Hacking and Anonymous surfing

Earlier this week, the Wall Street Journal whipped out its paddle and took several well placed whacks at a company few outside the Internet advertising community had ever heard of: Rapleaf.

Rapleaf is a company that scours the InterWebs for data about you, marries it to data provided by companies and by your own activities on Facebook and other sites, and builds an “anonymous” profile of you that it provides to advertisers so they can target ads to your interests. Sounds pretty boring, really, except the Journal discovered that a) Rapleaf was collecting a lot more information than it admitted to (like data on users’ religious beliefs), and b) it was inadvertently passing personally identifiable information to advertisers along with this treasure trove of data.

In short, Rapleaf is the kind of company your mother would have warned you about ten years ago, had mom been a total privacy geek. Back then social networks were barely a blip on the horizon. The big privacy threat at the time: DoubleClick and the new and terrifying spectre of “tracking cookies.”

I hijacked someone’s Facebook account with Firesheep. It was incredibly easy. Before you call the authorities on me, the “hijack” was an experiment with a colleague’s account while we were waiting for a plane, and she gave me permission. But let me tell you: Firesheep, the Firefox add-on designed to show the security holes in sites that don’t use encryption for all their traffic, works as advertised.

All I had to do was download and install the add-on, open the Firesheep sidebar and click “Start Capturing.” When her account appeared on the list, I double-clicked on it. Once I made sure that I wasn’t logged into the same site myself with my own account, her account appeared in my browser.

Happily, I couldn’t change her account information without knowing her password. But I could see all her friends, read her private messages and even issue a status update that went to all her friends. Also good news: Google and Yahoo mail both appeared secure, even if logged into other portions of those sites.

Four out of five people think “level of security” is high priority when buying or using smartphones and tablet computers, according to a newly released global consumer study by Juniper Networks. Of those surveyed, more than half said they are worried about losing their mobile devices, and want to protect their identities as well as their families with parental controls.

The research was commissioned by Juniper and conducted by KRC Research and Synovate. More than 6,000 smartphone and tablet users across 16 countries were surveyed for this research, which revealed that about three out of four people use their mobile devices to share or access sensitive personal or business information.

About 44 per cent of respondents now use their devices for both personal and business purposes and this has given the need for more stringent and better integrated mobile security. A very large number (81 per cent) of respondents said they used their devices to access their employer’s network without their employer’s knowledge or permission.

Intel has opened a $1 billion chip testing and assembly facility in Vietnam, which it says is the biggest facility for the company yet.

According to the company, the factory has a total area of 46,000 square meters, which is around the size of five and a half football fields. Situated in the Saigon Hi-tech Park, Ho Chi Minh City, the factory will be used for testing chips for defects before packaging. “Assembly and test is a critical final step in the end-to-end manufacturing of Intel’s silicon products,” the company said.

According to Intel this is its biggest project in Vietnam since it opened its first office in Ho Chi Minh City in 1997. Intel estimates several thousand jobs will be created by the new facility in Vietnam and that it was attracted to the country by its skilled, vibrant workforce, as well as the support Intel has received over the past four years from the Vietnam government, the Saigon Hi-tech Park and suppliers.

Federal agents raided the home of a former National Archives and Records Administration employee Tuesday after watchdogs said the agency is leaving itself vulnerable to significant security breaches by failing to properly safeguard sensitive information.

About a dozen federal and local agents executed a search warrant Tuesday at the Rockville home of Leslie Waffen, in the 500 block of Saddle Ridge Lane, said Deputy U.S. Marshal David Ablondi, spokesman for the U.S. Marshals Service in Maryland. (An earlier version of this posting inaccurately said the raid took place Thursday.)

A law enforcement official said five U.S. Marshals agents assisted three or four agents with the National Archives Office of Inspector General. They were backed up by a Montgomery County Police squad car. It appeared that Waffen and his wife were awakened by the agents. They were dressed in sweats and a house coat, respectively, said the official, who asked for anonymity because the investigation is ongoing.

National identification cards are nothing new to Germans. Citizens have been required to show their ID card or a passport to the authorities since 1939, when the Nazis first wrote it into law. After World War II, the various occupying powers kept the policy of national ID cards for everyone over the age of 16.

On November 1, the German government is rolling out the latest incarnation of the German national ID card, the so-called electronic ID, or EID. The new cards contain a microchip using radio frequency identification technology, or RFID. This technology is already widely used in security systems for various buildings, as well as by retailers to inventory goods.

All citizens whose ID cards are expiring this year can apply for new ones, as the government begins to phase them in. “It’s an electronic means of identifying an item, in this case an ID card,” said Karsten Nohl, an independent security expert, in an interview with Deutsche Welle.

It may be a little safer to log into Facebook at coffee shops again.

A student at the University of Iceland has programmed a potential antidote to Firesheep, a hacking tool that can access social networking accounts over unsecured WiFi networks. It’s called FireShepherd and it aims to stop Firesheep, which was apparently created with good intentions but has the potential to wreak havoc.

Seattle-based software developer Eric Butler released Firesheep as a way of informing Internet users about the dangers of using public WiFi networks that aren’t password protected. Hackers have long been able to intercept data that crosses open WiFi networks, but Firesheep makes it simple for virtually anyone to do it.

Before transitioning into journalism, Kevin Poulsen, currently a senior editor at Wired, was known as Dark Dante. One of America’s best-known hackers, Poulsen was featured on NBC’s Unsolved Mysteries (that night, the show’s 1-800 number crashed) before police caught up with him. After spending several years in jail, Poulsen reinvented himself as an authority on the technology he once exploited. He now oversees Threat Level, a blog about online privacy and security.

As a preview to the state-side release of The Girl Who Kicked the Hornet’s Nest, Vanity Fair sat down with Poulsen to ask him about Lisbeth Salander, one of the major characters in the Stieg Larsson trilogy, who apparently (we’ve never read them) moonlights as a hacker. The best stuff comes at the end of the interview, when Michael Hogan, paranoid that modern-day Dark Dante’s could gain access to the nuclear codes, poses a series of hacker scenarios to Poulsen.

-Microsoft is making a change to its policies for Windows Phone 7 that will allow applications to more easily run when the screen is turned off.

Until now, applications that wanted to run when the screen was locked had to get the user’s explicit permission. Under new rules announced on Friday, programs can do so without permission–provided they first demonstrate to Microsoft that they only use a reasonable amount of battery life (allowing more than six hours of use for an app playing audio and more than 120 hours for a program that does not play audio).

The move comes as the first Windows Phone 7 devices have gone on sale in Europe and Asia, with the first phones hitting the U.S. market on November 8. The policy change is a matter of both convenience–audio apps, for example, make sense to play when the screen is off–as well as fairness. Many of Microsoft’s own apps, including application downloading, e-mail syncing, and Zune playback and downloads are all allowed to happen in the background.

Listen to the generals speak, and you’d think the Pentagon’s networks were about to be overrun with worms and Trojans. But a draft federal report indicates that the number of “incidents of malicious cyber activity” in the Defense Department has actually decreased in 2010. It’s the first such decline since the turn of the millennium.

In the first six months of 2010, there were about 30,000 such incidents, according to statistics compiled by the U.S.-China Economic and Security Review Commission. Last year, there were more than 71,000. “If the rate of malicious activity from the first half of this year continues through the end of the year,” the commission notes in a draft report on China and the internet, “2010 could be the first year in a decade in which the quantity of logged events declines.”