Sorry, headline of this article is an old tech geek joke. . . .

Sarah Palin’s email account was hacked into.  You know, the one she used to communicate official business whilst skirting document retention laws?  Yeah, that one.  And here’s the really funny bit.  Check out the McHacked-Failin ‘08 campaign’s reaction:

“This is a shocking invasion of the Governor’s privacy and a violation of law,” GOP presidential campaign manager Rick Davis said Wednesday in a written statement. “The matter has been turned over to the appropriate authorities and we hope that anyone in possession of these emails will destroy them.”

OIC. . .  So, cracking Sarah Palin’s clandestine gubinatorial email account was a violation of law because it’s a violation of privacy.  Except that there’s really no privacy with government communications, which is why she’s not supposed to be using that email account in the first place.  Right?

Now, I’m not suggsting that you should go rooting through what’s there, but I will say that if you did want to look, you’d better do it quick.

The Department of Homeland “Security” gets it’s out of date PBX mail exchange telephone systems hacked, and the hacker procedes to make $12,000 worth of calls to the Middle East and Asia, presumably just to be a dick.

Now, two things about this worth remembering: first, this is a very, very old and very well-documented form of hacking that barely happens anymore in large companies because the PBX system is irrelevant with VoIP, which is the current state-of-the-art voice system.  So, not only are you as a tax payer paying for an outdated technology, but if DHS is going to use old crap, this is a vulnerability they should have known about and prevented.

Second, PBX is a very simple system, and there aren’t really any “rights administration” things as firewalls built in.  Once a hacker has gained access to a PBX system, they’re free to listen in on calls, listen to legitimate users’ voicemails and delete them if they please, and even re-route calls away from their intended destinations.  That the hacker chose to make calls to the Middle East and Asia on DHS’s dime is nothing short of amusing in the way of that classic hacker wit, but that it was even possible is actually quite a bit bigger a deal than the media will let on.

The Washington Post is reporting that recently disclosed Homeland Security policies lay claim to the right to indefinitely detain your laptop PC, iPod or other electronic device without probable cause and share the information stored on those devices with third-party companies.  It’s all a part of making you feel safer.  Do you feel safer, yet?

I’m sure I’m basically wasting time trying to argue logically about the policies of an organization which is neither founded upon nor governed by rational interests in security.  Nevertheless, let me point out that border security - especially airport security, for which this rule seems largely designed - is about preventing dangerous items from entering a plane or the country.  Such things include guns, knives or shoe bombs.  Or more than one lighter at a time.  Or toothpaste.

So really, there is no logical reason for needing to interpret data on a PC or iPod hard-drive, is there?  Other than an attempt to bully and intimidate travelers, I mean.

From the house I’d thought least likely to do anything right comes what is easily the best version of the Telecom/FISA bill. Granted, it’s never going to pass through the Senate much less the president, but who gives a shit? The point is that someone at least tried to stand up for our rights, unlike the ball-less Senate.

And this runs out the clock, needing to be argued over in the Senate, putting the issue of Telecom Immunity on the front burner across the country. As it gets closer to election time, there’s a good chance that Senators from iffy districts may be less inclined to pass the Senate version. I suspect that, in the end, nothing will happen with this bill until possibly after the elections.

TPMMuckraker | Talking Points Memo | House Passes Surveillance Bill without Retroactive Immunity

The House Dem leadership’s surveillance bill just cleared the House by a vote of 213-197 with 1 vote of present. 11 Dems crossed the aisle to vote against it.

Folks who read this blog know: when I find them, I report them.

There seems to be a new attack on CareerBuilder.com users, both employers and job seekers, aimed at spoofing their name for whatever purposes. I got the email in my mailbox today and will be dutifully informing CB of the problem once I’m done posting this to the blog. The email redirects to a rojoka.net address.

Content:

Dear employer

Due to a recent security breach in the Careerbuilder computer system, a new set of terms and conditions has been issued.
In order to guarantee the security of your Careerbuilder account , we need you to login over a secure connection and confirm your user and password,
by clicking the link below.After the process is completed, your account will be secured as stated in the new terms of use.

Please click on the link below and login in order to accept the new terms and conditions that have been issued ( Online Access Agreement Update ) :

http://www.careerbuilder.com/share/login.aspx?sc_cmp2=JS_Nav_MyCB_LoginM>

After completing this process, you will be redirected to our new terms of use.

Thank you

�© Careerbuilder Limited. Use of the information contained on this page is governed by federal law and is subject to the disclaimers which can be read on the disclaimer page.

More and more, it becomes obvious that cybercrime has lots of real-world effects that even the casual inspection cannot ignore. That’s been obvious to most of us who pay attention for years, but now it’s become enough of a problem that in the U.K., people at the tops of industry are starting to clamor for a e-crime chief position to be created, presumably somewhere in Scotland Yard.

The article points out the basic problem, which is as much ours as it is Brittan’s:

IT chiefs demand centralised e-crime unit | The Register

Instead of reporting cybercrime to the police, the public is encouraged to report fraud to their banks, a policy criticised by a House of Lords select committee and security researchers. Soca itself only takes reports of cybercrime indirectly, and tackles only the largest cases.

If you were to inform the police, it’s doubtful that many of them would understand, let alone have the tools and wherewithall to act in an appropriate manner. You’re forced to seek out the help of your financial institution. As much as they have a stake in settling such matters, your bank is going to have roughly the same problem, getting the FBI involved when it really isn’t always necessary.

Something like a cybercrime chief is certainly called for, here as well as in the UK. Trouble in this country would be: does this become a national position in the FBI (which we actually already have), or does this mean that states need to get more involved? States would have a tough time of it, since most cybercrime is going to of necessity happen inter-state and out of their jurisdiction. At the same time, forensic evidence could be collected much more efficiently if only states had better tools to work with.

And of course, in this state, having a first line of defense would be critical to places like Wall Street.

Those of you who check this site often know I track such things. This one is an interesting one, in that it looks for all the world as though you just bought $400+ worth of Creative sound equipment, and then gives you a nice, fancy “Cancel this transaction” link, which of course goes to the phisherman’s cove. The body of the scam email is contained after the flip, as is the registrant information for the offending domain, in case you want to give him a jingle. As always, I have reported this email to PayPal and recommend you always do the same.

» Continue Reading…