The Feds, Google, MSN's reaction, and how you got "bigbrothered"?

There's still a lot of buzz going on, concerning which search engine provided what type of data to law enforcement officials, and the echo effect of this event resulted in waves of angry end users, that among feeling "bigbrothered", now have yet another reason to switch back to Google, simple. MSN's silent reaction to this is the worst thing they could do given how actively they're trying to catch-up on search traffic. What did they provide anyway?

"Specifically, we produced a random sample of pages from our index and some aggregated query logs that listed queries and how often they occurred. Absolutely no personal data was involved. With this data you :

CAN see how frequently some query terms occurred
CANNOT look up an IP and see what they queried
CANNOT look for users who queried for both “TERM A” and “TERM B”

So picture, the following, "someone" requests his name, his friends' names, physical locations giving clues on possible area and while it isn't personal information(exact names, address etc.) it is personally identifiable one! If it happens once, it would become a habit, my point is that aggregating search info on ECHELON's wordlist is so realistic that you need a company to say NO, and evaluate the reactions of the others. The best thing is that I'm sure the majority of adult entertainment seekers don't need to take advantage of Echelon's Trigger Words Generator :)

Why you don't need to issue a subpoena to find out what's hot in the online porn world?

- take Google's advice into consideration, or start using Overture's keyword selector tool
- now ensure you have the most popular porn related keywords, and if in doubt, consult with an "insider" who would be definitely aware of what's hot, and who's to keep in mind
- use the first 20 pages from each popular search for your sample, these get the majority of traffic
- do a little research over Alexa to further back up your statements, and even use Google to measure the relative popularity of the first site that pop ups when you search for porn.
- ensure you have first consulted with traffic aggregators or paid reports on who's who online
- make sure before going online, another distribution vector so to say, the iPod is taken care of
- envision what's to come in the future, and mostly the interest and the social implications of these issues
- now, come up with ways to restrict children from using these going beyond the usual "But of course I'm over 21 years old" terms of use

What's to come up in the future? In one of my previous posts "Still worry about your search history and BigBrother?" I pointed out the possibilities for Search engines regulation and P3P, but the current self regulation is simply not working anymore.

Further resources on the topic can be found at :

Lorrie Cranor's Searching for Privacy : Design and Implementation of a P3P-Enabled Search Engine
PrivacyBird
An Analysis of P3P-Enabled Web Sites among Top-20 Search Results
Protecting Your Search Privacy: A Flowchart To Tracks You Leave Behind
Using search engines data, Google and forensics - clip

Technorati tags :
privacy,search engine,google,MSN,surveillance,porn

Image originally uploaded at Flickr by villoks

Visualization, Intelligence and the Starlight project

Today, I came across a stunning collection of complex networks visualizations, that reminded of how we must first learn to visualize and than go deeper into VR. Until, I first visited this project, the Atlas of Cyberspace was perhaps my favorite visualization resource, rather outdated, still has a lot to show. 

Visualization is important for today's greatly developed knowledge networks, data mining, and even information security or basic network management issues. But at the bottom line, who always has the best toys, or at least develops them? The academic world? Sort of, except that they need the private sector to go public, so that leaves the U.S military in my point of view :) and they sure do.

The Starlight - Information Visualization Technology is simply a remarkable concept that these folks actually turned into a reality. It uses both structured, unstructured, spatial and multimedia data and provides real-time output, and if you also consider that the project is reportedly down several years ago, for me it opens up the question, who's the successor?

It's national security applications and the syndication of data sources are so clearly visible, that reducing paper-work, platform dependence, information sharing, and perhaps not another Able Danger scenario(if one actually happened!) is the biggest advantage of such a project.

Going back to the "reality"(yeah sure!), in case you've never seen ChicagoCrimes, the free database of crimes reported in Chicago, it's yet another great initiative that again visualizes based on reports and Google Maps, and you don't need a security clearance to use it :) What's else to mention, is CNET's introduction of "The Big Picture" in cooperation with Liveplasma.com of course, clearly, the waves of information flow must be somehow filtered and there's a clear, both, commercial, public and intelligence need for it. Even VR investments are actively taking place, a lot's to come for sure!

