In the article, Lin writes, “ we may not be ready yet for the government to lead cyberdefense against foreign adversaries. To do so would trigger serious and unresolved [International humanitarian law] issues, including Geneva and Hague Conventions [which] requires that we take care in distinguishing combatants from noncombatants.”

I would first draw a distinction between passive defense ( i.e. blocking attacker access, removing a vulnerability being exploited, etc ) and active defense ( i.e. launching a counter attack to disable the attackers capabilities).

All entities, government and private sector, are engaged in the former. Some more successfully than others. Some with greater effort than others. There are no legal or ethical questions there except a much broader sense . If gas pipelines are considered critical national infrastructure and these pipelines are owned and operated by private companies, should/can the government do more to defend them from attack? More than information sharing and increased collaboration, that is.

As to active defense, I have heard have seen proposals or discussions in security circles of the government launching counter cyber attacks against foreign adversaries on behalf of private companies. Lin’s proposal would create a legal framework that would allow the companies themselves to retaliate. He seems to find inspiration in the much talked about ” stand your ground” laws such as the one in Florida that came to national attention as a it is reportedly invoked in the defense of the fatal shooting an unarmed teenager by an armed neighborhood watch volunteer.

Notwithstanding his references to armed citizens taming the wild, wild west. I find this proposal problematic on three fronts. From the purely cyber security perpective ,from a business perspective, and as a matter of national security policy. I’ll reiterate, in fairness, that Lin is not necessarily endorsing this as a solution, but contributing to a much needed discussion on nation cyber defense policy.

• Security: In most cases, it is difficult to nearly impossible to ascertain the real identity of the attacker. Attackers use other compromised systems (victims) to launch attacks. Lin makes the point that ” There is a reasonable argument in claiming that a botnet is not fully innocent and therefore not immune to harm.Most, if not all, botnets are made possible by negligence in applying security patches to software, installing anti-malware, and using legally purchased and not pirated, vulberable copies of software“. In other words, you allowed your systems to by hacked, so you deserve it if caught in a counter attack. I certainly agree that most reported successful attacks or breaches are a result of some degree of negligence. Most security professionals would agree that no system is immune to attack. We are trained to practice due diligence in making reasonable attempts to identify vulnerabilities and risk. You can never eliminate all risks all the time nor can you afford to mitigate all identified ones.

• Business: Typical business security incidence response practice includes: Detecting the attack, containing the damage, remediating effects of attack and gathering evidence, returning systems to normal and some follow-up. Lin’s proposal would require additional steps to gather sufficient forensic evidence to identify an actual perpetrator. He proposes allowing companies to present this evidence to some governmental body to review and sanction retaliation. Companies will then have to plan and execute the counter attack. Few companies have in-house expertise to do this. Few business managers will be willing to fund such activities. Whats the return? You get hacked from a $500 laptop and you spend $50,000 to do what exactly?

• National Security: We know for a fact some of the attacks on our private owned critical infrastructure have been attributed to foreign government affiliated networks. Would it really be wise to license private companies to attack these networks? I would think not. Most of these folks can’t even patch their servers or encrypt their sensitive data. The last think we need is an international incident started by some system administrator at some SMB. I mean a government allowing private entities to conduct cyber attacks against a foreign nation with a wink and a nod is not exactly a novel concept. Google ‘Russia Georgia Cyberwar”.

I commend Dr. Lin for his contribution to this very important discussion. I don’t necessarily agree with the proposed approach but as a nation, we really need to come to terms with how best to improve our national cyber defense as we are in dire straits.

Related posts:

1. Pentagon and Congress wants control of your network during cyberattack There has been a lot of chatter in the news...
2. We really need to start taking information security more seriously From the Wall Street Journal: Hackers in Europe and China...
3. Google and China: A Dysfunctional Marriage Since making it’s search engine available to Chinese users in...

“ …Engineer Doe developed Wi-Fi data collection software code that, in addition to collecting Wi-Fi network data for Google’s location-based services, would collect payload  that Engineer Doe thought might be useful for other Google services. …Google made clear for the first time that Engineer Doe’s software was written specifically to capture payload data. “

Despite all of Google previous assertions to the contraire, this quoted section indicates that Google engineer[s] intended for payload data to be captured and stored. Google insists that this was done without the knowledge or approval of project leader and was not a necessary requirement. This would certainly indicate a failure on the part of project management as this drastically changes the scope of the project with far reaching implications. Even if this were indeed the case of a single engineer going rouge, it makes one wonder even more about the internal culture of the company with respect to consumer privacy. Keep in mind that Wi-Fi traffic only travels between individual computers and an access point. Both end points, in this case, reside on private property. Why would anyone believe it acceptable to capture and store this data with affected individuals knowledge and/or consent?

