Army.ca Forums

The Newsroom => Military Current Affairs & News => Topic started by: George Wallace on February 22, 2008, 15:19:39

Title: Do you really feel safe after you post on the Internet?
Post by: George Wallace on February 22, 2008, 15:19:39
Before you go any further, READ the whole scenario here:  Killing Keyboards   (http://forums.army.ca/forums/index.php/topic,71137.0.html)  http://forums.army.ca/forums/index.php/topic,71137.0.html   

QUESTIONS TO ASK YOURSELF

1     “I am no one they care about?”  

That may be true for now, but you never know when one on-line posting will bring YOU to their attention.

Chris was just another name in a file until they needed some inside information about his program.  It never occurred to him that an intelligence agency would target him for a piece of information, but they did.


Some things to think about.

Chris had no idea that just confirming that the Clariden DSP chip was in use would be enough to hurt or kill.  But that one small piece of information was the last piece in the puzzle that the enemy was putting together.

While Chris thought he was careful, it is difficult to know exactly what an adversary is looking for, and if what you have may be of benefit.



2     “I don’t have ANY adversaries!”

Feel like all of this “war” and “terrorist” or “adversary” talk is about someone else?

Take a quick look at some other groups that use these exact same on-line information gathering techniques.

Some things to think about.

Former girlfriends, boyfriends, divorced spouses.
Angry neighbors, people you only knew casually.
Disgruntled co-workers, employees, temporary workers.

Identity thieves.  (Try a Google search on your name.)
Pedophiles seeking information to convince your children that they should be trusted

Anyone else who might want a little information about you, even just to know you better than you want them to.



3     “I’m smarter than the enemy!”

It’s a common feeling.  People interviewed often say they know they are smarter than “some guy who is now just sitting in a cave hiding from us.”

Chris knew he was smarter than any adversary when he used careful expressions like, “I can’t say how I know.”

Some things to think about.

In addition to small radical groups, our adversaries are some of the largest nations in the world, who are willing to spend BILLIONS of dollars to gain an economic advantage.  Information theft is a good investment for them, even if they just trade it for something they want.

Some of the world’s best intelligence agencies are training young people as experts to go and gather information for them.  You are up against the experts!


4     “I don’t post on the Internet”

Not posting may help you somewhat, but it is just one example of how you can come to the attention of someone with bad intentions.

Another source is unencrypted email messages which are either misrouted, intercepted, or gathered by adversaries on discarded or poorly protected backup tapes.  Stealing backup tapes is a common occurrence.

Some things to think about.

Remember that Chris did not know about all of the information sources that had information about him.  He only thought about the sites he dealt with.  Most of the others you don’t have control over, but you do have control to encrypt email and post as little “account” information as you can on web sites.



5    “What about the Coffee Shop?”  

The coffee shop was a reminder that while there are good business reasons to target defense contractors, etc., as customers, those methods are also good ways to gather sensitive information.

Most front businesses will not be called “Terrorist Coffee” so you need to pay attention to the less obvious.

Some things to think about.

Free Internet also provides a way to capture network traffic, including personal email passwords that are often similar to work passwords.  Every puzzle piece helps them.

Free Quiet Rooms encourage “sensitive” conversations in rooms that may have listening devices.

By showing a badge, “bad guys” know any time a facility changes its badge, and when new security like “smart chips” are rolled out.  If they have infiltrated a facility, they know to update their fake badges by the next day.









Don’t feel hopeless

Increasing your awareness  that you really are a potential target,
remembering that being “clever” in a conversation or email is very likely to fail,
limiting what you can on the Internet, and encrypting all email and drive storage you are able to –  Really can make the difference!

Title: Re: Do you really feel safe after you post on the Internet?
Post by: Haggis on February 22, 2008, 15:24:58
So, I guess changing my screen name at Christmas didn't help???  ;D

Googling your name is a good idea, however it can yield some interesting and, at times, highly entertaining results.

Someone I know very well Googled her name and, although there were no hits for the "real her", she discovered she shares her name with a transvestite porn star. :o

Seriously, though, you could discover some interseting insights into your life and how you are seen on the World Wide Web.
Title: Re: Do you really feel safe after you post on the Internet?
Post by: OkotoksRookie on February 22, 2008, 18:48:20
Awesome post George!
Thanks!
Title: Re: Do you really feel safe after you post on the Internet?
Post by: Mr.Newf on February 22, 2008, 18:52:37
Awesome post George!
Thanks!
+1. I think everyone should read it.
Title: Re: Do you really feel safe after you post on the Internet?
Post by: TN2IC on February 22, 2008, 19:46:46
Bravo Zulu
Title: Re: Do you really feel safe after you post on the Internet?
Post by: Yrys on February 22, 2008, 20:22:34
and Chris story :


Killing with Keyboards (http://forums.army.ca/forums/index.php/topic,71137.0.html)

Title: Re: Do you really feel safe after you post on the Internet?
Post by: George Wallace on February 22, 2008, 20:34:49
I am so sorry if people got fooled by the big letters and missed the very first line of the topic.


Read the whole scenario here: Killing Keyboards   (http://forums.army.ca/forums/index.php/topic,71137.0.html)

QUESTIONS TO ASK YOURSELF

 ;D
Title: Re: Do you really feel safe after you post on the Internet?
Post by: Mr.Newf on February 22, 2008, 20:48:00
and Chris story :


Killing with Keyboards (http://forums.army.ca/forums/index.php/topic,71137.0.html)



Yeah, George posted the link in the first post.
Title: Re: Do you really feel safe after you post on the Internet?
Post by: Yrys on February 22, 2008, 20:54:26
 :-[

Saw it when I read George W reply ...
Title: Re: Do you really feel safe after you post on the Internet?
Post by: Mr.Newf on February 22, 2008, 20:55:29
:-[

Saw it when I read George W reply ...
Oh my, now I see that he said that hahaha.
Title: Re: Do you really feel safe after you post on the Internet?
Post by: milnews.ca on February 23, 2008, 09:53:47
Great piece - thanks for sharing.

Title: Re: Do you really feel safe after you post on the Internet?
Post by: milnews.ca on February 26, 2008, 06:04:56
Something from the CF on this, shared in accordance with the "fair dealing" provisions, Section 29 (http://www.cb-cda.gc.ca/info/act-e.html#rid-33409), of the Copyright Act.

Military warns soldiers not to post info on Facebook
CBC.ca, 25 Feb 08, 20:10 PM MT
Article link (http://www.cbc.ca/canada/edmonton/story/2008/02/25/facebook-military.html)

The Defence Department is advising Canadian soldiers not to post personal photos and information on social networking websites like Facebook, citing security concerns.

The advisory was circulated in a memo obtained by CBC News. It warns soldiers not to appear in uniform in online photos and not to disclose their military connections.

"Al Qaeda operatives are monitoring Facebook and other social networking sites," the memo says.

"This may seem overdramatic … [but] the information can be used to target members for further exploitation. It also opens the door for your families and friends to become potential targets as well."

