In+ersec+ion for Spatial People

Just published over Slashdot, a Real-Time Cyber-Attack Map.

Their summary: "In October, two German computer security researchers created a map that allows you to see a picture of online cyber-attacks as they happen. The map isn't out of a techno-thriller, tracking the location of some hacker in a basement trying to steal government secrets. Instead, it's built around a worldwide project designed to study online intruders. The data comes from honeypots. When the bots go after a honeypot, however, they're really hacking into a virtual machine inside a secure computer. The attack is broadcast on the map—and the researchers behind the project have a picture of how a virus works that they can use to prevent similar attacks or prepare new defenses."

That's the name of a story discussed over Slashdot this morning, Flaws Allow Every 3G Device To Be Tracked.

Their summary: "New privacy threats have been uncovered by security researchers that could allow every device operating on 3G networks to be tracked. The vulnerabilities could be exploited with cheap commercial off-the-shelf technology to reveal the location of phones and other 3G-capable devices operating on all 3G compliant networks. It was similar, but different, to previous research that demonstrated how attackers could redirect a victim's outgoing traffic to different networks."

Cellphones tracking is apparently a recurrent topic.

The fist publicly available version of GeoShield, version 0.2.1, has been released.

What it is? "GeoShield is a project born to offer a centralized way to define security access-control to geo-services. It acts like a proxy, intercepting all the communications between clients and OGC compliant services (WMS, WFS, and in future WPS, SOS). GeoShield is able to manage users and groups, it handles authentication and privileges settings among groups and registered services. It is capable to analyse requests applying the filters set to the user and manipulating the response. It is a server side security software to secure OGC services."

We mentioned it previously in the FOSS4G summary, but it's really the first time people can actually access the code. Another similar open source tool is GeoPrisma.

Slashdot discusses a story named "UK-Developed 'DNA Spray' Marks Dutch Thieves With Trackable Water".

Their summary: "In Rotterdam, there's a new technology in place that dispenses a barely visible mist over those around it and alerts the police. The purpose? To tag robbers and link them back to the scene of the crime. From the article, 'The mist — visible only under ultraviolet light — carries DNA markers particular to the location, enabling the police to match the burglar with the place burgled. Now, a sign on the front door of the McDonald's prominently warns potential thieves of the spray's presence: "You Steal, You're Marked."' Developed in Britain, it's yet to nab a criminal but it will be interesting to see whether or not synthesized DNA will hold up as sufficient evidence in an actual court of law."

This obviously reminded me of that 2007 story about 'powder RFID chips' that can be sprayed on crowds for tracking individuals.

Slashdot discusses a story named Map Based Passwords. Their summary: "Discovery is running an article on passwords based on a very specific location on a map. Instead of showing UID and Password fields, the user would simply click on a very specific spot on Google Earth, for example. I wonder how you would make that secure? Also, if you forgot, would you get a message saying 'Your password is the third flamingo on the left on the lawn of Aunt Bessie's house'?"