seem to stop piggybacking on historical events while actually doing terrorists the biggest marketing favour of them all - the media echo effect. Someone blows him or herself up in the Western world, and everyone forgets about all those little things people die from if you are to go through you local statistical institute and see the death rates, but starts requesting more information on what is your government doing to prevent this from happening. But compared to the same situation in the Middle East - it's part of the daily life, nothing ground-breaking besides a bunch of low lifes radicalizing online, looking for masters of brainwashing mentors, and most importantly looking for a mighty excuse for their pathetic existence. A terrorist organization uploads a video of shooting a soldier or anything that will shock someone's who's still getting shocked by the The Texas Chainsaw Massacre -- boring try the Evil Dead series -- and people become so outraged and get this feeling of being helpness in the situation that fear compared to reality drives the entire model of terrorism.

Terrorism is successful as both, a government's doctrine for re-election, and as a term mainly because it's a very open topic term these days. In some countries glorifying terrorism is illegal, but if you let you government convince you that it's not terrorizing you to protect you from an event that from a statistical point of view doesn't happen that very often, I think I will lose you as a reader of this blog. The world is losing the war on terrorism because it's rational, and terrorists aren't rational. In the very same fashion that companies don't compete with companies but with networks, a network that's anything but irrational isn't going to be beated by a network that's too bureaucratic and still waging departamental wars.

Go through many of my previous posts on cyberterrorism, a relevant collection of cases, and through the research which as a matter of fact is full with practical examples of various sites. Continue reading →

The RootLauncher Kit

After providing more insights on the WebAttacker Toolkit and the Nuclear Grabber, in this post I'll discuss the RootLauncher, a release courtesy of the same group behind WebAttacker. Something else worth mentioning is that a large percentage of the sites I'm monitoring are starting to use authentication, and on a trust-basis login access, perhaps it's due to the enormous coverage recent "underground" releases, namely phishing kits etc. got in the mainstream media. Therefore I'm doing my best to get as much information -- and screenshots -- before it dissapears and will blog on these releases as soon as my schedule allows me to. For instance, several months ago you could easily see over 50 publicly available control panels for the WebAttacker toolkit, now there're only several available through Google. The same goes for RootLauncher.

The RootLauncher kit is advertised -- Rusian to English automatic translation -- as follows :

"Just, we can offer you 3-version - D o w n l o a d e r-designed RootLauncher for the hidden load arbitrary WIN32 Exe-faila from a remote resource, followed by the launch of the file on the local hard disk. Obhodit all protection is not determined by any AV-Do not see fairvollah - Flexible settings - Periodic updates and supplements may download up to five exe files. Our team is not at the same point and develops all bolshe-bolshe for you dear friends services available to them closer you will be able to on our official website. We are also looking for people interested in partnership with us."

And while it's supposed to be nothing more then an average downloader, these "average downloaders" are actually starting to standardize features in respect to statistics and compatibility with other toolkits and malicious software.

In a previous post at WebSense's blog, they came across a web panel showing that the "total number of unique launchers is 155" now count these as infected PCs, but as you can see in the image attached, the sample could be much larger. This one I obtained from the following URL : http://www.inthost7.com/cgi-bin/rleadmin.cgi which is of course down, but was listing 1013 launchers already, here's an analysis of this very same URL.

IP cloaking when browing such sites and forums is important in order for you to remain as anonymous as possible. If you're on a Russian site make sure you're a Russian domain, if you're on a Chinese site make sure you're a Chinese domain, and most importantly don't directly translate through Google or Altavista, but copy and paste what's interesting to you so that you wouldn't let someone wonder why would a Russian domain translates a Russian text to English. Imagine the situation where security vendors browse them through their securityvendor.com subdomains, the results will follow shortly -- everything dissapears.

In respect to the WebAttacker, the kit is still widely used but the people using and updating it are starting to prevent Google from crawling and caching the control panels, which makes it harder to keep track of the sites in an OSINT manner -- my modest honeyfarm keeps me informed on URLs of notice though. Here's one of the very few instances of a Web-Attacker Control Panel still available at Google. Here's an analysis of the source code of the Web-Attacker kit as well -- and I thought I'm going full disclosure. More details on various newly released packers, multi-exploit infection toolkits, and standardized statistics with all the screenshots I've managed to obtain will follow next week.

Taking into consideration the big picture -- like you should -- the release and automation of phishing/exploit kits and lowering the entry barriers for script kiddies to generate enough noise to keep the real puppet masters safe, or at lease secretly pull the strings. I'd rather we operate in the time when launching a phishing attack required much more resources than it requires today. Continue reading →

Image Blocking in Email Clients and Web Services

Handy graphs and best practices on the state of default remote image loading in desktop and online email clients -- a problematic issue from a security point of view, and a marketing heaven from an advertising perspective :

"Every client has its own default settings regarding displaying/hiding images. And while most email clients have a setting to turn images on or off, some offer conditional settings which are contingent upon known senders or other factors. The following table outlines the default settings of popular desktop- and webmail-clients."