The Defence Department says it is also concerned with postings of photos and information from the battlefront in Afghanistan.

On Feb. 14, military official Brig.-Gen. Peter Atkinson warned against such battle scene postings.

"The insurgents could use this information to determine their success or their lack of it … and determine better ways to attack us," he told reporters in Ottawa.

Military families are already heeding the Defence Department's advice.

Samie Marchand-Whittle, whose husband is in the Canadian Forces, has closed public access to the Facebook page she maintains for military families.

"It's scary to know that they could find out personal information about our families, our children, where we live," said the Edmonton mother of two. "It is really scary."

But Sunil Ram, a professor of military history and land warfare at American Military University, questioned the military's warnings about posting information online.

"What we're really talking about is censorship more than anything else," he said on Monday. "This is the military's attempt to control the imagery of what is actually happening on the ground."


Title: Re: Do you really feel safe after you post on the Internet?
Post by: sgf on February 26, 2008, 07:28:45
Quote
Samie Marchand-Whittle, whose husband is in the Canadian Forces, has closed public access to the Facebook page she maintains for military families.

"It's scary to know that they could find out personal information about our families, our children, where we live," said the Edmonton mother of two. "It is really scary."


If Marchand-Whittle was that concerned about her personal information, she should have kept her name and other personal information  out of this news release.
Title: Re: Do you really feel safe after you post on the Internet?
Post by: Yrys on February 26, 2008, 07:36:04
Yep, particularly seeing she's the only on facebook with that name...
Title: Re: Do you really feel safe after you post on the Internet?
Post by: George Wallace on February 26, 2008, 08:08:53
Something from the CF on this, shared in accordance with the "fair dealing" provisions, Section 29 (http://www.cb-cda.gc.ca/info/act-e.html#rid-33409), of the Copyright Act.

Military warns soldiers not to post info on Facebook
CBC.ca, 25 Feb 08, 20:10 PM MT
Article link (http://www.cbc.ca/canada/edmonton/story/2008/02/25/facebook-military.html)

But Sunil Ram, a professor of military history and land warfare at American Military University, questioned the military's warnings about posting information online.

"What we're really talking about is censorship more than anything else," he said on Monday. "This is the military's attempt to control the imagery of what is actually happening on the ground."



This is another reason to be very careful of what you post.  There are many "experts" out there who want nothing better than to gather their information from you.  This guy apparently knows nothing about Security Concerns and is posing as an expert to pick up tidbits so he can spew them to the media and look good.  He should in fact be expousing the same things as the CF and reinforcing their statement, but he is doing quite the opposite.  What agenda does he have to call this all folly on the part of the CF?
Title: Re: Do you really feel safe after you post on the Internet?
Post by: OkotoksRookie on February 26, 2008, 11:45:13
But Sunil Ram, a professor of military history and land warfare at American Military University, questioned the military's warnings about posting information online.

"What we're really talking about is censorship more than anything else," he said on Monday. "This is the military's attempt to control the imagery of what is actually happening on the ground."

There are times when censorship protects, This professor acts like theres a secret that the CF doesn't want you to know. The less information about individual military members there is on the net the safer their families and friends are imho and it sounds like thats more of what the CF is trying to do, not hide it's actions. A few of my buddies cancled their facebook accounts on this recomendation. I've considered dropping mine as well,
Title: Re: Do you really feel safe after you post on the Internet?
Post by: George Wallace on February 26, 2008, 14:19:29
If you really want to find out how out to lunch he is, try this little exercise:

Go to Killing with Keyboards (http://forums.army.ca/forums/index.php/topic,71137.0.html) and follow the steps as laid out there and see how much you can find on yourself or someone else.  It may take some time and imagination, but you will be surprised at what you may find.  Of course you will find many people with the same name, but with a little patience, you will be able to sort them out by address, nationality, employment, contacts and friends on Facebook, phone numbers, blog sites, etc. 

Give it a try.
Title: Re: Do you really feel safe after you post on the Internet?
Post by: Shamrock on February 26, 2008, 14:23:20
I found out George Wallace (http://www.imdb.com/title/tt0119189/)'s secret identity.
Title: Re: Do you really feel safe after you post on the Internet?
Post by: George Wallace on February 26, 2008, 14:43:45
I found out George Wallace (http://www.imdb.com/title/tt0119189/)'s secret identity.

Are you sure you got the right George Wallace (http://www.georgewallace.net/)?
Title: Re: Do you really feel safe after you post on the Internet?
Post by: D Squared on February 26, 2008, 15:10:25
I see you're a fan of Kangol hats Mr. Wallace  ;)
Title: Re: Do you really feel safe after you post on the Internet?
Post by: NL_engineer on February 26, 2008, 17:17:29
Something from the CF on this, shared in accordance with the "fair dealing" provisions, Section 29 (http://www.cb-cda.gc.ca/info/act-e.html#rid-33409), of the Copyright Act.

Military warns soldiers not to post info on Facebook
CBC.ca, 25 Feb 08, 20:10 PM MT
Article link (http://www.cbc.ca/canada/edmonton/story/2008/02/25/facebook-military.html)

The Defence Department is advising Canadian soldiers not to post personal photos and information on social networking websites like Facebook, citing security concerns

Seen this posted at work today, with a must read attached (the CANFORGEN anyway).  I am surprised this site was not mentioned, as it has been in the past.
Title: Re: Do you really feel safe after you post on the Internet?
Post by: DetectiveMcNulty on February 27, 2008, 00:05:47
If you really want to find out how out to lunch he is, try this little exercise:

Go to Killing with Keyboards (http://forums.army.ca/forums/index.php/topic,71137.0.html) and follow the steps as laid out there and see how much you can find on yourself or someone else.  It may take some time and imagination, but you will be surprised at what you may find.  Of course you will find many people with the same name, but with a little patience, you will be able to sort them out by address, nationality, employment, contacts and friends on Facebook, phone numbers, blog sites, etc. 

Give it a try.

Well it really does work, but it kind of makes me feel like a spy  :D

If I find you George, I'll be sure to send some flowers!
Title: Re: Do you really feel safe after you post on the Internet?
Post by: George Wallace on February 27, 2008, 00:12:04
Well it really does work, but it kind of makes me feel like a spy  :D

If I find you George, I'll be sure to send some flowers!

My pension as a former Foreign Minister has me living with a wonderful garden overlooking the ocean.  I don't really need the flowers.  A good bottle of Scotch may do though.    ;D



PS:  Thanks Shamrock!
Title: Re: Do you really feel safe after you post on the Internet?
Post by: sober_ruski on February 27, 2008, 03:08:20
Wow, that Chris guy must also work for GM. Where else would he get a 2004 Camaro  ;D


as for finding out about myself. Turns out i have stocks in some company (weird), and where/when i graduated from high school. Nothing else.
Title: Re: Do you really feel safe after you post on the Internet?
Post by: Michael O'Leary on February 27, 2008, 03:34:56
as for finding out about myself. Turns out i have stocks in some company (weird), and where/when i graduated from high school. Nothing else.

