STE WILLIAMS

The Information Commissioner in the Australian state of New South Wales, an officer whose job it is to offer and enforce best information management practice for the State, has apologised after sending an email to the wrong list.

The email in question advised of a conference at which the Commissioner, Deirdre O’Donnell, is due to speak.

But the mail, intended for members of the NSW Public Sector Right to Information/Privacy Practitioners Network, ended up elsewhere.

O’Donnell has issued an explanation and apology, to this effect:

Today you received an email addressed to members of the NSW Public Sector Right to Information/Privacy Practitioners Network.

This was incorrectly sent to you. I apologise for that. It occurred due to an administrative error in my office, which led to the unintended use of your email address.

The IPC maintains a general newsletter subscribers list and a separate list for the Public Sector Practitioners Group. The IPC newsletter subscriber list was provided to the Chair of the Practitioners Network instead of the Pracitioners’ List.

I can confirm that the email went to undisclosed recipients, so no personal information has been disclosed amongst those recipients. Immediate action is being taken to have the data retrieved and destroyed.

The Register received both the mistakenly-sent email and the apology, and can confirm that the first message identified only the sender. It also linked to two documents, stored in Google Docs, related to the operation of the Privacy Practitioners Network. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/11/20/nsw_information_comissioner_sends_wrong_email/

Palo Alto Network has gone virtual with the latest version of its next-generation firewall, the VM-Series. The tech, launched last week, is designed to protect virtual and cloud environments and comes as part of a wider industry push to market virtual security appliances.

Analysts Infonetics Research says the booming market for virtual security appliances is being driven by the adoption of cloud infrastructure buildouts and server virtualisation, among other factors. It adds that the virtual appliance vendor landscape is a crowded with a mix of established security players, virtualisation platform vendors and specialist vendors – all competing for market share.

“Many of the traditional vendors in the firewall space, including many of Palo Alto’s competitors, have virtual appliance solutions already, including Cisco, Check Point, Juniper, and many others,” Jeff Wilson, principal analyst for security at Infonetics Research told El Reg. “You can find virtual appliance versions of just about every gateway security product you can imagine (including SSL VPN, web security, mail security, IDS/IPS).”

Chris King, director of product marketing at Palo Alto, said traditional firewalls only look at port and IP address while Palo Alto’s looked at the identity of an application before making an access decision.

Traditional firewalls screen for port and protocol but Palo Alto’s technology also provides security controls based on application, user and content. Both of the new VM-Series firewalls from Palo Alto offer this capability.

Network traffic between virtual machines may not leave physical machines but workloads are constantly getting transferred between physical machines. That’s why different forms of firewall technology are needed to protect virtual and cloud environments.

Virtual security appliances from traditional vendors, according to King, fall short because application like SSH always normally need to be allowed for remote administration. Port 22 would therefore be allowed. But this can be abused.

“Traditional firewall assume traffic on port 22 is SSH and not something tunnelled over SSH,” King explained. “So if an administrator sets up a SSH tunnel from his home machine to do back-ups and perform admin tasks you’re setting up a node on a data centre network that his son also uses to play Call of Duty.”

“If this machine becomes compromised, then it [becomes] a backdoor into virtual server farms,” he concluded, adding that Palo Alto’s VM-Series technology is capable of blocking this type of attack scenario.

Palo Alto’s virtual firewall technology, which integrates with VMware vSphere, screens intra-host data centre applications regardless of port or protocol.

The VM-Series launch is part of Palo Alto’s strategy of allowing customers to roll out virtualisation projects without running into security or compliance concerns. The technology allows enterprise to safely enable applications in a virtualised data centre combined with the ability to secure intra-host traffic. The technology is designed for use in both virtualised data centres and private cloud infrastructures.

King said the future of data centres is both physical and virtual firewalls, potentially tied together under the same policy and management framework.

In addition to the VM-Series virtual firewalls, Palo Alto also launched a new, midrange next-generation firewall hardware platform (PA-3000 Series) and a management appliance for centralised control over a network of enterprise firewalls (the M-100 management platform).

