How awesome would it be if your hard drive securely erased sensitive data whenever it's powered down, or when it was removed from your system? Not only would that be rad, but it's now a reality thanks to Toshiba's new Wipe technology for its line of Self-Encrypting Drive (SED) models.
There are a number of scenarios where something like this could prove useful, including obvious ones like your notebook becoming lost or stolen. But that isn't all Wipe is good for.
"Many organizations are now realizing the critical importance of maintaining the security of document image data stored within copier and printer systems," Toshiba explains. "Wipe is a technology that can automatically invalidate an HDD security key when its power supply is turned off, instantly making all data in the drive indecipherable. Toshiba's innovative new Wipe Technology adds advanced storage security features to enable system makers to transparently and automatically secure private data."
On the pedestrian side, Toshiba's Wipe technology can also come in handy when returning a leased system, disposing of a system and/or hard drive, or re-purposing a drive, Toshiba says.
Don't want anyone to know what corners of the Web you've been hanging around? Just fire up your browser's private browsing mode and no one will ever be the wiser. Or so we thought.
According to a study by Dan Boneh from Stanford University, a good many browser add-ons, extensions, and even some website security mechanisms end up thwarting so-called private browsing modes from working properly, and it's not limited to a single browser, either. In fact, Boneh and his research team found that Mozilla's Firefox, Microsoft's Internet Explorer, Google's Chrome, and Apple's Safari browsers were all affected.
"We discovered that all these browsers retain the generated key pair even after private browsing ends," the study said. "Again, if the user visits a site that generates an SSL client key pair, the resulting keys will leak the site's identity to the local attacker."
Ready for the real shocker? According to the study, this is more likely to affect browsing those, ahem, adult websites than the real reason private browsing modes exist, which everyone knows is to shop for birthday gifts and make anniversary plans on the down-low (right?).
"We found that private browsing was more popular at adult websites than at gift shopping sites and news sites, which shared a roughly equal level of private browsing use," Boney said in the report. "This observation suggests that some browser vendors may be mis-characterizing the primary use of the feature when they describe it as a tool for buying surprise gifts."
As a country, we like our privacy, and when we feel the government or some corporation steps out of bounds, we're quick to call foul (right, Mr. Zuckerberg?). But hey, if we're the goose, then screw the gander, he's probably up to no good anyway. The gander in this case is any other nation we feel might be a threat to national security, and in that case, we (again, as a country) are just fine with government snooping.
That's essentially what you'll glean from Sophos' mid-year 2010 Security Threat Report, which revealed that 63 percent of people feel it is perfectly acceptable for their government to engage in cyber spying on another nation.
"I think there might be an attitude of all's fair in love and war," said Graham Cluley, senior technology consultant at Sophos, when speaking to eWEEK in Europe. "There's always been one rule for your country and another rule for your citizens. But it goes one state further when you begin to ask, is it all right to launch attacks against communication systems and financial systems?
The answer to that question is a resounding "maybe." In the report, Sophos found that only 1 in 14 respondents felt okay with using denial of service (DDoS) attacks against another country's communication or financial websites during periods of peace. When at war, that number jumps to nearly half, and 44 percent said it was never the right thing to do.
Hunch is a newly relaunched site that aims to offer users a personalized list of recommendations based on a brief questionnaire. Users log in with their Facebook or Twitter account, then answer around 20 questions to evaluate the user's tastes. Hunch then generates recommendations for movies, restaurants, music, books, products, and much more.
Hunch uses your seemingly random answers to build a profile based on what it has learned about other people. Some of the recommendations are also based on who is in your social circle, thus the Facebook and Twitter login. Most users find the recommendations eerily accurate. Some might feel discomfort at divulging this information to Hunch, but it's really not much different than what Facebook and Google already know about you.
Have you used Hunch? Let us know how good or bad the results were.
Blackberry fanatics out there may be looking to avoid The United Arab Emirates (UAE) come this October. The government of the UAE said last week they would be blocking RIM's Blackberry email, web, SMS, and messenger starting in October. The city-state of Dubai has clarified today that the restrictions will not only apply to the 500,000 local Blackberry subscribers, but to anyone that visits as well. It will not matter if your phone was purchased in another country; the block will be universal.
The UAE has been building at a breakneck pace for the last decade in order to become a hub for business and tourism. This policy seems to fly in the face of that commitment. Blackberry smartphones are widely used in business, and this restriction threatens to make them essentially useless. This is not just a problem for a few business executives; over 100,000 people pass through Dubai's airport each day. At least some of them will be Blackberry owners.
Observers agree that Dubai is attempting to force RIM to make user data available on request. The UAE is referring to this snooping as a "security concern". Should RIM make a deal so people can use their phones, or is the principal more important here?
It turns out that your nosey neighbor isn't the only one interested in that cache of 100 million Facebook profiles that showed up on torrent trackers. Some major companies that you do business with are getting the package as well. By connecting to the torrent and recording IP addresses that are also in the swarm, some have noticed the extent of interest here.