Don't be too sure of that:

Rank - Private (from profile)
Trade - Signals Operator (SIG OP) 00329-01 (former MOC 215) (from profile plus Google search to confirm trade)
Signals unit (from avatar)
Current location identifiable from IP
Russian home town - "my 80K home town in middle of nowhere Russia" (your post)
Father's military service - "base where my dad used to work" "2Lt in radio/missile watching place" (your post)
Canadian home town Vancouver - "my old high school there was a coop term with either Vancouver police or local RCMP" (your post)
Vehicle - 1993 Honda Prelude (your post)

So, I'm looking for a 21 year old signaller driving a Prelude who knows Russian.

And that's from a quick scan of about half your posts here.  All someone needs to do to scan all of a member's posts is to stay under the DS radar and be a good little member, posting nothing controversial. We don't even notice the members with clean IPs, nicknames and email addresses that aren't stupid, or that make few or no posts.  Anyone who diligently wanted to mine the data here for the type of collection described above would get plenty to work with. We all forget the tidbits we post, and seldom imagine the picture we present of ourselves on line.

Title: Re: Do you really feel safe after you post on the Internet?
Post by: sober_ruski on February 27, 2008, 03:38:25
where did you get the prelude part? :o

i was looking for one at some point, never found one i liked in good enough condition.
Title: Re: Do you really feel safe after you post on the Internet?
Post by: Michael O'Leary on February 27, 2008, 03:40:29
where did you get the prelude part? :o

i was looking for one at some point, never found one i liked in good enough condition.

http://forums.army.ca/forums/index.php/topic,51035.msg459875.html#msg459875
http://forums.army.ca/forums/index.php/topic,51035.msg459941.html#msg459941

Remember, first level information collecting can include inaccuracies.  These get refined in further investigation of high value targets.
Title: Re: Do you really feel safe after you post on the Internet?
Post by: sober_ruski on February 27, 2008, 03:47:56
argh, i give up. i'm screwed if i do and if i don't.

There is a reason why I did not use my icq number here. Did a quick search and found things i did a while ago and completely forgot about them :D

Still, where do I find a 2004 Camaro?
Title: Re: Do you really feel safe after you post on the Internet?
Post by: Hatchet Man on February 27, 2008, 14:39:26
This is another reason to be very careful of what you post.  There are many "experts" out there who want nothing better than to gather their information from you.  This guy apparently knows nothing about Security Concerns and is posing as an expert to pick up tidbits so he can spew them to the media and look good.  He should in fact be expousing the same things as the CF and reinforcing their statement, but he is doing quite the opposite.  What agenda does he have to call this all folly on the part of the CF?

I believe we have discussed the "expert" status of Mr Ram before, and he even came on this site to defend himself to boot.
Title: Re: Do you really feel safe after you post on the Internet?
Post by: Hatchet Man on February 27, 2008, 14:49:14
If you really want to find out how out to lunch he is, try this little exercise:

Go to Killing with Keyboards (http://forums.army.ca/forums/index.php/topic,71137.0.html) and follow the steps as laid out there and see how much you can find on yourself or someone else.  It may take some time and imagination, but you will be surprised at what you may find.  Of course you will find many people with the same name, but with a little patience, you will be able to sort them out by address, nationality, employment, contacts and friends on Facebook, phone numbers, blog sites, etc. 

Give it a try.

I have googled myself on few occasions, anyone wanting to find info will have a fun time sorting through all the pages, cause my last name means something dirty in another language  >:D
Title: Re: Do you really feel safe after you post on the Internet?
Post by: Tommy on February 27, 2008, 14:52:50
One more reason to own high powered weapons.....

not that I own any of those......   :-\ 
Title: Re: Do you really feel safe after you post on the Internet?
Post by: hauger on February 27, 2008, 15:10:22
Alright....so in the vein of on-line privacy....how's bout a tool for a person who wants to wipe clean all past posts....sort of a "click here and become anon again" button.  I'm guessing such a function might prove tricky to make a reality though...but if the database can search for past posts, it should be able to mass delete them too.  Granted...this would probably make a number of historic threads completely unreadable.

What about de-linking posts at a users request from the profile (after a certain time frame).  This preserves the thread integrity but lessens the ability to mine the forums for information.

Or....do us a favour and delete the "search for posts from this user" function.
Title: Re: Do you really feel safe after you post on the Internet?
Post by: George Wallace on February 27, 2008, 15:15:06
Alright....so in the vein of on-line privacy....how's bout a tool for a person who wants to wipe clean all past posts....sort of a "click here and become anon again" button.  I'm guessing suck a function might prove tricky to make a reality though...but if the database can search for past posts, it should be able to mass delete them too.  Granted...this would probably make a number of historic threads completely unreadable.

What about de-linking posts at a users request from the profile (after a certain time frame).  This preserves the thread integrity but lessens the ability to mine the forums for information.

Or....do us a favour and delete the "search for posts from this user" function.

You obviously didn't understand what the term "Cached" meant, nor the fact that those posts are cached on the www in a variety of locations used by Google.
Title: Re: Do you really feel safe after you post on the Internet?
Post by: hauger on February 27, 2008, 15:17:16
You obviously didn't understand what the term "Cached" meant, nor the fact that those posts are cached on the www in a variety of locations used by Google.

Very fair comment.  Damn Google & low, low price storage that allows near unlimited cashe.

T'was just thinking aloud about how to make things a bit more difficult is all.
Title: Re: Do you really feel safe after you post on the Internet?
Post by: hauger on February 27, 2008, 15:22:54
Hey wait a minute, isn't google cashe an opt out system?


From Google's web site:[/i]The "Cached" link will be missing for sites that have not been indexed, as well as for sites whose owners have requested we not cache their content.

 (source: http://www.google.com/help/features.html (http://www.google.com/help/features.html))


Ummm....just thinking out loud here....couldn't army.ca just, oh, I don't know, maybe ask google to cut out the caching?
Title: Re: Do you really feel safe after you post on the Internet?
Post by: George Wallace on February 27, 2008, 15:39:59
Have you heard about the "Wayback Machine (http://www.archive.org/web/web.php)"?
Title: Re: Do you really feel safe after you post on the Internet?
Post by: Haggis on February 27, 2008, 15:47:45
That's it!!

I'm not posting on the Internet any more.

.... oops! :-[
Title: Re: Do you really feel safe after you post on the Internet?
Post by: George Wallace on February 27, 2008, 15:58:31
In 2003, Mike had six updates (http://web.archive.org/web/*hh_/army.ca/) to his Army.ca homepage for this site.

