Loss of Privacy

Anonymous hacked into a conference call between the FBI and Scotland Yard. You can listen to the conversation below.

The Anonymous hacker managed to listen in to the call after accessing an FBI email which gave details of the intended call. The email was also posted online.

Best comment in the audio recording:

“He hacked some gaming site called . . . Steam.”

Yeah, Steam is just some gaming site. Their job is to track online hackers, yet they haven’t a clue what Steam is or what happened when it was hacked.

You can also read it at Pastebin or download the mp3.

A Colorado judge has ruled that a defendant must decrypt her PGP- encrypted hard drives and allow the police to look at the device for incriminating evidence.

Blackburn, a George W. Bush appointee, ruled that the Fifth Amendment posed no barrier to his decryption order. The Fifth Amendment says that nobody may be “compelled in any criminal case to be a witness against himself,” which has become known as the right to avoid self-incrimination.

“I find and conclude that the Fifth Amendment is not implicated by requiring production of the unencrypted contents of the Toshiba Satellite M305 laptop computer,” Blackburn wrote in a 10-page opinion today. He said the All Writs Act, which dates back to 1789 and has been used to require telephone companies to aid in surveillance, could be invoked in forcing decryption of hard drives as well.

Although the defendant in the case intends to appeal, there are conflicting decisions already on the books.

In March 2010, a federal judge in Michigan ruled that Thomas Kirschner, facing charges of receiving child pornography, would not have to give up his password. That’s “protecting his invocation of his Fifth Amendment privilege against compelled self-incrimination,” the court ruled (PDF).

A year earlier, a Vermont federal judge concluded that Sebastien Boucher, who a border guard claims had child porn on his Alienware laptop, did not have a Fifth Amendment right to keep the files encrypted. Boucher eventually complied and was convicted.

The debate as to whether or not decrypting a computer by a defendant is a violation of the fifth amendment will continue as more cases like these come to trial. On the one side the argument is that decryption is similar to handing over the keys to a storage or safe deposit box while, on the other, privacy advocates state that giving up any information to decrypt a computer is the equivalent of testifying against oneself.

Also of note is that, in this particular case, the prosecution has to prove that she has the means to decrypt the laptop. If she is unable to do so, there is little else the prosecution can do.

As it stands right now, there is case law for both sides and it does not appear as if the debate is going to be settled any time soon. At some point, this issue will reach the Supreme Court because there are far too many conflicting points on both sides, in numerous cases, for the issue to be clear.

Oh, the irony.

I am so glad I saw the liberty bell years ago and could actually touch it without any hassle. I’d never go see it today.

via cnet.

It seems that people will never learn the value of a good password. For all you dolts out there, stop using “password” as your password!

“Password” ranks first on password management application provider SplashData’s annual list of worst internet passwords, which are ordered by how common they are. (“Passw0rd,” with a numeral zero, isn’t much smarter, ranking 18th on the list.)

The list is somewhat predictable: Sequences of adjacent numbers or letters on the keyboard, such as “qwerty” and “123456,” and popular names, such as “ashley” and “michael,” all are common choices. Other common choices, such as “monkey” and “shadow,” are harder to explain.

Here’s the list:

• 1. password
• 2. 123456
• 3.12345678
• 4. qwerty
• 5. abc123
• 6. monkey
• 7. 1234567
• 8. letmein
• 9. trustno1
• 10. dragon
• 11. baseball
• 12. 111111
• 13. iloveyou
• 14. master
• 15. sunshine
• 16. ashley
• 17. bailey
• 18. passw0rd
• 19. shadow
• 20. 123123
• 21. 654321
• 22. superman
• 23. qazwsx
• 24. michael
• 25. football

The company provided some tips for choosing secure passwords in a statement:

• 1. Vary different types of characters in your passwords; include numbers, letters and special characters when possible.
• 2. Choose passwords of eight characters or more. Separate short words with spaces or underscores.
• 3. Don’t use the same password and username combination for multiple websites. Use an online password manager to keep track of your different accounts.

As usual, these tips can save you a lot of aggravation later. The key is to actually implement and not just read about them. If you don’t make your passwords long enough or secure enough, anyone with minimal knowledge will be able to get into your system.