Tuesday 24 March 2009
Monday 23 March 2009
Save the children? ICANN opens debate on CyberSafety charter
The group behind the campaign to take porn off of port 80 is now lobbying ICANN to create a new "Cybersafety Constituency" to assist in the formulation of domain name system policy.
ICANN has been soliciting a lot of comments on its governance and future of late, including one petition to form a CyberSafety Constituency (CSC) within the Non-Commercial Stakeholders Group. (NCSG). The petition (PDF) as filed with ICANN is fairly innocuous and harmless-sounding, but the woman doing the filing—Professor Cheryl B. Preston, of Brigham Young University—has ties to other nonprofit organizations that should have been disclosed at some point within the application procedure.
Preston is general counsel for the nonprofit group CP80, which advocates for the creation of an Internet filtration system that would supposedly seek to keep porn and other adult content sandboxed away from the family-friendly tubes. The organization deserves credit for proposing a system that wouldn't automatically cripple Internet access speeds nationwide, force deep packet inspection, or turn ISPs into de facto Internet police. That said, failing to qualify as prima facie terrible does not automatically qualify CP80's legislative baby, the Internet Community Portals Act (ICPA) as a good idea.
Filtering at the port level
CP80's solution to the seemingly intractable problem of Internet filtering is to segregate traffic by port. All "normal" traffic (have fun defining that) would continue to flow over Port 80 or whatever port it's currently assigned to. Adult content, however, would be shifted away from Port 80 (hence the group's name, "Clean Port 80") and on to a new port—let's call it Port XXX. Were CP80's legislation to pass, the Internet would look something like this:
The system as illustrated would allow an ISP to sell access plans to both the filtered and unfiltered Internet, consumers could choose which they want, freedoms are preserved, and everyone goes home happy...at least in theory. CP80's proposal might deserve a small bit of credit for avoiding some of the obvious issues that sank the concept of an adult-content .XXX domain name—except for the massive technical flaws and political challenges inherent to the ICPA's design. If you're already wondering about international governance and enforcement, don't worry—CP80 has anticipated your concerns:
Got that?
The ICANN connection
Professor Preston describes the CSC as a group that would focus on Internet safety issues and cites her personal concern that "as Internet policies are developed at ICANN, the interests of families, children, consumers, victims of cybercrime, religions, and cultures become better represented...we need to carefully craft mechanisms involving law and industry that balance unfettered free speech and anonymity with some protections against exploitation of the most vulnerable, the ability to address and reduce criminal activity, and the right of Internet users to have choices in the nature of their access."
As proposed, the CSC would also function as a global outreach initiative and would attempt to coordinate international responses to what the paper posits are common cross-border, cross- cultural concerns. Again, as written, all of this is very kosher: everyone wants to balance rights and responsibilities, protect the "most vulnerable" from exploitation, and give users freedom of choice. Preston's letter advocating the creation of the CSC is consistent with her work for CP80, but some mention of the latter should occur in any discussion of the former, especially since CP80 makes it clear that they've considered the role ICANN might hypothetically play in the creation and international adoption of ICPA-equivalent legislation.
Preston's omission is made potentially more serious by the fact that CP80 itself isn't exactly a digital city on a hill. The organization is headed by Ralph Yarro III, CEO and largest shareholder of the SCO Group. He's also the Founder/CEO of ThinkAtomic; if you visit that company's website you'll note (for now, at least) that the "Featured Company" of the day is CP80. ThinkAtomic is a prominent backer of CP80, and is listed as providing the group with legal, strategic, medical, and technology contributions. Run down the page, and you'll note a common last name—Ralph, Justin, and Matthew Yarro are all listed as technology contributors.
If the BYU professor is serious about establishing the CSC, she'd do well to distance herself from either CP80 or the CSC petition before ICANN. There's nothing within the CSC's stated mission objective that would automatically create conflict with other actors interested in maintaining free speech and online anonymity. The best way to disperse accusations that she or the organization she currently represents has a hidden agenda is to cut ties with one or the other. Whether people agree or disagree with any particular position a hypothetical CSC might advocate, they won't respect the body as legitimate if its viewed as nothing more than the puppet of a US group.
As for CP80's ICPA proposal, it's a bad idea; there's no way feasibly address the political and technical challenges of the project. Even if all such barriers vanished, there would still remain the age-old question of censorship—who does the censoring and writes the standards? Pretending that these issues are irrelevant because we all agree that protecting children is important is whitewashing the topic at its finest. ICANN is accepting public comment on the issue.
By Joel Hruska
Tuesday 17 March 2009
Forensics Tool for Firefox 3.X - F3e
An interesting article i stumbled upon while surfing .
Aparently Firefox uses SQLite databases to store all sorts of interesting stuff like :
Internet browsing history,Bookmarks,Settings,Downloads,Cookies,Form History etc.