This is his homepage on Dec 04, 2004. (http://web.archive.org/web/20041204071356/http://army.ca/)
Title: Re: Do you really feel safe after you post on the Internet?
Post by: George Wallace on February 27, 2008, 16:10:48
The NDP webpage from 28 Jan 2004. (http://web.archive.org/web/20050109013114/http://ndp.ca/)  Not much on it.  A link will take you to a Jack Layton news article (http://web.archive.org/web/20040524132207/www.ndp.ca/index.php?nid=294&page_id=401&).
Title: Re: Do you really feel safe after you post on the Internet?
Post by: uncle-midget-Oddball on February 27, 2008, 16:12:46
In 2003, Mike had six updates (http://web.archive.org/web/*hh_/army.ca/) to his Army.ca homepage for this site.

This is his homepage on Dec 04, 2004. (http://web.archive.org/web/20041204071356/http://army.ca/)

Wow, June 2004 :

Total Members: 2795
Total Posts: 75194
Total Topics: 16856
Total Categories: 5
Total Boards: 26

Quite the boom, I'd say.

Midget
Title: Re: Do you really feel safe after you post on the Internet?
Post by: George Wallace on February 27, 2008, 16:17:13
Here are the 8 Commitments that the NDP pledged in June 2004 (http://web.archive.org/web/20040603034531/http://ndp.ca/8commitments/)
Title: Re: Do you really feel safe after you post on the Internet?
Post by: NL_engineer on February 27, 2008, 16:27:41
One more reason to own high powered weapons.....

not that I own any of those......   :-\ 

I think I am going to have to do some shopping, maybe I'll get a few of these (http://www.remington.com/products/firearms/shotguns/model_870/model_870_xCS_marine_magnum.asp)
Title: Re: Do you really feel safe after you post on the Internet?
Post by: George Wallace on February 27, 2008, 16:42:02
It is amazing what you can find.  I wonder if Rxx was satisfied with the advice on text effects in Flash MX?  One can follow him through sites for pilots, find out his age and many other things such as check his address and all that stuff that is in the demo.  It just takes time and patience.  As the WARNING (http://forums.army.ca/forums/index.php/topic,71137.msg678656.html#msg678656) says, you don't even have to post on the internet to have your info there through some other means/person/corporation/database.  The phone company has posted your info.  The Cable companies.  Company nominal rolls are available in some cases.  Homepages contain the names personnel in Corporate hierarchies.  Schools post their alumni.  Newspapers print names and places.  Clubs, Volunteer Groups, and other Organizations publish fact sheets.  Blog sites, Posts on the Globe and Mail, National Post, Enmasse, etc. all bring up little factoids.  So a 30 year old pilot posting on various sites, is far from anonymous.

Posting style will also give a person away.  Take for instance a foul mouth character, who claims to be a US Army Reserve Airborne 1LT who crusades for the M113 to be named the Gavin.  Everyone immediately recognizes Sparky as soon as he goes on a rant on any site he has been on.  
Title: Re: Do you really feel safe after you post on the Internet?
Post by: garb811 on February 27, 2008, 17:34:47
George is making excellent points here and it's not only the bad guys you need to worry about but also your CofC/employer, your future employer(s), your friends, your family, your neighbour in the PMQs who has a grudge against you, the repo man, your future wife...the list goes on and on.   

The key for 99% of us is managing the exposure of the information you control to what you feel comfortable with.  As George has clearly illustrated, it is also important to realize that once it is on the Net, there is nothing you can do to completely erase all traces of it.  It's like that tattoo you thought looked so cool when you were a 16 year old rebel without a clue which is no longer so cool on a 35 year old professional...you have to live with your past decisions.

We as individuals not only need to exercise discipline but we also need to instill that into our friends and family as well.  It doesn't do you any good to be exercising good Internet Discipline only to have your Aunt Nellie posting emails and photos you send to her on her favorite "Support the Troops" site or your buddy Tim tagging you in a Facebook photo from a night on the town during your last TD.

And, you should really, really be considering moving to an encryption system for your email.  Like anything else on the web it is liable to interception without too much difficulty and it also leaves electronic tracks on any server it passes through.  There are very good, high quality products out there that you can use (some of which are free) to help safeguard your privacy.  Check out Hushmail (http://www.hushmail.com/), Pretty Good Privacy (http://www.pgp.com/) or gnuPG (http://gnupg.org/)/GPG4win (http://www.gpg4win.org/).  Hushmail has the added benefit that most other Webmail accounts lack of not sending your IP address in the header of the email.

For what it's worth though, the Net hasn't invented this problem, it has only made it much easier for people who want the info to get their hands on it.  For instance, in Canada you could always purchase directories which cross-referenced phone numbers to street addresses to names and easily learn who their neighbours were and the neighbours contact information.  If you had a library of those books you could easily reconstruct where a person had lived over a span of 10-20-30 years and you could find a neighbour from 20-30 years ago to talk to as well.  You could always go down to the courthouse and request the records of any trial which had taken place and you could go to City Hall and get the registered owner of any address...  The difference is, then it took some money and some work.  Now all you need to do it is have 10 minutes to spare and a basic understanding of how search engines work.

As for Facebook or anyother social networking site, go ahead and use it.  Just carefully manage what you put up there and don't be naive enough to believe that anything you put up there is private or won't be exploited (only by the site to make money if you're lucky), even if you have all of the privacy settings enabled.
Title: Re: Do you really feel safe after you post on the Internet?
Post by: garb811 on February 27, 2008, 17:37:40
Posting style will also give a person away.  Take for instance a foul mouth character, who claims to be a US Army Reserve Airborne 1LT who crusades for the M113 to be named the Gavin.  Everyone immediately recognizes Sparky as soon as he goes on a rant on any site he has been on.  

Heh...just like they used to tell you in Voice Procedure classes...stick to the approved greyman script and don't add your own personal "flair" lest you make it easy for the other side to track you.
Title: Re: Do you really feel safe after you post on the Internet?
Post by: Michael O'Leary on February 27, 2008, 18:34:56
As for Facebook or anyother social networking site, go ahead and use it.  Just carefully manage what you put up there and don't be naive enough to believe that anything you put up there is private or won't be exploited (only by the site to make money if you're lucky), even if you have all of the privacy settings enabled.

Great post garb, I would add one thing to this para:

Remain aware of what your friends are posting.  It won't matter how careful you are with your own online security if your friends have no concerns for their own or yours at all.
Title: Re: Do you really feel safe after you post on the Internet?
Post by: hauger on February 27, 2008, 22:26:04
Have you heard about the "Wayback Machine (http://www.archive.org/web/web.php)"?

Wayback is a neat site, I've played with it in the past.  Anyways....it'll helpfully delete past caches, as well as allow you to (through the use of robot.txt) to keep from being archived in the future.