The products, already available, are supplemented by the release of a new operating system, PAN-OS 5.0. The new firewall OS offers 60 new features for security in cloud environments, as well as improved management capabilities. PAN-OS 5.0 boasts an improved ability to scale and simplify network security management in large enterprise environments, enhanced IPv6 capabilities and increased control over SSL traffic, among other improvements. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/11/20/palo_alto_virtual_firewall/

John McAfee has taken time out from life on the lam to start a blog. The antivirus pioneer is wanted for questioning by Belize police in connection with the murder of one of his neighbours in the Central American country, although they maintain he is not a suspect.

McAfee’s neighbour, Gregory Faull, a fellow US expat, was shot dead on Saturday, 10 November. McAfee denied any involvement in the murder in an interview with Wired shortly afterwards. Police say that they only want to interview him as a material witness but McAfee said he has doesn’t trust the authorities, whom he alleged poisoned his dogs and wish to kill him. He denies these fears amount to paranoia.

Belize’s prime minister, Dean Barrow, said McAfee was “bonkers” and urged him to come forward to aid police with their investigation.

Last Friday, McAfee set up a new blog called The Hinterland – which has been confirmed as authentic by Chad Essley, a friend of McAfee who is writing a graphic novel about the anti-virus pioneer.

An entry on the blog on Sunday criticised police in Belize for the “systematic roundup of my friends and associates” since Faull’s homicide.

McAfee charges that police arrested his housekeeper, his British bodyguard, the bodyguard’s wife, a taxi driver who ferried McAfee away from his property, and McAfee’s best friend in Belize. Some of these individuals remain in police custody, according to McAfee, who is calling for the international community to apply pressure on local authorities to secure their release.

The Register has been unable to independently confirm whether or not these individuals are still being detained, although a Belizean news station is reporting that two of them are being detained on weapons charges.

A post on the blog dated on Monday offers a reward for information leading to the arrest of the person or persons responsible for Faull’s murder.

“I also needed to do my own investigation, since the police only seemed to be investigating my whereabouts. My safety is contingent on the truth being discovered. I today announced on NBC Television that I am offering a $25,000 reward for the capture of the person or persons responsible for Mr. Faul’s [sic] murder,” McAfee writes.

McAfee goes on to say that after spending two days a long distance from his compound he has returned to the neighbourhood of his home on the island of Ambergris Caye. He stated that, having donned various disguises, he watched police repeatedly searching his property as well as digging up his dead dogs.

“I watched the police dig up my four dogs that had been poisoned and buried. They cut off the heads and re-buried the bodies,” he writes, claiming that at one stage he disguised himself as a burrito salesman and on another occasion as a drunk German tourist.

Other entries in blog criticise a reporter at Gizmodo for harbouring a personal grudge and Wired for running pictures of McAfee shirtless and brandishing a shotgun alongside an interview with him denying involvement in Faull’s untimely demise. He alleges police may be attempting to frame him.

There’s also a guest post by Samantha, McAfee’s 20-year-old girlfriend, who appears to have gone on the run with the tech tycoon.

Essley said that the blog has allowed McAfee to directly express his views about his (frankly bizarre) situation.

“He’s got a lot of time to think and write and sort, and has been using the time to update his blog with some of the concerns about the Belizean government,” Essley told ABC News.

McAfee, who has begun working on the theory that Faull was killed as the result of a failed real estate deal, signed off the blog with a promise that it will continue to be maintained even if he is captured.

“If I am captured, this blog will continue. I have pre-written enough material to keep this blog alive for at least a year. In addition, the administrator, Chad, will continue to monitor comments. He will administer the reward and post any information received. In truth my continued involvement from this point is irrelevant,” he said.

McAfee has continued to give interviews to various news outlets during his eight days on the run and some reports suggest he may even be staying on his own compound, making it even more curious why he has yet to be picked up by police.

Relations between McAfee and local authorities have been strained since officers from the Gang Suppression Unit raided his property in May. The raid was carried out as part of an investigation into unlicensed drug manufacturing and possession of an unlicensed weapon. No charges were ever filed. ®

Bootnote

Former computer hacker turned security consultant Kevin Mitnick is offering top tips for McAfee on life on the run via his Twitter feed, including advice to ditch his girlfriend because “she’ll be the first to snitch on you when she is caught”.

