Phil Mocek Acquitted on TSA’s No-ID and Recording Charges
In November 2009, Phil Mocek (@pmocek) was arrested by Albuquerque Police at Albuquerque Airport for not providing a piece of identification, and recording the TSA process on camera (video below). In the US, one’s right to fly is guaranteed by Federal Laws and the Constitution, and as long as you do not break any other laws, local or state police cannot legally prevent you from flying.
Mocek was charged with things like criminal trespass, refusing to obey an officer, concealing his identity, and disorderly conduct. On 21 January 2011, he was acquitted on all charges by a jury without the defense having to call any witnesses or provide any evidence. The prosecution’s case simply did not stand up.
In a previous court case against another man who refused to show ID, the TSA admitted that there is actually no law that requires travelers to present ID in order to be able to fly. In the US, it is also perfectly legal to record video in public areas of the airport, despite what signs, staff or police may claim.
This case is reminiscent of John Tyner, who was thrown out of San Diego Airport for refusing the new TSA (grope) patdown. Note that you may want to familiarise yourself with the relevant laws regarding ID and recording in your own country.
Full details are available here. Well done to Phil for protecting his rights, and in the process, all of ours as well. Speaking of TSA security measures, I thought this recent Dilbert comic was particularly fitting.
Banking Whistleblower Rudolf Elmer Hands Tax Information to Wikileaks
Swiss ex-banker, Rudolf Elmer, has handed over financial information on 2,000 individuals (including 60 politicians) to Wikileaks. Elmer is himself on trial for previous leaks to Julian Assange’s group and breaking notoriously strict Swiss banking privacy laws. The information, stored on two CDs, was handed over to Julian Assange in a public press conference. The discs supposedly contain evidence of tax evasion that will be reviewed by Wikileaks, with plans to disclose parts of it publicly, and to relevant authorities.
Assange said that it will be at least two weeks before any of the information can be reviewed and released. Are you a rich tax evader? Ready… set… sweat!
Insecurity: Bad Secret Questions and Information Disclosure
It’s a little known fact that most websites have a backdoor that can get you access in other people’s accounts – weak secret questions! Ok, so maybe it’s not a back door as such, but the threat is so high that for some websites it might as well be. Let me explain… Read more
Department of Justice Subpoenas Twitter for Personal Info of Wikileaks Supporters
The US Department of Justice (DoJ) filed a subpoena against Twitter, demanding for the personal information of a number of known Wikileaks supporters. These include Birgitta Jonsdottir (a member of the Icelandic parliament), Rop Gongrijp (a Dutch hacker), Jacob Applebaum (Tor developer), Bradley Manning (solder believed to have leaked info to Wikileaks), and Julian Assange himself. The order requests a large amount of personal information including:
- Subscriber names, username, etc
- Mailing, residential, business and email addresses
- Connection records, and records of session times and durations
- Length of service, and type of service utilized
- Telephone or other subscriber number
- Means of payment (including any credit card of bank account number)
- All Tweets (private or not)
The original Order was sealed, meaning that the intended targets of the information request could not be informed that their data was being subpoena’d. At Twitter’s request, the Order was unsealed, and the targets informed. Many of these individuals will undoubtedly be contesting the subpoena, for which they now have 10 days. It is believed this information is being requested as part of a growing criminal investigation into Wikileaks.
A copy of the Order served to Twitter is available here (PDF), and a more in-depth report can be found here. I wonder if the Electronic Frontier Foundation (EFF) will weigh in on this one…
[Update] According to Wikileaks, the subpoena potentially covers over 637,000 people who follow Wikileaks on Twitter. Iceland has blasted the US’ demand.