Mr. Chris Cohen has written a very useful freeware tool that extracts data from these databases . The tool is called Firefox 3 Extractor or F3u and you can download it from here
The location of these databases , differ among operating systems and can be found at these locations :
Windows XP
C:\Documents and Settings\{user id}\Application Data\Mozilla\Firefox\Profiles\{profile folder}\
Windows Vista
C:\Documents and Settings\{user id}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile folder}\
Linux/Solaris
{User dir - See /etc/passwd for the location}/.mozilla/firefox/{profile folder}/
Aparently f3u has lately started to extract *experimentaly* same information from chrome browser , even though i haven't quite tested it yet.
If you would like to see a tutorial on how to use it you can click Keven Murphy
Aparently Firefox uses SQLite databases to store all sorts of interesting stuff like :
Internet browsing history,Bookmarks,Settings,Downloads,Cookies,Form History etc.
Mr. Chris Cohen has written a very useful freeware tool that extracts data from these databases . The tool is called Firefox 3 Extractor or F3u and you can download it from here
The location of these databases , differ among operating systems and can be found at these locations :
Windows XP
C:\Documents and Settings\{user id}\Application Data\Mozilla\Firefox\Profiles\{profile folder}\
Windows Vista
C:\Documents and Settings\{user id}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile folder}\
Linux/Solaris
{User dir - See /etc/passwd for the location}/.mozilla/firefox/{profile folder}/
Aparently f3u has lately started to extract *experimentaly* same information from chrome browser , even though i haven't quite tested it yet.
If you would like to see a tutorial on how to use it you can click Keven Murphy
Monday 16 March 2009
12 changes that would give US cybersecurity a much needed kick in the pants
Potential cyber attacks against federal and private-sector networks loom larger every day and while the Department of Homeland Security (DHS) has made some important efforts, it has yet to fulfill many of the myriad responsibilities placed on it by the national cybersecurity plan.
Those were the main conclusions of a Government Accountability Office report out today on the status of US national cybersecurity efforts. The GAO report included input from a panel of cybersecurity experts including representatives from the Internet Corporation for Assigned Names and Numbers, Juniper, Verizon, the US Department of Justice and the Electronic Frontier Foundation.
The group came up with 12 cybersecurity improvements that DHS and others involved in the protection of national networked assets should employ. According to the GAO report these recommendations are as follows: :
1. Develop a national strategy that clearly articulates strategic objectives, goals, and priorities.
2. Establish White House responsibility and accountability for leading and overseeing national cybersecurity policy: Currently the DHS is the focal point for cybersecurity; however, according to panel members, DHS has not met expectations and has not provided the high-level leadership needed to raise cybersecurity to a national focus. Accordingly, panelists stated that to be successful and to send the message to the nation and cyber critical infrastructure owners that cybersecurity is a priority, this leadership role needs to be elevated to the White House. In addition, to be effective, the office must have, among other things, corresponding authority-for example, over budgets and resources-to implement and employ appropriate incentives to encourage action.
3. Establish a governance structure for strategy implementation. The strategy establishes a public/private partnership governance structure that includes 18 critical infrastructure sectors, corresponding government and sector coordinating councils, and cross-sector councils. However, according to panelists, this structure is government-centric and largely relies on personal relationships to instill trust to share information and take action.
4. Publicize and raise awareness about the seriousness of the cybersecurity problem. Experts suggested that an aggressive awareness campaign is needed to raise the level of knowledge of leaders and the general populace that our nation is constantly under cyber attack.
5. Create an accountable, operational cybersecurity organization. DHS established the National Cyber Security Division (within the Office of Cybersecurity and Communications) to be responsible for leading national day-today cybersecurity efforts; however, according to panelists, this has not enabled DHS to become the national focal point as envisioned. Panel members stated that currently, DOD and other organizations within the intelligence community that have significant resources and capabilities have come to dominate federal efforts. The group told the GAO there also needs to be an independent cybersecurity organization that leverages and integrates the capabilities of the private sector, civilian government, law enforcement, military, intelligence community, and the nation's international allies to address incidents against the nation's critical cyber systems and functions. However, there was not consensus among the panel regarding where this organization should reside.
6. Focus more actions on prioritizing assets, assessing vulnerabilities, and reducing vulnerabilities than on developing additional plans.
7. Bolster public/private partnerships through an improved value proposition and use of incentives. Panelists stated that the federal government should provide valued services (such as offering useful threat or analysis and warning information) or incentives (such as grants or tax reductions) to encourage action by and effective partnerships with the private sector.
8. Focus greater attention on addressing the global aspects of cyberspace. Panel members stated that the US should pursue a more coordinated, aggressive approach so that there is a level playing field globally for US corporations and enhanced cooperation among government agencies, including law enforcement. In addition, a panelist stated that the
US should work towards building consensus on a global cyber strategy.