“I cannot believe McAfee is naive enough to carry his cell phone as a fugitive. My prediction is that he will get caught soon.” Mitnick writes.

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/11/19/mcafee_hinterland_blog/

Socialite Jill Kelley, whose allegations of cyberstalking sparked the downfall of love-rat CIA director David Petraeus, was pressured by the spy boss and a top US general to prevent a radio DJ deep-frying a Koran.

Petraeus, who quit over an extramarital affair with his biographer Paula Broadwell, and Gen. John R. Allen, who heads American forces in Afghanistan, wanted to stop Florida shock jock Bubba the Love Sponge from cooking the Islamic sacred text.

The proposed stunt came nearly a year after Florida pastor Terry Jones’s threat to torch a Koran provoked protests and several killings around the world, although the book burning never took place.

Kelley reportedly emailed Tampa Mayor Bob Buckhorn for help in stopping the radio DJ. Her missives were revealed this week by the city’s leader.

“I have Petraeus and Allen both emailing me about getting this dealt with,” Kelley told Buckhorn in in an email on 7 March, Reuters reports.

In reply, Buckhorn said Tampa’s police chief would speak to a manager at Bubba’s radio station about the matter.

“OK. Can you keep me in the loop?” Kelley responded. “Gen. Allen will be calling me from Afghanistan at 1pm on this – and our next step.”

It’s a bizarre twist to the events that led to Petraeus’s resignation: Kelley, a volunteer at MacDill Air Force Base in Florida, had complained to an FBI acquaintance after receiving unwelcome emails from a cyberstalker. A subsequent investigation revealed Kelley had been emailed by Broadwell, Petraeus’s biographer and secret lover.

The Feds followed the trail to a Gmail account shared by the the CIA boss and his mistress, who were swapping messages to each other in a draft email folder, and confronted Petraeus over his extramarital fling.

The same investigation also discovered the exchange of “inappropriate” correspondence between Kelley and General Allen, leading to an indefinite delay of his planned appointment as Nato’s Supreme Allied Commander for Europe.

Kelley was a family friend of Petraeus and his wife, and also met Gen Allen when organising entertainment for senior officers at MacDill, which is close to her Tampa house and also home to the US Central Command, which oversees American operations in the Middle East.

Both generals were also friends with Natalie Khawam Wolfe, Kelley’s identical twin. The two military men wrote letters of support to Wolfe in a custody battle over her son with ex-husband Grayson Wolfe, a former Bush administration official who worked on Iraqi reconstruction.

Reuters adds that it was unable to confirm whether Allen called back about Bubba’s planned stunt. In her emails to the Tampa mayor, Kelley referred to herself as “ambassador to US Central Command’s Coalition”. Military sources said the title conferred no special privileges, was not exclusive to Kelley, and was purely honorary. ®

Bubbanote

Bubba has vowed revenge after Buckhorn described him as a “complete moron” in the email exchange with Kelley, according to local reports. The shock jock said he abandoned frying the Koran after his lawyer and the heads of the Hillsborough County Sheriff’s Office and the Tampa Police Department had a word with him.

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/11/19/bubba_the_love_sponge/

A US judge has accepted Google’s offer of just $22.5m to settle with the FTC over Safari cookies, despite pressure from a consumer rights group to stiffen the penalty.

District Judge Susan Illston decided that the agreement was “substantively fair, adequate and reasonable”, rejecting Consumer Watchdog’s objections that the penalty was too small and Google hadn’t admitted any liability.

Google got in trouble with the Federal Trade Commission when it was discovered that Safari browser users were being tracked by the firm’s cookies despite their privacy settings. The Chocolate Factory had already signed a legal agreement with the FTC over Google Buzz privacy blunders and promised not to do anything like that again.

In the Safari case, Google claimed ignorance of the cookies tracking Safari users all over the place and offered the small fine and to disable all the cookies it had placed on computers already by February 2014.

