Monthly Archives: April 2011

DHS Stepping Up?

Information Week Government is reporting about how DHS stepped up it’s
involvement in the cyber attack on RSA and speculates that .gov is
getting more involved in the private sector. i don’t agree. i think
that RSA is a very important vendor to the .gov space and as such DHS
and really all of .gov needed to directly investigate this breach and
it’s implications.

Is this cell phone data extractor too much?

Bob Sullivan for MSNBC’s Red Tape Chronicles ( writes about the
Universal Forensic Extraction Device or UFED that plugs into a cell
phone and extracts all the data files. Does putting these devices in
the hands of law enforcement and giving them the ability to access
data on a mobile device constitute a risk of an unreasonable search?

Link to Cellbrite’s UFED offering…


Data on the 2010 Gawker Media password breach

A major security breach event for 2010 was the password disclosure at
Gawker Media.

On December 12th, 2010 Gawker Media discovered that their servers were
compromised, resulting in a security breach at their web sites:
Lifehacker, Gizmodo, Gawker, Jezebel, io9, Jalopnik, Kotaku, Deadspin,
and Fleshbot. The result was that depending on the reporting
somewhere near or just over 1 million usernames, email addresses, and
passwords were purloined and the attackers displayed the data files on
at least one server for the world to look at.

I particularly liked (and have gone back to read and reference several
times) the December 13th reporting of the the Wall Street Journal on
the Gawker Media disclosure. In this articles the authors took a look
at a subset of the disclosed data; almost 190,000 accounts and did a
data analysis on the passwords that set contained. See:

Another good read was from the folks at Gawker; see “FAQ: Compromised
Commenting Accounts on Gawker Media”!5712785

Using Google Docs to Administer Surveys

I recently thought that some of my Personal Cybersecurity work could
be made much more interesting if I wee to develop some data on my own;
perhaps by conducting my own surveys. I started looking around at web
based tools for administering surveys and pretty quickly found:
Surveymonkey and Zoomerang. Both offer a free capability that caps
your survey at 10-12 questions and allows for no more than 100
completed surveys per month. Both tools look good and I’m confident
can be used pretty easily to produce a professional looking survey.
Reputation wise both of these sites look good too so unless someone
has set up a content filter that specifically blocks protected hosts
from participating in online surveys; most people can reach these
sites and trust the content.

I also found another way of conducting these surveys. Google Docs
seems to have the capability of producing an online form that you can
have people browse to or send to people as email (specifically as HTML
email). This is described at:


Great NYT article Erasing the Digital Past

The New York Times published this great article ( on digital reputation today.  The clear intent of the article was to talk about and help people discover taht there are means for “clearing your name” when it comes to Internet search.  The artcile was written tastefully so as to not provide any one example of someone who was desperate to have their Internet identity cleared.

The article generated many comments from readers.  One that I found amusing was from Craig in CT who wrote: “This and tattoo removal – growth industries of the current generation.”.

One person who was mentioned in the article; didn’t find what was said about them to be accurate; and manged to do something about is Julia Allison.  Julia has apparently been written up on numerous occasions by the folks over at Gawker Media.  Apparently the writer tried to ortray Allison using data gleamed from Gawker.  In an April 17th correction to the story it is interesting to note that the Times author got a number of statements about Allison wrong.  After reading the correction I’m left to think that while you may not be able to erase the digital past you can at least make sure that’s correct.