” ..Google employees stated that any full-time software engineer working on the Street View project was permitted not only to access and review the code, but also to modify it without prior approval from the project managers if the engineer believed he or she could improve it. In addition to Engineer Doe, at least one other engineer wrote or modified an aspect of the Wi-Fi data collection code. “ 

If this is indeed the case, it might explain the feature creep. Were these modifications or “improvements” not documented as part of project documentation? It certainly should have been. Project managers can’t pass the buck on this.

“ A manager of the Street View project estimated that five engineers took turns [ deploying and testing] the Wi-Fi data collection code into Street View cars. Despite their hands-on work…these engineers claim they did not realize Google was collecting payload data” 

Google engineers tasked with reviewing the code and deploying it to street cars claim they did not realize it captured payloads. Really? This must be the equivalent to the infamous ” I don’t recall” defense.  Or sheer ineptitude maybe?

Lastly, the FCC fined Google $25,000 for “impeding the investigation”. Google agreed to pay the fine though the company blames the delays in internal FCC processes. This has been the only penalty on Google to date in the US.

Read Full Report below:(Click on Full Screen at bottom right)

Related posts:

1. Enter the Dragon browser, the more secure Google Chrome The open source engine that forms the basis for Google’s...
2. Skipfish-Web Scanning Security Tool from Google Google has released an open-source Web security scanner called Skipfish...
3. Use Google Apps or Gmail? Avoid getting hacked! It can happen to the best of us. Blogger and...

What is the government’s role in protecting these private networks? Should it have a role at all? Although some in the private sector are still debating these questions, the government has already moved in action. Last month, the DoD launched its new Cyber Command, headquartered at Ft. Meade, Maryland. Military observers still aren’t quite sure what this supposed to do. The Pentagon’s number two, Deputy Secretary William Lynn, in a gathering of cybersecurity officials and defense contractors,  floated the idea that the “Defense Department might start a protective program for civilian networks”.

According to Lynn, companies may “opt out ” of the program but by doing so would place us all at risk.  Does that mean, by default, all companies are considered in the program?

The congress also is taking action. A draft bill, co-sponsored by Sens. Joe Lieberman (I-Conn.) and Susan Collins (R-Maine), gives the Department of Homeland Security authority to keep “critical infrastructure” up and running during a “cybersecurity emergency”.

It would be interesting to see the bill’s definition of cybersecurity emergency.   All would agree that coordinated defense is essential. The federal government is probably the only entity able to provide that coordination on a national scale.  Coordination is one thing. Control, however, well that’s another animal.

Related posts:

1. No National ‘Stand Your Cyberground’ Law Please Patrick Lin, who is Assistant Professor and Director of Ethics and...
2. Protecting Wireless Network From Hackers and Neighbors Local wireless networks, which provide information to receive and send...
3. Protect the Internal Network From Hackers Attention! All the hackers on the systems of various according...

He references his conversation with an actual blackhat. No, not the script-kiddie kind that frequents the hacking forums. I’m referring to the guys who seek no publicity and hire their services out for hefty sums. He blackhat laments the fact that the security practices being put into place a target companies may actually be working. RSnake talks of the potential payday of hackers collaborating with botnet herders for more targeted botnet attacks. My comment on that post is below:

“Interesting post however I don’t see this idea as particularly novel. This is just the natural evolution of the concept of “botnets for rent”. I think the key here is being able to provide the bot herder a list a potential high value targets to go after. This would seem a rather risky proposition for the herder, however, as he would be putting his botnet at greater risk. The secret sauce in a successful botnet is to have it under the radar as long as possible. Bigger risks = bigger rewards, I guess.”-me.

Related posts:

1. Botnets give the hacker espionage tools formerly reserved for nation states The cyber attacks against Google, Adobe and a raft of...
2. Black Hat DC -2010 is here! Black Hat, one of the biggest and most popular security...
3. Company develops Virtualized USB key for Online Banking Safety IronKey has come up with a USB drive that can...

Check out this great post: http://www.bradcolbow.com/archive.php/?p=205

Related posts:

1. Hack Attack Is Only Funny When It's Bill The Cat! How a hack attach can happen, what to do when...
2. How to limit Twitter risks Twitter is now used by over 350 million people worldwide....
3. New Facebook Clickjacking Attack Here is a post by Stan Schroader warning users of...