It's all a moot point.  With storage and processing power costing what it does, any sufficiently motivated government could built and run a purpose-built web-crawling and archiving system.  Being careful and being aware of how much what you post gives away information is of course the most important vector towards protecting yourself.  This doesn't mean though a site like this will all its information baggage it carries couldn't maybe help out a bit with the privacy thing.  The steps would be easy (please take this as a constructive suggestion and not as a corrosive demand):

1. Write google, say, hey buddies, how's bout you cut out the caching?

2. Give Wayback a ring, see if they'd remove the archives they have.  If that's unpalatable, get them to only archive the front page. (actually, when I search wayback for army.ca, although it comes up, clicking on it makes it a bit grumpy...seems milnet doesn't like hot linking)

3. Allow users to either search and delete their posts, or allow them the option to remove "Show the last posts of this person." from their profiles (make their profile names unsearchable). 

But hell, if y'all don't want to do any of that, well, whatever then....I'm just going to keep myself and not spout off any real identifying info.  Oh....forgot to mention...I did think the original thread was excellent.
Title: Re: Do you really feel safe after you post on the Internet?
Post by: garb811 on February 28, 2008, 06:26:21
...any sufficiently motivated government, company, entity or individual could built can and has built and run a purpose-built web-crawling and archiving system.

There, fixed that for ya.   ;D

The thing is, this is no longer confined to the realm of governments.  With dirt cheap storage (a 1 Terabyte drive is $299 on tigerdirect.ca today), cheap bandwidth and free web crawling and data mining software, anyone can get into the business of data mining and archiving relatively cheaply.  If all you are concerned about is text, it doesn’t take up that much space.  A Terabyte of storage will hold about 1,000 copies of the Encyclopaedia Britannica and The National Archives of the UK, which covers 900 years of data, is only about 60TB in size so you really don't need a wallet the size of a G-8 Governement to get into the game anymore unless you want to start tackling encrypted traffic.

The problems with your suggestions for the site are although they look sensible and a good increase in privacy and security, they really don’t gain much.  As long as Mike keeps all items archived and searchable on the site, asking Google and Wayback to stop archiving the pages is pointless.  If they weren’t archived there, I suppose Mike could simply take the site down if the privacy and security concerns became that overwhelming but the bigger and more worrisome problem at that point is they would already be archived in the places we don’t know about which is where the damage can is really being done.  The only way to stop that is to password protect the entire site and only allow access to trusted and authenticated users and send all data via SSL but that would totally defeat the purpose of army.ca.  Even that wouldn't be enough though as I'd happily sell out Mike for $100 and use that money to finally pay for a subscription.   >:D

Disabling the “Show last posts of this person” doesn’t make it impossible to search for a user’s posts; you can do it via the general search tool as well.  We used to be able to edit and delete our posts at will but unfortunately what ended up happening was people would get upset and go back and edit or delete their comments not for privacy or security reasons but simply due to having a hissy fit after being “beaten” in a debate.  This had the effect of making entire threads nonsensical and unreadable.  Additionally, all it takes is for one person to quote your post and you have lost all ability to edit it….this is why some people here have developed the habit of quoting people they are debating; it is impossible for the other poster to alter their previous statements to make a rebuttal moot without it being obvious.  If you're that worried about something you've put up from a *SEC perspective and the grace period has passed, contacting a friendly mod is sure to solve the problem...at least on army.ca.

I make it a point to try to re-read my posts immediately after posting and then again before the time limit for editing expires.  The “sober second thought” not only lets me reduce the possibility of putting something out there which I don’t want but also lets me catch typos, grammar errors etc I missed the first time around.
Title: Re: Do you really feel safe after you post on the Internet?
Post by: Michael O'Leary on February 29, 2008, 00:50:40
If you want to know what can be done with data aggregators and your personal data, check this site:

http://www.zoominfo.com/
Title: Re: Do you really feel safe after you post on the Internet?
Post by: Yrys on February 29, 2008, 01:28:30
Or read an article :

'Loose lips sink ships' witness tells terrorism trial (http://cnews.canoe.ca/CNEWS/War_Terror/2008/02/25/4875140-ap.html) in U.S.
Title: Re: Do you really feel safe after you post on the Internet?
Post by: Tommy on February 29, 2008, 02:54:18
Which would explain the knee jerk reaction Ive seen from several co-workers when they caught wind of a new CANFORGEN comming out regarding facebook. and they removed everything military on it... well... everything that they have control over.....

Personally I am going to read the damned thing first, and go from there.... Im all for OPSEC and PERSEC and all that Jazz... but when the official sites still have Combat Camera, the Maple Leaf news paper etc... and the Army Website puts up most of the specs on the damned vehicles for all to see, then I'll wait, watch and shoot, and exercise a little common sense with it all...

until I need to start getting all super paranoid...... so far so good....
Title: Re: Do you really feel safe after you post on the Internet?
Post by: Yrys on February 29, 2008, 02:56:18
until I need to start getting all super paranoid

I'm a civil, so I may be wrong, but when that time come, won't it be already too late ?
Title: Re: Do you really feel safe after you post on the Internet?
Post by: sober_ruski on February 29, 2008, 18:22:35
If you want to know what can be done with data aggregators and your personal data, check this site:

http://www.zoominfo.com/

Well, apparently nothing :D
Title: Re: Do you really feel safe after you post on the Internet?
Post by: JesseWZ on February 29, 2008, 20:32:06
I am not on the DIN by virtue of being in ROTP at a Civi university. When this Facebook CANFORGEN comes out, is there a publicly available place to view it?
Title: Re: Do you really feel safe after you post on the Internet?
Post by: Michael O'Leary on February 29, 2008, 21:06:12
I am not on the DIN by virtue of being in ROTP at a Civi university. When this Facebook CANFORGEN comes out, is there a publicly available place to view it?

Someone will probably post it here, likely in this very thread.
Title: Re: Do you really feel safe after you post on the Internet?
Post by: Guy Incognito on March 01, 2008, 14:29:09
Recieved via email:

