Tech Watch: Google Analytics reveals large amount of data

I have finally created another video, this time examining the features of Google Analytics. Many people are wondering what information Google collects on its users, and this video shows the information I am able to view about you, the visitors to my blog.

Most websites are equipped with a similar tracking feature. An important note is that Google Analytics does not allow website owners to view IP addresses, though I'm sure Google is tracking that information as well. Thus, though I am able to find lots of information about each of my visitors, I have no way of actually finding out who you are.

Read More

Tech Watch: Facebook Timeline creates security issues, possible phishing scams

For months, the Internet has been abuzz about Facebook's new Timeline feature. In addition to the redesigned profile, Facebook now gives you the ability to backdate posts - allowing you to add life events and tag them with an older date. As you can see at right (click for larger view), Facebook is asking for information about your relationships, children, pets, and more - even when you lost weight, had your first kiss, or moved into a new home.

I recently heard part of an NPR report concerning Timeline. The guest mentioned a great point: with the new information Facebook is looking to acquire, it makes it very easy to find answers to common password reset questions. As the Sixth Circuit decision was released yesterday (discussion here) concerning Sarah Palin's e-mail break in through the password reset feature, this is a great time to have the discussion.

This is part of what FB wants to know about your
birth, but they also want the story and pictures.

Suppose a person uses the life event feature to add all of their pets. Now, the first pet question is compromised. Mother's maiden name? She's probably listed as a family member (and constantly posts on your status updates!). What city were you born? Facebook now wants that, too.

As Facebook collects more data, it could also lead to more sophisticated phishing scams. Many scams now are unsuccessful because of mass e-mailing, hoping to find a person that matches the criteria. This would allow scammers to better target people with information they know to be accurate.

Perhaps now is a time to develop better questions such as "Who were you with when you had your first drink?" Never mind, Facebook is actually asking that now, too (as well as the location, year, and your story of how it happened).

Read More

Inventory search reveals evidence on digital camera; flash drive found under spare tire

The Court of Appeal of California has found an inventory search reasonable after police looked at images on a camera during the inventory. People v. Haraszewski, 203 Cal. App. 4th 924 (2012).

A police officer was headed to lock the gate at a public beach, but was notified that a car remained there. The officer was notified that a 911 call reported a man and boy at the nude beach that "did not seem right." As he was driving to the parking lot, the officer passed a car driven by a boy "about 11 or 12 years of age." The officer turned around and pulled the car over "on a suspected traffic violation and child endangerment." The man claimed he was giving the boy a driving lesson. A license check revealed the man was a registered sex offender.

The officer placed the man in the police car and began an inventory search of the vehicle, finding Vaseline, condoms, alcohol, a thumb drive, and a digital camera. A second thumb drive was also found under the spare tire in the trunk. A search of the camera revealed nude images of a boy on a beach. At the same time, the boy admitted photos had been taken at the beach.

On appeal, the defendant argued the camera was improperly searched, but the court found "there was a fair probability ... that evidence of a crime involving sexual molestation ... would be found in the digital camera and the thumb drives, and thus the warrantless viewings ... were supported by probable cause."

Flash Drive Technology
There was much more to the Haraszewski than I mentioned, but one of the points I wanted to make was that the defendant had hidden the thumb drive under the spare tire. Luckily the officer thought to check there, but it's not always so easy to identify.

For years, tech companies have been making it more and more difficult to identify flash drives. An American company is now producing cufflinks (shown right) that have two purposes - one acts as a 2GB flash drive, and the other creates a wi-fi hotspot (the pair is priced at $250).

Also, be sure to check out this former post on a flash drive that has a combination case and encryption.

Read More

Tech Watch: TrueCrypt provides open source file encryption, hidden drives

In 2008, the FBI attempted to break encryption on hard drives using a program called TrueCrypt, but the equipment was finally returned after a year of failed tries.

TrueCrypt is open source software that provides file and drive encryption. Their website claims that cracking the password "could take thousands or millions of years." The program enables a user to create hidden volumes, hidden operating systems, use pre-boot authentication, and virtual volumes hidden inside of decoy files (like a Word document or image file).