Consumer Watchdog said the fine wasn’t enough to cover the amount Google promised in the Buzz agreement if it breached privacy again.

“The statutory maximum would be $16,000 for each violation, and thus could far exceed the $22.5 million. Even if one-tenth of one percent of Safari users saw the misrepresentation, the statutory penalty would exceed $3 billion,” the rights group argued.

But Judge Illston said there weren’t enough consumer losses or Google profits to warrant a bigger fine. She added that there was no legal reason to reject the settlement because of Google’s refusal to admit its guilt. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/11/19/google_safari_settlement_accepted/

Australia’s high end tech research engine NICTA will take a pivotal role in an US$18 million US Defence project which will develop software to protect the systems in drones from cyber attack.

The US Defense Advanced Research Projects Agency (DARPA) awarded the 4.5 year contract to a global consortium, which includes Australia’s NICTA, the Boeing Company, Galois, the University of Minnesota and led by Rockwell Collins. A team of six to eight dedicated NICTA researchers will be placed on the project with more staff added at peak times in the project.

The project is part of DARPA’s High-Assurance Cyber Military Systems (HACMS) program, hatched earlier this year to produce ultra secure systems that are resilient to emerging cyber threats.

The HACMS program will focus on cyber-physical systems in the vehicle space, but it is anticipated that the tools and techniques developed in the program will be relevant to other kinds of systems as well.

The HACMS project will produce a set of open source tools integrated into a software workbench, which will be widely distributed for use in both the commercial and defense software sectors, according to DARPA.

A NICTA spokesperson said that the project will be using open source as much as possible but the specific elements are still being worked out.

The work will be undertaken by the same group of NICTA scientists that developed the internationally recognised, game changing , seL4 operating system. In 2009, NICTA researchers grabbed the global spotlight when they proved the correctness of 7,500 lines of C code in the seL4 operating system microkernel.

“NICTA’s selection for this project reflects our status as world leaders in the verification of operating systems. Now we will have the opportunity to greatly extend the scale, aiming to ensure the safety of a complete, real-world system, something considered impossible only a few years ago,” said Leader of NICTA’s Software Systems Research Group , Scientia Professor Gernot Heiser.

Key HACMS technologies include semi-automated software synthesis systems, verification tools such as theorem provers and model checkers, and specification languages.

HACMS aims to produce a set of publicly available tools integrated into a high-assurance software workbench, widely distributed to both defense and commercial sectors.

In the defense sector, HACMS plans to enable high-assurance military systems ranging from unmanned ground, air and underwater vehicles, to weapons systems, satellites, and command and control devices. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/11/19/nicta_develops_drone_protection/

Several senior police officials and the former deputy interior minister of Georgia have been arrested on suspicion of spying on former opposition leaders and attempting to influence the result of October’s parliamentary elections.

The arrests come after new prime minister Bidzina Ivanishvili’s coalition swept to power at the election, ending the nine-year rule of the government of president Mikheil Saakashvili, who remains in his post until October 2013.

The 11 interior ministry officials and former deputy interior minister and current vice mayor of Tbilisi, Shota Khizanishvili, are accused of hacking their opponents’ PCs to illegally obtain personal information. Phone taps of calls between leaders of Ivanishvili’s Georgian Dream coalition are also alleged, AFP reported.

Chief prosecutor Archil Kbilashvili said that the recordings – which show the coalition leaders criticising one another – were uploaded to YouTube by Ivanishvili’s bodyguard, who was bribed to do so by police.

Religious organisations are also said to have had their computers infiltrated as part of the cyber spy plot.

The arrests follow those on 7 November of former defence minister Bacho Akhalaia and chief of joint staff of Georgian Armed Forces Giorgi Kalandadze, who were detained on charges of abusing their power.

In response, Saakashvili supporters say they are the victims of political persecution, while Western leaders have also expressed concern.

European Commission head Jose Manuel Barroso warned Ivanishvili to avoid “selective justice”, AFP said. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/11/19/georgia_cyber_spy_plot_government/

Anyone in the bulk email business should know never to mix up cc: (“carbon copy”) and bcc: (“blind carbon copy”) – especially if the materials you’re sending out are Taliban press releases.

