Re: [funsec] Bank security
::sniff:: I love happy endings. :) On 3/10/2010 1:24 AM, Rich Kulawiec wrote: > On Mon, Mar 08, 2010 at 11:08:37PM -0500, Joel Esler wrote: >> Okay, so then what they do!? You've got me on the edge of my seat here. > > Well, at that very moment an iceberg the size of Rhode Island broke > off into the southern Atlantic, sending a wave careening into the > side of an ocean liner full of dyspeptic tourists on holiday from > Camden, New Jersey, sweeping overboard the laptop of the secondary > accountant's assistant and with it the only copy of the security > policy for the entire company. As the news of this rippled (heh) > through the fabric of the corporation, causing chaos throughout > the enterprise, I seized the opportunity to pull my copy of > Schneier's "Applied Cryptography" from my shoulder bag and pummel > the store manager until he collapsed backwards into the lacrosse > stick display and could only weakly moan his acquiescence to my > insistent demand that the fracking store give me a $32 credit. > > And a pony. I got a pony, too! > > ---Rsk > > ___ > Fun and Misc security discussion for OT posts. > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec > Note: funsec is a public and open mailing list. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Ford's SyncMyRide -- all your voice are belong to us?
Interesting news:
http://www.darkreading.com/vulnerability_management/security/client/showArticle.jhtml?articleID=223200163
Ya gotta love this lovely tidbit of fine print from the SyncMyRide
terms and conditions:
http://www.syncmyride.com/Own/Modules/PageTools/TermsAndConditions.aspx
Ford's Service provider Tellme Networks, Inc. ("Tellme"), a subsidiary
of Microsoft Corporation, may record and retain user voice utterances
("recorded utterances"), which are recordings of sounds made when the
TDI Service is in listen state and waiting for a user command or
response. These recorded utterances may include all sounds in the
vehicle, including the voice of the user and voices of other vehicle
occupants, while the service is in listen state. Tellme may also, at
Ford's request, randomly record and assemble in sequence, all voice
communications made from the time the Service is connected (by the
user pressing the VOICE button) to the time the Service is
disconnected.
("Whole call recordings (WCRs)"). WCRs will include voice utterances
and may include any other sounds in the vehicle, including the voices
of the user and other vehicle occupants, during the entire time the
Service is connected. Both recorded utterances and WCRs may be
associated with you or the cell phone number assigned to the Service.
Cheers,
--scm
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Re: [funsec] Ford's SyncMyRide -- all your voice are belong to us?
creeptastic
On Wed, Mar 10, 2010 at 10:36 AM, Shawn Merdinger wrote:
> Interesting news:
>
> http://www.darkreading.com/vulnerability_management/security/client/showArticle.jhtml?articleID=223200163
>
> Ya gotta love this lovely tidbit of fine print from the SyncMyRide
> terms and conditions:
> http://www.syncmyride.com/Own/Modules/PageTools/TermsAndConditions.aspx
>
>
>
> Ford's Service provider Tellme Networks, Inc. ("Tellme"), a subsidiary
> of Microsoft Corporation, may record and retain user voice utterances
> ("recorded utterances"), which are recordings of sounds made when the
> TDI Service is in listen state and waiting for a user command or
> response. These recorded utterances may include all sounds in the
> vehicle, including the voice of the user and voices of other vehicle
> occupants, while the service is in listen state. Tellme may also, at
> Ford's request, randomly record and assemble in sequence, all voice
> communications made from the time the Service is connected (by the
> user pressing the VOICE button) to the time the Service is
> disconnected.
>
> ("Whole call recordings (WCRs)"). WCRs will include voice utterances
> and may include any other sounds in the vehicle, including the voices
> of the user and other vehicle occupants, during the entire time the
> Service is connected. Both recorded utterances and WCRs may be
> associated with you or the cell phone number assigned to the Service.
>
>
>
> Cheers,
> --scm
> ___
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.
>
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Re: [funsec] Ford's SyncMyRide -- all your voice are belong to us?
On Wed, Mar 10, 2010 at 11:02 AM, Benjamin Brown wrote: > creeptastic I kinda think it gets better...or worse ;) >From what I've seen so far, the SyncMyRide registration site to obtain the "Vehicle Health Report" only requires a VIN. Those are easy to get, such as from Ebay Motors (and of course plenty of other places, the vehicle dashboard, accident reports, etc.). With the vehicle's VIN, *it seems* that anyone can go to SyncMyRide website, then register someone else's car to anyone's contact information (cell phone, email) to receive "Vehicle Health Reports." The tie-in of the registered cell phone to that vehicle' SyncMyRide service audio recording capability becomes an issue if we recall from the terms of service: "Both recorded utterances and WCRs may be associated with you or the cell phone number assigned to the Service" Btw, has anyone seen the actual "Vehicle Health Report" from SyncMyRide? Wondering what kind of info is there. Cheers, --scm ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Ford's SyncMyRide -- all your voice are belong to us?
Date sent: Wed, 10 Mar 2010 07:36:41 -0800 From: Shawn Merdinger > Tellme may also, at > Ford's request, randomly record and assemble in sequence, all voice > communications OK, so Ford and Tellme can record your conversations, and then assemble "random" bits in order to make an interesting and blackmailable (or otherwise embarrassing) piece? I think this is appalling, and should not be allowed. Like anyone would agree to the idea that it's in order for these really expensive, from Ford, to record everything you say. Come on, really, please! Or, as Tellme might say: I d Like to order really expensive, Ford, really, please! == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org Home is what the English have instead of social skills- Kate Fox victoria.tc.ca/techrev/rms.htm blog.isc2.org/isc2_blog/slade/index.html http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/NoticeBored http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