I recently starting using TrueCrypt because I felt uncomfortable keeping a file backup on an external hard drive without some sort of security. My drive now has an unencrypted partition as well as a hidden partition only accessible by the software with the correct password. Once the partition is mounted, it functions just like any other portable drive. File access may be slightly slower than an unencrypted drive, but I was able to copy files at about 25 MBps.

In investigations, knowledge of the use of TrueCrypt can be very important. If a hidden, encrypted volume is already mounted on a computer, the files may be accessible on the scene. Once the computer is shutdown, however, they will only be accessible with the password. Whether password disclosure can be compelled is an ongoing debate. Compare In re Grand Jury Subpoena (Boucher), 2009 U.S. Dist. LEXIS 13006 (D. Ver. 2009), with United States v. Kirschner, 2010 U.S. Dist. LEXIS 30603 (E.D. Mich. 2010).

Read More

Tech Watch: How to track Internet activity back to a user

Be sure to visit Cybercrime Review's YouTube channel in the future for more videos like this. If you have any suggestions for video topics, post your ideas in the comments below.

Read More

Tech Watch: MAC addresses vs. IP addresses

The differences between MAC addresses and IP addresses remain an issue of confusion. After a recent discussion I observed that confused the two, I thought I would try to explain how each works.

The computer first sends data to the network's router, using its local network IP address and MAC address. Each packet contains the computer's MAC address. Once the data leaves the network, it drops the MAC address and sends the data through the IP address assigned by the ISP.

MAC Addresses
A MAC (Machine Access Control) address is a unique number assigned to a network adapter. My laptop, for example, has two network adapters - one for a wired, ethernet connection and another for wireless. Thus, my laptop has two MAC addresses that are tied directly to the hardware. Reformatting my hard drive or changing how I connect to the Internet will not change the numbers. Further, no other adapter is supposed to have the same number.

Read More

Tech Watch: New privacy add-ons and services

There are always new browser add-ons or other services being introduced to provide more privacy and security while online. Though I have never tried any of these (and also do not endorse them or guarantee how well they work), the concepts may be helpful for us to understand how they might be used.

• A service called BTGuard allows BitTorrent users to download files from the file sharing network with anonymity. The service "gives you a[n] anonymous IP address and encrypts your downloads" for $6.95 per month. Or, upgrade to a virtual private network (VPN) for $9.95 and have all of your Internet activity anonymized.
• Seedboxes have become popular in the P2P world because it provides great privacy to file sharers. All uploads and downloads are handled through an overseas server. Users may connect to the server through FTP or HTTP to find the files they set the server to download. One of the more popular services, ExtremeSeed, has services starting at $20 per month.
• Just to clarify, this means that instead of someone showing up in America as downloading illegal files, their files would show up in Luxembourg, for example. They would then enter an FTP site to download their files.
• Several browser extensions allow users to set certain domains or topics to automatically load in the browser's private browsing feature. Ghost Incognito for Chrome is preset to do this with all .xxx domains.

Have you heard of a notable extensions or privacy apps recently or do you have a question about how they work? Send an e-mail to .

Read More

Tech Watch: New USB drive has combination case and 256-bit encryption

There's a new USB flash drive that's soon to be on the market that has some features you've only seen in movies. Meet the Crypteks USB. It comes in an ultra-high-grade aluminum alloy combination lock case with 14,348,907 possible combinations. Once you get it open, it has 256-bit AES hardware encryption. And there's more - you also get to set the number of password wrong attempts before it reformats itself. It isn't out yet (probably later this month), but the price will be around $130.

Read More

Tech Watch: Introduction to Tumblr

Blogging has been around since the late 90's, but a new form, microblogging, is quickly taking hold of the Internet world. Rather than long-winded posts (not too much unlike my own), microbloggers post small bits of information - maybe a quote, picture, video, or link. Because of the ease in microblogging, a picture can spread to millions of people in a matter of seconds.

Tumblr, the most popular microblogging service, hosts over 33 million blogs and twelve billion posts. Unlike Twitter, Tumblr is designed to better deal with the millions of images posted on its website each day. Over half of Tumblr's posts are images whereas Twitter is mostly text-based.

So why is all of this important to you? Find out after the jump.

Read More