UNB/ CS/ David Bremner/ tags/ security

This feed contains pages with tag "security".

Today I received some marketing bumpf from my employer, which on top of being a charming way to spend money while cutting my unit budget, is frankly an embarassment from the point of view of security and privacy.

Every link in this supposed communication from UNB is a link to a third party site, with the host name consisting mainly of digits. When we receive large scale phishing attacks every week so, training people to ignore funny looking urls doesn't seem like a great idea. All of these URLs contain tracking cookies, presumably so that Eloqua can sell UNB information about the mail reading habits of its employees and alumni.

It finishes with the following text.

UNB occasionally sends out important announcements to the UNB community. To unsubscribe from these emails, please click
here <http://s1961286906.t.en25.com/e/cu?s=1961286906&elqc=11&elq=my_cookie_deleted>.
To unsubscribe from all future UNB emails, please click here
<http://s1961286906.t.en25.com/e/u?s=1961286906&elq=my_cookie_deleted>.
Privacy Statement
UNB, the UNB Advancement Office and third party host Eloqua/Oracle are committed to protecting the personal information of
all UNB Alumni. The information collected will be used for the purposes of promoting and supporting UNB events, activities,
and endeavours and will be accessible to UNB Advancement database administrators. Connection to third party host is via
Secure Socket Layer (SSL) technology. For more information on the protection of personal information at UNB please consult
the University Secretariat, University of New Brunswick, PO Box 4400, Fredericton, NB, E3B 5A3 www.unb.ca/secretariat (506)
453-4613. 

Can you spot the lie? Of course I mean the technical error about about http and https. What kind of cynic do you take me for?

Never mind what the government said
They're either lying or they've been misled...

Bruce Coburn, Burn, 1986

Posted Mon 14 Mar 2016 10:07:00 PM Tags: /tags/security

I've been a mostly happy Thinkpad owner for almost 15 years. My first Thinkpad was a 570, followed by an X40, an X61s, and an X220. There might have been one more in there, my archives only go back a decade. Although it's lately gotten harder to buy Thinkpads at UNB as Dell gets better contracts with our purchasing people, I've persevered, mainly because I'm used to the Trackpoint, and I like the availability of hardware service manuals. Overall I've been pleased with the engineering of the X series.

Over the last few days I learned about the installation of the superfish malware on new Lenovo systems, and Lenovo's completely inadequate response to the revelation. I don't use Windows, so this malware would not have directly affected me (unless I had the misfortune to use this system to download installation media for some GNU/Linux distribution). Nonetheless, how can I trust the firmware installed by a company that seems to value its users' security and privacy so little?

Unless Lenovo can show some sign of understanding the gravity of this mistake, and undertake not to repeat it, then I'm afraid you will be joining Sony on my list of vendors I used to consider buying from. Sure, it's only a gross income loss of $500 a year or so, if you assume I'm alone in this reaction. I don't think I'm alone in being disgusted and angered by this incident.

Posted Fri 20 Feb 2015 10:00:00 AM Tags: /tags/security

The Ottawa Citizen and CBC have coverage of the case of Mansour Moufid, who is alleged to have installed key-logging software and somehow reprogrammed magnetic student card-readers at Carleton. Mr. Moufid apparently faces criminal charges.

What makes it an interesting case from an ethics point of view is what Mr. Moufid did with the information he obtained, which was inform the university and his victims of the security weaknesses in the system.

UPDATED

The CBC reports on the punishment dealt out Mr. Moufid by Carleton. Personally

  1. I find odd that the letter is signed by the Associate Vice-President Student Services. I would expect student discipline to be a matter for the academics at the university.

  2. The requirement that Mr. Moufid allow computing and communication services to monitor his online activities as long as he is at Carleton rings several alarm bells. I think it is both unconscionable and an inappropriate quasi-judicial role for computing services.

Posted Sat 27 Sep 2008 12:00:00 AM Tags: /tags/security

The CBC reported on how the BC Ministry of Health will no longer accept unencrypted health records. Welcome to the 1940's boys and girls.

Posted Fri 07 Dec 2007 12:00:00 AM Tags: /tags/security