Many of these are amazing, in that they show how one of the most adored fantasy world’s maps began just as those used in most homebrew D&D games.
Category: Links
How ‘white hat’ hackers could help in the Ashley Madison investigation:
TORONTO – It’s not every day that the police appeal to the hacking community to help investigate a wide-scale hacking incident.
…
Because much of the Ashley Madison data leak unfolded on the dark web, it makes sense that authorities are appealing to “good” hackers who may have engaged with those behind the leak to come forward. However, according to cyber security expert Chris Parsons, it could have major implications.
“Such hackers possess a technical skill set and may use it to analyze leaked data or to try and track down or identify those suspected for leaking the Ashley Madison data,” said Parsons.
“The danger…is that in hunting for suspected leakers some parties may act beyond, or outside, the law in an attempt to help authorities. In the course of behaving this way they might actually endanger the investigation’s legitimacy or even compromise legitimate evidence.”
Parsons added that without a clearer set of ‘terms of engagement,’ police could bring on further investigations into those “recruited” to help them – putting a strain on resources and risking the integrity into the investigation into the Ashley Madison data breach.
Feds considering warrantless access to internet subscriber info: police chiefs:
OTTAWA – A new administrative scheme that would allow police to obtain basic information about Internet subscribers without a warrant is one option being considered by federal officials following a landmark Supreme Court ruling that curbed access to such data, Canadian police chiefs say.
…
A researcher who has long pressed for more transparency around police access to subscriber data said Monday that law-enforcement agencies have yet to make the case for warrantless access – especially since companies can make information available quickly in a genuine emergency.
“We’re not at a point where it’s clear the police have a legitimate concern,” said Christopher Parsons, a postdoctoral fellow with the Citizen Lab at Toronto’s Munk School of Global Affairs.
In June last year, the Supreme Court ruled police need judicial authorization to obtain subscriber data linked to online activities. The high court rejected the notion the federal privacy law governing companies allowed them to hand over subscriber identities voluntarily.
The court judgment came amid swelling public concern about authorities quietly gaining access to customer information with little evident scrutiny or oversight.
…
Parsons wants police to release more statistical information about their requests. “They actually have to make the argument with data, so we can have an evidence-based policy discussion.”
He would also like to see civil society groups and others included in the discussions about possible legislative change.
Twitter closes off ability to track and repost politicians’ deleted tweets:
Twitter has shut off the ability of more than two dozen accounts to track and repost tweets deleted by politicians and other officials in 30 countries around the world, including Canada.
…
Christopher Parsons, a fellow at the Citizen Lab at the University of Toronto’s Munk School of Global Affairs, said Twitter’s decision shows that the company “is unwilling to have its API routinely used to monitor what people have tried to delete.
“It appears as though Twitter is saying, ‘Look we know it’s possible, but we don’t want it being done.’ ”
…
According to Parsons, the weekend Twitter closures may force groups to analyze the different reasons tweets are deleted, rather than posting all deletions automatically, which could change the data’s impact.
“The way in which (the information is) published can be very different, the context can be much broader, and depending on the intent of the group in question, it could be more damning,” he said.
The debate, he added, shows the impact corporations such as Twitter can have on how public figures communicate with people.
“With the American election right now and the Canadian election going on, that’s where these sorts of deletions are often most interesting to the general public,” he said.
Canadian companies have no incentive to report cyber attacks, like that on Ashley Madison:
Canada’s Digital Privacy Act, passed by Parliament in June, will require companies to report breaches once regulations are prepared. But experts say it is essentially toothless because it contains few financial penalties.
The Act will introduce fines up to $100,000 for deliberately not reporting a breach.
“There’s the obligation to report, which is, of course, positive,” said Christopher Parsons, managing director of the telecom transparency project at the Munk School of Global Affairs’ Citizen Lab.
“But without any sort of punitive consequences you run into the question of how useful is the notification itself.”
There is little data on how secure corporate Canada truly is partly because of a lack of breach notification laws, Parsons said.
…
Without a financial imperative to beef up security, companies are unlikely to shell out the millions of dollars required to identify and prevent them, Parsons said.
“For most companies, security is a drag,” Parsons said, adding that executives tend to reject investment in cybersecurity, where concerns tend to lead to IT professionals saying “no” to a lot of ideas, while also eating up company time, money and resources.
“All those no’s either inhibit fast fluid business, or they increase the cost and the friction of anything a company wants to do.”
Meanwhile, hackers are getting more sophisticated, but they don’t even need to because the defence systems are so weak, Parsons said.“If you’re a hacker, you have to succeed once; if you’re a defender, you have to succeed every single time.”
So your name is in the Ashley Madison database … are you a cheater?:
“There was no requirement for verification prior to being added to their database,” said Christopher Parsons, a post-doctoral researcher and cyber-security expert at the University of Toronto’s Citizen Lab.
“It’s entirely possible that people’s email addresses were added by friends or co-workers as a prank.”
But, he said, the likelihood of that “is somewhat low.”
Just because someone’s email address can be found in the database doesn’t mean they were active users who committed adultery. They could have just been curious about the site, Parsons said.
While those who registered for the site using their official, government-issued email addresses may be naïve, Parsons said some of them may have done so intentionally.
“Perhaps they share a personal email account with their spouse or partner,” he said. “Using their government account might have been seen as safer.”
Although there have been larger data breaches in the past, Parsons said the Ashley Madison hack is worrying because government officials found using the site could become victims of blackmail.
It’s happened after data breaches in the U.S. and could happen just as easily in Canada, he said.
Partnership between NSA and telecoms pose both security and privacy risk, experts say:
Speculation remains as to whether the programs still exist, but as Cohn said: “The story that [these documents] tell is [the NSA is] just grabbing more, and more, and more, and more. Nothing in this six-year span is of them getting anything less. [So our] best guess is that trajectory continued.”
Christopher Parsons, postdoctoral fellow, Citizen Lab at the Munk School of Global Affairs, seconded Cohn’s thoughts and expressed surprise that no documents have indicated any change in programs.
…
Even if Americans aren’t exactly concerned about their data, per se, Parsons reminded that beyond losing its citizens’ trust, the U.S. government loses diplomatic credibility through these leaked documents. The government can’t argue for a free and open internet if it monitors foreigners and its own citizens, he said.
“If you use the internet, and the data goes through the U.S., the government is spying on it,” he said.
Encryption: Officials seek ‘backdoor’ entry points; critics decry government overreach:
In other words, University of Toronto’s Chris Parsons wrote on Twitter, “you either support backdoors, or you support the murderers and child abuser.”
…
“I think that each company will have to evaluate the corporate risks associated with implementing any backdoors,” Mr. Parsons, a postdoctoral fellow who studies privacy and security at Citizen Lab, a division of the university’s Munk School of Global Affairs, told The Washington Times this week.
“While satisfying U.S. and U.K. government authorities might (temporarily) relieve pressure, the companies would suffer tremendous international criticism and suspicion were they to undermine the security of their products,” he continued, adding that a likely plummet in profits, if nothing else, “will buttress corporate principles and force companies (on their shareholders’ behalfs) to maintain their current security stances.”
…
Neither Google nor Apple has publicly responded yet to this week’s op-ed, but Mr. Parsons in Toronto says that it’s so far been promising to hear that law enforcement can’t crack a type of encryption that now comes standard.
“To a certain degree, it is reassuring that consumer-level encryption is sufficiently robust that even state authorities find it challenging to break. People and businesses entrust highly sensitive information and capabilities to their devices, and so this affirmation confirms that criminals who steal devices will have similar difficulties in using these against their owners,” he told The Times.
But it’s also reassuring, he added, “because the adoption of these strong standards is a result of companies acknowledging that law enforcement and other state agencies are overreaching in their access to customer data,” including federal and local security and law enforcement groups.
“Legal protections have simply not kept up with the people’s privacy expectations, and the adoption of these strong standards is an encouraging sign that companies are responding accordingly,” he said. “The reality is that, while this may close off one avenue of investigation to state agencies, these agencies now have access to more information with fewer legal restrictions than at any time in recent history.”
Ottawa’s ‘secret network’ in question following alleged hack:
OTTAWA — The integrity of a federal “secret network” launched last year at a cost of millions to taxpayers is in question following an alleged hack this week that resulted in highly sensitive information becoming public.
…
It is possible, of course, to maintain the integrity of a network regardless of the number of people authorized for access, said Christopher Parsons, a fellow with the Citizen Lab at the Munk School of Global Affairs.
It’s just difficult, he said.
“The goal with these secured networks is to keep classified material in the classified space,” Parsons said in an interview. “If that firewall is maintained between classified and unclassified material, the number of people doesn’t immediately cause a problem.”
The potential for problems arises, however, when a weak link presents itself —and the more people brought in, the higher the chance a weak link will show up, Parsons explained, speaking broadly of classification and secure-network issues.
“It’s just the fact of the matter that the more people you have on any of these networks, the higher the chance someone accidentally moves a document where they weren’t supposed to, or intentionally moves a document somewhere they weren’t supposed to, or, in a worst case scenario, there’s an insider threat,” he said.
…
Based on the bit of information available at this point on this week’s incident, which comes mostly from Anonymous, it’s difficult to say whether the document was made available through a leak or a hack, Parsons said before offering five hypotheses making their way around:
The first is that some individuals found a way to remove redactions on a previously released document. Secondly, it’s feasible someone within Treasury Board accidentally shared the file through a program, innocuously moving it from the classified to unclassified network. The third possibility is similar, only the move from a secure to un-secure environment was intentional.
Another option still is that an employee’s laptop or device was infected with malware.
“Or, it could be, legitimately, the individuals calling themselves Anonymous this time successfully penetrated some element of the Treasury Board’s network,” Parsons said.
“Some of the government’s Crown Jewels lie in the Treasury Board’s networks. Having unauthorized parties within them would be a serious breach of not just cyber security, but national security … If one party is doing it, there’s no reason to think another party, like a foreign government isn’t doing the same thing.”
Pakistan Is Ordering Telecom Companies to Ban BlackBerry Encrypted Messaging:
The government of Pakistan is “requesting” that three telecom companies stop providing BlackBerry’s encrypted messaging services to customers, according to documents obtained by civil rights group Bytes for All Pakistan.
…
“This demonstrates, at a policy level, that a very large government is willing to ban communications if they can’t gain access to it,“ said Chris Parsons, a post-doctoral fellow at digital rights group Citizen Lab.”Maybe it’s just Pakistan, and nobody else will do it, but it’s certainly a strong change to, ‘If we can’t backdoor it, then we will ban it,’” he added.
Excited Pixels 