CANFORGEN 038/08 SJS 007 122025Z FEB 08
OPERATIONAL SECURITY
UNCLASSIFIED
REF: A-SJ-100-001, NATIONAL DEFENCE SECURITY INSTRUCTIONS (NDSI) -
30 SEP 98
1.THERE IS A HIGH LEVEL OF RISK INHERENT IN SOME OF OUR ONGOING MILITARY OPERATIONS. THE NEED TO SAFEGUARD OUR PLANS VULNERABILITIES AND TO PROTECT OUR INTENT FROM AN ADVERSARY IS A FUNDAMENTAL PART OF HOW WE CONDUCT MILITARY OPERATIONS. TRADITIONAL SECURITY MEASURES SUCH AS: PROTECTING VITAL INTERESTS AGAINST THEFT, DIVERSION AND SABOTAGE, DENYING UNAUTHORIZED PERSONS ACCESS TO VITAL INFORMATION ABOUT OUR OWN CAPABILITIES AND INTENTIONS, AND ASSURING THE LOYALTY AND RELIABILITY OF THOSE PERSONS WHO ARE AUTHORIZED TO HAVE ACCESS TO CLASSIFIED OR OTHERWISE SENSITIVE ASSETS, CONTINUE TO BE AN IMPORTANT ELEMENT OF OUR DAILY ROUTINE ACTIVITIES. WHAT I WOULD LIKE TO STRESS, HOWEVER, IS THE INCREASED PERSONAL AND COLLECTIVE VIGILANCE WE MUST ADOPT AGAINST THE INADVERTENT RELEASE OF INFORMATION, WHICH COULD BE EXPLOITED BY AN ADVERSARY
2.CANADIAN OPERATIONS ARE TAKING PLACE IN A VARIETY OF ENVIRONMENTS IN WHICH INFORMATION CAN BE READILY COLLECTED AND SHARED WORLDWIDE, IN NEAR REAL TIME. THE POTENTIAL SOURCES OF INFORMATION FOR AN ADVERSARY INCLUDE THE FULL RANGE OF OPERATIONAL, LOGISTICAL, ADMINISTRATIVE, FORCE DEVELOPMENT, AND PROCUREMENT DOCUMENTS. THEY ALSO INCLUDE FORMAL OR INFORMAL BRIEFINGS, DND OR CF WEBSITES, AND OFFICIAL OR UNOFFICIAL EMAIL EXCHANGES, CONVERSATIONS, WEB-BLOGS AND PHOTOGRAPHS AS WELL AS MOST ANY OTHER METHOD OF CONVEYING INFORMATION FROM ONE PARTY TO ANOTHER. WE MUST ALL THEREFORE BE MINDFUL OF THE NEED TO PROTECT OPERATIONALLY SENSITIVE INFORMATION, EVEN THOUGH THE INFORMATION MAY APPEAR INSIGNIFICANT ON ITS OWN. THE CAPABILITY OF AN ADVERSARY TO QUICKLY COLLECT AND PIECE TOGETHER INFORMATION CANNOT BE DISMISSED
3.THE NATIONAL DEFENCE SECURITY INSTRUCTIONS (NDSI) AT REF, DEFINE OPERATIONS SECURITY OR OPSEC AS AN OPERATIONAL DISCIPLINE DESIGNED TO DENY ACCESS TO, AND PROTECT OPERATIONALLY SENSITIVE INFORMATION FROM AN ENEMY, ADVERSARY OR ANYONE WHO COULD EXPLOIT THE INFORMATION OR INTENTIONS, CAPABILITIES, LIMITATIONS AND ACTIVITIES OF AN ORGANIZATION. THE BASICS OF OPERATIONS SECURITY (OPSEC) ARE EASILY UNDERSTOOD AND CAN BE EFFECTIVE IN SUPPORTING MISSION SUCCESS WHILE KEEPING PERSONNEL SAFE. SIMPLY PUT, OPSEC IS A WAY OF THINKING THAT REQUIRES US TO BE ATTENTIVE TO INFORMATION THAT IS OPERATIONALLY SENSITIVE OR DESIRABLE TO AN ADVERSARY, AND THEN TO TAKE PROACTIVE STEPS TO SAFEGUARD IT
4.OPERATIONAL SECURITY IS BOTH A PERSONAL AND A COMMAND RESPONSIBILITY. COMMANDERS AT ALL LEVELS SHALL INSTITUTE APPROPRIATE MECHANISMS USING THE OPSEC PROCESS TO IDENTIFY OPERATIONALLY SENSITIVE INFORMATION, AND SHALL ESTABLISH COORDINATED PROACTIVE MEASURES TO SAFEGUARD INFORMATION UNTIL SUCH TIME THAT THE RELEASE OF ANY PARTICULAR INFORMATION WILL NOT GIVE ANY ADVANTAGE TO AN ADVERSARY
5.IN GENERAL, WHEN ASSESSING THE SENSITIVITY OF INFORMATION, ANY INFORMATION DEALING WITH PERSONNEL, EQUIPMENT, INSTALLATION OR OPERATIONS COULD VERY WELL BE SENSITIVE, IF NOT SECRET, AND IF SO MUST BE PROTECTED FROM INAPPROPRIATE, INADVERTENT OR UNAUTHORIZED RELEASE. THIS APPLIES TO BOTH INFORMATION RELATING TO NATIONAL ISSUES AND ACTIVITIES, AS WELL AS ALL INFORMATION PROVIDED TO CANADA IN CONFIDENCE BY OUR ALLIES. SPECIFIC CATEGORIES OF OPSEC ARE OUTLINED AS FOLLOWS:

5.A. PERSONNEL RESPONSIBLE FOR PREPARING INFORMATION FOR RELEASE TO THE PUBLIC MUST ENSURE THAT OPERATIONALLY SENSITIVE INFORMATION IS PROTECTED FROM INADVERTENT RELEASE. THOSE PERSONNEL RESPONSIBLE FOR RESPONDING TO REQUESTS UNDER THE ACCESS TO INFORMATION ACT MUST BE FAMILIAR WITH THE ACT, AS WELL AS WITH THE PROCEDURES THAT HAVE BEEN PUT IN PLACE TO REVIEW OPERATIONALLY SENSITIVE MATERIAL BY THE INFORMATION SUPPORT TEAM ESTABLISHED FOR THAT PURPOSE WITHIN THE STRATEGIC JOINT STAFF

5.B. THE USE OF THE INTERNET CAN BE AN INVALUABLE TOOL FOR MANY THINGS, NOT THE LEAST OF WHICH IS TO STAY IN CONTACT WITH THOSE AT HOME WHILE PERSONNEL ARE DEPLOYED. IT IS IMPORTANT TO BE AWARE THAT THE INTERNET IS NOT SECURE. ALL TRAFFIC CAN BE MONITORED, AND MUCH OF IT IS OPEN TO INADVERTENT EXPLOITATION. ONLY UNCLASSIFIED/NON-SENSITIVE INFORMATION IS TO BE SENT ON THE INTERNET/DWAN OR STORED ON UNCLASSIFIED COMPUTERS. SENSITIVE INFORMATION MUST NOT BE PASSED ON, OR STORED ON COMPUTERS CONNECTED TO, THE INTERNET

5.C. IF NOT PROPERLY MANAGED WEBSITES, FORMAL OR INFORMAL, AND UNIT, FORMATION, OR OTHER NEWSLETTERS AND SIMILAR PUBLICATIONS CAN BE A MAJOR SOURCE OF INFORMATION FOR THE ENEMY. DND AND CF WEB SITES AND NEWSLETTERS MUST NOT DISCLOSE SENSITIVE INFORMATION, SUCH AS THE SPECIFIC CAPABILITIES OF OUR WEAPON SYSTEMS, THE DETAILS OF OUR OPERATING PROCEDURES OR OUR ORDER OF BATTLE, AND VERY IMPORTANTLY INFORMATION THAT CAN LEAD TO THE ENEMY BEING ABLE TO IDENTIFY AND THEREFORE TARGET INDIVIDUALS OR ORGANIZATIONS COOPERATING WITH THE CANADIAN FORCES OR ITS ALLIES IN AN OPERATIONAL AREA

