Posts tagged software
The Associated Press Posted: Dec 5, 2012 10:20 PM ET Last Updated: Dec 6, 2012 1:54 AM ET
Software company founder John McAfee was arrested by police in Guatemala on Wednesday for entering the country illegally, hours after he said he would seek asylum in the Central American country.
The anti-virus guru was detained at a hotel in an upscale Guatemala City neighbourhood with the help of Interpol agents and taken to an old, three-story building used to house migrants who enter the country illegally, said Interior Minister Mauricio Lopez Bonilla.
It was the latest twist in a bizarre tale that has seen McAfee refuse to turn himself in to authorities in Belize, where he is a person of interest in the killing of a neighbour, then go on the lam, updating his progress on a blog and claiming to be hiding in plain sight, before secretly crossing the border into Guatemala.
“He will be in danger if he is returned to Belize, where he has denounced authorities,” said his lawyer in Guatemala, Telesforo Guerra. “His life is in danger.”
Guerra said he would ask that a judge look at McAfee’s case as soon as possible. “From them moment he asked for asylum he has to have the protection of the Guatemalan government.”
Security for the 99%
The House of Representatives kicked off their “cybersecurity week” yesterday with a hearing titled “America Is Under Cyber Attack: Why Urgent Action is Needed.” Needless to say, the rhetoric of fear was in full force. A lot of topics were raised by members of Congress and panelists, but perhaps the most troublesome theme came from panelist and Former Executive Assistant Director of the FBI Shawn Henry, who repeatedly urged that good cybersecurity means going on the offensive:
“the problem with existing [...] tactics is that they are too focused on adversary tools (malware and exploits) and not on who the adversary is and how they operate. Ultimately, until we focus on the enemy and take the fight to them […], we will fail.”
This offensively-minded approach has major pitfalls, as it could lead to more government monitoring and control over our communications. While we think an increased focus on catching criminals using existing tools is a fine tactic that could be used by law enforcement, we fear the temptation for law enforcement to increase their surveillance capabilities in order to successfully go on the offensive in the context of computer crimes. This could mean things like breaking into people’s computers without warrants, or disrupting privacy-enhancing tools like Tor. Needless to say, we think it would be a very bad idea to link our safety to the ability for law enforcement to effectively monitor people, and that is a danger of focusing solely on an offensive strategy. Instead, we would like to offer an alternative, defensively-oriented point of view regarding security, an important view that we think was not adequately represented in yesterday’s panel.
Securing U.S. critical infrastructure networks, corporate networks, and the Internet at large depends upon securing our computers and networked devices. Fundamentally, it’s very simple: fewer software vulnerabilities means more security. Once a vulnerability is patched and an upgraded version of software is available and in use, that increases safety for all of us. Ensuring that the right mechanisms are in place to maximize this baseline security should be a major focus area of any organized effort to secure our critical and other Internet infrastructure. This means encouraging the disclosure of vulnerabilities when they are found so that they can be fixed, and no longer exploited. This is what we mean when we talk about security for everyone. This defensive strategy also takes a view of vulnerabilities that includes engineering with security in mind: if software doesn’t force good security on administrators and other humans who have a role to play to keep things secure, then that should be considered a security vulnerability in that software.
In order to understand why vulnerabilities are the foundation of insecurity and ought to the focus of defensive efforts, let’s take a bit of time for those new to the computer security world to define bugs, vulnerabilities, exploits, and a particularly nasty class of exploits called “zero-day” exploits.
Uploaded by GlobalResearchTV on Feb 18, 2012
The US Federal Bureau of Investigation posted a Request for Information last month calling on IT companies to demonstrate their ability to design software for monitoring, mapping and analyzing social media.
Find out more about the history of government spying and propaganda through social media on this week’s edition of Behind the Headlines.
The FBI by mid-January will activate a nationwide facial recognition service in select states that will allow local police to identify unknown subjects in photos, bureau officials told Nextgov.
The federal government is embarking on a multiyear, $1 billion dollar overhaul of the FBI’s existing fingerprint database to more quickly and accurately identify suspects, partly through applying other biometric markers, such as iris scans and voice recordings.
Often law enforcement authorities will “have a photo of a person and for whatever reason they just don’t know who it is [but they know] this is clearly the missing link to our case,” said Nick Megna, a unit chief at the FBI’s criminal justice information services division. The new facial recognition service can help provide that missing link by retrieving a list of mug shots ranked in order of similarity to the features of the subject in the photo.