That was exactly the rookie mistake made by Taliban spokesman Qari Yousuf Ahmedi last week, ABC News reports, which resulted in Ahmedi inadvertently disclosing his full mailing list of more than 400 email addresses.

Ahmedi is one of two official spokesmen for the Islamic fundamentalist movement, the other being Zabiullah Mujahid. Ahmedi was reportedly forwarding a press release he received from Mujahid when he mistakenly put recipients’ addresses in “cc” field, causing contacts he meant to keep private to be viewable to everyone on the list.

According to the ABC News report, most of those addresses belonged to journalists. That’s bad news (no pun intended), because in war-torn Afghanistan, targeted attacks on journalists are commonplace.

According to Nai, an Afghan media watchdog group, there have been 121 acts of violence against journalists in the last three years alone, an average of more than three per month.

One reporter outed by Ahmedi’s error was Mustafa Kazemi, a prolific blogger whose Twitter feed has more than 9,500 followers. On November 10, Kazemi turned to the micro-blogging service to announce the leak:

Taliban have included all 4 of my email addresses on the leaked distribution list of 500 email addresses. Quite reassuring to my safety.

— Mustafa Kazemi (@combatjourno) November 10, 2012

In later posts, Kazemi explained that the leaked email addresses were not limited to the media, but also included addresses from the US and Afghan governments, in addition to “a large number” of Taliban personnel.

ABC expounded further, noting that academics and activists were also included in the list, as were members of other, non-Taliban militant groups.

It may surprise some to learn that, for a fundamentalist religious group that imposes a strict, archaic interpretation of Islamic law, the Taliban is fairly modern where communications are concerned. The group regularly uses its email list and various blogs to issue press releases, generally to claim responsibility for attacks.

Earlier this year, Qari Yousuf Ahmedi told the Arabic newspaper Asharq Alawsat, “Visiting websites is not more difficult than joining jihad and the battlefield. More important than visiting websites is winning over the minds and hearts of the masses who visit websites.”

Ahmedi also has his own Twitter feed, though as of this writing he has not posted anything about his email gaffe; in fact, it has been silent since November 6. Your intrepid Reg reporter couldn’t find a Facebook page for him, either, though he has claimed to have one. Maybe that’s one thing he knows how to keep private? ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/11/16/taliban_leaked_mailing_list/

Why write on a friend’s Facebook wall when you could send them cupcakes and they could chose the flavour of the cupcakes? That was Facebook’s big pitch to users last night as they announced the rollout of Facebook Gifts at a glitzy New York media event.

In an attempt to get people using their credit cards on the social network, Facebook have announced many more partners on their Gifts service, rolled it out to more users and have started a publicity push aimed at capturing the Christmas gift trade.

Facebook first mooted the idea of Gifts back in September, as we recorded at the time ‘Facebook’s latest brain wave: Flogging REAL fluffy tat‘.

The exciting journey of the Facebook gift, screengrab Facebook

Gap, furniture shop Fab, Brookstone, clothes brand Dean Deluca, L’Occitane, Lindt, ProFlowers, book-sellers Random House, NARS Cosmetics, and wine sellers Chandon are on the list of retailers signed up as Facebook gift-providers. And there are some virtual partners too – users can give each other Hulu, Pandora and Rdio subscriptions.

By visiting another user’s wall you can choose to send them a gift: now one of the three options for interaction on the top of a friend’s wall. The gift can be chosen, paid for and sent on Facebook, and will be processed by the retailer, arriving with the recipient in a few days.

The recipient can see the order on Facebook and actually tweak it – adding their own address and even changing the present – not exactly switching a cupcake delivery for a box of champagne – but tweaking the size/style/flavour of whatever it is you sent them. You can even post a self-congratulatory note on your own wall saying that you sent your lucky friend a gift.

It remains to be seen whether the social platform has anything to offer users as a shopping platform, given that so many successful ones already exist, Amazon for example.