9. Improve law enforcement efforts to address malicious activities in cyberspace. Panel members stated that current domestic and international law enforcement efforts, including activities, procedures, methods, and laws are too outdated and outmoded to adequately address the speed, sophistication, and techniques of individuals and groups, such as criminals, terrorists, and adversarial foreign nations with malicious intent.
10. Place greater emphasis on cybersecurity research and development, including consideration of how to better coordinate government and private sector efforts. experts stated that the US is not adequately focusing and funding research and development efforts to address cybersecurity or to develop the next generation of cyberspace to include effective security capabilities. In addition, the research and development efforts currently underway are not being well coordinated between government and the private sector.
11. Increase the cadre of cybersecurity professionals. Experts stated that actions to increase the number of professionals with adequate cybersecurity skills should include (1) enhancing existing scholarships and (2) making the cybersecurity discipline a profession through testing and licensing.
12. Make the federal government a model for cybersecurity. Although the federal government has taken steps to improve the cybersecurity of agencies, panelists stated that it still is not a model for cybersecurity. Further, they said the federal government has not made changes in its acquisition function and the training of government officials in a manner that effectively improves the cybersecurity capabilities of products and services purchased and used by federal agencies.
Those were the main conclusions of a Government Accountability Office report out today on the status of US national cybersecurity efforts. The GAO report included input from a panel of cybersecurity experts including representatives from the Internet Corporation for Assigned Names and Numbers, Juniper, Verizon, the US Department of Justice and the Electronic Frontier Foundation.
The group came up with 12 cybersecurity improvements that DHS and others involved in the protection of national networked assets should employ. According to the GAO report these recommendations are as follows: :
1. Develop a national strategy that clearly articulates strategic objectives, goals, and priorities.
2. Establish White House responsibility and accountability for leading and overseeing national cybersecurity policy: Currently the DHS is the focal point for cybersecurity; however, according to panel members, DHS has not met expectations and has not provided the high-level leadership needed to raise cybersecurity to a national focus. Accordingly, panelists stated that to be successful and to send the message to the nation and cyber critical infrastructure owners that cybersecurity is a priority, this leadership role needs to be elevated to the White House. In addition, to be effective, the office must have, among other things, corresponding authority-for example, over budgets and resources-to implement and employ appropriate incentives to encourage action.
3. Establish a governance structure for strategy implementation. The strategy establishes a public/private partnership governance structure that includes 18 critical infrastructure sectors, corresponding government and sector coordinating councils, and cross-sector councils. However, according to panelists, this structure is government-centric and largely relies on personal relationships to instill trust to share information and take action.
4. Publicize and raise awareness about the seriousness of the cybersecurity problem. Experts suggested that an aggressive awareness campaign is needed to raise the level of knowledge of leaders and the general populace that our nation is constantly under cyber attack.
5. Create an accountable, operational cybersecurity organization. DHS established the National Cyber Security Division (within the Office of Cybersecurity and Communications) to be responsible for leading national day-today cybersecurity efforts; however, according to panelists, this has not enabled DHS to become the national focal point as envisioned. Panel members stated that currently, DOD and other organizations within the intelligence community that have significant resources and capabilities have come to dominate federal efforts. The group told the GAO there also needs to be an independent cybersecurity organization that leverages and integrates the capabilities of the private sector, civilian government, law enforcement, military, intelligence community, and the nation's international allies to address incidents against the nation's critical cyber systems and functions. However, there was not consensus among the panel regarding where this organization should reside.
6. Focus more actions on prioritizing assets, assessing vulnerabilities, and reducing vulnerabilities than on developing additional plans.
7. Bolster public/private partnerships through an improved value proposition and use of incentives. Panelists stated that the federal government should provide valued services (such as offering useful threat or analysis and warning information) or incentives (such as grants or tax reductions) to encourage action by and effective partnerships with the private sector.
8. Focus greater attention on addressing the global aspects of cyberspace. Panel members stated that the US should pursue a more coordinated, aggressive approach so that there is a level playing field globally for US corporations and enhanced cooperation among government agencies, including law enforcement. In addition, a panelist stated that the
US should work towards building consensus on a global cyber strategy.
9. Improve law enforcement efforts to address malicious activities in cyberspace. Panel members stated that current domestic and international law enforcement efforts, including activities, procedures, methods, and laws are too outdated and outmoded to adequately address the speed, sophistication, and techniques of individuals and groups, such as criminals, terrorists, and adversarial foreign nations with malicious intent.
10. Place greater emphasis on cybersecurity research and development, including consideration of how to better coordinate government and private sector efforts. experts stated that the US is not adequately focusing and funding research and development efforts to address cybersecurity or to develop the next generation of cyberspace to include effective security capabilities. In addition, the research and development efforts currently underway are not being well coordinated between government and the private sector.