Today, an agent would have to already know the name of an individual to pull up the suspect’s mug shot from among the 10 million shots stored in the bureau’s existing Integrated Automated Fingerprint Identification System. Using the new Next-Generation Identification system that is under development, law enforcement analysts will be able to upload a photo of an unknown person; choose a desired number of results from two to 50 mug shots; and, within 15 minutes, receive identified mugs to inspect for potential matches. Users typically will request 20 candidates, Megna said. The service does not provide a direct match.
Michigan, Washington, Florida and North Carolina will participate in a test of the new search tool this winter before it is offered to criminal justice professionals across the country in 2014 as part of NGI. The project, which was awarded to Lockheed Martin Corp. in 2008, already has upgraded the FBI’s fingerprint matching service.
Local authorities have the choice to file mug shots with the FBI as part of the booking process. The bureau expects its collection of shots to rival its repository of 70 million fingerprints once more officers are aware of the facial search’s capabilities.
Thomas E. Bush III, who helped develop NGI’s system requirements when he served as assistant director of the CJIS division between 2005 and 2009, said, “The idea was to be able to plug and play with these identifiers and biometrics.” Law enforcement personnel saw value in facial recognition and the technology was maturing, said the 33-year FBI veteran who now serves as a private consultant.
NGI’s incremental construction seems to align with the White House’s push to deploy new information technology in phases so features can be scrapped if they don’t meet expectations or run over budget.
But immigrant rights groups have raised concerns that the Homeland Security Department, which exchanges digital prints with the FBI, will abuse the new facial recognition component. Currently, a controversial DHS immigrant fingerprinting program called Secure Communities runs FBI prints from booked offenders against the department’s IDENT biometric database to check whether they are in the country illegally. Homeland Security officials say they extradite only the most dangerous aliens, including convicted murderers and rapists. But critics say the FBI-DHS print swapping ensnares as many foreigners as possible, including those whose charges are minor or are ultimately dismissed.
Megna said Homeland Security is not part of the facial recognition pilot. But, Bush said in the future NGI’s data, including the photos, will be accessible by Homeland Security’s IDENT.
The planned addition of facial searches worries Sunita Patel, a staff attorney with the Center for Constitutional Rights, who said, “Any database of personal identity information is bound to have mistakes. And with the most personal immutable traits like our facial features and fingerprints, the public can’t afford a mistake.”
In addition, Patel said she is concerned about the involvement of local police in information sharing for federal immigration enforcement purposes. “The federal government is using local cops to create a massive surveillance system,” she said.
Bush said, “We do have the capability to search against each other’s systems,” but added, “if you don’t come to the attention of law enforcement you don’t have anything to fear from these systems.”
Other civil liberties advocates questioned whether the facial recognition application would retrieve mug shots of those who have simply been arrested. “It might be appropriate to have nonconvicted people out of that system,” said Jim Harper, director of information policy at the libertarian Cato Institute. FBI officials declined to comment on the recommendation.
Harper also noted large-scale searches may generate a lot of false positives, or incorrect matches. Facial recognition “is more accurate with a Google or a Facebook, because they will have anywhere from a half-dozen to a dozen pictures of an individual, whereas I imagine the FBI has one or two mug shots,” he said.
FBI officials would not disclose the name of the search product or the vendor, but said they gained insights on the technique’s accuracy by studying research from the National Institute of Standards and Technology.
In responding to concerns about the creation of a Big Brother database for tracking innocent Americans, Megna said the system will not alter the FBI’s authorities or the way it conducts business. “This doesn’t change or create any new exchanges of data,” he said. “It only provides [law enforcement] with a new service to determine what photos are of interest to them.”
In 2008, the FBI released a privacy impact assessment summarizing its appraisal of controls in place to ensure compliance with federal privacy regulations. Megna said that, during meetings with the CJIS Advisory Policy Board and the National Crime Prevention and Privacy Compact Council, “we haven’t gotten a whole lot of pushback on the photo capability.”
The FBI has an elaborate system of checks and balances to guard fingerprints, palm prints, mug shots and all manner of criminal history data, he said. ”This is not something where we want to collect a bunch of surveillance film” and enter it in the system, Megna said. “That would be useless to us. It would be useless to our users.” source – NextGov