“Adi Shamir, a computer science professor at Israel’s Weizmann Institute of Science and also the “S” in the RSA encryption algorithm, warned against trusting cloud computing services for the same reason he suspects the confidentiality of transmissions over telecom networks and the Internet. He says the phone systems are secure, but that major crossroads in their networks are tapped by the NSA. “There’s a pipe out of the back of an office at AT&T in San Francisco to NSA,” he said.

Government access to assets entrusted to public cloud providers will be similar, he says. He suspects in some cases cloud providers will be companies influenced by government spy agencies, similar to the way Crypto AG security gear gave the NSA backdoor access to encrypted messages sent by foreign governments that had bought the gear. “Please don’t use Cloud AG,” he said.”

So not only do you have to worry about who else is in the cloud with your data and what controls the server provider has in place to secure your data, but whether the government not will have unfettered to all your organizations’ data without your knowledge. They did it with phone records, so…..

Related posts:

1. The real arguments for Cloud Computing As more vendors dive into the cloud computing market, every...
2. Are you ready for Cloud Computing? As a final research project for my most recent class,...
3. Cloud Security Alliance For more information on Cloud Computing Security, a good resource...

In the latest episode of this never-ending saga, there is an unpatched bug in VBScript that hackers can use to drop malware on 32-bit Windows XP machines running IE 7 and 8. I know what you are saying: ” But we told them to upgrade from the nine year old IE6! ”

According to Microsoft’s Senior Security Communications Manager Lead Jerry Bryant, an exploit “was posted publicly that could allow an attacker to host a maliciously crafted web page and run arbitrary code if they could convince a user to visit the web page and then get them to press the F1 [or help] key in response to a pop up dialog box.”

Is it time to change your browser? Maybe the EU has it right.

Related posts:

1. 2010 CyberSecurity Watch Survey Cybercrime threats posed to targeted organizations are increasing faster than...
2. If Microsoft can do it, why not McAfee? Yesterday, a faulty McAfee anti-virus update labeled a critical Microsoft...
3. IKEA Facebook scam cons 40,000 users These types of attacks have become the norm on Facebook. ...

The ballot box will be pushed to Windows users running XP, Vista and Windows 7, via an automatic software update, and will only be shown to computer users who are not already running a different default browser. The list of offered browsers are:

* Avant
* Google Chrome
* Mozilla Firefox
* Flock
* GreenBrowser
* Internet Explorer
* K-meleon
* Maxthon
* Opera
* Apple Safari
* Sleipnir
* SlimBrowser

I’m not sure how I feel about this. Competition is always good however users savvy enough to care already know they can download and run any of these browsers. I agree with Microsoft on the point that this will just add to the confusion of many users.

Related posts:

1. Microsoft warns of new IE bug being exploited by hackers Microsoft Corp. today warned of a critical vulnerability in Internet...
2. Microsoft says Do Not Call for Help! If it sounds like a horror movie….well, that’s because is...
3. France, Germany warn users against Internet Explorer France and Germany have warned web users against using ALL...

Actually, I enjoyed the article. I found it very informative. Security in business is a means to an end, NOT the end itself. As a security professional, I can totally appreciate most of the responses here but that’s not the view from the board room. To be effective at the executive level, we have to be able to speak their language and do our best make clear the value of security to the business bottom line. In some cases, that’s fairly easy to do ( as it was when I worked in the financial world ), other times it’s more challenging. Ranting and raving is not the solution, we have to adapt to the business needs as best we can.

Article: http://www.csoonline.com/article/550413/From_the_CIO_Why_You_Didn_t_Get_the_CISO_Job

Related posts:

1. Thoughts on Skype security Michael Gough, an information security specialist and president of the...
2. RSA 2010 Recap Today is the last day of RSA Conference 2010. If...

Digital steganography requires special software and organizations involved in ecommerce can mitigate the risk of insiders using steganography to steal customer data by controlling the applications that can be installed on employee workstations. Network and Host-based Intrusion Detection Systems can also be used to detect unusually behavior. User education and awareness training can help make users more aware of the risk posed by downloading files from the Internet. Users can also be trained to verify the origin and authenticity of files using the hash files before downloading them.