That’s presumably why Facebook is to be ramping up the social advantages of shopping – gift switching etc. The convenience of the service could go in its favour.

So give them a gift, and give Facebook your credit card details and friend’s home address while you’re at it. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/11/16/facebook_gifts_relaunch/

Quotw This was the week when Belizean police started the search for securities firm founder John McAfee, a suspect in the murder of his neighbour.

McAfee appears to be on the lam from the police, hiding under sand and issuing statements to the media about his “persecution”. The antivirus pioneer claimed that the police were trying to set him up to take the fall for the murder of American expat builder Gregory Faull, who had filed a complaint last week about McAfee. He protested that he was innocent:

Under no circumstances am I going to willingly talk to the police in this country. You can say I’m paranoid about it but they will kill me, there is no question. They’ve been trying to get me for months. They want to silence me. I am not well liked by the prime minister. I am just a thorn in everybody’s side.

He also alleged that his property’s guard dogs had been poisoned by “black-suited thugs” who were dropped off on the beach at his house by the Belizean coast guard. He said there was no way that Faull could have been the one to kill the four hounds:

This is not something he would ever do. I mean, he’s an angry sort of guy but he would never hurt a dog.

In response, Marco Vidal, head of Belize’s Gang Suppression Unit, which is trying to track McAfee down said:

Absolutely no truth. This guy amazes me every day. We don’t have anything personal against Mr McAfee. There is no need for us to poison dogs.

The prime minister, Dean Barrow, also denied that he was out for McAfee:

I don’t want to be unkind, but he seems extremely paranoid – I would go so far as to say bonkers. He ought to man up and respect our laws and go in and talk to the police.

In a strange twist, a police spokesperson then told CNN that McAfee wasn’t a suspect and actually they just wanted him to come in for “questioning”. Raphael Martinez said:

He needs to come in so that we can clear the air. We are law-abiding people here. We follow the laws to the letter. We believe at this point that he has absolutely no fear of being killed by anybody.

In Blighty, tech majors Amazon and Google, along with coffee chain Starbucks, faced a roasting from MPs who couldn’t understand just how the companies had paid so little corporation tax in all their years in the country.

The Public Accounts Committee went first to HMRC to find out why the tax authority wasn’t the one pursuing the firms for their explanations. But chief exec Lin Homer said there wasn’t a gosh-darned thing HMRC could do about it:

All HMRC can do is to apply the laws and what I am acknowledging is that in an international setting, multinational businesses can choose to some extent where some parts of their business are based and they can choose where some of their profits are based.

Then it was the turn of the companies, whose representatives acquitted themselves none too admirably in their mealy-mouthed attempts to deflect the MPs’ questions.

Amazon’s director of public policy Andrew Cecil was perhaps the most ridiculous in his claims that the firm had no idea what portion of its European sales took place in the UK because it only did those numbers for the whole of Europe, a claim met with understandable derision from the committee.

Follow-up questions got a number of “I don’t knows” and “I’d have to checks”, enough that committee chair Margaret Hodge lost a little of her patience:

You’ve come with nothing! We will have to order a serious person to appear before us and answer our questions.

Google VP for sales and operations in Northern and Central Europe, Matt Brittin, admitted that the Chocolate Factory set itself up in tax-favourable locations but tried to say it was all down to getting the best value for shareholders, which rather fell down when it came to Bermuda, since that tax-avoiding cash didn’t get back to the States.

Brittin’s continued protestations that Google didn’t do anything legally wrong were given short shrift as well.

Hodge said:

We’re not accusing you of being illegal, we’re accusing you of being immoral.

And finally, World+Dog got quite the shock when Windows 8 chief Steven Sinofsky said he was leaving the company just a few weeks after the new OS launched.

Sinofsky claimed it was his own decision and tried to head the rumours off at the pass:

Some might notice a bit of chatter speculating about this decision or timing. I can assure you that none could be true as this was a personal and private choice that in no way reflects any speculation or theories one might read about me, new opportunities, the company or its leadership.

But even his replacement, Julie Larson-Green, admitted she was in a bit of shock about the whole thing. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/11/16/quotw_ending_november_16/