11. Increase the cadre of cybersecurity professionals. Experts stated that actions to increase the number of professionals with adequate cybersecurity skills should include (1) enhancing existing scholarships and (2) making the cybersecurity discipline a profession through testing and licensing.
12. Make the federal government a model for cybersecurity. Although the federal government has taken steps to improve the cybersecurity of agencies, panelists stated that it still is not a model for cybersecurity. Further, they said the federal government has not made changes in its acquisition function and the training of government officials in a manner that effectively improves the cybersecurity capabilities of products and services purchased and used by federal agencies.
Fingerprinting Blank Paper Using Commodity Scanners
Today Will Clarkson, Tim Weyrich, Adam Finkelstein, Nadia Heninger, Alex Halderman and I released a paper, Fingerprinting Blank Paper Using Commodity Scanners. The paper will appear in the Proceedings of the IEEE Symposium on Security and Privacy, in May 2009.
Here's the paper's abstract:
This paper presents a novel technique for authenticating physical documents based on random, naturally occurring imperfections in paper texture. We introduce a new method for measuring the three-dimensional surface of a page using only a commodity scanner and without modifying the document in any way. From this physical feature, we generate a concise fingerprint that uniquely identifies the document. Our technique is secure against counterfeiting and robust to harsh handling; it can be used even before any content is printed on a page. It has a wide range of applications, including detecting forged currency and tickets, authenticating passports, and halting counterfeit goods. Document identification could also be applied maliciously to de-anonymize printed surveys and to compromise the secrecy of paper ballots.
Viewed under a microscope, an ordinary piece of paper looks like this:
The microscope clearly shows individual wood fibers, laid down in a pattern that is unique to this piece of paper.
If you scan a piece of paper on an ordinary desktop scanner, it just looks white. But pick a small area of the paper, digitally enhance the contrast and expand the image, and you see something like this:
The light and dark areas you see are due to two factors: inherent color variation in the surface, and partial shadows cast by fibers in the paper surface. If you rotate the paper and scan again, the inherent color at each point will be the same, but the shadows will be different because the scanner's light source will strike the paper from a different angle. These differences allow us to map out the tiny hills and valleys on the surface of the paper.
Here is a visualization of surface shape from one of our experiments:
This part of the paper had the word "sum" printed on it. You can clearly see the raised areas where toner was applied to the paper to make the letters. Around the letters you can see the background texture of the paper.
Computing the surface texture is only one part of the job. From the texture, you want to compute a concise, secure "fingerprint" which can survive ordinary wear and tear on the paper, such as crumpling, scribbling or printing, and moisture. You also want to understand how secure the technology will be in various applications. Our full paper addresses these issues too. The bottom-line result is a sort of unique fingerprint for each piece of paper, which can be determined using an ordinary desktop scanner.
For more information, see the project website or the research paper.
By Ed Felten
Here's the paper's abstract:
This paper presents a novel technique for authenticating physical documents based on random, naturally occurring imperfections in paper texture. We introduce a new method for measuring the three-dimensional surface of a page using only a commodity scanner and without modifying the document in any way. From this physical feature, we generate a concise fingerprint that uniquely identifies the document. Our technique is secure against counterfeiting and robust to harsh handling; it can be used even before any content is printed on a page. It has a wide range of applications, including detecting forged currency and tickets, authenticating passports, and halting counterfeit goods. Document identification could also be applied maliciously to de-anonymize printed surveys and to compromise the secrecy of paper ballots.
Viewed under a microscope, an ordinary piece of paper looks like this:
The microscope clearly shows individual wood fibers, laid down in a pattern that is unique to this piece of paper.
If you scan a piece of paper on an ordinary desktop scanner, it just looks white. But pick a small area of the paper, digitally enhance the contrast and expand the image, and you see something like this:
The light and dark areas you see are due to two factors: inherent color variation in the surface, and partial shadows cast by fibers in the paper surface. If you rotate the paper and scan again, the inherent color at each point will be the same, but the shadows will be different because the scanner's light source will strike the paper from a different angle. These differences allow us to map out the tiny hills and valleys on the surface of the paper.
Here is a visualization of surface shape from one of our experiments:
This part of the paper had the word "sum" printed on it. You can clearly see the raised areas where toner was applied to the paper to make the letters. Around the letters you can see the background texture of the paper.
Computing the surface texture is only one part of the job. From the texture, you want to compute a concise, secure "fingerprint" which can survive ordinary wear and tear on the paper, such as crumpling, scribbling or printing, and moisture. You also want to understand how secure the technology will be in various applications. Our full paper addresses these issues too. The bottom-line result is a sort of unique fingerprint for each piece of paper, which can be determined using an ordinary desktop scanner.
For more information, see the project website or the research paper.
By Ed Felten
Thursday 12 March 2009
New Side to Face-Recognition Technology: Identifying Victims
Since Sept. 11, discussion of the disputed technology of face recognition has focused on its potential for identifying criminals and terrorists -- and for invading citizens' privacy. But in England, the police are pursuing a different path: they want to use facial recognition software to identify crime victims.
Using software developed by a Canadian company, Britain's National Crime Squad is creating a database of nearly three million pictures seized in raids of child pornography rings. By matching the images against pictures of missing children, investigators hope to find them, or at least generate clues -- an unusual car or or distinctive scenery -- that can help identify the people making the photos and films.
Facial recognition has been in development for decades, but recent advances in computer power and software have made the systems less expensive and more accurate -- though just how accurate remains a subject of debate.
Most systems work by taking pictures of faces, comparing them to a template and making dozens of measurements of each one, including factors like the distance between the eyes. In the case of Imagis Technologies -- the company in Vancouver, British Columbia, that created the software out of earlier work on recognizing patterns in satellite photographs -- the program detects hundreds of ''light source positions.'' It also measures factors like the angle of the head and facial shape, said Andy Amanovich, the company's chief technology officer.
The mathematical description of those features is stored in a database, to be compared with other strings of numbers that have been derived from faces -- and also jewelry, clothes, scars and background objects like furniture or vehicles.
No facial recognition system is perfect, or even close: all make mismatches and overly broad matches. Many can be confounded by simple subterfuges like wigs or glasses. Civil liberties and other groups say they cast too wide a net, invading privacy and extending the reach of surveillance too far.
And the technology's credibility has not been helped, many experts agree, by exaggerated claims for its effectiveness. ''These software companies have popped off numbers that they can't really substantiate,'' said Ron Cadle, a vice president of Pellco Inc., which is adapting facial recognition systems for use in Fresno Yosemite International Airport. ''It's kind of given them a black eye.''
Mr. Amanovich agreed. ''There's a lot of false claims out there and a lot of specious claims to what all technologies can do,'' he said.
Nevertheless, Mr. Cadle, who uses recognition programs from Visionics Inc. and Viisage, said his company had boosted the reliability his partners' software so that it can make a match 80 percent of the time and falsely claim a match with just 1 of every 500 passengers. Mr. Amanovich, however, said such figures are so malleable at this early stage that claims are not useful.
The British project had its origins in a 1997 sweep in which 101 members of a child pornography trading ring called Wonderland were arrested in raids around the world.
Aficionados of child pornography tend to be obsessive collectors of pictures and films, and that and other raids led to a police database of some three million images -- too many for humans to sort through effectively. (Efforts to create books or CD's by hand had yielded 1,200 identifiable faces, leading to the identification of just 18 children, one of whom had been murdered.) So in December 2000, the squad signed an agreement with a contractor, Serco Group, to automate the rest of the process. Serco turned to Imagis.
Peter Spindler, a detective superintendent with the National Crime Squad, says he has been impressed with early results. The software was able to identify images from a test database -- not just images of children, but also of siblings. The feature could could help identify families participating in the porn trade.
But one expert in child pornography said the British efforts was ''not going to do much.''
Dr. John Philip Jenkins, a professor of history at Penn State and author of ''Beyond Tolerance: Child Pornography on the Internet,'' said child pornography photos were unlikely to lead investigators to the children involved. A child victim's identity, he said, ''is only likely to come to light if the child comes up in an abuse case.''
Many of the images, he added, now flow from the former Soviet Union, where lax enforcement allowed the trade to flourish. There, he said ''police corruption is going to limit the effectiveness of any attempt to use this technology'' successfully.
He called for international efforts to crush online image trading.
But Detective Spindler said the police had to try to do more than restrict the traffic in illicit images. ''It's not simply about identifying people who are abusing the Internet, people who are trading child pornography,'' he said. ''This is about people abusing children.''
Photo: A detective in London, Peter Spindler, left, says image identification from a test database was impressive. Dave Lutes, chief engineer of Imagis Technologies, demonstrates the program in Victoria with a mock photo. (Jeff Vinick for The New York Times); (Johnathan Player for The New York Times) Chart: ''How Face-Recognition Technology Works'' Face-recognition technology is increasingly being used in security systems and law-enforcement investigations. Here is one approach, the basis of systems made by several companies in the field. FIRST LOOK -- The system must decide whether the image before it is a human face. It looks for a pair of eyes and the borders of the face. RESIZING -- The computer adjusts the contrast and size of the image to make it similar in format to the other faces in its database. MATH -- The image is now a grid of pixels, each with a "gray scale" value between 0 for black and 255 for white. These can be expressed as numbers and used to process the image mathematically. COMPARISON -- The face is compared with 128 archetypal faces, or eigenfaces, made from thousands of faces in a database. The new face is described as being similar, by percentages, to the eigenfaces. RESULT -- The system compares the new face's eigenface against the eigenfaces of all the real people in its database, then displays all the people the new face resembles, in order of similarity. (Source: ''Face Recognition for Smart Environments,'' Alex Pentland and Tanzeem Choudhury, in the IEEE publication Computer; Jim Wayman, San Jose State University)
By JOHN SCHWARTZ
Using software developed by a Canadian company, Britain's National Crime Squad is creating a database of nearly three million pictures seized in raids of child pornography rings. By matching the images against pictures of missing children, investigators hope to find them, or at least generate clues -- an unusual car or or distinctive scenery -- that can help identify the people making the photos and films.
Facial recognition has been in development for decades, but recent advances in computer power and software have made the systems less expensive and more accurate -- though just how accurate remains a subject of debate.
Most systems work by taking pictures of faces, comparing them to a template and making dozens of measurements of each one, including factors like the distance between the eyes. In the case of Imagis Technologies -- the company in Vancouver, British Columbia, that created the software out of earlier work on recognizing patterns in satellite photographs -- the program detects hundreds of ''light source positions.'' It also measures factors like the angle of the head and facial shape, said Andy Amanovich, the company's chief technology officer.
The mathematical description of those features is stored in a database, to be compared with other strings of numbers that have been derived from faces -- and also jewelry, clothes, scars and background objects like furniture or vehicles.
No facial recognition system is perfect, or even close: all make mismatches and overly broad matches. Many can be confounded by simple subterfuges like wigs or glasses. Civil liberties and other groups say they cast too wide a net, invading privacy and extending the reach of surveillance too far.
And the technology's credibility has not been helped, many experts agree, by exaggerated claims for its effectiveness. ''These software companies have popped off numbers that they can't really substantiate,'' said Ron Cadle, a vice president of Pellco Inc., which is adapting facial recognition systems for use in Fresno Yosemite International Airport. ''It's kind of given them a black eye.''
Mr. Amanovich agreed. ''There's a lot of false claims out there and a lot of specious claims to what all technologies can do,'' he said.
Nevertheless, Mr. Cadle, who uses recognition programs from Visionics Inc. and Viisage, said his company had boosted the reliability his partners' software so that it can make a match 80 percent of the time and falsely claim a match with just 1 of every 500 passengers. Mr. Amanovich, however, said such figures are so malleable at this early stage that claims are not useful.
The British project had its origins in a 1997 sweep in which 101 members of a child pornography trading ring called Wonderland were arrested in raids around the world.
Aficionados of child pornography tend to be obsessive collectors of pictures and films, and that and other raids led to a police database of some three million images -- too many for humans to sort through effectively. (Efforts to create books or CD's by hand had yielded 1,200 identifiable faces, leading to the identification of just 18 children, one of whom had been murdered.) So in December 2000, the squad signed an agreement with a contractor, Serco Group, to automate the rest of the process. Serco turned to Imagis.
Peter Spindler, a detective superintendent with the National Crime Squad, says he has been impressed with early results. The software was able to identify images from a test database -- not just images of children, but also of siblings. The feature could could help identify families participating in the porn trade.
But one expert in child pornography said the British efforts was ''not going to do much.''
Dr. John Philip Jenkins, a professor of history at Penn State and author of ''Beyond Tolerance: Child Pornography on the Internet,'' said child pornography photos were unlikely to lead investigators to the children involved. A child victim's identity, he said, ''is only likely to come to light if the child comes up in an abuse case.''
Many of the images, he added, now flow from the former Soviet Union, where lax enforcement allowed the trade to flourish. There, he said ''police corruption is going to limit the effectiveness of any attempt to use this technology'' successfully.
He called for international efforts to crush online image trading.
But Detective Spindler said the police had to try to do more than restrict the traffic in illicit images. ''It's not simply about identifying people who are abusing the Internet, people who are trading child pornography,'' he said. ''This is about people abusing children.''
Photo: A detective in London, Peter Spindler, left, says image identification from a test database was impressive. Dave Lutes, chief engineer of Imagis Technologies, demonstrates the program in Victoria with a mock photo. (Jeff Vinick for The New York Times); (Johnathan Player for The New York Times) Chart: ''How Face-Recognition Technology Works'' Face-recognition technology is increasingly being used in security systems and law-enforcement investigations. Here is one approach, the basis of systems made by several companies in the field. FIRST LOOK -- The system must decide whether the image before it is a human face. It looks for a pair of eyes and the borders of the face. RESIZING -- The computer adjusts the contrast and size of the image to make it similar in format to the other faces in its database. MATH -- The image is now a grid of pixels, each with a "gray scale" value between 0 for black and 255 for white. These can be expressed as numbers and used to process the image mathematically. COMPARISON -- The face is compared with 128 archetypal faces, or eigenfaces, made from thousands of faces in a database. The new face is described as being similar, by percentages, to the eigenfaces. RESULT -- The system compares the new face's eigenface against the eigenfaces of all the real people in its database, then displays all the people the new face resembles, in order of similarity. (Source: ''Face Recognition for Smart Environments,'' Alex Pentland and Tanzeem Choudhury, in the IEEE publication Computer; Jim Wayman, San Jose State University)
By JOHN SCHWARTZ
Thursday 5 March 2009
Self-encrypting drive standard gains momentum
I've long been a big proponent of self-encrypting drives as the best way to encrypt data-at-rest on PCs and storage systems.