If one suspects his/her financial information has been compromised by any means, including steganography, one should immediately communicate the fact to all affected financial institutions and close the affected accounts. Keeping an updated antivirus provides some level of protection however antivirus is ineffective against malware whose signature hasn’t been provided by the vendor. Often times, it is nearly impossible to detect ecommerce-based attacks until after the fact. It is important to closely monitor your accounts for unusual activities to be able to respond as quickly as possible

Related posts:

1. Moving data storage to the cloud? What’s your business continuity plan? Many trumpet increased availability as a reason to move to...
2. Defend your Small Business against Online Bank Fraud Is your banking practices putting your business at risk? Protect...
3. How to back up and restore your digital media Many organizations realize that backing up critical data is an...

How well do you know your 500 best friends on Facebook? How much do you trust the 1000 pals you follow on Twitter? Never mind the fact that if any of those accounts are compromised, you’re toast.

Robert Rivard over at MySANews writes:

Effective immediately, I’ve got cyber security religion. It’s scary out there, and I’m going on the defensive. You should, too.

Everybody else is kicking back on a Friday night, sipping a margarita, hanging with friends, planning Super Bowl Sunday. Me?

I’m changing passwords, downloading patches for outdated programs, running redundant anti-virus programs, sniffing for malware.

Read the rest of the great piece at http://www.mysanantonio.com/news/local_news/When_it_comes_to_cyber_security_trust_no_one.html

Related posts:

1. SMB Cyber Security Alliance helps Small Businesses address Cyber Security Risks Across all industries, small businesses are increasingly facing new threats...
2. CISSP All In One Book FIFTH EDITION has been released The fifth edition of this best-selling comprehensive CISSP training resources...
3. Brevity is the soul of…..getting yourself infected with all kinds of nasties! Would you click on the link : http://www.click-here-to-give-me-access-to-all-your-computer-files.com? No? How...

Related posts:

1. Security On A Shoestring SMB Budget The e-mail appeared to be an invitation from an old,...
2. From the CIO: Why You Didn't Get the CISO Job Below are my comments to an article posted in CIO...
3. SMB Cyber Security Alliance helps Small Businesses address Cyber Security Risks Across all industries, small businesses are increasingly facing new threats...

The Washington Post, quoting unnamed sources, reported yesterday that the NSA and Google are in the process of finalizing an agreement under which the NSA will help Google better defend itself against future attacks. Under the deal, the NSA would not get access to users’ search information or e-mail accounts and Google would not share any proprietary data, the source claimed.

Google isn’t the only company to get hacked. Will the NSA be extending this helping hand to all other multi-national corporations or just the one with access to all our personal data in some form or another.

The report states that Google approached the NSA shortly after the recent cyberattacks, which it said were launched from China. However, the deal will take time to hammer out because of the sensitive privacy issues involved. If the deal goes through, it will be the first time that Google has entered into a formal information-sharing relationship with the NSA, the Post quoted its source as saying.

The prospect world’s largest search engine company teaming up with the country’s largest spy agency   should clear up any illusion of the concept of privacy in the internet.

Related posts:

1. Google Acknowledges Privacy Issues With Buzz amid FTC complaint Although Google has acknowledged some of the privacy concerns with...
2. Google rolls out privacy reset for Buzz Google will ask users of its social network Buzz to...
3. Google pulls out of China Is this a divorce or separation?  I chronicled Google’s dysfunctional...

In 2006, Google chose the latter and faced much deserved criticism for it.  Google offered a new service in China – Google.cn-  in which they self-censored search results based on requirements by the Chinese government. This enabled them to provide a faster, more reliable service.  
In recent weeks, Google claims to have discovered that it has been targeted, along with twenty other large companies from a wide range of businesses–including the Internet, finance, technology, media and chemical sectors– by hackers in China with connections to the Chinese government. The hackers used a variety of very sophisticated attacks with the apparent goal of accessing Gmail accounts of China human rights activists. Google claims that their investigation concluded the attacks were not successful in attaining that goal. Google took the unprecedented steps of publicizing their findings, including reports to the US government which lead to criticisms expressed by  Secretary of State Hilary Clinton about  China’s lack of Internet Freedom. The Chinese Foreign Ministry responded by accusing the US of harming bilateral relationships by it’s rhetoric. Google has since reported that it will no longer self-censor Google.cn, a choice which was applauded by those critical of it’s previous position, but may ultimately lead to having to shut down it’s service in China.