5.D. PHOTOGRAPHS AND VIDEOS (E.G. YOU TUBE, ETC.) POSTED TO THE WEB IN ANY CAPACITY, INCLUDING DND/CF WEBSITES, SOCIAL NETWORK SITES, PERSONAL BLOGS, OR E-MAIL OR OTHER WEB-BASED CORRESPONDENCE (SUCH AS CHAT) MUST BE CAREFULLY CONSIDERED BEFOREHAND TO ENSURE THAT THEY DO NOT CONTAIN ANY INFORMATION THAT CAN BE OF USE TO THE ENEMY

5.E. SENSITIVE INFORMATION, WHETHER CLASSIFIED OR UNCLASSIFIED, SUCH AS OUR TACTICS, TECHNIQUES, AND PROCEDURES, OR OUR OPERATIONAL, ADMINISTRATIVE, AND LOGISTIC PLANS (INCLUDING OUR MOVEMENT PLANS), SHOULD NEVER BE DISCLOSED IN ANY UNCLASSIFIED WEB-BASED FORUM, PASSED BY INSECURE E-MAIL OR TELEPHONE, NOR DISCUSSED IN ANY MANNER WITH PERSONS WHO DO NOT HAVE A NEED TO KNOW

5.F. DOCUMENTATION MUST BE PROTECTED. IF YOU DO NOT WORK IN A CLASSIFIED AREA, YOUR SPACE MUST BE SECURED IF YOU ARE GOING TO BE ABSENT FOR MORE THAN A SHORT PERIOD OF TIME. CO-WORKERS IN ADJOINING CUBICLES SHOULD BE MADE AWARE OF YOUR ABSENCE AND LOCATION IF YOU WILL BE AWAY FROM YOUR DESK FOR SHORT-PERIODS OF TIME

5.G. CLASSIFIED OR SENSITIVE MATERIAL IS TO BE DISPOSED OF BY APPROVED METHODS. BLUE RECYCLING WASTEBASKETS ARE TO BE REMOVED OR MADE DIFFICULT TO ACCESS WHEREVER THERE IS A CHANCE UNCLASSIFIED INFORMATION CAN BECOME CROSS-CONTAMINATED WITH SENSITIVE OR CLASSIFIED MATERIAL - PARTICULARLY AROUND PRINTERS OR COPYING MACHINES

5.H. INFORMATION THAT FALLS INTO THE ABOVE BROAD CATEGORIES MUST NOT BE DISCUSSED IN PUBLIC PLACES, AND ONLY WITH A PERSON WHO HAS THE NEED TO KNOW. EVEN WITHIN DND BUILDINGS, CLASSIFIED OR SENSITIVE CONVERSATIONS MUST TAKE PLACE ONLY IN APPROPRIATELY CLEARED LOCATIONS
6.FINALLY, WE MUST ALSO REMEMBER THAT WHEN WE RETURN FROM DEPLOYED OPERATIONS, THE MISSION MAY HAVE ENDED FOR US, BUT IS LIKELY ON-GOING FOR SOMEONE ELSE. THEREFORE, WE MUST NOT LET OUR GUARD DOWN, BUT CONTINUE TO MANAGE AND CONTROL CLASSIFIED, SENSITIVE OR VALUABLE INFORMATION AND ASSETS DILIGENTLY TO PROTECT BOTH THE INTEGRITY OF THE ON-GOING MISSION AND THE LIVES OF CANADIAN AND ALLIED SOLDIERS, SAILORS, AND AIR PERSONNEL INVOLVED
7.THE ABOVE LIST IS NOT EXHAUSTIVE, AND EACH MEMBER MUST MAKE IT HIS OR HER PERSONAL RESPONSIBILITY TO ENSURE SENSITIVE INFORMATION IS NOT COMPROMISED. IF IN DOUBT, TREAT IT AS CLASSIFIED. THE CANADIAN FORCES ARE ENGAGED IN COMBAT OPERATIONS AND THE SAFETY AND WELFARE OF OUR PEOPLE ARE AT STAKE THINK OPSEC. WE MUST ALL DO OUR PART
Title: Re: Do you really feel safe after you post on the Internet?
Post by: Yrys on March 01, 2008, 14:35:00
Civilian question :

Recieved via email:

30 SEP 98

Does that mean they released that memo in 98 and are replublising it now ?
Title: Re: Do you really feel safe after you post on the Internet?
Post by: Teddy Ruxpin on March 01, 2008, 14:36:19
30 Sep 98 is when the reference came out.

Aside from the CANFORGEN noted above (which is hardly new information - similar warnings have come out from time to time), there is no "Facebook" message and nothing published that pertains to Facebook.  

And before someone posts an e-mail that states the opposite, I have one coined word to offer: "DINspam".   ;)
Title: Re: Do you really feel safe after you post on the Internet?
Post by: Yrys on March 11, 2008, 00:29:18
And, you should really, really be considering moving to an encryption system for your email.  Like anything else on the web it is liable to interception without too much difficulty and it also leaves electronic tracks on any server it passes through.  There are very good, high quality products out there that you can use (some of which are free) to help safeguard your privacy.  Check out Hushmail (http://www.hushmail.com/), Pretty Good Privacy (http://www.pgp.com/) or gnuPG (http://gnupg.org/)/GPG4win (http://www.gpg4win.org/).  Hushmail has the added benefit that most other Webmail accounts lack of not sending your IP address in the header of the email.

Just don't think that encryption is a panacea.

Memory trick breaks PC encryption (http://news.bbc.co.uk/2/hi/technology/7275407.stm)

Quote
Encrypted information held on a laptop is more vulnerable than previously thought, US research has shown.

Scientists have shown that it is possible to recover the key that unscrambles data from a PC's memory. It was previously thought that data
held in so-called "volatile memory" was only retained for a few seconds after the machine was switched off. But the team found that data
including encryption keys could be held and retrieved for up to several minutes."It was widely believed that when you cut the power to the
computer that the information in the volatile memory would disappear, and what we found was that was not the case," Professor Edward
Felten of the University of Princeton told BBC World Service's Digital Planet programme.

Volatile memory is typically used in random access memory (RAM), which is used as temporary storage for programs and data when the
computer is switched on.

Deep sleep

Disc encryption is the main method by which companies and governments protect sensitive information. "The key to making it work is to
keep the encryption key secret," explained Professor Felten. Encryption has recently become a hot topic after a number of laptops containing
 personal records were lost or stolen. "What we have found was that the encryption keys needed to access these encrypted files were available
in the memory of laptops," he said. "The information was available for seconds or minutes."

In theory, this is enough time for a hacker or attacker to retrieve the key from the memory chips. "The real worry is that someone will get hold
 of your laptop either while it is turned on or while it is in sleeping or hibernation mode," said Professor Felten. In these modes the laptop is not
 running, but information is still stored in RAM to allow it to "wake up" quickly. "The person will get the laptop, cut the power and then re-attach
the power, and by doing that will get access to the contents of memory - including the critical encryption keys."

