A well-known security researcher and cybercrime foe appears to have gone missing in Bulgaria and is feared harmed, according to a news organization that hosts a blog the researcher co-writes.
Bulgarian researcher Dancho Danchev, who writes for ZDNet’s Zero Day blog, is an independent security consultant who’s garnered the enmity of cybercriminals for his work tracking and exposing their malicious activity. He has often provided insightful analysis of East European criminal activity and online scams.
A big clue in the case is that Danchev supposedly sent an “insurance” letter with photos to a friend before he disappeared. The letter accuses the Bulgarian government of monitoring him. The wiring in the photos, however, are exposed and easy to see; it does not look like professional surveillance work, which I would suspect Danchev also knew.
They accuse the software giant of failing to protect users by delaying a fix for a vulnerability (announced last November) and putting it only into Android 2.3 (the “Gingerbread” release).
A fix for what, you may ask:
Perhaps the easiest win though, is that you can grab anything off of the SD card. You might ask, “Anything?! What about the user separation?” Well, because the SD card has been formatted with the “vfat” (aka “fat32”) file system, there is no concept of ownership. All files are owned by the same user id since the file system itself cannot encapsulate who created which file. As Thomas said, files in the SD card that have predictable names are ripe for the picking. This includes pictures and movies. These may in fact be some of the most private data on your device.
I will be presenting at RSA 2011 in San Francisco:
Session ID: CLD-204
Title: Cloud Investigations and Forensics
Scheduled Session Times: Wednesday, Feb 16, 1:00 PM
Room: Orange Room 305
Abstract: Cloud computing’s growth in popularity has been due to the lure of inexpensive and redundant storage, computation and services. This presentation provides an analysis of what happens when things go wrong, by looking at real-world cloud computing investigations and digital forensics. It proposes a set of technical and legal recommendations to reduce risk.
Naomi Klein, author of “The Shock Doctrine”, asks in her TED presentation “What makes our culture so prone to the reckless high-stakes gamble, and why are women so frequently called upon to clean up the mess?”
One thing that comes to mind when I watched this was how President Bush signed an executive order on July 14, 2008, just before the end of his term, to lift the moratorium on offshore drilling in the eastern Gulf of Mexico and off the Atlantic and Pacific coasts. The moratorium was put in place in 1990 by his father. A year earlier President Bush lifted the moratorium from drilling in Alaska, also put in place by his father.
I thought the risk policy differences, between these two men, would have been at least mentioned.
a blog about the poetry of information security, since 1995