Some concepts and clips on visualization :

TouchGraph Google Browser
Real-Time and Forensic Network Data Analysis Using Animated and Coordinated Visualization
F-Secure's visualization of the 1st PC virus, and W32.Bagle, and you can actually see the clip itself.
Visualization study the U.S - clip

Technoratai tags :
security,information security,intelligence,OSINT,starlight,visualization,virtual reality

Homebrew Hacking, bring your Nintendo DS!

Yesterday, Engadget reported about a "WiFi sniffer" that turns your Nintendo DS, into a wardriving tool and while it lacks certain features, it can still prove "handy", even fuel further security concerns over this steadily developing trend of homebrew hacking experiments. 

Removable media is a problem, but would gaming devices turn into a security threat as well? They can sure result in more malware, and this trend, among the many other, made me an impression in respect to the need of interoperability in the upcoming future.

Technorati tags :
security,information security,hacking,homebrew,nintendo,nintendo DS

Still worry about your search history and BigBrother?

The Patriot Search, recently started "helping" any government by making your search activity "public". Its search syntax terrorist:true *keyword*, and terrorist:false *keyword*, gives everyone the opportunity to be honest :) Why did the idea start at the first place? 

Because "only 4 out of 5 search engines allowed the government to see "private" user data". Though, a distinction between private searches VS personally identifiable searches should be made as well.

What's going to happen in the future? Search engines regulation, P3P, or stock market losses due to an initiative whose requirements I feel were totally wrong from the very beginning?

Consider going though David Berlind's comments as well!

Technorati tags :
google,bush,privacy,search engine

Cyberterrorism - recent developments

I've once blogged about why you shouldn't stereotype when it comes to Cyberterrorism, and going through the most recent and well researched report on"Terrorism Capabilities for Cyberattack : Overview and Policy Issues"I came across great similarities to what I posted. I think cyberterrorism shouldn't be just perceived as shutting down a stock exchange, or slowing it down, the irony here is that it could actually happen for "good" on a certain occasions :)

Going back to the report, it's a very recent overview of cyberterrorism, and the way it's perceived. Flawed or not I'll leave up to you to decide. What made me an impression anyway?

- CIA's 2005 "Silent Horizon" to practice defending against a simulated widespread cyberattack directed against the United States. I really don't think frontal attack are of any interest, or are they?

- Stolen credit cards were used in the terrorist attacks in Bali. There have also been other cases, of exactly the same, using cyber activities for funding real world crime and terrorism.

- How sensitive information on a future Army command and control system was stolen from an unclassified system by at least reportedly, Chinese hackers. Unclasiffied doesn't necessarily mean someone wasn't having a false sense of security on a .mil domain I guess.

- The U.S Elite Military Hacking Crew, the so called Joint Functional Component Command for Network Warfare (JFCCNW) I feel every military forces have or should have these.

The report also highlights that the Internet is now a prime recruiting tool for insurgents in Iraq. Insurgents have created many Arabic-language Web sites that are said to contain coded plans for new attacks. Some reportedly give advice on how to build and operate weapons, and how to pass through border checkpoints .

- Other news articles report that a younger generation of terrorists and extremists, such as those behind the July 2005 bombings in London, are learning new technical skills to help them avoid detection by law enforcement computer technology

Which is exactly what I've mentioned in my post on Cyberterrorism. I feel, communication, and coordination, besides research is the ultimate goal here.

The only thing that make made me sort of a bad impression was how the only major innovation mentioned is quantum cryptography, and steganography mentioned just twice. I think that this isn't entirely the case, and breaking cryptography doesn't necessarily have to come in form of directly attacking the algorithm itself. That happens to be impossible sometimes, but the first time when I came across the fact that the AU government can use spyware on criminals with the idea too obtain keys, or whatsoever, it makes such issues irrelevant.

On the other hand, the way the Internet provides "them" with more opportunities, the more their traceability improves, or at least give clues to a certain extend.

Technorati tags :
security,information security,cyberterrorism,Terrorism,al qaeda