The fact that China censors Internet traffic is no surprise given it’s well-documented history of restrictions to free speech. These restrictions are a fact of life in China and companies, like Google, seeking to do business in China have to find a way to contend with it. Google, not withstanding it’s business-conscious justifications, can in no way defend it’s previous stand of censoring search engine results to Chinese users. Although they were doing so in compliance with Chinese laws, it was still an ethically challenged decision. It is contrary to it’s own mantra –”Don’t be evil”  and the equivalent of being  complicit in the suppression of free speech in China. I believe Google should have stood it’s ground and made it clear that any service degradation it experienced in China was due to the Chinese government interference. I say this a spectator, however, and one who knows full well moral victories do not show up on the balance sheet.

Related posts:

1. Google pulls out of China Is this a divorce or separation?  I chronicled Google’s dysfunctional...
2. Google joins the 'kill-IE6' campaign Updated: I too have joined the fight. I’ve added a...
3. The Death of [the illusion of] Privacy on the Internet If this doesn’t scare you, it should. The Washington Post,...

In order to change settings for Internet Explorer, select Tools then Internet Options…

Select the Security tab. On this tab you will find a section at the top that lists the various security zones that Internet Explorer uses. More information about Internet Explorer security zones is available in the Microsoft document Setting Up Security Zones. For each of these zones, you can select a Custom Level of protection. By clicking the Custom Level button, you will see a second window open that permits you to select various security settings for that zone. The Internet zone is where all sites initially start out. The security settings for this zone apply to all the web sites that are not listed in the other security zones. I recommend the High security setting be applied for this zone. By selecting the High security setting, several features including ActiveX, Active scripting, and Java will be disabled. With these features disabled, the browser will be more secure. Click the Default Level button and then drag the slider control up to High.

It is also imperative to be very diligent in keeping your browsers fully patched. Most internet attacks via the browser are preventable as these attacks target vulnerabilities for which patches are already available. The victims simply have not installed them. If you use Internet Explorer, Microsoft puts out patches once a month. Your system should be set up to automatically download these patches and notify you or install them.

As to abandoning Internet Explorer, will this call be echoed my other countries ( including the US), I doubt it.  Most non-technical users aren’t following this story. Those on whom this may have a effect have most likely grown to prefer Mozilla’s Firefox or Apple’s Safari browser anyway. As I’m a Firefox user, maybe this will increase their market share.

Related posts:

1. Microsoft offering choice of browser to users in Europe Microsoft has been ordered to introduce the browser “ballot box”...
2. Internet Explorer 9 "Preview" Now Available Microsoft has released a preview of the new version of...
3. Microsoft says Do Not Call for Help! If it sounds like a horror movie….well, that’s because is...

Risk is an ever changing probability that a vulnerability, weakness, or lack of security control will be exploited by threat agent ( hacker, careless  employee, natural disaster, etc ) leading to negative consequences to an organization. Simply  put, the chances that something bad will happen. There will always be some degree of risk however a robust security program must be able to reduce it to a level acceptable to the organization’s management.  That is referred to as risk management. I recently had a consultation  with a small account firm that was about to lose its “IT guy”. He handled everything technical from configuring outlook on desktops to managing the company’s server which host their mission critical applications and was co-located “somewhere”. He visited the server several times a month apparently and no one knew why he went or what he did there. There was no documentation of any kind. He was about to leave in less than a week and they were in a state  trying to find a replacement. As seen in this example, single person dependencies are par for the course in small enterprises such as this but that leads to considerable risk, especially when the person is unhappy and leaving. My first advice to them was to have him document ( as best he could ) everything he did on a daily basis and why. Hopefully a lesson learned here would be to have his replacement do the same routinely.

As to the object of this risk, we have to refer to the three main  principles of security: Confidentiality, Integrity and Availability. A security program, regardless of the size of the enterprise, should protect against the risk of unauthorized disclosure and modification of an organization’s data and ensure that it’s data and resources are available as needed. Risk management should include data, personnel, processes and physical and technical assets.

With those two concepts as a foundation, in this series, I will seek to outline steps to achieving practical security management.

Related posts:

1. Women in IT Security I recently had a conversation with a former student of...
2. Cloud Computing Security: An Insider's View As CSO of Qualys, Randy Barr is responsible for security,...
3. 2010 CyberSecurity Watch Survey Cybercrime threats posed to targeted organizations are increasing faster than...

Another excellent article on the subject has been recently published by MIT’s Technology Review titled Security in the Ether.  Lastly, I believe as organizations consider the a move to cloud computing,  the benefits and risks should be weighed.  For smaller organizations and new startups, the decision seems a relatively easy one. When I formed my consulting practice, using Google Apps for my email, calender, document sharing and other intranet services was an obvious choice. I could have almost as easily hosted and managed that infrastructure myself but my benefit – risk analysis showed that to be neither practical nor greatly beneficial. For larger enterprises that have already invested significant resources in building up an IT infrastructure, the decision should be a lot harder.  However, a thorough analysis of the benefits and risks should help move the decision one way or another.

