Re: [Fed-Talk] Whoa Nelly
Re: [Fed-Talk] Whoa Nelly
- Subject: Re: [Fed-Talk] Whoa Nelly
- From: "Kachman, Donald R. Jr (DJ) - (ESE)" <email@hidden>
- Date: Wed, 05 Sep 2012 11:21:24 -0400
- Acceptlanguage: en-US
- Thread-topic: [Fed-Talk] Whoa Nelly
A great lie always involves a little truth.....
That being said, today's digital world is kinda like walking through the forest with an automatic bread crumb dropper that you are forced to wear and can't stop it. While its unclear whether the data was stolen, it does highlight that fact your data is out there and most of the time we share it freely....
Don
-----Original Message-----
From: fed-talk-bounces+donald.kachman=email@hidden [mailto:fed-talk-bounces+donald.kachman=email@hidden] On Behalf Of Pike, Michael (IHS/HQ)
Sent: Wednesday, September 05, 2012 11:07 AM
To: Dave Schroeder
Cc: email@hidden Talk
Subject: Re: [Fed-Talk] Whoa Nelly
Well since it came from a blog and it says all is clear, I'm safe!!!
The bottom line is, while the information that was released is fairly benign, the information that they claim to have and did not release has significant risks.
Here is one such example... lets say I had a girlfriend, and boy did I love her... she left me, and I have no idea where she is but I want to get even...
Well, I don't know her UDID, but I know she had a phone, and I know that her phone was probably named "Pink Penelope".. I could search that file, and if hers is one of the records with an address it's time for revenge.
Of course the above is a hypothetical, but should the hacker group decide to release everything they claim they have (and there is no reason to NOT believe that they have it) it could be used in thousands of different ways...
Oh, but wait... the blog says it's safe...
The information came from somewhere... that we know.. where did it come from... we may never know... all we know is where they said they got it. And I doubt anyone is going to say "whoa... wait a minute, you know what? They got it from me...." - unless of course they are forced to say it so to speak.
mike
On Sep 5, 2012, at 5:25 AM, Dave Schroeder wrote:
> http://bits.blogs.nytimes.com/2012/09/04/hackers-claim-to-have-12-million-apple-device-records/
>
> While the leaked identification numbers appeared to be real, security experts said the release posed little risk. They said that without more information on the devices’ owners — like e-mail addresses or date of birth — it would be hard for someone to use the numbers to do harm.
>
> And the actual source of the file was not clear. The F.B.I. said in a statement that “at this time there is no evidence indicating that an F.B.I. laptop was compromised or that the F.B.I. either sought or obtained this data.”
>
> The F.B.I. has been a frequent target of so-called hacktivists, hackers who attack for political causes rather than for profit. In February, Anonymous hackers intercepted a call between the bureau and Scotland Yard. But the frequency of such attacks tapered off after several members of Anonymous and a spinoff group, LulzSec, were arrested in March.
>
> Apple’s unique device identifiers — known as U.D.I.D.’s — are 40-character strings of letters and numbers assigned to Apple devices. Last year, Aldo Cortesi, a New Zealand security researcher, demonstrated how in some cases U.D.I.D.’s could be used in combination with other data to connect devices to their owners’ online user names, e-mail addresses, locations and even Facebook profiles.
>
> “A U.D.I.D. is just a jumble of digits,” said Jim Fenton, the chief security officer of OneID. “It is only powerful when it is aggregated with other information.”
>
> [...] security experts said the file could have come from a number of places.
>
> “There are a million ways this could have happened,” said Marcus Carey, a researcher at Rapid7. “Apple could have been breached. AT&T could have been breached. A video game maker could have been breached. The F.B.I. could have obtained the file while doing forensics on another data breach.”
>
> ---
>
> http://www.latimes.com/business/la-fi-iphone-hackers-20120905,0,6453566.story
>
> [...] the FBI disputed the allegation Tuesday, saying that "at this time, there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data."
>
> If the FBI's denials prove correct, the agency may have been the victim of a clever hoax by the group known as AntiSec that spurred thousands of headlines around the Web and left readers wondering how and why the FBI could have gotten access to Apple customer records.
>
> [...]
>
> Most security experts said that the release of UDIDs into the wild in and of itself did not pose much of a privacy or security risk. It was no more harmful than a list of car VIN numbers, they said.
>
> - Dave
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden