Hackers Humble Security Experts; Discarded Drives Tell Secrets; Keeping Tabs Both Ways; Use of Secret Evidence Rejected

Hackers Humble Security Experts

A wisecracking group of hackers calling itself Gobbles Security confirmed that its claim earlier this week that it had spread an antipiracy virus was nothing but a hoax aimed at garnering fame, according to a story on Wired News today. Gobbles' advisory said the Recording Association of America had contracted the hacking group to develop a hydra-like computer worm that could infect MP3 music files and distribute them through file-sharing networks, compromising and cataloging the infected systems. News outlets picked up the word that the worm had already spread widely by exploiting security vulnerabilities in several popular music programs. Wired said that in an e-mail interview, Gobbles representatives admitted that they fabricated the RIAA claim to get attention. Discarded Drives Tell Secrets today reports that according to a new study by two Massachusetts Institute of Technology (MIT) graduate students, companies and individuals are frequently selling or giving away old computer disk drives with sensitive information still on them. The study analyzed 158 disk drives purchased through the online auction eBay.com, at computer stores, salvage companies and swap meets. Of those, 74 percent of the drives contained old data that could be recovered and read, and 17 percent contained fully installed and functional operating systems with user data that required no particular effort to recover. Another 36 percent had been freshly formatted, but still contained old data that could be recovered. Only 9 percent of the disk drives had been properly "sanitized" before being purchased. (And 29 of the 158 drives purchased did not work.) Data the study retreived included detailed personal and corporate financial records, medical records and love letters, as well as gigabytes worth of personal e-mail and pornography. This residual data problem stems from failures on the part of computer vendors and consumers alike, IDG News Service quotes Simson Garfinkel, a graduate student at MIT's Laboratory for Computer Science. Companies such as Microsoft Corp. that make operating systems are guilty of misrepresenting their products' "file delete" and "disk format" features, according Garfinkel. Those deleted files are note eradicated, but made available for overwriting should the disk space be required. With the growth of the secondary computer hardware market (see the CIO story Good Stuff Cheap), the handling of old computer data may be an area that requires government oversight, Garfinkel said.

IDG News Service

Keeping Tabs Both WaysNew York Times story today examines the trend of tracking technology. Location-sensing technologies based on satellite-based systems or infrared tracking are not new, writes the Times, but design advances have made the components small enough to fit into hand-held units, or to be built into bracelets or backpacks, relaying information that can readily be monitored on the Web. Couple that with a more security-conscious world, and suddenly tracking systems seem to be everywhere, keeping tabs on the whereabouts of children, elderly relatives and even belongings—in addition, of course, to helping drivers, hikers and sailors find their way from point to point. But even as such devices are becoming more attractive to consumers, the two-edged nature is also becoming more apparent.


Use of Secret Evidence RejectedWashington Post. In the case of Mohamed Atriss, Passaic County Superior Court Judge Marilyn C. Clark allowed the secret evidence in a bail proceeding in November and relied on it in doubling Atriss's cash bond to $500,000, an amount consistent with a charge of capital murder. The Post reports that she said the evidence came from a "credible witness" at the closed hearing, but she and prosecutors declined to provide details. Atriss, an Egyptian-born U.S. citizen, is apparently the only criminal defendant since the terror attacks to be barred from confronting the evidence against him

a right guaranteed in the Constitution.

A state appellate court has ruled that a local judge "lacked adequate basis" to allow prosecutors to present secret evidence against an Arab American man who was accused of selling phony identification documents to two of the Sept. 11, 2001, hijackers, according to a story in todays

Copyright © 2003 IDG Communications, Inc.

The 10 most powerful cybersecurity companies