Thursday, November 29, 2007

Macafee VCR 2007

No, not VCR as in video recorder (how lo tech!) but Macafee Virtual Criminology Report 2007. (Pronounced MAC-afee. I've been getting that wrong all day, while doing 17, count em, SEVENTEEN radio interviews!) And available in English, French, Spanish, German and Italian no less.

Anyway Ian Brown of Blogzilla and myself are happy to announce the launch of a bouncing ten pound report, on a whole loada stuff including the rise of cyber-terrorism since the Estonia attacks in April; the evolving shape of malware and the cut-price cyber-market for phishing, spamming and DDOS tools, complete with customer service and on-line tutorials for budding young Russian mafiosi ; the legality of the exploit market, white and black; and, as they say, much much more..

Producing this has been a real interesting experience. I got to interview some very intriguing people, like Sharon Lemon at E-Crime in SOCA, David Vaile at AUSTLII and andrea Matwyshwn at Wharton/Penn, and security experts at places like iDefense and Carnegie Mellon Japan. I learnt an awful lot. I also got an insight into corporate politics and the PR industry which has DEFINITELY been an eye opener :-)

So have a look. You have to fill in a registration form to download unfortunately, but I'm sure you're all quite capable of unticking boxes as relevant :-p

EDIT: Hmm. China not happy. Pangloss goes to Beijing Tuesday. Pangloss not entirely happy :-)

Sunday, November 25, 2007

Post Childbenefitgate - Facebook is still bad for your wealth

While the world continues to fail to comprehend how a government could casually lose the personal data of half its population by putting a DISC in the POST , my colleague Ian Brown (Blogzilla) is right to note that personal data is still just as likely to be compromised by commercial actors as government departments. And we- especially the younger part of our population - just keep giving the stuff away.

In particular the ICO has just issued a warning about the dangers for youth of giving away personal data which might well be used for identity theft on sites like MySpace, Facebook, etc.

"As many as four and a half million* young people (71%) would not want a
college, university or potential employer to conduct an internet search on
them unless they could first remove content from social networking sites,
according to new research by the Information Commissioner’s Office (ICO).
But almost six in 10 have never considered that what they put online now
might be permanent and could be accessed years into the future.

The research findings are unveiled as the ICO launches a new website at to help young people understand their
information rights. The first section contains tips and advice on safe social

As well as not thinking ahead before posting information on the web, the
survey of Britons aged 14-21** also revealed that youngsters’ online
behaviour is a gift to potential fraudsters. Two thirds (eight in 10 girls aged 16-
17) accept people they don’t know as ‘friends’ on social networking sites and
over half leave parts of their profile public specifically to attract new people.
More than seven in 10 are not concerned that their personal profile can be
viewed by strangers and 7% don’t think privacy settings are important and
actively want everyone to see their full profile. "

Meanwhile, back at governmental data leaks, it's worth noting that the ICO was hastily given "stop and search" powers by Gordon Brown to audit government departments dealing with personal data in the immediate wake of Childbenefitgate.

But this really just isn't good enough. We desperately need decent penalty powers for the ICO - the current enforcement notice procedure is simply not adequate - but more than that, we also need mandatory security breach notification, the very measure which was strongly recommended by the House of Lords Personal Internet Security Report, and then rejected by the Government only weeks ago as completely unnecessary. And Richard Thomas, quite rightly, is calling for security breaches of this magnitude to be made a criminal offense.

Tiffany v eBay

A tip off from WOIP blog that the long awaited suit by Tiffany's against eBay for trademark infringement - basically, stocking counterfeit Tiffany goods - is about to kick off.

Given recent cases in France and Germany which have tentatively pointed towards a trend towards European judges not finding the EC E Commerce Directive Art 14 a complete defense for user generated content sites, this one could be very interesting :)

Sunday, November 11, 2007


Pangloss has bronchitis :((

But also an antibiotic so you can hold off on all those giant bouquets of roses..

In lieu of actual content, this , I have to say, does remind me of elements of modern academe..

Thursday, November 01, 2007

HL Report Takes Road to Nowhere

Along with most my colleagues in IT law, I was excited at the vision and comprehension shown by the HL Report on Personal Internet Security released in the summer.

Last week, the UK government basically rejected every recommendation on the ground that, well, there really wasn't a problem, and it would be a bit hard on industry to place regulatory burdens on them, wouldn't it?.

This really won't do. Even the Lords themselves are muttering about heads and sand.

Meanwhile Richard Clayton, who had a large amount of input into the report as Special Adviser is deeply unimpressed.

"The bottom line is that the Select Committee did some “out-of-the-box thinking” and came up with a number of proposals for measurement, for incentive alignment, and for bolstering law enforcement’s response to eCrime. The Government have settled for complacency, quibbling about the wording of the recommendations, and picking out a handful of the more minor recommendations to “note” to “consider” and to “keep under review”.

A whole series of missed opportunities."

New frontiers in spam..

Wonderful news from Bruce Schneier.

"Spammers have created a Windows game which shows a woman in a state of undress when people correctly type in text shown in an accompanying image.

The scrambled text images come from sites which use them to stop computers automatically signing up for accounts that can be put to illegal use.

By getting people to type in the text the spammers can take over the accounts and use them to send junk mail."

How utterly fab. How does it feel to be Pavlov's dog, oh slavering mankind? And do we girlies (and possibly gay men?) get naked pix of John Barrowman?

Next: we cut out the need for naked pix, by incorporating CAPCHA decryption into online Sudoku? Oh it's all just SOOO Philip K Dick!!

Bloodspell and the Rise of Machinima

Organized by the London Metropolitan Business School and the Open Rights Group, the world-first feature-length machinima, Bloodspell, will have a special showing in London on 22 November 2007. (starting at 5:15PM), followed by a panel of specialists addressing the issues that this new film genre encompasses.

Pangloss is chairing and speakers will include Andres Guadamuz (Technollama), Hugh Hancock and reps from the film and games industries.

The venue is the London Metropolitan University Graduate Centre (the Libeskind-designed building).

For those new to the topic, machinima, in very basic form, involves the use of software that has been designed to create computer games, to produce original films with their own script and narrative. The word “machinima” was coined some time ago by Hugh Hancock, who has also written and directed Bloodspell. The event will be started with Hugh introducing what machinima is and the story behind Bloodspell, followed by the film, panel discussion and free drink!.

There are more details at Electromate which also has the link to the facebook group where you can RSVP. Many thanks to the wonderful Fernando Barrio who is coordinating this event.