Protect IP and the Professors’ Letter

Archive for July, 2011

Protect IP and the Professors’ Letter

Posted by

Back in May, US senator Patrick Leahy (D-VT) introduced Senate Bill S.968. This bill is also known as the Protect IP Act (Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property) of 2011. The bill is aimed at giving the government the power of copyright enforcement online. The bill is currently on hold.

The proponents of the legislation point to the wide range of intellectual property abuses on the Internet. If passed into law, Protect IP would allow the US government to directly offline websites that are infringing. As we have heard for years from the RIAA and MPAA, IP theft results in the loss of billions in revenues yearly.

Opponents object to giving the government the power to offline websites. There are due process concerns as well as free speech concerns. As we have seen in other countries, these types of powers lend themselves to misuse to silence opposition. There are also technical concerns as the bill mandates certain facets of DNS.

Yesterday, on the Intellectual Property Briefing site, Jeff Kettle posted an article on the bill.

“The most recent opposition has been the ‘Professors’ Letter.’  Backed by ‘108 professors from 31 states, the District of Columbia, and Puerto Rico,’ this report to the members of Congress addresses three major issues with the Protect IP Act.  The report states that the Act ‘has grave constitutional infirmities, potentially dangerous consequences for the stability and security of the Internet’s addressing system, and will undermine United States foreign policy and strong support of free expression on the Internet around the world.’”

Let’s hope the US legislature listens to all parties involved.

Find your personal credit cards, SSN, and passwords in a stack of documents

Posted by

Most of us have stacks and stacks of digital documents. I just checked and my Documents folder is 14 GB. That’s thousands of spreadsheets, text files, Word documents, and web pages. There is a chance, a risk, that sometime I put personal information somewhere in that stack.

Want to scour your hard drive for this personal information? Find credit card numbers, social security numbers, passwords, and the like? There’s a free tool available for this.

Identity Finder free edition for consumers:

Start protecting your identity on your computer for free and see the power of Identity Finder. Simply download, install, and run Identity Finder on your computer to find credit cards numbers and passwords that are vulnerable to identity theft and fraud. You can search files that commonly contain private personal information such as Word, Excel, PowerPoint, Adobe PDF, text, and html. Once found, use powerful tools to permanently delete files, remove passwords from Firefox and Internet Explorer for Windows, and secure sensitive information. Use additional built-in security tools like the Identity Finder File Vault and Shredder to make sure your identity is safe on your computer.

Browsing in public with PuTTY 0.61, Firefox 5.0, and Amazon EC2

Posted by

PuTTY 0.61 released today with a handful of performance enhancements for OpenSSH. This makes the following trick even more attractive, as can it effectively double the performance in some cases.

What trick? Create an encrypted tunnel for browsing the Internet in public. Otherwise people who are sharing that cafe Wi-Fi can see your traffic. Depending on where you are going, these people can even see your usernames and passwords. You start out drinking a latte and end up with some random posts on your Twitter feed and your email box sending out spam. Not good. Not good at all.

To prevent this, setup a remote computer that you can connect to when you are on the go. Then when you find yourself relying on free Wi-Fi — like at a hotel, at a airport, or where ever — you can connect back to this safe computer. All your traffic in public is secured between your notebook and that remote computer. Just for fun, I like to use the cloud (e.g., Amazon EC2) for my remote end.

At a high-level, the procedure is:

  1. Sign up for Amazon Web Services and provision a free server instance
  2. Download and configure PuTTY 0.61 to proxy SOCKS over SSH
  3. Download and configure Mozilla Firefox 5.0 to use the SOCKS proxy for Web traffic (HTTP, HTTPS, DNS, and IRC chat)


Out and About: GrrCon

Posted by

I will be out at the GrrCON conference in Grand Rapids on Friday, September 16. I am giving a session in the InfoSec Management track. The topic is on business continuity planning and risk management. Sound boring? No worries. There is an amazing line up of speakers covering a wide range of topics. Hope to see you there.

How asteroids falling from the sky improves security
An asteroid fell from the sky and the data center is now a smoking crater. At least, that’s the scenario that launches your business continuity planning. BCP asks the questions: what do we have, what does it do, what is the risk and what is the value? The answers to these questions are also essential build blocks of a risk management program. This presents an opportunity for the savvy information security professional. In this session, we will look at ways to co-opt business continuity to advance an organization’s information security.

iPad for the office

Posted by

It has been a bit over a year since I tossed paper and went with the iPad. I now use my iPad with stylus at all meetings and brainstorming sessions. I also regularly use it to check a project status and read documentation (with Safari and SharePoint), and occasionally to unwind with a movie. Below are the apps that I use and recommend.



  • WritePad // Natural handwriting notes with Boxwave stylus. I spend about 70% of my iPad use in this app.
  • Adobe Ideas // Whiteboarding ideas. I spend about 15% of my iPad use in here.
  • SharePlus // Requires SharePoint, but a great way to get documents onto the iPad securely. 10% of my iPad use.
  • OmniGraffle // Flowcharting app
  • iThoughts HD // Mindmaps app
  • All Purpose Calculator // Handy because it keeps a running tally of your operations.
  • Dropbox // A great way to get documents onto the iPad if you do not care about security.
  • Logmein // Remote control of computers, requires a LogMeIn account.
  • WinAdmin // Windows RDP client that supports multiple connections
  • TouchTerm SSH // Linux/Unix terminal over SSH



Others that people have recommended to me:

  • Evernote // Popular with my team, but I like WritePad better
  • Instapaper // Popular with the Lifehacker set, but I like Viigo on my BlackBerry

iOS Forensic website

Posted by

The iPhone Forensics book by Jonathan Zdziarski (NerveGas) is getting a little long in the tooth. The material covers iOS 2.x and Apple is now well into iOS 4.x, with 5.x on the horizon. The book is on iPhones and, of course, the iPad revolution is well underway. Where to now?

I see that Zdziarski launched an iOS Forensic Research website with up-to-date information. The site and its toolset are aimed at law enforcement and the military. He is also hosting a series of workshops (Advanced iOS Imaging and Investigation L-1) which cover a variety of forensics techniques on iPhones, iPods, and iPads. Here’s hoping the site is extended to corporate InfoSec professionals.