Andrew Patrick

Sometimes, the computer repair man is your biggest enemy. Not only can the technicians access any private, unprotected information on your system, but they can use that information against you. This story describes an elaborate scheme of psychological exploitation to commit a very large fraud.

According to police, the pair were able to convince Davidson that the virus was in fact a symptom of a much larger plot in which he was being menaced by government intelligence agencies, foreign nationals and even priests associated with Catholic organisation, Opus Dei.

So convinced was the victim he is said to have agreed to pay the pair $160,000 per month for 24-hour protection against the fictitious threats, payments which continued until recently.

photo by laihiu

David Barrera will be speaking on Usability and Security  of Android, Google’s Open Source Smartphone System

Date: Tuesday November 16, 2010
Time: 6:00pm
Place: TheCodeFactory, 246 Queen St., Ottawa
See http://www.capchi.org/events

The adoption of Android-based smartphones is growing at a rapid pace (nearly 200,000 activations per day) which has placed Google among the top smartphone system vendors worldwide. Despite Android’s open source nature, there are a number of security and usability issues that have yet to be addressed. This talk will cover issues related to security prompts and notices on the device, permission granting, smudge attacks and application security. We will discuss how these issues affect other platforms as well, including Apple iOS, Blackberry, and Symbian.

David Barrera is a 1st year Ph.D. student in Computer Science at Carleton University under the direction of Paul Van Oorschot. His research interests include smartphone and mobile OS security, data visualization, network security and IPv6.

by Funkyah

Memory research has demonstrated that it is easy to implant false memories, convincing people that they had experienced some event or emotion that never really happened. This has long been a problem in the area of forensic psychology and eyewitness testimony.

Now researchers are speculating about implanting false memories by alter photographs, perhaps stored on a social network site like Facebook, to insert products in situations that never really happened.

Would adding Coca-Cola bottles to your favorite photos from last Christmas change your attitudes, and desire to buy, the product?

By taking advantage of implanted memories, corporate product placement in photos on social networking sites could finally accomplish the much-desired — but incredibly difficult — goal of altering brand loyalty,

TRUST2011 is scheduled for June and the Call for Papers is out. I am on the program committee for the socio-economic strand and papers are due February 15, 2011.

TRUST 2011 is an international conference on the technical and soci-economic aspects of trustworthy infrastructures. It provides an excellent interdisciplinary forum for researchers, practitioners, and decision makers to explore new ideas and discuss experiences in building, designing, using and understanding trustworthy computing systems.

The Call for Papers for SOUPS 2011 is now out. It is my pleasure to be on the program committee again.

The symposium will bring together an interdisciplinary group of researchers and practitioners in human computer interaction, security, and privacy. The program will feature technical papers, a poster session, panels and invited talks, discussion sessions, and in-depth sessions (workshops and tutorials). This year SOUPS will be held in Pittsburgh, PA.

Papers are due March 11, 2011.

Kim Cameron has posted a remembrance of Andreas Pfitzmann, a shining light in the field of security and privacy research. Andreas was a professor at the Technische Universität Dresden and I had the privilege of visiting with him during a PETS conference in 2003.

Andreas was a gracious host and avid hiker and, like Cameron, I will always value his contribution of a clear terminology for the often confusing world of anonymity, unlinkability, undetectability, unobservability, pseudonymity, and identity management.

Ottawa people involved in human-computer might be interested in this…

Do you have a cool idea to mash up some data about Ottawa? Well, the city is running an apps development contest, and the main judging criteria are right up our alley: usefulness, inventiveness, usability, and accessibility.

via CapCHI » Apps4Ottawa: Build a cool app for your city.

What Rutgers reveals is, yet again, that new technologies can facilitate new and more creative ways of being cruel to each other.

Steve Schultze has made some interesting comments about the recent suicide by a Rutgers student after an embarrassing video was posted on the Internet. Reacting to a media treatment that took the position that it is not the technology that led to this problem, it is us (human nature), Schultze argues that technology is a facilitator that sometimes brings out the worst of human nature. He observes that technology can often allow people to do things that they would never do in the real, face-to-face world, and we ignore this at our peril.

Authorities in the US have arrested more than 80 “mules” involved in large scale bank fraud. Although the masterminds are still at large, and probably in Eastern Europe, these arrests show the massive size and success of the fraud operation. Cyber crime has become a virtual economy.

The Zeus banking Trojan enabled hackers to secretly monitor the victims’ computer activity, enabling them to obtain bank account numbers, passwords, and authentication information as the victim typed them into the infected computer, the FBI said.

The scheme relied on individuals known as “money mules” in the United States to actually steal money, the FBI said. Bharara said those arrested consisted almost entirely of mules and four people who managed them.

…

“The hacking rings we see today take on a more organized approach, similar to a drug cartel or a cyber-mafia,” Bar Yosef says. “There is a hierarchy with employees that have a distinct role in the scheme — the researcher looking for different ways to infect machines, the botnet farmer operating the bots, the botnet dealer renting the bots, and the actual ‘consumer’ who monetizes on the virtual goods received by the bot.

via More Than 80 Arrested In Alleged Zeus Banking Scam – computer crime/Attacks – DarkReading.

Android applications are supposed to get permission from the user before they gain access to personal information, such as location. But what happens once the permission is given?

This study from Network World looked at 30 apps to see where and when personal information was used, and found some worrisome results.

A recent test of prototype security code for Android phones found that 15 of 30 free Android Market applications sent users’ private information to remote advertising servers, without the users being aware of what was being sent or to whom. In some cases, the user’s location data was sent as often as every 30 seconds.