Sometimes a spam email isn't sent with the idea to trick someone believe into something, but to act as a verification of that email's existence in the form of remote image -- web bug -- loading, and yes it could also act as a redirector to pretty much anything malicious. Go through related posts in case you're interested, and also see a common trade-off image spammers face. Continue reading →

Korean Zombies Behind the Root Servers Attack

More details on the recent DDoS attacks on the DNS root servers emerge, seems like the attacks originated from Sourth Korean infected PCs, but were orchestrated from a host server in Coburn, Germany :

"Citing data from the North American Network Operators' Group, the Korean government confirmed 61 percent of the problematic data was traced to South Korea. Yet, the Ministry of Information and Communication flatly rebuffs the suspicion that Korea was the main culprit behind the cyber attacks. ``We learned a host server in Coburg, Germany ordered a flurry of Korean computers to stage DOS assaults on the root servers,'' said Lee Doo-won, a director at the ministry. ``In other words, Korean computers affected by viruses made raids into the root servers as instructed by the German host server. Many of our computers acted like zombies,'' Lee said."

In a spoofable IPv4 Internet packet's authenticity is the most common flaw exploited on the front lines. The article points out that 61% of the problematic data came from South Korea, and it would be logical to conclude the other 39% came from Chinese and U.S based infected PCs, and while we can argue which country has the largest proportion of insecure end users -- or insecure end users with access to huge bandwidth -- that shouldn't be the point, but how ISPs should start considering how to stop the malicious traffic going out of their networks, compared to their current mindset of outside-to-inside network protection.

A battle lost for the botnet masters in their futile attempt to shut down three of the root servers, and a battle won for South Korea as they will definitely take this wake up call seriously. Meanwhile, S. Korea's CERT offers lots of interesting research reports on the local situation, particularly their latest Internet Incident Trend Report.

Graph courtesy of the ANA Spoofer Project. Continue reading →

The Phishing Ecosystem

Phishing is the efficient case of online social engineering. With the ease of sending phishing emails thanks to malware infected PCs -- spamonomics 101 -- as well as many other techniques for creating the pages and forwarders phishers use to trick users -- it's indisputable how much more profitable phishing is next to spam.

This is perhaps the most detailed summary of the emerging ecosystem I've read in a while. It walks the reader through the process of acquiring the resources for the attack and tracking down the results and provides overview of how malware authors, phishers and spammers work hand to hand due to the pressure put on their actions by the industry and, of course, the countless third-party researchers. Here's a summary :

"- Get an email list
- Develop the attack
- Locate sites to send phishing emails from
- Locate sites to host the phishing site
- Launch the attack
- Collect results"

Around the industry, security researchers are again signalling the ongoing use of popular sites such as MySpace for hosting phishing pages, phishers are going Web 2.0 and starting to use Google Maps, and seems like Castle Cops the anti-phishing community witnessed a demonstration of DDoS bandwidth power which is definitely the result of the consolidated anti-phishing initiative that they manage to keep on expanding. Moreover, yet another evidence of the developing ecosystem is the fact that spam and defaced sites aren't what they used to be, namely are turning into malicious attack vectors. Despite that everyone's claiming the commercialization of this entire ecosystem, hacktivism is not dead!

The "best" is yet to come, and let's hope a more suspicious common sense on the users' part too. Continue reading →

Cuba's Internet Dictatorship

And you thought people in China suffer from the lack of free speech expression. Here's the cheap version of the great firewall of China, this time in Cuba :

"Cuba built an Internet search engine that allows users to trawl through speeches by Cuban leader Fidel Castro and other government sites, but does not browse Web pages outside the island. Cubans cannot buy computers and Internet access is limited to state employees, academics and foreigners. Cubans line up for hours to send e-mails on post office terminals that cannot surf the World Wide Web. Passwords are sold on the black market allowing shared Internet use for limited hours, usually at night."

With Fidel Castro now seriously ill, the speeches will sooner or later turn into historical ones, the question is, which think-tank across the world would come closer in its predictions of the situation in a post-Castro Cuba next to reality? On the other hand the U.S is starving Cuba's bandwidth hunger to death, and considering their inability to invest in alternative sources for connectivity, the extend of degrading the quality of their Internet connectivity is almost unbeliavable as :

"Cuba is forced to use a costly satellite channel with only 65 megabytes per second (mbps) for upload and 124 mbps for download, he said."

Even a France Telecom customer that has upgraded service to Fiber@Home will be able to ping-to-death Cuba's entire academic community. And while Cuba recently blamed the CIA for digital espionage, it would take them unnecessary amount of time to download sensitive material remotely given Cuba's bandwidth capacity. Several other interesting events in case you remember were when Kyrgyzstan got cut off from Internet by hacker attack, and when Zimbabwe's Internet was shut down because they forgot the pay their bill. Bandwidth matters, depending on the perspective of course.

The most recent report on Censorship in Cuba is also worth going through :

"To visit websites or check their e-mail, Cubans have to use public access points such as Internet cafes, universities and “Youth computing centers” where it is easier to monitor their activity. Then, the Cuban police has installed software on all computers in Internet cafes and big hotels that triggers an alert message when “subversive” key-words are noticed."

The only way to undermine censorship is to talk about it -- and mock it. Continue reading →

Profiling Sergey Brin

Great weekend reading :

"Stepping through the sliding glass door into their office is like walking into a playroom for tech-savvy adults. A row of sleek flat-screen monitors lining one wall displays critical information: email, calendars, documents and, naturally, the Google search engine. Assorted green plants and an air purifier keep the oxygen flowing, while medicine balls provide appropriately kinetic seating. Upstairs, a private mezzanine with Astroturf carpeting and an electric massage chair afford Sergey and Larry a comfortable perch from which to entertain visitors and survey the carnival of innovation going on below. And there is ample space for walking around, which is absolutely essential for Sergey, who just can’t seem to sit still."

A story that proves for yet another time that nothing's impossible, the impossible just takes a little while. Here are some photos from Google's NYC headquarters, guess who likes to spoil its employees -- sorry Googlers -- most from all the tech companies these days? Say Google again! Continue reading →

Beyond Traditional Advertising Packages

Differentiate your value proposition or cease to exist. And hey, that's on Madison Avenue :

"As a startup carrier that hadn't yet hired a pilot, Virgin needed more than just slogans and 30-second commercials. That's about when Anomaly, a two-year-old startup, brought a pitch that sounded more like a takeover bid: Carl Johnson, Anomaly's 48-year-old co-founder, hauled out plans to design the interiors of Virgin's new A320s, fashion the flight attendants' uniforms, and create the content for a pay-per-view seat-back entertainment system."

You may also find the best and worst Super Bowl -- the U.S ad industry's favorite playground -- ads entertaining. Meanwhile, Pepsi is anticipating the DIY marketing culture and is asking everyone to help them build their next billboard on Times Square. When advertising does its job millions of people keep theirs, isn't it? Continue reading →

My Feed is on Fire, My Feed is on Fire!

I've never had so many people connected to me, perhaps it's the consequence of Feedburner detecting Google Readers as of this week, and yes the quality of the posts themselves. Here's an interesting opinion on the frequency of blog posting, I especially like the author's understanding of the readers' loyalty towards a blog. My ROI is still positive whatsoever -- part two of Forrester's series is also worth the read. Continue reading →

Delicious Information Warfare - Friday 16th

Here are some articles and blog posts worth reading plus the related comments. Previous summaries as well.

Islamic Terrorism from Clearguidance.com to Islamicnetwork.com -- very interesting reading regarding Daniel Joseph Maldonado, and a visionary quote "It takes a community to make a terrorist and it only take a handful of people to build and maintain such communities."

Former DuPont senior scientist pleads to corporate espionage -- fresh case of corporate espionage. As always I find it a totally biased opinion with companies falling in love with their trade secrets, even coming up with numbers as high as $400M

Information warfare, psyops, and the power of myth -- decent article on the topics in today's world of war on ideologies

Glitches plague NSA's effort to track terrorists online -- Tracking terrorists online courtesy of the NSA's Turbulence program is a another $500M failure to understand the dynamics of cyberterrorism. Thankfully, there're third-party organization the NSA is definitely listening to and obtaining its intelligence giving the lack of ethnical diversity in the U.S intelligence community, one that is crucial nowadays. The cuttest quote of the day "Inside the agency, Turbulence's sensitive activities are sequestered behind passwords known to few."

Panda Software Releases Malware Radar, the First Automated Malware Audit Service -- not necessarily the first as pretty much all vendors offer online malware scan, but it's a product line extension based on recent licensing deals of Panda with other vendors

Another Malware protection engine becomes Malware enabler engine -- when the security solution ends up the security problem itself

Hackers target the home front -- great example of targeted email attacks, makes you wonder two things - what's the chance the attacks aren't really systematic but basically rather regular malware infection attempts, or the emails of top management or anyone @bank.com have been available to attackers wanting to take advantage of the insecurities of their home PCs

Turkish hacker strikes Down Under -- Why shared hosting is unserious from a security point of view

'Storm' Worm Touches Down on IM -- Storm Worm piece of malware switching vectors, interesting, but a fact demonstrating the novice experience of the malware author, as if it were an experienced one, the feature would have been build in the very first releases compared to mass mailings only