Among the companies seen downloading the data are Apple, Boeing, Church of Scientology, Disney, Intel, Pepsi Cola, Sony, and Viacom. It is worth noting that the mere fact that connections from these companies are present, does not mean this is a sanctioned action. All it means is that someone inside the company is downloading it. But our experience with corporate IT leads us be suspect Pepsi and Disney aren't in the habit of allowing employees to go around downloading torrents on their own.
If you thought Blizzard was boneheaded for expecting its forum members to agree to use their real names when posting in threads, wait until you hear this. The Sun Chronicle is taking this bad idea -- the same one that Blizzard quickly reversed course on when common sense, and a public backlash, prevailed -- a step further. Readers who want to leave a comment on a story not only have to use but their real names, but fork over a buck to verify their identity and share their thoughts. What. The. Frak.
"To encourage intelligent and meaningful conversation, all posters will be required to register their name, address, phone number, email and a legitimate credit card number as proof of who you are," reads a message in the comments section of thesunchronicle.com. "Your credit card will be charged a one-time fee of 99 cents to activate the account. We will not retain payment information after the one-time transaction."
It doesn't stop there.
"The poster's name as it appears on the credit card will automatically be attached to the poster's comments, as will the city/town and state of the community in which they live."
The idea here is to cut back on trolling without having to outright ban comments, Nevertheless, something tells us this one isn't going to sit well with privacy advocates.
What do you think about The Sun Chronicle's policy?
Okay, they don't know exactly who you are, but these high-tech advertizing platforms can determine what sort of person you might be. A consortium of 11 railway companies are running a one year trial called the Digital Signage Promotion Project. The billboards will be able to scan individuals and determine their age and gender.
The identification process is apparently quite fast, requiring that people only glance at the display for a moment. Facial recognition software is used to determine who is viewing the advertisement, but the images captured are supposed to be deleted afterward. Operators will not be matching ads to individual people, only to demographics. So, we're still a ways away from the Minority Report system that remembers your purchases.
So exactly how weird does this seem to you? We're constantly being advertised to on the internet based on our demographics. Is it just the image capture element that makes these new billboards feel shady?
Adding insult to injury, the Entertainment Software Rating Board (ESRB) inadvertently shared potentially thousands of emails from gamers who wrote to complain about Blizzard's short lived policy of requiring its forum members use their real names. Oops!
Yesterday we sent an e-mail to a number of consumers who wrote to us in recent days expressing their concern with respect to Blizzard's Real ID program. Given the large number of messages we received, we decided to respond with a mass e-mail so those who'd written us would receive our response as quickly as possible - rather than responding to each message individually, as is our usual practice.
Through an unfortunate error by one of our employees, some recipients were able to see the e-mail addresses of others who wrote on the same issue. Needless to say, it was never our intention to reveal this information and for that we are genuinely sorry. Those who write to ESRB to express their views expect and deserve to have their contact and personal information protected. In this case, we failed to do so and are doing everything we can to ensure it will not happen again in the future.
The fact that our message addressed individuals' concerns with respect to their privacy underscores how truly disappointing a mistake this was on our part. We work with companies to ensure they are handling people's private information with confidentiality, care and respect. It is only right that we set a good example and do no less ourselves.
We sincerely apologize to those who were affected by this error and appreciate their understanding.
NZXT Product Manager and Co-Founder Johnny Hou this morning sent out a letter that wasn't quite as seething as the one Cleveland Cavaliers majority owner posted online after LeBron James skipped town, but almost as defiant. With the subject line "NZXT Still Kicking Ass and Thriving," Hou wrote:
To our friends and loyal customers in the PC enthusiast community,
Yesterday at 7:30 PM PST the NZXT website was infiltrated illegally. While having access to the site, hackers made several malicious changes including sending out an erroneous newsletter to our database claiming that NZXT is going out of business. They also changed product warranties, deleted product and home page banners, etc.
Well, I’m happy to report that NZXT is NOT going out of business and to the contrary we are more excited than ever to be a part of this tremendous industry. We are poised to launch several highly anticipated products over the next two months including the Phantom full tower case we unveiled at Computex. We feel this will provide enthusiasts with one of the most fresh and unique case designs in quite some time.
I’d like to take this opportunity to offer my sincere gratitude to the community for your ongoing support of NZXT. We design our products based on what you need to build a stellar PC and welcome your feedback as to how we can help your computing experience be as enjoyable as possible. Please don’t hesitate to contact me if you have any questions, concerns, or suggestions.
Best regards, Johnny Hou
The source of the attack is unknown, and so is the intent, which may have simply been to stir up a bit of trouble or to pick a bone with NZXT. Either way, NZXT fans who may have read gloom and doom scenarios prior to today can breathe a sigh of a relief.