Is your organization currently considered such a move?

XCXFHSYPDN3G

Related posts:

1. Cloud Computing = Loss of Confidentiality? Interesting excerpt from article in ITWorldCanada: “Adi Shamir, a computer...
2. Exploring Cloud Computing Information Leakage If you are in cloud computing security (or part of...
3. The real arguments for Cloud Computing As more vendors dive into the cloud computing market, every...

• Malicious employees or contractors being planted in targeted organizations to be the ” agent on the inside”. As you may well know, the greatest security risk to enterprises come from the actions or inaction of  its own users, whether by malicious intent or inadvertent errors. These users already have access to your resources. Awareness, Authentication, Access Control and Auditing are essential parts of any security program which seeks  to mitigate this risk.
• Hackers or malware compromising less protected assets to be used as a springboard to attack more valuable/protected assets (eg. end use desktops/laptops, misconfigured servers, etc) A combination of Vulnerability Assessment ( including Penetration Testing) and User Awareness program can help here. A pentest will help determine if your systems that interact with the wide world beyond are vulnerable but will not detect whether a curious user will “find” a usb drive in the parking lot and plug it in his/her system to see what’s on it. That’s where the awareness training comes in.
• Compromise of users. In these hard economic times, your employees may be more susceptible to bribery or extortion by those wanting to use their access for malicious purposes. User monitoring is very important. Part of the mandatory awareness training for users with supervisory responsibilities should include signs to look for to detect whether their employees are under any kind of duress, emotional or otherwise. Periodic credit checks might also be advisable depending on the nature of the business and the user’s role.

Is your organization adequately mitigating these risk factors?

Related posts:

1. How Steganography Can Be Used to Steal Your Financial Data Steganography is the means of “hiding” information within a larger...
2. What is the values proposition for allowing users access to social networks? What is the values proposition for allowing employees access to...
3. Raise your hand if you use the same password for more than one online account I completed an Internet Forensics training course this past week...

Related posts:

1. Facebook to share your information with other sites Facebook users are expressing strong disapproval of proposed privacy changes...
2. Pause your Google History Have you ever used your Google search history? If you...
3. Google Informs users of terminination of support for IE6 I received this email from the good offices of Google...

Related posts:

1. Is targeted botnets the next wave? Comments on the targeted botnet attacks being used to greater...
2. Conversations About the Internet 5 Anonymous Facebook Employee; Facebook security pretty much what youd expect? An interview claiming to be with a facebook employee discusses...
3. Use Google Apps or Gmail? Avoid getting hacked! It can happen to the best of us. Blogger and...

Related posts:

1. More on Secure Online Banking As a follow up to my previous post on online...
2. The real arguments for Cloud Computing As more vendors dive into the cloud computing market, every...
3. Effectively Scoping Application Security Penetration Testing and Ethical Hacking When seeking to test if your web based application or...

Back to “faster” and “safer” ,   you can test it yourself  as Google even has phone support set up to help you switch or just check out this article whose author has already gone through the trouble. As to security, the aforementioned article also touched on that and it isn’t all that impressive really.

So now that Google has access to all  my personal emails, phone calls, voice mails, search habits, documents, calendar, etc..why not just give them every website I visit as well. I mean, why not???

Related posts:

1. Facebook to share your information with other sites Facebook users are expressing strong disapproval of proposed privacy changes...
2. Google = Hubris! The Buzz Fiasco Raise your hand if you have a Gmail account you...
3. The Death of [the illusion of] Privacy on the Internet If this doesn’t scare you, it should. The Washington Post,...

Related posts:

1. Don't plan Federal Crimes on Facebook! There have been numerous stories recently about the fact that...
2. Blippy, the Next Evolution of Stupid At what point do we as a society realize this...
3. Brevity is the soul of…..getting yourself infected with all kinds of nasties! Would you click on the link : http://www.click-here-to-give-me-access-to-all-your-computer-files.com? No? How...

Related posts:

1. 2010 CyberSecurity Watch Survey Cybercrime threats posed to targeted organizations are increasing faster than...
2. Is targeted botnets the next wave? Comments on the targeted botnet attacks being used to greater...
3. SMB Cyber Security Alliance helps Small Businesses address Cyber Security Risks Across all industries, small businesses are increasingly facing new threats...