Top 10 Disrupters of 2006 -- catchy slide show and here's the full story

Microsoft's Patches -- Zero day Wednesday took place as well

Russia's Ivanov slams U.S. missile shield plans in Europe -- the proposed U.S missile shield in Eastern Europe would give Russia the excuse to do something naughty like this

Cyber officials: Chinese hackers attack 'anything and everything' -- Chinese script kiddies generating noise so that the advanced and government backed espionage attempts remain to be sorted through the noise - predictable pattern

Cuban Information Minister Blasts US Digital Espionage -- Cuba to the U.S - Stop using OSINT and data aggregation techniques against us, as you see, we don't know how to Google

The Next Big Ad Medium: Podcasts -- unless measurability improves it's all shooting into the dark for advertisers, and ad budget allocation dream come true for publishers

How to Stalk Your Family -- start by self-regulation, everyone?

Text of Email to all Yahoos -- Yahoo's CFO to all Yahoos, now if an average Yahoo is able to understand the corporate talk I'll bring the beer

China's Submarine Fleet Continues Low Patrol Rate -- outstanding analysis

Google Agrees to Buy Adscape -- Google's getting into the emerging in-game advertising market. Would a gaming company find that the lack of ads in its game can turn into a competitive advantage in the long-term?

Yahoo co-founder Jerry Yang to donate $75 million to Stanford -- never forget who you are and where you came from. Jerry Yang is donating $75M to Stanford University which as a matter of fact is largely financed by ex-disruptors, and yes tuition fees. They even hold quite some Google shares

CIA's secret prisons -- full coverage

Continue reading →

Terrorism and Encryption

Jihadist themed encryption tool -- using "infidel" algorithms :

"The program`s `portability` as an application (not requiring installation on a personal computer) will become an increasingly desirable feature, especially considering the high use of Internet cafe worldwide by pro-terrorist Islamic extremists,' said iDefense Middle East analyst Andretta Summerville. 'Mujahedin Secrets,' which can be downloaded for free, offers 'the five best encryption algorithms, with symmetrical encryption keys (256 bit), asymmetrical encryption keys (2048 bit) and data compression,' according to a translation of a Global Islamic Media Front`s announcement about the software on Jan. 1, provided by Middle East Media Research Institute."

I've previously covered in-depth the topic of steganography and terrorism, and provided an example while assessing the threat -- and hype -- level of the Technical Mujahid. Terrorists have this problem with the infidels, pretty much everything they use starting from the Internet and their cellphone, even software running on a computer is "Made in InfidelLand". So I presume someone's not really comfortable with even encrypting their data with a U.S made PGP software, so re-branding and adding a Jihadist theme seems to be the solution at least when PSYOPS count. More info on the topic.

Continue reading →

The Electronic Frontier Foundation in Europe

Couldn't get any better :

"The Electronic Frontier Foundation (EFF) opened a new office in Brussels today to work with various institutions of the European Union (EU) on innovation and digital rights, acting as a watchdog for the public interest in intellectual property and civil liberties policy initiatives that impact the European digital environment. The new EFF Europe office, made possible by the generous support of the Open Society Institute and Mr. Mark Shuttleworth of the Shuttleworth Foundation, will allow EFF to have an increased focus on the development of EU law. EFF also plans to expand its efforts in European digital activism and looks forward to working with many groups and organizations to fight effectively for consumers' and technologists' interests."

Finally EDRI got some serious back-up on the frontlines.

Continue reading →

RFID Tracking Miniaturization

First it was RFID tracking ink, now with the introduction of the new generation Hitachi mu-chips, miniaturization proves for yet another time it has huge privacy implications :

"On February 13, Hitachi unveiled a tiny, new “powder” type RFID chip measuring 0.05 x 0.05 mm — the smallest yet — which they aim to begin marketing in 2 to 3 years. By relying on semiconductor miniaturization technology and using electron beams to write data on the chip substrates, Hitachi was able to create RFID chips 64 times smaller than their currently available 0.4 x 0.4 mm mu-chips. Like mu-chips, which have been used as an anti-counterfeit measure in admission tickets, the new chips have a 128-bit ROM for storing a unique 38-digit ID number."

I will spare you the acronym as I'm sure you know which intelligence agency is sitting on the world's largest budget, but just a wake up call that all technologies that are just getting commercialized or a first mention in the mainstream media have already been developed, even abondoned for more advanced alternatives by this agency years ago -- despite the fact that Hitachi is a Japanese company it's an U.S agency I'm talking about. OSI are definitely remembering the old school days now. Picture courtesy of Hitachi comparing the chip's size next to a grain of rice.

UPDATE: Slashdot picked up the story.

Continue reading →