Thursday, July 13, 2006

July 13, 2006

This could be a great give away for someone in the security field. Give people the software, then walk them through installing it on their machines.

Marcus Ranum on hard disk encryption "This stuff is really easy!"

hemphill81 submitted by hemphill81 10 hours 4 minutes ago (via )

"I have no idea why I was lazy about setting up hard disk encryption on my laptop. After a bit of research and a relatively simple bit of data wrangling, I've protected my laptop's data. What too me so long? This stuff is really easy!"

The alternatives are obvious... If you're not a bureaucrat!

Top VA Officials Criticized in Data Theft

By Christopher Lee Washington Post Staff Writer Wednesday, July 12, 2006; A13

A career analyst and top officials at the Department of Veterans Affairs share the blame for the recent theft of sensitive personal data on millions of veterans, federal investigators said yesterday.

In a 68-page report, VA Inspector General George J. Opfer recommended that VA Secretary Jim Nicholson "take whatever administrative action deemed appropriate" to punish officials who were slow to report and investigate the May 3 theft of a laptop computer and an external hard drive from the analyst's Aspen Hill home.

Opfer wrote that new security measures since the theft are "a positive step" but are inadequate. Nicholson should establish "one clear, concise VA policy on safeguarding protected information," he wrote.

The report, the product of a nearly two-month investigation, included no new major findings about the theft and the department's handling of it -- subjects picked over for weeks in a series of congressional hearings and in news stories.

It did, however, unearth previously undisclosed details, such as that the stolen laptop itself contained no VA data, only the external drive did. [That explains why the drive and laptop were sold separately. I must have missed that in the original story. Bob] The report also found that, contrary to testimony by VA officials, the thieves would not have needed to know how to use a statistical software program to view the data. [Fairly obvious. Remember, just because you can't do it does not mean it is impossible for everyone... Bob]

What, you want facts?

Tiscali snubs BPI demands to stop "illegal" music downloads

Says no "overwhelming evidence" of customer wrong-doing has been supplied

Dinah Greek, Computeract!ve 12 Jul 2006

Tiscali has refused to bow to British Phonographic Industry (BPI) demands that it suspends the accounts of those customers accused of illegaly downloading music, citing lack of proof.

The internet service provider (ISP) said nothing it has so far received comes close to meeting the BPI's claim it has "overwhelming evidence" that 17 Tiscali customers have been sharing " significant amounts" of copyright music.

The BPI wrote an open letter to both Tiscali and Cable & Wireless on Monday demanding that the ISPs pull the plug on 59 customers it had identified as illegally sharing copyrighted music.

Cable & Wireless issued a statement saying it would investigate. However while Tiscali said it takes copyright infringement seriously, it was not impressed with the BPI's proof.

It said the BPI had only supplied it with minimal evidence about one of the 17 customers. It also said the BPI had supplied no actual proof that copyright infringement had actually taken place.

In a letter to the BPI, Tiscali said: "You have sent us a spreadsheet setting out a list of 17 IP addresses you allege belong to Tiscali customers, whom you allege have infringed the copyright of your members, together with the dates and times and with which sound recording you allege that they have done so.

"You have also sent us extracts of screenshots of the shared drive of one of those customers. You state that such evidence is 'overwhelming'. However, you have provided no actual evidence in respect of 16 of the accounts.

"Further, you have provided no evidence of downloading taking place nor have you provided evidence that the shared drive was connected by the relevant IP address at the relevant time."

Tiscali also warned the BPI that it had no intention of handing over customer names and addresses without the requisite court order.

It pointed out if it did this, it risked breaching the terms and conditions of its customer agreements, and the provisions of the Data Protection Act 1998.

However the ISP said based on the partial evidence the BPI had provided it had written to one customer. This person has been given seven days from the receipt of the letter in which to reply to Tiscali.

The ISP told the BPI that if it didn't get a satisfactory response from the customer and providing the BPI could supply more concrete proof of copyright infringement, it would then suspend the user's account "pending resolution of the BPI's investigation".

University CIO steps down following breaches

Kelly Martin 2006-07-12

Ohio University's CIO has stepped down following previously reported security breaches that compromised 367,000 personal records containing Social Security Numbers and other private data.

In a public statement published by the university, current CIO William Sams has said, " has become clear to me that a new energy level and skill set is going to be required in order to allow our IT organization to realize its potential." In response to numerous security breaches in April and May 2006, and first reported in June, the university has formed a Security Incident Response Team, performed a comprehensive security audit, and has worked with forensics experts and the FBI to track down the attackers.

In addition to the announcement, the university has also suspended its director of computing and network services, Tom Reid, and Todd Acheson, its systems manager.

The announcement of William Sams' departure is a rare example of a senior official taking responsibility for his group's security failures as the university makes significant attempts to become more transparent. Ohio University's board of trustees recently decided to spend up to $4M to fix the university's security issues.

Is $5 really free? Still, might be fun to make up a set for someone you like...


Free business cards

Everyone now has more than one business card. Maybe that's one definition of the new economy. Another sign of the new economy is "free." So here's a source where you can get printed business cards for "free." For the cost of postage (about $5) Vistaprint will send you 250 color custom business cards. The catch? Their choices of stock designs are pretty ugly, and there's a single viral advertising line on the back of each card declaring free business cards at But when the inventory of my other cards ran low, I found a suitable design at Vistaprint and printed up my dream job card for $5. I now have a business card for every occasion.

Vistaprint Free Cards

Is Leveraging The Streisand Effect Illegal?

from the a-new-anti-streisand-attack dept

A couple years ago, I jokingly coined the phrase "The Streisand Effect," to describe an increasingly common phenomenon. Someone would get upset about something they didn't like online and would have some lawyers send out a nasty cease-and-desist letter to get it taken offline. Such a plan would usually backfire, because getting the lawyers involved would end up drawing much more attention to whatever it was that the lawyers were trying to suppress. The name came from a story from a few years earlier, where Barbara Streisand got upset over a project that involved photos of the entire California shoreline, taken from a helicopter. Her complaint was that her seaside mansion was included among the photos. Of course, before she filed the lawsuit, almost no one knew that. Afterwards, the photo became an internet hit. Since that time, the phrase has grown in popularity -- though, it seems that plenty of folks still don't quite understand it. However, it was only a matter of time until lawyers came up with a way to flip the Streisand Effect around, and use it to their advantage.

Back in May, we had the surprising story of how the head of Sharman Networks (makers of Kazaa, and general pariah of the the recording industry) had sued P2Pnet, an amateur news/blog focusing on file sharing and related issues. It was surprising that she would sue a site that tended to support her position, but her complaint concerned some comments on the site that weren't written by the site's owner, but a visitor (raising plenty of valid questions about liability). The Register now informs us that part of the lawsuit has been dropped, but part of it continues. Sharman itself has dropped out of the case, but Nikki Hemming is still suing the site. This was a classic Streisand Effect case, where almost no one remembered or cared about the specific comments she was upset about -- but which have since received a lot more attention. That's where things get interesting. Hemming's lawyers have updated the lawsuit to claim: "the publicity generated by the lawsuit and subsequent P2Pnet web site hits will counter Newton's legal costs resulting in 'a net profit and ensuring the permanent success of [Newton's] P2P Website.'" It really is a unique strategy: accuse the person you're suing of profiting from the attention you brought him by suing him.

City with strictest gun control in the nation declares crime emergency

jdh24 submitted by jdh24 16 hours 53 minutes ago (via )

Surprise, surprise.

No comments: