Posted by Erica George
Wed, 21 Nov 2007 18:29:00 GMT
The Anti-Spyware Coalition, of which StopBadware is a member, will hold its next public workshop on January 31 in Washington, DC. The theme for the day will be “Spyware: What’s Worked, What’s Left, and What’s Coming.”
The ASC’s last conference was held here at Harvard, and proved to be an excellent opportunity for a meeting of minds in the anti-spyware space. You can read StopBadware staffers’ notes from that event here.
For more info about the January event, including planned panels and registration, head to the ASC website at antispywarecoalition.org.
Posted in all | Tags AntiSpywareCoalition, ASC, events
Posted by Erica George
Mon, 02 Jul 2007 16:25:00 GMT
Debate over several proposed U.S. federal anti-spyware laws continued at the Anti-Spyware Coalition conference last week at Harvard. In a panel on public policy moderated by StopBadware’s own John Palfrey, panelists from the Center for Democracy and Technology and the Federal Trade Commission disagreed on the best way forward for legislation that combats spyware.
The three potential bills at stake are the I-Spy Act and the Spy Act, both recently passed in the House, and the Counter Spy Act, recently re-introduced in the Senate after failing to pass in previous sessions. Ari Schwartz, deputy director of the CDT, said that the CDT supports all three bills, on the principle that any further clarification of the illegality of spyware is a good thing. Tracy Shapiro, an attorney at the FTC, said that the FTC feels it already has enough legal power at its disposal and that further legislation might actually cause confusion.
InfoWorld highlights the debate in an article here. You can also read more about the I-Spy and Spy acts in earlier StopBadware blog posts here.
Posted in all | Tags AntiSpywareCoalition, ASC, legislation, spyware
Posted by Erica George
Fri, 29 Jun 2007 17:43:00 GMT
Recordings of sessions at the Anti-Spyware Coalition conference, which took place this past Wednesday at Harvard Law School, are now available:
Part 1
Part 2
Part 3
You will need Real 10 Player to play the recordings (free download available here).
Posted in all | Tags AntiSpywareCoalition, ASC, events, spyware
Posted by Erica George
Thu, 28 Jun 2007 21:55:00 GMT
We have one more panel’s worth of notes from our blogging of yesterday’s Anti-Spyware Coalition conference. Here, StopBadware researcher Oliver Day shares his notes on the Trends panel, which closed out the day at the conference:
Google:
- The interstitial page. Creates a way to warn users of the search engine when a website is possibly infected.
- The Ghost in the Browser paper by Niels Provos et al. Technical paper on the methodologies used by Google to determine “badness”
- Safe browsing API overview. Opening up more information to the end users
- Online security blog. Tech oriented blog that is a day to day journal of the group.
Truste:
- Program whitelists
- Affiliate networks offloading responsibility
StopBadware:
- Educating consumers
- Guideline creation and security tips for site owners
- Community building via discussion groups, etc.
Site Advisor:
- Built for consumers by MIT engineers
- Bots testing for annoying behaviors
Questions:
How do all these pieces fit together in the security ecosystem?
Orgs like Truste try to fill in particular niches like deep product reviews. Google is trying to make searching safer. Stopbadware is in a unique position as a non-profit to act as a watch dog against corporations (see AOL report).
Are we acting as arbiters of the Internet? What happens when we get something wrong? Versions change often (think updates) so how valid are product certifications?
Google claims near zero False Positives based on vetting through partners. No one should surf securely feeling that they are protected from all things. How does one “look both ways” when you are browsing web pages?
False positives can be dealt with on a programmatic level. Creating decays on bans, white lists, etc.
Will/do consumers want their computers to be like appliances?
Porn is a vehicle for a badware codec.
How do we compensate for human stupidity?
How do we evade the bad guys when they know where we are (IP address)?
Community helps develop reputation systems.
What is the opinion of these groups for certifications by other groups? Things marked bad by different orgs are likely to be bad. Things marked good should still be viewed with skepticism.
Posted in all | Tags AntiSpywareCoalition, ASC, events, spyware
Posted by Erica George
Thu, 28 Jun 2007 00:13:00 GMT
Continuing with the live-blogging of the Anti-Spyware Coalition conference, here are StopBadware intern Mike Connolly’s notes on the Public Policy discussion panel:
John Palfrey, Executive Director of the Berkman Center, is the moderator of this segment. He is joined by Ari Schwartz, Deputy Director of the Center for Democracy and Technology, and a representative from the Federal Trade Commission’s Bureau of Consumer Protection (a late substitute for another FTC speaker).
Mr. Palfrey started by asking Mr. Schwartz for a general overview of the legislative landscape with respect to Badware…
Schwartz noted that there are at least two key statutory tools in effect. First, there are the basic fraud statues that cover unfair and deceptive trade practices, both in the online world and in terrestrial space. These statues exist on both the Federal and State levels. Second, there is the Computer Fraud and Abuse Act (18 U.S.C. § 1030)—this is a criminal statue that was originally passed by Congress in 1986 to thwart “hacking.” The act was most recently amended to include stiffer penalties under the USA PATRIOT Act of 2001, and the Department of Justice used it to indicte the creator of the Loverspy software in 2005. And last year, this statue was used in the conviction of a California man who was distributing badware via botnets. He was sentenced to five years in prison.
Next, Schwartz discussed pending legislation, including the SPY Act and the I-SPY Act. The SPY Act easily passed the House earlier this year. It is a short bill that would toughen criminal penalties for bad(ware) actors, but it also contains a controversial imposition of mandatory language for notice provisions. The software industry is generally concerned that this will result in too many flashing pop-ups, creating a user experience that actually mimics adware behavior. Furthermore, the SPY Act would preempt existing Spyware laws on the State level, and it also contains a number of “broad exceptions.”
While the Center for Democracy and Technology generally supports enhanced penalties for creators and of spyware, Schwartz’s preference is for the I-SPY Act, another piece of legislation recently passed by the House which also calls for tougher penalties.
Also on the radar is the Counter Spy Act of 2007. This was introduced by Senator Mark Pryor and has received attention in the past few weeks. Schwartz speculated that this bill has something of a shot at movement through the Congress since Pryor is from majority party and sits on a related committee.
Next, attorney and internet expert John Levine asked about the politics surrounding the pending legislation…
According to Schwartz, advertisers generally do not care for “Good Samaritan” provisions aimed at protecting anti-spyware companies and organizations. Nevertheless, Schwartz notes that even with Good Samaritan protection, Spyware producers may continue to take action on other grounds. Therefore, Schwartz would prefer to see a statement from Congress that declares anti-spyware tools to be “good” and in the public’s interest.
Bottom line: the CDC would be happy with a proposal that enhances spyware penalties and does not preempt other State law. Schwartz points to the Zango case as an example of the lack of civil penalties, and he cites the action taken in the Sony rootkit case as an example of useful State law in this area.
Another member of the audience also noted that the advertising community is generally concerned that Congress is trying to regulate behavioral targeting. Schwartz says the SPY Act is not designed to do this—but that members of Congress are in fact interested in regulating behavioral targeting via other privacy legislation.
Mr. Palfrey then asked the FTC representative about the usefulness and/or inadequacies of the existing body of law. She has been litigating spyware cases with the FTC since 2004. She explained that when she started, there was no federal law explicitly designed to apply to spyware. Therefore, she and her colleagues looked to the broad language under section 5 of the FTC Act outlawing “unfair and deceptive trade practices.” In the past few years, the FTC has used this act to target some of the more nefarious spyware actors, including Seismic Entertainment.
So, is there a good argument that we do not need any new law? Could we just get by on section 5? The FTC’s general position is that new law isn’t needed, and that there is a danger in enumerating certain prohibitions since that might suggest a defense to Spyware developers since the latest exploits will always be one-step ahead of the law…
Furthermore, the FTC has pushed for greater civil penalties since it can be considerably more difficult to prove consumer injury in spyware cases than in other, more traditional cases where damages are more readily quantified. Mr. Palfrey suggested that the ASC community could play a role in helping to develop a better understanding of Spyware’s cost in this regard…
In general, the FTC is working to enforce principals of express consent, clear and conspicuous disclaimers, and readily available uninstallers. In the coming years, the FTC will continue to focus on establishing principles and targeting crime. They will also be on the lookout for legitimate companies with practices that “cross the line.” However, it was also noted that resources are particularly thin, as the FTC has only pursued a handful of cases over the past few years.
Posted in all | Tags AntiSpywareCoalition, ASC, events, legislation, policy, spyware
Posted by Erica George
Thu, 28 Jun 2007 00:00:00 GMT
Jason Callina, a StopBadware senior developer, shares his notes on the ASC lunchtime discussion about the use of spyware in domestic abuse:
Cindy Southworth of the National Network to End Domestic Violence introduces a victim of domestic violence including abuse via spying and monitoring through software installed on her computer without her knowledge.
Cindy has been doing work to end domestic violence for 14-15 years. She grew up in a family of geeks which gave her a strong technical background that infoms her current line of work. Cindy chose to go down the path of social change and found a perfect combination of her skills in this topic.
She states that less than 10% of shelters have firewalls and similar security measures. This represents a serious security risks for victims of domestic abuse and others staying at shelters. This represents a very vulnerable segment of society.
—
The presenter (who is anonymous for obvious reasons) is educated, young individual currently volunteering with domestic violence issues doing service work. Consultant on several boards. She noted that she has young children who she is also concerned for. The conversation is structured as questions from Cindy with answers from the presenter.
Q: How did you end up getting in a relationship to the abuser?
A: After college, she was facing several options and was unsure what road to take in her life and career. She met a charming, handsome individual, who appeared to have an excellent personality and background profile. The start of the relationship was calm and without incident. Control issues started to pop up later in an incremental fashion. Abuser slowly integrated controlling behaviors into their relationship using tactics like defining the relationship parameters with family members and friends and insisting on the structure of her communication.
He attempted to define who she was through influential suggestions on changing her appearance and gradual control of other aspects of her life. Six months into the relationship he slowly integrated verbal attacks. Physical abuse started after a year. At first they seemed accidental and out of character for the person, but they continued and became a constant aspect of the relationship.
The abuser had them move frequently, to keep her isolated from friends and family. Due to the nature of the physical abuse she was concerned about her life and the life of her unborn child. She felt that he was directly trying to kill her unborn child through physical attacks on herself.
There were threats that if she was to seek help she would be killed. Her parents became concerned due to lack of contact and sent police to check on her. Abuser silently threatened to kill child while the police officer was present, but not in the officer’s view, so she lied to protect her child and herself. Threats were also made to her family and others.
Surveillance and Monitoring
He would have friends check on her and befriend them to make sure she was in line with what he expected of her behavior. He gained the trust of her co-workers and their impression was that he was very likable.
He began monitoring her cell phone to find out who she called and who had called her. He monitored her email and set up passwords so he would have access to all of her online accounts. The abuser also sent emails out in her name to her friends.
The abuser used keyloggers and other tracking mechanisms to monitor and control her behavior. Once he misinterpreted the results of the key logs, accused her of behavior she was not guilty of and almost beat her to the point of death. Computers were her last contact to the outside world and she had to stop using them to protect herself and her family. Court hearings eventually revealed that he was using spyware to track her movements.
Cindy states that most homicides occur at the point the victim tries to escape.
She used her computer at work to plan her escape. Thankfully he was not able to track the data on this machine. His technical level was low, yet it was easy for him to learn and use these technologies to his advantage.
Remaining anonymous
She only does research online, and commits no personal financial information on her computer. She rotates passwords and names every six months. Her children are allowed no web access to protect her familiy’s identity. She keeps multiple identities and uses them based on whatever task she is undertaking. No personal information about location is ever posted online, and she has changed her social security number and other trackable information.
—
Q & A from the audience:
Q: Are there resources available for abusers on how to implement these techniques and technologies?
A: Unfortunately, there are groups that target and share information on how to spy on your spouse and control their behavior. It has been suggested that some of these connections are made when individuals meet at mandatory classes for the prevention of domestic violence.
Q: Do restraining orders cover spyware?
A: Possibly, sometimes the restraining order will dictate that the abuser cannot contact the victim via a third party. Some law enforcement officials consider spyware to be a third party contact.
Q: What do people do when they suspect they are being tracked via spyware?
A: Use a safer computer, such as one at work or at a library or other public resource. It is to be noted that not using the home computer can be an indicator of knowledge of surveillance, so you need to be careful about drastic changes in behavior. If you think the computer is compromised, treat it like it is.
There are very little technical forensics resources available to low enforcement agencies but if you are going to the police you need to keep the computer intact to preserve evidence. This entails not running anti-spyware or malware applications which could potentially destroy evidence.
If you are not going to the police and need to quickly remove all possible tracking capability wiping the computer is the best solution to keep you safe.
Leaving your computer unsupervised or having an open wireless connection could also leave you open to monitoring.
Keyloggers can come in the form of hardware and software. If you have a hardware logging mechanism in place the only way to protect yourself against it is to physically remove it.
Q: Does facial recognition on photos or tagging pose security risks?
A: Allowing friends to post information about you or tag your photos on social networks or other boards opens up a huge tracking potential. As facial recognition technology becomes more technically feasible it will also introduce a great degree of risk.
Q: What does she tell her children?
A: She limits the public exposure they have. They also use multiple identities and addresses on public record.
Q: Why isn’t he in jail?
A: Because the laws don’t adequately cover or punish domestic violence.
Q: Can you volunteer?
A: Yes – See the NNEDV website for information.
Q: When does abuse end?
A: Grimly, via the death of the abuser or when an abuser focuses on a new relationship.
Posted in all | Tags AntiSpywareCoalition, ASC, DomesticViolence, events, NNEDV, spyware
Posted by Erica George
Wed, 27 Jun 2007 23:47:00 GMT
Continuing our blogging of the ASC conference, StopBadware senior developer Liana Leahy’s notes on the panel on Internationalization of Spyware:
Vincent Weafer of Symantec – Spyware varies between nations.
Chris Boyd of Facetime – Shows where hijacked people are. The majority of the companies are based on the west/east coasts.
Spy Act, I Spy Act, Counter Spy Act is brought up. Legislation has been too slow, 4 or 5 years too late. Some have gotten pressure from the FTC.
Q8 Army: Radical, political websites, they hijacked you from these sites and put popups with political propaganda. Over the border, wasn’t much law enforcement could do.
YapBrowser, Zango, Safety Browser: Rogue web browsers, rogue anti-spyware applications. These applications include spyware and adware.
Vincent – Are we seeing more spyware coming from international sites and why?
Chris – Always been around, but under the radar. Cyberwar between US and Chinese hackers. All about money, getting as much adware on the computer until it dies. The problem is you can’t touch the guys overseas. Anti Malware Alliance in China, trying to sue the Chinese government because they are installing malware on people’s PCs
Australia: spyware control bill has gone nowhere. There are 22 countries and 21 more that have signed an agreement among nations to create laws to combat these issues. Spyware-esque.
Governments will say they don’t need spyware legislation, that existing laws will handle it.
One guy installed spyware onto his wife’s machine to check her bank balances. He got 4 months. There has been some hesitation, because the language is difficult. Describing malware and spyware is hard.
Is there a difference between US and Europe? European politicians haven’t a clue what spyware is and what it does and the threat. Germany under E.E. U.U. law, limits the sale of security software used for unlawful purposes. European banks are suffering from the same issues as US banks, thanks to online banking.
Any experience in Asia? Any examples? Japan has different issues. Their viewpoint is that their spyware is more about social engineering. One big fraud was a fake billing system. Less emphasis on downloading software in Japan. Rather having the software downloaded for you. People aren’t used to downloading software as much.
Is there a different between the users complaining about these charges? The Japanese are less likely to complain about it. So stuff is underreported because they are embarrassed to admit that they were ripped off.
Is it easier to hide overseas?
John Levine of CAUCE – It’s not hard to hide in the US. Domain registration is lax. They don’t check your personal data. It’s easy to register lots of domains and move them around. Each country makes their own rules to register a domain. Italy for example has rigorous rules. A lot of people target outside the US, because broadband in the US is slower. Japan and Europe is much faster. Europe has stronger privacy laws… And they are slow to act on complaints. Domain names are hard to trace, just tip of the iceberg.
Lindsey Wegrzyn of Earthlink – The problem we see in internationalization is that everything is compartmentalized. Lots of people have a hand all over the world. They jump on forums to find partners, there are 14 or 15 people involved. Cases take forever. You need to understand foreign agency’s laws to contact them. Understanding where the benefits are is helpful.
John – How do you attack this? Depends on who you know. Given the number of countries, following their trail is hard.
Vincent – Are you seeing technical differences in Europe, S.A., Middle East?
Chris – A lot of stuff is quite generic (the code itself, old stuff that’s been around). Chinese hijacks aren’t just whackamole games with password stealers. A lot of the code is old, but what they do with it is new. Middle East, quite sophisticated root kits.
Clerik: malicious spyware from China. They are not as educated and aren’t used to computers as we are. But they will learn soon.
Criminalization, Adware commercialization: A single global marketplace, or niche markets?
Chris – It’s still scary. Chinese vs. America black-hatters. They are working together and sharing code. There is a cross-network but it’s not structured. It’s still territorial.
John – Transmitting money around the world. The cat is out of the bag, it’s easy to shift money around the world.
Vincent – What can we do that will help the situation? Education? Awareness? Corporations? Building relationships?
Chris – UK High Tech division crime squad. Impossible to get a hold of people. Tracking down law enforcement is useless. Accessibility of law enforcement would help.
John – Same answer. Educating law enforcement and giving them the expertise to ask the right questions is key.
Lindsey – Cooperation is key. Getting legislation into action for countries that agree to pursue this. Resources is also an issue for folks.
Clerik – Talk to your legal system to push through legislation. Try to convince users to make backups.
Questions from the audience:
US Safe Web Act. FTC power to go internationally to get information. Is this a viable option?
Lindsey – hasn’t used it because it’s not helpful. She’s not as familiar with them. Hasn’t heard good things about it. Instead they use personal contacts. People contact across the board are key.
Josh – Please talk about Government sponsored malware in China
Chris – Ministry of Media Affairs have created software (malware), that installed from various Chinese websites. You can support your government by hijacking PCs. Folks are trying to sue the government with spectacularly bad results. A lot of this stuff comes from Chinese domains where the url is random letters and numbers. but some of them are legitimate in China. There’s no way to contact these domain owners. Is it malicious or has the site been hijacked?
Audience – Has anyone used CertCn to determine who owns these domains?
Chris – Yes, folks are helpful. There are people out there who are fighting this. Personal experience, these organizations have been more positive. The Certs are quite good. What is deemed acceptable..
Chris – Software that installed all come with Eulas.. When you are presented with a eula that’s in a different language, it’s useless. A lot of Chinese hijacks are being pushed via IM channels. Skype network. once
Posted in all | Tags AntiSpywareCoalition, ASC, events, spyware
Posted by Erica George
Wed, 27 Jun 2007 15:20:00 GMT
Continuing our live-blogging of the Anti-Spyware Coalition conference, here are StopBadware intern Josh Friedman’s notes on the Technical Discussion of Spyware panel:
This talk is half short presentation and half Q&A. It opened with the presentations.
Ryan Hicks covered stealth issues of malware. He thinks that root-kits are some of the most popular stealth technology. Ultimately, once a system has been compromised it cannot be trusted. Root-kits began as an academic exercise but have developed into threats that are in the wild en masse. Botnets are integrating rootkit technology. Kernel mode threats are becoming more prevalent in all malware.
Richard Smith spoke about the new features in Internet Explorer 7 that attempt to address some of the issues of spy-ware. He broke attacks into two vectors, exploits (ie. drive by downloads) and social engineering.
New features in Internet Explorer 7:
- Protected Mode: Runs the browsers in a sandbox with a limited file-system and limited registry.
- Buffer overflow protection: “Address Space layout randomization” makes it difficult for exploit code to execute system calls.
- ActiveX Opt-in: If a control is installed on a computer, it cannot be used until the user authorizes the use of it. Hundreds of ActiveX controls are available to the browser.
As an aside, he mentioned that he thinks that MS should just use the hardware chip ability to make data pages as non-executable in the processor.
Possible new vectors of attack in Vista:
Silverlight – Allows executable code within the browser. Many different languages can be used to write Silverlight code. Buffer overflow(s) already found. Instant Search – Processing code for file types is often susceptible to multiple vulnerabilities.
Gibson, “Microsoft has been so slow in making simple changes that could have prevented many of the problems that we have had [as users].”
Some notable information shook out of the Q&A session:
Ryan, on detection of rootkits – The most popular way to find rootkits is via ‘cross views’ where you compare multiple different methods of looking at various parts of the system and see if there is a discrepancy.
Gibson, on the nature of the problem – Ultimately, it is the trust of a transparent system like the PC that is being subverted. Most spy-ware issues now occur from hacked sites and not ad-ware laden seemingly legitimate downloads. Web 2.0 means that there are now servers that are functioning as a clearing house for anonymous visitor’s content.
Ryan, on security – Security is hard, some bugs are not even bugs and they are not bad design decisions or incorrect code; it is just the confluence of many factors.
Ryan, on analysis in virtualized environments – When it comes to virtualized environments, there is really just a trade off between time and making sure you catch all the tricks of the mal-ware. There is a trend for some mal-ware to just waste a researcher’s time. For example, when running in a non-virtualized testing environment in Soft-ice, some mal-ware detects Soft-ice multiple times and will change it’s behavior.
Ryan, on the next generation of protection – Future anti-viruses programs will likely hook into the system in a way in which all transactions on the system can be logged.
Posted in all | Tags AntiSpywareCoalition, ASC, events, spyware
Posted by Erica George
Wed, 27 Jun 2007 14:28:00 GMT
We’re live-blogging the Anti-Spyware Coalition conference taking place today at Harvard Law School. Check for updates on the sessions throughout the day from StopBadware’s staff and interns.
The first session is a keynote by Steve Gibson, a veteran security expert, credited with coining and popularizing the term “spyware” and writing one of the first adware removal programs, OptOut. Here are my (rough and paraphrased) live notes on his talk:
The problem of bad software isn’t new. There were viruses even on “SneakerNet” – the early days of gated internet services like CompuServ. The internet has created a more connected playground for the bad guys.
“Spyware begets adware and demonware and preinstalledware and… you-can’t-remove-it-ware.”
Hardware vendors now look for money by contracting to pre-install software on brand-new machines. “It takes forever to boot” and the performance isn’t as expected, in part because it’s loaded down with pre-installed software. Typical users don’t know how to even try to uninstall this stuff, and many programs don’t even have an uninstall option.
The nature of the platform being open, “anything that can happen, will happen.” There’s a constantly increasing list of real threats. These are real problems, and they affect people’s lives all the time.
Some of this could have been avoided. We’re putting the huge potential of the computer industry at risk. Browser scripting is now relied on for “Web 2.0” applications, but it’s also causing real problems for ordinary users when exploited. Why should anyone’s browser allow third-party cookies enabled by default? There’s a “tyranny of the default” because most users don’t understand how to change their computers’ settings. Some of these problems should be easy for the software industry to solve.
Viruses and spyware aren’t just a game for hackers anymore. As exploiting computers has become profitable, it’s drawn in organized crime. Hackers finding new vulnerabilities now can sell them to the highest bidder. Systematic exploitation of the computer user has become a business model.
There is no easy solution. The PC is no longer changing in revolutionary leaps, but evolving slowly. There is no “next killer app.” Users have most of what they need already, and are becoming more and more frustrated. Those of us on the side of the user simply must do the best jobs we can. Educate users, but try not to over-frighten. Keep pushing back, on every front – technical, legislative, education.
The ultimate sadness is when users give up on computers and the internet. Our goal is to keep that from happening.
Q – How do you differentiate spyware from adware, etc.?
A – User knowledge. If the user is fully informed about what’s going onto their computer and what it is going to do, in a way that actually makes sense and is easy to see instead of buried in a license agreement, then it’s fine.
Q – Public policy protects people from doing things like selling their children. Can’t it protect them from selling their personal information, no matter how many disclaimers there are? Users aren’t fully aware of the consequences of giving away their information.
A – Yes, we need to find ways to protect users from their own limited understanding of what they’re agreeing to.
Q – Could there be a long-term benefit to ISPs taking a more interventionist approach?
A – I dislike the idea of imposing those requirements on them from the government level. ISPs don’t want to take any responsibility for content filtering of any sort, but now they do tend to block ports. The technology certainly exists to identify and sequester a bot-infested machine. But we’re a long way from making that happen, policywise. It would be expensive for the ISPs, and they would also need protection from liability. Really, the way we see this problem needs to change. We need to take proactive actions against bot networks. We need research to set up honeypots, get infected, and trace back to the botnet masters. Right now, we’re being too reactive, and we need to become more proactive.
Posted in all | Tags AntiSpywareCoalition, ASC, events, spyware, SteveGibson
Posted by Erica George
Tue, 26 Jun 2007 20:51:00 GMT
StopBadware is proud to play host to the annual Public Workshop of the Anti-Spyware Coalition tomorrow, on the campus of Harvard Law School. The Anti-Spyware Coalition is a group composed of anti-spyware software companies, academics, and consumer groups – including StopBadware.org – dedicated to building a consensus about definitions and best practices in the debate surrounding spyware and other potentially unwanted technologies.
Keynoting speakers will include Steve Gibson of Gibson Research Corporation, a pioneer in spyware research; Edward Flynn, the Springfield, MA Commissioner of Police; and a domestic violence survivor who was a victim of stalking using spyware. Some day-of registrations may be available.
Posted in homepage, all | Tags AntiSpywareCoalition, ASC, events, spyware
|