Cool running

Switching the machine off and on is critical to any attack. "When it comes out of sleep mode the operating system is there and it is trying to
protect this data," explained Professor Felten. But a full power-down followed by a swift re-start removes this protection. "By cutting the power
and then bringing it back, the adversary can get rid of the operating system and get access directly to the memory." Professor Felten and his team
found that cooling the laptop enhanced the retention of data in memory chips.

"The information stays in the memory for much longer - 10 minutes or more," he said.

For example, where information stays in a computer for around 15 seconds under normal conditions, a laptop cooled to about -50C will keep
information in its memory for 10 minutes or more. Professor Felten said that the best way to protect a computer was to shut it down fully several
minutes before going into any situation in which the machine's physical security could be compromised. "Simply locking your screen or switching
to 'suspend' or 'hibernate' mode will not provide adequate protection," he added. "It does cast some doubt on the value of encryption. I think that
over time the encryption products will adapt to this and they will find new ways of protecting information."

link (http://news.bbc.co.uk/2/hi/technology/7275407.stm)
Title: Re: Do you really feel safe after you post on the Internet?
Post by: NL_engineer on March 11, 2008, 13:03:08
Looks like a self destruct device is in order, at least that way the the information can't fall into the wrong hands, and the would be hacker gets what he deserves  ;D. 

Even if it is powered off there are still ways for hackers to access data.

Title: Re: Do you really feel safe after you post on the Internet?
Post by: Rodahn on March 11, 2008, 13:36:08
To see your web address, just go to

www.whatismyip.com/
Title: Re: Do you really feel safe after you post on the Internet?
Post by: garb811 on March 11, 2008, 15:25:11
Just don't think that encryption is a panacea.

Sure, if you're to the point that you have material on your HD which is valuable enough and have attracted the attention of someone with the technical and physical capabilities for them to pull an attack like this off.  This is one of those "security holes" that looks scary in the lab but which is almost impossible to pull off IRL; doing something in the controlled environment of a lab does not mean it is anything beyond a theoretical threat.  Plus, the simple step of properly powering down the computer makes this impossible to pull off.

For 99.9% of us, this is a non-issue and we should be worrying more about having our laptop stolen for pawning rather than staying awake at night worrying someone is going to throw it into a vat of liquid nitrogen to try to strip the key out of volatile memory.

EDIT TO ADD:  And, a much more credible threat to this problem is to install a keystroke logger.  Walk by the target computer while it is on, pop a prepared flashdrive into a USB port and it's probably done as the vast, vast majority of computers do not have their USB ports blocked.  No need for anything fancy, the KISS principle works in espionage just like the military.
Title: Re: Do you really feel safe after you post on the Internet?
Post by: Nerf herder on March 11, 2008, 15:26:30
Something from the CF on this, shared in accordance with the "fair dealing" provisions, Section 29 (http://www.cb-cda.gc.ca/info/act-e.html#rid-33409), of the Copyright Act.

Military warns soldiers not to post info on Facebook
CBC.ca, 25 Feb 08, 20:10 PM MT
Article link (http://www.cbc.ca/canada/edmonton/story/2008/02/25/facebook-military.html)

The Defence Department is advising Canadian soldiers not to post personal photos and information on social networking websites like Facebook, citing security concerns.

<snip>

But Sunil Ram, a professor of military history and land warfare at American Military University, questioned the military's warnings about posting information online.

"What we're really talking about is censorship more than anything else," he said on Monday. "This is the military's attempt to control the imagery of what is actually happening on the ground."



Come on Ram, use that noodle of yours for one second will you?

There have been pictures in the past that were very much OPSEC concerns and violations, Lord only knows what will pop up in the future.

From one good picture you can gather all kinds of information, all it takes is one moment of poor judgment on a soldier's part and it's out there for ANYONE to see.

But you only see a conspiracy.        ::)

Regards
Title: Re: Do you really feel safe after you post on the Internet?
Post by: Eye In The Sky on March 11, 2008, 15:36:23
Even if it is powered off there are still ways for hackers to access data.

Would you mind telling how a hacker gets data from a powered-down system?  (assuming you mean remotely, that is, as opposed to slaving your HDD to their machine). 
Title: Re: Do you really feel safe after you post on the Internet?
Post by: NL_engineer on March 11, 2008, 15:57:33
Would you mind telling how a hacker gets data from a powered-down system?  (assuming you mean remotely, that is, as opposed to slaving your HDD to their machine). 


I meant physicaly, (thats the only way I can see it being done) but I will have to ask a friend now, as you got me wondering if remotely is still possible after the system is shut down.
Title: Re: Do you really feel safe after you post on the Internet?
Post by: hauger on March 11, 2008, 16:03:30
Would you mind telling how a hacker gets data from a powered-down system?  (assuming you mean remotely, that is, as opposed to slaving your HDD to their machine). 

I'm not entirely sure of the mechanics, but the gist of it works like this.  Someone steals a laptop with an encrypted HDD on it.  The encryption key is stored in DRAM, so, the evil hacker monkey who's out to get you plugs a bootable USB key it which has a naughty little piece of software on it that, upon booting, dumps the contents of the DRAM onto the key.  Now all our anti-hero has to do is grab the key from the USB key (following all the keys?) and they've cracked your HDD encryption.

Way # 2 is to, very shortly after the laptop's powered down, freeze the DRAM with a re fridgerant that keeps the DRAM info from fading away.  Then, with the encryption key happily frozen on the DRAM, they remove the ram, check the key, then get down to the business of looking at all your vacation photos you'd so diligently encrypted.

Search for it on google, it was big nerd-news last week.
Title: Re: Do you really feel safe after you post on the Internet?
Post by: Eye In The Sky on March 11, 2008, 16:03:55
NL_engineer

Don't waste your time or emabrass yourself...its not (remotely).   ;D
Title: Re: Do you really feel safe after you post on the Internet?
Post by: Eye In The Sky on March 11, 2008, 16:07:30
Hauger,

Key word in my post was remotely  ;)
Title: Re: Do you really feel safe after you post on the Internet?
Post by: garb811 on March 11, 2008, 16:08:29
It is also possible to power on a system remotely if it's Network Interface Card is "Wake on LAN".  Look at the your NIC when you have powered down your computer, if it is still lit-up, you have a WOL enabled card and theoretcially someone could power on your computer remotely.  If they knew your schedule they could power up your machine, log on via a trojan, do what ever they wanted and power down afterwards and you'd never be the wiser.

Wake on LAN mini Howto (http://gsd.di.uminho.pt/jpo/software/wakeonlan/mini-howto/wol-mini-howto-2.html)

Hauger:  That's the attack described in the article Yrys posted.
Title: Re: Do you really feel safe after you post on the Internet?
Post by: Mr.Newf on March 26, 2008, 19:32:09
Here (http://edition.cnn.com/video/#/video/tech/2008/03/26/intv.cyberstalking.facebook.sitham.cnn) is a pretty good video, espically about Facebook, on Cyberstalking.