Jan
05
2008
There’s an emerging debate between computer forensic technicians and private investigators.
The question is what constitutes an expert witness, and what evidence is admissible in court. State PI associations are lobbying to require a PI license to perform computer forensics for hire, and thus to present in court. Others argue that a forensic technician is no different than a forensic accountant, or forensic anthropologist; they are lab technicians and do not lead the investigation.
Legislation has been floated in South Carolina and other states.
Jan
05
2008
The spammers come to Facebook; there’s a highly viral applet that utilizes social engineering to spread spyware. My 2008 prediction: 20+ hot girls a day asking to be our “friend” on FB as with MySpace (to spread spam). A new social network emerges with a limited audience and the trendsetters start to abandon FB. Wash, Rinse, Repeat.
Dec
17
2007
This post is an ongoing collection of articles, surveys, and research about computer forensics.
Surveys & Research:
Dec
17
2007
This post is an ongoing collection of articles, surveys, and research about data governance and privacy.
General references:
- The EFF has a page that gives a status update on pending legislation and court cases related to privacy rights.
Specific references:
- Privacy Rights Clearinghouse has a chronology that documents data breaches since 2005. The grand total - 216 Million records in the USA from 2005 to present. A number of these are organizations that sell information security products and/or services and have failed to “eat their own dog-food”.
- MySpace suffered a security breach recently that allowed hackers to download a massive amount of private photos. Those have recently showed up on BitTorrent.
Dec
17
2007
This post is an ongoing collection of articles, surveys, and research about electronic voting.
General, non-partisan references:
General, partisan references:
- Bev Harris of Blackboxvoting.org is the authority on the challenges surrounding electronic voting.
Specific references by recognized, non-partisan experts:
- The Ohio Secretary of State recently issued the EVEREST report which also found numerous critical flaws in electronic voting systems.
- The California Secretary of State sponsored a “top to bottom” review of electronic voting and decided to decertify several models.
- The Colorado Secretary of state followed suit and decertified the voting machines on 12/18/07.
- One of the most respected security experts, Bruce Schneier, posted an insightful article about electronic voting.
- An AP article documenting the conviction of election workers for rigging the 2004 Ohio recount.
Specific, partisan references:
I don’t endorse the conclusions reached by the materials below, though I do find the information to be thought provoking. While the impact of the systematic weaknesses in voting systems is hotly debated and quickly devolves into conspiracy theories, the fact that they are inexcusably weak is not contested.
- Youtube has a controversial video of a programmer giving testimony that he designed a program to “fix” elections.
- The Washington Post summarized a controversial book by Professor Steve Freeman that compares the security and regulation over slot machines to electronic voting systems.
- Rolling Stone Magazine published two articles by Robert F. Kennedy Jr. about electronic voting.
Dec
17
2007
This post is an ongoing collection of articles, surveys, and research about IT General Controls.
- The Royal Bank of Canada suffered major downtime due to a failed upgrade of their computer systems in 2004.
Dec
14
2007
This post is a collection of articles and research related to insider threats.
Surveys & Research:
- The US Secret Service published the Insider Threat Study in 2003 and 2005.
Articles: