Confidentiality
Description:

Information cannot be obtained, copied, used or disclosed; without proper authorization.

How dangerous is image file metadata?

Unless your digital camera or camera equipped cellphone is more than fifteen (15) years old, the chances are good that any pictures taken with that device contain metadata; which describes the (who, what, where, when and how) conditions under which the picture was taken. The metadata is stored with the picture in an image file, and goes everywhere the file is copied, uploaded or downloaded. But as Catherine (Cat) Schwartz learned in 2003, certain kinds of image file metadata can be rather embarrassing. At the completion of a three (3) month qualitative risk assessment, The Assurer answers the question, “How dangerous is image file metadata?” Some of the more interesting results are that high risk probability for the iPhone 4 decreased 11.5% from the 3gs, while the amount of metadata created by the Droid 2 increased by 16% over the original Motorola Droid…

Updated — MocoSpace reveals private e-mail addresses

Vulnerabilities exist in social networking sites such as MocoSpace that, when exploited, can disclose the private e-mail address of targeted users. These vulnerabilities are caused by the interaction of the site’s internal e-mail system, with the external e-mail system that hosts a user’s private e-mail account.

Caveat on Verizon Droid 2.1-update1 OTA update lock pattern fix

My Motorola Droid finally received the much anticipated Over The Air (OTA) software update (version 2.1-update1) from Verizon Wireless. So, is the Verizon Droid pattern lock bypass fixed? Yes. But there is one little caveat…

The dark side of mobile Augmented Reality

As smartphones become more popular, the use of mobile Augmented Reality (AR) applications has increased. But there lurks a “dark side” to Augmented Reality. One that is not being publicly discussed, that affects us on many personal, civil, criminal, and national security levels.

A (temporary) countermeasure for the Verizon Droid pattern lock bypass

It has been observed that, as long as a Bluetooth device is paired, AND CONNECTED, to the Droid; the pattern lock bypass vulnerability does not occur.

Ramifications of smart-phone security problems, Droid or otherwise

In the time since TechCrunch and The Washington Post covered my disclosure of the Droid pattern lock bypass, I have been asked about the implications of this flaw for Motorola Droid owners.

Verizon Droid pattern lock bypass

One of the interesting features of Android smart-phones is the pattern lock screen. Instead of a four digit PIN, the phone is secured with a “pattern” of four to nine dots, arranged in a 3 by 3 square. This results in a possible 3,024 to 362,880 different combinations. Sounds pretty secure, right?

The GSM encryption “hack,” & how it affects you

The Wall Street Journal reports that German “hacker” Karsten Nohl demonstrated how it was possible to break the security of GSM cell phones, and to monitor conversations and text messages as they take place. However, before anyone starts fearing for their privacy, let us assess the real risk posed by this so-called breakthrough.

A Personal Security Classification Taxonomy (PSCT)

Learn how to create and use, a Personal Security Classification Taxonomy (PSCT) that is on par with how governments protect their own secret information. Includes real life examples of PSCT in action.

Mitigating social network data leaks

Data leaks on social networking sites allow web surfing behavior to be tracked by third parties.