This belief became a lot more real in January when the Trusted Computing Group published three storage encryption standards for laptops, enterprise storage, and software interoperability. Fujitsu, Hitachi, Seagate, and Toshiba support these standards and are already shipping self-encrypting drives.
In February, IBM joined the fray, further validating the self-encrypting drive standard. IBM announced that its massive DS8000 storage system will now offer self-encrypting drives to protect the confidentiality and integrity of data-at-rest. LSI, another leading storage system vendor, is also on board.
I have to believe that Fujitsu and Hitachi will soon follow this trend. Both companies currently offer encrypting storage systems that use a cryptographic processor resident in their storage controllers. Since both companies supply self-encrypting drives, it is likely that they will replace encrypting controllers with self-encrypting drives in future product revisions.
It seems to me that the dominoes are falling at an accelerating pace and that within two to three years, every device that ships with a hard drive or solid-state disk will offer self-encrypting drives. Chief information security officers, purchasing managers, management software vendors, and government agencies should plan for this inevitability.
by Jon Oltsik
This belief became a lot more real in January when the Trusted Computing Group published three storage encryption standards for laptops, enterprise storage, and software interoperability. Fujitsu, Hitachi, Seagate, and Toshiba support these standards and are already shipping self-encrypting drives.
In February, IBM joined the fray, further validating the self-encrypting drive standard. IBM announced that its massive DS8000 storage system will now offer self-encrypting drives to protect the confidentiality and integrity of data-at-rest. LSI, another leading storage system vendor, is also on board.
I have to believe that Fujitsu and Hitachi will soon follow this trend. Both companies currently offer encrypting storage systems that use a cryptographic processor resident in their storage controllers. Since both companies supply self-encrypting drives, it is likely that they will replace encrypting controllers with self-encrypting drives in future product revisions.
It seems to me that the dominoes are falling at an accelerating pace and that within two to three years, every device that ships with a hard drive or solid-state disk will offer self-encrypting drives. Chief information security officers, purchasing managers, management software vendors, and government agencies should plan for this inevitability.
by Jon Oltsik
Wednesday 4 March 2009
Judge orders defendant to decrypt PGP-protected laptop
A federal judge has ordered a criminal defendant to decrypt his hard drive by typing in his PGP passphrase so prosecutors can view the unencrypted files, a ruling that raises serious concerns about self-incrimination in an electronic age.
In an abrupt reversal, U.S. District Judge William Sessions in Vermont ruled that Sebastien Boucher, who a border guard claims had child porn on his Alienware laptop, does not have a Fifth Amendment right to keep the files encrypted.
"Boucher is directed to provide an unencrypted version of the Z drive viewed by the ICE agent," Sessions wrote in an opinion last week, referring to Homeland Security's Immigration and Customs Enforcement bureau. Police claim to have viewed illegal images on the laptop at the border, but say they couldn't access the Z: drive when they tried again nine days after Boucher was arrested.
Boucher's attorney, Jim Budreau, already has filed an appeal to the Second Circuit. That makes it likely to turn into a precedent-setting case that creates new ground rules for electronic privacy, especially since Homeland Security claims the right to seize laptops at the border for an indefinite period. Budreau was out of the office on Thursday and could not immediately be reached for comment.
The Fifth Amendment says nobody can be "compelled in any criminal case to be a witness against himself," which Magistrate Judge Jerome Niedermeier ruled in November 2007 prevented Boucher from being forced to divulge his passphrase to prosecutors.
Originally, the U.S. Department of Justice asked the magistrate judge to enforce a subpoena requiring Boucher to turn over "passwords used or associated with" the computer. In their appeal to Sessions, prosecutors narrowed their request and said they only want Boucher to decrypt the contents of his hard drive before the grand jury, apparently by typing in his passphrase in front of them.
At issue in this case is whether forcing Boucher to type in that PGP passphrase--which would be shielded from and remain unknown to the government--is "testimonial," meaning that it triggers Fifth Amendment protections. The counterargument is that since defendants can be compelled to turn over a key to a safe filled with incriminating documents, or provide fingerprints, blood samples, or voice recordings, unlocking a partially-encrypted hard drive is no different.
Barry Steinhardt, director of the ACLU's technology and liberty program, said on Thursday that the opinion reached the wrong conclusion and that Boucher "should have been able to assert his Fifth Amendment rights. It's not the same thing as asking him to turn over the Xeroxed copy of a document."
