Author: Christopher Parsons

Policy wonk. Torontonian. Photographer. Not necessarily in that order.

Categories
Aside Links

Grand Visions Fizzle in Brazil

The NYT has an incredibly depressing view of the way that Brasil is moving forward; while much of it is shared by the citizens of that country the article is overly one-sided and generally lacks a comprehensive understanding of why some of the cost overruns and setbacks have happened. We read that environmental protections and efforts to work with aboriginal people’s have led to railroads being delayed: why were there such expectations of a smooth and quick development of such railroads in the first place? Perhaps because the ‘frictions’ of such development (i.e. environment and people living on the land) had been cast aside?

What is largely missing throughout the piece is the context: why were certain projects put forward and then abandoned? In the absence of such context we’re left with the impression that the setbacks are the result of poor management and bureaucracy but is this the case, or simply the projection of American values onto specific South American infrastructure decisions?

Categories
Links

How do you fix two-thirds of the web in secret?

If you’re interested in why it’s so hard to patch a huge portion of the Internet in secret, and what forced the (relatively) early public disclosure of Heartbleed, then this is a good article to read.

Categories
Links

Heartbleed Ripped a Hole in the Internet | VICE Canada

The internet is currently atwitter with talk about Heartbleed bug, an encryption fault which caused a horrific ripple effect in the OpenSSL system that put your passwords on sites like RedTube, & Yahoo.

Chris Parsons nearly predicted the CRA’s vulnerability just before they decided to shut down their tax websites, while some of his colleagues and followers criticized the Canadian Cyber Incident Response Centre (CCIRC) for not alerting the public sooner, when it was already obvious the CRA was using a vulnerable version of SSL. Chris discussed the potential ramifications of the CRA’s Heartbleed vulnerability with me:

“A significant amount of highly sensitive tax-related personal information is passed through CRA’s online service gateways. A third-party could have, potentially, accessed logins and passwords of Canadians or the private keys of CRA’s services. The former set of information would let that party log into CRA and impersonate the person in question. The latter set of data could let the third-party decrypt previously captured client-server information and, as a result, decode not just passwords and logins but also the tax data that individuals provided to CRA.”

First time that I’ve been quoted (extensively) in Vice!

Source: Heartbleed Ripped a Hole in the Internet | VICE Canada

Categories
Aside

Heartbleed Warning

A really good example of how services can, and should, warn users about how to respond to the Heartbleed OpenSSL vulnerability.

Categories
Aside Links

Heartbleed bug found in key encryption technology risks exposing private data

Researchers have discovered a serious security flaw known as the “Heartbleed” bug in the software commonly used by thousands of Websites to encrypt and secure sensitive data being transmitted across the Internet

This was an absolute gift to intelligence agencies all over the world. And one that was – and is – being widely exploited in the wild by criminals and other unauthorized third-parties.

Source: Heartbleed bug found in key encryption technology risks exposing private data

Categories
Aside Links

Air Canada to add Wi-Fi access on North American flights

Soon, there will be no way to escape the boss’ urgent email, even if you’re on a plane, as Air Canada announces deal to bring Wi-Fi to the skies.

Not only will you not be able to evade your boss but, given that Air Canada has partnered with GoGo, you’ll also be subject to unnecessarily broad state interception technologies. Air Canada: fly for the high prices, stay for the corporate-enabled excessive state surveillance!

Categories
Aside Links

CSEC dodges questions on relationship with Big Three telecom companies

Canadian spy agency head John Forster fielded questions from MPs, and says organization’s focus is foreign intelligence collection, not domestic

Takeaway from the article? CSEC boss “can’t really disclose” what kinds of access it could have to data flowing through Bell, Rogers and Telus.

Categories
Links

How advertising cookies let observers follow you across the web

Back in December, documents revealed the NSA had been using Google’s ad-tracking cookies to follow browsers across the web, effectively coopting ad networks into surveillance networks. A new paper from computer scientists at Princeton breaks down exactly how easy it is, even without the resources and access of the NSA.

Source: How advertising cookies let observers follow you across the web

Categories
Links

Make police chiefs’ associations transparent, says B.C. privacy commissioner

The two associations representing police chiefs in B.C. should be subject to freedom of information laws, according to B.C. Privacy and Information Commissioner Elizabeth Denham.

After years spent covering the issue, journalist Rob Wipond is finally getting some transparency into how police chief organizations operate in BC!

Categories
Aside

Surveillance Whakery

otakugenx:

More surveilance whakery.  Gotta thank the republicans and democrats for taking away our privacy.

The second image is terrific!