Top 100 Security and Privacy Tips
In celebration of the 100th post on Security Generation, I’ve decided that a list of 100 security and privacy tips would be appropriate. The tips start off basic then get a bit more complex, and cover a range of areas from general computer and information security, to safe web browsing, email security and privacy. Thanks to everyone who’s been visiting (and to those who are following on Twitter), I hope to keep bringing you useful and interesting content into 2011. Feel free to share this with others, and suggest any other tips that you think I may have missed out! Let’s kick off the 100 Security Tips, enjoy:
- Keep informed of current events in security by reading (or listening to) relevant security news
- Always be aware and alert for threats, and adjust your security to fit your current environment
- Be skeptical (not paranoid), and use common sense
- Ask for help or information if you’re ever suspicious or unsure about something
- Help educate others about good security practices, and point them to useful resources
- Regularly patch your system, browsers, and other software and mobile devices when updates are available
- If you use antivirus, and you probably should, update the signatures hourly at a minimum
- Don’t use an Administrator (root) account for day-to-day use. Set yourself up a standard user account
- Use good, strong passwords with a minimum of 8 characters
- Do not use “password”, abc123, 12345, qwerty, your username, any dictionary word, or any derivatives of these as your password! Read more
Plugin to Disconnect: Regain Browsing and Search Privacy
Ex-Google employee Brian Kennish has been developing a web browser plugin dubbed ‘Disconnect‘, which aims to restore users’ web browsing and searching privacy on a number of major sites. The plugin, which current supports Google, Facebook, Digg, Twitter and Yahoo, blocks uniquely-identifying cookies which are used to track individual users’ browsing activity and searches. Brian also created ‘Facebook Disconnect‘ which prevents Facebook from tracking you on any website that uses the Facebook Connect functionality.
Both of these plugins de-personalize your normal browsing and searching, whilst allowing you to continue using services like Google and Facebook normally. You can see which cookies are being blocked in real-time, and unblock any that you may want. Note that the search de-personalization currently only works on the google.com domain (not local country domains).
At the moment these plugins are only available for Chrome and RockMelt (a new social media-embedded browser I just heard of), but a Safari extension and Firefox add-on are on the way!
Creating a Secure Mac/PC Portable USB Drive
Ever since the release of the IronKey I’ve been drooling over the device (good thing it’s waterproof I guess). Due to not wanting to pay so much for a USB key, I decided to make my own. I grabbed myself a 32GB USB key, and got to work on making it as close to the IronKey as possible.
TSA Body Scanner Missed 12-inch Razor Blades
Mythbusters’ Adam Savage recently went through a TSA checkpoint and body scanner, and once on the plane realized he had two 12″ razor blades in his jacket pocket. I’ll let the man tell you himself, but I love his quote: “WTF TSA?”. Clearly the screening agent was focusing on Adam’s myth-busting junk.
Privacy fail and security fail two-in-one. Security theater++
Swinglet CAM: Your Own UAV Spy Plane
This is epic full of awesomeness. The Swinglet CAM is a small computer-controlled flying thing (plane?) with a built-in camera. The computer software allows you to define a flight path that the Swinglet will automatically follow and pictures from the sky. You can even do in-flight path modifications and it will adjust its trajectory. It takes off when you throw it in the air, can fly for up to 30 minutes, and lands by itself.
Supposedly you can use it to look at the state of your crop fields from the sky, which sounds like a stupid use for this toy. If you know the girl next door sunbathes naked on the roof, now we’re talking! I want one but I’ll wait for a video-capable model that can fly for miles, and be controlled from my secret basement lair.
Check out this sample photo and the video below to make you want one for Christmas. The Swinglet CAM costs only €8,400 ($11,000)!
iOS 4.2.1 Released with Free “Find My iPhone”
Apple has finally released the highly-anticipated iOS 4.2 (actual version is 4.2.1), bringing support for the iPad along with several other feature including AirPlay and AirPrint.
Along with this release, Apple has made the “Find My iPhone” functionality in MobileMe free to all iPhone, iPad and iPod Touch device owners. This service uses a combination of GPS, cell tower and wifi-network triangulation to obtain the location of the device, which can then be mapped. It also allows you to send messages, lock or completely wipe the remote device. To use this feature, you’ll need add a MobileMe account using your iTunes Apple ID by going to Settings > Mail, Contacts, Calendars > Add account. You can then track your device using the Find My iPhone app available in iTunes, or using the MobileMe web interface.
Users concerned about the privacy implications of this feature can easily disable it by going to Settings > Mail, Contacts, Calendar > Select your MobileMe account > Set ‘Find My iPhone’ to Off. Have a look at Apple’s KnowledgeBase article for more info on this feature.
iOS 4.2.1 brings with it a number of security updates (including Safari and numerous WebKit patches). Although it’s not mentioned in the update details, the previously-reported cool-but-deadly keylock bypass vulnerability has been fixed. Hit the jump for full details.
Related: Protecting and Recovering Your iPhone and iPad from Loss and Theft!
Loading ...