"There is no distinction" between requiring a defendant to turn over the passphrase or type it in himself in front of a grand jury, Steinhardt said. "Either of those things results in an encrypted set of files being brought into plain view."
Judge Sessions reached his conclusion by citing a Second Circuit case, U.S. v. Fox, that said the act of producing documents in response to a subpoena may communicate incriminating facts in two ways: first, if the government doesn't know where the incriminating files are, or second, if turning them over would "implicitly authenticate" them.
Because the Justice Department believes it can link Boucher with the files through another method, it's agreed not to formally use the fact of his typing in the passphrase against him. (The other method appears to be having the ICE agent testify that certain images were on the laptop when viewed at the border.)
Sessions wrote: "Boucher's act of producing an unencrypted version of the Z drive likewise is not necessary to authenticate it. He has already admitted to possession of the computer, and provided the government with access to the Z drive. The government has submitted that it can link Boucher with the files on his computer without making use of his production of an unencrypted version of the Z drive, and that it will not use his act of production as evidence of authentication."
The defendant is a Canadian citizen who is a lawful permanent resident in the United States and lived with his father in Derry, N.H.
Boucher was initially arrested when customs agents stopped him and searched his laptop when he and his father crossed the border from Canada on December 17, 2006. An officer opened the laptop, accessed the files without a password or passphrase, and allegedly discovered "thousands of images of adult pornography and animation depicting adult and child pornography." Boucher was read his Miranda rights, waived them, and allegedly told the customs agents that he may have downloaded child pornography. But then--and this is key--the laptop was shut down after Boucher was arrested.
It wasn't until December 26 that a Vermont Department of Corrections officer tried to access the laptop--prosecutors obtained a subpoena on December 19--and found that the Z: drive was encrypted with PGP, or Pretty Good Privacy. (PGP sells software, including whole disk encryption and drive-specific encryption, which can be configured to forget the passphrase after a certain time. That would effectively re-encrypt the Z: drive.)
by Declan McCullagh
Tuesday 3 March 2009
Thumbs.db: How Computer Forensics Can Reveal Traces of a Deleted Image
In recent years, initiatives such as Operation Ore have stepped up efforts to identify and prosecute those possessing indecent images of children in England and Wales. When a person is suspected of such an offence, the first action by the police is usually to confiscate all their computer equipment so that it can be examined by a computer forensic analyst. The aim of this analysis is to recover any evidence of indecent images on the suspect’s computer.
Often the suspect will have deleted the images before the police reach them. In such cases, computer forensic analysts often look to the Thumbs.db file on computers running Windows XP to reveal the presence of images, even after they have been ‘deleted’ by the user.
A thumbs.db file is automatically generated whenever a user views a folder in ‘thumbs’ or ‘filmstrip’ mode. The file create a set of small images (no more than 96×96 pixels), known as thumbnails, for all of the images in a folder. The purpose of this file is to speed up the time it takes to display a folder in ‘thumbs’ mode by creating a cached thumbnail of each image so that Windows does not have to create a new one every time. Files that are indexed in a Thumbs.db file include image files such as JPEGs, BMPs, GIFs and PNGs, document image files such as TIFFs and PDFs, video files such as AVIs and MOVs, presentation files such as PPTs and some HTML web pages.
When the Thumbs.db file creates a thumbnail of an image, this often remains on a person’s computer even after they have deleted the image file itself. Many people fail to delete the Thumbs.db file when deleting images because it is a ‘hidden file’, meaning that it is only viewable in a directory when the “Show Hidden Files” option is turned on.
Thumbs.db data is stored in ‘OLE Compound Document format’ which means the contents of the file cannot be viewed without specialist knowledge or software. However, computer forensic experts are able to convert the data stored within a Thumbs.db file into readable form, extracting each of the thumbnail images, along with information such as the original file name and the date each thumbnail was last written. There are also a number of tools available that can be used to extract and view the data in a Thumbs.db file. These include ‘Encase’ and ‘AccessData FTK’, which offer a simple user interface for viewing the thumbnails within Thumbs.db files.
Evidence extracted from Thumbs.db files can carry significant weight in court cases. For example, in December 2008, a Norwegian man, Martin Stenstadvolden pleaded guilty to downloading child pornography after computer forensic analysis revealed cached thumbnails of illicit images, which he believed he had erased all trace of. With the sheer amount of information on the Internet becoming greater every day, and new technology producing ever more illicit ways of sharing indecent images, computer forensics represents an ever increasingly vital tool in the arsenal of law enforcement.
IntaForensics a BS EN ISO 9001:2000 registered firm providing Computer Forensics, Expert Witness, Mobile Phone Forensics, and Forensic Data Recovery to the Legal Sector, Police Forces, Local Authorities and Commercial organisations internationally. Visit Computer Forensics for further information.
Info originated from here
Subscribe to:
Posts (Atom)